Linux

Linux

Sorted By Creation Time

OpenSSH install

Contact:http://www.packetnexus.com

http://www.freeos.com/articles/2745/2/13/


Back to the Index

vi commands

Contact:http://www.packetnexus.com

Global search and replace

    :10,25s/old/new/g      Substitute "old" string with "new" in lines 10,25
    :%s/^/     /           For all lines (% is "all lines"), replace the
begining of the line with 5 blanks
    :%s/^     //           For all lines, replace 5 blanks at beginning of
line with nothing
    :50,.s/Unix/UNIX/      For lines 50 to the current line (.), replace
"Unix" with UNIX, only the first occurrence in the line
    :50,.s/Unix/UNIX/g     Same as above only do it for all occurrences of
"Unix" in the lines
JasonALewis (2:53:16 PM): what is that command for jumping to a line?
GregCDoan (2:53:28 PM): :%s/old/new/g will replace the old with the new
GregCDoan (2:53:33 PM): for all lines
GregCDoan (2:53:37 PM): :#
GregCDoan (2:53:51 PM): :+# to jump that many lines


Back to the Index

LIDS

Contact:http://www.packetnexus.com

LIDS IDS

Linux Security


Back to the Index

System Tuning

Contact:http://www.packetnexus.com

System Tuning Info for Linux Servers
This page is about optimizing and tuning Linux based systems for server
oriented tasks. Most of the info presented here I've used myself, and have
found it to be beneficial. I've tried to avoid the well tread ground
(hdparm, turning off hostname lookups in apache, etc) as that info is easy
to find elsewhere.
Disk Tuning
File system Tuning
SCSI Tuning
Network Interface Tuning
TCP Tuning
File limits
Process limits
Threads
Apache and other web servers
Samba
Openldap tuning
Sys V shm
Benchmarks
System Monitoring
Utilities
System Tuning Links
Music
TODO

File and Disk Tuning

Benchmark performance is often heavily based on disk I/O performace. So
getting as much disk I/O as possible is the real key.
Depending on the array, and the disks used, and the controller, you may want
to try software raid. It is tough to beat software raid performace on a
modern cpu with a fast disk controller.
The easiest way to configure software raid is to do it during the install.
If you use the gui installer, there is options in the disk partion screen to
create a "md" or multiple-device, linux talk for a software raid partion.
You will need to make partions on each of the drives of type "linux raid",
and then after creating all these partions, create a new partion, say "
/test", and select md as its type. Then you can select all the partions that
should be part of it, as well as the raid type. For pure performance, RAID 0
is the way to go.
Note that by default, I belive you are limited to 12 drives in a MD device,
so you may be limited to that. If the drives are fast enough, that should be
sufficent to get >100 mb/s pretty consistently.

File System Tuning

Some of the default kernel paramaters for system performance are geared more
towards workstation performance that file server/large disk io type of
operations. The most important of these is the "bdflush" value in
/proc/sys/vm/bdflush
These values are documented in detail in
/usr/src/linux/Documenation/sysctl/vm.txt.
A good set of values for this type of server is:
echo 100 5000 640 2560 150 30000 5000 1884 2 > /proc/sys/vm/bdflush
(you change these values by just echo'ing the new values to the file. This
takes effect immediately. However, it needs to be reinitilized at each
kernel boot. The simplest way to do this is to put this command into the end
of /etc/rc.d/rc.local)
Also, for pure file server applications like web and samba servers, you
probably want to disable the "atime" option on the filesystem. This disabled
updating the "atime" value for the file, which indicates that the last time
a file was accessed. Since this info isnt very useful in this situation, and
causes extra disk hits, its typically disabled. To do this, just edit
/etc/fstab and add "notime" as a mount option for the filesystem.
for example:
/dev/rd/c0d0p3          /test                    ext2    noatime        1 2
With these file system options, a good raid setup, and the bdflush values,
filesystem performace should be suffiecent.

SCSI Tuning

SCSI tuning is highly dependent on the particular scsi cards and drives in
questions. The most effective variable when it comes to SCSI card performace
is tagged command queueing.
For the Adaptec aic7xxx seriers cards (2940's, 7890's, *160's, etc) this can
be enabled with a module option like:
	aic7xx=tag_info:{{0,0,0,0,}}
This enabled the default tagged command queing on the first device, on the
first 4 scsi ids.
	options aic7xxxaic7xxx=tag_info:{{24.24.24.24.24.24}}
in /etc/conf.modules will set the TCQ depth to 24
You probably want to check the driver documentation for your particular scsi
modules for more info.

Network Interface Tuning
Most benchmar



Postfix

Contact:http://www.packetnexus.com

http://securityportal.com/closet/closet20001122.html

http://postfix.cloud9.net/docs.html


Back to the Index

linux rookery

Contact:http://www.packetnexus.com

http://www.sysadminmag.com/linux/


Back to the Index

Using SSH from *NIX to *NIX

Contact:http://www.packetnexus.com

You can also use the following:

ssh <username>@<servername>

another useful option is -v, verbose, you can see the details of the
connection.

Quick how-to for using SSH between UNIX servers, it also applies to Linux.

You will need to create a directory named .ssh in your Home directory for
this to work.

Instead of telnet app2 use the following:

ssh -l <your username> <target server>

ex.
ssh -l jlewis app2

If you have never logged into this server before, you will get the
following.

Host key not found from the list of known hosts.
Are you sure you want to continue connecting (yes/no)?

Type yes

Then you will see this message.

Host 'app2' added to the list of known hosts.

This host key is added to ~/.ssh/known_hosts

You are connected via SSH.  EASY!  This is the most basic use of SSH, the
next level is creating a key and putting it on all the servers.  We can work
towards that in the future.  I encourage everyone to modify any scripts to
use ssh instead of telnet.  It takes a couple of seconds to configure but is
seemless afterwards.

jas


Back to the Index

uptimed

Contact:http://www.packetnexus.com

Uptimed is an uptime record daemon keeping track of the highest uptimes the
system ever had. Instead of using a pid-file to keep sessions apart from
eachother it uses the boottime from /proc/stat. Uptimed comes with a console
front-end to parse the records, which can also easily be used to show your
records on your Web page.

http://capsi.cx/code-uptimed.html


Back to the Index

usrmgr

Contact:http://www.packetnexus.com

usrmgr is a shell script for adding many users at a time to the system. It
parses a textfile and executes various commands to do so, and is easily
extendible.

http://www.crosswinds.net/~abpo/


Back to the Index

Crontab

Contact:http://www.packetnexus.com

Crontab Guide
By: Vincent Hillier [email protected]

----------------------------------------------------------------------------
----

Well, one of the greatest things in the computing world has to be
automation, and by automation, I mean tasks being performed with no user
interaction. In this guide, I'll cover the basics of Crontab.

