1 Install grml to harddisk:
5 Notice: You can pre-select the partition for the partition selector
6 and mbr dialogs inside grml2hd using:
7 # grml2hd /dev/hda1 -mbr /dev/hda
9 See: man grml2hd + http://grml.org/grml2hd/
11 Tags: grml2hd, installation
13 Install grml on software RAID level 1:
15 Create /dev/md0 (and some more /dev/md* devices) first of all:
16 # cd /dev && MAKEDEV dev
19 # mdadm --create --verbose /dev/md0 --level=raid1 \
20 --raid-devices=2 /dev/hda1 /dev/hdc1
22 Finally install grml on it:
23 # SWRAID='mbr-only' grml2hd /dev/md0 -mbr /dev/md0
25 See: man grml2hd + http://grml.org/grml2hd/
27 Tags: grml2hd, installation, mdadm, raid
29 Install grml in non interactive mode with grml2hd:
31 Adjust configuration as needed:
32 # vim /etc/grml2hd/config
36 # GRML2HD_NONINTERACTIVE=yes grml2hd
42 Use with care and only if you really know what you are doing!
44 See: man grml2hd + http://grml.org/grml2hd/
46 Tags: grml2hd, installation
52 Tags: configuration, network
54 Deactivate error correction of zsh:
58 Run zsh-help for more information regarding zsh.
60 Tags: zsh, configuration
62 Disable automatic setting of title in GNU screen:
66 Set it manually e.g. via:
68 % screen -X title foobar
70 Run zsh-help for more information regarding zsh.
72 Tags: zsh, configuration
74 Do not use menu completion in zsh:
78 Run zsh-help for more information regarding zsh.
80 Tags: zsh, configuration
82 Run GNU screen with grml-configuration:
88 % screen -c /etc/grml/screenrc
90 Tags: screen, configuration
92 Print out grml-version:
104 Configure mutt-ng / muttng:
110 Set up Inode-PPTP connection:
114 # grml-pptp-xdsl-students
116 Tags: pptp, inode, xdsl
118 Set up VPN / WLAN connection at TUG (TU Graz):
120 Set ESSID and request for ip-address via DHCP:
121 # iwconfig $DEVICE essid tug
124 Now run the main script:
127 After running the script an init script is available:
129 # /etc/init.d/vpnctug [start|stop]
133 Set up PPTP connection at VCG (Virtual Campus Graz):
145 # grml-vpn -k 2005 add 1000 192.168.20.1 192.168.20.2
149 Tags: grml, vpn, network
151 Use encrypted files / partitions:
153 # grml-crypt <options>
159 # grml-crypt format /mnt/external1/encrypted_file /mnt/test
160 # cp big_file /mnt/test
161 # grml-crypt stop /mnt/test
165 # grml-crypt start /mnt/external1/encrypted_file /mnt/test
166 # grml-crypt stop /mnt/test
170 Tags: crypto, grml-crypt, dmcrypt, luks
172 Change resolution of X:
174 % xrandr -s '1024x768'
176 Tags: x11, xorg, resolution
178 Change resolution of framebuffer:
184 Configure newsreader slrn:
190 Configure grml system:
194 Or directly run scripts:
199 Tags: grml, configuration
201 Lock screen (X / console):
205 Press ctrl-alt-x to lock a GNU screen session.
207 Tags: grml, lock, grml-lock, screen
209 Change wallpaper in X:
211 % grml-wallpaper <press-tab>
213 Tags: grml, wallpaper
215 Start X window system (XFree86 / Xorg / X.org):
217 % grml-x $WINDOWMANAGER
222 % grml-x -mode '1024x768' wmii
223 % grml-x -nosync wm-ng
225 Tags: grml-x, x11, xorg, graphic
227 Collect hardware information:
231 or run as root to collect some more information:
235 will generate a file named info.tar.bz2.
237 Tags: grml, hardware, hwinfo, collect
239 Configure hardware detection features of harddisk installation:
243 or manually edit /etc/grml/autoconfig[.small]
245 See: man grml-autoconfig
247 Tags: grml, installation, configuration
249 Bootoptions / cheatcodes / bootparams for booting grml:
251 On the grml-ISO if not running grml:
252 % less /cdrom/GRML/grml-cheatcodes.txt
255 % most /usr/share/doc/grml-docs/grml-cheatcodes.txt.gz
257 Tags: grml, cheatcodes, boot, bootoptions, bootparam
259 Report bugs to Debian's Bug Tracking System (BTS):
261 % reportbug --bts debian
263 or adjust /etc/reportbug.conf to your needs.
267 http://grml.org/bugs/
268 http://www.debian.org/Bugs/
270 Tags: bug, reportbug, bts, debian
272 Offline documentation:
276 Online documentation:
279 http://grml.org/docs/
280 http://wiki.grml.org/doku.php
282 Tags: info, grml, grml-info, documentation
284 Mount NTFS partition (read-write):
286 # mount.ntfs-3g /dev/sda1 /mnt/sda1
290 Overwrite specific file on an NTFS partition:
292 ntfscp /dev/hda1 /tmp/file_source path/to/file_target
294 Resize an NTFS partition:
300 ntfsresize -n -s 10G /dev/hda1 # testcase
301 ntfsresize -s 10G /dev/hda1 # testing was successfull, now really resize partition
302 cfdisk /dev/hda # delete partition hda1, create new one with 10000MB and fs-type 07 (NTFS)
304 Tags: ntfs, resize, ntfsresize
306 Modify resolution for intel graphic chipsets:
312 # 915resolution 4d 1400 1050
314 Connect bluetooth mouse:
318 ... and press 'connect' button on your bluetooth device.
320 Connect bluetooth headset:
324 ... and press 'connect' button on your bluetooth device.
326 Secure delete file / directory / partition:
332 Also take a look at shred(1), sfill(1) and http://dban.sourceforge.net/
334 Tags: delete, secure, wipe, shred
336 Use grml on Samsung X20 laptop:
338 # apt-get install grml-samsung-x20
340 See: http://www.michael-prokop.at/computer/samsung_x20.html
342 Development information regarding grml:
344 http://blog.grml.org/
346 Tags: blog, grml, developmnet
350 #grml on irc.freenode.org - http://grml.org/irc/
351 http://grml.org/contact/
353 Tags: contact, irc, freenode, email
355 Join the grml mailinglist:
357 http://grml.org/mailinglist/
359 Tags: grml, mailinglist
363 http://grml.org/donations/
367 Commercial support / system administration / adjusted live-cds:
369 grml-solutions: http://grml.org/solutions/
371 Tags: grml, commercial, customize
373 Information regarding the kernel provided by grml:
375 http://grml.org/kernel/
377 Tags: documentation, grml, kernel
379 SMTP command-line test tool:
385 % swaks -s $MAILSERVER -tlsc -a -au $ACCOUNT -ap $PASSWORD -f $MAILADRESSE -t $MAILADRESSE
389 Tags: swak, smtp, test
391 NTFS related packages:
399 Modify service through init script:
406 # /etc/init.d/lvm start
408 Tags: init, script, start, stop
412 # jstest /dev/input/js0
416 % mplayer /path/to/movie
420 Use webcam with mplayer:
422 % mplayer tv:// -tv driver=v4l:width=352:height=288:outfmt=yv12:device=/dev/video0
424 Tags: webcam, mplayer
426 Powerful network discovery tool:
430 Tags: network, python, tool
432 Grab an entire CD and compress it to Ogg/Vorbis,
433 MP3, FLAC, Ogg/Speex and/or MPP/MP+(Musepack) format:
437 Tags: rip, abcde, mp3, transcode, audio
439 Show a console session in several terminals:
443 Switch behaviour of caps lock key:
447 grep with Perl-compatible regular expressions:
451 ncp: a fast file copy tool for LANs
456 Remote (receive file):
459 Tags: copy, file, network
461 utility for sorting records in complex ways:
465 a smaller, cheaper, faster SED implementation:
473 See: http://grml.org/zsh/
475 zsh reference card for grml system:
478 /usr/share/doc/grml-docs/zsh/grml-zsh-refcard.pdf.gz
482 % for i in foo* ; do mv "$i" "bar${i/foo}" ; done
484 % prename 's/foo/bar/' foo*
486 % zmv 'foo(*)' 'bar$1'
488 Test TFT / LCD display:
496 Improved grep version:
500 Grep with highlighting:
502 % grep --color=auto ...
505 Tags: grep, color, highlight
507 Extract matches when grepping:
510 % ifconfig | grepc 'inet addr:(.*?)\s'
511 % ifconfig | glark --extract-matches 'inet addr:(.*?)\s'
513 Output text as sound:
516 % xsay # when running X and text selected via mouse
518 Adjust a grml harddisk (grml2hd) installation:
522 Tags: grml2hd, configuration, installation
524 Get information on movie files:
526 % tcprobe -i file.avi
528 Get an overview of your image files:
530 % convert 'vid:*.jpg' thumbnails.jpg
532 List all standard defines:
534 % gcc -dM -E - < /dev/null
536 Send a mail as reminder:
538 echo "mail -s 'check TODO-list' $MAILADDRESS < /dev/null" | at 23:42
540 ncurses-based presentation tool:
544 See: man tpp and /usr/share/doc/tpp/examples/
546 Use ICQ / Jabber / Yahoo! / AIM / MSN /... on command line:
550 Use IRC on command line:
556 % vimdiff file1 file2
562 Moving between diffs:
572 Hardware monitoring without kernel dependencies:
576 Install grml-iso to usb-stick:
578 % grml2usb grml.iso /mount/point
580 Tags: usbpen, usbstick, installation, grml2usb
582 Use mplayer on framebuffer console:
584 % mplayer -vo fbdev ...
586 Use links2 on framebuffer console:
588 % links2 -driver fb ...
590 Switch language / keyboard:
592 * use the bootparam lang to set language environment ($LANG, $LC_ALL, $LANGUAGE)
593 * use the bootparams keyboard / xkeyboard to activate specific keyboard layout
594 Usage example: 'grml lang=us keyboard=de xkeyboard=de'
596 Or run one of the following commands:
600 # loadkeys i386/qwertz/de-latin1-nodeadkeys.kmap.gz # console
603 Tags: language, keyboard, configuration
605 Switch setting of caps-control key (switch between ctrl + shift) on keyboard:
609 Mount usb device / usb stick:
611 % mount /mnt/external1 # corresponds to /dev/sda1
613 % mount /mnt/external # corresponds to /dev/sda
615 Install Sun Java packages:
617 Download j2re.bin-file from http://java.sun.com/downloads/index.html and run
619 # apt-get install java-package
620 # fakeroot make-jpkg j2re-*.bin
621 # dpkg -i sun-j2re*.deb
622 # update-alternatives --config java
626 ddrescue is an improved version of dd which tries to read and
627 if it fails it will go on with the next sectors, where tools
634 How to make an audio file (e.g. Musepack format) out of a DVD track:
636 % mkfifo /tmp/fifo.wav
637 % mppenc /tmp/fifo.wav track06.mpc &
638 % mplayer -vo null -vc null -ao pcm:fast:file=/tmp/fifo.wav -dvd-device /dev/dvd dvd://1 -chapter 6-6
640 Adjust the mppenc line with the encoder you would like to use,
641 for example 'oggenc -o track06.ogg /tmp/fifo.wav' for ogg files.
