Configure network:

# grml-network

Tags: configuration, network

Deactivate error correction of zsh:

% NOCOR=1 zsh

Run zsh-help for more information regarding zsh.

Tags: zsh, configuration

Disable automatic setting of title in GNU screen:

% NOPRECMD=1 zsh

Set it manually e.g. via:

% screen -X title foobar

Run zsh-help for more information regarding zsh.

Tags: zsh, configuration

Do not use menu completion in zsh:

% NOMENU=1 zsh

Run zsh-help for more information regarding zsh.

Tags: zsh, configuration

Run GNU screen with grml-configuration:

% grml-screen

or

% screen -c /etc/grml/screenrc

Tags: screen, configuration

Print out grml-version:

% grml-version

Tags: grml

Configure mutt:

% grml-mutt

Tags: mutt

Use encrypted files / partitions:

# grml-crypt <options>

Usage example:

Initialize:

# grml-crypt format /mnt/external1/encrypted_file /mnt/test

# cp big_file /mnt/test

# grml-crypt stop /mnt/test

Use:

# grml-crypt start /mnt/external1/encrypted_file /mnt/test

# grml-crypt stop /mnt/test

See: man grml-crypt

Tags: crypto, grml-crypt, dmcrypt, luks

Change resolution of X:

% xrandr -s '1024x768'

Tags: x11, xorg, resolution

Change resolution of framebuffer:

# fbset 800x600-60

Tags: resolution

Configure newsreader slrn:

% grml-slrn

Tags: slrn

Configure grml system:

# grml-config

Or directly run scripts:

# grml-config-root

% grml-config-user

Tags: grml, configuration

Lock screen (X / console):

% grml-lock

Press ctrl-alt-x to lock a GNU screen session.

Tags: grml, lock, grml-lock, screen

Change wallpaper in X:

% grml-wallpaper <press-tab>

Tags: grml, wallpaper

Start X window system (XFree86 / Xorg / X.org):

% grml-x $WINDOWMANAGER

Usage examples:

% grml-x fluxbox

% grml-x -mode '1024x768' fluxbox

% grml-x -nosync

Tags: grml-x, x11, xorg, graphic

Collect hardware information:

% grml-hwinfo

or run as root to collect some more information:

# grml-hwinfo

will generate a file named info.tar.bz2.

Tags: grml, hardware, hwinfo, collect

Configure hardware detection features of harddisk installation:

# grml-autoconfig

or manually edit /etc/grml/autoconfig[.small]

See: man grml-autoconfig

Tags: grml, installation, configuration

Bootoptions / cheatcodes / bootparams for booting grml:

On the grml-ISO if not running grml:

% less /cdrom/GRML/grml-cheatcodes.txt

When running grml:

% most /usr/share/doc/grml-docs/grml-cheatcodes.txt.gz

Tags: grml, cheatcodes, boot, bootoptions, bootparam

Report bugs to Debian's Bug Tracking System (BTS):

% reportbug --bts debian

or adjust /etc/reportbug.conf to your needs.

See:

  http://grml.org/bugs/

  http://www.debian.org/Bugs/

Tags: bug, reportbug, bts, debian

Offline documentation:

% grml-info

Online documentation:

  http://grml.org/faq/

  http://grml.org/docs/

  http://wiki.grml.org/doku.php

Tags: info, grml, grml-info, documentation

Mount NTFS partition (read-write):

# mount.ntfs-3g /dev/sda1 /mnt/sda1

Tags: ntfs, mount

Overwrite specific file on an NTFS partition:

ntfscp /dev/hda1 /tmp/file_source path/to/file_target

Resize an NTFS partition:

# ntfsresize ..

Usage example:

ntfsresize -n -s 10G /dev/hda1 # testcase

ntfsresize -s 10G /dev/hda1    # testing was successfull, now really resize partition

cfdisk /dev/hda   # delete partition hda1, create new one with 10000MB and fs-type 07 (NTFS)

Tags: ntfs, resize, ntfsresize

Modify resolution for intel graphic chipsets:

# 915resolution ..

Usage example:

# 915resolution 4d 1400 1050

Connect bluetooth mouse:

# bt-hid start

... and press 'connect' button on your bluetooth device.

Connect bluetooth headset:

# bt-audio start

... and press 'connect' button on your bluetooth device.

Secure delete file / directory / partition:

# wipe -kq /dev/hda1

See: man wipe

Also take a look at shred(1), sfill(1) and http://dban.sourceforge.net/

Tags: delete, secure, wipe, shred

Development information regarding grml:

  http://blog.grml.org/

Tags: blog, grml, developmnet

Contact Grml team:

#grml on irc.freenode.org - http://grml.org/irc/

http://grml.org/contact/

Tags: contact, irc, freenode, email

Join the grml mailinglist:

http://grml.org/mailinglist/

Tags: grml, mailinglist

Help us - donate!

http://grml.org/donations/

Tags: grml, donation

Commercial support / system administration / adjusted live-cds:

grml-solutions: http://grml.org/solutions/

Tags: grml, commercial, customize

Information regarding the kernel provided by grml:

  http://grml.org/kernel/

Tags: documentation, grml, kernel

SMTP command-line test tool:

% swaks <options>

Usage example:

% swaks -s $MAILSERVER -tlsc -a -au $ACCOUNT -ap $PASSWORD -f $MAILADRESSE -t $MAILADRESSE

See: man swaks

Tags: swak, smtp, test

NTFS related packages:

scrounge-ntfs

salvage-ntfs

ntfsprogs

Tags: utils, ntfs

Modify service through init script:

# Start ssh

# Stop samba

# Restart apache

# Reload postfix

# service gpm start

# /etc/init.d/lvm start

Tags: init, script, start, stop

Test joystick:

# jstest /dev/input/js0

Play movie:

% mplayer /path/to/movie

Tags: movie, mplayer

Use webcam with mplayer:

% mplayer tv:// -tv driver=v4l:width=352:height=288:outfmt=yv12:device=/dev/video0

Tags: webcam, mplayer

Powerful network discovery tool:

# scapy

Tags: network, python, tool

Grab an entire CD and compress it to Ogg/Vorbis,

MP3, FLAC, Ogg/Speex and/or MPP/MP+(Musepack) format:

% abcde

Tags: rip, abcde, mp3, transcode, audio

Show a console session in several terminals:

% gems

Switch behaviour of caps lock key:

% caps-ctrl

grep with Perl-compatible regular expressions:

% pcregrep

ncp: a fast file copy tool for LANs

Local (send file):

% npush file_to_copy

Remote (receive file):

% npoll

Tags: copy, file, network

utility for sorting records in complex ways:

% msort

a smaller, cheaper, faster SED implementation:

% minised

zsh tips:

% man zsh-lovers

See: http://grml.org/zsh/

zsh reference card for grml system:

http://grml.org/zsh/

/usr/share/doc/grml-docs/zsh/grml-zsh-refcard.pdf.gz

Multiple rename:

% for i in foo* ; do mv "$i" "bar${i/foo}" ; done

% qmv foo*

% prename 's/foo/bar/' foo*

% mmv "foo*"   "bar#1"

% zmv 'foo(*)' 'bar$1'

Test TFT / LCD display:

% lcdtest

Test sound:

% soundtest

Improved grep version:

% glark

Grep with highlighting:

% grep --color=auto ...

% hgrep ...

Tags: grep, color, highlight

Extract matches when grepping:

Usage examples:

% ifconfig | grepc 'inet addr:(.*?)\s'

% ifconfig | glark --extract-matches 'inet addr:(.*?)\s'

Output text as sound:

% say 'ghroummel'

% xsay            # when running X and text selected via mouse

Get information on movie files:

% tcprobe -i file.avi

Get an overview of your image files:

% convert 'vid:*.jpg' thumbnails.jpg

List all standard defines:

% gcc -dM -E - < /dev/null

Send a mail as reminder:

echo "mail -s 'check TODO-list' $MAILADDRESS < /dev/null" | at 23:42

ncurses-based presentation tool:

% tpp

See: man tpp and /usr/share/doc/tpp/examples/

Use ICQ / Jabber / Yahoo! / AIM / MSN /... on command line:

% centericq

Use IRC on command line:

% irssi

Diff / merge files:

% vimdiff file1 file2

Re-diffing:

:diffupdate

Moving between diffs:

[c

]c

Synchronizing:

:diffget

:diffput

Hardware monitoring without kernel dependencies:

% mbmon

Install grml-iso to usb-stick:

% grml2usb grml.iso /mount/point

Tags: usbpen, usbstick, installation, grml2usb

Use mplayer on framebuffer console:

% mplayer -vo fbdev ...

Use links2 on framebuffer console:

% links2 -driver fb ...

Switch language / keyboard:

* use the bootparam lang to set language environment ($LANG, $LC_ALL, $LANGUAGE)

* use the bootparams keyboard / xkeyboard to activate specific keyboard layout

  Usage example: 'grml lang=us keyboard=de xkeyboard=de'

Or run one of the following commands:

% grml-lang de

or

# loadkeys i386/qwertz/de-latin1-nodeadkeys.kmap.gz # console

% setxkbmap de                                      # X11

Tags: language, keyboard, configuration

Switch setting of caps-control key (switch between ctrl + shift) on keyboard:

# caps-ctrl

Mount usb device / usb stick:

% mount /mnt/external1   # corresponds to /dev/sda1

or

% mount /mnt/external    # corresponds to /dev/sda

Install Sun Java packages:

Download j2re.bin-file from http://java.sun.com/downloads/index.html and run

# apt-get install java-package

# fakeroot make-jpkg j2re-*.bin

# dpkg -i sun-j2re*.deb

# update-alternatives --config java

Improved dd version:

ddrescue is an improved version of dd which tries to read and

if it fails it will go on with the next sectors, where tools

like dd will fail.

% ddrescue ...

See: man ddrescue

How to make an audio file (e.g. Musepack format) out of a DVD track:

% mkfifo /tmp/fifo.wav

% mppenc /tmp/fifo.wav track06.mpc &

% mplayer -vo null -vc null -ao pcm:fast:file=/tmp/fifo.wav -dvd-device /dev/dvd dvd://1 -chapter 6-6

Adjust the mppenc line with the encoder you would like to use,

for example 'oggenc -o track06.ogg /tmp/fifo.wav' for ogg files.