Crontab allows you to schedule commands/scripts to be run at certain times.
For example, if you have a command that needs to be run once per week, and
you always forget to do it (SHOOT! boss hates that doesn't he/she? :)) you
can keep your boss and yourself happy, by simply putting those commands in a
cron job.

Ok, well to start out I'll cover the flags that can be passed to crontab.

The flags I will use in this guide are...

-e - edit
-l - list
-d - delete

Ok, so say you want to add a crontab, that will list all processes on the
system, and email you the results every hour. You would run crontab -e (The
default cron job editor is vi, if you don't like vi, set the VISUAL
enviroment variable to your editor of choice. For ex. if you like pico you
would type...)

export VISUAL=pico

Back to adding the crontab, first thing we do is open crontab...

crontab -e

Now we add our crontab, the syntax for this is as follows...

MIN HOUR DAY MONTH DAYOFWEEK COMMAND

So if you want to report the running processes on the system every hour,
something like this would work...

0 * * * * /bin/ps aux | mail username


That would send an email with the processes listed from ps to username every
hour. Of course you would replace username with your user name.

What if you wanted to run a command on the first day of every month?
Something like this would work...

1 0 1 * * /bin/ps aux | mail username

Which would do the same as the above example, except only once per month.

What if you wanted to run a script, monday to firday, at 5pm (end of the
work day) but the script has very verbose output. NOTE: any output from a
crontab running will be sent to you via email. So we want to run this
command every week day, at 5pm, and pipe the output to /dev/null. The below
example would work...

0 17 * * mon-fri /home/vince/script >> /dev/null 2>&1

That would run /home/vince/script daily during weekdays at 5pm and send all
the output to /dev/null. If you would like the output mailed to you, you
could use |mail username or just leave it blank.

Well that wraps this guide up, I hope you can find some useful ways to have
crontab benefit you.

If you have any comments, problems, or suggestions please post them to our
forums at http://www.lansystems.com/forum/index.php (preferred) or email me
directly at [email protected]. If you email me, regarding a guide, I will
post it, and my reply to the forums. This benefits everyone, if someone has
the same question/problem as you.


Back to the Index

Linux Security Checklist

Contact:http://www.packetnexus.com

Run 'pwconv' to turn on shadow passwords.

Turn off services in inetd.conf.
   ftp     stream  tcp     nowait  root    /usr/sbin/tcpd  in.ftpd -l -a
   telnet  stream  tcp     nowait  root    /usr/sbin/tcpd  in.telnetd
   gopher  stream  tcp     nowait  root    /usr/sbin/tcpd  gn
   shell   stream  tcp     nowait  root    /usr/sbin/tcpd  in.rshd
   login   stream  tcp     nowait  root    /usr/sbin/tcpd  in.rlogind
   talk    dgram   udp     wait    root    /usr/sbin/tcpd  in.talkd
   ntalk   dgram   udp     wait    root    /usr/sbin/tcpd  in.ntalkd
   pop-2   stream  tcp     nowait  root    /usr/sbin/tcpd  ipop2d
   pop-3   stream  tcp     nowait  root    /usr/sbin/tcpd  ipop3d
   imap    stream  tcp     nowait  root    /usr/sbin/tcpd  imapd
   finger  stream  tcp     nowait  root    /usr/sbin/tcpd  in.fingerd
   time    stream  tcp     nowait  nobody  /usr/sbin/tcpd  in.timed
   time    dgram   udp     wait    nobody  /usr/sbin/tcpd  in.timed
   auth   stream  tcp     nowait    nobody    /usr/sbin/in.identd
in.identd -l - e -o

Remember to SIGHUP inetd!

Either don't run the sendmail daemon, or install the latest available with
the 'norelay' option.

Install updateme:
 rpm -i ftp://linuxserv.uga.edu/pub/unix/linux/updateme-3.5.1-1.noarch.rpm

Make sure that humans read root's mail. Change /etc/aliases and run
newaliases

Install and use ssh

Change /etc/logrotate.conf

Install and configure logcheck:
 rpm -i
ftp://linuxserv.uga.edu/pub/unix/linux/redhat/contrib/libc6/i386/logcheck-1.
1.1-1.i386.rpm

Remove /etc/issue and /etc/issue.net and change /etc/rc.d/rc.local. This
will make it harder for potential hackers to gain information about your
machine.

Configure tcpwrappers and limit connections to localhost and other trusted
domains within UGA.

If FTP is needed, install proftp and remove wu-ftp

Do not allow root logins, force users to su to root.

remove packages you don't need.

time daemon

swatch


Back to the Index

vi commands

Contact:http://www.packetnexus.com

a Append after cursor.
A Append to end of line.
v C Change the rest of current line.
cw Change the current word.
i Insert before cursor.
I Insert before first non blank line.
o Open a line below for insert
O Open a line above for insert.

:w Write the buffer to file.
:wq Write the buffer to file and quit.
:ZZ Save changes and exit.
:w Save changes and exit.

j Moves the cursor up one line.
k Moves the cursor down one line.
l Moves the cursor right one character.
h Moves the cursor left one character.

ESC
:223

/foo

/foo\ bar

0 Move to beginning of line.
$ Move to end of line. B Back up one word.
E Move forward one word.
G Move to the bottom of the buffer.
H Move to the top line on the screen.
L Move to the first non whitespace character.
M Move the cursor to the middle of the screen.
N Scan for next search match but opposite direction.
n Scan for next search match in the same direction.

:1,$s/up/right/  search and replace up with right


Back to the Index

Inserting into a document using vi

Contact:http://www.packetnexus.com

Inserting Files in a Document Using vi

When editing a document with vi, the contents of another text file can be
retrieved and inserted into the file at the cursor's position. This is done
by calling the 'r' function in the following format:
:r <file>
For example, while editing a document, after pressing escape to ensure that
vi is accepting commands, the contents of the file 'tuneup' will be inserted
at the point of the cursor by typing:
:r /home/linux.com/tuneup

the :r command can also be used in a much more powerfull way :
:r!<command>
This would insert the result of the <command> will be inserted just after
the cursor. For example, if you want to insert the name of all the file in
the current directory, you can use:
:r!ls
Or you can insert the current date and hour with:
:r!date