645 % mplayer -vo null -dumpaudio -dumpfile track06.raw -aid N -dvd-device /dev/dvd dvd://1 -chapter 6-6
646 to extract audio without processing, where 'N' is the corresponding audio channel (see 'man mplayer')
648 Usage example for getting a PCM/wave file from audio channel 128:
649 % mplayer -vo null -vc null -ao pcm:fast:file=track06.wav -aid 128 -dvd-device /dev/dvd dvd://6
651 Create simple chroot:
653 # make_chroot_jail $USERNAME
655 Convert DOS formated file to unix format:
657 sed 's/.$//' dosfile > unixfile # assumes that all lines end with CR/LF
658 sed 's/^M$//' dosfile > unixfile # in bash/tcsh, press Ctrl-V then Ctrl-M
659 sed 's/\x0D$//' dosfile > unixfile # gsed 3.02.80, but top script is easier
660 awk '{sub(/\r$/,"");print}' # assumes EACH line ends with Ctrl-M
661 gawk -v BINMODE="w" '1' infile >outfile # in DOS environment; cannot be done with
662 # DOS versions of awk, other than gawk
663 tr -d \r < dosfile > unixfile # GNU tr version 1.22 or higher
664 tr -d '\015' < dosfile > unixfile # use octal value for "\r" (see man ascii)
665 tr -d '[\015\032]' < dosfile > unixfile # sometimes ^Z is appended to DOS-files
666 vim -c ":set ff=unix" -c ":wq" file # convert using vim
667 vim -c "se ff=dos|x" file # ... and even shorter ;)
668 recode ibmpc..lat1 file # convert using recode
669 echo -e "s/\r//g" > dos2unix.sed; sed -f dos2unix.sed < dosfile > unixfile
671 Tags: windows, line, convert, recode, tr, line end,
673 Save live audio stream to file:
675 % mplayer -ao pcm:file=$FILE $URL
677 Save live stream to file:
679 % mplayer -dumpfile $FILE -dumpstream $STREAM
683 % mencoder mms://$URL -o $FILE -ovc copy -oac copy
687 % mimms mms://file.wmv
693 % avimerge -i *.avi -o blub.avi
697 % cat *.mpg > blub.mpg
701 % mencoder file1.wmv -ovc lavc -oac lavc -ofps 25 -srate 48000 -mc 0 -noskip -forceidx -o file1.avi
702 % mencoder file2.wmv -ovc lavc -oac lavc -ofps 25 -srate 48000 -mc 0 -noskip -forceidx -o file2.avi
703 % avimerge -i file1.avi file2.avi -o blub.avi
705 Display MS-Word file:
707 % strings file.doc | fmt | less
713 Convert MS-Word file to postscript:
715 % antiword -p a4 file.doc > file.ps
717 Convert manual to postscript:
719 % zcat /usr/share/man/man1/zsh.1.gz | groff -man > zsh.1.ps
721 % man -t zsh > zsh.ps
725 % dd if=/dev/mem bs=1k skip=768 count=256 2>/dev/null | strings -n 8
727 Read HTTP via netcat:
729 echo -e "GET / HTTP/1.1\r\nHost: $DOMAIN\r\n\r\n" | netcat $DOMAIN 80
731 Get X ressources for specific program:
733 % xrdb -q |grep -i xterm
735 Get windowid of specific X-window:
737 % xwininfo -int | grep "Window id:" | cut -d ' ' -f 4
739 Get titel of specific X-window:
743 check locale - LC_MESSAGES:
745 % locale -ck LC_MESSAGES
747 Create random password:
751 % dd if=/dev/urandom bs=14 count=1 | hexdump | cut -c 9-
753 Get tarballs of various Linux Kernel trees:
756 to get the current stable 2.6 release
759 to get a list of all supported trees
761 Transfer your SSH public key to another host:
763 % ssh-keygen # ssh-keygen / ssh-key-gen: if you don't have a key yet
765 % ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote-system
767 % cat $HOME/.ssh/id_rsa.pub | ssh user@remote-system 'cat >> .ssh/authorized_keys'
769 Tags: ssh, ssh key, public key, ssh-copy-id, ssh-keygen
771 Fetch and potentially change SCSI device parameters:
777 reclaim disk space by linking identical files together:
781 Find and remove duplicate files:
785 Perform layer 2 attacks:
789 Tags: network, attack, security
793 Guess PC-type hard disk partitions / partition table:
797 Perform a standard scan:
800 Write back the guessed table:
801 # gpart -W /dev/ice /dev/ice
803 Tags: partition, recovery, disk
805 Develop, test and use exploit code with the Metasploit Framework:
808 wget http://spool.metasploit.com/releases/framework-3.2.tar.gz
809 unp framework-3.2.tar.gz
813 Useful documentation:
815 % w3m /usr/share/doc/Debian/reference/reference.en.html
817 % xpdf =(zcat /usr/share/doc/Debian/reference/reference.en.pdf.gz)
819 http://grml.org/docs/ grml Documentation
820 http://wiki.grml.org/ grml Wiki
821 http://www.debian.org/doc/ Debian Documentation
822 http://wiki.debian.org/ Debian Wiki
823 http://www.gentoo.org/doc/en/ Gentoo Documentation
824 http://gentoo-wiki.com/ Gentoo Wiki
825 http://www.tldp.org/ The Linux Documentation Project
829 % fortune debian-hints
835 % fortune debian-hints
836 % dpkg -L funny-manpages
838 Backup master boot record (MBR):
840 # dd if=/dev/ice of=/tmp/backup_of_mbr bs=512 count=1
844 Backup partition table:
846 # sfdisk -d /dev/hda > hda.out
848 Restore partition table:
850 # sfdisk /dev/hda < hda.out
852 Tags: backup, partition, sfdisk, recovery
854 Clone disk via network using netcat:
857 # nc -vlp 30000 > hda1.img
859 # dd if=/dev/hda1 | nc -vq 0 192.168.1.2 30000
861 Adjust blocksize (dd's option bs=...) and include 'gzip -c'
864 # dd if=/dev/hda1 bs=32M | gzip -c | nc -vq 0 192.168.1.2 30000
866 Tags: network, backup, dd, netcat
868 Backup specific directories via cpio and ssh:
870 # for f in directory_list; do find $f >> backup.list done
871 # cpio -v -o --format=newc < backup.list | ssh user@host "cat > backup_device"
877 This one uses CPU cycles on the remote server to compare the files:
878 # ssh target_address cat remotefile | diff - localfile
879 # cat localfile | ssh target_address diff - remotefile
881 This one uses CPU cycles on the local server to compare the files:
882 # ssh target_address cat <localfile "|" diff - remotefile
884 Tags: network, backup, ssh
886 Useful tools for cloning / backups:
888 * dd: convert and copy a file
889 * dd_rescue: copies data from one file (or block device) to another
890 * pcopy: a replacement for dd
891 * partimage: back up and restore disk partitions
892 * dirvish: Disk based virtual image network backup system
893 * devclone: in-place filesystem conversion -- device cloning
894 * ntfsclone: efficiently clone, image, restore or rescue an NTFS
895 * dump: ext2/3 filesystem backup
896 * udpcast: multicast file transfer tool
897 * cpio: copy files to and from archives
898 * pax: read and write file archives and copy directory hierarchies
899 * netcat / ssh / tar / gzip / bzip2: additional helper tools
901 Tags: network, backup, ssh, udp, rescue, recovery
903 Use grml as a rescue system:
907 * dd: convert and copy a file
908 * ddrescue: copies data from one file or block device to another
909 * partimage: Linux/UNIX utility to save partitions in a compressed image file
910 * cfdisk: Partition a hard drive
911 * nparted: Newt and GNU Parted based disk partition table manipulator
912 * parted-bf: The GNU Parted disk partition resizing program, small version
913 * testdisk: Partition scanner and disk recovery tool
914 * gpart: Guess PC disk partition table, find lost partitions
918 * e2fsprogs: ext2 file system utilities and libraries
919 * e2tools: utilities for manipulating files in an ext2/ext3 filesystem
920 * e2undel: Undelete utility for the ext2 file system
921 * ext2resize: an ext2 filesystem resizer
922 * recover: Undelete files on ext2 partitions
926 * reiser4progs: administration utilities for the Reiser4 filesystem
927 * reiserfsprogs: User-level tools for ReiserFS filesystems
931 * xfsdump: Administrative utilities for the XFS filesystem
932 * xfsprogs: Utilities for managing the XFS filesystem
936 * jfsutils: utilities for managing the JFS filesystem
940 * ntfsprogs: tools for doing neat things in NTFS partitions from Linux
941 * salvage-ntfs: free NTFS data recovery tools
942 * scrounge-ntfs: data recovery program for NTFS file systems
943 * ntfsresize: resize ntfs partitions
945 Tags: ntfs, jfs, xfs, ext3, rescue, recovery, backup, filesystem, tools
947 Get ASCII value of a character with zsh:
949 % char=N ; print $((#char))
951 Convert a collection of mp3 files to wave or cdr using zsh:
953 % for i (./*.mp3){mpg321 --w - $i > ${i:r}.wav}
955 Convert images (foo.gif to foo.png) using zsh:
957 % for i in **/*.gif; convert $i $i:r.png
959 Remove all "non txt" files using zsh:
963 Remote Shell Using SSH:
966 % ssh -NR 3333:localhost:22 user@yourhost
969 % ssh user@localhost -p 3333
971 Tags: port forwarding, ssh, remote port, network
973 Reverse Shell with Netcat:
976 % netcat -v -l -p 3333 -e /bin/sh
979 % netcat 192.168.0.1 3333
981 TagS: port forwarding, ssh, remote, network
983 Reverse Shell via SSH:
985 local host (inside the network):
986 % ssh -NR 1234:localhost:22 remote_host
988 remote host (outside the network):
989 % ssh localhost -p 1234
991 Tags: port forwarding, ssh, remote port, network
993 Remove empty directories with zsh:
995 % rmdir ./**/*(/od) 2> /dev/null
997 Find all the empty directories in a tree with zsh:
1001 Find all files without a valid owner and change ownership with zsh:
1003 % chmod user /**/*(D^u:${(j.:u:.)${(f)"$(</etc/passwd)"}%%:*}:)
1005 Display the 5-10 last modified files with zsh:
1007 % print -rl -- /path/to/dir/**/*(D.om[5,10])
1009 Find and list the ten newest files in directories and subdirs (recursive) with zsh:
1011 % print -rl -- **/*(Dom[1,10])
1013 Find most recent file in a directory with zsh:
1015 % setopt dotglob ; print directory/**/*(om[1])
1017 Tunnel all traffic through an external server:
1019 % ssh -ND 3333 username@external.machine
1021 Then set the SOCKS4/5 proxy to localhost:3333.
1022 Check whether it's working by surfing e.g. to checkip.dyndns.org
1024 Tags: ssh, network, proxy, socks, tunnel
1026 Tunnel everything through SSH via tsocks:
1028 set up the SSH proxy on the client side:
1030 % ssh -ND 3333 user@remote.host.example.com
1032 Adjust /etc/tsocks.conf afterwards (delete all other lines):
1037 For programs who natively support proxying connections (e.g. Mozilla
1038 Firefox) you can now set the proxy address to localhost port 3333.
1040 All other programs which's connections you want to tunnel through your
1041 external host are prefixed with tsocks, e.g.:
1043 % tsocks netcat example.com 80
1044 % tsocks irssi -c irc.quakenet.eu.org -p 6667
1046 If you call tsocks without parameters it executes a shell witht the
1047 LD_PRELOAD environment variable already set and exported.
1049 Tags: ssh, network, proxy, socks, tunnel, tsocks
1051 smartctl - control and monitor utility for harddisks using Self-Monitoring,
1052 Analysis and Reporting Technology (SMART):
1054 # smartctl --all /dev/ice
1056 If you want to use smartctl on S-ATA (sata) disks use:
1058 # smartctl -d ata --all /dev/sda
1061 # smartctl -t offline /dev/ice
1064 # smartctl -t short /dev/ice
1066 Display results of test:
1067 # smartctl -l selftest /dev/ice
1069 Query device information:
1070 # smartctl -i /dev/ice
1072 Tags: smart, s.m.a.r.t, info, test, hardware
1074 Mount a BSD / Solaris partition:
1076 # mount -t ufs -o ufstype=ufs2 /dev/hda1 /mnt/hda1
1078 Use ufstype 44bsd for FreeBSD, NetBSD, OpenBSD (read-write).
1079 Use ufstype ufs2 for >= FreeBSD 5.x (read-only).
1080 Use ufstype sun for SunOS (Solaris) (read-write).
1081 Use ufstype sunx86 for SunOS for Intel (Solarisx86) (read-write).
1083 See /usr/share/doc/linux-doc-$(uname -r)/Documentation/filesystems/ufs.txt.gz
1086 Tags: ufs, bsd, mount, solaris
1088 Read BIOS (and or BIOS) password:
1090 # dd if=/dev/mem bs=512 skip=2 count=1 | hexdump -C | head
1092 Clone one of the kernel trees via git:
1094 git clone rsync://rsync.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git
1095 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1096 This path defines the tree. See http://kernel.org/git/ for an overview.
