- separates cached & authoritative data
- simplifies the software
- avoids BIND bugs and security flaws
Wednesday, July 20, 2005
NSD - Name Server Daemon
Ack! Now here's a good replacement for BIND if your requirements aren't too heavy. It's a high-performance authoritative name server. Being authoritative is good I guess since it
Newsforge's 10 commandments of system administration
Newsforge has a nice collection of articles for system administration titled
The Ten Commandments of System Administration
In short:
The Ten Commandments of System Administration
In short:
- Thou shalt make regular and complete backups
Use whatever floats your boat for this one - amanda, rsync, tar, etc. - Thou shalt establish absolute trust in thy servers
using file integrity tools like tripwire, aide, and afick. - Thou shalt be the first to know when something goes down
using tools like Nagios, Big Sister and Zabbix - Thou shalt keep server logs on everything
- Thou shalt document complete and effective policies and procedures
- Thou shalt know what cable goes where
- Thou shalt use encryption for insecure services
- Thou shalt not lose system logs when a server dies
- Thou shalt know the openings into your servers
using the well-established nmap program. - Thou shalt not waste time doing repetitive and mundane tasks
Thursday, July 14, 2005
TrueType and Mozilla
Downloaded and installed that latest version of Mozilla? You may need to tweak some settings - if you create a new profile, these steps would have to be repeated
Now hopefully mozilla will render fonts better. If not, check this page for anything I may have missed out.
- In the location bar, type
about:config - In the filter bar that appears, type
font - Locate the line "font.FreeType2.enable". If the value here is false, change it to true
- Edit the
/default/firefox.js or /default/unix.js and add a line for each directory with TrueType/OpenType fonts like this:
pref("font.directory.truetype.1", "/usr/local/share/fonts/TrueType");
pref("font.directory.truetype.2", "/usr/share/fonts/TrueType");
Now hopefully mozilla will render fonts better. If not, check this page for anything I may have missed out.
Wednesday, July 13, 2005
Changing display managers
To use kdm as the default display manager instead of gdm in Fedora/Redhat/Mandrake distributions, edit
For Suse Linux, you need to play with /etc/sysconfig/displaymanager and edit the DISPLAYMANAGER line either using a text editor or the /etc/sysconfig/Editor in YaST.
/etc/sysconfig/desktop and add DISPLAYMANAGER="kdm" (or just edit the DISPLAYMANAGER line if it already exists.) Mandrake has two versions of KDE display manager - the normal version is kdm, and Mandrake's tweaked version can be referred to with DISPLAYMANAGER="KDE".For Suse Linux, you need to play with /etc/sysconfig/displaymanager and edit the DISPLAYMANAGER line either using a text editor or the /etc/sysconfig/Editor in YaST.
Friday, July 08, 2005
xargs and maverick tars
Ever had a tar file which didn't have a directory as it's top level entry? I really hate these maverick tarballs - I really like the idea of tarballs storing a directory and it's contents rather than merely a directory. Why? So that when untarred, it doesn't spew files in the current directory and mess things up. Sybase's ASE tarballs come to mind on this one. Anyways, if you have to clean the mess, it's not a big deal. I use
Of course, use
tar tf filename.tar | xargs rmOf course, use
jtf for filename.tar.bz2 and ztf for filename.tar.gz. :)
grep is good, grep is fun, grep is good for every1
I love the GNU
It's no fun having three processes to do something instead of merely one, but that's the only option when in a bind.
grep over the normal U*x grep. It has a few cool extensions over the POSIX grep. One of them is the -R option that lets you recurse through directories to search for a pattern. That's one of the reasons I've always compiled the GNU grep on U*x machines as well. If there's no option but to use the standard grep, all isn't lost - xargs and find along with grepdo the same job. i.e. find -type f -print| xargs grep -li "pattern"It's no fun having three processes to do something instead of merely one, but that's the only option when in a bind.
Which ports in use? Who opened them?
Two questions I get frequently asked is:
Q. How do I figure which ports are in use?
A. Every OS with TCP/IP as a network stack includes a command called
to display all open port numbers.
