Install grml to harddisk: # grml2hd Notice: You can pre-select the partition for the partition selector and mbr dialogs inside grml2hd using: # grml2hd /dev/hda1 -mbr /dev/hda See: man grml2hd + http://grml.org/grml2hd/ Tags: grml2hd, installation
Install grml on software RAID level 1: Create /dev/md0 (and some more /dev/md* devices) first of all: # cd /dev && MAKEDEV dev Create RAID: # mdadm --create --verbose /dev/md0 --level=raid1 --raid-devices=2 /dev/hda1 /dev/hdc1 Finally install grml on it: # SWRAID='mbr-only' grml2hd /dev/md0 -mbr /dev/md0 See: man grml2hd + http://grml.org/grml2hd/ Tags: grml2hd, installation, mdadm, raid
Install grml in non interactive mode with grml2hd: Adjust configuration as needed: # vim /etc/grml2hd/config Then execute: # GRML2HD_NONINTERACTIVE=yes grml2hd or run: # grml2hd -i Use with care and only if you really know what you are doing! See: man grml2hd + http://grml.org/grml2hd/ Tags: grml2hd, installation
Configure network: # grml-network Tags: configuration, network
Deactivate error correction of zsh: % NOCOR=1 zsh Run zsh-help for more information regarding zsh. Tags: zsh, configuration
Disable automatic setting of title in GNU screen: % NOPRECMD=1 zsh Set it manually e.g. via: % screen -X title foobar Run zsh-help for more information regarding zsh. Tags: zsh, configuration
Do not use menu completion in zsh: % NOMENU=1 zsh Run zsh-help for more information regarding zsh. Tags: zsh, configuration
Run GNU screen with grml-configuration: % grml-screen or % screen -c /etc/grml/screenrc Tags: screen, configuration
Print out grml-version: % grml-version Tags: grml
Configure mutt: % grml-mutt Tags: mutt
Configure mutt-ng / muttng: % grml-muttng Tags: muttng
Set up Inode-PPTP connection: # grml-pptp-inode or # grml-pptp-xdsl-students Tags: pptp, inode, xdsl
Set up VPN / WLAN connection at TUG (TU Graz): Set ESSID and request for ip-address via DHCP: # iwconfig $DEVICE essid tug # dhclient $DEVICE Now run the main script: # grml-vpnc-tugraz After running the script an init script is available: # /etc/init.d/vpnctug [start|stop] Tags: tug
Set up PPTP connection at VCG (Virtual Campus Graz): # grml-pptp-vcgraz Tags: pptp, vcg
Set up VPN: # grml-vpn <options> Usage example: # grml-vpn -k 2005 add 1000 192.168.20.1 192.168.20.2 See: man grml-vpn Tags: grml, vpn, network
Use encrypted files / partitions: # grml-crypt <options> Usage example: Initialize: # grml-crypt format /mnt/external1/encrypted_file /mnt/test # cp big_file /mnt/test # grml-crypt stop /mnt/test Use: # grml-crypt start /mnt/external1/encrypted_file /mnt/test # grml-crypt stop /mnt/test See: man grml-crypt Tags: crypto, grml-crypt, dmcrypt, luks
Change resolution of X: % xrandr -s '1024x768' Tags: x11, xorg, resolution
Change resolution of framebuffer: # fbset 800x600-60 Tags: resolution
Configure newsreader slrn: % grml-slrn Tags: slrn
Configure grml system: # grml-config Or directly run scripts: # grml-config-root % grml-config-user Tags: grml, configuration
Lock screen (X / console): % grml-lock Press ctrl-alt-x to lock a GNU screen session. Tags: grml, lock, grml-lock, screen
Change wallpaper in X: % grml-wallpaper <press-tab> Tags: grml, wallpaper
Start X window system (XFree86 / Xorg / X.org): % grml-x $WINDOWMANAGER Usage examples: % grml-x fluxbox % grml-x -mode '1024x768' wmii % grml-x -nosync wm-ng Tags: grml-x, x11, xorg, graphic
Collect hardware information: % grml-hwinfo or run as root to collect some more information: # grml-hwinfo will generate a file named info.tar.bz2. Tags: grml, hardware, hwinfo, collect
Configure hardware detection features of harddisk installation: # grml-autoconfig or manually edit /etc/grml/autoconfig[.small] See: man grml-autoconfig Tags: grml, installation, configuration
Bootoptions / cheatcodes / bootparams for booting grml: On the grml-ISO if not running grml: % less /cdrom/GRML/grml-cheatcodes.txt When running grml: % most /usr/share/doc/grml-docs/grml-cheatcodes.txt.gz Tags: grml, cheatcodes, boot, bootoptions, bootparam
Report bugs to Debian's Bug Tracking System (BTS): % reportbug --bts debian or adjust /etc/reportbug.conf to your needs. See: http://grml.org/bugs/ http://www.debian.org/Bugs/ Tags: bug, reportbug, bts, debian
Offline documentation: % grml-info Online documentation: http://grml.org/faq/ http://grml.org/docs/ https://github.com/grml/grml/wiki/bugs Tags: info, grml, grml-info, documentation
Mount NTFS partition (read-write): # mount.ntfs-3g /dev/sda1 /mnt/sda1 Tags: ntfs, mount
Overwrite specific file on an NTFS partition: ntfscp /dev/hda1 /tmp/file_source path/to/file_target
Resize an NTFS partition: # ntfsresize .. Usage example: ntfsresize -n -s 10G /dev/hda1 # testcase ntfsresize -s 10G /dev/hda1 # testing was successfull, now really resize partition cfdisk /dev/hda # delete partition hda1, create new one with 10000MB and fs-type 07 (NTFS) Tags: ntfs, resize, ntfsresize
Modify resolution for intel graphic chipsets: # 915resolution .. Usage example: # 915resolution 4d 1400 1050
Connect bluetooth mouse: # bt-hid start ... and press 'connect' button on your bluetooth device.
Connect bluetooth headset: # bt-audio start ... and press 'connect' button on your bluetooth device.