1098 Mount filesystems over ssh protocol:
1100 % sshfs user@host:/remote_dir /mnt/test
1104 % fusermount -u /mnt/test
1106 (Notice: requires fuse kernel module)
1108 Tags: ssh, sshfs, network, mount, directory, remote, fuse
1110 Install Gentoo using grml:
1112 See http://www.gentoo.org/doc/en/altinstall.xml
1114 Convert files from Unicode / UTF-8 to ISO:
1116 % iconv -c -f utf8 -t iso-8859-15 < utffile > isofile
1120 % iconv -f iso-8859-15 -t utf8 < isofile > utffile
1122 Tags: utf-8, iso, unicode, utf8
1124 Assign static setup for network cards (NICs) via udev:
1126 Retrieve information for address (corresponding to MAC address):
1128 # udevadm info -a -p /sys/class/net/eth0/ | grep -i 'ATTR{address}'
1130 Execute /lib/udev/write_net_rules with according values (INTERFACE
1131 is old NIC name, INTERFACE_NAME is new NIC name and MATCHADDR
1132 is the MAC address retrieved with udevadm info command):
1134 # INTERFACE=eth0 INTERFACE_NAME=lan0 MATCHADDR=00:00:00:00:00:01 /lib/udev/write_net_rules
1136 This will generate file /etc/udev/rules.d/70-persistent-net.rules with content:
1138 SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:00:00:00:00:01", KERNEL=="eth*", NAME="lan0"
1140 Finally take down the interface (ifdown/ifconfig) and execute:
1142 # udevadm trigger --action=add --subsystem-match=net
1144 so the interface will be renamed. (Rebooting or
1145 unloading drivers/restart udev/loading drivers again
1146 works as well of course.)
1148 Tags: udev, configuration, name, eth0, howto
1150 Change the suffix from *.sh to *.pl using zsh:
1153 % zmv -W '*.sh' '*.pl'
1155 Generate SSL certificate:
1157 Create self signed certificate (adjust /etc/ssl/openssl.cnf if necessary):
1158 # openssl req -x509 -newkey rsa:1024 -keyout keyfile -out certfile -days 9999 -nodes
1161 # openssl x509 -in certfile -text
1163 Verify against CA certificate:
1164 # openssl verify -CAfile cacert.crt -verbose -purpose sslserver
1166 Generate 2048bit RSA-key:
1167 # openssl req -new -x509 -keyout pub-sec-key.pem -out pub-sec-key.pem -days 365 -nodes
1169 As before but add request to existing key pub-sec-key.pem:
1170 # openssl req -new -out request.pem -keyin pub-sec-key.pem
1172 Show request request.pem:
1173 # openssl req -text -noout -in request.pem
1175 Verify signature of request request.pem:
1176 # openssl req -verify -noout -in request.pem
1178 Generate SHA1 fingerprint (modulo key) of request.pem:
1179 # openssl req -noout -modulus -in request.pem | openssl sha1 -c
1181 Generate 2048bit RSA-key and put it to pub-sec-key.pem. Save self signed certificate in self-signed-certificate.pem:
1182 # openssl req -x509 -days 365 -newkey rsa:2048 -out self-signed-certificate.pem -keyout pub-sec-key.pem
1184 As before but create self signed certificate based on existing key pub-sec-key.pem:
1185 # openssl req -x509 -days 365 -new -out self-signed-certificate.pem -key pub-sec-key.pem
1187 Generate new request out of existing self signed certificate:
1188 # openssl x509 -x509toreq -in self-signed-certificate.pem -signkey pub-sec-key.pem -out request.pem
1190 Display certificate self-signed-certificate.pem in plaintext:
1191 # openssl x509 -text -noout -md5 -in self-signed-certificate.pem
1193 Check self signed certificate:
1194 # openssl verify -issuer_checks -CAfile self-signed-certificate.pem self-signed-certificate.pem
1196 Estable OpenSSL-connection using self-signed-certificate.pem and display certificate:
1197 # openssl s_client -showcerts -CAfile self-signed-certificate.pem -connect www.example.com:443
1199 Generate ssl-certificate for use with apache2:
1201 export RANDFILE=/dev/random
1202 mkdir /etc/apache2/ssl/
1203 openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem
1204 chmod 600 /etc/apache2/ssl/apache.pem
1206 Also take a look at make-ssl-cert (debconf wrapper for openssl):
1208 # /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/apache.pem
1210 and mod-ssl-makecert (utility to create SSL certificates in /etc/apache/ssl.*/).
1212 Tags: openssl, howto
1214 Change Windows NT password(s):
1216 # mount -o rw /mnt/hda1
1217 # cd /mnt/hda1/WINDOWS/system32/config/
1218 # chntpw SAM SECURITY system
1220 Notice: if mounting the partition read-write did not work (check syslog!)
1221 try using mount.ntfs-3g instead: mount.ntfs-3g /dev/hda1 /mnt/hda1
1223 (Be careful with deactivating syskey!)
1225 Tags: password, windows, recovery, chntpw, howto
1227 glark - replacement for grep written in Ruby:
1229 A replacement for (or supplement to) the grep family, glark offers:
1230 Perl compatible regular expressions, highlighting of matches,
1231 context around matches, complex expressions and automatic exclusion
1236 % glark -y keyword file # display only the region that matched, not the entire line
1237 % glark -o format print *.h # search for either "printf" or "format"
1239 More information: man glark
1241 Find CD burning device(s):
1243 General information on CD-ROM:
1244 % cat /proc/sys/dev/cdrom/info
1246 Scan using ATA Packet specific SCSI transport:
1247 # cdrecord -dev=ATA -scanbus
1248 # cdrecord-prodvd -s -scanbus dev=ATA
1250 Get specific information for /dev/ice:
1251 # cdrecord dev=/dev/ice -scanbus
1253 Tags: hardware, info, cd burn
1255 Create devices in /dev on udev:
1257 For example create md devices (/dev/md0, /dev/md1,...):
1258 # cd /dev ; WRITE_ON_UDEV=1 ./MAKEDEV md
1262 Identify network device (NIC):
1264 # ethtool -i $DEVICE
1266 Show NIC statistics:
1268 # ethtool -S $DEVICE
1270 If your NIC shows some aging signs, you may want to be sure:
1272 # ethtool -t $DEVICE
1274 Disable TCP/UDP checksums:
1276 # ethtool -K $DEVICE tx off
1278 Tags: configuration, network, device
1280 grml2hd seems to hang? Getting Squashfs errors? Problems while booting?
1282 Switch to tty12 and take a look at the syslog. If you see something like:
1284 SQUASHFS error: zlib_fs returned unexpected result 0x........
1285 SQUASHFS error: Unable to read cache block [.....]
1286 SQUASHFS error: Unable to read inode [.....]
1288 your ISO/CD-ROM very probably is not ok. Verify it via booting with grml testcd.
1289 Check your CD low-level via running:
1291 # readcd -c2scan dev=/dev/cdrom
1293 If the medium really is ok and it still fails try to boot with deactivated DMA
1294 via using grml nodma at the bootprompt.
1296 Tags: grml2hd, installation, verify, squashfs, error
1298 Write a Microsoft compatible boot record (MBR) using ms-sys
1300 Write a Windows 2000/XP/2003 MBR to a device:
1302 # ms-sys -m /dev/ice
1304 Notice: grab ms-sys from http://ms-sys.sourceforge.net/ - demo:
1306 wget http://surfnet.dl.sourceforge.net/sourceforge/ms-sys/ms-sys-2.1.3.tgz
1307 unp ms-sys-2.1.3.tgz
1312 Tags: mbr, windows, ms-sys, recovery
1314 Use a Vodafone 3G Datacard (UMTS) with Linux:
1316 Plug in your vodafone card and check in syslog whether the appropriate
1317 (probably /dev/ttyUSB0 or /dev/noz0) has been created. If so run:
1320 # wvdial --config /etc/wvdial.conf.umts $PROFILE
1323 # comgt -d /dev/ttyUSB0
1324 # wvdial --config /etc/wvdial.conf.umts a1usb
1326 # comgt -d /dev/noz0
1327 # wvdial --config /etc/wvdial.conf.umts tmnozomi
1329 # comgt -d /dev/noz0
1330 # wvdial --config /etc/wvdial.conf.umts dreiusb
1332 # comgt -d /dev/ttyACM0
1333 # wvdial --config /etc/wvdial.conf.umts yesss
1335 If you receive invalid DNS nameservers when connecting, like:
1338 --> primary DNS address 10.11.12.13
1339 --> secondary DNS address 10.11.12.14
1341 just provide a working nameserver to resolvconf via:
1343 # echo "nameserver 80.120.17.70" | resolvconf -a ppp0
1345 Notice: some vodafone cards require the nozomi driver (run 'modprobe nozomi' on
1346 your grml system), some other ones require the sierra driver (run
1349 If your device isn't supported by usbserial yet, manually provide vendor and
1350 product ID when loading the usbserial module. Usage example:
1354 Bus 004 Device 008: ID 1199:6813 Sierra Wireless, Inc.
1356 # modprobe usbserial vendor=0x1199 product=0x6813
1358 To get a list of available providers execute:
1360 # comgt -s -d /dev/ttyUSB0 /etc/comgt/operator
1362 Tags: umts, 3g, vodafone, sierra, wvdial, ppp, howto
1364 hdparm - get/set hard disk parameters
1366 Display the identification info that was obtained from the drive at boot time,
1368 # hpdarm -i /dev/ice
1370 Request identification info directly from the drive:
1371 # hpdarm -I /dev/ice
1373 Perform timings of device + cache reads for benchmark and comparison purposes:
1374 # hdparm -tT /dev/ice
1376 Tags: hardware, performance, configuration, harddisk
1378 bonnie++ - program to test hard drive performance.