Alternative:

% mplayer -vo null -dumpaudio -dumpfile track06.raw -aid N -dvd-device /dev/dvd dvd://1 -chapter 6-6

to extract audio without processing, where 'N' is the corresponding audio channel (see 'man mplayer')

Usage example for getting a PCM/wave file from audio channel 128:

% mplayer -vo null -vc null -ao pcm:fast:file=track06.wav -aid 128 -dvd-device /dev/dvd dvd://6

Create simple chroot:

# make_chroot_jail $USERNAME

Convert DOS formated file to unix format:

sed 's/.$//'    dosfile > unixfile       # assumes that all lines end with CR/LF

sed 's/^M$//'   dosfile > unixfile       # in bash/tcsh, press Ctrl-V then Ctrl-M

sed 's/\x0D$//' dosfile > unixfile       # gsed 3.02.80, but top script is easier

awk '{sub(/\r$/,"");print}'              # assumes EACH line ends with Ctrl-M

gawk -v BINMODE="w" '1' infile >outfile  # in DOS environment; cannot be done with

                                         # DOS versions of awk, other than gawk

tr -d \r < dosfile > unixfile            # GNU tr version 1.22 or higher

tr -d '\015' < dosfile > unixfile        # use octal value for "\r" (see man ascii)

tr -d '[\015\032]' < dosfile > unixfile  # sometimes ^Z is appended to DOS-files

vim -c ":set ff=unix" -c ":wq" file      # convert using vim

vim -c "se ff=dos|x" file                # ... and even shorter ;)

recode ibmpc..lat1 file                  # convert using recode

echo -e "s/\r//g" > dos2unix.sed; sed -f dos2unix.sed < dosfile > unixfile

Tags: windows, line, convert, recode, tr, line end,

Save live audio stream to file:

% mplayer -ao pcm:file=$FILE $URL

Save live stream to file:

% mplayer -dumpfile $FILE -dumpstream $STREAM

or

% mencoder mms://$URL -o $FILE -ovc copy -oac copy

or

% mimms mms://file.wmv

Merge video files:

AVI:

% avimerge -i *.avi -o blub.avi

MPEG:

% cat *.mpg > blub.mpg

WMV:

% mencoder file1.wmv -ovc lavc -oac lavc -ofps 25 -srate 48000 -mc 0 -noskip -forceidx -o file1.avi

% mencoder file2.wmv -ovc lavc -oac lavc -ofps 25 -srate 48000 -mc 0 -noskip -forceidx -o file2.avi

% avimerge -i file1.avi file2.avi -o blub.avi

Display MS-Word file:

% strings file.doc | fmt | less

or

% antiword file.doc

Convert MS-Word file to postscript:

% antiword -p a4 file.doc > file.ps

Convert manual to postscript:

% zcat /usr/share/man/man1/zsh.1.gz | groff -man > zsh.1.ps

or

% man -t zsh > zsh.ps

Read BIOS:

% dd if=/dev/mem bs=1k skip=768 count=256 2>/dev/null | strings -n 8

Read HTTP via netcat:

echo -e "GET / HTTP/1.1\r\nHost: $DOMAIN\r\n\r\n" | netcat $DOMAIN 80

Get X ressources for specific program:

% xrdb -q |grep -i xterm

Get windowid of specific X-window:

% xwininfo -int | grep "Window id:" | cut -d ' ' -f 4

Get titel of specific X-window:

% xprop WM_CLASS

check locale - LC_MESSAGES:

% locale -ck LC_MESSAGES

Create random password:

% pwgen

or

% dd if=/dev/urandom bs=14 count=1 | hexdump | cut -c 9-

Get tarballs of various Linux Kernel trees:

% ketchup 2.6

to get the current stable 2.6 release

% ketchup -l

to get a list of all supported trees

Transfer your SSH public key to another host:

% ssh-keygen   # ssh-keygen / ssh-key-gen: if you don't have a key yet

[...]

% ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote-system

or

% cat $HOME/.ssh/id_rsa.pub  | ssh user@remote-system 'cat >> .ssh/authorized_keys'

Tags: ssh, ssh key, public key, ssh-copy-id, ssh-keygen

Fetch and potentially change SCSI device parameters:

# sdparm /dev/sda

See: man sdparm

reclaim disk space by linking identical files together:

% dupmerge...

Find and remove duplicate files:

% dupseek ...

Perform layer 2 attacks:

# yersinia ...

Tags: network, attack, security

rootsh

Guess PC-type hard disk partitions / partition table:

# gpart <options>

Perform a standard scan:

# gpart /dev/ice

Write back the guessed table:

# gpart -W /dev/ice /dev/ice

Tags: partition, recovery, disk

Develop, test and use exploit code with the Metasploit Framework:

cd /tmp

wget http://spool.metasploit.com/releases/framework-3.2.tar.gz

unp framework-3.2.tar.gz

cd framework-3.2

./msfcli

Useful documentation:

% w3m   /usr/share/doc/Debian/reference/reference.en.html

or

% xpdf =(zcat /usr/share/doc/Debian/reference/reference.en.pdf.gz)

http://grml.org/docs/           grml Documentation

http://wiki.grml.org/           grml Wiki

http://www.debian.org/doc/      Debian Documentation

http://wiki.debian.org/         Debian Wiki

http://www.gentoo.org/doc/en/   Gentoo Documentation

http://gentoo-wiki.com/         Gentoo Wiki

http://www.tldp.org/            The Linux Documentation Project

Tips and tricks:

% fortune debian-hints

Tags: documentation

Fun stuff:

% fortune debian-hints

% dpkg -L funny-manpages

Backup master boot record (MBR):

# dd if=/dev/ice of=/tmp/backup_of_mbr bs=512 count=1

Tags: backup, mbr

Backup partition table:

# sfdisk -d /dev/hda > hda.out

Restore partition table:

# sfdisk /dev/hda < hda.out

Tags: backup, partition, sfdisk, recovery

Clone disk via network using netcat:

Listener:

# nc -vlp 30000 > hda1.img

Source:

# dd if=/dev/hda1 | nc -vq 0 192.168.1.2 30000

Adjust blocksize (dd's option bs=...) and include 'gzip -c'

to tune speed:

# dd if=/dev/hda1 bs=32M | gzip -c | nc -vq 0 192.168.1.2 30000

Tags: network, backup, dd, netcat

Backup specific directories via cpio and ssh:

# for f in directory_list; do find $f >> backup.list done

# cpio -v -o --format=newc < backup.list | ssh user@host "cat > backup_device"

Tags: backup

Clone disk via ssh:

This one uses CPU cycles on the remote server to compare the files:

# ssh target_address cat remotefile | diff - localfile

# cat localfile | ssh target_address diff - remotefile

This one uses CPU cycles on the local server to compare the files:

# ssh target_address cat <localfile "|" diff - remotefile

Tags: network, backup, ssh

Useful tools for cloning / backups:

* dd: convert and copy a file

* dd_rescue: copies data from one file (or block device) to another

* pcopy: a replacement for dd

* partimage: back up and restore disk partitions

* dirvish: Disk based virtual image network backup system

* devclone: in-place filesystem conversion -- device cloning

* ntfsclone: efficiently clone, image, restore or rescue an NTFS

* dump: ext2/3 filesystem backup

* udpcast: multicast file transfer tool

* cpio: copy files to and from archives

* pax: read and write file archives and copy directory hierarchies

* netcat / ssh / tar / gzip / bzip2: additional helper tools

Tags: network, backup, ssh, udp, rescue, recovery

Use grml as a rescue system:

Different tools:

  * dd: convert and copy a file

  * ddrescue: copies data from one file or block device to another

  * partimage: Linux/UNIX utility to save partitions in a compressed image file

  * cfdisk: Partition a hard drive

  * nparted: Newt and GNU Parted based disk partition table manipulator

  * parted-bf: The GNU Parted disk partition resizing program, small version

  * testdisk: Partition scanner and disk recovery tool

  * gpart: Guess PC disk partition table, find lost partitions

ext2/ext3:

  * e2fsprogs: ext2 file system utilities and libraries

  * e2tools: utilities for manipulating files in an ext2/ext3 filesystem

  * e2undel: Undelete utility for the ext2 file system

  * ext2resize: an ext2 filesystem resizer

  * recover: Undelete files on ext2 partitions

ReiserFS/Reiser4:

  * reiser4progs: administration utilities for the Reiser4 filesystem

  * reiserfsprogs: User-level tools for ReiserFS filesystems

XFS:

  * xfsdump: Administrative utilities for the XFS filesystem

  * xfsprogs: Utilities for managing the XFS filesystem

JFS:

  * jfsutils: utilities for managing the JFS filesystem

NTFS:

  * ntfsprogs: tools for doing neat things in NTFS partitions from Linux

  * salvage-ntfs: free NTFS data recovery tools

  * scrounge-ntfs: data recovery program for NTFS file systems

  * ntfsresize: resize ntfs partitions

Tags: ntfs, jfs, xfs, ext3, rescue, recovery, backup, filesystem, tools

Get ASCII value of a character with zsh:

% char=N ; print $((#char))

Convert a collection of mp3 files to wave or cdr using zsh:

% for i (./*.mp3){mpg321 --w - $i > ${i:r}.wav}

Convert images (foo.gif to foo.png) using zsh:

% for i in **/*.gif; convert $i $i:r.png

Remove all "non txt" files using zsh:

% rm ./^*.txt

Remote Shell Using SSH:

remote host:

% ssh -NR 3333:localhost:22 user@yourhost

local host:

% ssh user@localhost -p 3333

Tags: port forwarding, ssh, remote port, network

Reverse Shell with Netcat:

local host:

% netcat -v -l -p 3333 -e /bin/sh

remote host:

% netcat 192.168.0.1 3333

TagS: port forwarding, ssh, remote, network

Reverse Shell via SSH:

local host (inside the network):

% ssh -NR 1234:localhost:22 remote_host

remote host (outside the network):

% ssh localhost -p 1234

Tags: port forwarding, ssh, remote port, network

Remove empty directories with zsh:

% rmdir ./**/*(/od) 2> /dev/null

Find all the empty directories in a tree with zsh:

% ls -ld *(/^F)

Find all files without a valid owner and change ownership with zsh:

% chmod user /**/*(D^u:${(j.:u:.)${(f)"$(</etc/passwd)"}%%:*}:)

Display the 5-10 last modified files with zsh:

% print -rl -- /path/to/dir/**/*(D.om[5,10])

Find and list the ten newest files in directories and subdirs (recursive) with zsh:

% print -rl -- **/*(Dom[1,10])

Find most recent file in a directory with zsh:

% setopt dotglob ; print directory/**/*(om[1])

Tunnel all traffic through an external server:

% ssh -ND 3333 username@external.machine

Then set the SOCKS4/5 proxy to localhost:3333.

Check whether it's working by surfing e.g. to checkip.dyndns.org

Tags: ssh, network, proxy, socks, tunnel

Tunnel everything through SSH via tsocks:

set up the SSH proxy on the client side:

% ssh -ND 3333 user@remote.host.example.com

Adjust /etc/tsocks.conf afterwards (delete all other lines):

server = 127.0.0.1

server_port = 3333

For programs who natively support proxying connections (e.g. Mozilla

Firefox) you can now set the proxy address to localhost port 3333.

All other programs which's connections you want to tunnel through your

external host are prefixed with tsocks, e.g.:

% tsocks netcat example.com 80

% tsocks irssi -c irc.quakenet.eu.org -p 6667

If you call tsocks without parameters it executes a shell witht the

LD_PRELOAD environment variable already set and exported.