The
Q. How do I figure which program is holding port open?
A. Use
to figure the process holding the port open. Of course you can also use
to figure the ports the program
It may not be present on all U*x machines, but no big deal - download the sources off
- How do I figure which ports are in use?
- How do I figure which program is holding this port open?
Q. How do I figure which ports are in use?
A. Every OS with TCP/IP as a network stack includes a command called
netstat. Usenetstat -nato display all open port numbers.
The
-a and -n are probably the most portable command options to netstat. You can fine-tune the output - say for example you want to see only TCP ports and not UDP, IPv4 only and not IPv6, etc. Those are pretty OS specific options tho'. For example, Linux's netstat has the option -l to list only listening ports. The netstat version supplied with Windows 2000 or Solaris does not have an equivalent option! It's best to check up the help text (man pages on U*x) to determine the supported optionsQ. How do I figure which program is holding port
A. Use
lsof. In particular, use lsof | grep "nn"to figure the process holding the port open. Of course you can also use
lsof| grep -i "progname"to figure the ports the program
progname has open.It may not be present on all U*x machines, but no big deal - download the sources off
ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/lsof and compile. At least you get prebuilt binaries for Linux and Solaris. Other than these platforms, lsof works fine with AIX 5, Apple Darwin 7.7.0, *BSD, HP-UX and Tru64 UNIX 5.1. Sorry, lsof doesn't do Windows. Use Sysinternal's Process Explorer to determine open ports for Windows machines.
Tuesday, July 05, 2005
Screen captures in Unix/Linux
There are several tools around for screen caps in Unix/Linux.
First option:
GNOME users: Use the built-in tool to take a screen shot. You don't need to go as far to launch it. A PrintScreen to take a screenshot of the desktop is enough. Want only a window? Get the window into focus and hit Alt+PrintScreen.
KDE users:
Second option (in order of preference):
Last option: Use the command line. My favorite in order of preference:
There probably are other means too, but I'm not really aware of any other than the tools mentioned above.
First option:
GNOME users: Use the built-in tool to take a screen shot. You don't need to go as far to launch it. A PrintScreen to take a screenshot of the desktop is enough. Want only a window? Get the window into focus and hit Alt+PrintScreen.
KDE users:
ksnapshot is pretty impressive. It too can take images of the desktop or window.Second option (in order of preference):
gimp: GIMP can take screenshots - gimp1 seems to dither on Solaris 8 tho'. At least on the installation I worked with it didn't work too well. It still worked a lot better than Solaris's own sdtimage.xv: A fast image viewer - it can also take screenshots. :) The reason it is second in preference is it is shareware - it may not readily be available on the machine.stdimage: This tool is available on Solaris only. Not too impressive - kept crashing in Solaris 8 :(Last option: Use the command line. My favorite in order of preference:
import: Part of ImageMagick's impressive suite. xwd and convert: xwd can capture X-Window dumps but the format is not understood by most image viewers. ImageMagick's convert however can convert these files into a gif/jpeg/whatever else. There probably are other means too, but I'm not really aware of any other than the tools mentioned above.
Installing truetype fonts in Suse Linux
Damn! There's no ttmkfdir in Suse 9.1 - I looked, but I couldn't find it. Maybe I'm missing something. :( In any case, the help for installing new fonts is in the Administration Guide, Chapter 4, section 2.
Simply install the fonts in some directory which is a subdirectory of the directories listed in /etc/fonts/fonts.conf. For example,
If the fonts are already present in some other partition - for example, the/fonts/ directory on the Windows partition, create symlinks to those fonts using
This is applicable for all font types - bitmap fonts, TrueType and OpenType fonts, and Type1 (PostScript) fonts. It isn't applicable to CID fonts. CID-keyed fonts must be installed in
In any case, given that
Simply install the fonts in some directory which is a subdirectory of the directories listed in /etc/fonts/fonts.conf. For example,
/usr/X11R6/lib/X11/fonts/truetype Alternately, use KDE's font installer from the Kontrol center. Either way the result is the same.If the fonts are already present in some other partition - for example, the
SuSEconfig --module fontsThis is applicable for all font types - bitmap fonts, TrueType and OpenType fonts, and Type1 (PostScript) fonts. It isn't applicable to CID fonts. CID-keyed fonts must be installed in
/usr/share/ghostscript/Resource/CIDFont.In any case, given that
~/.fonts is mentioned in /etc/fons/fonts.conf in both Red Hat/Fedora and Suse, one of the simplest ways to install fonts - one common to both flavors of Linux would be to drop the fonts in ~/.fonts.