Back to the Index

SquidSite

Contact:http://www.packetnexus.com

http://www.geocities.com/SiliconValley/Lakes/6495/


Back to the Index

vi commands

Contact:http://www.packetnexus.com

vi - Command mode
i = input mode
esc = command mode
:se number = display line numbers
:se nonumber = don't display line numbers
:e = open file
:w = save (write) file to disk
:wq = save and quit
:q! = quit but don't save
number,command = apply command number times (e.g. 4,x = delete 4 characters)
. = repeat last effective cmd
esc,u = undo it
vi - Command mode - Moving the cursor
- = go to beginning of previous line
0 (zero) or ^ = go to beginning of this line
$ = go to end of this line
ret or + = go to beginning of next line (NOT THE SAME AS INPUT RETURN)
w = go to beginning of next word
b = go to beginning of this word
e = go to end of this word
sft-h = go to first line onscreen
sft-l = go to last line onscreen
ctrl-f = forward (down) one screen
ctrl-b = backward (up) one screen
1,sft-g = top of the buffer
sft-g = bottom of the buffer (i.e. EOF)
line,sft-g = go to line (e.g. 3,5,sft-g = line 35)
column,| = go to column (e.g. 4,| = column 4)
vi - Command mode - Deletion
deleted text is put to the general purpose buffer; use the p cmd to retrieve
it
you can also use yanks to not delete it but still put it in the GPB
basically delete = cut and yank = copy in your OS's Edit menu
x = delete this character
d,w = delete word
d,d = delete line
sft-d = delete to end of line (same as emacs ctrl-k)
y,w = yank to beginning of next word
sft-y or y,$ = yank to end of line
y,y = yank entire line
buffer"lines"y,y = yank lines number of lines into buffer buffer (a-z)
p = paste contents of general-purpose buffer
vi - Command mode - Replacement
to use replacers type the sequence and then type the string of characters to
replace with, e.g. 2,c,w,"Bored Zo" to replace from the cursor to the end of
the next word to "Bored Zo"
r = replace a single character
shift-r = replace characters from the cursor(e.g. if | is the cursor and
your text is "I AM the |Entertained Zo!" shift-r,"Bored" will give you "I AM
the Boredtained Zo!")
c,w or c,e = change from cursor to end of word
c,b = change from beginning of word to before cursor
c,$ or sft-c = change from cursor to end of line
c,c = change the ENTIRE line
:x,ys/oldstring/newstring/ = substitute newstring for oldstring from line x
to line y (if y = $ then to EOF)
~ = toggle a character's case
vi - Command mode - Searching
see section on regular expressions above
/ = search forward from cursor for a pattern
? = search backward from cursor for a pattern
n = next result
sft-n = previous result
vi - Command mode - Insertion
o = insert a blank line below this one
sft-o = ...above this one
:r file = insert file at cursor


Back to the Index

Another Paper on Linux Security

Contact:http://www.packetnexus.com

Another Paper on Linux Security

13 Aug 98
Last Update 07 Sept 98
Version Beta 0.2

Bronc Buster
[email protected]

------------------------------------------------------------------------

  Another paper on Linux Security? Why? Well most of the ones I've seen
floating around the net are never complete, only someone's tips or 
tricks on how to secure a part of it, or to tweak some daemon or process

or a quick fix to a problem. They never cover from step one, though 
going multi-user and going online with users and user processes and all 
that goes along with it. I want to cover that. I know, no matter how 
hard I try, I'll end up missing something, but I'm going to try and 
cover everything I do when I install a system and prepare it for online 
use, plus cover some free tools that I have found to be very effective. 
Now if you are totally clueless and don't have any idea about how to use

Linux, I'll save you some time and tell you now, just don't go any 
further. To get any use out of this paper, you have to be an 
intermediate user, or a new admin who is familiar with Unix as a whole. 
If you are thinking about going by this list when you are installing 
your system, READ THIS ENTIRE PAPER FIRST, then start over following it,

otherwise you may miss something you might want when you install or when

you pick a kernel.

  I'll say this now before you start. This paper is ongoing, and a
work in progress. I want to make a comprehensive paper, so I welcome all

suggestions, tips and advice on how to make this paper a better one.

------------------------------------------------------------------------
   Contents

1. Installation
2. Boot-Up
3. SUID files and the File System
4. Quotas
5. Logs
6. Access security (remote and physical)
7. Misc. Files
8. Third Party Tools
9. Conclusions


------------------------------------------------------------------------
1. Installation

  This is a step every paper I have seen has over looked. Right from
install you can manage to cut your problems by at least one-third if you
install correctly, installing only what your system needs. Think about 
it. Ask yourself what is this box going to be doing? Is it going to be 
on a LAN as a file server of some sort, or sitting on a direct Internet
Connection as a web server of some sort, or just sitting on your
desk at home running PPP? These are important questions you need to 
answer BEFORE you start your install. 

  If this system is going to be sitting on a rack as a web server, why
would you want to install X-Windows, for example. If you're not going to
use it, you'll most likely overlook it in day to day operations, and
that's something a hacker is going to look for. Along with this comes 
SUID programs, programs you might not even know exist, but programs a 
hacker will head for like a shark for blood. On the other hand, if it's 
on a LAN, where you're going to be at the console, and an X-Windows 
server is necessary, look for other components you won't need, like any 
of the PPP or SLIP components.

If you're not sure, go out and buy a book, or if you're really poor,
borrow a book. Read up on what each component does and why you need it. 
If worse comes to worse, when you are installing, read each section 
before you just go down the line and check off everything. Read the 
parts which you are unsure of and don't install what you think you don't

need. Remember that you can always go back later and add things. The 
Unix file system can be very complex and very deep, and hackers depend 
on this when they are hiding programs and backdoors. The better you 
understand what you have put 



Serial Console

Contact:http://www.packetnexus.com

The Headless Serial Console
I would like to set up a serial console. I would like to be able to
issue LILO boot commands on the serial console. Eventually, if all goes
well, I'd like the machine to be totally headless. If you could give me
a hands-on ``how to do this'', it would be great. I have already read
your ``Serial Terminal as Console'' (Issue #36, April 1997) article, but
I don't get the LILO prompt on my terminal.
--
Rick McFarland, [email protected] 
This is not a problem at all. If you run kernel 2.2 or 2.3, just
configure serial console support and read
Documentation/serial-console.txt. If you run 2.0, you must apply the
serial-console patch ()
and fall back to the previous case. To use LILO on the serial port, just
add serial=0,9600n8 or an equivalent line to the /etc/lilo.conf file. In
order to interact with LILO, you'll need to send a ``break'' character.
--
Alessandro Rubini, [email protected] 
Here are the relevant two lines from my lilo.conf file for serial port
1: 
append="panic=40 console=ttyS0,38400n8 console=tty0"
serial=0,38400n8
On my machine, I had to disable hardware flow control for minicom to
interact with the lilo prompt over the serial port.