Secure delete file / directory / partition: # wipe -kq /dev/hda1 See: man wipe Also take a look at shred(1), sfill(1) and http://dban.sourceforge.net/ Tags: delete, secure, wipe, shred
Use grml on Samsung X20 laptop: # apt-get install grml-samsung-x20 See: http://www.michael-prokop.at/computer/samsung_x20.html
Development information regarding grml: http://blog.grml.org/ Tags: blog, grml, developmnet
Contact Grml team: #grml on irc.oftc.net - https://grml.org/irc/ http://grml.org/contact/ Tags: contact, irc, oftc, email
Join the grml mailinglist: http://grml.org/mailinglist/ Tags: grml, mailinglist
Help us - donate! http://grml.org/donations/ Tags: grml, donation
Commercial support / system administration / adjusted live-cds: grml-solutions: http://grml.org/solutions/ Tags: grml, commercial, customize
Information regarding the kernel provided by grml: http://grml.org/kernel/ Tags: documentation, grml, kernel
SMTP command-line test tool: % swaks <options> Usage example: % swaks -s $MAILSERVER -tlsc -a -au $ACCOUNT -ap $PASSWORD -f $MAILADRESSE -t $MAILADRESSE See: man swaks Tags: swak, smtp, test
NTFS related packages: scrounge-ntfs salvage-ntfs ntfsprogs Tags: utils, ntfs
Modify service through init script: # Start ssh # Stop samba # Restart apache # Reload postfix # service gpm start # /etc/init.d/lvm start Tags: init, script, start, stop
Test joystick: # jstest /dev/input/js0
Play movie: % mplayer /path/to/movie Tags: movie, mplayer
Use webcam with mplayer: % mplayer tv:// -tv driver=v4l:width=352:height=288:outfmt=yv12:device=/dev/video0 Tags: webcam, mplayer
Powerful network discovery tool: # scapy Tags: network, python, tool
Grab an entire CD and compress it to Ogg/Vorbis, MP3, FLAC, Ogg/Speex and/or MPP/MP+(Musepack) format: % abcde Tags: rip, abcde, mp3, transcode, audio
Show a console session in several terminals: % gems
Switch behaviour of caps lock key: % caps-ctrl
grep with Perl-compatible regular expressions: % pcregrep
ncp: a fast file copy tool for LANs Local (send file): % npush file_to_copy Remote (receive file): % npoll Tags: copy, file, network
utility for sorting records in complex ways: % msort
a smaller, cheaper, faster SED implementation: % minised
zsh tips: % man zsh-lovers See: http://grml.org/zsh/
zsh reference card for grml system: http://grml.org/zsh/ /usr/share/doc/grml-docs/zsh/grml-zsh-refcard.pdf.gz
Multiple rename: % for i in foo* ; do mv "$i" "bar${i/foo}" ; done % qmv foo* % prename 's/foo/bar/' foo* % mmv "foo*" "bar#1" % zmv 'foo(*)' 'bar$1'
Test TFT / LCD display: % lcdtest
Test sound: % soundtest
Improved grep version: % glark
Grep with highlighting: % grep --color=auto ... % hgrep ... Tags: grep, color, highlight
Extract matches when grepping: Usage examples: % ifconfig | grepc 'inet addr:(.*?)s' % ifconfig | glark --extract-matches 'inet addr:(.*?)s'
Output text as sound: % say 'ghroummel' % xsay # when running X and text selected via mouse
Adjust a grml harddisk (grml2hd) installation: # grml2hd-utils Tags: grml2hd, configuration, installation
Get information on movie files: % tcprobe -i file.avi
Get an overview of your image files: % convert 'vid:*.jpg' thumbnails.jpg
List all standard defines: % gcc -dM -E - < /dev/null
Send a mail as reminder: echo "mail -s 'check TODO-list' $MAILADDRESS < /dev/null" | at 23:42
ncurses-based presentation tool: % tpp See: man tpp and /usr/share/doc/tpp/examples/
Use ICQ / Jabber / Yahoo! / AIM / MSN /... on command line: % centericq
Use IRC on command line: % irssi
Diff / merge files: % vimdiff file1 file2 Re-diffing: :diffupdate Moving between diffs: [c ]c Synchronizing: :diffget :diffput
Hardware monitoring without kernel dependencies: % mbmon
Install grml-iso to usb-stick: % grml2usb grml.iso /mount/point Tags: usbpen, usbstick, installation, grml2usb
Use mplayer on framebuffer console: % mplayer -vo fbdev ...
Use links2 on framebuffer console: % links2 -driver fb ...
Switch language / keyboard: * use the bootparam lang to set language environment ($LANG, $LC_ALL, $LANGUAGE) * use the bootparams keyboard / xkeyboard to activate specific keyboard layout Usage example: 'grml lang=us keyboard=de xkeyboard=de' Or run one of the following commands: % grml-lang de or # loadkeys i386/qwertz/de-latin1-nodeadkeys.kmap.gz # console % setxkbmap de # X11 Tags: language, keyboard, configuration
Switch setting of caps-control key (switch between ctrl + shift) on keyboard: # caps-ctrl
Mount usb device / usb stick: % mount /mnt/external1 # corresponds to /dev/sda1 or % mount /mnt/external # corresponds to /dev/sda
Install Sun Java packages: Download j2re.bin-file from http://java.sun.com/downloads/index.html and run # apt-get install java-package # fakeroot make-jpkg j2re-*.bin # dpkg -i sun-j2re*.deb # update-alternatives --config java
Improved dd version: ddrescue is an improved version of dd which tries to read and if it fails it will go on with the next sectors, where tools like dd will fail. % ddrescue ... See: man ddrescue
How to make an audio file (e.g. Musepack format) out of a DVD track: % mkfifo /tmp/fifo.wav % mppenc /tmp/fifo.wav track06.mpc & % mplayer -vo null -vc null -ao pcm:fast:file=/tmp/fifo.wav -dvd-device /dev/dvd dvd://1 -chapter 6-6 Adjust the mppenc line with the encoder you would like to use, for example 'oggenc -o track06.ogg /tmp/fifo.wav' for ogg files. Alternative: % mplayer -vo null -dumpaudio -dumpfile track06.raw -aid N -dvd-device /dev/dvd dvd://1 -chapter 6-6 to extract audio without processing, where 'N' is the corresponding audio channel (see 'man mplayer') Usage example for getting a PCM/wave file from audio channel 128: % mplayer -vo null -vc null -ao pcm:fast:file=track06.wav -aid 128 -dvd-device /dev/dvd dvd://6
Create simple chroot: # make_chroot_jail $USERNAME
Convert DOS formated file to unix format: sed 's/.$//' dosfile > unixfile # assumes that all lines end with CR/LF sed 's/^M$//' dosfile > unixfile # in bash/tcsh, press Ctrl-V then Ctrl-M sed 's/x0D$//' dosfile > unixfile # gsed 3.02.80, but top script is easier awk '{sub(/r$/,"");print}' # assumes EACH line ends with Ctrl-M gawk -v BINMODE="w" '1' infile >outfile # in DOS environment; cannot be done with # DOS versions of awk, other than gawk tr -d r < dosfile > unixfile # GNU tr version 1.22 or higher tr -d '015' < dosfile > unixfile # use octal value for "r" (see man ascii) tr -d '[015032]' < dosfile > unixfile # sometimes ^Z is appended to DOS-files vim -c ":set ff=unix" -c ":wq" file # convert using vim vim -c "se ff=dos|x" file # ... and even shorter ;) recode ibmpc..lat1 file # convert using recode echo -e "s/r//g" > dos2unix.sed; sed -f dos2unix.sed < dosfile > unixfile Tags: windows, line, convert, recode, tr, line end,
Save live audio stream to file: % mplayer -ao pcm:file=$FILE $URL
Save live stream to file: % mplayer -dumpfile $FILE -dumpstream $STREAM or % mencoder mms://$URL -o $FILE -ovc copy -oac copy or % mimms mms://file.wmv
Merge video files: AVI: % avimerge -i *.avi -o blub.avi MPEG: % cat *.mpg > blub.mpg WMV: % mencoder file1.wmv -ovc lavc -oac lavc -ofps 25 -srate 48000 -mc 0 -noskip -forceidx -o file1.avi % mencoder file2.wmv -ovc lavc -oac lavc -ofps 25 -srate 48000 -mc 0 -noskip -forceidx -o file2.avi % avimerge -i file1.avi file2.avi -o blub.avi
Display MS-Word file: % strings file.doc | fmt | less or % antiword file.doc
Convert MS-Word file to postscript: % antiword -p a4 file.doc > file.ps
Convert manual to postscript: % zcat /usr/share/man/man1/zsh.1.gz | groff -man > zsh.1.ps or % man -t zsh > zsh.ps
Read BIOS: % dd if=/dev/mem bs=1k skip=768 count=256 2>/dev/null | strings -n 8
Read HTTP via netcat: echo -e "GET / HTTP/1.1rnHost: $DOMAINrnrn" | netcat $DOMAIN 80
Get X ressources for specific program: % xrdb -q |grep -i xterm
Get windowid of specific X-window: % xwininfo -int | grep "Window id:" | cut -d ' ' -f 4
Get titel of specific X-window: % xprop WM_CLASS
check locale - LC_MESSAGES: % locale -ck LC_MESSAGES
Create random password: % pwgen or % dd if=/dev/urandom bs=14 count=1 | hexdump | cut -c 9-
Get tarballs of various Linux Kernel trees: % ketchup 2.6 to get the current stable 2.6 release % ketchup -l to get a list of all supported trees
Transfer your SSH public key to another host: % ssh-keygen # ssh-keygen / ssh-key-gen: if you don't have a key yet [...] % ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote-system or % cat $HOME/.ssh/id_rsa.pub | ssh user@remote-system 'cat >> .ssh/authorized_keys' Tags: ssh, ssh key, public key, ssh-copy-id, ssh-keygen
Update /etc/fstab entries: # grml-rebuildfstab See "man grml-rebuildfstab" for more details about generation of /etc/fstab (including stuff like fs LABELs / UUIDs,...).