1380 # mkdir /mnt/benchmark
1381 # mount /dev/ice /mnt/benchmark
1382 # chmod go+w /mnt/benchmark
1383 # bonnie -u grml -d /mnt/benchmark -s 2000M
1385 Tags: benchmark, harddisk
1387 Use gizmo with a bluetooth headset:
1389 % DEVICE="/dev/dsp$(awk '/- BT Headset/ {print $1}' /proc/asound/cards)"
1390 % gizmo --mic $DEVICE --speaker $DEVICE
1392 Scan a v4l device for TV stations:
1394 % scantv -c /dev/video0 -C /dev/vbi0 -o ~/.xawtv
1396 Then running xawtv should work:
1400 Run apt-get with timeout of 3 seconds:
1402 # apt-get -o acquire::http::timeout=3 update
1406 Debian GNU/Linux device driver check page
1408 % $BROWSER http://kmuto.jp/debian/hcl/index.cgi
1410 Use dd with status line:
1412 # dd if=/dev/ice conv=noerror,notrunc,sync | buffer -S 100k | dd of=/tmp/file
1414 Generate a 512k file of random data with status bar:
1416 % dd if=/dev/random bs=1024 count=512 | bar -s 512k -of ./random
1418 Install Grub instead of lilo on grml installation (grml2hd):
1423 adjust grub's configuration file menu.lst:
1424 # $EDITOR /boot/grub/menu.lst
1426 now install grub (usage example for /dev/sda1):
1433 Install Ubuntu using grml:
1435 See https://wiki.ubuntu.com/Installation/FromKnoppix
1437 Tags: ubuntu, installation
1439 Resize ext2 / ext3 partition:
1441 # tune2fs -O '^has_journal' /dev/iceX # disable journaling
1442 # fsck.ext2 -v -y -f /dev/iceX # check the filesystem
1443 # resize2fs -p /dev/iceX $SIZE # resize it (adjust $SIZE)
1444 # fdisk /dev/ice # adjust partition in partition table
1445 # fsck.ext2 -v -y -f /dev/iceX # check filesystem again
1446 # resize2fs -p /dev/iceX # resize it to maximum
1447 # tune2fs -j /dev/iceX # re-enable journal
1449 Tags: resize, ext2, ext3, ext4, partition, howto
1451 Tune ext2 / ext3 filesystem:
1453 Check partition first:
1455 # tune2fs -l /dev/iceX
1457 If you don't see dir_index in the list, then enable it:
1459 # tune2fs -O dir_index /dev/iceX
1461 Now run e2fsck with the -D option to have the directories optimized:
1463 # e2fsck -D /dev/iceX
1465 Notice: since e2fsprogs (1.39-1) filesystems are created with
1466 directory indexing and on-line resizing enabled by default.
1468 Tags: configuration, ext2, ext3, ext4, partition
1470 Search for printers via network:
1472 # pconf_detect -m NETWORK -i 192.168.0.1/24
1474 Tags: printer, network, scan
1476 Mount a remote directory via webdav (e.g. Mediacenter of GMX):
1478 # mount -t davfs https://mediacenter.gmx.net/ /mnt/test
1480 Tags: webdav, mount, mediacenter, gmx
1482 System-Profiling using oprofile:
1487 # opcontrol --setup --no-vmlinux --event=CPU_CLK_UNHALTED:500000:0:1:1 --separate=library
1492 Now $DO_SOME_TASKS...
1495 # opcontrol --shutdown
1497 Then take a look at the reports using something like e.g.:
1498 # opreport -t 0.5 --exclude-dependent
1499 # opreport -t 0.5 /path/to/executable_to_check
1500 # opannotate -t 0.5 --source --assembly
1502 Tags: profile, profiling, opcontrol, howto
1504 Install ATI's fglrx driver for Xorg / X.org:
1506 Usually there already exist drivers for the grml-system:
1507 # apt-get update ; apt-get install fglrx-driver fglrx-kernel-`uname -r`
1509 After installing adjust xorg.conf via running:
1510 # aticonfig --initial --input=/etc/X11/xorg.conf
1512 For more information take a look at http://wiki.grml.org/doku.php?id=ati
1514 Tags: xorg, x11, driver, ati
1516 Install nvidia driver for Xorg / X.org:
1518 Usually there already exist drivers for the grml-system:
1519 # apt-get update ; apt-get install nvidia-glx nvidia-kernel-`uname -r`
1521 Then switch from module nv to nvidia:
1523 # sed -i 's/Driver.*nv.*/Driver "nvidia"/' /etc/X11/xorg.conf
1525 Tags: xorg, x11, driver, nvidia
1527 glxgears - a GLX demo that draws three rotating gears
1529 To print frames per second (fps) use:
1530 % glxgears -printfps
1532 Tags: xorg, x11, glx,
1534 You forgot to boot with 'grml noeject noprompt' to avoid
1535 ejecting and prompting for CD removal when rebooting/halting
1546 If you want to avoid only the prompting part, run:
1554 Tags: bootparam, fix, grml
1556 Mount wikipedia local via fuse:
1558 Adjust configuration:
1559 % cat ~/.wikipediafs/config.xml
1562 <article-cache-time>300</article-cache-time>
1566 <dirname>wikipedia-de</dirname>
1567 <host>de.wikipedia.org</host>
1568 <basename>/w/index.php</basename>
1571 <dirname>wikipedia-en</dirname>
1572 <host>en.wikipedia.org</host>
1573 <basename>/w/index.php</basename>
1578 Mount it (/wiki must exist of course):
1579 % mount.wikipediafs /wiki
1580 % cat /wiki/wikipedia-en/Cat
1583 % fusermount -u /wiki
1585 Tags: fuse, wikipedia, mount
1587 Remote notification on X via osd (on screen display):
1589 Start osd_server.py at your local host (listens on port 1234 by default):
1592 Then login to a $REMOTEHOST
1593 % ssh -R 1234:localhost:1234 $REMOTEHOST
1595 Now send the text to your local display via running something like:
1596 % echo "text to send" | nc localhost 1234
1598 Very useful when you are waiting for a long running job
1599 but want to do something else in the meanwhile:
1601 % ./configure && make && echo "finished compiling" | netcat localhost 1234
1603 You can use this in external programs as well of course. Examples:
1605 Use osd in centericq:
1607 % cat ~/.centericq/external
1616 if [ -x /usr/bin/socat -a -x /bin/netcat ] ; then
1617 CONTACT_CUSTOM_NICK=$(cat ${CONTACT_INFODIR}/info | head -n 46 | tail -n 1)
1618 osd_msg="*** CenterICQ: new ${EVENT_NETWORK} ${EVENT_TYPE} from ${CONTACT_CUSTOM_NICK} ***"
1619 if echo | socat - TCP4:localhost:1234 &>/dev/null ; then
1620 echo "${osd_msg}" | netcat localhost 1234
1624 Use it in the IRC console client irssi via running:
1628 You can even activate the port forwarding by default globally:
1633 RemoteForward 1234 127.0.0.1:1234
1636 Notice: if you get 'ABORT: Requested font not found' make sure the
1637 requested font is available, running 'LANG=C LC_ALL=C osd_server.py...'
1640 Tags: osd, notification, ssh, network, port-forwarding
1642 Avoid automatical startup of init scripts via invoke-rc.d:
1644 First of all make sure the package policyrcd-script-zg2 (which
1645 provides the /usr/sbin/policy-rc.d interface) is installed.
1647 In policyrcd-script-zg2's configuration file named
1648 /etc/zg-policy-rc.d.conf the script /usr/sbin/grml-policy-rc.d is
1649 defined as the interface for handling invoke-rc.d's startup policy.
1651 grml-policy-rc.d can be configure via /etc/policy-rc.d.conf. By
1652 default you won't notice any differences to Debian's default
1653 behaviour, except that invoke-rc.d won't be executed if a chroot has
1654 been detected (detection: /proc is missing).
1656 If you want to disable automatical startup of newly installed packages
1657 (done via the invoke-rc.d mechanism) just set EXITSTATUS to '101' in
1658 /etc/policy-rc.d.conf.
1660 To restore the default behaviour set EXITSTATUS back to '0' in
1661 /etc/policy-rc.d.conf.
1663 Tags: policy, init, script, invode-rc.d
1665 Install VMware-Tools for grml:
1667 First of all make sure a CD-ROM device in VMware is available.
1669 Mount the CD-ROM device to /mnt/cdrom, then unpack and install
1673 unp /mnt/cdrom/vmware-linux-tools.tar.gz
1674 cd vmware-tools-distrib
1677 /etc/init.d/networking stop
1682 /etc/init.d/networking start
1684 In an X terminal, launch the VMware Tools running:
1688 Tags: vmware, tool, vmware-toolbox, howto
1690 Some important Postfix stuff
1698 Send all messages in the queue:
1702 Send all messages in the queue for a specific site:
1706 Delete a specific message
1707 # postsuper -d 12345678942
1709 Deletes all messages held in the queue for later delivery
1710 # postsuper -d ALL deferred
1712 Mail queues in postfix:
1714 incoming -> mail who just entered the system
1715 active -> mail to be delivered
1716 deferred -> mail to be delivered later because there were problems
1717 hold -> mail that should not be delivered until released from hold
1719 For configuration of postfix take a look at
1720 /etc/postfix/master.cf - man 5 master
1721 /etc/postfix/main.cf - man 5 postconf
1722 and http://www.postfix.org/documentation.html.
1726 mode 4000 - set user ID (suid):
1728 - for executable files: run as the user who owns the file, instead of the
1729 user who runs the file
1730 - for directories: not used
1732 mode 2000 - set group ID (guid):
1734 - for executable files: run as the group who owns the file, instead of the
1735 group of the user who runs the file
1736 - for directories: when a file is created inside the directory, it belongs
1737 to the group of the directory instead of the default group of the user who
1740 mode 1000 - sticky bit:
1742 - for files: not used
1743 - for directories: only the owner of a file can delete or rename the file
1745 Tags: postix, mailq, postsuper, queue, delete, smtp
1747 Create MySQL database
1749 # apt-get install mysql-client mysql-server
1751 Run 'mysql' as root - create a database with:
1753 create database grml
1755 Give a user access to the database (without password):
1757 grant all on grml.* to mika;
1759 Give a user access to the database (with password):
1761 grant all on grml.* to enrico identified by "PASSWORD";
1763 Tags: mysql, database
1765 Setup an HTTPS website:
1767 Create a certificate:
1769 # mkdir /etc/apache2/ssl
1770 # make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
1772 Create a virtual host on port 443:
1774 <VirtualHost www.foo.invalid:443>
1778 Enable SSL in the VirtualHost:
1781 SSLCertificateFile /etc/apache2/ssl/apache.pem
1783 Enable listening on the HTTPS port (/etc/apache2/ports.conf):
1787 and make sure the SSL module is used:
1791 Tags: ssl, https, configuration, apache
1793 Useful Apache / Apache2 stuff
1795 Check configuration file via running:
1797 # apache2ctl configtest
1805 # a2enmod modulename
1807 Tags: apache, configuration
1809 Create tar archive and store it on remote machine:
1811 % tar zcf - /sourcedir | ssh user@targethost "cat >file.tgz"
1813 Tags: tar, backup, remote, network, ssh
1815 Pick out and displays images from network traffic:
1819 Tags: remote, network, sniff, image
1821 Install Flash plugin:
1823 # dpkg-reconfigure flashplugin-nonfree
1827 To test a proxy, low level way:
1831 GET http://www.google.com HTTP/1.0 [press enter twice]
1835 Adjust system for use of qemu with kqemu:
1837 Make sure you have all you need:
1838 # aptitude update ; aptitude install qemu kqemu-modules-$(uname -r)
1843 mknod /dev/kqemu c 250 0
1844 chmod 666 /dev/kqemu
1845 chmod 666 /dev/net/tun
1847 Check kqemu support via starting qemu, press
1848 Ctrl-Alt-2 and entering 'info kqemu'.
1850 (High-Load) Debugging related tools:
1852 mpstat # report processors related statistics
1853 iostat # report CPU statistics and input/output statistics for devices and partitions
1854 vmstat # report virtual memory statistics
1855 slabtop # display kernel slab cache information in real time
1856 atsar # system activity report
1857 dstat # versatile tool for generating system resource statistics
1868 Tags: test, debug, information, hardware, statistic
1870 Using WPA for network setup manually:
1872 # wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf
1874 Adjust the options and configuration file to your needs.
1875 Also take a look at 'grml-network'.
1877 Tags: wireless, wpa, network, configuration
1879 Start X and lock console via exiting:
1881 % startx 2>~/.xsession-errors &| exit
1883 Tags: xorg, x11, startx, graphical
1885 Which process is writing to disk and/or causes the disk to spin up?
1887 First of all use lsof to check what's going on. Does not help? ->
1889 # echo 1 > /proc/sys/vm/block_dump
1891 The command sets a sysctl to cause the kernel to log all disk
1892 writes. Please notice that there is a lot of data. So please
1893 disable syslogd/syslog-ng before you do this, or you must make
1894 sure that kernel output is not logged.
