1 Install grml to harddisk:
5 Notice: You can pre-select the partition for the partition selector
6 and mbr dialogs inside grml2hd using:
7 # grml2hd /dev/hda1 -mbr /dev/hda
9 See: man grml2hd + http://grml.org/grml2hd/
11 Install grml on software RAID level 1:
13 Create /dev/md0 (and some more /dev/md* devices) first of all:
14 # cd /dev && MAKEDEV dev
17 # mdadm --create --verbose /dev/md0 --level=raid1 \
18 --raid-devices=2 /dev/hda1 /dev/hdc1
20 Finally install grml on it:
21 # SWRAID='mbr-only' grml2hd /dev/md0 -mbr /dev/md0
23 See: man grml2hd + http://grml.org/grml2hd/
25 Install grml in non interactive mode with grml2hd:
27 Adjust configuration as needed:
28 # vim /etc/grml2hd/config
32 # GRML2HD_NONINTERACTIVE=yes grml2hd
38 Use with care and only if you really know what you are doing!
40 See: man grml2hd + http://grml.org/grml2hd/
46 Deactivate error correction of zsh:
50 Run zsh-help for more information regarding zsh.
52 Disable automatic setting of title in GNU screen:
56 Set it manually e.g. via:
58 % screen -X title foobar
60 Run zsh-help for more information regarding zsh.
62 Do not use menu completion in zsh:
66 Run zsh-help for more information regarding zsh.
68 Run GNU screen with grml-configuration:
74 % screen -c /etc/grml/screenrc
76 Print out grml-version:
84 Configure mutt-ng / muttng:
88 Set up Inode-PPTP connection:
92 # grml-pptp-xdsl-students
94 Set up VPN / WLAN connection at TUG (TU Graz):
96 Set ESSID and request for ip-address via DHCP:
97 # iwconfig $DEVICE essid tug
100 Now run the main script:
103 After running the script an init script is available:
105 # /etc/init.d/vpnctug [start|stop]
107 Set up PPTP connection at VCG (Virtual Campus Graz):
117 # grml-vpn -k 2005 add 1000 192.168.20.1 192.168.20.2
121 Use encrypted files / partitions:
123 # grml-crypt <options>
129 # grml-crypt format /mnt/external1/encrypted_file /mnt/test
130 # cp big_file /mnt/test
131 # grml-crypt stop /mnt/test
135 # grml-crypt start /mnt/external1/encrypted_file /mnt/test
136 # grml-crypt stop /mnt/test
140 Change resolution of X:
142 % xrandr -s '1024x768'
144 Change resolution of framebuffer:
148 Configure newsreader slrn:
152 Configure grml system:
156 Or directly run scripts:
161 Lock screen (X / console):
165 Press ctrl-alt-x to lock a GNU screen session.
167 Change wallpaper in X:
169 % grml-wallpaper <press-tab>
171 Start X window system (XFree86 / Xorg / X.org):
173 % grml-x $WINDOWMANAGER
178 % grml-x -mode '1024x768' wmii
179 % grml-x -nosync wm-ng
181 Collect hardware information:
185 or run as root to collect some more information:
189 will generate a file named info.tar.bz2.
191 Configure hardware detection features of harddisk installation:
195 or manually edit /etc/grml/autoconfig[.small]
197 See: man grml-autoconfig
199 Bootoptions / cheatcodes / bootparams for booting grml:
201 On the grml-ISO if not running grml:
202 % less /cdrom/GRML/grml-cheatcodes.txt
205 % most /usr/share/doc/grml-docs/grml-cheatcodes.txt.gz
207 Report bugs to Debian's Bug Tracking System (BTS):
209 % reportbug --bts debian
211 or adjust /etc/reportbug.conf to your needs.
215 http://grml.org/bugs/
216 http://www.debian.org/Bugs/
218 Offline documentation:
222 Online documentation:
225 http://grml.org/docs/
226 http://wiki.grml.org/doku.php
228 Mount ntfs partition (read-write):
231 # ntfsmount /dev/hda1 /mnt/hda1
233 Overwrite specific file on an NTFS partition:
235 ntfscp /dev/hda1 /tmp/file_source path/to/file_target
237 Resize an NTFS partition:
243 ntfsresize -n -s 10G /dev/hda1 # testcase
244 ntfsresize -s 10G /dev/hda1 # testing was successfull, now really resize partition
245 cfdisk /dev/hda # delete partition hda1, create new one with 10000MB and fs-type 07 (NTFS)
247 Modify resolution for intel graphic chipsets:
253 # 915resolution 4d 1400 1050
255 Connect bluetooth mouse:
259 ... and press 'connect' button on your bluetooth device.
261 Connect bluetooth headset:
265 ... and press 'connect' button on your bluetooth device.
267 Secure delete file / directory / partition:
273 Also take a look at shred(1), sfill(1) and http://dban.sourceforge.net/
275 Use grml on Samsung X20 laptop:
277 # apt-get install grml-samsung-x20
279 See: http://www.michael-prokop.at/computer/samsung_x20.html
281 Development information regarding grml:
283 http://grml.supersized.org/
287 #grml on irc.freenode.org - http://grml.org/irc/
288 http://grml.org/contact/
290 Join the grml mailinglist:
292 http://grml.org/mailinglist/
296 http://grml.org/donations/
298 Commercial support / system administration / adjusted live-cds:
300 grml-solutions: http://grml.org/solutions/
302 Information regarding the kernel provided by grml:
304 http://grml.org/kernel/
306 SMTP command-line test tool:
312 % swaks -s $MAILSERVER -tlsc -a -au $ACCOUNT -ap $PASSWORD -f $MAILADRESSE -t $MAILADRESSE
316 NTFS related packages:
322 Modify service through init script:
329 # /etc/init.d/lvm start
333 # jstest /dev/input/js0
337 % mplayer /path/to/movie
339 Use webcam with mplayer:
341 % mplayer tv:// -tv driver=v4l:width=352:height=288:outfmt=yv12:device=/dev/video0
343 Powerful network discovery tool:
347 Grab an entire CD and compress it to Ogg/Vorbis,
348 MP3, FLAC, Ogg/Speex and/or MPP/MP+(Musepack) format:
352 Show a console session in several terminals:
356 Switch behaviour of caps lock key:
360 grep with Perl-compatible regular expressions:
364 ncp: a fast file copy tool for LANs
369 Remote (receive file):
372 utility for sorting records in complex ways:
376 a smaller, cheaper, faster SED implementation:
384 See: http://grml.org/zsh/
386 zsh reference card for grml system:
389 /usr/share/doc/grml-docs/zsh/grml-zsh-refcard.pdf.gz
393 % for i in foo* ; do mv "$i" "bar${i/foo}" ; done
395 % prename 's/foo/bar/' foo*
397 % zmv 'foo(*)' 'bar$1'
399 Test TFT / LCD display:
407 Improved grep version:
411 Grep with highlighting:
413 % grep --color=auto ...
416 Extract matches when grepping:
419 % ifconfig | grepc 'inet addr:(.*?)\s'
420 % ifconfig | glark --extract-matches 'inet addr:(.*?)\s'
422 Output text as sound:
425 % xsay # when running X and text selected via mouse
427 Adjust a grml harddisk (grml2hd) installation:
431 Get information on movie files:
433 % tcprobe -i file.avi
435 Get an overview of your image files:
437 % convert 'vid:*.jpg' thumbnails.jpg
439 List all standard defines:
441 % gcc -dM -E - < /dev/null
443 Send a mail as reminder:
445 echo "mail -s 'check TODO-list' $MAILADDRESS < /dev/null" | at 23:42
447 ncurses-based presentation tool:
451 See: man tpp and /usr/share/doc/tpp/examples/
453 Use ICQ / Jabber / Yahoo! / AIM / MSN /... on command line:
457 Use IRC on command line:
463 % vimdiff file1 file2
469 Moving between diffs:
479 Hardware monitoring without kernel dependencies:
483 Install grml-iso to usb-stick:
485 % grml2usb grml.iso /mount/point
487 Use mplayer on framebuffer console:
489 % mplayer -vo fbdev ...
491 Use links2 on framebuffer console:
493 % links2 -driver fb ...
495 Switch language / keyboard:
497 * use the bootparam lang to set language environment ($LANG, $LC_ALL, $LANGUAGE)
498 * use the bootparams keyboard / xkeyboard to activate specific keyboard layout
499 Usage example: 'grml lang=us keyboard=de xkeyboard=de'
501 Or run one of the following commands:
505 # loadkeys i386/qwertz/de-latin1-nodeadkeys.kmap.gz # console
508 Switch setting of caps-control key (switch between ctrl + shift) on keyboard:
512 Mount usb device / usb stick:
514 % mount /mnt/external1 # corresponds to /dev/sda1
516 % mount /mnt/external # corresponds to /dev/sda
518 Install Sun Java packages:
520 Download j2re.bin-file from http://java.sun.com/downloads/index.html and run
522 # apt-get install java-package
523 # fakeroot make-jpkg j2re-*.bin
524 # dpkg -i sun-j2re*.deb
525 # update-alternatives --config java
529 ddrescue is an improved version of dd which tries to read and
530 if it fails it will go on with the next sectors, where tools
537 How to make an audio file (e.g. Musepack format) out of a DVD track:
539 % mkfifo /tmp/fifo.wav
540 % mppenc /tmp/fifo.wav track06.mpc &
541 % mplayer -vo null -vc null -ao pcm:fast:file=/tmp/fifo.wav -dvd-device /dev/dvd dvd://1 -chapter 6-6
543 Adjust the mppenc line with the encoder you would like to use,
544 for example 'oggenc -o track06.ogg /tmp/fifo.wav' for ogg files.