Tags: ssh, network, proxy, socks, tunnel, tsocks

smartctl - control and monitor utility for harddisks using Self-Monitoring,

Analysis and Reporting Technology (SMART):

# smartctl --all /dev/ice

If you want to use smartctl on S-ATA (sata) disks use:

# smartctl -d ata --all /dev/sda

Start offline test:

# smartctl -t offline /dev/ice

Start short test:

# smartctl -t short /dev/ice

Display results of test:

# smartctl -l selftest /dev/ice

Query device information:

# smartctl -i /dev/ice

Tags: smart, s.m.a.r.t, info, test, hardware

Mount a BSD / Solaris partition:

# mount -t ufs -o ufstype=ufs2 /dev/hda1 /mnt/hda1

Use ufstype 44bsd  for FreeBSD, NetBSD, OpenBSD (read-write).

Use ufstype ufs2   for >= FreeBSD 5.x (read-only).

Use ufstype sun    for SunOS (Solaris) (read-write).

Use ufstype sunx86 for SunOS for Intel (Solarisx86) (read-write).

See /usr/share/doc/linux-doc-$(uname -r)/Documentation/filesystems/ufs.txt.gz

for more details.

Tags: ufs, bsd, mount, solaris

Read BIOS (and or BIOS) password:

# dd if=/dev/mem bs=512 skip=2 count=1 | hexdump -C | head

Clone one of the kernel trees via git:

 git clone rsync://rsync.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git

                                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

This path defines the tree. See http://kernel.org/git/ for an overview.

Mount filesystems over ssh protocol:

% sshfs user@host:/remote_dir /mnt/test

Unmount via:

% fusermount -u /mnt/test

(Notice: requires fuse kernel module)

Tags: ssh, sshfs, network, mount, directory, remote, fuse

Install Gentoo using grml:

See http://www.gentoo.org/doc/en/altinstall.xml

Convert files from Unicode / UTF-8 to ISO:

% iconv -c -f utf8 -t iso-8859-15 < utffile > isofile

and vice versa:

% iconv -f iso-8859-15 -t utf8 < isofile > utffile

Tags: utf-8, iso, unicode, utf8

Assign static setup for network cards (NICs) via udev:

Retrieve information for address (corresponding to MAC address):

  # udevadm info -a -p /sys/class/net/eth0/ | grep -i 'ATTR{address}'

Execute /lib/udev/write_net_rules with according values (INTERFACE

is old NIC name, INTERFACE_NAME is new NIC name and MATCHADDR

is the MAC address retrieved with udevadm info command):

  # INTERFACE=eth0 INTERFACE_NAME=lan0  MATCHADDR=00:00:00:00:00:01 /lib/udev/write_net_rules

This will generate file /etc/udev/rules.d/70-persistent-net.rules with content:

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:00:00:00:00:01", KERNEL=="eth*", NAME="lan0"

Finally take down the interface (ifdown/ifconfig) and execute:

  # udevadm trigger --action=add --subsystem-match=net

so the interface will be renamed. (Rebooting or

unloading drivers/restart udev/loading drivers again

works as well of course.)

Tags: udev, configuration, name, eth0, howto

Change the suffix from *.sh to *.pl using zsh:

% autoload zmv

% zmv -W '*.sh' '*.pl'

Generate SSL certificate:

Create self signed certificate (adjust /etc/ssl/openssl.cnf if necessary):

# openssl req -x509 -newkey rsa:1024 -keyout keyfile -out certfile -days 9999 -nodes

Check certfile:

# openssl x509 -in certfile -text

Verify against CA certificate:

# openssl verify -CAfile cacert.crt -verbose -purpose sslserver

Generate 2048bit RSA-key:

# openssl req -new -x509 -keyout pub-sec-key.pem -out pub-sec-key.pem -days 365 -nodes

As before but add request to existing key pub-sec-key.pem:

# openssl req -new -out request.pem -keyin pub-sec-key.pem

Show request request.pem:

# openssl req -text -noout -in request.pem

Verify signature of request request.pem:

# openssl req -verify -noout -in request.pem

Generate SHA1 fingerprint (modulo key) of request.pem:

# openssl req -noout -modulus -in request.pem | openssl sha1 -c

Generate 2048bit RSA-key and put it to pub-sec-key.pem. Save self signed certificate in self-signed-certificate.pem:

# openssl req -x509 -days 365 -newkey rsa:2048 -out self-signed-certificate.pem -keyout pub-sec-key.pem

As before but create self signed certificate based on existing key pub-sec-key.pem:

# openssl req -x509 -days 365 -new -out self-signed-certificate.pem -key pub-sec-key.pem

Generate new request out of existing self signed certificate:

# openssl x509 -x509toreq -in self-signed-certificate.pem -signkey pub-sec-key.pem -out request.pem

Display certificate self-signed-certificate.pem in plaintext:

# openssl x509 -text -noout -md5 -in self-signed-certificate.pem

Check self signed certificate:

# openssl verify -issuer_checks -CAfile self-signed-certificate.pem self-signed-certificate.pem

Estable OpenSSL-connection using self-signed-certificate.pem and display certificate:

# openssl s_client -showcerts -CAfile self-signed-certificate.pem -connect www.example.com:443

Generate ssl-certificate for use with apache2:

export RANDFILE=/dev/random

mkdir /etc/apache2/ssl/

openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem

chmod 600 /etc/apache2/ssl/apache.pem

Also take a look at make-ssl-cert (debconf wrapper for openssl):

# /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/apache.pem

and mod-ssl-makecert (utility to create SSL certificates in /etc/apache/ssl.*/).

Tags: openssl, howto

Change Windows NT password(s):

# mount -o rw /mnt/hda1

# cd /mnt/hda1/WINDOWS/system32/config/

# chntpw SAM SECURITY system

Notice: if mounting the partition read-write did not work (check syslog!)

try using mount.ntfs-3g instead: mount.ntfs-3g /dev/hda1 /mnt/hda1

(Be careful with deactivating syskey!)

Tags: password, windows, recovery, chntpw, howto

glark - replacement for grep written in Ruby:

A replacement for (or supplement to) the grep family, glark offers:

Perl compatible regular expressions, highlighting of matches,

context around matches, complex expressions and automatic exclusion

of non-text files.

Usage examples:

% glark -y keyword file      # display only the region that matched, not the entire line

% glark -o format print *.h  # search for either "printf" or "format"

More information: man glark

Find CD burning device(s):

General information on CD-ROM:

% cat /proc/sys/dev/cdrom/info

Scan using ATA Packet specific SCSI transport:

# cdrecord -dev=ATA -scanbus

# cdrecord-prodvd -s -scanbus dev=ATA

Get specific information for /dev/ice:

# cdrecord dev=/dev/ice -scanbus

Tags: hardware, info, cd burn

Identify network device (NIC):

# ethtool -i $DEVICE

Show NIC statistics:

# ethtool -S $DEVICE

If your NIC shows some aging signs, you may want to be sure:

# ethtool -t $DEVICE

Disable TCP/UDP checksums:

# ethtool -K $DEVICE tx off

Tags: configuration, network, device

grml2hd seems to hang? Getting Squashfs errors? Problems while booting?

Switch to tty12 and take a look at the syslog. If you see something like:

  SQUASHFS error: zlib_fs returned unexpected result 0x........

  SQUASHFS error: Unable to read cache block [.....]

  SQUASHFS error: Unable to read inode [.....]

your ISO/CD-ROM very probably is not ok. Verify it via booting with grml testcd.

Check your CD low-level via running:

# readcd -c2scan dev=/dev/cdrom

If the medium really is ok and it still fails try to boot with deactivated DMA

via using grml nodma at the bootprompt.

Tags: grml2hd, installation, verify, squashfs, error

Write a Microsoft compatible boot record (MBR) using ms-sys

Write a Windows 2000/XP/2003 MBR to a device:

# ms-sys -m /dev/ice

Notice: grab ms-sys from http://ms-sys.sourceforge.net/ - demo:

 wget http://surfnet.dl.sourceforge.net/sourceforge/ms-sys/ms-sys-2.1.3.tgz

 unp ms-sys-2.1.3.tgz

 cd ms-sys-2.1.3

 make

 ./bin/ms-sys ...

Tags: mbr, windows, ms-sys, recovery

Use a Vodafone 3G Datacard (UMTS) with Linux:

Plug in your vodafone card and check in syslog whether the appropriate

(probably /dev/ttyUSB0 or /dev/noz0) has been created. If so run:

# comgt -d $DEVICE

# wvdial --config /etc/wvdial.conf.umts $PROFILE

Usage examples:

# comgt -d /dev/ttyUSB0

# wvdial --config /etc/wvdial.conf.umts a1usb

# comgt -d /dev/noz0

# wvdial --config /etc/wvdial.conf.umts tmnozomi

# comgt -d /dev/noz0

# wvdial --config /etc/wvdial.conf.umts dreiusb

# comgt -d /dev/ttyACM0

# wvdial --config /etc/wvdial.conf.umts yesss

If you receive invalid DNS nameservers when connecting, like:

[...]

--> primary   DNS address 10.11.12.13

--> secondary DNS address 10.11.12.14

just provide a working nameserver to resolvconf via:

# echo "nameserver 80.120.17.70" | resolvconf -a ppp0

Notice: some vodafone cards require the nozomi driver (run 'modprobe nozomi' on

your grml system), some other ones require the sierra driver (run

'modprobe sierra').

If your device isn't supported by usbserial yet, manually provide vendor and

product ID when loading the usbserial module. Usage example:

% lsusb

[...]

Bus 004 Device 008: ID 1199:6813 Sierra Wireless, Inc.

# modprobe usbserial vendor=0x1199 product=0x6813

To get a list of available providers execute:

# comgt -s -d /dev/ttyUSB0 /etc/comgt/operator

Tags: umts, 3g, vodafone, sierra, wvdial, ppp, howto

hdparm - get/set hard disk parameters

Display the identification info that was obtained from the drive at boot time,

if available:

# hpdarm -i /dev/ice

Request identification info directly from the drive:

# hpdarm -I /dev/ice

Perform timings of device + cache reads for benchmark and comparison purposes:

# hdparm -tT /dev/ice

Tags: hardware, performance, configuration, harddisk

bonnie++ - program to test hard drive performance.