1896 When you're done, disable block dump using:
1897 # echo 0 > /proc/sys/vm/block_dump
1900 laptop-mode-tools provides a tool named lm-profiler (laptop mode profiler)
1901 which handles block_dump on its own.
1903 See: $KERNEL-SOURCE/Documentation/laptop-mode.txt
1905 Also take a look at event-viewer(8) which is part of grml-debugtools.
1907 Tags: debug, device, block, partition
1909 Install initrd via initramfs-tools for currently running kernel:
1911 # update-initramfs -c -t -k $(uname -r)
1915 Install initrd via yaird for currently running kernel:
1917 # yaird -o /boot/initrd.img-$(uname -r)
1919 Install initrd via yaird for specific kernel:
1923 # yaird -o /boot/initrd.img-2.6.15-1-686 2.6.15-1-686
1925 Reinstall package with its original configuration files:
1927 # apt-get install --reinstall -o DPkg::Options::=--force-confmiss -o \
1928 DPkg::Options::=--force-confnew package
1930 grml 0.8 funkenzutzler - rt2x00 drivers:
1932 To avoid conflicts with the other rt2x00-drivers the package rt2x00 (which
1933 includes beta-version drivers) is not installed by default. If you want to
1934 use the kernel modules rt2400pci, rt2500pci, rt2500usb, rt61pci and/or
1935 rt73usb please install the package manually running:
1937 # dpkg -i /usr/src/rt2x00-modules-*.deb
1939 Use Java with jikes and jamvm on grml:
1943 % cp /usr/share/doc/grml-templates/template.java .
1944 % jikes template.java
1947 Notice that grml exports $JIKESPATH (/usr/share/classpath/glibj.zip),
1948 so you do not have to manually run
1949 jikes --bootclasspath /usr/share/classpath/glibj.zip
1951 Online resizing of (Software-)RAID5:
1953 # Initiate a RAID5 setup for testing purposes:
1954 mdadm --create --verbose /dev/md0 --level=5 --raid-devices=3 /dev/hda1 /dev/hdb1 /dev/hdd1
1956 # Create filesystem, mount md0, create a testfile and save md5sum for
1959 mount /dev/md0 /mnt/test
1960 dd if=/dev/urandom of=/mnt/test/dd bs=512 count=10000
1961 md5sum /mnt/test/dd > md5sum
1963 # Make sure the RAID is synched via checking:
1966 # Now remove one partition:
1967 mdadm /dev/md0 --fail /dev/hdd1 --remove /dev/hdd1
1969 # Delete partition, create a new + bigger one and set partition type to fd
1970 # (Linux raid autodetect):
1973 # And re-add the partition:
1974 mdadm -a /dev/md0 /dev/hdd1
1976 # Make sure the RAID is synched via checking:
1979 # Repeat the steps for all other disks/partitions as well:
1980 mdadm /dev/md0 --fail /dev/hdb1 --remove /dev/hdb1
1982 mdadm -a /dev/md0 /dev/hdb1
1984 mdadm /dev/md0 --fail /dev/hda1 --remove /dev/hda1
1986 mdadm -a /dev/md0 /dev/hda1
1989 # Now resize the RAID5 system online [see 'man mdadm' for details]:
1990 mdadm --detail /dev/md0 | grep -e 'Array Size' -e 'Device Size'
1991 mdadm --grow /dev/md0 -z max
1992 mdadm --detail /dev/md0 | grep -e "Array Size" -e 'Device Size'
1994 # Last step - resize the filesystem (online again):
1997 Tags: raid, resize, raid5, mdadm
1999 ext3 online resizing:
2001 Starting with Linux kernel 2.6.10 you can resize ext3 online. With
2002 e2fsprogs >=1.39-1 new filesystems are created with directory indexing and
2003 on-line resizing enabled by default (see /etc/mke2fs.conf).
2007 cfdisk /dev/hda # create a partition with type 8e (lvm)
2008 pvcreate /dev/hda2 # create a physical volume
2009 vgcreate resize_me /dev/hda2 # create volume group
2010 lvcreate -n resize_me -L100 resize_me # create a logical volume
2011 mkfs.ext3 /dev/resize_me/resize_me # now create a new filesystem
2012 mount /dev/resize_me/resize_me /mnt/test # mount the new fs for demonstrating online resizing
2013 df -h # check the size of the partition
2014 lvextend -L+100M /dev/resize_me/resize_me # let's extend the logical volume
2015 resize2fs /dev/resize_me/resize_me # and finally resize the filesystem
2016 df -h # recheck the size of the partition
2018 This also works for Software-RAID. Demo:
2020 mdadm --create --verbose /dev/md0 --level=raid1 --raid-devices=2 /dev/hda2 /dev/hdb1
2022 mount /dev/md0 /mnt/test
2023 mdadm /dev/md0 --fail /dev/hda2 --remove /dev/hda2
2024 cfdisk /dev/hda # adjust partition size for hda2
2025 mdadm /dev/md0 --add /dev/hda2
2026 mdadm /dev/md0 --fail /dev/hdb1 --remove /dev/hdb1
2027 cfdisk /dev/hdb # adjust partition size for hdb1
2028 mdadm /dev/md0 --add /dev/hdb1
2029 mdadm --grow /dev/md0 --size=max
2032 Notice: online resizing works as soon as the kernel can re-read the
2033 partition table. So it works for example with LVM and SW-RAID but not with
2034 a plain device (/dev/[sh]d*). The kernel does not re-read the partition
2035 table if the device is already mounted.
2037 Tags: resize, raid, lvm, ext2, ext3, ext4, raid1
2039 Use vim as an outline editor:
2041 % $PAGER /usr/share/doc/vim-vimoutliner/README.Debian
2045 Monitor directories/files for changes using iwatch
2047 Monitor /tmp for changes:
2050 Monitor files/directories specified in /etc/iwatch.xml
2051 and send mail on changes:
2054 Tags: inotify, watch, file, directory
2056 Some often used mdadm commands:
2059 # mdadm --create --verbose /dev/md0 --level=raid1 --raid-devices=2 /dev/hda1 /dev/hdb1
2061 Display details of specific RAID:
2062 # mdadm --detail /dev/md0
2065 Simulating a drive failure by software:
2066 # mdadm --manage --set-faulty /dev/md0 /dev/hda1
2068 Remove disk from RAID:
2069 # mdadm /dev/md0 -r /dev/hda1
2071 Set disk as faulty and remove from RAID:
2072 # mdadm /dev/md0 --fail /dev/hda1 --remove /dev/hda1
2077 Restart a RAID-device:
2080 Add another disk to existing RAID setup (hotadd):
2081 # mdadm /dev/md0 -a /dev/hde1
2082 # mdadm --grow /dev/md0 --raid-devices=4
2084 Assemble and start all arrays:
2085 # mdadm --assemble --scan
2087 Assemble a specific array:
2088 # mdadm --assemble /dev/md0 /dev/sda1 /dev/sdb1 /dev/sdc1
2091 # mdadm --assemble --run --force --update=resync /dev/md0 /dev/sda1 /dev/sda2
2094 # mdadm --stop --scan
2096 Scan for and setup arrays automatically:
2097 # mdadm --assemble --scan --auto=yes --verbose
2099 Notice: If the above does not work make sure /etc/mdadm/mdadm.conf contains:
2101 CREATE owner=root group=disk mode=0660 auto=yes
2106 # /usr/share/mdadm/mkconf > /etc/mdadm/mdadm.conf
2109 Monitoring the sw raid
2110 # nohup mdadm --monitor --mail=root@localhost --delay=300 /dev/md0
2112 Producing /etc/mdadm/mdadm.conf:
2113 # mdadm --detail --scan > /etc/mdadm/mdadm.conf
2115 See also: man mdadm | less -p "^EXAMPLES"
2116 http://www.tldp.org/HOWTO/Software-RAID-HOWTO.html
2118 Tags: raid, raid1, raid5, configuration, mdadm, howto
2120 A quick summary of the most commonly used RAID levels:
2123 => 2 disks each 160 GB: 320 GB data
2124 RAID 1: Mirrored Set
2125 => 2 disks each 160 GB: 160 GB data
2126 RAID 5: Striped Set with Parity
2127 => 3 disks each 160 GB: 320 GB data; 160 GB redundancy
2129 Common nested RAID levels:
2130 RAID 01: A mirror of stripes
2131 RAID 10: A stripe of mirrors
2132 RAID 30: A stripe across dedicated parity RAID systems
2133 RAID 100: A stripe of a stripe of mirrors
2135 -- http://en.wikipedia.org/wiki/RAID
2137 Tags: raid, raid1, raid5, raid01, raid10, raid100
2139 Logical Volume Management (LVM) with Linux
2144 | hda1 hdc1 (PV:s on partitions or whole disks)
2150 | usrlv rootlv varlv (LV:s)
2152 | ext3 ext3 xfs (filesystems)
2154 Often used commands:
2155 ~~~~~~~~~~~~~~~~~~~~
2157 Create a physical volume:
2158 # pvcreate /dev/hda2
2160 Create a volume group:
2161 # vgcreate testvg /dev/hda2
2163 Create a logical volume:
2164 # lvcreate -n test_lv -L100 testvg
2166 Resize a logical volume:
2167 # lvextend -L+100M /dev/resize_me/resize_me
2168 # resize2fs /dev/resize_me/resize_me # ext2/3
2169 # xfs_growfs /dev/resize_me/resize_me # xfs
2170 # resize_reiserfs -f /dev/resize_me/resize_me # reiserfs online
2171 # mount -o remount,resize /dev/resize_me/resize_me # jfs
2173 Create a snapshot of a logical volume:
2174 # lvcreate -L 500M --snapshot -n mysnap /dev/testvg/test_lv
2176 Deactivate a volume group:
2177 # vgchange -a n my_volume_group
2179 Actually remove a volume group:
2180 # vgremove my_volume_group
2182 Display information about physical volume:
2183 # pvdisplay /dev/hda1
2185 Remove physical volume:
2186 # vgreduce my_volume_group /dev/hda1
2188 Remove logical volume:
2189 # umount /dev/myvg/homevol
2190 # lvremove /dev/myvg/homevol
2193 http://www.tldp.org/HOWTO/LVM-HOWTO/
2195 Tags: lvm, howto, pvcreate, lvcreate
2197 How to use APT locally
2199 Sometimes you have lots of packages .deb that you would like to use APT to
2200 install so that the dependencies would be automatically solved. Solution:
2203 dpkg-scanpackages debs /dev/null | gzip > debs/Packages.gz