Friday, July 01, 2005
Displaying multipage fax documents
A received fax is usually a TIFF file - but if it's multi-page, the usual image viewing proggies like gimp, xv, et al do not show more than one page. That's when KFax comes to the rescue - navigation with KFax thru a multi-page document is as simple as using PgUp and PgDn.
Thursday, June 30, 2005
Passwordless logins with SSH
Here's how to login without supplying a password for remote machines running ssh.
Alternately, if the local host is Windows and there's no openssh around, then download and install the Putty installer - preferrably the 0.58 version or higher. Then run the
- On the local Unix/Linux host or a local Windows host with openssh installed, execute:
ssh-keygen -t dsa - Use scp to copy the $HOME/.ssh/id_dsa.pub from the local machine to the remote ssh host.
- Login to the remote ssh host.
- Append the contents of id_dsa.pub to $HOME/.ssh/authorized_keys.
cat $HOME/id_dsa.pub > $HOME/.ssh/authorized_keys
rm $HOME/id_dsa.pub - Ensure permissions on the $HOME/.ssh directory are strictly for the file owner only.
chmod 700 $HOME/.ssh
chmod 600 $HOME/.ssh/*
Alternately, if the local host is Windows and there's no openssh around, then download and install the Putty installer - preferrably the 0.58 version or higher. Then run the
puttygen tool, select the dsa option and press Generate. After the key generation is completed, save the public and private keys. Do the same stuff with the public key as mentioned above. [Urk - I'll complete this later - am running late ]
Wednesday, June 29, 2005
Converting Type 1 fonts for use with Windows
Some Linux distributions like Red Hat and Suse have some fabulous Type 1 fonts for use that Windows users can really drool over. I especially like the URW and Chancery fonts.
If you want to use these fonts in Windows, hop over to the FontForge site and download FontForge. Open the font you wish to convert, select Generate, and choose to convert to either an OpenType or TrueType font. Drop the font in your fonts directory and you're home free. :)
If you want to use these fonts in Windows, hop over to the FontForge site and download FontForge. Open the font you wish to convert, select Generate, and choose to convert to either an OpenType or TrueType font. Drop the font in your fonts directory and you're home free. :)
Converting TTF for use with Linux/Unix apps
There are some apps on Linux/Unix that refuse to play nicely with TrueType or OpenType fonts. (The WxWindows library is one that gave me such headaches.) For such programs, the best bet is to convert the TTF to Postscript Type 1 fonts using TTF2PT1. There's even a version for Windows.
After installing TTF2PT1, convert the font to Type 1 using the command:
For creating fonts for use with Ghostscript:
You ought to have a files suffixed with .afm and .pfa (or .pfb for use with GhostScript) after the conversion completes.
Note that you should NOT do this if the font license disallows such a conversion.
Drop the font in the appropriate directory on Linux/Unix and from that directory, build the fonts.scale and fonts.dir file with
If needed, add the directory to the X font path as mentioned in this tip.
After installing TTF2PT1, convert the font to Type 1 using the command:
ttf2pt1 -a -e -llatin1 filename.ttfFor creating fonts for use with Ghostscript:
ttf2pt1 -a -b -llatin1 filename.ttfYou ought to have a files suffixed with .afm and .pfa (or .pfb for use with GhostScript) after the conversion completes.
Note that you should NOT do this if the font license disallows such a conversion.
Drop the font in the appropriate directory on Linux/Unix and from that directory, build the fonts.scale and fonts.dir file with
mkfontscale
mkfontdir.If needed, add the directory to the X font path as mentioned in this tip.