# mkdir /mnt/benchmark

# mount /dev/ice /mnt/benchmark

# chmod go+w /mnt/benchmark

# bonnie -u grml -d /mnt/benchmark -s 2000M

Tags: benchmark, harddisk

Use gizmo with a bluetooth headset:

% DEVICE="/dev/dsp$(awk '/- BT Headset/ {print $1}' /proc/asound/cards)"

% gizmo --mic $DEVICE --speaker $DEVICE

Scan a v4l device for TV stations:

% scantv -c /dev/video0 -C /dev/vbi0 -o ~/.xawtv

Then running xawtv should work:

% xawtv

Run apt-get with timeout of 3 seconds:

# apt-get -o acquire::http::timeout=3  update

Tags: apt-get

Debian GNU/Linux device driver check page

% $BROWSER http://kmuto.jp/debian/hcl/index.cgi

Use dd with status line:

# dd if=/dev/ice conv=noerror,notrunc,sync | buffer -S 100k | dd of=/tmp/file

Generate a 512k file of random data with status bar:

% dd if=/dev/random bs=1024 count=512 | bar -s 512k -of ./random

Install Grub instead of lilo on grml installation (grml2hd):

install grml:

# grml2hd ....

adjust grub's configuration file menu.lst:

# $EDITOR /boot/grub/menu.lst

now install grub (usage example for /dev/sda1):

# grub install

root (hd0,0)

setup (hd0)

Tags: grml2hd, grub

Install Ubuntu using grml:

See https://wiki.ubuntu.com/Installation/FromKnoppix

Tags: ubuntu, installation

Resize ext2 / ext3 partition:

# tune2fs -O '^has_journal' /dev/iceX # disable journaling

# fsck.ext2 -v -y -f /dev/iceX        # check the filesystem

# resize2fs -p /dev/iceX  $SIZE       # resize it (adjust $SIZE)

# fdisk /dev/ice                      # adjust partition in partition table

# fsck.ext2 -v -y -f /dev/iceX        # check filesystem again

# resize2fs -p /dev/iceX              # resize it to maximum

# tune2fs -j /dev/iceX                # re-enable journal

Tags: resize, ext2, ext3, ext4, partition, howto

Tune ext2 / ext3 filesystem:

Check partition first:

# tune2fs -l /dev/iceX

If you don't see dir_index in the list, then enable it:

# tune2fs -O dir_index /dev/iceX

Now run e2fsck with the -D option to have the directories optimized:

# e2fsck -D /dev/iceX

Notice: since e2fsprogs (1.39-1) filesystems are created with

directory indexing and on-line resizing enabled by default.

Tags: configuration, ext2, ext3, ext4, partition

Search for printers via network:

# pconf_detect -m NETWORK -i 192.168.0.1/24

Tags: printer, network, scan

Mount a remote directory via webdav (e.g. Mediacenter of GMX):

# mount -t davfs https://mediacenter.gmx.net/ /mnt/test

Tags: webdav, mount, mediacenter, gmx

System-Profiling using oprofile:

Prepare setup:

# opcontrol --reset

# opcontrol --setup --no-vmlinux --event=CPU_CLK_UNHALTED:500000:0:1:1 --separate=library

Start logging:

# opcontrol --start

Now $DO_SOME_TASKS...

Stop logging:

# opcontrol --shutdown

Then take a look at the reports using something like e.g.:

# opreport -t 0.5 --exclude-dependent

# opreport -t 0.5 /path/to/executable_to_check

# opannotate -t 0.5 --source --assembly

Tags: profile, profiling, opcontrol, howto

Install ATI's fglrx driver for Xorg / X.org:

Usually there already exist drivers for the grml-system:

# apt-get update ; apt-get install fglrx-driver fglrx-kernel-`uname -r`

After installing adjust xorg.conf via running:

# aticonfig --initial --input=/etc/X11/xorg.conf

For more information take a look at http://wiki.grml.org/doku.php?id=ati

Tags: xorg, x11, driver, ati

Install nvidia driver for Xorg / X.org:

Usually there already exist drivers for the grml-system:

# apt-get update ; apt-get install nvidia-glx nvidia-kernel-`uname -r`

Then switch from module nv to nvidia:

# sed -i 's/Driver.*nv.*/Driver      "nvidia"/' /etc/X11/xorg.conf

Tags: xorg, x11, driver, nvidia

glxgears - a GLX demo that draws three rotating gears

To print frames per second (fps) use:

% glxgears -printfps

Tags: xorg, x11, glx,

You forgot to boot with 'grml noeject noprompt' to avoid

ejecting and prompting for CD removal when rebooting/halting

the system?

Either run:

# noeject reboot

or:

# noeject halt

If you want to avoid only the prompting part, run:

# noprompt reboot

or:

# noprompt halt

Tags: bootparam, fix, grml

Mount wikipedia local via fuse:

Adjust configuration:

% cat ~/.wikipediafs/config.xml

<wfs-config>

    <general>

       <article-cache-time>300</article-cache-time>

    </general>

    <sites>

      <site>

        <dirname>wikipedia-de</dirname>

        <host>de.wikipedia.org</host>

        <basename>/w/index.php</basename>

      </site>

      <site>

        <dirname>wikipedia-en</dirname>

        <host>en.wikipedia.org</host>

        <basename>/w/index.php</basename>

      </site>

    </sites>

</wfs-config>

Mount it (/wiki must exist of course):

% mount.wikipediafs /wiki

% cat /wiki/wikipedia-en/Cat

Unmount via:

% fusermount -u /wiki

Tags: fuse, wikipedia, mount

Remote notification on X via osd (on screen display):

Start osd_server.py at your local host (listens on port 1234 by default):

% osd_server.py

Then login to a $REMOTEHOST

% ssh -R 1234:localhost:1234 $REMOTEHOST

Now send the text to your local display via running something like:

% echo "text to send" | nc localhost 1234

Very useful when you are waiting for a long running job

but want to do something else in the meanwhile:

% ./configure && make && echo "finished compiling" | netcat localhost 1234

You can use this in external programs as well of course. Examples:

Use osd in centericq:

% cat ~/.centericq/external

[...]

%action osd notify

event msg

proto all

status all

options nowait

%exec

#!/bin/bash

if [ -x /usr/bin/socat -a -x /bin/netcat ] ; then

  CONTACT_CUSTOM_NICK=$(cat ${CONTACT_INFODIR}/info | head -n 46 | tail -n 1)

  osd_msg="*** CenterICQ: new ${EVENT_NETWORK} ${EVENT_TYPE} from ${CONTACT_CUSTOM_NICK} ***"

  if echo | socat - TCP4:localhost:1234 &>/dev/null ; then

    echo "${osd_msg}" | netcat localhost 1234

  fi

fi

Use it in the IRC console client irssi via running:

/script load osd.pl

You can even activate the port forwarding by default globally:

% cat ~/.ssh/config

[...]

Host *

RemoteForward 1234 127.0.0.1:1234

ForwardAgent yes

Notice: if you get 'ABORT: Requested font not found' make sure the

requested font is available, running 'LANG=C LC_ALL=C osd_server.py...'

might help as well.

Tags: osd, notification, ssh, network, port-forwarding

Avoid automatical startup of init scripts via invoke-rc.d:

First of all make sure the package policyrcd-script-zg2 (which

provides the /usr/sbin/policy-rc.d interface) is installed.

In policyrcd-script-zg2's configuration file named

/etc/zg-policy-rc.d.conf the script /usr/sbin/grml-policy-rc.d is

defined as the interface for handling invoke-rc.d's startup policy.

grml-policy-rc.d can be configure via /etc/policy-rc.d.conf.  By

default you won't notice any differences to Debian's default

behaviour, except that invoke-rc.d won't be executed if a chroot has

been detected (detection: /proc is missing).

If you want to disable automatical startup of newly installed packages

(done via the invoke-rc.d mechanism) just set EXITSTATUS to '101' in

/etc/policy-rc.d.conf.

To restore the default behaviour set EXITSTATUS back to '0' in

/etc/policy-rc.d.conf.

Tags: policy, init, script, invode-rc.d

Install VMware-Tools for grml:

First of all make sure a CD-ROM device in VMware is available.

Mount the CD-ROM device to /mnt/cdrom, then unpack and install

the tools running:

cd /tmp

unp /mnt/cdrom/vmware-linux-tools.tar.gz

cd vmware-tools-distrib

./vmware-install.pl

/etc/init.d/networking stop

rmmod pcnet32

rmmod vmxnet

depmod -a

modprobe vmxnet

/etc/init.d/networking start

In an X terminal, launch the VMware Tools running:

vmware-toolbox

Tags: vmware, tool, vmware-toolbox, howto

Some important Postfix stuff

List mail queue:

# mailq

or

# postqueue -p

Send all messages in the queue:

# postqueue -f

Send all messages in the queue for a specific site:

# postqueue -s site

Delete a specific message

# postsuper -d 12345678942

Deletes all messages held in the queue for later delivery

# postsuper -d ALL deferred

Mail queues in postfix:

    incoming -> mail who just entered the system

    active   -> mail to be delivered

    deferred -> mail to be delivered later because there were problems

    hold     -> mail that should not be delivered until released from hold

For configuration of postfix take a look at

/etc/postfix/master.cf  - man 5 master

/etc/postfix/main.cf    - man 5 postconf

and http://www.postfix.org/documentation.html.

File permissions

mode 4000 - set user ID (suid):

- for executable files: run as the user who owns the file, instead of the

  user who runs the file

- for directories: not used

mode 2000 - set group ID (guid):

- for executable files: run as the group who owns the file, instead of the

  group of the user who runs the file

- for directories: when a file is created inside the directory, it belongs

  to the group of the directory instead of the default group of the user who

  created the file

mode 1000 - sticky bit:

- for files: not used

- for directories: only the owner of a file can delete or rename the file

Tags: postix, mailq, postsuper, queue, delete, smtp

Create MySQL database

# apt-get install mysql-client mysql-server

Run 'mysql' as root - create a database with:

create database grml

Give a user access to the database (without password):

grant all on grml.* to mika;

Give a user access to the database (with password):

grant all on grml.* to enrico identified by "PASSWORD";

Tags: mysql, database

Setup an HTTPS website:

Create a certificate:

# mkdir /etc/apache2/ssl

# make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

Create a virtual host on port 443:

<VirtualHost www.foo.invalid:443>

[...]

</VirtualHost>

Enable SSL in the VirtualHost:

SSLEngine On

SSLCertificateFile /etc/apache2/ssl/apache.pem

Enable listening on the HTTPS port (/etc/apache2/ports.conf):

Listen 443

and make sure the SSL module is used:

# a2enmod ssl

Tags: ssl, https, configuration, apache

Useful Apache / Apache2 stuff

Check configuration file via running:

# apache2ctl configtest

Enable a site:

# a2ensite sitename

Enable a module

# a2enmod modulename

Tags: apache, configuration

Create tar archive and store it on remote machine:

% tar zcf - /sourcedir | ssh user@targethost "cat >file.tgz"

Tags: tar, backup, remote, network, ssh

Pick out and displays images from network traffic:

# driftnet

Tags: remote, network, sniff, image

Install Flash plugin:

# dpkg-reconfigure flashplugin-nonfree

Tags: flash, plugin

To test a proxy, low level way:

% telnet proxy 8080

[...]

GET http://www.google.com HTTP/1.0 [press enter twice]

Tags: proxy

Adjust system for use of qemu with kqemu:

Make sure you have all you need:

# aptitude update ; aptitude install qemu kqemu-modules-$(uname -r)

Then set up kqemu:

modprobe kqemu

mknod /dev/kqemu c 250 0

chmod 666 /dev/kqemu

chmod 666 /dev/net/tun

Check kqemu support via starting qemu, press

Ctrl-Alt-2 and entering 'info kqemu'.

(High-Load) Debugging related tools:

mpstat  # report processors related statistics

iostat  # report CPU statistics and input/output statistics for devices and partitions

vmstat  # report virtual memory statistics

slabtop # display kernel slab cache information in real time

atsar   # system activity report

dstat   # versatile tool for generating system resource statistics

Usage examples:

# mpstat -P ALL

# iostat -x 1

# iostat -xtc 5 3

# vmstat 1

# atsar -t 60 10

# dstat -af

Tags: test, debug, information, hardware, statistic

Using WPA for network setup manually:

# wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf

Adjust the options and configuration file to your needs.