Fetch and potentially change SCSI device parameters: # sdparm /dev/sda See: man sdparm
reclaim disk space by linking identical files together: % dupmerge...
Find and remove duplicate files: % dupseek ...
Perform layer 2 attacks: # yersinia ... Tags: network, attack, security
rootsh
Guess PC-type hard disk partitions / partition table: # gpart <options> Perform a standard scan: # gpart /dev/ice Write back the guessed table: # gpart -W /dev/ice /dev/ice Tags: partition, recovery, disk
Develop, test and use exploit code with the Metasploit Framework: cd /tmp wget http://spool.metasploit.com/releases/framework-3.2.tar.gz unp framework-3.2.tar.gz cd framework-3.2 ./msfcli
Useful documentation: % w3m /usr/share/doc/Debian/reference/reference.en.html or % xpdf =(zcat /usr/share/doc/Debian/reference/reference.en.pdf.gz) http://grml.org/docs/ grml Documentation http://wiki.grml.org/ grml Wiki http://www.debian.org/doc/ Debian Documentation http://wiki.debian.org/ Debian Wiki http://www.gentoo.org/doc/en/ Gentoo Documentation http://gentoo-wiki.com/ Gentoo Wiki http://www.tldp.org/ The Linux Documentation Project Tips and tricks: % fortune debian-hints Tags: documentation
Fun stuff: % fortune debian-hints % dpkg -L funny-manpages
Backup master boot record (MBR): # dd if=/dev/ice of=/tmp/backup_of_mbr bs=512 count=1 Tags: backup, mbr
Backup partition table: # sfdisk -d /dev/hda > hda.out Restore partition table: # sfdisk /dev/hda < hda.out Tags: backup, partition, sfdisk, recovery
Clone disk via network using netcat: Listener: # nc -vlp 30000 > hda1.img Source: # dd if=/dev/hda1 | nc -vq 0 192.168.1.2 30000 Adjust blocksize (dd's option bs=...) and include 'gzip -c' to tune speed: # dd if=/dev/hda1 bs=32M | gzip -c | nc -vq 0 192.168.1.2 30000 Tags: network, backup, dd, netcat
Backup specific directories via cpio and ssh: # for f in directory_list; do find $f >> backup.list done # cpio -v -o --format=newc < backup.list | ssh user@host "cat > backup_device" Tags: backup
Clone disk via ssh: This one uses CPU cycles on the remote server to compare the files: # ssh target_address cat remotefile | diff - localfile # cat localfile | ssh target_address diff - remotefile This one uses CPU cycles on the local server to compare the files: # ssh target_address cat <localfile "|" diff - remotefile Tags: network, backup, ssh
Useful tools for cloning / backups: * dd: convert and copy a file * dd_rescue: copies data from one file (or block device) to another * pcopy: a replacement for dd * partimage: back up and restore disk partitions * dirvish: Disk based virtual image network backup system * devclone: in-place filesystem conversion -- device cloning * ntfsclone: efficiently clone, image, restore or rescue an NTFS * dump: ext2/3 filesystem backup * udpcast: multicast file transfer tool * cpio: copy files to and from archives * pax: read and write file archives and copy directory hierarchies * netcat / ssh / tar / gzip / bzip2: additional helper tools Tags: network, backup, ssh, udp, rescue, recovery
Use grml as a rescue system: Different tools: * dd: convert and copy a file * ddrescue: copies data from one file or block device to another * partimage: Linux/UNIX utility to save partitions in a compressed image file * cfdisk: Partition a hard drive * nparted: Newt and GNU Parted based disk partition table manipulator * parted-bf: The GNU Parted disk partition resizing program, small version * testdisk: Partition scanner and disk recovery tool * gpart: Guess PC disk partition table, find lost partitions ext2/ext3: * e2fsprogs: ext2 file system utilities and libraries * e2tools: utilities for manipulating files in an ext2/ext3 filesystem * e2undel: Undelete utility for the ext2 file system * ext2resize: an ext2 filesystem resizer * recover: Undelete files on ext2 partitions ReiserFS/Reiser4: * reiser4progs: administration utilities for the Reiser4 filesystem * reiserfsprogs: User-level tools for ReiserFS filesystems XFS: * xfsdump: Administrative utilities for the XFS filesystem * xfsprogs: Utilities for managing the XFS filesystem JFS: * jfsutils: utilities for managing the JFS filesystem NTFS: * ntfsprogs: tools for doing neat things in NTFS partitions from Linux * salvage-ntfs: free NTFS data recovery tools * scrounge-ntfs: data recovery program for NTFS file systems * ntfsresize: resize ntfs partitions Tags: ntfs, jfs, xfs, ext3, rescue, recovery, backup, filesystem, tools
Get ASCII value of a character with zsh: % char=N ; print $((#char))
Convert a collection of mp3 files to wave or cdr using zsh: % for i (./*.mp3){mpg321 --w - $i > ${i:r}.wav}
Convert images (foo.gif to foo.png) using zsh: % for i in **/*.gif; convert $i $i:r.png
Remove all "non txt" files using zsh: % rm ./^*.txt
Remote Shell Using SSH: remote host: % ssh -NR 3333:localhost:22 user@yourhost local host: % ssh user@localhost -p 3333 Tags: port forwarding, ssh, remote port, network
Reverse Shell with Netcat: local host: % netcat -v -l -p 3333 -e /bin/sh remote host: % netcat 192.168.0.1 3333 TagS: port forwarding, ssh, remote, network
Reverse Shell via SSH: local host (inside the network): % ssh -NR 1234:localhost:22 remote_host remote host (outside the network): % ssh localhost -p 1234 Tags: port forwarding, ssh, remote port, network
Remove empty directories with zsh: % rmdir ./**/*(/od) 2> /dev/null
Find all the empty directories in a tree with zsh: % ls -ld *(/^F)
Find all files without a valid owner and change ownership with zsh: % chmod user /**/*(D^u:${(j.:u:.)${(f)"$(</etc/passwd)"}%%:*}:)
Display the 5-10 last modified files with zsh: % print -rl -- /path/to/dir/**/*(D.om[5,10])
Find and list the ten newest files in directories and subdirs (recursive) with zsh: % print -rl -- **/*(Dom[1,10])
Find most recent file in a directory with zsh: % setopt dotglob ; print directory/**/*(om[1])
Tunnel all traffic through an external server: % ssh -ND 3333 username@external.machine Then set the SOCKS4/5 proxy to localhost:3333. Check whether it's working by surfing e.g. to checkip.dyndns.org Tags: ssh, network, proxy, socks, tunnel