548 % mplayer -vo null -dumpaudio -dumpfile track06.raw -aid N -dvd-device /dev/dvd dvd://1 -chapter 6-6
549 to extract audio without processing, where 'N' is the corresponding audio channel (see 'man mplayer')
551 Usage example for getting a PCM/wave file from audio channel 128:
552 % mplayer -vo null -vc null -ao pcm:fast:file=track06.wav -aid 128 -dvd-device /dev/dvd dvd://6
554 Create simple chroot:
556 # make_chroot_jail $USERNAME
558 Convert DOS formated file to unix format:
560 sed 's/.$//' dosfile > unixfile # assumes that all lines end with CR/LF
561 sed 's/^M$//' dosfile > unixfile # in bash/tcsh, press Ctrl-V then Ctrl-M
562 sed 's/\x0D$//' dosfile > unixfile # gsed 3.02.80, but top script is easier
563 awk '{sub(/\r$/,"");print}' # assumes EACH line ends with Ctrl-M
564 gawk -v BINMODE="w" '1' infile >outfile # in DOS environment; cannot be done with
565 # DOS versions of awk, other than gawk
566 tr -d \r < dosfile > unixfile # GNU tr version 1.22 or higher
567 tr -d '\015' < dosfile > unixfile # use octal value for "\r" (see man ascii)
568 tr -d '[\015\032]' < dosfile > unixfile # sometimes ^Z is appended to DOS-files
569 vim -c ":set ff=unix" -c ":wq" file # convert using vim
570 vim -c "se ff=dos|x" file # ... and even shorter ;)
571 recode ibmpc..lat1 file # convert using recode
572 echo -e "s/\r//g" > dos2unix.sed; sed -f dos2unix.sed < dosfile > unixfile
574 Save live audio stream to file:
576 % mplayer -ao pcm:file=$FILE $URL
578 Save live stream to file:
580 % mplayer -dumpfile $FILE -dumpstream $STREAM
584 % mencoder mms://$URL -o $FILE -ovc copy -oac copy
588 % mimms mms://file.wmv
594 % avimerge -i *.avi -o blub.avi
598 % cat *.mpg > blub.mpg
602 % mencoder file1.wmv -ovc lavc -oac lavc -ofps 25 -srate 48000 -mc 0 -noskip -forceidx -o file1.avi
603 % mencoder file2.wmv -ovc lavc -oac lavc -ofps 25 -srate 48000 -mc 0 -noskip -forceidx -o file2.avi
604 % avimerge -i file1.avi file2.avi -o blub.avi
606 Display MS-Word file:
608 % strings file.doc | fmt | less
614 Convert MS-Word file to postscript:
616 % antiword -p a4 file.doc > file.ps
618 Convert manual to postscript:
620 % zcat /usr/share/man/man1/zsh.1.gz | groff -man > zsh.1.ps
622 % man -t zsh > zsh.ps
626 % dd if=/dev/mem bs=1k skip=768 count=256 2>/dev/null | strings -n 8
628 Read HTTP via netcat:
630 echo -e "GET / HTTP/1.1\r\nHost: $DOMAIN\r\n\r\n" | netcat $DOMAIN 80
632 Get X ressources for specific program:
634 % xrdb -q |grep -i xterm
636 Get windowid of specific X-window:
638 % xwininfo -int | grep "Window id:" | cut -d ' ' -f 4
640 Get titel of specific X-window:
644 check locale - LC_MESSAGES:
646 % locale -ck LC_MESSAGES
648 Create random password:
652 % dd if=/dev/urandom bs=14 count=1 | hexdump | cut -c 9-
654 Get tarballs of various Linux Kernel trees:
657 to get the current stable 2.6 release
660 to get a list of all supported trees
662 Transfer your SSH public key to another host:
664 % ssh-keygen # ssh-keygen / ssh-key-gen: if you don't have a key yet
666 % ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote-system
668 % cat $HOME/.ssh/id_rsa.pub | ssh user@remote-system 'cat >> .ssh/authorized_keys'
670 Update /etc/fstab entries:
674 See "man grml-rebuildfstab" for more details about
675 generation of /etc/fstab (including stuff like
676 fs LABELs / UUIDs,...).
678 Fetch and potentially change SCSI device parameters:
684 reclaim disk space by linking identical files together:
688 Find and remove duplicate files:
692 Perform layer 2 attacks:
698 Guess PC-type hard disk partitions / partition table:
702 Perform a standard scan:
705 Write back the guessed table:
706 # gpart -W /dev/ice /dev/ice
708 Develop, test and use exploit code with the Metasploit Framework:
711 wget http://spool.metasploit.com/releases/framework-3.2.tar.gz
712 unp framework-3.2.tar.gz
716 Useful documentation:
718 % w3m /usr/share/doc/Debian/reference/reference.en.html
720 % xpdf =(zcat /usr/share/doc/Debian/reference/reference.en.pdf.gz)
722 http://grml.org/docs/ grml Documentation
723 http://wiki.grml.org/ grml Wiki
724 http://www.debian.org/doc/ Debian Documentation
725 http://wiki.debian.org/ Debian Wiki
726 http://www.gentoo.org/doc/en/ Gentoo Documentation
727 http://gentoo-wiki.com/ Gentoo Wiki
728 http://www.tldp.org/ The Linux Documentation Project
732 % fortune debian-hints
736 % fortune debian-hints
737 % dpkg -L funny-manpages
739 Backup master boot record (MBR):
741 # dd if=/dev/ice of=/tmp/backup_of_mbr bs=512 count=1
743 Backup partition table:
745 # sfdisk -d /dev/hda > hda.out
747 Restore partition table:
749 # sfdisk /dev/hda < hda.out
751 Clone disk via network using netcat:
754 # nc -vlp 30000 > hda1.img
756 # dd if=/dev/hda1 | nc -vq 0 192.168.1.2 30000
758 Adjust blocksize (dd's option bs=...) and include 'gzip -c'
761 # dd if=/dev/hda1 bs=32M | gzip -c | nc -vq 0 192.168.1.2 30000
763 Backup specific directories via cpio and ssh:
765 # for f in directory_list; do find $f >> backup.list done
766 # cpio -v -o --format=newc < backup.list | ssh user@host "cat > backup_device"
770 This one uses CPU cycles on the remote server to compare the files:
771 # ssh target_address cat remotefile | diff - localfile
772 # cat localfile | ssh target_address diff - remotefile
774 This one uses CPU cycles on the local server to compare the files:
775 # ssh target_address cat <localfile "|" diff - remotefile
777 Useful tools for cloning / backups:
779 * dd: convert and copy a file
780 * dd_rescue: copies data from one file (or block device) to another
781 * pcopy: a replacement for dd
782 * partimage: back up and restore disk partitions
783 * dirvish: Disk based virtual image network backup system
784 * devclone: in-place filesystem conversion -- device cloning
785 * ntfsclone: efficiently clone, image, restore or rescue an NTFS
786 * dump: ext2/3 filesystem backup
787 * udpcast: multicast file transfer tool
788 * cpio: copy files to and from archives
789 * pax: read and write file archives and copy directory hierarchies
790 * netcat / ssh / tar / gzip / bzip2: additional helper tools
792 Use grml as a rescue system:
796 * dd: convert and copy a file
797 * ddrescue: copies data from one file or block device to another
798 * partimage: Linux/UNIX utility to save partitions in a compressed image file
799 * cfdisk: Partition a hard drive
800 * nparted: Newt and GNU Parted based disk partition table manipulator
801 * parted-bf: The GNU Parted disk partition resizing program, small version
802 * testdisk: Partition scanner and disk recovery tool
803 * gpart: Guess PC disk partition table, find lost partitions
807 * e2fsprogs: ext2 file system utilities and libraries
808 * e2tools: utilities for manipulating files in an ext2/ext3 filesystem
809 * e2undel: Undelete utility for the ext2 file system
810 * ext2resize: an ext2 filesystem resizer
811 * recover: Undelete files on ext2 partitions
815 * reiser4progs: administration utilities for the Reiser4 filesystem
816 * reiserfsprogs: User-level tools for ReiserFS filesystems
820 * xfsdump: Administrative utilities for the XFS filesystem
821 * xfsprogs: Utilities for managing the XFS filesystem
825 * jfsutils: utilities for managing the JFS filesystem
829 * ntfsprogs: tools for doing neat things in NTFS partitions from Linux
830 * salvage-ntfs: free NTFS data recovery tools
831 * scrounge-ntfs: data recovery program for NTFS file systems
832 * ntfsresize: resize ntfs partitions
834 Get ASCII value of a character with zsh:
836 % char=N ; print $((#char))
838 Convert a collection of mp3 files to wave or cdr using zsh:
840 % for i (./*.mp3){mpg321 --w - $i > ${i:r}.wav}
842 Convert images (foo.gif to foo.png) using zsh:
844 % for i in **/*.gif; convert $i $i:r.png
846 Remove all "non txt" files using zsh:
850 Remote Shell Using SSH:
853 % ssh -NR 3333:localhost:22 user@yourhost
856 % ssh user@localhost -p 3333
858 Reverse Shell with Netcat:
861 % netcat -v -l -p 3333 -e /bin/sh
864 % netcat 192.168.0.1 3333
866 Reverse Shell via SSH:
868 local host (inside the network):
869 % ssh -NR 1234:localhost:22 remote_host
871 remote host (outside the network):
872 % ssh localhost -p 1234
874 Remove empty directories with zsh:
876 % rmdir ./**/*(/od) 2> /dev/null
878 Find all the empty directories in a tree with zsh:
882 Find all files without a valid owner and change ownership with zsh:
884 % chmod user /**/*(D^u:${(j.:u:.)${(f)"$(</etc/passwd)"}%%:*}:)
886 Display the 5-10 last modified files with zsh:
888 % print -rl -- /path/to/dir/**/*(D.om[5,10])
890 Find and list the ten newest files in directories and subdirs (recursive) with zsh:
892 % print -rl -- **/*(Dom[1,10])
894 Find most recent file in a directory with zsh:
896 % setopt dotglob ; print directory/**/*(om[1])
898 Tunnel all traffic through an external server:
900 % ssh -ND 3333 username@external.machine
902 Then set the SOCKS4/5 proxy to localhost:3333.
903 Check whether it's working by surfing e.g. to checkip.dyndns.org
905 Tunnel everything through SSH via tsocks:
907 set up the SSH proxy on the client side:
909 % ssh -ND 3333 user@remote.host.example.com
911 Adjust /etc/tsocks.conf afterwards (delete all other lines):
916 For programs who natively support proxying connections (e.g. Mozilla
917 Firefox) you can now set the proxy address to localhost port 3333.
919 All other programs which's connections you want to tunnel through your
920 external host are prefixed with tsocks, e.g.:
922 % tsocks netcat example.com 80
923 % tsocks irssi -c irc.quakenet.eu.org -p 6667
925 If you call tsocks without parameters it executes a shell witht the
926 LD_PRELOAD environment variable already set and exported.
928 smartctl - control and monitor utility for harddisks using Self-Monitoring,
929 Analysis and Reporting Technology (SMART):
931 # smartctl --all /dev/ice
933 If you want to use smartctl on S-ATA (sata) disks use:
935 # smartctl -d ata --all /dev/sda
938 # smartctl -t offline /dev/ice
941 # smartctl -t short /dev/ice
943 Display results of test:
944 # smartctl -l selftest /dev/ice
946 Query device information:
947 # smartctl -i /dev/ice
949 Mount a BSD / Solaris partition:
951 # mount -t ufs -o ufstype=ufs2 /dev/hda1 /mnt/hda1
953 Use ufstype 44bsd for FreeBSD, NetBSD, OpenBSD (read-write).
954 Use ufstype ufs2 for >= FreeBSD 5.x (read-only).
955 Use ufstype sun for SunOS (Solaris) (read-write).
956 Use ufstype sunx86 for SunOS for Intel (Solarisx86) (read-write).
958 See /usr/share/doc/linux-doc-$(uname -r)/Documentation/filesystems/ufs.txt.gz
961 Read BIOS (and or BIOS) password:
963 # dd if=/dev/mem bs=512 skip=2 count=1 | hexdump -C | head
965 Clone one of the kernel trees via git:
967 git clone rsync://rsync.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git
968 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
969 This path defines the tree. See http://kernel.org/git/ for an overview.
971 Mount filesystems over ssh protocol:
973 % sshfs user@host:/remote_dir /mnt/test
977 % fusermount -u /mnt/test
979 (Notice: requires fuse kernel module)
981 Install Gentoo using grml:
983 See http://www.gentoo.org/doc/en/altinstall.xml
985 Install (plain) Debian (sarge release) via grml:
987 Assuming you want to install Debian to sda1:
989 mkfs.ext3 /dev/sda1 # make an ext3 filesystem on /dev/sda1
990 mount -o rw,suid,dev /dev/sda1 /mnt/test # now mount the new partition
991 debootstrap sarge /mnt/test ftp://ftp.tugraz.at/mirror/debian # get main packages from a debian-mirror
992 chroot /mnt/test /bin/bash # let's chroot into the new system
993 mount -t devpts none /dev/pts # ...otherwise running base-config might fail ("Terminated" or "openpty failed")
994 mount -t proc none /proc # make sure we also have a mounted /proc
995 base-config # now configure some main settings
996 vi /etc/mkinitrd/mkinitrd.conf # adjust $ROOT (to /dev/sda1) for your new partition, autodetection will fail in chroot
997 cd /dev ; ./MAKEDEV generic # make sure we have all necessary devices for lilo
998 apt-get install lilo linux-image-2.6.12-1-386 # install lilo and a kernel which fits your needs
999 cp /usr/share/doc/lilo/examples/conf.sample /etc/lilo.conf # let's use a template
1000 vi /etc/lilo.conf && lilo # adjust the file for your needs and run lilo afterwards
1001 umount /proc ; umount /dev/pts # we do not need them any more
1002 exit # now leave chroot
1003 cp /etc/hosts /etc/fstab /mnt/test/etc/ # you might want to take the existing files...