Back to the Index

Linux Serial Console

Contact:http://www.packetnexus.com

  1                        Linux Serial Console
  2 
  3 It is possible to specify multiple devices for console output. You
can
  4 define a new kernel command line option to select which device(s) to
  5 use for console output.
  6 
  7 The format of this option is:
  8 
  9         console=device,options
 10 
 11         device:         tty0 for the foreground virtual console
 12                         ttyX for any other virtual console
 13                         ttySx for a serial port
 14 
 15         options:        depend on the driver. For the serial port
this
 16                         defines the baudrate/parity/bits of the
port,
 17                         in the format BBBBPN, where BBBB is the
speed,
 18                         P is parity (n/o/e), and N is bits. Default
is
 19                         9600n8. The maximum baudrate is 115200.
 20 
 21 You can specify multiple console= options on the kernel command
line.
 22 Output will appear on all of them. The last device will be used when
 23 you open /dev/console. So, for example:
 24 
 25         console=ttyS1,9600 console=tty0
 26 
 27 defines that opening /dev/console will get you the current
foreground
 28 virtual console, and kernel messages will appear on both the VGA
 29 console and the 2nd serial port (ttyS1 or COM2) at 9600 baud.
 30 
 31 Note that you can only define one console per device type (serial,
video).
 32 
 33 If no console device is specified, the first device found capable of
 34 acting as a system console will be used. At this time, the system
 35 first looks for a VGA card and then for a serial port. So if you
don't
 36 have a VGA card in your system the first serial port will
automatically
 37 become the console.
 38 
 39 You will need to create a new device to use /dev/console. The
official
 40 /dev/console is now character device 5,1.
 41 
 42 Here's an example that will use /dev/ttyS1 (COM2) as the console.
 43 Replace the sample values as needed.
 44 
 45 1. Create /dev/console (real console) and /dev/tty0 (master virtual
 46    console):
 47 
 48    cd /dev
 49    rm -f console tty0
 50    mknod -m 622 console c 5 1
 51    mknod -m 622 tty0 c 4 0
 52 
 53 2. LILO can also take input from a serial device. This is a very
 54    useful option. To tell LILO to use the serial port:
 55    In lilo.conf (global section): 
 56 
 57    serial  = 1,9600n8 (ttyS1, 9600 bd, no parity, 8 bits)
 58 
 59 3. Adjust to kernel flags for the new kernel,
 60    again in lilo.conf (kernel section)
 61 
 62    append = "console=ttyS1,9600" 
 63 
 64 4. Init and /etc/ioctl.save
 65 
 66    Sysvinit remembers its stty settings in a file in /etc, called
 67    `/etc/ioctl.save'. REMOVE THIS FILE before using the serial
 68    console for the first time, because otherwise init will probably
 69    set the baudrate to 38400 (baudrate of the virtual console).
 70 
 71 5. /dev/console and X
 72    Programs that want to do something with the virtual console
usually
 73    open /dev/console. If you have created the new /dev/console
device,
 74    and your console is NOT the virtual console some programs will
fail.
 75    Those are programs that want to access the VT interface, and use
 76    /dev/console instead of /dev/tty0. Some of those programs are:
 77 
 78    Xfree86, svgalib, gpm, SVGATextMode
 79 
 80    I have binary patched the above mentioned programs to use "tty0"
 81    instead of "console".  This will be reported to the maintainers
of
 82    said programs.
 83 
 84    Note that if you boot without a console= option (or with
 85    console=/dev/tty0), /dev/console is the same as /dev/tty0. In
that
 86    case everything will still 



Using IPSec for Remote Administration on Linux Firewalls

Contact:http://www.packetnexus.com

http://www.sans.org/infosecFAQ/encryption/remote_admin.htm

Using IPSec for Remote Administration on Linux Firewalls
Danny Chang
August 2, 2000

Introduction

The corporate security administration function includes among many other
daily tasks, the remote administration of firewalls or proxy servers
from a central location. The task of remotely logging on and
administrating Linux firewalls presented a problem for my organization.
We have used other firewall set-ups like CheckPoint VPN-1 and Cisco
routers configured to use VPN either as a plugin or software application
that came with the firewall or router package, but we did not have any
secured channel established to administer our Linux firewalls from the
security administration console. As we all know without a VPN or secured
channel, all traffic is not encrypted including, administrator
passwords.

Background

We experimented with different approaches to provide a cost-effective
method of remote logon activities including SSH scripting and S/WAN
IPSec implementation but due to the private network we are using for our
core business, we have chosen a simple solution provided by NIST
Cerberus IPSec and the PlutoPlus IKE software for encapsulation or
tunneling between our Linux firewalls and the security console. Also, we
are currently using IPv4 and not IPv6. [By the end of August 2000, the
Cerberus software will be made available to the public.] We have chosen
Cerberus because of its built-in user interface and web-based tester
(WIT) for interoperability testing capability. More importantly, NIST
Advanced Networking Technologies Division has provided substantial
research in IPSec, and has incorporated IPv6 standardization in the
Cerberus software. We have come to realize that VPN is the answer or
solution to our specific problem. VPN can be used with the following
types of network communications and configurations: 

Peer-to-Peer 
Client-Server 
Protected Workgroup 
Protected Enterprise 
Protected Inter-Enterprise 
VPN and Remote Access 
IPSec and Linux firewalling

Linux firewalling chains consisting of three chains, the input, output
and forward, and other user defined chains that provide different
functionality. A chain is a checklist of rules. Each rule determines how
the packets are handled either masquerade, redirect, accept, deny,
reject or return. These rules are based on the security policies
established by the security administrator. Linux uses the Ipchains built
into recent Linux kernels' distributions for firewalling. Many
commercial firewalls today support VPN functionality in their firewall
products. As a result, vendors came out with their own ways of
implementing IP encryption. I will highlight how IPSec is implemented in
general as it is applied to "Our Solution".

The starting point for implementing IPSec in firewalls is how to apply
the rules to the AH (Authentication) or the ESP (Encapsulating) header.
These packets are screened or filtered for AH or ESP based on IP
addresses. After the initial installation, the SADB database has to be
loaded. At this point there are "one-sided" Security Associations
established, then the same procedure has to be followed on all machines
(hosts/gateways). 

Implementing Cerberus for Linux

The NIST Cerberus IPSec Reference Implementation for Linux was developed
based on the current ESP and AH specifications and other RFCs and IPv6
Standards. The main components of the reference module are the Security
Association Da



SMTP bastion host

Contact:http://www.packetnexus.com

> I attempted to make a bastion host that basically runs sendmail 8.10.1 
> and sits in the DMZ of our network. It's responsibility is to accept 
> all incoming E-mails for corporate and forward it into an internal MS 
> Exchange server. This it does fine. What I also want it to do is also 
> act as a relay server to the outside world for the Exchange server. 
> [...] 