Tunnel everything through SSH via tsocks: set up the SSH proxy on the client side: % ssh -ND 3333 user@remote.host.example.com Adjust /etc/tsocks.conf afterwards (delete all other lines): server = 127.0.0.1 server_port = 3333 For programs who natively support proxying connections (e.g. Mozilla Firefox) you can now set the proxy address to localhost port 3333. All other programs which's connections you want to tunnel through your external host are prefixed with tsocks, e.g.: % tsocks netcat example.com 80 % tsocks irssi -c irc.quakenet.eu.org -p 6667 If you call tsocks without parameters it executes a shell witht the LD_PRELOAD environment variable already set and exported. Tags: ssh, network, proxy, socks, tunnel, tsocks
smartctl - control and monitor utility for harddisks using Self-Monitoring, Analysis and Reporting Technology (SMART): # smartctl --all /dev/ice If you want to use smartctl on S-ATA (sata) disks use: # smartctl -d ata --all /dev/sda Start offline test: # smartctl -t offline /dev/ice Start short test: # smartctl -t short /dev/ice Display results of test: # smartctl -l selftest /dev/ice Query device information: # smartctl -i /dev/ice Tags: smart, s.m.a.r.t, info, test, hardware
Mount a BSD / Solaris partition: # mount -t ufs -o ufstype=ufs2 /dev/hda1 /mnt/hda1 Use ufstype 44bsd for FreeBSD, NetBSD, OpenBSD (read-write). Use ufstype ufs2 for >= FreeBSD 5.x (read-only). Use ufstype sun for SunOS (Solaris) (read-write). Use ufstype sunx86 for SunOS for Intel (Solarisx86) (read-write). See /usr/share/doc/linux-doc-$(uname -r)/Documentation/filesystems/ufs.txt.gz for more details. Tags: ufs, bsd, mount, solaris
Read BIOS (and or BIOS) password: # dd if=/dev/mem bs=512 skip=2 count=1 | hexdump -C | head
Clone one of the kernel trees via git: git clone rsync://rsync.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This path defines the tree. See http://kernel.org/git/ for an overview.
Mount filesystems over ssh protocol: % sshfs user@host:/remote_dir /mnt/test Unmount via: % fusermount -u /mnt/test (Notice: requires fuse kernel module) Tags: ssh, sshfs, network, mount, directory, remote, fuse
Install Gentoo using grml: See http://www.gentoo.org/doc/en/altinstall.xml
Install (plain) Debian (sarge release) via grml: Assuming you want to install Debian to sda1: mkfs.ext3 /dev/sda1 # make an ext3 filesystem on /dev/sda1 mount -o rw,suid,dev /dev/sda1 /mnt/test # now mount the new partition debootstrap sarge /mnt/test ftp://ftp.tugraz.at/mirror/debian # get main packages from a debian-mirror chroot /mnt/test /bin/bash # let's chroot into the new system mount -t devpts none /dev/pts # ...otherwise running base-config might fail ("Terminated" or "openpty failed") mount -t proc none /proc # make sure we also have a mounted /proc base-config # now configure some main settings vi /etc/mkinitrd/mkinitrd.conf # adjust $ROOT (to /dev/sda1) for your new partition, autodetection will fail in chroot cd /dev ; ./MAKEDEV generic # make sure we have all necessary devices for lilo apt-get install lilo linux-image-2.6.12-1-386 # install lilo and a kernel which fits your needs cp /usr/share/doc/lilo/examples/conf.sample /etc/lilo.conf # let's use a template vi /etc/lilo.conf && lilo # adjust the file for your needs and run lilo afterwards umount /proc ; umount /dev/pts # we do not need them any more exit # now leave chroot cp /etc/hosts /etc/fstab /mnt/test/etc/ # you might want to take the existing files... cp /etc/network/interfaces /mnt/test/etc/network/ # ...from the running grml system for your new system umount /mnt/test && reboot # unmount partition and reboot... See also: http://www.debian.org/releases/stable/i386/apcs04.html.en Avoid all of the above steps - use grml-debootstrap(8) instead! Tags: manual, installation, debian, debootstrap
Install (plain) Debian (etch release) via grml Assuming you want to install Debian to sda1: mkfs.ext3 /dev/sda1 # make an ext3 filesystem on /dev/sda1 mount -o rw,suid,dev /dev/sda1 /mnt/test # now mount the new partition debootstrap etch /mnt/test ftp://ftp.tugraz.at/mirror/debian # get main packages from a debian-mirror chroot /mnt/test /bin/bash # let's chroot into the new system mount -t proc none /proc # make sure we have a mounted /proc apt-get install locales console-data # install locales dpkg-reconfigure locales console-data # adjust locales to your needs apt-get install vim most zsh screen less initrd-tools file grub usbutils pciutils bzip2 sysfsutils dhcp3-client resolvconf strace lsof w3m # install useful software apt-get install linux-headers-2.6-686 linux-image-686 # install current kernel echo "127.0.0.1 localhost" > /etc/hosts # adjust /etc/hosts and network: cat >> /etc/network/interfaces << EOF iface lo inet loopback iface eth0 inet dhcp auto lo auto eth0 EOF ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime # adjust timezone and /etc/fstab: cat >> /etc/fstab << EOF sysfs /sys sysfs auto 0 0 proc /proc proc defaults 0 0 /dev/sda1 / ext3 defaults,errors=remount-ro 0 1 /dev/sda2 none swap sw 0 0 /dev/cdrom /mnt/cdrom0 iso9660 ro,user,noauto 0 0 EOF passwd # set password of user root mkdir /boot/grub # setup grub cp /usr/share/doc/grub/examples/menu.lst /boot/grub cat >> /boot/grub/menu.lst << EOF title Debian Etch, kernel 2.6.18-3-686 (on /dev/sda1) root (hd0,0) kernel /boot/vmlinuz-2.6.18-3-686 root=/dev/sda1 ro initrd /boot/initrd.img-2.6.18-3-686 EOF vim /boot/grub/menu.lst # adjust grub configuration to your needs cd /dev && MAKEDEV generic # create default devices cp -i /usr/lib/grub/i386-pc/* /boot/grub/ # copy stage-files to /boot/grub/ grub install # now install grub, run in grub-cmdline following commands: > root (hd0,0) > setup (hd0) > quit umount -a # unmount all filesystems in chroot and finally: exit # exit the chroot and: reboot If you want to use lilo instead of grub take a look at /usr/share/doc/lilo/examples/conf.sample or use the following template: cat > /etc/lilo.conf << EOF # This allows booting from any partition on disks with more than 1024 cylinders. lba32 # Specifies the boot device boot=/dev/sda1 # Specifies the device that should be mounted as root. root=/dev/sda1 # use Debian on software raid: # raid-extra-boot=mbr-only install=text # prompt timeout=1 map=/boot/map vga=normal image=/boot/vmlinuz-2.6.18-grml label="2.6.18-grml" #append="...." read-only initrd=/boot/initrd.img-2.6.18-grml EOF See also: http://www.debian.org/releases/stable/i386/apcs04.html.en Avoid all of the above steps - use grml-debootstrap(8) instead! Tags: manual, installation, debian, debootstrap, howto