1004 cp /etc/network/interfaces /mnt/test/etc/network/ # ...from the running grml system for your new system
1005 umount /mnt/test && reboot # unmount partition and reboot...
1007 See also: http://www.debian.org/releases/stable/i386/apcs04.html.en
1008 Avoid all of the above steps - use grml-debootstrap(8) instead!
1010 Install (plain) Debian (etch release) via grml
1012 Assuming you want to install Debian to sda1:
1014 mkfs.ext3 /dev/sda1 # make an ext3 filesystem on /dev/sda1
1015 mount -o rw,suid,dev /dev/sda1 /mnt/test # now mount the new partition
1016 debootstrap etch /mnt/test ftp://ftp.tugraz.at/mirror/debian # get main packages from a debian-mirror
1017 chroot /mnt/test /bin/bash # let's chroot into the new system
1018 mount -t proc none /proc # make sure we have a mounted /proc
1019 apt-get install locales console-data # install locales
1020 dpkg-reconfigure locales console-data # adjust locales to your needs
1021 apt-get install vim most zsh screen less initrd-tools file grub \
1022 usbutils pciutils bzip2 sysfsutils dhcp3-client resolvconf \
1023 strace lsof w3m # install useful software
1024 apt-get install linux-headers-2.6-686 linux-image-686 # install current kernel
1026 echo "127.0.0.1 localhost" > /etc/hosts # adjust /etc/hosts and network:
1027 cat >> /etc/network/interfaces << EOF
1028 iface lo inet loopback
1029 iface eth0 inet dhcp
1034 ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime # adjust timezone and /etc/fstab:
1035 cat >> /etc/fstab << EOF
1036 sysfs /sys sysfs auto 0 0
1037 proc /proc proc defaults 0 0
1038 /dev/sda1 / ext3 defaults,errors=remount-ro 0 1
1039 /dev/sda2 none swap sw 0 0
1040 /dev/cdrom /mnt/cdrom0 iso9660 ro,user,noauto 0 0
1042 passwd # set password of user root
1044 mkdir /boot/grub # setup grub
1045 cp /usr/share/doc/grub/examples/menu.lst /boot/grub
1046 cat >> /boot/grub/menu.lst << EOF
1047 title Debian Etch, kernel 2.6.18-3-686 (on /dev/sda1)
1049 kernel /boot/vmlinuz-2.6.18-3-686 root=/dev/sda1 ro
1050 initrd /boot/initrd.img-2.6.18-3-686
1052 vim /boot/grub/menu.lst # adjust grub configuration to your needs
1053 cd /dev && MAKEDEV generic # create default devices
1054 cp -i /usr/lib/grub/i386-pc/* /boot/grub/ # copy stage-files to /boot/grub/
1055 grub install # now install grub, run in grub-cmdline following commands:
1059 umount -a # unmount all filesystems in chroot and finally:
1060 exit # exit the chroot and:
1063 If you want to use lilo instead of grub take a look at
1064 /usr/share/doc/lilo/examples/conf.sample or use the following template:
1066 cat > /etc/lilo.conf << EOF
1067 # This allows booting from any partition on disks with more than 1024 cylinders.
1070 # Specifies the boot device
1073 # Specifies the device that should be mounted as root.
1076 # use Debian on software raid:
1077 # raid-extra-boot=mbr-only
1085 image=/boot/vmlinuz-2.6.18-grml
1089 initrd=/boot/initrd.img-2.6.18-grml
1092 See also: http://www.debian.org/releases/stable/i386/apcs04.html.en
1093 Avoid all of the above steps - use grml-debootstrap(8) instead!
1095 Convert files from Unicode / UTF-8 to ISO:
1097 % iconv -c -f utf8 -t iso-8859-15 < utffile > isofile
1101 % iconv -f iso-8859-15 -t utf8 < isofile > utffile
1103 Assign static setup for network cards (NICs) via udev:
1105 Retrieve information for address (corresponding to MAC address):
1107 # udevadm info -a -p /sys/class/net/eth0/ | grep -i 'ATTR{address}'
1109 Execute /lib/udev/write_net_rules with according values (INTERFACE
1110 is old NIC name, INTERFACE_NAME is new NIC name and MATCHADDR
1111 is the MAC address retrieved with udevadm info command):
1113 # INTERFACE=eth0 INTERFACE_NAME=lan0 MATCHADDR=00:00:00:00:00:01 /lib/udev/write_net_rules
1115 This will generate file /etc/udev/rules.d/70-persistent-net.rules with content:
1117 SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:00:00:00:00:01", KERNEL=="eth*", NAME="lan0"
1119 Finally take down the interface (ifdown/ifconfig) and execute:
1121 # udevadm trigger --action=add --subsystem-match=net
1123 so the interface will be renamed. (Rebooting or
1124 unloading drivers/restart udev/loading drivers again
1125 works as well of course.)
1127 Change the suffix from *.sh to *.pl using zsh:
1130 % zmv -W '*.sh' '*.pl'
1132 Generate SSL certificate:
1134 Create self signed certificate (adjust /etc/ssl/openssl.cnf if necessary):
1135 # openssl req -x509 -newkey rsa:1024 -keyout keyfile -out certfile -days 9999 -nodes
1138 # openssl x509 -in certfile -text
1140 Verify against CA certificate:
1141 # openssl verify -CAfile cacert.crt -verbose -purpose sslserver
1143 Generate 2048bit RSA-key:
1144 # openssl req -new -x509 -keyout pub-sec-key.pem -out pub-sec-key.pem -days 365 -nodes
1146 As before but add request to existing key pub-sec-key.pem:
1147 # openssl req -new -out request.pem -keyin pub-sec-key.pem
1149 Show request request.pem:
1150 # openssl req -text -noout -in request.pem
1152 Verify signature of request request.pem:
1153 # openssl req -verify -noout -in request.pem
1155 Generate SHA1 fingerprint (modulo key) of request.pem:
1156 # openssl req -noout -modulus -in request.pem | openssl sha1 -c
1158 Generate 2048bit RSA-key and put it to pub-sec-key.pem. Save self signed certificate in self-signed-certificate.pem:
1159 # openssl req -x509 -days 365 -newkey rsa:2048 -out self-signed-certificate.pem -keyout pub-sec-key.pem
1161 As before but create self signed certificate based on existing key pub-sec-key.pem:
1162 # openssl req -x509 -days 365 -new -out self-signed-certificate.pem -key pub-sec-key.pem
1164 Generate new request out of existing self signed certificate:
1165 # openssl x509 -x509toreq -in self-signed-certificate.pem -signkey pub-sec-key.pem -out request.pem
1167 Display certificate self-signed-certificate.pem in plaintext:
1168 # openssl x509 -text -noout -md5 -in self-signed-certificate.pem
1170 Check self signed certificate:
1171 # openssl verify -issuer_checks -CAfile self-signed-certificate.pem self-signed-certificate.pem
1173 Estable OpenSSL-connection using self-signed-certificate.pem and display certificate:
1174 # openssl s_client -showcerts -CAfile self-signed-certificate.pem -connect www.example.com:443
1176 Generate ssl-certificate for use with apache2:
1178 export RANDFILE=/dev/random
1179 mkdir /etc/apache2/ssl/
1180 openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem
1181 chmod 600 /etc/apache2/ssl/apache.pem
1183 Also take a look at make-ssl-cert (debconf wrapper for openssl):
1185 # /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/apache.pem
1187 and mod-ssl-makecert (utility to create SSL certificates in /etc/apache/ssl.*/).
1189 Change Windows NT password(s):
1191 # mount -o rw /mnt/hda1
1192 # cd /mnt/hda1/WINDOWS/system32/config/
1193 # chntpw SAM SECURITY system
1195 Notice: if mounting the partition read-write did not work (check syslog!)
1196 try using mount.ntfs-3g instead: mount.ntfs-3g /dev/hda1 /mnt/hda1
1198 (Be careful with deactivating syskey!)
1200 glark - replacement for grep written in Ruby:
1202 A replacement for (or supplement to) the grep family, glark offers:
1203 Perl compatible regular expressions, highlighting of matches,
1204 context around matches, complex expressions and automatic exclusion
1209 % glark -y keyword file # display only the region that matched, not the entire line
1210 % glark -o format print *.h # search for either "printf" or "format"
1212 More information: man glark
1214 Find CD burning device(s):
1216 General information on CD-ROM:
1217 % cat /proc/sys/dev/cdrom/info
1219 Scan using ATA Packet specific SCSI transport:
1220 # cdrecord -dev=ATA -scanbus
1221 # cdrecord-prodvd -s -scanbus dev=ATA
1223 Get specific information for /dev/ice:
1224 # cdrecord dev=/dev/ice -scanbus
1226 Create devices in /dev on udev:
1228 For example create md devices (/dev/md0, /dev/md1,...):
1229 # cd /dev ; WRITE_ON_UDEV=1 ./MAKEDEV md
1231 Identify network device (NIC):
1233 # ethtool -i $DEVICE
1235 Show NIC statistics:
1237 # ethtool -S $DEVICE
1239 If your NIC shows some aging signs, you may want to be sure:
1241 # ethtool -t $DEVICE
1243 Disable TCP/UDP checksums:
1245 # ethtool -K $DEVICE tx off
1247 grml2hd seems to hang? Getting Squashfs errors? Problems while booting?
1249 Switch to tty12 and take a look at the syslog. If you see something like:
1251 SQUASHFS error: zlib_fs returned unexpected result 0x........
1252 SQUASHFS error: Unable to read cache block [.....]
1253 SQUASHFS error: Unable to read inode [.....]
1255 your ISO/CD-ROM very probably is not ok. Verify it via booting with grml testcd.
1256 Check your CD low-level via running:
1258 # readcd -c2scan dev=/dev/cdrom
1260 If the medium really is ok and it still fails try to boot with deactivated DMA
1261 via using grml nodma at the bootprompt.