Also take a look at 'grml-network'.

Tags: wireless, wpa, network, configuration

Start X and lock console via exiting:

% startx 2>~/.xsession-errors &| exit

Tags: xorg, x11, startx, graphical

Which process is writing to disk and/or causes the disk to spin up?

First of all use lsof to check what's going on. Does not help? ->

# echo 1 > /proc/sys/vm/block_dump

The command sets a sysctl to cause the kernel to log all disk

writes. Please notice that there is a lot of data.  So please

disable syslogd/syslog-ng before you do this, or you must make

sure that kernel output is not logged.

When you're done, disable block dump using:

# echo 0 > /proc/sys/vm/block_dump

Alternative:

laptop-mode-tools provides a tool named lm-profiler (laptop mode profiler)

which handles block_dump on its own.

See: $KERNEL-SOURCE/Documentation/laptop-mode.txt

Also take a look at event-viewer(8) which is part of grml-debugtools.

Tags: debug, device, block, partition

Install initrd via initramfs-tools for currently running kernel:

# update-initramfs -c -t -k $(uname -r)

Tags: initrd

Install initrd via yaird for currently running kernel:

# yaird -o /boot/initrd.img-$(uname -r)

Install initrd via yaird for specific kernel:

# mount /proc

# mount /sys

# yaird -o /boot/initrd.img-2.6.15-1-686 2.6.15-1-686

Reinstall package with its original configuration files:

# apt-get install --reinstall -o DPkg::Options::=--force-confmiss -o \

  DPkg::Options::=--force-confnew package

grml 0.8 funkenzutzler - rt2x00 drivers:

To avoid conflicts with the other rt2x00-drivers the package rt2x00 (which

includes beta-version drivers) is not installed by default. If you want to

use the kernel modules rt2400pci, rt2500pci, rt2500usb, rt61pci and/or

rt73usb please install the package manually running:

# dpkg -i /usr/src/rt2x00-modules-*.deb

Use Java with jikes and jamvm on grml:

Simple demo:

% cp /usr/share/doc/grml-templates/template.java .

% jikes template.java

% jamvm HelloWorld

Notice that grml exports $JIKESPATH (/usr/share/classpath/glibj.zip),

so you do not have to manually run

jikes --bootclasspath /usr/share/classpath/glibj.zip

Online resizing of (Software-)RAID5:

# Initiate a RAID5 setup for testing purposes:

mdadm --create --verbose /dev/md0 --level=5 --raid-devices=3 /dev/hda1 /dev/hdb1 /dev/hdd1

# Create filesystem, mount md0, create a testfile and save md5sum for

# later check:

mkfs.ext3 /dev/md0

mount /dev/md0 /mnt/test

dd if=/dev/urandom of=/mnt/test/dd bs=512 count=10000

md5sum /mnt/test/dd > md5sum

# Make sure the RAID is synched via checking:

cat /proc/mdstat

# Now remove one partition:

mdadm /dev/md0 --fail /dev/hdd1 --remove /dev/hdd1

# Delete partition, create a new + bigger one and set partition type to fd

# (Linux raid autodetect):

cfdisk /dev/hdd

# And re-add the partition:

mdadm -a /dev/md0 /dev/hdd1

# Make sure the RAID is synched via checking:

cat /proc/mdstat

# Repeat the steps for all other disks/partitions as well:

mdadm /dev/md0 --fail /dev/hdb1 --remove /dev/hdb1

cfdisk /dev/hdb

mdadm -a /dev/md0 /dev/hdb1

cat /proc/mdstat

mdadm /dev/md0 --fail /dev/hda1 --remove /dev/hda1

cfdisk /dev/hda

mdadm -a /dev/md0 /dev/hda1

cat /proc/mdstat

# Now resize the RAID5 system online [see 'man mdadm' for details]:

mdadm --detail /dev/md0 | grep -e 'Array Size' -e 'Device Size'

mdadm --grow /dev/md0 -z max

mdadm --detail /dev/md0 | grep -e "Array Size" -e 'Device Size'

# Last step - resize the filesystem (online again):

resize2fs /dev/md0

Tags: raid, resize, raid5, mdadm

ext3 online resizing:

Starting with Linux kernel 2.6.10 you can resize ext3 online.  With

e2fsprogs >=1.39-1 new filesystems are created with directory indexing and

on-line resizing enabled by default (see /etc/mke2fs.conf).

Demo:

cfdisk /dev/hda                           # create a partition with type 8e (lvm)

pvcreate /dev/hda2                        # create a physical volume

vgcreate vg0 /dev/hda2                    # create volume group

lvcreate -n resize_me -L1G vg0            # create a logical volume

mkfs.ext3 /dev/mapper/vg0-resize_me       # now create a new filesystem

mount /dev/mapper/vg0-resize_me /mnt/test # mount the new fs for demonstrating online resizing

df -h                                     # check the size of the partition

lvextend -L+2G /dev/mapper/vg0-resize_me  # let's extend the logical volume

resize2fs -p /dev/mapper/vg0-resize_me    # and finally resize the filesystem

df -h                                     # recheck the size of the partition

This also works for Software-RAID. Demo:

mdadm --create --verbose /dev/md0 --level=raid1 --raid-devices=2 /dev/hda2 /dev/hdb1

mkfs.ext3 /dev/md0

mount /dev/md0 /mnt/test

mdadm /dev/md0 --fail /dev/hda2 --remove /dev/hda2

cfdisk /dev/hda                                  # adjust partition size for hda2

mdadm /dev/md0 --add /dev/hda2

mdadm /dev/md0 --fail /dev/hdb1 --remove /dev/hdb1

cfdisk /dev/hdb                                  # adjust partition size for hdb1

mdadm /dev/md0 --add /dev/hdb1

mdadm --grow /dev/md0 --size=max

resize2fs /dev/md0

Notice: online resizing works as soon as the kernel can re-read the

partition table. So it works for example with LVM and SW-RAID but not with

a plain device (/dev/[sh]d*). The kernel does not re-read the partition

table if the device is already mounted.

Tags: resize, raid, lvm, ext2, ext3, ext4, raid1

Use vim as an outline editor:

% $PAGER /usr/share/doc/vim-vimoutliner/README.Debian

% vim ~/foo.otl

:he vo

Monitor directories/files for changes using iwatch

Monitor /tmp for changes:

% iwatch /tmp/

Monitor files/directories specified in /etc/iwatch.xml

and send mail on changes:

% iwatch

Tags: inotify, watch, file, directory

Some often used mdadm commands:

Set up RAID1:

# mdadm --create --verbose /dev/md0 --level=raid1 --raid-devices=2 /dev/hda1 /dev/hdb1

Display details of specific RAID:

# mdadm --detail /dev/md0

# cat /proc/mdstat

Simulating a drive failure by software:

# mdadm --manage --set-faulty /dev/md0 /dev/hda1

Remove disk from RAID:

# mdadm /dev/md0 -r /dev/hda1

Set disk as faulty and remove from RAID:

# mdadm /dev/md0 --fail /dev/hda1 --remove /dev/hda1

Stop a RAID-device:

# mdadm -S /dev/md0

Restart a RAID-device:

# mdadm -R /dev/md0

Add another disk to existing RAID setup (hotadd):

# mdadm /dev/md0 -a /dev/hde1

# mdadm --grow /dev/md0 --raid-devices=4

Assemble and start all arrays:

# mdadm --assemble --scan

Assemble a specific array:

# mdadm --assemble /dev/md0 /dev/sda1 /dev/sdb1 /dev/sdc1

Resync:

# mdadm --assemble --run --force --update=resync /dev/md0 /dev/sda1 /dev/sda2

Stop and rebuild:

# mdadm --stop --scan

Scan for and setup arrays automatically:

# mdadm --assemble --scan --auto=yes --verbose

Notice: If the above does not work make sure /etc/mdadm/mdadm.conf contains:

DEVICE partitions

CREATE owner=root group=disk mode=0660 auto=yes

HOMEHOST <system>

MAILADDR root

Running

# /usr/share/mdadm/mkconf > /etc/mdadm/mdadm.conf

might help as well.

Monitoring the sw raid

# nohup mdadm --monitor --mail=root@localhost --delay=300 /dev/md0

Producing /etc/mdadm/mdadm.conf:

# mdadm --detail --scan > /etc/mdadm/mdadm.conf

See also: man mdadm | less -p "^EXAMPLES"

          http://www.tldp.org/HOWTO/Software-RAID-HOWTO.html

Tags: raid, raid1, raid5, configuration, mdadm, howto

A quick summary of the most commonly used RAID levels:

RAID 0: Striped Set

 => 2 disks each 160 GB: 320 GB data

RAID 1: Mirrored Set

 => 2 disks each 160 GB: 160 GB data

RAID 5: Striped Set with Parity

 => 3 disks each 160 GB: 320 GB data; 160 GB redundancy

Common nested RAID levels:

RAID 01: A mirror of stripes

RAID 10: A stripe of mirrors

RAID 30: A stripe across dedicated parity RAID systems

RAID 100: A stripe of a stripe of mirrors

  -- http://en.wikipedia.org/wiki/RAID

Tags: raid, raid1, raid5, raid01, raid10, raid100

Logical Volume Management (LVM) with Linux

LVM setup layout:

~~~~~~~~~~~~~~~~~

|    hda1   hdc1      (PV:s on partitions or whole disks)

|       \   /

|        \ /

|       diskvg        (VG)

|       /  |  \

|      /   |   \

|  usrlv rootlv varlv (LV:s)

|    |      |     |

| ext3    ext3  xfs   (filesystems)

Often used commands:

~~~~~~~~~~~~~~~~~~~~

Create a physical volume:

# pvcreate /dev/hda2

Create a volume group:

# vgcreate testvg /dev/hda2

Create a logical volume:

# lvcreate -n test_lv -L100 testvg

Resize a logical volume:

# lvextend -L+100M /dev/resize_me/resize_me

# resize2fs /dev/resize_me/resize_me               # ext2/3

# xfs_growfs  /dev/resize_me/resize_me             # xfs

# resize_reiserfs -f /dev/resize_me/resize_me      # reiserfs online

# mount -o remount,resize /dev/resize_me/resize_me # jfs

Create a snapshot of a logical volume:

# lvcreate -L 500M --snapshot -n mysnap /dev/testvg/test_lv

Deactivate a volume group:

# vgchange -a n my_volume_group

Actually remove a volume group:

# vgremove my_volume_group

Display information about physical volume:

# pvdisplay /dev/hda1

Remove physical volume:

# vgreduce my_volume_group /dev/hda1

Remove logical volume:

# umount /dev/myvg/homevol

# lvremove /dev/myvg/homevol

See also: man lvm

          http://www.tldp.org/HOWTO/LVM-HOWTO/

Tags: lvm, howto, pvcreate, lvcreate

How to use APT locally

Sometimes you have lots of packages .deb that you would like to use APT to

install so that the dependencies would be automatically solved. Solution:

mkdir debs

dpkg-scanpackages debs /dev/null | gzip > debs/Packages.gz

echo "  deb file:/root debs/" >> /etc/apt/sources.list

dpkg-scansources debs | gzip > debs/Sources.gz

echo "  deb-src file:/root debs/" >> /etc/apt/sources.list

See also: http://www.debian.org/doc/manuals/apt-howto/ch-basico.en.html

Tags: mirror, local

Check filesystem's LABEL:

generic way:

# blkid /dev/sda1

ext2/3 without blkid:

# dumpe2fs /dev/sda1 | grep "Filesystem volume name"

xfs without blkid:

# xfs_admin -l /dev/sda1

reiserfs without blkid:

# debugreiserfs /dev/sda1 | grep -i label

jfs without blkid:

# jfs_tune -l /dev/sda1 | grep -i label

reiser4 without blkid:

# debugfs.reiser4 /dev/sda1 | grep -i label

Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs, label

Check filesystem's UUID:

generic way:

# blkid /dev/sda1

ext2/3 without blkid:

# dumpe2fs /dev/sda1 | grep -i UUID

xfs without blkid:

# xfs_admin -u /dev/sda1

reiserfs without blkid:

# debugreiserfs /dev/sda1 | grep -i UUID

reiser4 without blkid:

# debugfs.reiser4 /dev/sda1 | grep -i UUID

Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs, uuid

Change a filesystem's LABEL:

swap:

# mkswap -L $LABEL /dev/sda1

ext2/ext3:

# e2label /dev/sda1 $LABEL

# tune2fs -L $LABEL /dev/sda1

reiserfs:

# reiserfstune -l $LABEL /dev/sda1

jfs:

# jfs_tune -L $LABEL /dev/sda1

xfs:

# xfs_admin -L $LABEL /dev/sda1

fat/vfat:

# echo 'drive i: file="/dev/sda1"' >> ~/.mtoolsrc

# mlabel -s i:$LABEL

ntfs:

# ntfslabel $LABEL /dev/sda1

Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs

Disable pdiffs feature of APT:

Permanent:

# echo 'Acquire::PDiffs "false";' >> /etc/apt/apt.conf

Temporary:

# apt-get update -o Acquire::Pdiffs=false

Backup big devices or files and create compressed splitted

image chunks of it using zsplit

Create backup of /dev/sda named archiveofsda_#.spl.zp in directory

/mnt/sda1/backup, split the files up into chunks of 1GB each and set

read/write buffer to 256kB:

# zsplit -b 256 -N archiveofsda -o /mnt/sda1/backup/ -s 1G /dev/sda

Restore the backup using unzsplit:

# unzsplit -D /dev/sda -d archiveofsda

More usage examples: man zsplit + man unzsplit

Tags: backup, reocvery, spllt, limit, howto

Measure network performance using iperf:

Server side:

% iperf -s -V

Client side:

% iperf -c <server_address> -V

or

Server with 128k TCP window size:

% iperf -s -w128k

Client with running for 60 seconds and bidirectional test:

% iperf -c <server_address> -r -w128k -t60

Tags: network, benchmark

Framebuffer resolutions:

                              Resolution in pixels

Color depth      |   640x480      800x600      1024x768      1280x1024

256        (8bit)|     769          771           773           775

32000     (15bit)|     784          787           790           793

65000     (16bit)|     785          788           791           794

16.7 Mill.(24bit)|     786          789           792           795

vga=0x... modes:

  Mode 0x0300: 640x400 (+640), 8 bits

  Mode 0x0301: 640x480 (+640), 8 bits

  Mode 0x0303: 800x600 (+800), 8 bits

  Mode 0x0303: 800x600 (+832), 8 bits

  Mode 0x0305: 1024x768 (+1024), 8 bits

  Mode 0x0307: 1280x1024 (+1280), 8 bits

  Mode 0x030e: 320x200 (+640), 16 bits

  Mode 0x030f: 320x200 (+1280), 24 bits

  Mode 0x0311: 640x480 (+1280), 16 bits

  Mode 0x0312: 640x480 (+2560), 24 bits

  Mode 0x0314: 800x600 (+1600), 16 bits

  Mode 0x0315: 800x600 (+3200), 24 bits

  Mode 0x0317: 1024x768 (+2048), 16 bits

  Mode 0x0318: 1024x768 (+4096), 24 bits

  Mode 0x031a: 1280x1024 (+2560), 16 bits

  Mode 0x031b: 1280x1024 (+5120), 24 bits

  Mode 0x0330: 320x200 (+320), 8 bits

  Mode 0x0331: 320x400 (+320), 8 bits

  Mode 0x0332: 320x400 (+640), 16 bits

  Mode 0x0333: 320x400 (+1280), 24 bits

  Mode 0x0334: 320x240 (+320), 8 bits

  Mode 0x0335: 320x240 (+640), 16 bits

  Mode 0x0336: 320x240 (+1280), 24 bits

  Mode 0x033c: 1400x1050 (+1408), 8 bits

  Mode 0x033d: 640x400 (+1280), 16 bits

  Mode 0x033e: 640x400 (+2560), 24 bits

  Mode 0x0345: 1600x1200 (+1600), 8 bits

  Mode 0x0346: 1600x1200 (+3200), 16 bits

  Mode 0x034d: 1400x1050 (+2816), 16 bits

  Mode 0x035c: 1400x1050 (+5632), 24 bits

Tags: framebuffer, resolution

Portscan using netcat:

# netcat -v -w2 <host|ip-addr.> 1-1024

Run apt-get but disable apt-listchanges:

APT_LISTCHANGES_FRONTEND=none apt-get ...

Upgrade system but disable apt-listbugs:

APT_LISTBUGS_FRONTEND=none apt-get ...

Set up a Transparent Debian Proxy

Install of apt-cacher, the default config will do:

# apt-get install apt-cacher

Check out the ip address of debian mirror(s).

Then add this to your firewall script:

DEBIAN_MIRRORS="141.76.2.4 213.129.232.18"

for ip in ${DEBIAN_MIRRORS} ; do

  ${IPTABLES} -t nat -A PREROUTING -s $subnet -d $ip -p tcp --dport 80 -j REDIRECT --to-port 3142

done

where ${IPTABLES} is the location of your iptables binary

and $subnet is your internal subnet.

Now everybody in your subnet who does access either

ftp.de.debian.org or ftp.at.debian.org will actually

access your apt-cacher instead.

To use apt-cacher on the router itself, add the following

line to your /etc/apt/apt.conf:

Acquire::http::Proxy "http://localhost:3142/";

Tags: proxy, debian, apt-get, howto

Version control using Mercurial

Setting up a Mercurial project:

% cd project

% hg init           # creates .hg

% hg add            # add all files

% hg commit         # commit all changes, edit changelog entry

Branching and merging:

% hg clone linux linux-work  # create a new branch

% cd linux-work

<make changes>

% hg commit

% cd ../linux

% hg pull ../linux-work     # pull changesets from linux-work

% hg merge                  # merge the new tip from linux-work into

                            # (old versions used "hg update -m" instead)

                            # our working directory

% hg commit                 # commit the result of the merge

Importing patches:

% cat ../p/patchlist | xargs hg import -p1 -b ../p

Exporting a patch:

(make changes)

% hg commit

% hg tip

1234:af3b5cd57dd5

% hg export 1234 > foo.patch    # export changeset 1234

Export your current repo via HTTP with browsable interface:

% hg serve -n "My repo" -p 80

Pushing changes to a remote repo with SSH:

% hg push ssh://user@example.com/~/hg/

Merge changes from a remote machine:

host1% hg pull http://foo/

host2% hg merge # merge changes into your working directory

Set up a CGI server on your webserver:

% cp hgwebdir.cgi ~/public_html/hg/index.cgi

% $EDITOR ~/public_html/hg/index.cgi # adjust the defaults

Download binary codecs for mplayer:

# /usr/share/mplayer/scripts/win32codecs.sh

or

# /usr/share/mplayer/scripts/binary_codecs.sh install

(depending on the mplayer version you have).

To play encrypted DVDs and if you are living in a country where using

libdvdcss code is not illegal can install Debian package libdvdread3

and use the script /usr/share/doc/libdvdread3/install-css.sh.

Read manpages of uninstalled packages with debman:

% debman -p git-core git

Test network performance using netperf:

Server:

# netserver

Client:

# netperf -t TCP_STREAM -H 192.168.0.41

Tags: benchmark, network

Setup Xen within 20 minutes on Debian/grml

Install relevant software und update grub's menu.lst (Xen does not work with

usual lilo so install grub instead if not done already):

apt-get install linux-image-2.6.18-1-xen-686 xen-hypervisor-3.0.3-1-i386 \

                 xen-utils-3.0.3-1 xen-tools bridge-utils

update-grub

Example for installation of Debian etch as DomU:

mkdir /mnt/md1/xen

xen-create-image --debootstrap --dir=/mnt/md1/xen --size=2Gb --memory=512Mb --fs=ext3 \

   --cache=yes --dist=etch --hostname=xengrml1 --ip 192.168.1.2 --netmask 255.255.255.0 \

  --gateway 192.168.1.1 --initrd=/boot/initrd.img-2.6.18-1-xen-686 \

  --kernel=/boot/vmlinuz-2.6.18-1-xen-686 --mirror=http://ftp.at.debian.org/debian/

Start services:

/etc/init.d/xend start

/etc/init.d/xendomains start

Setup a bridge for network, either manually:

brctl addbr xenintbr

brctl stp xenintbr off

brctl sethello xenintbr 0

brctl setfd xenintbr 0

ifconfig xenintbr 192.168.1.1 netmask 255.255.255.0 up

or via /etc/network/interfaces (run ifup xenintbr to bring up the device then

without rebooting):

auto xenintbr

iface xenintbr inet static

  pre-up brctl addbr xenintbr

  post-down brctl delbr xenintbr

  address 192.168.1.1

  netmask 255.255.255.0

  bridge_fd 0

  bridge_hello 0

  bridge_stp off

Setup forwarding (adjust $PUBLIC_IP; for permanet setup use /etc/sysctl.conf and

add the iptables commands to a startup script like /etc/init.d/rc.local):

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j SNAT --to $PUBLIC_IP

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to $PUBLIC_IP

Adjust network configuration of Xend:

cat >> /etc/xen/xend-config.sxp << EOF

(network-script    network-route)

(vif-bridge        xenintbr)

(vif-script        vif-bridge)

EOF

List domains, start up a DomU, shutdown later again:

xm create -c /etc/xen/xengrml1.cfg

xm list

xm shutdown 1

This HowTo is also available online at http://grml.org/xen/

Tags: howto, xen, grml

Play tetris with zsh:

autoload -U tetris

zle -N tetris

bindkey "^Xt" tetris

Now press 'ctrl-x t'.