Convert files from Unicode / UTF-8 to ISO: % iconv -c -f utf8 -t iso-8859-15 < utffile > isofile and vice versa: % iconv -f iso-8859-15 -t utf8 < isofile > utffile Tags: utf-8, iso, unicode, utf8
Assign static setup for network cards (NICs) via udev: Retrieve information for address (corresponding to MAC address): # udevadm info -a -p /sys/class/net/eth0/ | grep -i 'ATTR{address}' Execute /lib/udev/write_net_rules with according values (INTERFACE is old NIC name, INTERFACE_NAME is new NIC name and MATCHADDR is the MAC address retrieved with udevadm info command): # INTERFACE=eth0 INTERFACE_NAME=lan0 MATCHADDR=00:00:00:00:00:01 /lib/udev/write_net_rules This will generate file /etc/udev/rules.d/70-persistent-net.rules with content: SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:00:00:00:00:01", KERNEL=="eth*", NAME="lan0" Finally take down the interface (ifdown/ifconfig) and execute: # udevadm trigger --action=add --subsystem-match=net so the interface will be renamed. (Rebooting or unloading drivers/restart udev/loading drivers again works as well of course.) Tags: udev, configuration, name, eth0, howto
Change the suffix from *.sh to *.pl using zsh: % autoload zmv % zmv -W '*.sh' '*.pl'
Generate SSL certificate: Create self signed certificate (adjust /etc/ssl/openssl.cnf if necessary): # openssl req -x509 -newkey rsa:1024 -keyout keyfile -out certfile -days 9999 -nodes Check certfile: # openssl x509 -in certfile -text Verify against CA certificate: # openssl verify -CAfile cacert.crt -verbose -purpose sslserver Generate 2048bit RSA-key: # openssl req -new -x509 -keyout pub-sec-key.pem -out pub-sec-key.pem -days 365 -nodes As before but add request to existing key pub-sec-key.pem: # openssl req -new -out request.pem -keyin pub-sec-key.pem Show request request.pem: # openssl req -text -noout -in request.pem Verify signature of request request.pem: # openssl req -verify -noout -in request.pem Generate SHA1 fingerprint (modulo key) of request.pem: # openssl req -noout -modulus -in request.pem | openssl sha1 -c Generate 2048bit RSA-key and put it to pub-sec-key.pem. Save self signed certificate in self-signed-certificate.pem: # openssl req -x509 -days 365 -newkey rsa:2048 -out self-signed-certificate.pem -keyout pub-sec-key.pem As before but create self signed certificate based on existing key pub-sec-key.pem: # openssl req -x509 -days 365 -new -out self-signed-certificate.pem -key pub-sec-key.pem Generate new request out of existing self signed certificate: # openssl x509 -x509toreq -in self-signed-certificate.pem -signkey pub-sec-key.pem -out request.pem Display certificate self-signed-certificate.pem in plaintext: # openssl x509 -text -noout -md5 -in self-signed-certificate.pem Check self signed certificate: # openssl verify -issuer_checks -CAfile self-signed-certificate.pem self-signed-certificate.pem Estable OpenSSL-connection using self-signed-certificate.pem and display certificate: # openssl s_client -showcerts -CAfile self-signed-certificate.pem -connect www.example.com:443 Generate ssl-certificate for use with apache2: export RANDFILE=/dev/random mkdir /etc/apache2/ssl/ openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem chmod 600 /etc/apache2/ssl/apache.pem Also take a look at make-ssl-cert (debconf wrapper for openssl): # /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/apache.pem and mod-ssl-makecert (utility to create SSL certificates in /etc/apache/ssl.*/). Tags: openssl, howto
Change Windows NT password(s): # mount -o rw /mnt/hda1 # cd /mnt/hda1/WINDOWS/system32/config/ # chntpw SAM SECURITY system Notice: if mounting the partition read-write did not work (check syslog!) try using mount.ntfs-3g instead: mount.ntfs-3g /dev/hda1 /mnt/hda1 (Be careful with deactivating syskey!) Tags: password, windows, recovery, chntpw, howto
glark - replacement for grep written in Ruby: A replacement for (or supplement to) the grep family, glark offers: Perl compatible regular expressions, highlighting of matches, context around matches, complex expressions and automatic exclusion of non-text files. Usage examples: % glark -y keyword file # display only the region that matched, not the entire line % glark -o format print *.h # search for either "printf" or "format" More information: man glark
Find CD burning device(s): General information on CD-ROM: % cat /proc/sys/dev/cdrom/info Scan using ATA Packet specific SCSI transport: # cdrecord -dev=ATA -scanbus # cdrecord-prodvd -s -scanbus dev=ATA Get specific information for /dev/ice: # cdrecord dev=/dev/ice -scanbus Tags: hardware, info, cd burn
Create devices in /dev on udev: For example create md devices (/dev/md0, /dev/md1,...): # cd /dev ; WRITE_ON_UDEV=1 ./MAKEDEV md Tags: raid, device
Identify network device (NIC): # ethtool -i $DEVICE Show NIC statistics: # ethtool -S $DEVICE If your NIC shows some aging signs, you may want to be sure: # ethtool -t $DEVICE Disable TCP/UDP checksums: # ethtool -K $DEVICE tx off Tags: configuration, network, device
grml2hd seems to hang? Getting Squashfs errors? Problems while booting? Switch to tty12 and take a look at the syslog. If you see something like: SQUASHFS error: zlib_fs returned unexpected result 0x........ SQUASHFS error: Unable to read cache block [.....] SQUASHFS error: Unable to read inode [.....] your ISO/CD-ROM very probably is not ok. Verify it via booting with grml testcd. Check your CD low-level via running: # readcd -c2scan dev=/dev/cdrom If the medium really is ok and it still fails try to boot with deactivated DMA via using grml nodma at the bootprompt. Tags: grml2hd, installation, verify, squashfs, error
Write a Microsoft compatible boot record (MBR) using ms-sys Write a Windows 2000/XP/2003 MBR to a device: # ms-sys -m /dev/ice Notice: grab ms-sys from http://ms-sys.sourceforge.net/ - demo: wget http://surfnet.dl.sourceforge.net/sourceforge/ms-sys/ms-sys-2.1.3.tgz unp ms-sys-2.1.3.tgz cd ms-sys-2.1.3 make ./bin/ms-sys ... Tags: mbr, windows, ms-sys, recovery