1263 Write a Microsoft compatible boot record (MBR) using ms-sys
1265 Write a Windows 2000/XP/2003 MBR to a device:
1267 # ms-sys -m /dev/ice
1269 Notice: grab ms-sys from http://ms-sys.sourceforge.net/ - demo:
1271 wget http://surfnet.dl.sourceforge.net/sourceforge/ms-sys/ms-sys-2.1.3.tgz
1272 unp ms-sys-2.1.3.tgz
1277 Use a Vodafone 3G Datacard (UMTS) with Linux:
1279 Plug in your vodafone card and check in syslog whether the appropriate
1280 (probably /dev/ttyUSB0 or /dev/noz0) has been created. If so run:
1283 # wvdial --config /etc/wvdial.conf.umts $PROFILE
1286 # comgt -d /dev/ttyUSB0
1287 # wvdial --config /etc/wvdial.conf.umts a1usb
1289 # comgt -d /dev/noz0
1290 # wvdial --config /etc/wvdial.conf.umts tmnozomi
1292 # comgt -d /dev/noz0
1293 # wvdial --config /etc/wvdial.conf.umts dreiusb
1295 # comgt -d /dev/ttyACM0
1296 # wvdial --config /etc/wvdial.conf.umts yesss
1298 If you receive invalid DNS nameservers when connecting, like:
1301 --> primary DNS address 10.11.12.13
1302 --> secondary DNS address 10.11.12.14
1304 just provide a working nameserver to resolvconf via:
1306 # echo "nameserver 80.120.17.70" | resolvconf -a ppp0
1308 Notice: some vodafone cards require the nozomi driver (run 'modprobe nozomi' on
1309 your grml system), some other ones require the sierra driver (run
1312 If your device isn't supported by usbserial yet, manually provide vendor and
1313 product ID when loading the usbserial module. Usage example:
1317 Bus 004 Device 008: ID 1199:6813 Sierra Wireless, Inc.
1319 # modprobe usbserial vendor=0x1199 product=0x6813
1321 To get a list of available providers execute:
1323 # comgt -s -d /dev/ttyUSB0 /etc/comgt/operator
1325 hdparm - get/set hard disk parameters
1327 Display the identification info that was obtained from the drive at boot time,
1329 # hpdarm -i /dev/ice
1331 Request identification info directly from the drive:
1332 # hpdarm -I /dev/ice
1334 Perform timings of device + cache reads for benchmark and comparison purposes:
1335 # hdparm -tT /dev/ice
1337 bonnie++ - program to test hard drive performance.
1339 # mkdir /mnt/benchmark
1340 # mount /dev/ice /mnt/benchmark
1341 # chmod go+w /mnt/benchmark
1342 # bonnie -u grml -d /mnt/benchmark -s 2000M
1344 Use gizmo with a bluetooth headset:
1346 % DEVICE="/dev/dsp$(awk '/- BT Headset/ {print $1}' /proc/asound/cards)"
1347 % gizmo --mic $DEVICE --speaker $DEVICE
1349 Scan a v4l device for TV stations:
1351 % scantv -c /dev/video0 -C /dev/vbi0 -o ~/.xawtv
1353 Then running xawtv should work:
1357 Run apt-get with timeout of 3 seconds:
1359 # apt-get -o acquire::http::timeout=3 update
1361 Debian GNU/Linux device driver check page
1363 % $BROWSER http://kmuto.jp/debian/hcl/index.cgi
1365 Use dd with status line:
1367 # dd if=/dev/ice conv=noerror,notrunc,sync | buffer -S 100k | dd of=/tmp/file
1369 Generate a 512k file of random data with status bar:
1371 % dd if=/dev/random bs=1024 count=512 | bar -s 512k -of ./random
1373 Install Grub instead of lilo on grml installation (grml2hd):
1378 adjust grub's configuration file menu.lst:
1379 # $EDITOR /boot/grub/menu.lst
1381 now install grub (usage example for /dev/sda1):
1386 Install Ubuntu using grml:
1388 See https://wiki.ubuntu.com/Installation/FromKnoppix
1390 Resize ext2 / ext3 partition:
1392 # tune2fs -O '^has_journal' /dev/iceX # disable journaling
1393 # fsck.ext2 -v -y -f /dev/iceX # check the filesystem
1394 # resize2fs -p /dev/iceX $SIZE # resize it (adjust $SIZE)
1395 # fdisk /dev/ice # adjust partition in partition table
1396 # fsck.ext2 -v -y -f /dev/iceX # check filesystem again
1397 # resize2fs -p /dev/iceX # resize it to maximum
1398 # tune2fs -j /dev/iceX # re-enable journal
1400 Tune ext2 / ext3 filesystem:
1402 Check partition first:
1404 # tune2fs -l /dev/iceX
1406 If you don't see dir_index in the list, then enable it:
1408 # tune2fs -O dir_index /dev/iceX
1410 Now run e2fsck with the -D option to have the directories optimized:
1412 # e2fsck -D /dev/iceX
1414 Notice: since e2fsprogs (1.39-1) filesystems are created with
1415 directory indexing and on-line resizing enabled by default.
1417 Search for printers via network:
1419 # pconf_detect -m NETWORK -i 192.168.0.1/24
1421 Mount a remote directory via webdav (e.g. Mediacenter of GMX):
1423 # mount -t davfs https://mediacenter.gmx.net/ /mnt/test
1425 System-Profiling using oprofile:
1430 # opcontrol --setup --no-vmlinux --event=CPU_CLK_UNHALTED:500000:0:1:1 --separate=library
1435 Now $DO_SOME_TASKS...
1438 # opcontrol --shutdown
1440 Then take a look at the reports using something like e.g.:
1441 # opreport -t 0.5 --exclude-dependent
1442 # opreport -t 0.5 /path/to/executable_to_check
1443 # opannotate -t 0.5 --source --assembly
1445 Install ATI's fglrx driver for Xorg / X.org:
1447 Usually there already exist drivers for the grml-system:
1448 # apt-get update ; apt-get install fglrx-driver fglrx-kernel-`uname -r`
1450 After installing adjust xorg.conf via running:
1451 # aticonfig --initial --input=/etc/X11/xorg.conf
1453 For more information take a look at http://wiki.grml.org/doku.php?id=ati
1455 Install nvidia driver for Xorg / X.org:
1457 Usually there already exist drivers for the grml-system:
1458 # apt-get update ; apt-get install nvidia-glx nvidia-kernel-`uname -r`
1460 Then switch from module nv to nvidia:
1462 # sed -i 's/Driver.*nv.*/Driver "nvidia"/' /etc/X11/xorg.conf
1464 glxgears - a GLX demo that draws three rotating gears
1466 To print frames per second (fps) use:
1467 % glxgears -printfps
1469 You forgot to boot with 'grml noeject noprompt' to avoid
1470 ejecting and prompting for CD removal when rebooting/halting
1481 If you want to avoid only the prompting part, run:
1489 Mount wikipedia local via fuse:
1491 Adjust configuration:
1492 % cat ~/.wikipediafs/config.xml
1495 <article-cache-time>300</article-cache-time>
1499 <dirname>wikipedia-de</dirname>
1500 <host>de.wikipedia.org</host>
1501 <basename>/w/index.php</basename>
1504 <dirname>wikipedia-en</dirname>
1505 <host>en.wikipedia.org</host>
1506 <basename>/w/index.php</basename>
1511 Mount it (/wiki must exist of course):
1512 % mount.wikipediafs /wiki
1513 % cat /wiki/wikipedia-en/Cat
1516 % fusermount -u /wiki
1518 Remote notification on X via osd (on screen display):
1520 Start osd_server.py at your local host (listens on port 1234 by default):
1523 Then login to a $REMOTEHOST
1524 % ssh -R 1234:localhost:1234 $REMOTEHOST
1526 Now send the text to your local display via running something like:
1527 % echo "text to send" | nc localhost 1234
1529 Very useful when you are waiting for a long running job
1530 but want to do something else in the meanwhile:
1532 % ./configure && make && echo "finished compiling" | netcat localhost 1234
1534 You can use this in external programs as well of course. Examples:
1536 Use osd in centericq:
1538 % cat ~/.centericq/external
1547 if [ -x /usr/bin/socat -a -x /bin/netcat ] ; then
1548 CONTACT_CUSTOM_NICK=$(cat ${CONTACT_INFODIR}/info | head -n 46 | tail -n 1)
1549 osd_msg="*** CenterICQ: new ${EVENT_NETWORK} ${EVENT_TYPE} from ${CONTACT_CUSTOM_NICK} ***"
1550 if echo | socat - TCP4:localhost:1234 &>/dev/null ; then
1551 echo "${osd_msg}" | netcat localhost 1234
1555 Use it in the IRC console client irssi via running:
1559 You can even activate the port forwarding by default globally:
1564 RemoteForward 1234 127.0.0.1:1234
1567 Notice: if you get 'ABORT: Requested font not found' make sure the
1568 requested font is available, running 'LANG=C LC_ALL=C osd_server.py...'
1571 Avoid automatical startup of init scripts via invoke-rc.d:
1573 First of all make sure the package policyrcd-script-zg2 (which
1574 provides the /usr/sbin/policy-rc.d interface) is installed.
1576 In policyrcd-script-zg2's configuration file named
1577 /etc/zg-policy-rc.d.conf the script /usr/sbin/grml-policy-rc.d is
1578 defined as the interface for handling invoke-rc.d's startup policy.
1580 grml-policy-rc.d can be configure via /etc/policy-rc.d.conf. By
1581 default you won't notice any differences to Debian's default
1582 behaviour, except that invoke-rc.d won't be executed if a chroot has
1583 been detected (detection: /proc is missing).
1585 If you want to disable automatical startup of newly installed packages
1586 (done via the invoke-rc.d mechanism) just set EXITSTATUS to '101' in
1587 /etc/policy-rc.d.conf.
1589 To restore the default behaviour set EXITSTATUS back to '0' in
1590 /etc/policy-rc.d.conf.
1592 Install VMware-Tools for grml:
1594 First of all make sure a CD-ROM device in VMware is available.
1596 Mount the CD-ROM device to /mnt/cdrom, then unpack and install
1600 unp /mnt/cdrom/vmware-linux-tools.tar.gz
1601 cd vmware-tools-distrib
1604 /etc/init.d/networking stop
1609 /etc/init.d/networking start
1611 In an X terminal, launch the VMware Tools running:
1615 Some important Postfix stuff
1623 Send all messages in the queue:
1627 Send all messages in the queue for a specific site:
1631 Delete a specific message
1632 # postsuper -d 12345678942
1634 Deletes all messages held in the queue for later delivery
1635 # postsuper -d ALL deferred
1637 Mail queues in postfix:
1639 incoming -> mail who just entered the system
1640 active -> mail to be delivered
1641 deferred -> mail to be delivered later because there were problems
1642 hold -> mail that should not be delivered until released from hold
1644 For configuration of postfix take a look at
1645 /etc/postfix/master.cf - man 5 master
1646 /etc/postfix/main.cf - man 5 postconf
1647 and http://www.postfix.org/documentation.html.