Set up a router with grml

Run grml-router script:

# grml-router

Install dnsmasq if not already present:

# apt-get update ; apt-get install dnsmasq

Adjust /etc/dnsmasq.conf according to your needs:

# cat >> /etc/dnsmasq.conf << EOF

domain-needed

bogus-priv

dhcp-range=19.168.0.124,192.168.0.254,1m # dhcp range

dhcp-option=3,192.168.0.1   # dns server

dhcp-option=1,255.255.255.0 # netmask

EOF

Start dnsmasq finally:

# Restart dnsmasq

Tags: network, router, grml

Display stats about memory allocations performed by a program:

Usage example for 'ls':

% LD_PRELOAD=/lib/libmemusage.so ls > /dev/null

Use KVM (Kernel-based Virtual Machine for Linux):

Make sure to install the relevant tools:

# apt-get update ; apt-get install kvm

# modprobe kvm

Test it with a minimal system like ttylinux:

# wget http://www.minimalinux.org/ttylinux/packages/bootcd-i386-5.3.iso.gz

# gzip -d bootcd-i386-5.3.iso.gz

# kvm -cdrom bootcd-i386-5.3.iso

EEPROM data decoding for SDRAM DIMM modules:

# modprobe eeprom

# /usr/share/doc/lm-sensors/examples/eeprom/decode-dimms.pl

Set up and use DVB:

Make sure your device is supported by Linux and running.

See http://www.linuxtv.org/ for more details.

If the DVB device works on your system (see 'hwinfo --usb'

when using a DVB usb device for example), then make sure you

have the scan util from dvb-utils available:

# aptitude install dvb-utils

Then create a channels.conf configuration file:

% scan /usr/share/doc/dvb-utils/examples/scan/... > ~/.mplayer/channels.conf

You can find some example configuration files on

your grml system in ~/.channels. Usage example:

% ln -s ~/.mplayer/channels.conf-AT-graz ~/.mplayer/channels.conf

Tip: w_scan (see http://free.pages.at/wirbel4vdr/w_scan/index2.html)

might be useful if you do not know the initial configuration

details.

Get the lastest mercurial snapshot:

Make sure you have the python-dev package available:

# apt-get update ; apt-get install python-dev

Get and build the source:

% hg clone http://selenic.com/repo/hg mercurial

% cd mercurial

% make local

% export PYTHONPATH=$(pwd)

% export PATH=$PATH:$(pwd)

now you should have the newest version of mercurial whenever you execute hg.

To update to the lastest development snapshot, additionally use

the following commands:

% hg pull -u http://hg.intevation.org/mercurial/crew

% make local

Configure timezone

==================

Available bootoptions relevant in live-cd mode:

-----------------------------------------------

* utc: set UTC, if your system clock is set to UTC (GMT)

* gmt: set UTC, if your system clock is set to UTC (GMT) [like bootoption utc]

* tz=$option: set timezone to corresponding $option, usage example:

  tz=Europe/Vienna

Configuration options relevant on harddisk installation:

--------------------------------------------------------

* Use the tzconfig utility to set the local timezone:

  # tzconfig

  which adjusts /etc/timezone and /etc/localtime according

  to the provided information. Running:

  # dpkg-reconfigure tzdata

  might be useful as well.

* /etc/default/rcS: set variable UTC according to your needs,

  whether your system clock is set to UTC (UTC='yes') or

  not (UTC='no')

* /etc/localtime: adjust zoneinfo according to your needs:

  # ln -sf /usr/share/zoneinfo/$WHATEVER_YOU_WANT /etc/localtime

  The zoneinfo directory contains the time zone files that were

  compiled by zic. The files contain information such as rules

  about DST. They allow the kernel to convert UTC UNIX time into

  appropriate local dates and times. Use the zdump utility to

  print current time and date (in the specified time zone).

* /etc/adjtime: This file is used e.g. by the adjtimex function,

  which can smoothly adjust system time while the system runs

* If you change the time (using 'date --set ...', ntpdate,...)

  it is worth setting also the hardware clock to the correct time:

  # hwclock --systohc [--utc]

  Remember to add the --utc -option if the hardware clock is set

  to UTC!

Still problems?

---------------

Check your current settings via:

  cat /etc/timezone

  zdump /etc/localtime

  echo $TZ

  hwclock --show

  grep hwclock /etc/runlevel.conf

  grep '^UTC' /etc/default/rc

Further information:

--------------------

  hwclock(8) tzselect(1) tzconfig(8)

  http://www.debian.org/doc/manuals/system-administrator/ch-sysadmin-time.html

  http://wiki.debian.org/TimeZoneChanges

Tags: timezone, rtc, configuration

Recorder shellscript session using script:

% script -t 2>~/upgrade.time -a ~/upgrade.script

% scriptreplay ~/upgrade.time ~/upgrade.script

Test UTF-8 capabilities of terminal:

wget http://www.linux-cjk.net/Console/garabik/UTF-8-demo.txt.gz

zcat UTF-8-demo.txt.gz

or:

wget http://www.cl.cam.ac.uk/~mgk25/ucs/examples/UTF-8-test.txt

cat UTF-8-test.txt

UTF-8 at grml / some general information regarding Unicde/UTF-8:

  http://wiki.grml.org/doku.php?id=utf8

This allows one ssh connection attepmt per minute per source ip, with a initial

burst of 10.  The available burst is like a counter which is initialised with

10. Every connection attempt decrements the counter, and every minute where the

connection limit of one per minute is not overstepped the counter is

incremented by one.  If the burst counter is exhausted the real rate limit

comes into play. This gives you 11 connectionattepmts in the first minute

before blocked for 10minutes.  After 10 minutes block the game restarts.

Hint: you could set the burst value to 5 and the block time to only 5 minutes

to achive the same average connection rate but with halve the block time.

iptables -A inet_in -p tcp --syn --dport 22 -m hashlimit --hashlimit-name ssh \

         --hashlimit 1/minute \ --hashlimit-burst 10 --hashlimit-mode srcip   \

         --hashlimit-htable-expire 600000 -j ACCEPT

iptables -A inet_in -p tcp --dport 22 -m state --state NEW -j REJECT

Tunnel a specific connection via socat:

On the client:

% socat TCP4-LISTEN:8003 TCP4:gateway:500

On the gateway:

# socat TCP4-LISTEN:500,fork TCP4:target:$PORT

Using localhost:8003 on the client uses the tunnel now.

Set date:

# date --set=060916102007

where the bits are month(2)/day(2)/hour(2)/minute(2)/year(4)

Set date using a relative date:

# date -s '+3 mins'

or

# date -s '+tomorrow'

Display a specific relative date:

# date -d '+5 days -2 hours'

Don't forget to set hardware clock via:

# hwlock -w

Booting grml via network / PXE:

Start grml-terminalserver on a system with network access

and where grml is running:

# grml-terminalserver

Then booting your client(s) via PXE should work without

any further work.

See: man grml-terminalserver + http://grml.org/terminalserver/

Tags: howto, pxe, network, boot

Debugging SSL communications:

% openssl s_client -connect server.adress:993 > output_file

% openssl x509 -noout -text -in output_file

or

# ssldump -a -A -H -i eth0

See http://prefetch.net/articles/debuggingssl.html for more details.

Tags: debug, ssl, openssl

Remove bootmanager from MBR:

# lilo -M /dev/hda -s /dev/null

Tags: mbr, lilo

Rewrite grub to MBR:

# mount /mnt/sda1

# grub-install --recheck --no-floppy --root-directory=/mnt/sda1 /dev/sda

Tags: mbr, grub

Rewrite lilo to MBR:

# mount /mnt/hda1

# lilo -r /mnt/hda1

Tags: mbr, lilo

Create screenshot of plain/real console - tty1:

# fbgrab -c 1 screeni.png

Create screenshot when running X:

% scrot

Tip: use the gkrellshoot plugin when using gkrellm

Tags: screenshot, xorg

Redirect all connections to hostA:portA to hostB:portB, where hostA and hostB are

different networks:

Run the following commands on hostA:

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A PREROUTING -p tcp --dport portA -j DNAT --to hostB:portB

iptables -A FORWARD -i eth0 -o eth0 -d hostB -p tcp --dport portB -j ACCEPT

iptables -A FORWARD -i eth0 -o eth0 -s hostB -p tcp --sport portB -j ACCEPT

iptables -t nat -A POSTROUTING -p tcp -d hostB --dport portB -j SNAT --to-source hostA

Tags: howto, network, redirect, port

Flash BIOS without DOS/Windows:

Dump flash info and set the flash chip to writable:

# flashrom

Backup the original BIOS:

# flashrom -r backup.bin

Notice: the following step will overwrite your current BIOS!

So make sure you really know what you are doing.

Flash the BIOS image:

# flashrom -wv newbios.bin

Also check out LinuxBIOS: http://linuxbios.org/

Enable shadow passwords:

# shadowconfig on

Set up an IPv6 tunnel on grml:

# ipv6-tunnel start

Set up console newsreader slrn for use with Usenet:

% grml-slrn

Calculate with IPv6 addresses:

% ipv6calc

For usage examples refer to manpage ipv6calc(8).

Tags: ipv6

Common network debugging tools for use with IPv6:

% ping6

% tracepath6

% traceroute6

% tracert6

% nc6

% tcpspray6

Tags: ipv6

Set up NFS (Network File System):

Server-side

~~~~~~~~~~~

Make sure the relevant services are running on the server side:

# /etc/init.d/portmap start

# /etc/init.d/nfs-common start

# /etc/init.d/nfs-kernel-server start

Export shares via /etc/exports:

/backups 192.168.1.100/24(rw,wdelay,no_root_squash,async,subtree_check)

... or manually export a directory running:

# exportfs -o rw,wdelay,no_root_squash,async,subtree_check 192.168.1.100:/backups

and unexport a share running:

# exportfs -u 192.168.1.100:/backups

and every time when you modify /etc/exports file run

# exportfs -ra

Display what NFS components are running:

# rpcinfo -p

Display list of exported shares:

# exportfs -v

or

# showmount -e

Client-side

~~~~~~~~~~~

Make sure the relevant services are running on the client side:

# /etc/init.d/portmap start

# /etc/init.d/nfs-common start

Verify that the server allows you to access its RPC/NFS services:

# rpcinfo -p server_name

Check what directories the server exports:

# showmount -e server_name

On the client side you can use something like the following in /etc/fstab:

192.168.1.101:/backups /mnt/nfs nfs defaults,users,wsize=8192,rsize=8192 0 0

Tags: nfs, howto, network

Mount a cloop file:

# aptitude install cloop-src

# m-a a-i cloop-src

# modprobe cloop file=/path/to/cloop/file

# mount -r -t iso9660 /dev/cloop /mnt/test

Create a PS/PDF of a plaintext file:

% a2ps --medium A4dj -E -o output.ps input_file

% ps2pdf output.ps

Print two pages on one in a PDF file:

% pdfnup --nup 2x1 input.pdf

Concatenate, extract pages/parts, encrypt/decrypt,

compress PDFs using 'pdftk'.

Read a PS/PDF file on console:

% pstotext file.pdf

or on plain framebuffer console in graphical mode:

% pdf2ps file.pdf ; ps2png file.ps file.png ; fbi file.png

or

% fbgs file.pdf

Bypass the password of a PDF file:

% gs -q -dNOPAUSE -sDEVICE=pdfwrite -sOutputFile=output.pdf input.pdf -c quit

Record sound:

% rec test.aiff

This will record a AIFF audio file.