IMHO the best way to do what you want is as 
follows: 
A) make the bastion host primary MX for "internal" domains 
B) use mailertable for "internal" domains routing 
C) allow relaying from some internal IP addresses 
D) allow relaying to "internal" domains 



Additional info: 
B1) add the following line to your *.mc file 
FEATURE(`mailertable',`hash /etc/mail/mailertable)dnl 
B2) in the mailertable file add the following line 
domain1.internal esmtp:[ip-address] 
domain2.internal esmtp:[ip-address] 
B3) compile mailertable with makemap 


C) in your access file add the following line 
connect:ip-address 


D) in your access file add the following line 
to:domain1.internal 
to:domain2.internal 


OR use "non local" virtusertable 
*.mc file: 
VIRTUSER_DOMAIN_FILE(/etc/mail/virtuser_domains)dnl 
FEATURE(`virtusertable',`hash /etc/mail/virtusertable')dnl 


/etc/mail/virtuser_domains file: 
domain1.internal 


It will allow relaying to domain1.internal and it will give 
a chance to redirect some addresses in the domain to another 
internal mail server e.g. 
virtysertable file: 
[email protected] [email protected] 


-------------------- 
URL(s): 
http://www.sendmail.org/tips/relaying.html 
Allowing controlled SMTP relaying in Sendmail 8.9 


Back to the Index

Burning CD's with Linux

Contact:http://www.packetnexus.com

Learn to Burn
Mastering your CDs Under Linux

by Steve Hanson

So, at age six you dreamed of being a big, burly fireman performing daring
rescues from blazing buildings. Now you'd simply like to accomplish today's
version of Disco Inferno, a controlled burn of those MP3s to CD-Audio in
Linux. Don't despair, Sparkie! It's really not your fault that you can't get
your burning sessions completed on your Linux box. You haven't read this red
hot article yet!

Grab your oxygen mask and those blank CDs gathering dust under your desk and
get ready to rescue your reputation as a computer whiz which, until this
issue of Maximum Linux, had been lying in the ashes. We'll teach you the ins
and outs of burning CDs under Linux, and soon you'll be able to satisfy all
those burning desires. Tell your gals and pals you can now burn them copies
of Britney Spears' latest release. Don't forget to stock up on Tums and get
ready to burn, baby, burn!


The Linux Advantge
Although installing and configuring Linux gets easier all the time, some
hardware items continue to be a bother. Burning CDs is one thing that people
really want to do with their computers, but getting this to work under Linux
is still problematic. With Linux, it can be easy to make CDs reliably from
audio, data, and MP3s. Most of the common distributions include some sort of
low-level software for this purpose, however, many are difficult to
configure and use. We're going to explore why CD burners can cause problems
and how you can make your CD-R drive work efficiently with Linux.

Linux does have some advantages over Windows when it comes to mastering and
burning CDs. For starters, there is that large range of software for CD
burning we mentioned, and, of course, most of it is free. Linux also tends
to be considerably more stable than Windows. Our old Memorex CD-RW drive
barely works with Windows, and creates a fair number of coasters. Under
Linux, it is much more reliable, and we never seem to get buffer underruns.
Linux can feed data more reliably to the drive because it is a
higher-performance OS, and CD-burning programs can set their priorities high
enough so that you can actually do a fair amount of work on the computer
while simultaneously burning CDs. Keep in mind that, like anything else,
there's no such thing as a free lunch, and getting your burner to work in
Linux may require rolling up your sleeves, cracking your knuckles, and
getting downright physical with your equipment.

She's Got Issues
There are a few issues in play when it comes to burning CDs--whether it's in
Windows or in Linux. The biggest stumbling block is that the most
inexpensive CD-R drives on PC systems use the IDE interface to connect to
the computer. The original IDE standard was intended to work with normal
hard drives, and was later extended with ATAPI extensions, which allowed the
use of tape and CD-ROM drives on IDE interfaces. The ATAPI extensions can
either be accessed through a direct IDE programming interface or through a
more flexible set of interfaces that makes the drive appear to be a SCSI
device. Under Linux, CD-R-burning software treats IDE-based CD-R drives as
SCSI devices, so systems with IDE are more of a challenge. The workaround
(in Linux and Windows) is done by fooling the operating system into thinking
the IDE drive is really a SCSI drive. This is generally accomplished by
emulation software. If you're doing this on a Windows machine, no sweat--the
installation of Windows-based CD-burner software usually includes special
drivers to perform the SCSI emulation.

Under Linux, however, things aren't as rosy. Until the day comes when your
new CD burner is packaged with 



Lesson Three

Contact:http://www.packetnexus.com

Lesson Three: CGI Applications

One of the coolest uses of Perl is for CGI Applications on Web sites.
Typically, HTML is static. You write up the HTML file, you put it on your
Web server, and people download it and look at it. Well, wouldn't it be nice
if that little HTML file had some dynamic element to it, such as "today's
date"? Well, never fear, we're going to do just that!

Because this is Maximum Linux, and just about every Linux machine in
existence has the Apache Web Server on it, we're going to assume that you
have Apache set up and executable files ending in ".cgi" are run as CGI
programs. Consider the following code (although, this time, save it as
"sample.cgi" and place it where you can get to it via the Web).

#!/usr/bin/perl
print "Content-type: text/html\n\n";

$time = localtime ( time );
print "Today: $time\n";

In this script, we print a legal CGI header (Content-type: text/html\n\n)
and then call localtime ( time ) in a scalar context. (That is to say, we
call localtime as if it were a variable.) Next we simply print the string
"Today:"and then whatever localtime gave us. Some sample output of this
program might look like this:

Content-type: text/html

Today: Fri Apr 28 02:26:37 2000

Notice the \n\n after the Content-type line. This is very important, as it
signifies the end of the HTML header and the beginning of the content. When
the Web browser renders this, it won't render Content-type�just Today: Fri
Apr 28 02:26:37 2000.

Let's make a completely server-generated page that parses an HTML file and
inserts the date wherever it sees ##date. If we have some HTML in a file
called sample.inc that looks like this:


Welcome:##date

  Today's date is ##date.



Resource Central from MaximumLinux.com

Contact:http://www.packetnexus.com

The Linux HOWTO Index
The HOWTO index includes more than 100 detailed documents covering a wide
variety of Linux-related topics. Everything you could possibly imagine is
included, ranging from graphic-card-specific questions to getting Linux
running on a Palm PDA.
www.metalab.unc.edu/mdw/HOWTO

The GNU Project Free Software Foundation
www.gnu.org/philosophy/free-sw.html


Kernel Sources
Want to download the kernel? Here are a few good places to visit:
www.kernel.org
www.sunsite.unc.edu/linux


The Linux Documentation Project
The LDP's overall goal is collaboration with regard to Linux documentation
issues, including online documentation and printed manuals covering topics
such as installing, using, and running Linux. Check it out at:
http://metalab.unc.edu/LDP/

X Marks The Spot
The web is replete with resources on X, Window Manager, KDE, and GNOME. Here
are a few good ones:
www.x11.org
www.xfree86.org
www.gnome.org
www.kde.org
www.plig.org/xwinman
www.enlightenment.org
www.windowmaker.org
ftp://mitac11.uia.ac.be/
html-test/fvwm95.html
http://fvwm.math.uh.edu/


Window Managers for X
www.plig.org/xwinman

KDE Themes
www.themes.org

Linux Post Office
For e-mail filtering, procmail is unrivaled. Not only does it do the
standard sorting and deleting of incoming messages, but it can also be
instructed to run external scripts. One invaluable "recipe" (as they're
called) automatically sends e-mail from a list of specified addresses to an
alpha-numeric pager. Want to control the appliances or lights in your house
via e-mail commands sent to X-10 modules? Try it out at: www.procmail.org