1651 mode 4000 - set user ID (suid):
1653 - for executable files: run as the user who owns the file, instead of the
1654 user who runs the file
1655 - for directories: not used
1657 mode 2000 - set group ID (guid):
1659 - for executable files: run as the group who owns the file, instead of the
1660 group of the user who runs the file
1661 - for directories: when a file is created inside the directory, it belongs
1662 to the group of the directory instead of the default group of the user who
1665 mode 1000 - sticky bit:
1667 - for files: not used
1668 - for directories: only the owner of a file can delete or rename the file
1670 Create MySQL database
1672 # apt-get install mysql-client mysql-server
1674 Run 'mysql' as root - create a database with:
1676 create database grml
1678 Give a user access to the database (without password):
1680 grant all on grml.* to mika;
1682 Give a user access to the database (with password):
1684 grant all on grml.* to enrico identified by "PASSWORD";
1686 Setup an HTTPS website:
1688 Create a certificate:
1690 # mkdir /etc/apache2/ssl
1691 # make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
1693 Create a virtual host on port 443:
1695 <VirtualHost www.foo.invalid:443>
1699 Enable SSL in the VirtualHost:
1702 SSLCertificateFile /etc/apache2/ssl/apache.pem
1704 Enable listening on the HTTPS port (/etc/apache2/ports.conf):
1708 and make sure the SSL module is used:
1712 Useful Apache / Apache2 stuff
1714 Check configuration file via running:
1716 # apache2ctl configtest
1724 # a2enmod modulename
1726 Create tar archive and store it on remote machine:
1728 % tar zcf - /sourcedir | ssh user@targethost "cat >file.tgz"
1730 Pick out and displays images from network traffic:
1734 Install Flash plugin:
1736 # dpkg-reconfigure flashplugin-nonfree
1738 To test a proxy, low level way:
1742 GET http://www.google.com HTTP/1.0 [press enter twice]
1744 Adjust system for use of qemu with kqemu:
1746 Make sure you have all you need:
1747 # aptitude update ; aptitude install qemu kqemu-modules-$(uname -r)
1752 mknod /dev/kqemu c 250 0
1753 chmod 666 /dev/kqemu
1754 chmod 666 /dev/net/tun
1756 Check kqemu support via starting qemu, press
1757 Ctrl-Alt-2 and entering 'info kqemu'.
1759 (High-Load) Debugging related tools:
1761 mpstat # report processors related statistics
1762 iostat # report CPU statistics and input/output statistics for devices and partitions
1763 vmstat # report virtual memory statistics
1764 slabtop # display kernel slab cache information in real time
1765 atsar # system activity report
1766 dstat # versatile tool for generating system resource statistics
1777 Using WPA for network setup manually:
1779 # wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf
1781 Adjust the options and configuration file to your needs.
1782 Also take a look at 'grml-network'.
1784 Start X and lock console via exiting:
1786 % startx 2>~/.xsession-errors &| exit
1788 Which process is writing to disk and/or causes the disk to spin up?
1790 First of all use lsof to check what's going on. Does not help? ->
1792 # echo 1 > /proc/sys/vm/block_dump
1794 The command sets a sysctl to cause the kernel to log all disk
1795 writes. Please notice that there is a lot of data. So please
1796 disable syslogd/syslog-ng before you do this, or you must make
1797 sure that kernel output is not logged.
1799 When you're done, disable block dump using:
1800 # echo 0 > /proc/sys/vm/block_dump
1803 laptop-mode-tools provides a tool named lm-profiler (laptop mode profiler)
1804 which handles block_dump on its own.
1806 See: $KERNEL-SOURCE/Documentation/laptop-mode.txt
1808 Also take a look at event-viewer(8) which is part of grml-debugtools.
1810 Install initrd via initramfs-tools for currently running kernel:
1812 # update-initramfs -c -t -k $(uname -r)
1814 Install initrd via yaird for currently running kernel:
1816 # yaird -o /boot/initrd.img-$(uname -r)
1818 Install initrd via yaird for specific kernel:
1822 # yaird -o /boot/initrd.img-2.6.15-1-686 2.6.15-1-686
1824 Reinstall package with its original configuration files:
1826 # apt-get install --reinstall -o DPkg::Options::=--force-confmiss -o \
1827 DPkg::Options::=--force-confnew package
1829 grml 0.8 funkenzutzler - rt2x00 drivers:
1831 To avoid conflicts with the other rt2x00-drivers the package rt2x00 (which
1832 includes beta-version drivers) is not installed by default. If you want to
1833 use the kernel modules rt2400pci, rt2500pci, rt2500usb, rt61pci and/or
1834 rt73usb please install the package manually running:
1836 # dpkg -i /usr/src/rt2x00-modules-*.deb
1838 Use Java with jikes and jamvm on grml:
1842 % cp /usr/share/doc/grml-templates/template.java .
1843 % jikes template.java
1846 Notice that grml exports $JIKESPATH (/usr/share/classpath/glibj.zip),
1847 so you do not have to manually run
1848 jikes --bootclasspath /usr/share/classpath/glibj.zip
1850 Online resizing of (Software-)RAID5:
1852 # Initiate a RAID5 setup for testing purposes:
1853 mdadm --create --verbose /dev/md0 --level=5 --raid-devices=3 /dev/hda1 /dev/hdb1 /dev/hdd1
1855 # Create filesystem, mount md0, create a testfile and save md5sum for
1858 mount /dev/md0 /mnt/test
1859 dd if=/dev/urandom of=/mnt/test/dd bs=512 count=10000
1860 md5sum /mnt/test/dd > md5sum
1862 # Make sure the RAID is synched via checking:
1865 # Now remove one partition:
1866 mdadm /dev/md0 --fail /dev/hdd1 --remove /dev/hdd1
1868 # Delete partition, create a new + bigger one and set partition type to fd
1869 # (Linux raid autodetect):
1872 # And re-add the partition:
1873 mdadm -a /dev/md0 /dev/hdd1
1875 # Make sure the RAID is synched via checking:
1878 # Repeat the steps for all other disks/partitions as well:
1879 mdadm /dev/md0 --fail /dev/hdb1 --remove /dev/hdb1
1881 mdadm -a /dev/md0 /dev/hdb1
1883 mdadm /dev/md0 --fail /dev/hda1 --remove /dev/hda1
1885 mdadm -a /dev/md0 /dev/hda1
1888 # Now resize the RAID5 system online [see 'man mdadm' for details]:
1889 mdadm --detail /dev/md0 | grep -e 'Array Size' -e 'Device Size'
1890 mdadm --grow /dev/md0 -z max
1891 mdadm --detail /dev/md0 | grep -e "Array Size" -e 'Device Size'
1893 # Last step - resize the filesystem (online again):
1896 ext3 online resizing:
1898 Starting with Linux kernel 2.6.10 you can resize ext3 online. With
1899 e2fsprogs >=1.39-1 new filesystems are created with directory indexing and
1900 on-line resizing enabled by default (see /etc/mke2fs.conf).
1904 cfdisk /dev/hda # create a partition with type 8e (lvm)
1905 pvcreate /dev/hda2 # create a physical volume
1906 vgcreate resize_me /dev/hda2 # create volume group
1907 lvcreate -n resize_me -L100 resize_me # create a logical volume
1908 mkfs.ext3 /dev/resize_me/resize_me # now create a new filesystem
1909 mount /dev/resize_me/resize_me /mnt/test # mount the new fs for demonstrating online resizing
1910 df -h # check the size of the partition
1911 lvextend -L+100M /dev/resize_me/resize_me # let's extend the logical volume
1912 resize2fs /dev/resize_me/resize_me # and finally resize the filesystem
1913 df -h # recheck the size of the partition
1915 This also works for Software-RAID. Demo:
1917 mdadm --create --verbose /dev/md0 --level=raid1 --raid-devices=2 /dev/hda2 /dev/hdb1
1919 mount /dev/md0 /mnt/test
1920 mdadm /dev/md0 --fail /dev/hda2 --remove /dev/hda2
1921 cfdisk /dev/hda # adjust partition size for hda2
1922 mdadm /dev/md0 --add /dev/hda2
1923 mdadm /dev/md0 --fail /dev/hdb1 --remove /dev/hdb1
1924 cfdisk /dev/hdb # adjust partition size for hdb1
1925 mdadm /dev/md0 --add /dev/hdb1
1926 mdadm --grow /dev/md0 --size=max
1929 Notice: online resizing works as soon as the kernel can re-read the
1930 partition table. So it works for example with LVM and SW-RAID but not with
1931 a plain device (/dev/[sh]d*). The kernel does not re-read the partition
1932 table if the device is already mounted.