2204 echo " deb file:/root debs/" >> /etc/apt/sources.list
2205 dpkg-scansources debs | gzip > debs/Sources.gz
2206 echo " deb-src file:/root debs/" >> /etc/apt/sources.list
2208 See also: http://www.debian.org/doc/manuals/apt-howto/ch-basico.en.html
2212 Check filesystem's LABEL:
2217 ext2/3 without blkid:
2218 # dumpe2fs /dev/sda1 | grep "Filesystem volume name"
2221 # xfs_admin -l /dev/sda1
2223 reiserfs without blkid:
2224 # debugreiserfs /dev/sda1 | grep -i label
2227 # jfs_tune -l /dev/sda1 | grep -i label
2229 reiser4 without blkid:
2230 # debugfs.reiser4 /dev/sda1 | grep -i label
2232 Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs, label
2234 Check filesystem's UUID:
2239 ext2/3 without blkid:
2240 # dumpe2fs /dev/sda1 | grep -i UUID
2243 # xfs_admin -u /dev/sda1
2245 reiserfs without blkid:
2246 # debugreiserfs /dev/sda1 | grep -i UUID
2248 reiser4 without blkid:
2249 # debugfs.reiser4 /dev/sda1 | grep -i UUID
2251 Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs, uuid
2253 Change a filesystem's LABEL:
2256 # mkswap -L $LABEL /dev/sda1
2259 # e2label /dev/sda1 $LABEL
2260 # tune2fs -L $LABEL /dev/sda1
2263 # reiserfstune -l $LABEL /dev/sda1
2266 # jfs_tune -L $LABEL /dev/sda1
2269 # xfs_admin -L $LABEL /dev/sda1
2272 # echo 'drive i: file="/dev/sda1"' >> ~/.mtoolsrc
2273 # mlabel -s i:$LABEL
2276 # ntfslabel $LABEL /dev/sda1
2278 Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs
2280 Disable pdiffs feature of APT:
2283 # echo 'Acquire::PDiffs "false";' >> /etc/apt/apt.conf
2286 # apt-get update -o Acquire::Pdiffs=false
2288 Backup big devices or files and create compressed splitted
2289 image chunks of it using zsplit
2291 Create backup of /dev/sda named archiveofsda_#.spl.zp in directory
2292 /mnt/sda1/backup, split the files up into chunks of 1GB each and set
2293 read/write buffer to 256kB:
2294 # zsplit -b 256 -N archiveofsda -o /mnt/sda1/backup/ -s 1G /dev/sda
2296 Restore the backup using unzsplit:
2297 # unzsplit -D /dev/sda -d archiveofsda
2299 More usage examples: man zsplit + man unzsplit
2301 Tags: backup, reocvery, spllt, limit, howto
2303 Measure network performance using iperf:
2309 % iperf -c <server_address> -V
2313 Server with 128k TCP window size:
2316 Client with running for 60 seconds and bidirectional test:
2317 % iperf -c <server_address> -r -w128k -t60
2319 Tags: network, benchmark
2321 Framebuffer resolutions:
2323 Resolution in pixels
2324 Color depth | 640x480 800x600 1024x768 1280x1024
2325 256 (8bit)| 769 771 773 775
2326 32000 (15bit)| 784 787 790 793
2327 65000 (16bit)| 785 788 791 794
2328 16.7 Mill.(24bit)| 786 789 792 795
2332 Mode 0x0300: 640x400 (+640), 8 bits
2333 Mode 0x0301: 640x480 (+640), 8 bits
2334 Mode 0x0303: 800x600 (+800), 8 bits
2335 Mode 0x0303: 800x600 (+832), 8 bits
2336 Mode 0x0305: 1024x768 (+1024), 8 bits
2337 Mode 0x0307: 1280x1024 (+1280), 8 bits
2338 Mode 0x030e: 320x200 (+640), 16 bits
2339 Mode 0x030f: 320x200 (+1280), 24 bits
2340 Mode 0x0311: 640x480 (+1280), 16 bits
2341 Mode 0x0312: 640x480 (+2560), 24 bits
2342 Mode 0x0314: 800x600 (+1600), 16 bits
2343 Mode 0x0315: 800x600 (+3200), 24 bits
2344 Mode 0x0317: 1024x768 (+2048), 16 bits
2345 Mode 0x0318: 1024x768 (+4096), 24 bits
2346 Mode 0x031a: 1280x1024 (+2560), 16 bits
2347 Mode 0x031b: 1280x1024 (+5120), 24 bits
2348 Mode 0x0330: 320x200 (+320), 8 bits
2349 Mode 0x0331: 320x400 (+320), 8 bits
2350 Mode 0x0332: 320x400 (+640), 16 bits
2351 Mode 0x0333: 320x400 (+1280), 24 bits
2352 Mode 0x0334: 320x240 (+320), 8 bits
2353 Mode 0x0335: 320x240 (+640), 16 bits
2354 Mode 0x0336: 320x240 (+1280), 24 bits
2355 Mode 0x033c: 1400x1050 (+1408), 8 bits
2356 Mode 0x033d: 640x400 (+1280), 16 bits
2357 Mode 0x033e: 640x400 (+2560), 24 bits
2358 Mode 0x0345: 1600x1200 (+1600), 8 bits
2359 Mode 0x0346: 1600x1200 (+3200), 16 bits
2360 Mode 0x034d: 1400x1050 (+2816), 16 bits
2361 Mode 0x035c: 1400x1050 (+5632), 24 bits
2363 Tags: framebuffer, resolution
2365 Portscan using netcat:
2367 # netcat -v -w2 <host|ip-addr.> 1-1024
2369 Run apt-get but disable apt-listchanges:
2371 APT_LISTCHANGES_FRONTEND=none apt-get ...
2373 Upgrade system but disable apt-listbugs:
2375 APT_LISTBUGS_FRONTEND=none apt-get ...
2377 Set up a Transparent Debian Proxy
2379 Install of apt-cacher, the default config will do:
2380 # apt-get install apt-cacher
2382 Check out the ip address of debian mirror(s).
2383 Then add this to your firewall script:
2385 DEBIAN_MIRRORS="141.76.2.4 213.129.232.18"
2386 for ip in ${DEBIAN_MIRRORS} ; do
2387 ${IPTABLES} -t nat -A PREROUTING -s $subnet -d $ip -p tcp --dport 80 -j REDIRECT --to-port 3142
2390 where ${IPTABLES} is the location of your iptables binary
2391 and $subnet is your internal subnet.
2393 Now everybody in your subnet who does access either
2394 ftp.de.debian.org or ftp.at.debian.org will actually
2395 access your apt-cacher instead.
2397 To use apt-cacher on the router itself, add the following
2398 line to your /etc/apt/apt.conf:
2400 Acquire::http::Proxy "http://localhost:3142/";
2402 Tags: proxy, debian, apt-get, howto
2404 Version control using Mercurial
2406 Setting up a Mercurial project:
2409 % hg init # creates .hg
2410 % hg add # add all files
2411 % hg commit # commit all changes, edit changelog entry
2413 Branching and merging:
2415 % hg clone linux linux-work # create a new branch
2420 % hg pull ../linux-work # pull changesets from linux-work
2421 % hg merge # merge the new tip from linux-work into
2422 # (old versions used "hg update -m" instead)
2423 # our working directory
2424 % hg commit # commit the result of the merge
2428 % cat ../p/patchlist | xargs hg import -p1 -b ../p
2436 % hg export 1234 > foo.patch # export changeset 1234
2438 Export your current repo via HTTP with browsable interface:
2440 % hg serve -n "My repo" -p 80
2442 Pushing changes to a remote repo with SSH:
2444 % hg push ssh://user@example.com/~/hg/
2446 Merge changes from a remote machine:
2448 host1% hg pull http://foo/
2449 host2% hg merge # merge changes into your working directory
2451 Set up a CGI server on your webserver:
2452 % cp hgwebdir.cgi ~/public_html/hg/index.cgi
2453 % $EDITOR ~/public_html/hg/index.cgi # adjust the defaults
2455 Download binary codecs for mplayer:
2457 # /usr/share/mplayer/scripts/win32codecs.sh
2461 # /usr/share/mplayer/scripts/binary_codecs.sh install
2463 (depending on the mplayer version you have).
2465 To play encrypted DVDs and if you are living in a country where using
2466 libdvdcss code is not illegal can install Debian package libdvdread3
2467 and use the script /usr/share/doc/libdvdread3/install-css.sh.
2469 Read manpages of uninstalled packages with debman:
2471 % debman -p git-core git
2473 Test network performance using netperf:
2479 # netperf -t TCP_STREAM -H 192.168.0.41
2481 Tags: benchmark, network
2483 Setup Xen within 20 minutes on Debian/grml
2485 Install relevant software und update grub's menu.lst (Xen does not work with
2486 usual lilo so install grub instead if not done already):
2488 apt-get install linux-image-2.6.18-1-xen-686 xen-hypervisor-3.0.3-1-i386 \
2489 xen-utils-3.0.3-1 xen-tools bridge-utils
2492 Example for installation of Debian etch as DomU:
2495 xen-create-image --debootstrap --dir=/mnt/md1/xen --size=2Gb --memory=512Mb --fs=ext3 \
2496 --cache=yes --dist=etch --hostname=xengrml1 --ip 192.168.1.2 --netmask 255.255.255.0 \
2497 --gateway 192.168.1.1 --initrd=/boot/initrd.img-2.6.18-1-xen-686 \
2498 --kernel=/boot/vmlinuz-2.6.18-1-xen-686 --mirror=http://ftp.at.debian.org/debian/
2502 /etc/init.d/xend start
2503 /etc/init.d/xendomains start
2505 Setup a bridge for network, either manually:
2507 brctl addbr xenintbr
2508 brctl stp xenintbr off
2509 brctl sethello xenintbr 0
2510 brctl setfd xenintbr 0
2511 ifconfig xenintbr 192.168.1.1 netmask 255.255.255.0 up
2513 or via /etc/network/interfaces (run ifup xenintbr to bring up the device then
2517 iface xenintbr inet static
2518 pre-up brctl addbr xenintbr
2519 post-down brctl delbr xenintbr
2521 netmask 255.255.255.0
2526 Setup forwarding (adjust $PUBLIC_IP; for permanet setup use /etc/sysctl.conf and
2527 add the iptables commands to a startup script like /etc/init.d/rc.local):
2529 echo 1 > /proc/sys/net/ipv4/ip_forward
2530 iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j SNAT --to $PUBLIC_IP
2531 iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to $PUBLIC_IP
2533 Adjust network configuration of Xend:
2535 cat >> /etc/xen/xend-config.sxp << EOF
2536 (network-script network-route)
2537 (vif-bridge xenintbr)
2538 (vif-script vif-bridge)