The Lion King's Other Brother
To transfer files across an Intranet, check out samba. It's a bit tricky to
set up, but is much more flexible and transparent to use than ftp. In a
nutshell, it allows Microsoft, Macintosh, and Unix-based file systems to
coexist peacefully in a heterogeneous environment. Directories can be shared
out on Linux so that Win98 can mount them as it would any other Microsoft
shared directory -- complete with user and password mapping. Visit:
www.samba.org

Helpful Reminder
Remind can be a life-saver, doing just what it sounds like it would do:
reminding you of important dates. Never again will you grovel for
forgiveness because you missed your significant other's birthday or
anniversary, or forgot to pay a bill. Download it at:
ftp.doe.carleton.ca/pub/remind-3.0


Other Utilities
www.courtesan.com/sudo
www.webnix.com/CLE/cdrom/powertools/safedelete.html
www.apache.org
www.x10.org
www.replay.com

Linux Vendors
Red Hat:
www.redhat.com
Caldera:
www.calderasystems.com
TurboLinux:
www.turbolinux.com
Slackware:
www.slackware.com
Debian:
www.debian.com
SuSE:
www.suse.com
Corel Linux:
www.corel.com

Game Companies
Loki Entertainment:
www.lokigames.com
id Software:
www.idsoftware.com

Red Hat-Specific Device Configuration Tips
www.redhat.com/support/docs/tips/Network-Config-Tips/Network-Config-Tips.htm
l

diald Setup Tips
http://www.redhat.com/mirrors/LDP/HOWTO/Diald-HOWTO.html


Back to the Index

Command line

Contact:http://www.packetnexus.com

Taking Command of Your Linux Box
Understanding the Command-Line Interface

By Woody Hughes

If you're new to Linux, then you'll know what we're talking about when we
say the "little OS that could" has a pretty serious learning curve. It's bad
enough when you encounter installation routines trickier than Dick Nixon
himself, but navigating around Linux also involves the wacky world of a
command-line interface. If you're used to DOS, then Linux's command-line fun
will seem old hat. Windows fans however, may find the going no more fun than
an emergency appendectomy. That's where Maximum Linux comes in. We know
you're probably used to Windows, so we thought we'd write a little somethin'
to whet your typin' fingers, in the form of a nice DOS to Linux command
guide. Bolt down that keyboard and break out the Mountain Dew, because we're
taking a little adventure into the Linux command-line world!

When you turn the page, you'll find the ultimate resource for the Linux
beginner: A table neatly listing Linux command-line functions which closely
match those of their Windows, er, DOS, counterparts. And when you start to
get stuck and you're feeling kind of low, just rip the next couple of pages
out, and tape them to your forehead. You'll be glad you did.



NOTE: everything you see here is case sensitive!

WINDOWS/DOS  LINUX
CD�Changes directories.
Usage: cd windows\system cd�Changes directories.
Usage: cd /root/mydirectory
CLS�Clears screen.
Usage: cls clear�Clears screen.
Usage: clear
COPY�Copies one or more files to a destination you specify.
Usage: copy c:\foo.txt c:\windows\foo.cfg cp�Copies directories or files to
a destination you specify.
Usage: cp /root/foo.txt /foo.txt
cp -r (recursive)
DEFRAG�Optimizes disk performance by reorganizing the files on the disk.
Usage: defrag c:
Note: In Windows you would simply select this command in the Systems Tools
folder in your Start Menu. Linux, as a whole, does not have a defrag utility
like its Windows counterpart. Linux does, however, have a few commands that
will assist in debugging and/or repairing a system.
fsck�Checks and repairs the operating system. Generally used when the system
hasn't been properly unmounted during shutdown or reboot.
debugfs�A system debugger. Generally used to examine and change the ext2
filesystem of Linux.
DEL�Deletes files you specify.
Usage: del c:\windows\test.txt rm�Deletes directories and files.
Usage: rm foo.txt
DELTREE�Deletes a directory and its files and subdirectories.
Usage: deltree c:\temp rm�Deletes directories and files. Usage: rm -rf
/root/test
Say What? -rf = Forcibly deletes all subdirectories in a directory.
DIR�Displays the contents of a directory.
Usage: dir ls�Displays the contents of a directory.
Usage: ls /
ls -l /root
Say What? -l = Displays everything in long format
DISKCOPY�Copies the entire contents of one floppy disk to another floppy
disk. It writes over the existing contents of the destination disk as it
copies the new information onto it.
Usage: diskcopy a: a: dd - Copies files and coverts and formats them
according to options given.
Usage: dd if=/floppyimage of=/dev/fd0
ECHO�Displays text as standard output. Also used to "paste" a string within
a file while rewriting the file contents with that string.
Usage: echo My cat is big
echo Kitty > foo.txt echo�Acts the same as Windows in that it displays text
as standard output.
Usage: echo pot pie > /usr/bin/pie
EDIT�Executes the MS-DOS text editor.
Usage: edit foo.txt Linux has 2 common editors that most people use: vi and
pico. They all have the same functionality as most other text editors, but
vi is a little more advanced. Vi is also the oldest of the two.
vi�Unix text editor
pico�Linux text editor



Ask the penguin

Contact:http://www.packetnexus.com

Fscking Madness
About once a month, no matter what distribution of Linux I use, upon bootup
it checks the filesystem and fails. It then asks me to give the root
password for maintenance, and then when I try to run FSCK manually, it just
says "parallelizing FSCK version XX.XX" and does nothing. What can I do
besides re-installing my Linux system each time? -Calvin Robertson

The Penguin responds: The Penguin would seriously question the integrity of
your hard disk drive. Since you haven't included information regarding
whether you have an IDE or SCSI, it's really hard to diagnose a problem such
as this. However, just to be safe, we would recommend having a Systems
Technician take a look at your PC in order to diagnose a possible hard disk
issue--preferably a technician who is certified to work on your respective
system.




----------------------------------------------------------------------------
----

Beginning The Journey
I am currently running an X client on my Irix5.3-based SGI machine. Can I
install one of the many other themes offered by www.themes.org or
www.enlightnement.org? As a newbie to the UNIX environment, I know I learn
best by example. I am wondering if you have run across any books that are
more like tutorials than dictionaries? I am imagining a book that is built
around the idea of "Lesson Plans"--where each lesson is built upon the
previously learned lesson. Have you run into such a book that takes a newbie
from ground zero and makes the newbie someone to be able to set up and run
his own complete machine (and by complete I mean settin up TCP, FTP, APOP,
SMTP, HTTP, and other services)? Also, I have access to other flavors of
Linux: Caldera, Red Hat, Debian, and MkLinux. I have had no success with
some of them, while others have been successful. My question is: If I
download a file to install on one of these platforms, does it have to be
written for that flavor of Linux? � T.J. Wise

The Penguin responds: Ok, we'll start with your first question. Since you've
mentioned that it is an Irix5.3machine, it is highly doubtful that
Enlightenment has a precompiled binary for your particular system. However,
you could always download the source and compile it for your platform.
Themes will work, once you have a working version of Enlightenment running.
Regarding particular books to buy, we would recommend the Sams Publishing
line of books, such as Red Hat Unleashed, Samba Unleashed and many others.
The answer to your third question is relatively easy in that most software
that you buy will include support for practically any version of Linux that
you use. Some software will actually include support for the latest kernel,
with most requiring at least a Linux system with kernel 2.0 installed. All
newer distributions of Linux contain the 2.2.x series of kernels.