1934 Use vim as an outline editor:
1936 % $PAGER /usr/share/doc/vim-vimoutliner/README.Debian
1940 Monitor directories/files for changes using iwatch
1942 Monitor /tmp for changes:
1945 Monitor files/directories specified in /etc/iwatch.xml
1946 and send mail on changes:
1949 Some often used mdadm commands:
1952 # mdadm --create --verbose /dev/md0 --level=raid1 --raid-devices=2 /dev/hda1 /dev/hdb1
1954 Display details of specific RAID:
1955 # mdadm --detail /dev/md0
1958 Simulating a drive failure by software:
1959 # mdadm --manage --set-faulty /dev/md0 /dev/hda1
1961 Remove disk from RAID:
1962 # mdadm /dev/md0 -r /dev/hda1
1964 Set disk as faulty and remove from RAID:
1965 # mdadm /dev/md0 --fail /dev/hda1 --remove /dev/hda1
1970 Restart a RAID-device:
1973 Add another disk to existing RAID setup (hotadd):
1974 # mdadm /dev/md0 -a /dev/hde1
1975 # mdadm --grow /dev/md0 --raid-devices=4
1977 Assemble and start all arrays:
1978 # mdadm --assemble --scan
1980 Assemble a specific array:
1981 # mdadm --assemble /dev/md0 /dev/sda1 /dev/sdb1 /dev/sdc1
1984 # mdadm --assemble --run --force --update=resync /dev/md0 /dev/sda1 /dev/sda2
1987 # mdadm --stop --scan
1989 Scan for and setup arrays automatically:
1990 # mdadm --assemble --scan --auto=yes --verbose
1992 Notice: If the above does not work make sure /etc/mdadm/mdadm.conf contains:
1994 CREATE owner=root group=disk mode=0660 auto=yes
1999 # /usr/share/mdadm/mkconf > /etc/mdadm/mdadm.conf
2002 Monitoring the sw raid
2003 # nohup mdadm --monitor --mail=root@localhost --delay=300 /dev/md0
2005 Producing /etc/mdadm/mdadm.conf:
2006 # mdadm --detail --scan > /etc/mdadm/mdadm.conf
2008 See also: man mdadm | less -p "^EXAMPLES"
2009 http://www.tldp.org/HOWTO/Software-RAID-HOWTO.html
2011 A quick summary of the most commonly used RAID levels:
2014 => 2 disks each 160 GB: 320 GB data
2015 RAID 1: Mirrored Set
2016 => 2 disks each 160 GB: 160 GB data
2017 RAID 5: Striped Set with Parity
2018 => 3 disks each 160 GB: 320 GB data; 160 GB redundancy
2020 Common nested RAID levels:
2021 RAID 01: A mirror of stripes
2022 RAID 10: A stripe of mirrors
2023 RAID 30: A stripe across dedicated parity RAID systems
2024 RAID 100: A stripe of a stripe of mirrors
2026 -- http://en.wikipedia.org/wiki/RAID
2028 Logical Volume Management (LVM) with Linux
2033 | hda1 hdc1 (PV:s on partitions or whole disks)
2039 | usrlv rootlv varlv (LV:s)
2041 | ext3 ext3 xfs (filesystems)
2043 Often used commands:
2044 ~~~~~~~~~~~~~~~~~~~~
2046 Create a physical volume:
2047 # pvcreate /dev/hda2
2049 Create a volume group:
2050 # vgcreate testvg /dev/hda2
2052 Create a logical volume:
2053 # lvcreate -n test_lv -L100 testvg
2055 Resize a logical volume:
2056 # lvextend -L+100M /dev/resize_me/resize_me
2057 # resize2fs /dev/resize_me/resize_me # ext2/3
2058 # xfs_growfs /dev/resize_me/resize_me # xfs
2059 # resize_reiserfs -f /dev/resize_me/resize_me # reiserfs online
2060 # mount -o remount,resize /dev/resize_me/resize_me # jfs
2062 Create a snapshot of a logical volume:
2063 # lvcreate -L 500M --snapshot -n mysnap /dev/testvg/test_lv
2065 Deactivate a volume group:
2066 # vgchange -a n my_volume_group
2068 Actually remove a volume group:
2069 # vgremove my_volume_group
2071 Display information about physical volume:
2072 # pvdisplay /dev/hda1
2074 Remove physical volume:
2075 # vgreduce my_volume_group /dev/hda1
2077 Remove logical volume:
2078 # umount /dev/myvg/homevol
2079 # lvremove /dev/myvg/homevol
2082 http://www.tldp.org/HOWTO/LVM-HOWTO/
2084 How to use APT locally
2086 Sometimes you have lots of packages .deb that you would like to use APT to
2087 install so that the dependencies would be automatically solved. Solution:
2090 dpkg-scanpackages debs /dev/null | gzip > debs/Packages.gz
2091 echo " deb file:/root debs/" >> /etc/apt/sources.list
2092 dpkg-scansources debs | gzip > debs/Sources.gz
2093 echo " deb-src file:/root debs/" >> /etc/apt/sources.list
2095 See also: http://www.debian.org/doc/manuals/apt-howto/ch-basico.en.html
2097 Check filesystem's LABEL:
2102 ext2/3 without blkid:
2103 # dumpe2fs /dev/sda1 | grep "Filesystem volume name"
2106 # xfs_admin -l /dev/sda1
2108 reiserfs without blkid:
2109 # debugreiserfs /dev/sda1 | grep -i label
2112 # jfs_tune -l /dev/sda1 | grep -i label
2114 reiser4 without blkid:
2115 # debugfs.reiser4 /dev/sda1 | grep -i label
2117 Check filesystem's UUID:
2122 ext2/3 without blkid:
2123 # dumpe2fs /dev/sda1 | grep -i UUID
2126 # xfs_admin -u /dev/sda1
2128 reiserfs without blkid:
2129 # debugreiserfs /dev/sda1 | grep -i UUID
2131 reiser4 without blkid:
2132 # debugfs.reiser4 /dev/sda1 | grep -i UUID
2134 Change a filesystem's LABEL:
2137 # mkswap -L $LABEL /dev/sda1
2140 # e2label /dev/sda1 $LABEL
2141 # tune2fs -L $LABEL /dev/sda1
2144 # reiserfstune -l $LABEL /dev/sda1
2147 # jfs_tune -L $LABEL /dev/sda1
2150 # xfs_admin -L $LABEL /dev/sda1
2153 # echo 'drive i: file="/dev/sda1"' >> ~/.mtoolsrc
2154 # mlabel -s i:$LABEL
2157 # ntfslabel $LABEL /dev/sda1
2159 Disable pdiffs feature of APT:
2162 # echo 'Acquire::PDiffs "false";' >> /etc/apt/apt.conf
2165 # apt-get update -o Acquire::Pdiffs=false
2167 Backup big devices or files and create compressed splitted
2168 image chunks of it using zsplit
2170 Create backup of /dev/sda named archiveofsda_#.spl.zp in directory
2171 /mnt/sda1/backup, split the files up into chunks of 1GB each and set
2172 read/write buffer to 256kB:
2173 # zsplit -b 256 -N archiveofsda -o /mnt/sda1/backup/ -s 1G /dev/sda
2175 Restore the backup using unzsplit:
2176 # unzsplit -D /dev/sda -d archiveofsda
2178 More usage examples: man zsplit + man unzsplit
2180 Measure network performance using iperf:
2186 % iperf -c <server_address> -V
2190 Server with 128k TCP window size:
2193 Client with running for 60 seconds and bidirectional test:
2194 % iperf -c <server_address> -r -w128k -t60
2196 Framebuffer resolutions:
2198 Resolution in pixels
2199 Color depth | 640x480 800x600 1024x768 1280x1024
2200 256 (8bit)| 769 771 773 775
2201 32000 (15bit)| 784 787 790 793
2202 65000 (16bit)| 785 788 791 794
2203 16.7 Mill.(24bit)| 786 789 792 795
2207 Mode 0x0300: 640x400 (+640), 8 bits
2208 Mode 0x0301: 640x480 (+640), 8 bits
2209 Mode 0x0303: 800x600 (+800), 8 bits
2210 Mode 0x0303: 800x600 (+832), 8 bits
2211 Mode 0x0305: 1024x768 (+1024), 8 bits
2212 Mode 0x0307: 1280x1024 (+1280), 8 bits
2213 Mode 0x030e: 320x200 (+640), 16 bits
2214 Mode 0x030f: 320x200 (+1280), 24 bits
2215 Mode 0x0311: 640x480 (+1280), 16 bits
2216 Mode 0x0312: 640x480 (+2560), 24 bits
2217 Mode 0x0314: 800x600 (+1600), 16 bits
2218 Mode 0x0315: 800x600 (+3200), 24 bits
2219 Mode 0x0317: 1024x768 (+2048), 16 bits
2220 Mode 0x0318: 1024x768 (+4096), 24 bits
2221 Mode 0x031a: 1280x1024 (+2560), 16 bits
2222 Mode 0x031b: 1280x1024 (+5120), 24 bits
2223 Mode 0x0330: 320x200 (+320), 8 bits
2224 Mode 0x0331: 320x400 (+320), 8 bits
2225 Mode 0x0332: 320x400 (+640), 16 bits
2226 Mode 0x0333: 320x400 (+1280), 24 bits
2227 Mode 0x0334: 320x240 (+320), 8 bits
2228 Mode 0x0335: 320x240 (+640), 16 bits
2229 Mode 0x0336: 320x240 (+1280), 24 bits
2230 Mode 0x033c: 1400x1050 (+1408), 8 bits
2231 Mode 0x033d: 640x400 (+1280), 16 bits
2232 Mode 0x033e: 640x400 (+2560), 24 bits
2233 Mode 0x0345: 1600x1200 (+1600), 8 bits
2234 Mode 0x0346: 1600x1200 (+3200), 16 bits
2235 Mode 0x034d: 1400x1050 (+2816), 16 bits
2236 Mode 0x035c: 1400x1050 (+5632), 24 bits
2238 Portscan using netcat:
2240 # netcat -v -w2 <host|ip-addr.> 1-1024
2242 Run apt-get but disable apt-listchanges:
2244 APT_LISTCHANGES_FRONTEND=none apt-get ...
2246 Upgrade system but disable apt-listbugs:
2248 APT_LISTBUGS_FRONTEND=none apt-get ...
2250 Set up a Transparent Debian Proxy
2252 Install of apt-cacher, the default config will do:
2253 # apt-get install apt-cacher
2255 Check out the ip address of debian mirror(s).
2256 Then add this to your firewall script:
2258 DEBIAN_MIRRORS="141.76.2.4 213.129.232.18"
2259 for ip in ${DEBIAN_MIRRORS} ; do
2260 ${IPTABLES} -t nat -A PREROUTING -s $subnet -d $ip -p tcp --dport 80 -j REDIRECT --to-port 3142
2263 where ${IPTABLES} is the location of your iptables binary
2264 and $subnet is your internal subnet.
2266 Now everybody in your subnet who does access either
2267 ftp.de.debian.org or ftp.at.debian.org will actually
2268 access your apt-cacher instead.
2270 To use apt-cacher on the router itself, add the following
2271 line to your /etc/apt/apt.conf:
2273 Acquire::http::Proxy "http://localhost:3142/";
2275 Version control using Mercurial
2277 Setting up a Mercurial project:
2280 % hg init # creates .hg
2281 % hg add # add all files
2282 % hg commit # commit all changes, edit changelog entry
2284 Branching and merging:
2286 % hg clone linux linux-work # create a new branch
2291 % hg pull ../linux-work # pull changesets from linux-work
2292 % hg merge # merge the new tip from linux-work into
2293 # (old versions used "hg update -m" instead)
2294 # our working directory
2295 % hg commit # commit the result of the merge
2299 % cat ../p/patchlist | xargs hg import -p1 -b ../p
2307 % hg export 1234 > foo.patch # export changeset 1234
2309 Export your current repo via HTTP with browsable interface:
2311 % hg serve -n "My repo" -p 80
2313 Pushing changes to a remote repo with SSH:
2315 % hg push ssh://user@example.com/~/hg/
2317 Merge changes from a remote machine:
2319 host1% hg pull http://foo/
2320 host2% hg merge # merge changes into your working directory
2322 Set up a CGI server on your webserver:
2323 % cp hgwebdir.cgi ~/public_html/hg/index.cgi
2324 % $EDITOR ~/public_html/hg/index.cgi # adjust the defaults
2326 Download binary codecs for mplayer:
2328 # /usr/share/mplayer/scripts/win32codecs.sh
2332 # /usr/share/mplayer/scripts/binary_codecs.sh install
2334 (depending on the mplayer version you have).
2336 To play encrypted DVDs and if you are living in a country where using
2337 libdvdcss code is not illegal can install Debian package libdvdread3
2338 and use the script /usr/share/doc/libdvdread3/install-css.sh.