Installing truetype fonts in Fedora Core/Red Hat and others
X Window supports many different types of fonts like Adobe Type 1 fonts, TrueType, or OpenType. If you need your OpenType/TrueType fonts accessible in Linux:
Copy the TrueType (.ttf) or OpenType (.otf) fonts into this folder. Now run
Run
If
To this, add /usr/share/fonts/opentype so that the content now appears like:
Now run:
Check if the fonts added appear in the list. You can also run
If you add new fonts to this directory, run
mkdir /usr/share/fonts/opentypeCopy the TrueType (.ttf) or OpenType (.otf) fonts into this folder. Now run
ttmkfdir -d /usr/share/fonts/opentype \
-o /usr/share/fonts/opentype/fonts.scale
mkfontdir /usr/share/fonts/opentype
Run
chkfontpath to see if the directory we created (/usr/share/fonts/opentype) is present in the list of locations X Window will look for font files. If not, run: chkfontpath -a /usr/share/fonts/opentypeIf
chkfontpath is not present, edit /etc/X11/fs/config or /etc/X11/xfs/config (whichever is present). Locate the lines
catalogue = /usr/X11R6/lib/X11/fonts/misc:unscaled,
/usr/X11R6/lib/X11/fonts/75dpi:unscaled,
/usr/X11R6/lib/X11/fonts/100dpi:unscaled,
/usr/X11R6/lib/X11/fonts/Type1,
/usr/X11R6/lib/X11/fonts/Speedo,
/usr/share/fonts/default/Type1,
To this, add /usr/share/fonts/opentype so that the content now appears like:
catalogue = /usr/X11R6/lib/X11/fonts/misc:unscaled,
/usr/X11R6/lib/X11/fonts/75dpi:unscaled,
/usr/X11R6/lib/X11/fonts/100dpi:unscaled,
/usr/X11R6/lib/X11/fonts/Type1,
/usr/X11R6/lib/X11/fonts/Speedo,
/usr/share/fonts/default/Type1,
/usr/share/fonts/opentype,
Now run:
fc-cache
fc-listCheck if the fonts added appear in the list. You can also run
xfontsel to check the font list. For a font preview as well, run gucharmap. If you add new fonts to this directory, run
ttmkfdir, mkfontdir and fc-cache again.Monday, June 27, 2005
Making KBD tags look good
Not directly Linux related, but something I wouldn't like to forget :-)
The Mozilla support site shows keystrokes really neatly. Like this: Ctrl+Alt+Del or Ctrl+W. The style sheet I used is:
kbd {
padding: 0px 1px 0px 1px;
border-width: 1px 3px 3px 3px;
border-style: solid;
background: #faf6f6;
color: #000;
border-color: #edd #baa #baa #eed;
font-size: 10pt;
font-style: monospace;
font-variant: normal;
font-weight: normal;
}
End result is a nice keyboard effect of sorts.
The Mozilla support site shows keystrokes really neatly. Like this: Ctrl+Alt+Del or Ctrl+W. The style sheet I used is:
kbd {
padding: 0px 1px 0px 1px;
border-width: 1px 3px 3px 3px;
border-style: solid;
background: #faf6f6;
color: #000;
border-color: #edd #baa #baa #eed;
font-size: 10pt;
font-style: monospace;
font-variant: normal;
font-weight: normal;
}
End result is a nice keyboard effect of sorts.
Friday, June 24, 2005
Starting a new X session through KDE
To be able to start a new X session through KDE:
cd /etc/X11/xdm
cp Xservers Xservers.orig
Edit the Xservers file so that it looks similar to this:
...