----------------------------------------------------------------------------
----


Winmodem Madness
I did it! I finally installed Linux! I installed Mandrake simply because I
heard it was easy to use (which it is) and it has a built- in partition
resizer. I have it installed and I'm slowly figuring out the GUI and the
commands. There is, however, one problem--my modem doesn't work and is not
detected. I have a Motorola SM56 PCI speakerphone modem on com3. Any
ideas? �Joel Citron

The Penguin responds: The Penguin happened to run over to Motorola and the
answer doesn't look good. Unfortunately, the SM56 is a dreaded Winmodem.
Some, and we do mean, SOME modem manufacturers have made drivers for their
respective winmodems. But we couldn't find anything on the SM56, other than
its support for Windows. Do yourself a favor--go out and buy a non-Winmodem.
Besides, Winm



Mastering Perl: Part One

Contact:http://www.packetnexus.com

Mastering Perl: Part One
In Love, Anything is Possible. For Everything else, there is Perl

By Anders Brownworth


Okay, eveyone. Pay attention. A most intensive, and intensely interesting,
class is about to begin.

Perl may stand for "practical extraction and report language," but trust
us�it definitely is not as boring as that sounds! In fact, Perl has actually
become the de facto standard glue language for UNIX. You might as well get
used to saying, "Oh, that can be done with Perl," because that's usually the
case! About its only downside is its speed or, more accurately, its lack
thereof. Sure, working in Perl can be a tad slow, but for the overwhelming
majority of tasks Perl is used for, it's more than fast enough. In short, it
rocks!

Of course, the real problem is, "How does one get over the learning curve?"
This, oddly enough, is both Perl's chief strength and its chief weakness. As
you learn the Perl ropes, you'll soon discover that Perl is extremely
concise and features many simple ways to do fairly complicated things. In
other words, it's handy but cryptic. Stick with it, do your homework
diligently, and you'll be as happy as the proverbial clam.

Our own resident Linux stud and this month's professor, Anders Brownworth,
is back again for your reading pleasure, and he's going to take you through
several example scripts to get you up to speed. Make sure you're sitting in
front of your favorite Linux machine, and try each and every one of the
examples he provides. Because Anders won't be able to take you personally in
all the directions you might want to go, you should familiarize yourself
with the Perl interpreter, too.

Now, Let's get started!


Lesson One: Sample scripts

Perl is an interpreted language. This means that you make little text files
and "execute" them by sending them through the Perl interpreter. Break out
your favorite text editor (such as emacs) and create a file called
"sample.pl" and enter the following program.

(Note: I usually use the extension ".pl" to denote perl scripts, but you can
use whatever you want.)

#!/usr/bin/perl

print "World domination, one line of perl at a time.\n";

Now make that file "executable" and run it by typing its name.

eyore:~> chmod +x sample.pl
eyore:~> sample.pl
World domination, one line of perl at a time.
eyore:~>

(Note: If execution fails with a "command not found," then your default path
may not include the current directory. Execute the program like this:
"./sample.pl" or check whether Perl lives in /usr/bin/perl or somewhere
else.)

When you "run" this script, the shell takes notice that sample.pl is an
executable text file, so it reads it to process the contents as if they were
shell commands. All modern shells will notice that the file starts with "#!"
so they give up trying to interpret it and launch the named program, sending
the rest of the file to it as input. In our case, they launch /usr/bin/perl
and send our script (all of one line) to it for execution. That's the first
line of sample.pl.

The script is just a simple print statement that just does exactly what you
would expect: It prints whatever you type between the quotes.

Don't forget: Perl statements end in a semicolon ";". Many times, syntax
errors crop up because you didn't put a semicolon somewhere.

Don't forget: What is the "\n" all about? "back n" stands for the special
character "newline," or the same thing as hitting the enter key.

Sniglet: Line endings The standard UNIX line ending is a "newline" character
( \n ), but DOS and Windows terminate lines with the two characters "newline
linefeed" ( \r\n ). This really won't matter to you until you need to start
reading



Lesson Two: Regular Expressions

Contact:http://www.packetnexus.com

Lesson Two: Regular Expressions

One of the coolest things in Perl is regular expressions. Essentially, this
is a very sophisticated way to search through a variable and find a match.
While regular expressions may look cryptic, it doesn't take long to start
understanding them. Check this out:

#!/usr/bin/perl

$line = "Love is blindness, I don't want to see";

print "blind is in the phrase\n" if ( $line =~ /blind/ );
print "love isn't in the phrase\n" unless ( $line =~ /love/ );
print "ignoring case, love is in the phrase\n" if ( $line =~ /love/i
);

You'll want to run the above example to understand exactly what is going on
here. First, we establish a variable with a phrase in it. Next, we print
"blind is in the phrase" only if $line contains the string "blind," which of
course it does. But in the next line, "love" is not in the phrase because
"love" and "Love" are different strings. Notice the use of "unless" which
does the opposite of an "if" in this case. In the last line, we add case
insensitivity to the match and, hence, get a match.

We can also selectively replace things in a variable:

#!/usr/bin/perl

$line = "Love is blindness, I don't want to see";

$line =~ s/want to/wanna/;
print "$line\n";

In this case, we are changing "want to" to "wanna." Preceding the regular
expression with an "s" swaps the first instance of "want to" with what's on
the other side of the replace, which is the word "wanna."

What would happen if we had another occurrence of the string "want to" in
our sample? In that case, it wouldn't have been replaced unless we added a
"g" to the end of the replace statement. For instance, the output of the
following line:

$line =~ s/s/z/g;

which replaces all "s" characters with "z" characters, looks like this:
Love iz blindnezz, I don't want to zee

How about a more practical example? Let's say that you have a whole pile of
MP3 files in a directory, and you want to get rid of the spaces in the
names.

#!/usr/bin/perl

@files = qx {ls *.mp3};

foreach $original ( @files ) {
  chomp $original;
  $modified = $original;
  $modified =~ s/ /_/g;
  print "renaming '$original' to '$modified'\n";
  qx {mv '$original' '$modified'};
}

First, we create an array of all the files ending in .mp3 with the line
@files = qx {ls *.mp3}; qx executes everything between the { and } marks as
a system command and sends each line of the results to @files. Then we do a
foreach loop through all the elements in @files. Let's say that the first
element of the array is "love is blindness.mp3\n". In the first iteration of
the loop, the string $original is set to "love is blindness.mp3\n" and then
a chomp operation is done on the string, killing the \n. Then $modified is
set to the contents of $original and has all its spaces replaced with
underscores (s/ /_/g). Next we print what we are going to do and then
execute a move command with the qx line. Because we are inside a foreach
loop, the process will repeat until all the mp3 files are renamed with
underscores for spaces. Voila!