2340 Read manpages of uninstalled packages with debman:
2342 % debman -p git-core git
2344 Test network performance using netperf:
2350 # netperf -t TCP_STREAM -H 192.168.0.41
2352 Setup Xen within 20 minutes on Debian/grml
2354 Install relevant software und update grub's menu.lst (Xen does not work with
2355 usual lilo so install grub instead if not done already):
2357 apt-get install linux-image-2.6.18-1-xen-686 xen-hypervisor-3.0.3-1-i386 \
2358 xen-utils-3.0.3-1 xen-tools bridge-utils
2361 Example for installation of Debian etch as DomU:
2364 xen-create-image --debootstrap --dir=/mnt/md1/xen --size=2Gb --memory=512Mb --fs=ext3 \
2365 --cache=yes --dist=etch --hostname=xengrml1 --ip 192.168.1.2 --netmask 255.255.255.0 \
2366 --gateway 192.168.1.1 --initrd=/boot/initrd.img-2.6.18-1-xen-686 \
2367 --kernel=/boot/vmlinuz-2.6.18-1-xen-686 --mirror=http://ftp.at.debian.org/debian/
2371 /etc/init.d/xend start
2372 /etc/init.d/xendomains start
2374 Setup a bridge for network, either manually:
2376 brctl addbr xenintbr
2377 brctl stp xenintbr off
2378 brctl sethello xenintbr 0
2379 brctl setfd xenintbr 0
2380 ifconfig xenintbr 192.168.1.1 netmask 255.255.255.0 up
2382 or via /etc/network/interfaces (run ifup xenintbr to bring up the device then
2386 iface xenintbr inet static
2387 pre-up brctl addbr xenintbr
2388 post-down brctl delbr xenintbr
2390 netmask 255.255.255.0
2395 Setup forwarding (adjust $PUBLIC_IP; for permanet setup use /etc/sysctl.conf and
2396 add the iptables commands to a startup script like /etc/init.d/rc.local):
2398 echo 1 > /proc/sys/net/ipv4/ip_forward
2399 iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j SNAT --to $PUBLIC_IP
2400 iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to $PUBLIC_IP
2402 Adjust network configuration of Xend:
2404 cat >> /etc/xen/xend-config.sxp << EOF
2405 (network-script network-route)
2406 (vif-bridge xenintbr)
2407 (vif-script vif-bridge)
2410 List domains, start up a DomU, shutdown later again:
2412 xm create -c /etc/xen/xengrml1.cfg
2416 This HowTo is also available online at http://grml.org/xen/
2418 Play tetris with zsh:
2422 bindkey "^Xt" tetris
2424 Now press 'ctrl-x t'.
2426 Set up a router with grml
2428 Run grml-router script:
2431 Install dnsmasq if not already present:
2432 # apt-get update ; apt-get install dnsmasq
2434 Adjust /etc/dnsmasq.conf according to your needs:
2435 # cat >> /etc/dnsmasq.conf << EOF
2438 dhcp-range=19.168.0.124,192.168.0.254,1m # dhcp range
2439 dhcp-option=3,192.168.0.1 # dns server
2440 dhcp-option=1,255.255.255.0 # netmask
2443 Start dnsmasq finally:
2446 Display stats about memory allocations performed by a program:
2448 Usage example for 'ls':
2450 % LD_PRELOAD=/lib/libmemusage.so ls > /dev/null
2452 Use KVM (Kernel-based Virtual Machine for Linux):
2454 Make sure to install the relevant tools:
2455 # apt-get update ; apt-get install kvm
2458 Test it with a minimal system like ttylinux:
2459 # wget http://www.minimalinux.org/ttylinux/packages/bootcd-i386-5.3.iso.gz
2460 # gzip -d bootcd-i386-5.3.iso.gz
2461 # kvm -cdrom bootcd-i386-5.3.iso
2463 EEPROM data decoding for SDRAM DIMM modules:
2466 # /usr/share/doc/lm-sensors/examples/eeprom/decode-dimms.pl
2470 Make sure your device is supported by Linux and running.
2471 See http://www.linuxtv.org/ for more details.
2473 If the DVB device works on your system (see 'hwinfo --usb'
2474 when using a DVB usb device for example), then make sure you
2475 have the scan util from dvb-utils available:
2477 # aptitude install dvb-utils
2479 Then create a channels.conf configuration file:
2481 % scan /usr/share/doc/dvb-utils/examples/scan/... > ~/.mplayer/channels.conf
2483 You can find some example configuration files on
2484 your grml system in ~/.channels. Usage example:
2486 % ln -s ~/.mplayer/channels.conf-AT-graz ~/.mplayer/channels.conf
2488 Tip: w_scan (see http://free.pages.at/wirbel4vdr/w_scan/index2.html)
2489 might be useful if you do not know the initial configuration
2492 Get the lastest mercurial snapshot:
2494 Make sure you have the python-dev package available:
2495 # apt-get update ; apt-get install python-dev
2497 Get and build the source:
2498 % hg clone http://selenic.com/repo/hg mercurial
2501 % export PYTHONPATH=$(pwd)
2502 % export PATH=$PATH:$(pwd)
2504 now you should have the newest version of mercurial whenever you execute hg.
2506 To update to the lastest development snapshot, additionally use
2507 the following commands:
2508 % hg pull -u http://hg.intevation.org/mercurial/crew
2514 Available bootoptions relevant in live-cd mode:
2515 -----------------------------------------------
2517 * utc: set UTC, if your system clock is set to UTC (GMT)
2518 * gmt: set UTC, if your system clock is set to UTC (GMT) [like bootoption utc]
2519 * tz=$option: set timezone to corresponding $option, usage example:
2522 Configuration options relevant on harddisk installation:
2523 --------------------------------------------------------
2525 * Use the tzconfig utility to set the local timezone:
2529 which adjusts /etc/timezone and /etc/localtime according
2530 to the provided information. Running:
2532 # dpkg-reconfigure tzdata
2534 might be useful as well.
2536 * /etc/default/rcS: set variable UTC according to your needs,
2537 whether your system clock is set to UTC (UTC='yes') or
2540 * /etc/localtime: adjust zoneinfo according to your needs:
2542 # ln -sf /usr/share/zoneinfo/$WHATEVER_YOU_WANT /etc/localtime
2544 The zoneinfo directory contains the time zone files that were
2545 compiled by zic. The files contain information such as rules
2546 about DST. They allow the kernel to convert UTC UNIX time into
2547 appropriate local dates and times. Use the zdump utility to
2548 print current time and date (in the specified time zone).
2550 * /etc/adjtime: This file is used e.g. by the adjtimex function,
2551 which can smoothly adjust system time while the system runs
2553 * If you change the time (using 'date --set ...', ntpdate,...)
2554 it is worth setting also the hardware clock to the correct time:
2556 # hwclock --systohc [--utc]
2558 Remember to add the --utc -option if the hardware clock is set
2564 Check your current settings via:
2567 zdump /etc/localtime
2570 grep hwclock /etc/runlevel.conf
2571 grep '^UTC' /etc/default/rc
2573 Further information:
2574 --------------------
2576 hwclock(8) tzselect(1) tzconfig(8)
2577 http://www.debian.org/doc/manuals/system-administrator/ch-sysadmin-time.html
2578 http://wiki.debian.org/TimeZoneChanges
2580 Recorder shellscript session using script:
2582 % script -t 2>~/upgrade.time -a ~/upgrade.script
2583 % scriptreplay ~/upgrade.time ~/upgrade.script
2585 Test UTF-8 capabilities of terminal:
2587 wget http://www.linux-cjk.net/Console/garabik/UTF-8-demo.txt.gz
2588 zcat UTF-8-demo.txt.gz
2592 wget http://www.cl.cam.ac.uk/~mgk25/ucs/examples/UTF-8-test.txt
2595 UTF-8 at grml / some general information regarding Unicde/UTF-8:
2597 http://wiki.grml.org/doku.php?id=utf8
2600 This allows one ssh connection attepmt per minute per source ip, with a initial
2601 burst of 10. The available burst is like a counter which is initialised with
2602 10. Every connection attempt decrements the counter, and every minute where the
2603 connection limit of one per minute is not overstepped the counter is
2604 incremented by one. If the burst counter is exhausted the real rate limit
2605 comes into play. This gives you 11 connectionattepmts in the first minute
2606 before blocked for 10minutes. After 10 minutes block the game restarts.
2608 Hint: you could set the burst value to 5 and the block time to only 5 minutes
2609 to achive the same average connection rate but with halve the block time.
2611 iptables -A inet_in -p tcp --syn --dport 22 -m hashlimit --hashlimit-name ssh \
2612 --hashlimit 1/minute \ --hashlimit-burst 10 --hashlimit-mode srcip \
2613 --hashlimit-htable-expire 600000 -j ACCEPT
2614 iptables -A inet_in -p tcp --dport 22 -m state --state NEW -j REJECT
2616 Tunnel a specific connection via socat:
2619 % socat TCP4-LISTEN:8003 TCP4:gateway:500
2622 # socat TCP4-LISTEN:500,fork TCP4:target:$PORT
2624 Using localhost:8003 on the client uses the tunnel now.
2628 # date --set=060916102007
2630 where the bits are month(2)/day(2)/hour(2)/minute(2)/year(4)
2632 Set date using a relative date:
2638 # date -s '+tomorrow'
2640 Display a specific relative date:
2642 # date -d '+5 days -2 hours'
2644 Don't forget to set hardware clock via:
2648 Booting grml via network / PXE:
2650 Start grml-terminalserver on a system with network access
2651 and where grml is running:
2653 # grml-terminalserver
2655 Then booting your client(s) via PXE should work without
2658 See: man grml-terminalserver + http://grml.org/terminalserver/
2660 Debugging SSL communications:
2662 % openssl s_client -connect server.adress:993 > output_file
2663 % openssl x509 -noout -text -in output_file
2667 # ssldump -a -A -H -i eth0
2669 See http://prefetch.net/articles/debuggingssl.html for more details.
2671 Remove bootmanager from MBR:
2673 # lilo -M /dev/hda -s /dev/null
2675 Rewrite grub to MBR:
2678 # grub-install --recheck --no-floppy --root-directory=/mnt/sda1 /dev/sda
2680 Rewrite lilo to MBR:
2685 Create screenshot of plain/real console - tty1:
2687 # fbgrab -c 1 screeni.png
2689 Create screenshot when running X:
2693 Tip: use the gkrellshoot plugin when using gkrellm
2695 Redirect all connections to hostA:portA to hostB:portB, where hostA and hostB are
2698 Run the following commands on hostA:
2700 echo 1 > /proc/sys/net/ipv4/ip_forward
2701 iptables -t nat -A PREROUTING -p tcp --dport portA -j DNAT --to hostB:portB
2702 iptables -A FORWARD -i eth0 -o eth0 -d hostB -p tcp --dport portB -j ACCEPT
2703 iptables -A FORWARD -i eth0 -o eth0 -s hostB -p tcp --sport portB -j ACCEPT
2704 iptables -t nat -A POSTROUTING -p tcp -d hostB --dport portB -j SNAT --to-source hostA
2706 Flash BIOS without DOS/Windows:
2708 Dump flash info and set the flash chip to writable:
2711 Backup the original BIOS:
2712 # flashrom -r backup.bin
2714 Notice: the following step will overwrite your current BIOS!
2715 So make sure you really know what you are doing.
2717 Flash the BIOS image:
2718 # flashrom -wv newbios.bin
2720 Also check out LinuxBIOS: http://linuxbios.org/
2722 Enable shadow passwords:
2726 Set up an IPv6 tunnel on grml:
2730 Set up console newsreader slrn for use with Usenet:
2734 Calculate with IPv6 addresses:
2738 For usage examples refer to manpage ipv6calc(8).
2740 Common network debugging tools for use with IPv6:
2749 Set up NFS (Network File System):
2753 Make sure the relevant services are running on the server side:
2755 # /etc/init.d/portmap start
2756 # /etc/init.d/nfs-common start
2757 # /etc/init.d/nfs-kernel-server start
2759 Export shares via /etc/exports:
2761 /backups 192.168.1.100/24(rw,wdelay,no_root_squash,async,subtree_check)
2763 ... or manually export a directory running:
2765 # exportfs -o rw,wdelay,no_root_squash,async,subtree_check 192.168.1.100:/backups
2767 and unexport a share running:
2769 # exportfs -u 192.168.1.100:/backups
2771 and every time when you modify /etc/exports file run
2775 Display what NFS components are running:
2779 Display list of exported shares:
2787 Make sure the relevant services are running on the client side:
2789 # /etc/init.d/portmap start
2790 # /etc/init.d/nfs-common start
2792 Verify that the server allows you to access its RPC/NFS services:
2794 # rpcinfo -p server_name
2796 Check what directories the server exports:
2798 # showmount -e server_name
2800 On the client side you can use something like the following in /etc/fstab:
2802 192.168.1.101:/backups /mnt/nfs nfs defaults,users,wsize=8192,rsize=8192 0 0
2806 # aptitude install cloop-src
2809 # modprobe cloop file=/path/to/cloop/file
2810 # mount -r -t iso9660 /dev/cloop /mnt/test
2812 Create a PS/PDF of a plaintext file:
2814 % a2ps --medium A4dj -E -o output.ps input_file
2817 Print two pages on one in a PDF file:
2819 % pdfnup --nup 2x1 input.pdf
2821 Concatenate, extract pages/parts, encrypt/decrypt,
2822 compress PDFs using 'pdftk'.