Use a Vodafone 3G Datacard (UMTS) with Linux: Plug in your vodafone card and check in syslog whether the appropriate (probably /dev/ttyUSB0 or /dev/noz0) has been created. If so run: # comgt -d $DEVICE # wvdial --config /etc/wvdial.conf.umts $PROFILE Usage examples: # comgt -d /dev/ttyUSB0 # wvdial --config /etc/wvdial.conf.umts a1usb # comgt -d /dev/noz0 # wvdial --config /etc/wvdial.conf.umts tmnozomi # comgt -d /dev/noz0 # wvdial --config /etc/wvdial.conf.umts dreiusb # comgt -d /dev/ttyACM0 # wvdial --config /etc/wvdial.conf.umts yesss If you receive invalid DNS nameservers when connecting, like: [...] --> primary DNS address 10.11.12.13 --> secondary DNS address 10.11.12.14 just provide a working nameserver to resolvconf via: # echo "nameserver 80.120.17.70" | resolvconf -a ppp0 Notice: some vodafone cards require the nozomi driver (run 'modprobe nozomi' on your grml system), some other ones require the sierra driver (run 'modprobe sierra'). If your device isn't supported by usbserial yet, manually provide vendor and product ID when loading the usbserial module. Usage example: % lsusb [...] Bus 004 Device 008: ID 1199:6813 Sierra Wireless, Inc. # modprobe usbserial vendor=0x1199 product=0x6813 To get a list of available providers execute: # comgt -s -d /dev/ttyUSB0 /etc/comgt/operator Tags: umts, 3g, vodafone, sierra, wvdial, ppp, howto
hdparm - get/set hard disk parameters Display the identification info that was obtained from the drive at boot time, if available: # hpdarm -i /dev/ice Request identification info directly from the drive: # hpdarm -I /dev/ice Perform timings of device + cache reads for benchmark and comparison purposes: # hdparm -tT /dev/ice Tags: hardware, performance, configuration, harddisk
bonnie++ - program to test hard drive performance. # mkdir /mnt/benchmark # mount /dev/ice /mnt/benchmark # chmod go+w /mnt/benchmark # bonnie -u grml -d /mnt/benchmark -s 2000M Tags: benchmark, harddisk
Use gizmo with a bluetooth headset: % DEVICE="/dev/dsp$(awk '/- BT Headset/ {print $1}' /proc/asound/cards)" % gizmo --mic $DEVICE --speaker $DEVICE
Scan a v4l device for TV stations: % scantv -c /dev/video0 -C /dev/vbi0 -o ~/.xawtv Then running xawtv should work: % xawtv
Run apt-get with timeout of 3 seconds: # apt-get -o acquire::http::timeout=3 update Tags: apt-get
Debian GNU/Linux device driver check page % $BROWSER http://kmuto.jp/debian/hcl/index.cgi
Use dd with status line: # dd if=/dev/ice conv=noerror,notrunc,sync | buffer -S 100k | dd of=/tmp/file
Generate a 512k file of random data with status bar: % dd if=/dev/random bs=1024 count=512 | bar -s 512k -of ./random
Install Grub instead of lilo on grml installation (grml2hd): install grml: # grml2hd .... adjust grub's configuration file menu.lst: # $EDITOR /boot/grub/menu.lst now install grub (usage example for /dev/sda1): # grub install root (hd0,0) setup (hd0) Tags: grml2hd, grub
Install Ubuntu using grml: See https://wiki.ubuntu.com/Installation/FromKnoppix Tags: ubuntu, installation
Resize ext2 / ext3 partition: # tune2fs -O '^has_journal' /dev/iceX # disable journaling # fsck.ext2 -v -y -f /dev/iceX # check the filesystem # resize2fs -p /dev/iceX $SIZE # resize it (adjust $SIZE) # fdisk /dev/ice # adjust partition in partition table # fsck.ext2 -v -y -f /dev/iceX # check filesystem again # resize2fs -p /dev/iceX # resize it to maximum # tune2fs -j /dev/iceX # re-enable journal Tags: resize, ext2, ext3, ext4, partition, howto
Tune ext2 / ext3 filesystem: Check partition first: # tune2fs -l /dev/iceX If you don't see dir_index in the list, then enable it: # tune2fs -O dir_index /dev/iceX Now run e2fsck with the -D option to have the directories optimized: # e2fsck -D /dev/iceX Notice: since e2fsprogs (1.39-1) filesystems are created with directory indexing and on-line resizing enabled by default. Tags: configuration, ext2, ext3, ext4, partition
Search for printers via network: # pconf_detect -m NETWORK -i 192.168.0.1/24 Tags: printer, network, scan
Mount a remote directory via webdav (e.g. Mediacenter of GMX): # mount -t davfs https://mediacenter.gmx.net/ /mnt/test Tags: webdav, mount, mediacenter, gmx
System-Profiling using oprofile: Prepare setup: # opcontrol --reset # opcontrol --setup --no-vmlinux --event=CPU_CLK_UNHALTED:500000:0:1:1 --separate=library Start logging: # opcontrol --start Now $DO_SOME_TASKS... Stop logging: # opcontrol --shutdown Then take a look at the reports using something like e.g.: # opreport -t 0.5 --exclude-dependent # opreport -t 0.5 /path/to/executable_to_check # opannotate -t 0.5 --source --assembly Tags: profile, profiling, opcontrol, howto
Install ATI's fglrx driver for Xorg / X.org: Usually there already exist drivers for the grml-system: # apt-get update ; apt-get install fglrx-driver fglrx-kernel-`uname -r` After installing adjust xorg.conf via running: # aticonfig --initial --input=/etc/X11/xorg.conf For more information take a look at https://github.com/grml/grml/wiki/ati Tags: xorg, x11, driver, ati
Install nvidia driver for Xorg / X.org: Usually there already exist drivers for the grml-system: # apt-get update ; apt-get install nvidia-glx nvidia-kernel-`uname -r` Then switch from module nv to nvidia: # sed -i 's/Driver.*nv.*/Driver "nvidia"/' /etc/X11/xorg.conf Tags: xorg, x11, driver, nvidia
glxgears - a GLX demo that draws three rotating gears To print frames per second (fps) use: % glxgears -printfps Tags: xorg, x11, glx,
You forgot to boot with 'grml noeject noprompt' to avoid ejecting and prompting for CD removal when rebooting/halting the system? Either run: # noeject reboot or: # noeject halt If you want to avoid only the prompting part, run: # noprompt reboot or: # noprompt halt Tags: bootparam, fix, grml
Mount wikipedia local via fuse: Adjust configuration: % cat ~/.wikipediafs/config.xml <wfs-config> <general> <article-cache-time>300 </general> <sites> <site> <dirname>wikipedia-de <host>de.wikipedia.org <basename>/w/index.php </site> <site> <dirname>wikipedia-en <host>en.wikipedia.org <basename>/w/index.php </site> </sites> </wfs-config> Mount it (/wiki must exist of course): % mount.wikipediafs /wiki % cat /wiki/wikipedia-en/Cat Unmount via: % fusermount -u /wiki Tags: fuse, wikipedia, mount