What happens if we have a bunch of illegal characters such as ( and ) in an
mp3 name, and we want to convert those to underscores? With regular
expressions come a whole slew of characters with special meanings. Here are
a few:

\w - Word character
\W - Non-word character
\t - Tab character
\d - A digit (0-9)
\D - A non-digit

So if we do this:

#!/usr/bin/per
l
@files = qx {ls *.mp3};

foreach $original ( @files ) {
  chomp $original;
  $modified = $original;
  $modified =~ s/.mp3//;
  $modified =~ s/\W/_/g;
  print "renaming '$original' to $modified.mp3'\n";
  qx {mv '$original' '$modified.mp3'};
}

Note that we use



Lesson two part 2

Contact:http://www.packetnexus.com

Subroutines:

As soon as you start doing things more than once in any computer language,
it's usually a good idea to create a subroutine to take care of these
things. Let's say that you are reading numbers in and computing the square
of each number. It would be handy to have a subroutine to take care of that,
so consider the following example:

#!/usr/bin/perl

print "enter a list of numbers. (control-c to quit)\n";

while (<>) {
  chomp;
  $result = square ( $_ );
  print "the square of $_ is $result.\n";
}

sub square {
  my ( $number ) = @_;
  $number = $number * $number;
  return ( $number );
}

Whoa there! What happened to all the variable names? Well, in Perl there is
a default variable (referred to as $_) that is implied wherever there would
normally be a variable. Standard input from the keyboard is also implied
when we do the while (<>) statement. In this case, what we are actually
saying is something like this: while ( $_ = ) meaning that we are setting
the default variable to whatever is typed in, one line at a time.

The next line sets the variable $result to be equal to the output of the
subroutine square ( ). We are sending $_, or whatever the user typed in, to
the subroutine square ( ) as a parameter. With luck, square ( ) will return
the square of $_, so in the next line we print out the result.

The subroutine is defined at the bottom. In fact, it doesn't matter where
you define a subroutine! Let's take a look at the first line in the
subroutine "my ( $number ) = @_;" The special array variable @_ holds an
array of the parameters that were sent to this subroutine. Because it is an
array, we have to list our variables in an array form, which is why we have
parentheses around $number. But, because we may have used the variable
$number somewhere else in this script, we want to confine the scope of
$number to just this subroutine, so we don't clobber whatever values may
already have been in there (that's what the "my" does). Next, we compute the
square of $number, and lastly we return the result. Now we have a routine,
that we can call over and over with different values, that computes the
square.


Back to the Index

Lesson one part 2

Contact:http://www.packetnexus.com

What about a loop?

#!/usr/bin/perl

$maximum = 10;
$number = 1;
while ( $number <= $maximum ) {
  print "$number\n";
  $number++;
}

Here we are setting $maximum and $number and saying "while the number is
less than or equal to the maximum, run everything between the { and the }."
We increment $number with the perl-ism "++" or, in other words, add one to
$number. The opposite of that would be "� " meaning subtract one from the
variable.

We can also construct arrays (lists) of items and pick things from them.

#!/usr/bin/perl

@days = ( "Sunday," "Monday," "Tuesday," "Wednesday," "Thursday," "Friday."
"Saturday" );

$total_days = @days;
print "There are $total_days days in the week.\n";
print "The first day of the week is @days[0].\n";
print "The last day of the week is @days[$total_days - 1].\n";

@time = localtime(time);
print "Today is @days[@time[6]].\n";

What's that, class? You're confused? Let me explain. A few things are
happening here. First, we are making an array called @days with all the days
of the week in it. We can call any particular day by referencing it by
number, but arrays are numbered starting from 0, so @days[1] is "Monday."

@days is an array, but when we call it like a variable ($total_days =
@days), it returns the total number of elements in that array. In this case,
that would be 7. But don't forget that the last element of the array @days
is 6, not 7, because the array is numbered from 0. So, in order to get the
last element of the array, we call it like this: @days[$total_ days � 1].

Next we are using a handy Perl function called localtime which returns an
array representing the current date and time. It just so happens that array
element 6 is the day of the week on a 0 � 6 scale, so we can convert that to
the long form by calling the @time[6]'th element of the @days array:
@days[@time[6]].

Tip: The function localtime exposes a number of items which are covered in
the manual page. In short, you can use them like this:

($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
To read up on localtime and many other functions, type:
perldoc perlfunc


Back to the Index

Creating a swap file

Home: www.packetnexus.com

How To Add A Swap File

First you need to set aside a chunk of your hard drive to use as the swap
file. You must also decide on a name for the file. Generally /swap is pretty
descriptive. You must issue the dd command:

dd if=/dev/zero of=/opt/swap bs=1024 count=1024000

The if=/dev/zero parameter writes data from a special device file called
/dev/zero. The of=/swap is the name of the swap file. You do not need to
create the file beforehand. The other two parameters tell dd how much space
you want for the swap file. The bs parameter tells dd the block size of each
"chunk" in bytes in our case we used 1024 or 1K chunks. The final parameter
tells how many of these "chunks" we want reserved. Since we chose 10240 that
is a total of 10Mb of swap space.

We are not done yet. We have to tell Linux about our new swap file and turn
swapping on. Issue the following command to turn the new /swap file into a
real swap file.

mkswap -c /opt/swap 1024000

This is fairly explanatory, tell mkswap the filename and the size.  Now
issue
the sync command:

sync

Finally we turn on swapping.

swapon /opt/swap

There, finished, it wasnt that hard was it?  To see if your new swap file is
in action issue the free command:

free

This will list your swap space and you should have 1023Mb more than before.

Your new swap file is only temporary, it will disappear next time you
reboot.  If
you want it to be permanant then you must edit your /etc/fstab file and
add the swap file to it.  Its not as good as a whole partition, but a bit
easier
to add.

Add this to /etc/fstab

/opt/swap               swap                    swap    defaults        0 0

Do the following the set the rights on the file.

chmod 755 /opt/swap


Back to the Index

redhat kernel upgrade

Home: www.packetnexus.com

#install the Kernel RPM 

rpm -ivh kernel-X.X.XX-X.i386.rpm

#make the initial RAM disk 

mkinitrd /boot/initrd-X.X.XX.img X.X.XX-X

#edit LILO.conf to find the new kernel images

image=/boot/vmlinuz-X.X.XX-X
      label=linux-test
      root= read-only

#run the lilo command to write these changes to the boot sector LILO is installed on

lilo -v


Back to the Index