2824 Read a PS/PDF file on console:
2828 or on plain framebuffer console in graphical mode:
2830 % pdf2ps file.pdf ; ps2png file.ps file.png ; fbi file.png
2836 Bypass the password of a PDF file:
2838 % gs -q -dNOPAUSE -sDEVICE=pdfwrite -sOutputFile=output.pdf input.pdf -c quit
2844 This will record a AIFF audio file.
2846 Change passphrase / password of an existing SSH key:
2850 Enable syntax highlighting in nano:
2852 Just uncomment the include directives for your respective
2853 language at the bottom of the file /etc/nanorc
2855 Create netboot package for grml-terminalserver:
2857 # bash /usr/share/doc/grml-terminalserver/examples/create-netboot
2859 To boot grml via network (PXE) check out grml-terminalserver:
2861 # grml-terminalserver
2863 See http://grml.org/terminalserver/ for more details.
2867 Using the 'Orientation' tag of the Exif header, rotate
2868 the image so that it is upright:
2869 % jhead -autorot *.jpg
2871 Manually rotate a picture:
2872 % convert -rotate 270 input.jpg output.jpg
2874 Rename files based on the information inside their exif header:
2876 % jhead -n%Y-%m-%d_%Hh%M_%f *.jpg
2878 This will rename a file named img_2071.jpg to something like:
2880 2007-08-17_10h38_img_2071.jpg
2882 if it was shot at 10:38 o'clock on 2007-08-17 (according to
2883 the information inside the exif header).
2885 Calculate network / netmask:
2888 % ipcalc 10.0.0.28 255.255.255.0
2889 % ipcalc 10.0.0.0/24
2891 Blacklist a kernel module:
2893 # blacklist <name_of_kernel_module>
2895 -> running 'blacklist hostap_cs' for example will generate an
2896 entry like this in /etc/modprobe.d/grml:
2901 To remove the module from the blacklist again just invoke:
2903 # unblacklist <name_of_kernel_module>
2905 or manually remove the entry from /etc/modprobe.d/grml.
2907 Create a Debian package of a perl module:
2909 % dh-make-perl --cpan Acme::Smirch --build
2911 The Magic SysRq Keys (SysReq or Sys Req, short for System Request):
2913 To reboot your system using the SysRq keys just hold down the Alt and
2914 SysRq (Print Screen) key while pressing the keys REISUB ("Raising
2915 Elephants Is So Utterly Boring").
2917 R = take the keyboard out of raw mode
2918 E = terminates all processes (except init)
2919 I = kills all processes (except init)
2920 S = synchronizes the disk(s)
2921 U = remounts all filesystems read-only
2922 B = reboot the system
2924 Notice: use O instead of B for poweroff.
2926 Or write the sequence to /proc/sysrq-trigger instead:
2928 # for i in r e i s u b ; do echo $i > /proc/sysrq-trigger ; done
2930 To enable or disable SysRq calls:
2932 # echo 0 > /proc/sys/kernel/sysrq
2933 # echo 1 > /proc/sys/kernel/sysrq
2935 See http://en.wikipedia.org/wiki/Magic_SysRq_key for more details.
2939 Just boot your grml Live-CD with "memtest" to execute a memcheck/memtest
2942 Tunnel TCP-Traffic through DNS using dns2tcp:
2946 1. Create necessary DNS-Records:
2947 dnstun.example.com. 3600 IN NS host.example.com.
2948 dnstun.example.com. 3600 IN A 192.168.1.1
2949 host.example.com. 3600 IN A 192.168.1.1
2951 2. Configure dns2tcpd on host.example.com.:
2952 # cat /etc/dns2tcpd.conf
2953 listen = 192.168.1.1 #the ip dns2tcpd should listen on
2954 port = 53 #" port " " " "
2957 domain = dnstun.example.com. # the zone as specified inside dns
2958 ressources = ssh:127.0.0.1:22 # available resources
2960 3. Start the daemon:
2961 # cat > /etc/default/dns2tcp << EOF
2962 # Set ENABLED to 1 if you want the init script to start dns2tcpd.
2966 # /etc/init.d/dns2tcp start
2970 You have two possibilities:
2971 - Use the DNS inside your network (DNS must allow resolving for external domains)
2972 # grep nameserver /etc/resolv.conf
2973 nameserver 172.16.42.1
2974 # dns2tcpc -z dnstun.example.com 172.16.42.1
2975 Available connection(s) :
2977 # dns2tcpc -r ssh -l 2222 -z dnstun.example.com 172.16.42.1 &
2978 Listening on port : 2222
2979 # ssh localhost -p 2222
2980 user@host.example.com:~#
2982 - Directly contact the endpoint (port 53 UDP must be allowed outgoing)
2983 # dns2tcpc -z dnstun.example.com dnstun.example.com
2984 Available connection(s) :
2986 # dns2tcpc -r ssh -l 2222 -z dnstun.example.com dnstun.example.com &
2987 Listenning on port : 2222
2988 # ssh localhost -p 2222
2989 user@host.example.com:~#
2991 Notice: using 'ssh -D 8080 ..' you will get a socks5-proxy listening on
2992 localhost:8080 which you can use to tunnel everything through your "dns-uplink".
2994 Configure a MadWifi device for adhoc mode:
2996 Disable the autocreation of athX devices:
2997 # echo "options ath_pci autocreate=none" > /etc/modprobe.d/madwifi
2999 Remove the autocreated device for now:
3000 # wlanconfig ath0 destroy
3002 Configuration in /etc/network/interfaces:
3004 iface ath0 inet static
3010 - Do not use interface names without ending 0 (otherwise startup fails).
3011 - Only chooss unique names for interfaces.
3013 Find dangling symlinks using zsh:
3017 Use approx with runit supervision
3018 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3020 Install the packages:
3021 # apt-get install approx runit
3023 Add user approxlog for the logging daemon:
3024 # adduser --system --home /nonexistent --no-create-home approxlog
3026 Create config directory:
3027 # mkdir /etc/sv/approx
3029 Use /var/run/sv.approx as supervise directory:
3030 # ln -s /var/run/sv.approx /etc/sv/approx/supervise
3032 # cat > /etc/sv/approx/run << EOF
3034 echo 'approx starting'
3038 You normally do not need a logging service for approx because it logs
3039 to syslog too. So just for completion:
3040 # mkdir -p /etc/sv/approx/log
3041 # ln -s /var/run/sv.approx.log /etc/sv/approx/log/supervise
3042 # cat > /etc/sv/approx/log/run << EOF
3045 LOG="/var/log/approx"
3046 test -d "$LOG" || mkdir -p -m2750 "$LOG" && chown approxlog:adm "$LOG"
3047 exec chpst -uapproxlog svlogd -tt -v "$LOG"
3050 Now activate the new approx service (will be started within 5s):
3051 # ln -s /etc/sv/approx/ /var/service/
3053 Make approx managed via runit available via init-script interface:
3054 # dpkg-divert --local --rename /etc/init.d/approx
3055 # ln -s /usr/bin/sv /etc/init.d/approx
3057 Remote-reboot a grml system using SysRQ via /proc (execute as root):
3062 echo b > /proc/sysrq-trigger
3064 Show what happens on /dev/sda0:
3066 # mount the debugfs to relay kernel info to userspace
3067 mount -t debugfs none /sys/kernel/debug
3069 # is a convenient wrapper arround blktrace and blkparse
3072 Convert Flash to Avi:
3074 % ffmpeg -i input.flv output.avi
3076 Extract MP3 from Flash file:
3078 % for i in *.flv; do ffmpeg -i $i -acodec copy ${i%.flv}.mp3 ; done
3080 Usage example for cryptsetup / -luks encrypted partition on LVM:
3082 volume group name: x61
3083 logical volume name: home
3085 echo "grml-crypt_home /dev/mapper/x61-home none luks" >> /etc/crypttab
3087 mount /dev/mapper/grml-crypt_home /mnt/test
3089 fdisk/parted/... complains with something like
3090 'unable to open /dev/sda - unrecognised disk label'?!
3092 See http://grml.org/faq/#fdisk =>
3094 * use /sbin/fdisk.distrib from util-linux
3095 * switch to sfdisk, cfdisk,...
3096 * use parted's mklabel command (but please read the
3097 parted manual before executing this command)
3099 dmraid - support for SW-RAID / FakeRAID controllers
3100 like Highpoint HPT and Promise FastTrack
3102 Activate all software RAID sets discovered:
3105 Deactivates all active software RAID sets:
3108 Discover all software RAID devices supported on the system:
3111 Extract winmail.dat:
3116 Extract files to current directory:
3117 % ytnef -f . winmail.dat
3119 Approx - Debian package proxy/cacher howto
3121 % apt-get install approx
3122 % echo 'debian http://ftp.de.debian.org/debian' >>/etc/approx/approx.conf
3125 Add your new approx to sources.list
3128 deb http://localhost:9999/debian unstable main contrib non-free
3130 use approx in grml-debootstrap like:
3131 % grml-debootstrap -r lenny -t /dev/sda1 -m http://127.0.0.1:9999/debian
3133 Simple webserver with python:
3135 % python -m SimpleHTTPServer
3137 Upgrade only packages from the grml-stable Debian repository:
3139 echo 'deb http://deb.grml.org/ grml-stable main' > /etc/apt/grml-stable.list
3140 apt-get -o Dir::Etc::sourcelist=/etc/apt/grml-stable.list -o Dir::Etc::sourceparts=/doesnotexist update
3143 Install Centos into a directory:
3145 % febootstrap centos-5 directory http://mirror.centos.org/centos-5/5.3/os/i386/
3147 Install Fedora into a directory:
3149 % febootstrap fedora-11 target_directory
3151 Use Nessus / OpenVAS (remote network security auditor):
3153 Install software packages:
3155 # apt-get install openvas-client openvas-server openvas-plugins-base openvas-plugins-dfsg
3160 Start openvas server (takes a while):
3161 # Start openvas-server
3163 Invoke client as user:
3166 Find packages not available from any active apt repository:
3168 % apt-show-versions | awk '/No available version in archive/{print $1}'
3170 Simple mailserver with python:
3172 % python -m smtpd -n -c DebuggingServer localhost:1025
3176 echo $USER | nc $HOST 79
3178 Install Archlinux using Grml:
3180 https://wiki.archlinux.org/index.php/Install_from_Existing_Linux
3182 wget http://tokland.googlecode.com/svn/trunk/archlinux/arch-bootstrap.sh