2541 List domains, start up a DomU, shutdown later again:
2543 xm create -c /etc/xen/xengrml1.cfg
2547 This HowTo is also available online at http://grml.org/xen/
2549 Tags: howto, xen, grml
2551 Play tetris with zsh:
2555 bindkey "^Xt" tetris
2557 Now press 'ctrl-x t'.
2559 Set up a router with grml
2561 Run grml-router script:
2564 Install dnsmasq if not already present:
2565 # apt-get update ; apt-get install dnsmasq
2567 Adjust /etc/dnsmasq.conf according to your needs:
2568 # cat >> /etc/dnsmasq.conf << EOF
2571 dhcp-range=19.168.0.124,192.168.0.254,1m # dhcp range
2572 dhcp-option=3,192.168.0.1 # dns server
2573 dhcp-option=1,255.255.255.0 # netmask
2576 Start dnsmasq finally:
2579 Tags: network, router, grml
2581 Display stats about memory allocations performed by a program:
2583 Usage example for 'ls':
2585 % LD_PRELOAD=/lib/libmemusage.so ls > /dev/null
2587 Use KVM (Kernel-based Virtual Machine for Linux):
2589 Make sure to install the relevant tools:
2590 # apt-get update ; apt-get install kvm
2593 Test it with a minimal system like ttylinux:
2594 # wget http://www.minimalinux.org/ttylinux/packages/bootcd-i386-5.3.iso.gz
2595 # gzip -d bootcd-i386-5.3.iso.gz
2596 # kvm -cdrom bootcd-i386-5.3.iso
2598 EEPROM data decoding for SDRAM DIMM modules:
2601 # /usr/share/doc/lm-sensors/examples/eeprom/decode-dimms.pl
2605 Make sure your device is supported by Linux and running.
2606 See http://www.linuxtv.org/ for more details.
2608 If the DVB device works on your system (see 'hwinfo --usb'
2609 when using a DVB usb device for example), then make sure you
2610 have the scan util from dvb-utils available:
2612 # aptitude install dvb-utils
2614 Then create a channels.conf configuration file:
2616 % scan /usr/share/doc/dvb-utils/examples/scan/... > ~/.mplayer/channels.conf
2618 You can find some example configuration files on
2619 your grml system in ~/.channels. Usage example:
2621 % ln -s ~/.mplayer/channels.conf-AT-graz ~/.mplayer/channels.conf
2623 Tip: w_scan (see http://free.pages.at/wirbel4vdr/w_scan/index2.html)
2624 might be useful if you do not know the initial configuration
2627 Get the lastest mercurial snapshot:
2629 Make sure you have the python-dev package available:
2630 # apt-get update ; apt-get install python-dev
2632 Get and build the source:
2633 % hg clone http://selenic.com/repo/hg mercurial
2636 % export PYTHONPATH=$(pwd)
2637 % export PATH=$PATH:$(pwd)
2639 now you should have the newest version of mercurial whenever you execute hg.
2641 To update to the lastest development snapshot, additionally use
2642 the following commands:
2643 % hg pull -u http://hg.intevation.org/mercurial/crew
2649 Available bootoptions relevant in live-cd mode:
2650 -----------------------------------------------
2652 * utc: set UTC, if your system clock is set to UTC (GMT)
2653 * gmt: set UTC, if your system clock is set to UTC (GMT) [like bootoption utc]
2654 * tz=$option: set timezone to corresponding $option, usage example:
2657 Configuration options relevant on harddisk installation:
2658 --------------------------------------------------------
2660 * Use the tzconfig utility to set the local timezone:
2664 which adjusts /etc/timezone and /etc/localtime according
2665 to the provided information. Running:
2667 # dpkg-reconfigure tzdata
2669 might be useful as well.
2671 * /etc/default/rcS: set variable UTC according to your needs,
2672 whether your system clock is set to UTC (UTC='yes') or
2675 * /etc/localtime: adjust zoneinfo according to your needs:
2677 # ln -sf /usr/share/zoneinfo/$WHATEVER_YOU_WANT /etc/localtime
2679 The zoneinfo directory contains the time zone files that were
2680 compiled by zic. The files contain information such as rules
2681 about DST. They allow the kernel to convert UTC UNIX time into
2682 appropriate local dates and times. Use the zdump utility to
2683 print current time and date (in the specified time zone).
2685 * /etc/adjtime: This file is used e.g. by the adjtimex function,
2686 which can smoothly adjust system time while the system runs
2688 * If you change the time (using 'date --set ...', ntpdate,...)
2689 it is worth setting also the hardware clock to the correct time:
2691 # hwclock --systohc [--utc]
2693 Remember to add the --utc -option if the hardware clock is set
2699 Check your current settings via:
2702 zdump /etc/localtime
2705 grep hwclock /etc/runlevel.conf
2706 grep '^UTC' /etc/default/rc
2708 Further information:
2709 --------------------
2711 hwclock(8) tzselect(1) tzconfig(8)
2712 http://www.debian.org/doc/manuals/system-administrator/ch-sysadmin-time.html
2713 http://wiki.debian.org/TimeZoneChanges
2715 Tags: timezone, rtc, configuration
2717 Recorder shellscript session using script:
2719 % script -t 2>~/upgrade.time -a ~/upgrade.script
2720 % scriptreplay ~/upgrade.time ~/upgrade.script
2722 Test UTF-8 capabilities of terminal:
2724 wget http://www.linux-cjk.net/Console/garabik/UTF-8-demo.txt.gz
2725 zcat UTF-8-demo.txt.gz
2729 wget http://www.cl.cam.ac.uk/~mgk25/ucs/examples/UTF-8-test.txt
2732 UTF-8 at grml / some general information regarding Unicde/UTF-8:
2734 http://wiki.grml.org/doku.php?id=utf8
2737 This allows one ssh connection attepmt per minute per source ip, with a initial
2738 burst of 10. The available burst is like a counter which is initialised with
2739 10. Every connection attempt decrements the counter, and every minute where the
2740 connection limit of one per minute is not overstepped the counter is
2741 incremented by one. If the burst counter is exhausted the real rate limit
2742 comes into play. This gives you 11 connectionattepmts in the first minute
2743 before blocked for 10minutes. After 10 minutes block the game restarts.
2745 Hint: you could set the burst value to 5 and the block time to only 5 minutes
2746 to achive the same average connection rate but with halve the block time.
2748 iptables -A inet_in -p tcp --syn --dport 22 -m hashlimit --hashlimit-name ssh \
2749 --hashlimit 1/minute \ --hashlimit-burst 10 --hashlimit-mode srcip \
2750 --hashlimit-htable-expire 600000 -j ACCEPT
2751 iptables -A inet_in -p tcp --dport 22 -m state --state NEW -j REJECT
2753 Tunnel a specific connection via socat:
2756 % socat TCP4-LISTEN:8003 TCP4:gateway:500
2759 # socat TCP4-LISTEN:500,fork TCP4:target:$PORT
2761 Using localhost:8003 on the client uses the tunnel now.
2765 # date --set=060916102007
2767 where the bits are month(2)/day(2)/hour(2)/minute(2)/year(4)
2769 Set date using a relative date:
2775 # date -s '+tomorrow'
2777 Display a specific relative date:
2779 # date -d '+5 days -2 hours'
2781 Don't forget to set hardware clock via:
2785 Booting grml via network / PXE:
2787 Start grml-terminalserver on a system with network access
2788 and where grml is running:
2790 # grml-terminalserver
2792 Then booting your client(s) via PXE should work without
2795 See: man grml-terminalserver + http://grml.org/terminalserver/
2797 Tags: howto, pxe, network, boot
2799 Debugging SSL communications:
2801 % openssl s_client -connect server.adress:993 > output_file
2802 % openssl x509 -noout -text -in output_file
2806 # ssldump -a -A -H -i eth0
2808 See http://prefetch.net/articles/debuggingssl.html for more details.
2810 Tags: debug, ssl, openssl
2812 Remove bootmanager from MBR:
2814 # lilo -M /dev/hda -s /dev/null
2818 Rewrite grub to MBR:
2821 # grub-install --recheck --no-floppy --root-directory=/mnt/sda1 /dev/sda
2825 Rewrite lilo to MBR:
2832 Create screenshot of plain/real console - tty1:
2834 # fbgrab -c 1 screeni.png
2836 Create screenshot when running X:
2840 Tip: use the gkrellshoot plugin when using gkrellm
2842 Tags: screenshot, xorg
2844 Redirect all connections to hostA:portA to hostB:portB, where hostA and hostB are
2847 Run the following commands on hostA:
2849 echo 1 > /proc/sys/net/ipv4/ip_forward
2850 iptables -t nat -A PREROUTING -p tcp --dport portA -j DNAT --to hostB:portB
2851 iptables -A FORWARD -i eth0 -o eth0 -d hostB -p tcp --dport portB -j ACCEPT
2852 iptables -A FORWARD -i eth0 -o eth0 -s hostB -p tcp --sport portB -j ACCEPT
2853 iptables -t nat -A POSTROUTING -p tcp -d hostB --dport portB -j SNAT --to-source hostA
2855 Tags: howto, network, redirect, port
2857 Flash BIOS without DOS/Windows:
2859 Dump flash info and set the flash chip to writable:
2862 Backup the original BIOS:
2863 # flashrom -r backup.bin
2865 Notice: the following step will overwrite your current BIOS!
2866 So make sure you really know what you are doing.
2868 Flash the BIOS image:
2869 # flashrom -wv newbios.bin
2871 Also check out LinuxBIOS: http://linuxbios.org/
2873 Enable shadow passwords:
2877 Set up an IPv6 tunnel on grml:
2881 Set up console newsreader slrn for use with Usenet:
2885 Calculate with IPv6 addresses:
2889 For usage examples refer to manpage ipv6calc(8).
2893 Common network debugging tools for use with IPv6:
2904 Set up NFS (Network File System):
2908 Make sure the relevant services are running on the server side:
2910 # /etc/init.d/portmap start
2911 # /etc/init.d/nfs-common start
2912 # /etc/init.d/nfs-kernel-server start
2914 Export shares via /etc/exports:
2916 /backups 192.168.1.100/24(rw,wdelay,no_root_squash,async,subtree_check)
2918 ... or manually export a directory running:
2920 # exportfs -o rw,wdelay,no_root_squash,async,subtree_check 192.168.1.100:/backups
2922 and unexport a share running:
2924 # exportfs -u 192.168.1.100:/backups
2926 and every time when you modify /etc/exports file run
2930 Display what NFS components are running:
2934 Display list of exported shares:
2942 Make sure the relevant services are running on the client side:
2944 # /etc/init.d/portmap start
2945 # /etc/init.d/nfs-common start
2947 Verify that the server allows you to access its RPC/NFS services:
2949 # rpcinfo -p server_name
2951 Check what directories the server exports:
2953 # showmount -e server_name
2955 On the client side you can use something like the following in /etc/fstab:
2957 192.168.1.101:/backups /mnt/nfs nfs defaults,users,wsize=8192,rsize=8192 0 0
2959 Tags: nfs, howto, network
2963 # aptitude install cloop-src
2966 # modprobe cloop file=/path/to/cloop/file
2967 # mount -r -t iso9660 /dev/cloop /mnt/test
2969 Create a PS/PDF of a plaintext file:
2971 % a2ps --medium A4dj -E -o output.ps input_file
2974 Print two pages on one in a PDF file:
2976 % pdfnup --nup 2x1 input.pdf
2978 Concatenate, extract pages/parts, encrypt/decrypt,
2979 compress PDFs using 'pdftk'.