Change passphrase / password of an existing SSH key:

% ssh-keygen -p

Enable syntax highlighting in nano:

Just uncomment the include directives for your respective

language at the bottom of the file /etc/nanorc

Create netboot package for grml-terminalserver:

# bash /usr/share/doc/grml-terminalserver/examples/create-netboot

To boot grml via network (PXE) check out grml-terminalserver:

# grml-terminalserver

See http://grml.org/terminalserver/ for more details.

Rotate pictures:

Using the 'Orientation' tag of the Exif header, rotate

the image so that it is upright:

% jhead -autorot *.jpg

Manually rotate a picture:

% convert -rotate 270 input.jpg output.jpg

Rename files based on the information inside their exif header:

% jhead -n%Y-%m-%d_%Hh%M_%f *.jpg

This will rename a file named img_2071.jpg to something like:

2007-08-17_10h38_img_2071.jpg

if it was shot at 10:38 o'clock on 2007-08-17 (according to

the information inside the exif header).

Calculate network / netmask:

Usage examples:

% ipcalc 10.0.0.28 255.255.255.0

% ipcalc 10.0.0.0/24

Blacklist a kernel module:

# blacklist <name_of_kernel_module>

-> running 'blacklist hostap_cs' for example will generate an

entry like this in /etc/modprobe.d/grml:

blacklist hostap_cs

alias hostap_cs off

To remove the module from the blacklist again just invoke:

# unblacklist <name_of_kernel_module>

or manually remove the entry from /etc/modprobe.d/grml.

Create a Debian package of a perl module:

% dh-make-perl --cpan Acme::Smirch --build

The Magic SysRq Keys (SysReq or Sys Req, short for System Request):

To reboot your system using the SysRq keys just hold down the Alt and

SysRq (Print Screen) key while pressing the keys REISUB ("Raising

Elephants Is So Utterly Boring").

R = take the keyboard out of raw mode

E = terminates all processes (except init)

I = kills all processes (except init)

S = synchronizes the disk(s)

U = remounts all filesystems read-only

B = reboot the system

Notice: use O instead of B for poweroff.

Or write the sequence to /proc/sysrq-trigger instead:

# for i in r e i s u b ; do echo $i > /proc/sysrq-trigger ; done

To enable or disable SysRq calls:

# echo 0 > /proc/sys/kernel/sysrq

# echo 1 > /proc/sys/kernel/sysrq

See http://en.wikipedia.org/wiki/Magic_SysRq_key for more details.

Tags: reboot, documentation, sysrq, magic

Memtest / memcheck:

Just boot your grml Live-CD with "memtest" to execute a memcheck/memtest

with Memtest86+.

Tunnel TCP-Traffic through DNS using dns2tcp:

Server-side:

~~~~~~~~~~~~

1. Create necessary DNS-Records:

dnstun.example.com.     3600    IN      NS      host.example.com.

dnstun.example.com.     3600    IN      A       192.168.1.1

host.example.com.       3600    IN      A       192.168.1.1

2. Configure dns2tcpd on host.example.com.:

# cat /etc/dns2tcpd.conf 

listen = 192.168.1.1          #the ip dns2tcpd should listen on

port = 53                     #" port " " " "

user = nobody

chroot = /tmp

domain = dnstun.example.com.  # the zone as specified inside dns

ressources = ssh:127.0.0.1:22 # available resources

3. Start the daemon:

# cat > /etc/default/dns2tcp << EOF

# Set ENABLED to 1 if you want the init script to start dns2tcpd.

ENABLED=1

USER=nobody

EOF

# /etc/init.d/dns2tcp start

Client-side:

~~~~~~~~~~~~

You have two possibilities:

- Use the DNS inside your network (DNS must allow resolving for external domains)

# grep nameserver /etc/resolv.conf 

nameserver 172.16.42.1

# dns2tcpc -z dnstun.example.com 172.16.42.1

Available connection(s) : 

        ssh

# dns2tcpc -r ssh -l 2222 -z dnstun.example.com 172.16.42.1 &

Listening on port : 2222

# ssh localhost -p 2222

user@host.example.com:~#

- Directly contact the endpoint (port 53 UDP must be allowed outgoing)

# dns2tcpc -z dnstun.example.com dnstun.example.com

Available connection(s) : 

        ssh

# dns2tcpc -r ssh -l 2222 -z dnstun.example.com dnstun.example.com &

Listenning on port : 2222

# ssh localhost -p 2222

user@host.example.com:~#

Notice: using 'ssh -D 8080 ..' you will get a socks5-proxy listening on

localhost:8080 which you can use to tunnel everything through your "dns-uplink".

Tags: howto, network, tunnel

Configure a MadWifi device for adhoc mode:

Disable the autocreation of athX devices:

# echo "options ath_pci autocreate=none" > /etc/modprobe.d/madwifi

Remove the autocreated device for now:

# wlanconfig ath0 destroy

Configuration in /etc/network/interfaces:

iface ath0 inet static

  madwifi-base wifi0

  madwifi-mode adhoc

  ...

Hints:

  - Do not use interface names without ending 0 (otherwise startup fails).

  - Only chooss unique names for interfaces.

Find dangling symlinks using zsh:

% ls **/*(-@)

Use approx with runit supervision

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Install the packages:

# apt-get install approx runit

Add user approxlog for the logging daemon:

# adduser --system --home /nonexistent --no-create-home approxlog

Create config directory:

# mkdir /etc/sv/approx

Use /var/run/sv.approx as supervise directory:

# ln -s /var/run/sv.approx /etc/sv/approx/supervise

# cat > /etc/sv/approx/run << EOF

#!/bin/sh

echo 'approx starting'

exec approx -f 2>&1

EOF

You normally do not need a logging service for approx because it logs

to syslog too. So just for completion:

# mkdir -p /etc/sv/approx/log

# ln -s /var/run/sv.approx.log /etc/sv/approx/log/supervise

# cat > /etc/sv/approx/log/run << EOF

#!/bin/sh

set -e

LOG="/var/log/approx"

test -d "$LOG" || mkdir -p -m2750 "$LOG" && chown approxlog:adm "$LOG"

exec chpst -uapproxlog svlogd -tt -v "$LOG"

EOF

Now activate the new approx service (will be started within 5s):

# ln -s /etc/sv/approx/ /var/service/

Make approx managed via runit available via init-script interface:

# dpkg-divert --local --rename /etc/init.d/approx

# ln -s /usr/bin/sv /etc/init.d/approx

Remote-reboot a grml system using SysRQ via /proc (execute as root):

eject &>/dev/null

umount -l /cdrom

eject /dev/cdrom

echo b > /proc/sysrq-trigger

Tags: reboot, howto, grml, network

Show what happens on /dev/sda0:

# mount the debugfs to relay kernel info to userspace

mount -t debugfs none /sys/kernel/debug

# is a convenient wrapper arround blktrace and blkparse

btrace /dev/sda0

Tags: debug, block, partition, trace

Convert Flash to Avi:

% ffmpeg -i input.flv output.avi

Extract MP3 from Flash file:

% for i in *.flv; do ffmpeg -i $i -acodec copy ${i%.flv}.mp3 ; done

Usage example for cryptsetup / -luks encrypted partition on LVM:

volume group name:   x61

logical volume name: home

echo "grml-crypt_home /dev/mapper/x61-home none luks" >> /etc/crypttab

Start cryptdisks

mount /dev/mapper/grml-crypt_home /mnt/test

fdisk/parted/... complains with something like

'unable to open /dev/sda - unrecognised disk label'?!

See http://grml.org/faq/#fdisk =>

* use /sbin/fdisk.distrib from util-linux

* switch to sfdisk, cfdisk,...

* use parted's mklabel command (but please read the

  parted manual before executing this command)

dmraid - support for SW-RAID / FakeRAID controllers

like Highpoint HPT and Promise FastTrack

Activate all software RAID sets discovered:

# dmraid -ay

Deactivates all active software RAID sets:

# dmraid  -an

Discover all software RAID devices supported on the system:

# dmraid -r

Extract winmail.dat:

List content:

% ytnef winmail.dat

Extract files to current directory:

% ytnef -f . winmail.dat

Approx - Debian package proxy/cacher howto

% apt-get install approx

% echo 'debian  http://ftp.de.debian.org/debian' >>/etc/approx/approx.conf

% Restart approx

Add your new approx to sources.list

eg.

deb http://localhost:9999/debian  unstable  main contrib non-free

use approx in grml-debootstrap like:

% grml-debootstrap -r squeeze -t /dev/sda1 -m http://127.0.0.1:9999/debian

Simple webserver with python:

% python -m SimpleHTTPServer

Upgrade only packages from the grml-stable Debian repository:

echo 'deb http://deb.grml.org/ grml-stable main' > /etc/apt/grml-stable.list

apt-get -o Dir::Etc::sourcelist=/etc/apt/grml-stable.list -o Dir::Etc::sourceparts=/doesnotexist update

apt-get upgrade

Install Centos into a directory:

% febootstrap centos-5 directory http://mirror.centos.org/centos-5/5.3/os/i386/

Install Fedora into a directory:

% febootstrap fedora-11 target_directory

Use Nessus / OpenVAS (remote network security auditor):

Install software packages:

# apt-get update

# apt-get install openvas-client openvas-server openvas-plugins-base openvas-plugins-dfsg

Add a user:

# openvas-adduser

Start openvas server (takes a while):

# Start openvas-server

Invoke client as user:

% OpenVAS-Client

Find packages not available from any active apt repository:

% apt-show-versions | awk '/No available version in archive/{print $1}'

Simple mailserver with python:

% python -m smtpd -n -c DebuggingServer localhost:1025

finger via netcat:

echo $USER | nc $HOST 79

Install Archlinux using Grml:

https://wiki.archlinux.org/index.php/Install_from_Existing_Linux

or

wget http://tokland.googlecode.com/svn/trunk/archlinux/arch-bootstrap.sh

Export blockdevices via AoE (ATA over Ethernet):

% vblade -m 11:22:33:44:55:66 160 2 eth0 /dev/sdb1

Allow the host with the mac address 11:22:33:44:55:66 to access /dev/sdb1

via eth0, using the shelf and slot numbers 160 and 2. These numbers are

arbitrary but should be unique within the network.

A word of warning: AoE is prone to all kind of nasty ethernet attacks,

especially arp spoofing. Do not use in hostile networks.

Tags: aoe, blockdevice, export, server

Access blockdevices via AoE (ATA over Ethernet):

% sudo aoe-discover

and the device should show up under /dev/etherd/. If your shelf and

slot numbers re 160 and 2 the device will be /dev/etherd/e160.2

A word of warning: AoE is prone to all kind of nasty ethernet attacks,

especially arp spoofing. Do not use in hostile networks.

Tags: aoe, blockdevice, export, client

Check notebook's battery status:

% acpi -b

or

% cat /sys/class/power_supply/BAT0/capacity

Tags: client, notebook

Change notebook's screen brightness:

% echo $brightness > /sys/class/backlight/intel_backlight/brightness

The max brightness can be shown with:

% cat /sys/class/backlight/intel_backlight/max_brightness

The current brightness can be shown with:

% cat /sys/class/backlight/intel_backlight/brightness

Note: change "intel_backlight" according to your device.

Tags: client, notebook