# you can add them here as well. Each X terminal line should
# look like:
# XTerminalName:0 foreign
# We comment out the following:
# :0 local /usr/X11R6/bin/X
# Add these lines
:0 local@tty1 /usr/X11R6/bin/X -nolisten tcp vt7
:1 local@tty2 reserve /usr/X11R6/bin/X -nolisten tcp :1 vt8
#:2 local@tty3 reserve /usr/X11R6/bin/X -nolisten tcp :2 vt9
#:3 local@tty4 reserve /usr/X11R6/bin/X -nolisten tcp :3 vt10
#:4 local@tty5 reserve /usr/X11R6/bin/X -nolisten tcp :4 vt11
You can then select Start New Session under the KDE menu. KDM and KDE are both needed for this to work. KDE does have it's own Xservers file, but on FC at least, it's a symbolic link to /etc/X11/xdm/Xservers.
cd /etc/X11/xdm
cp Xservers Xservers.orig
Edit the Xservers file so that it looks similar to this:
...
# you can add them here as well. Each X terminal line should
# look like:
# XTerminalName:0 foreign
# We comment out the following:
# :0 local /usr/X11R6/bin/X
# Add these lines
:0 local@tty1 /usr/X11R6/bin/X -nolisten tcp vt7
:1 local@tty2 reserve /usr/X11R6/bin/X -nolisten tcp :1 vt8
#:2 local@tty3 reserve /usr/X11R6/bin/X -nolisten tcp :2 vt9
#:3 local@tty4 reserve /usr/X11R6/bin/X -nolisten tcp :3 vt10
#:4 local@tty5 reserve /usr/X11R6/bin/X -nolisten tcp :4 vt11
You can then select Start New Session under the KDE menu. KDM and KDE are both needed for this to work. KDE does have it's own Xservers file, but on FC at least, it's a symbolic link to /etc/X11/xdm/Xservers.
Transparent Proxying
To make the host a transparent proxy, on the m/c connected directly to the ISP, edit /etc/sysctl.conf and set net.ipv4.ip_forward to 1.
Then execute the following:
# sysctl -p
# #Use appropriate network address below
# iptables -t nat -A POSTROUTING \
-s 192.168.10.0/24 -j MASQUERADE
# services iptables save
On other hosts set their default gateway to the transparent proxy's internal IP.
Then execute the following:
# sysctl -p
# #Use appropriate network address below
# iptables -t nat -A POSTROUTING \
-s 192.168.10.0/24 -j MASQUERADE
# services iptables save
On other hosts set their default gateway to the transparent proxy's internal IP.
Cool ImageMagick stuff
Make thumbnails with ImageMagick's convert utility using:
convert -resize 25x25% filename.png filename-thumb.png
The convert utility can also convert image formats:
convert file.jpg file.png
Another cool tool in ImageMagicks arsental which can convert images is mogrify - this one's more useful when there are a many images requiring conversion:
mogrify -format jpg *.png
This will annotate an image:
convert -font helvetica -fill white -pointsize 36 \
-draw 'text 10,14 "Garden, Pune"' \
img_314.jpg annotated_314.jpg
To make an image look like it was sketched:
convert -charcoal 2 \
portrait.jpg charcoal-portrait.jpg
To make images out of a pdf file:
convert bigfile.pdf bigfilepages-%03d.png
You can also combine effects:
/bin/convert -size 460x90 xc:transparent \
-font AvantGarde-DemiOblique -pointsize 72\
-draw "text 10,75 'AvantGarde'" \
-fill darkblue -stroke yellow \
-draw "text 15,70 AvantGarde" test.jpg
This results in an image that looks like
convert -resize 25x25% filename.png filename-thumb.png
The convert utility can also convert image formats:
convert file.jpg file.png
Another cool tool in ImageMagicks arsental which can convert images is mogrify - this one's more useful when there are a many images requiring conversion:
mogrify -format jpg *.png
This will annotate an image:
convert -font helvetica -fill white -pointsize 36 \
-draw 'text 10,14 "Garden, Pune"' \
img_314.jpg annotated_314.jpg
To make an image look like it was sketched:
convert -charcoal 2 \
portrait.jpg charcoal-portrait.jpg
To make images out of a pdf file:
convert bigfile.pdf bigfilepages-%03d.png
You can also combine effects:
/bin/convert -size 460x90 xc:transparent \
-font AvantGarde-DemiOblique -pointsize 72\
-draw "text 10,75 'AvantGarde'" \
-fill darkblue -stroke yellow \
-draw "text 15,70 AvantGarde" test.jpg
This results in an image that looks like
Automounting the USB key
[update: FC3 automounts in GNOME anyways without the hoopla - that new HAL thingy works well with udev. I'll try to get the dratted thingy to work in KDE. The stuff below does NOT work out with FC3 and above.]