Remote notification on X via osd (on screen display): Start osd_server.py at your local host (listens on port 1234 by default): % osd_server.py Then login to a $REMOTEHOST % ssh -R 1234:localhost:1234 $REMOTEHOST Now send the text to your local display via running something like: % echo "text to send" | nc localhost 1234 Very useful when you are waiting for a long running job but want to do something else in the meanwhile: % ./configure && make && echo "finished compiling" | netcat localhost 1234 You can use this in external programs as well of course. Examples: Use osd in centericq: % cat ~/.centericq/external [...] %action osd notify event msg proto all status all options nowait %exec #!/bin/bash if [ -x /usr/bin/socat -a -x /bin/netcat ] ; then CONTACT_CUSTOM_NICK=$(cat ${CONTACT_INFODIR}/info | head -n 46 | tail -n 1) osd_msg="*** CenterICQ: new ${EVENT_NETWORK} ${EVENT_TYPE} from ${CONTACT_CUSTOM_NICK} ***" if echo | socat - TCP4:localhost:1234 &>/dev/null ; then echo "${osd_msg}" | netcat localhost 1234 fi fi Use it in the IRC console client irssi via running: /script load osd.pl You can even activate the port forwarding by default globally: % cat ~/.ssh/config [...] Host * RemoteForward 1234 127.0.0.1:1234 ForwardAgent yes Notice: if you get 'ABORT: Requested font not found' make sure the requested font is available, running 'LANG=C LC_ALL=C osd_server.py...' might help as well. Tags: osd, notification, ssh, network, port-forwarding
Avoid automatical startup of init scripts via invoke-rc.d: First of all make sure the package policyrcd-script-zg2 (which provides the /usr/sbin/policy-rc.d interface) is installed. In policyrcd-script-zg2's configuration file named /etc/zg-policy-rc.d.conf the script /usr/sbin/grml-policy-rc.d is defined as the interface for handling invoke-rc.d's startup policy. grml-policy-rc.d can be configure via /etc/policy-rc.d.conf. By default you won't notice any differences to Debian's default behaviour, except that invoke-rc.d won't be executed if a chroot has been detected (detection: /proc is missing). If you want to disable automatical startup of newly installed packages (done via the invoke-rc.d mechanism) just set EXITSTATUS to '101' in /etc/policy-rc.d.conf. To restore the default behaviour set EXITSTATUS back to '0' in /etc/policy-rc.d.conf. Tags: policy, init, script, invode-rc.d
Install VMware-Tools for grml: First of all make sure a CD-ROM device in VMware is available. Mount the CD-ROM device to /mnt/cdrom, then unpack and install the tools running: cd /tmp unp /mnt/cdrom/vmware-linux-tools.tar.gz cd vmware-tools-distrib ./vmware-install.pl /etc/init.d/networking stop rmmod pcnet32 rmmod vmxnet depmod -a modprobe vmxnet /etc/init.d/networking start In an X terminal, launch the VMware Tools running: vmware-toolbox Tags: vmware, tool, vmware-toolbox, howto
Some important Postfix stuff List mail queue: # mailq or # postqueue -p Send all messages in the queue: # postqueue -f Send all messages in the queue for a specific site: # postqueue -s site Delete a specific message # postsuper -d 12345678942 Deletes all messages held in the queue for later delivery # postsuper -d ALL deferred Mail queues in postfix: incoming -> mail who just entered the system active -> mail to be delivered deferred -> mail to be delivered later because there were problems hold -> mail that should not be delivered until released from hold For configuration of postfix take a look at /etc/postfix/master.cf - man 5 master /etc/postfix/main.cf - man 5 postconf and http://www.postfix.org/documentation.html.
File permissions mode 4000 - set user ID (suid): - for executable files: run as the user who owns the file, instead of the user who runs the file - for directories: not used mode 2000 - set group ID (guid): - for executable files: run as the group who owns the file, instead of the group of the user who runs the file - for directories: when a file is created inside the directory, it belongs to the group of the directory instead of the default group of the user who created the file mode 1000 - sticky bit: - for files: not used - for directories: only the owner of a file can delete or rename the file Tags: postix, mailq, postsuper, queue, delete, smtp
Create MySQL database # apt-get install mysql-client mysql-server Run 'mysql' as root - create a database with: create database grml Give a user access to the database (without password): grant all on grml.* to mika; Give a user access to the database (with password): grant all on grml.* to enrico identified by "PASSWORD"; Tags: mysql, database
Setup an HTTPS website: Create a certificate: # mkdir /etc/apache2/ssl # make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem Create a virtual host on port 443: <VirtualHost www.foo.invalid:443> [...] </VirtualHost> Enable SSL in the VirtualHost: SSLEngine On SSLCertificateFile /etc/apache2/ssl/apache.pem Enable listening on the HTTPS port (/etc/apache2/ports.conf): Listen 443 and make sure the SSL module is used: # a2enmod ssl Tags: ssl, https, configuration, apache
Useful Apache / Apache2 stuff Check configuration file via running: # apache2ctl configtest Enable a site: # a2ensite sitename Enable a module # a2enmod modulename Tags: apache, configuration
Create tar archive and store it on remote machine: % tar zcf - /sourcedir | ssh user@targethost "cat >file.tgz" Tags: tar, backup, remote, network, ssh
Pick out and displays images from network traffic: # driftnet Tags: remote, network, sniff, image
Install Flash plugin: # dpkg-reconfigure flashplugin-nonfree Tags: flash, plugin
To test a proxy, low level way: % telnet proxy 8080 [...] GET http://www.google.com HTTP/1.0 [press enter twice] Tags: proxy
Adjust system for use of qemu with kqemu: Make sure you have all you need: # aptitude update ; aptitude install qemu kqemu-modules-$(uname -r) Then set up kqemu: modprobe kqemu mknod /dev/kqemu c 250 0 chmod 666 /dev/kqemu chmod 666 /dev/net/tun Check kqemu support via starting qemu, press Ctrl-Alt-2 and entering 'info kqemu'.