2981 Read a PS/PDF file on console:
2985 or on plain framebuffer console in graphical mode:
2987 % pdf2ps file.pdf ; ps2png file.ps file.png ; fbi file.png
2993 Bypass the password of a PDF file:
2995 % gs -q -dNOPAUSE -sDEVICE=pdfwrite -sOutputFile=output.pdf input.pdf -c quit
3001 This will record a AIFF audio file.
3003 Change passphrase / password of an existing SSH key:
3007 Enable syntax highlighting in nano:
3009 Just uncomment the include directives for your respective
3010 language at the bottom of the file /etc/nanorc
3012 Create netboot package for grml-terminalserver:
3014 # bash /usr/share/doc/grml-terminalserver/examples/create-netboot
3016 To boot grml via network (PXE) check out grml-terminalserver:
3018 # grml-terminalserver
3020 See http://grml.org/terminalserver/ for more details.
3024 Using the 'Orientation' tag of the Exif header, rotate
3025 the image so that it is upright:
3026 % jhead -autorot *.jpg
3028 Manually rotate a picture:
3029 % convert -rotate 270 input.jpg output.jpg
3031 Rename files based on the information inside their exif header:
3033 % jhead -n%Y-%m-%d_%Hh%M_%f *.jpg
3035 This will rename a file named img_2071.jpg to something like:
3037 2007-08-17_10h38_img_2071.jpg
3039 if it was shot at 10:38 o'clock on 2007-08-17 (according to
3040 the information inside the exif header).
3042 Calculate network / netmask:
3045 % ipcalc 10.0.0.28 255.255.255.0
3046 % ipcalc 10.0.0.0/24
3048 Blacklist a kernel module:
3050 # blacklist <name_of_kernel_module>
3052 -> running 'blacklist hostap_cs' for example will generate an
3053 entry like this in /etc/modprobe.d/grml:
3058 To remove the module from the blacklist again just invoke:
3060 # unblacklist <name_of_kernel_module>
3062 or manually remove the entry from /etc/modprobe.d/grml.
3064 Create a Debian package of a perl module:
3066 % dh-make-perl --cpan Acme::Smirch --build
3068 The Magic SysRq Keys (SysReq or Sys Req, short for System Request):
3070 To reboot your system using the SysRq keys just hold down the Alt and
3071 SysRq (Print Screen) key while pressing the keys REISUB ("Raising
3072 Elephants Is So Utterly Boring").
3074 R = take the keyboard out of raw mode
3075 E = terminates all processes (except init)
3076 I = kills all processes (except init)
3077 S = synchronizes the disk(s)
3078 U = remounts all filesystems read-only
3079 B = reboot the system
3081 Notice: use O instead of B for poweroff.
3083 Or write the sequence to /proc/sysrq-trigger instead:
3085 # for i in r e i s u b ; do echo $i > /proc/sysrq-trigger ; done
3087 To enable or disable SysRq calls:
3089 # echo 0 > /proc/sys/kernel/sysrq
3090 # echo 1 > /proc/sys/kernel/sysrq
3092 See http://en.wikipedia.org/wiki/Magic_SysRq_key for more details.
3094 Tags: reboot, documentation, sysrq, magic
3098 Just boot your grml Live-CD with "memtest" to execute a memcheck/memtest
3101 Tunnel TCP-Traffic through DNS using dns2tcp:
3105 1. Create necessary DNS-Records:
3106 dnstun.example.com. 3600 IN NS host.example.com.
3107 dnstun.example.com. 3600 IN A 192.168.1.1
3108 host.example.com. 3600 IN A 192.168.1.1
3110 2. Configure dns2tcpd on host.example.com.:
3111 # cat /etc/dns2tcpd.conf
3112 listen = 192.168.1.1 #the ip dns2tcpd should listen on
3113 port = 53 #" port " " " "
3116 domain = dnstun.example.com. # the zone as specified inside dns
3117 ressources = ssh:127.0.0.1:22 # available resources
3119 3. Start the daemon:
3120 # cat > /etc/default/dns2tcp << EOF
3121 # Set ENABLED to 1 if you want the init script to start dns2tcpd.
3125 # /etc/init.d/dns2tcp start
3129 You have two possibilities:
3130 - Use the DNS inside your network (DNS must allow resolving for external domains)
3131 # grep nameserver /etc/resolv.conf
3132 nameserver 172.16.42.1
3133 # dns2tcpc -z dnstun.example.com 172.16.42.1
3134 Available connection(s) :
3136 # dns2tcpc -r ssh -l 2222 -z dnstun.example.com 172.16.42.1 &
3137 Listening on port : 2222
3138 # ssh localhost -p 2222
3139 user@host.example.com:~#
3141 - Directly contact the endpoint (port 53 UDP must be allowed outgoing)
3142 # dns2tcpc -z dnstun.example.com dnstun.example.com
3143 Available connection(s) :
3145 # dns2tcpc -r ssh -l 2222 -z dnstun.example.com dnstun.example.com &
3146 Listenning on port : 2222
3147 # ssh localhost -p 2222
3148 user@host.example.com:~#
3150 Notice: using 'ssh -D 8080 ..' you will get a socks5-proxy listening on
3151 localhost:8080 which you can use to tunnel everything through your "dns-uplink".
3153 Tags: howto, network, tunnel
3155 Configure a MadWifi device for adhoc mode:
3157 Disable the autocreation of athX devices:
3158 # echo "options ath_pci autocreate=none" > /etc/modprobe.d/madwifi
3160 Remove the autocreated device for now:
3161 # wlanconfig ath0 destroy
3163 Configuration in /etc/network/interfaces:
3165 iface ath0 inet static
3171 - Do not use interface names without ending 0 (otherwise startup fails).
3172 - Only chooss unique names for interfaces.
3174 Find dangling symlinks using zsh:
3178 Use approx with runit supervision
3179 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3181 Install the packages:
3182 # apt-get install approx runit
3184 Add user approxlog for the logging daemon:
3185 # adduser --system --home /nonexistent --no-create-home approxlog
3187 Create config directory:
3188 # mkdir /etc/sv/approx
3190 Use /var/run/sv.approx as supervise directory:
3191 # ln -s /var/run/sv.approx /etc/sv/approx/supervise
3193 # cat > /etc/sv/approx/run << EOF
3195 echo 'approx starting'
3199 You normally do not need a logging service for approx because it logs
3200 to syslog too. So just for completion:
3201 # mkdir -p /etc/sv/approx/log
3202 # ln -s /var/run/sv.approx.log /etc/sv/approx/log/supervise
3203 # cat > /etc/sv/approx/log/run << EOF
3206 LOG="/var/log/approx"
3207 test -d "$LOG" || mkdir -p -m2750 "$LOG" && chown approxlog:adm "$LOG"
3208 exec chpst -uapproxlog svlogd -tt -v "$LOG"
3211 Now activate the new approx service (will be started within 5s):
3212 # ln -s /etc/sv/approx/ /var/service/
3214 Make approx managed via runit available via init-script interface:
3215 # dpkg-divert --local --rename /etc/init.d/approx
3216 # ln -s /usr/bin/sv /etc/init.d/approx
3218 Remote-reboot a grml system using SysRQ via /proc (execute as root):
3223 echo b > /proc/sysrq-trigger
3225 Tags: reboot, howto, grml, network
3227 Show what happens on /dev/sda0:
3229 # mount the debugfs to relay kernel info to userspace
3230 mount -t debugfs none /sys/kernel/debug
3232 # is a convenient wrapper arround blktrace and blkparse
3235 Tags: debug, block, partition, trace
3237 Convert Flash to Avi:
3239 % ffmpeg -i input.flv output.avi
3241 Extract MP3 from Flash file:
3243 % for i in *.flv; do ffmpeg -i $i -acodec copy ${i%.flv}.mp3 ; done
3245 Usage example for cryptsetup / -luks encrypted partition on LVM:
3247 volume group name: x61
3248 logical volume name: home
3250 echo "grml-crypt_home /dev/mapper/x61-home none luks" >> /etc/crypttab
3252 mount /dev/mapper/grml-crypt_home /mnt/test
3254 fdisk/parted/... complains with something like
3255 'unable to open /dev/sda - unrecognised disk label'?!
3257 See http://grml.org/faq/#fdisk =>
3259 * use /sbin/fdisk.distrib from util-linux
3260 * switch to sfdisk, cfdisk,...
3261 * use parted's mklabel command (but please read the
3262 parted manual before executing this command)
3264 dmraid - support for SW-RAID / FakeRAID controllers
3265 like Highpoint HPT and Promise FastTrack
3267 Activate all software RAID sets discovered:
3270 Deactivates all active software RAID sets:
3273 Discover all software RAID devices supported on the system:
3276 Extract winmail.dat:
3281 Extract files to current directory:
3282 % ytnef -f . winmail.dat
3284 Approx - Debian package proxy/cacher howto
3286 % apt-get install approx
3287 % echo 'debian http://ftp.de.debian.org/debian' >>/etc/approx/approx.conf
3290 Add your new approx to sources.list
3293 deb http://localhost:9999/debian unstable main contrib non-free
3295 use approx in grml-debootstrap like:
3296 % grml-debootstrap -r squeeze -t /dev/sda1 -m http://127.0.0.1:9999/debian
3298 Simple webserver with python:
3300 % python -m SimpleHTTPServer
3302 Upgrade only packages from the grml-stable Debian repository:
3304 echo 'deb http://deb.grml.org/ grml-stable main' > /etc/apt/grml-stable.list
3305 apt-get -o Dir::Etc::sourcelist=/etc/apt/grml-stable.list -o Dir::Etc::sourceparts=/doesnotexist update
3308 Install Centos into a directory:
3310 % febootstrap centos-5 directory http://mirror.centos.org/centos-5/5.3/os/i386/
3312 Install Fedora into a directory:
3314 % febootstrap fedora-11 target_directory
3316 Use Nessus / OpenVAS (remote network security auditor):
3318 Install software packages:
3320 # apt-get install openvas-client openvas-server openvas-plugins-base openvas-plugins-dfsg
3325 Start openvas server (takes a while):
3326 # Start openvas-server
3328 Invoke client as user:
3331 Find packages not available from any active apt repository:
3333 % apt-show-versions | awk '/No available version in archive/{print $1}'
3335 Simple mailserver with python:
3337 % python -m smtpd -n -c DebuggingServer localhost:1025
3341 echo $USER | nc $HOST 79
3343 Install Archlinux using Grml:
3345 https://wiki.archlinux.org/index.php/Install_from_Existing_Linux
3347 wget http://tokland.googlecode.com/svn/trunk/archlinux/arch-bootstrap.sh
3349 Export blockdevices via AoE (ATA over Ethernet):
3351 % vblade -m 11:22:33:44:55:66 160 2 eth0 /dev/sdb1
3353 Allow the host with the mac address 11:22:33:44:55:66 to access /dev/sdb1
3354 via eth0, using the shelf and slot numbers 160 and 2. These numbers are
3355 arbitrary but should be unique within the network.
3357 A word of warning: AoE is prone to all kind of nasty ethernet attacks,
3358 especially arp spoofing. Do not use in hostile networks.
3360 Tags: aoe, blockdevice, export, server
3362 Access blockdevices via AoE (ATA over Ethernet):
3366 and the device should show up under /dev/etherd/. If your shelf and
3367 slot numbers re 160 and 2 the device will be /dev/etherd/e160.2
3369 A word of warning: AoE is prone to all kind of nasty ethernet attacks,
3370 especially arp spoofing. Do not use in hostile networks.
3372 Tags: aoe, blockdevice, export, client