Add this to /etc/fstab to help the USB key mount automatically in GNOME
/dev/sda1 /mnt/usb vfat \
user,iocharset=utf8,umask=0,sync,quiet,\
exec,codepage=866,noauto 0 0
If you need to automount the USB key, edit /etc/auto.master and add:
/mnt/usb /etc/auto.misc --timeout=60
Then add this line into /etc/auto.misc:
usb -fstype=auto,nosuid,nodev,\
sync,dirsync,mode=777,uid=99,gid=99,umask=000 \
:/dev/sda1
(In the above line, the user nobody has the uid and gid of 99. This is chosen as autofs runs as root.)
Then start/restart autofs :
# chkconfig --level 345 autofs on
# service autofs restart
The USB drive will be mounted/unmounted automatically.
If you want to automount USB flashdrive without using automount:
Plugin your flash drive look a the tail end of dmesg. If there is something about the usb drive on /dev/sda1, then the following will work if you have devlabel:
$ devlabel add -d /dev/sda1 \
-s /dev/flashdrive --automount \
--perms 666
Edit /etc/fstab and add this line:
/dev/flashdrive /mnt/flashdrive \
auto noauto,noatime,user,kudzu 0 0
Next time your flashdrive is plugged in, it should be automounted at /mnt/usb.
/dev/sda1 /mnt/usb vfat \
user,iocharset=utf8,umask=0,sync,quiet,\
exec,codepage=866,noauto 0 0
If you need to automount the USB key, edit /etc/auto.master and add:
/mnt/usb /etc/auto.misc --timeout=60
Then add this line into /etc/auto.misc:
usb -fstype=auto,nosuid,nodev,\
sync,dirsync,mode=777,uid=99,gid=99,umask=000 \
:/dev/sda1
(In the above line, the user nobody has the uid and gid of 99. This is chosen as autofs runs as root.)
Then start/restart autofs :
# chkconfig --level 345 autofs on
# service autofs restart
The USB drive will be mounted/unmounted automatically.
If you want to automount USB flashdrive without using automount:
Plugin your flash drive look a the tail end of dmesg. If there is something about the usb drive on /dev/sda1, then the following will work if you have devlabel:
$ devlabel add -d /dev/sda1 \
-s /dev/flashdrive --automount \
--perms 666
Edit /etc/fstab and add this line:
/dev/flashdrive /mnt/flashdrive \
auto noauto,noatime,user,kudzu 0 0
Next time your flashdrive is plugged in, it should be automounted at /mnt/usb.
Mounting an 8-in-1 card reader
I'd written this tip down on paper - don't remember the origin.
I recently bought an 8in1 USB card reader. It uses multiple LUNs for the different media. To get all of them registered, edit grub.conf to add the kernel parameter "max_scsi_luns=8". Also add "options scsi_mod max_scsi_luns=8" to /etc/modules.conf. Reboot so the new kernel options take effect. Afteryou plug in the USB card reader, you can use the right mouse button on the root window to get a popup menu with a submenu "drives" that contains entries like "memstick", "memstick1", "memstick2", etc. After you picked one of them, it will be mounted and a new icon appears on your desktop.
I recently bought an 8in1 USB card reader. It uses multiple LUNs for the different media. To get all of them registered, edit grub.conf to add the kernel parameter "max_scsi_luns=8". Also add "options scsi_mod max_scsi_luns=8" to /etc/modules.conf. Reboot so the new kernel options take effect. Afteryou plug in the USB card reader, you can use the right mouse button on the root window to get a popup menu with a submenu "drives" that contains entries like "memstick", "memstick1", "memstick2", etc. After you picked one of them, it will be mounted and a new icon appears on your desktop.
Subscribe to:
Posts (Atom)