(High-Load) Debugging related tools: mpstat # report processors related statistics iostat # report CPU statistics and input/output statistics for devices and partitions vmstat # report virtual memory statistics slabtop # display kernel slab cache information in real time atsar # system activity report dstat # versatile tool for generating system resource statistics Usage examples: # mpstat -P ALL # iostat -x 1 # iostat -xtc 5 3 # vmstat 1 # atsar -t 60 10 # dstat -af Tags: test, debug, information, hardware, statistic
Using WPA for network setup manually: # wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf Adjust the options and configuration file to your needs. Also take a look at 'grml-network'. Tags: wireless, wpa, network, configuration
Start X and lock console via exiting: % startx 2>~/.xsession-errors &| exit Tags: xorg, x11, startx, graphical
Which process is writing to disk and/or causes the disk to spin up? First of all use lsof to check what's going on. Does not help? -> # echo 1 > /proc/sys/vm/block_dump The command sets a sysctl to cause the kernel to log all disk writes. Please notice that there is a lot of data. So please disable syslogd/syslog-ng before you do this, or you must make sure that kernel output is not logged. When you're done, disable block dump using: # echo 0 > /proc/sys/vm/block_dump Alternative: laptop-mode-tools provides a tool named lm-profiler (laptop mode profiler) which handles block_dump on its own. See: $KERNEL-SOURCE/Documentation/laptop-mode.txt Also take a look at event-viewer(8) which is part of grml-debugtools. Tags: debug, device, block, partition
Install initrd via initramfs-tools for currently running kernel: # update-initramfs -c -t -k $(uname -r) Tags: initrd
Install initrd via yaird for currently running kernel: # yaird -o /boot/initrd.img-$(uname -r) Install initrd via yaird for specific kernel: # mount /proc # mount /sys # yaird -o /boot/initrd.img-2.6.15-1-686 2.6.15-1-686
Reinstall package with its original configuration files: # apt-get install --reinstall -o DPkg::Options::=--force-confmiss -o DPkg::Options::=--force-confnew package
grml 0.8 funkenzutzler - rt2x00 drivers: To avoid conflicts with the other rt2x00-drivers the package rt2x00 (which includes beta-version drivers) is not installed by default. If you want to use the kernel modules rt2400pci, rt2500pci, rt2500usb, rt61pci and/or rt73usb please install the package manually running: # dpkg -i /usr/src/rt2x00-modules-*.deb
Use Java with jikes and jamvm on grml: Simple demo: % cp /usr/share/doc/grml-templates/template.java . % jikes template.java % jamvm HelloWorld Notice that grml exports $JIKESPATH (/usr/share/classpath/glibj.zip), so you do not have to manually run jikes --bootclasspath /usr/share/classpath/glibj.zip
Online resizing of (Software-)RAID5: # Initiate a RAID5 setup for testing purposes: mdadm --create --verbose /dev/md0 --level=5 --raid-devices=3 /dev/hda1 /dev/hdb1 /dev/hdd1 # Create filesystem, mount md0, create a testfile and save md5sum for # later check: mkfs.ext3 /dev/md0 mount /dev/md0 /mnt/test dd if=/dev/urandom of=/mnt/test/dd bs=512 count=10000 md5sum /mnt/test/dd > md5sum # Make sure the RAID is synched via checking: cat /proc/mdstat # Now remove one partition: mdadm /dev/md0 --fail /dev/hdd1 --remove /dev/hdd1 # Delete partition, create a new + bigger one and set partition type to fd # (Linux raid autodetect): cfdisk /dev/hdd # And re-add the partition: mdadm -a /dev/md0 /dev/hdd1 # Make sure the RAID is synched via checking: cat /proc/mdstat # Repeat the steps for all other disks/partitions as well: mdadm /dev/md0 --fail /dev/hdb1 --remove /dev/hdb1 cfdisk /dev/hdb mdadm -a /dev/md0 /dev/hdb1 cat /proc/mdstat mdadm /dev/md0 --fail /dev/hda1 --remove /dev/hda1 cfdisk /dev/hda mdadm -a /dev/md0 /dev/hda1 cat /proc/mdstat # Now resize the RAID5 system online [see 'man mdadm' for details]: mdadm --detail /dev/md0 | grep -e 'Array Size' -e 'Device Size' mdadm --grow /dev/md0 -z max mdadm --detail /dev/md0 | grep -e "Array Size" -e 'Device Size' # Last step - resize the filesystem (online again): resize2fs /dev/md0 Tags: raid, resize, raid5, mdadm
ext3 online resizing: Starting with Linux kernel 2.6.10 you can resize ext3 online. With e2fsprogs >=1.39-1 new filesystems are created with directory indexing and on-line resizing enabled by default (see /etc/mke2fs.conf). Demo: cfdisk /dev/hda # create a partition with type 8e (lvm) pvcreate /dev/hda2 # create a physical volume vgcreate resize_me /dev/hda2 # create volume group lvcreate -n resize_me -L100 resize_me # create a logical volume mkfs.ext3 /dev/resize_me/resize_me # now create a new filesystem mount /dev/resize_me/resize_me /mnt/test # mount the new fs for demonstrating online resizing df -h # check the size of the partition lvextend -L+100M /dev/resize_me/resize_me # let's extend the logical volume resize2fs /dev/resize_me/resize_me # and finally resize the filesystem df -h # recheck the size of the partition This also works for Software-RAID. Demo: mdadm --create --verbose /dev/md0 --level=raid1 --raid-devices=2 /dev/hda2 /dev/hdb1 mkfs.ext3 /dev/md0 mount /dev/md0 /mnt/test mdadm /dev/md0 --fail /dev/hda2 --remove /dev/hda2 cfdisk /dev/hda # adjust partition size for hda2 mdadm /dev/md0 --add /dev/hda2 mdadm /dev/md0 --fail /dev/hdb1 --remove /dev/hdb1 cfdisk /dev/hdb # adjust partition size for hdb1 mdadm /dev/md0 --add /dev/hdb1 mdadm --grow /dev/md0 --size=max resize2fs /dev/md0 Notice: online resizing works as soon as the kernel can re-read the partition table. So it works for example with LVM and SW-RAID but not with a plain device (/dev/[sh]d*). The kernel does not re-read the partition table if the device is already mounted. Tags: resize, raid, lvm, ext2, ext3, ext4, raid1
Use vim as an outline editor: % $PAGER /usr/share/doc/vim-vimoutliner/README.Debian % vim ~/foo.otl :he vo
Monitor directories/files for changes using iwatch Monitor /tmp for changes: % iwatch /tmp/ Monitor files/directories specified in /etc/iwatch.xml and send mail on changes: % iwatch Tags: inotify, watch, file, directory
Some often used mdadm commands: Set up RAID1: # mdadm --create --verbose /dev/md0 --level=raid1 --raid-devices=2 /dev/hda1 /dev/hdb1 Display details of specific RAID: # mdadm --detail /dev/md0 # cat /proc/mdstat Simulating a drive failure by software: # mdadm --manage --set-faulty /dev/md0 /dev/hda1 Remove disk from RAID: # mdadm /dev/md0 -r /dev/hda1 Set disk as faulty and remove from RAID: # mdadm /dev/md0 --fail /dev/hda1 --remove /dev/hda1 Stop a RAID-device: # mdadm -S /dev/md0 Restart a RAID-device: # mdadm -R /dev/md0 Add another disk to existing RAID setup (hotadd): # mdadm /dev/md0 -a /dev/hde1 # mdadm --grow /dev/md0 --raid-devices=4 Assemble and start all arrays: # mdadm --assemble --scan Assemble a specific array: # mdadm --assemble /dev/md0 /dev/sda1 /dev/sdb1 /dev/sdc1 Resync: # mdadm --assemble --run --force --update=resync /dev/md0 /dev/sda1 /dev/sda2 Stop and rebuild: # mdadm --stop --scan Scan for and setup arrays automatically: # mdadm --assemble --scan --auto=yes --verbose Notice: If the above does not work make sure /etc/mdadm/mdadm.conf contains: DEVICE partitions CREATE owner=root group=disk mode=0660 auto=yes HOMEHOST <system> MAILADDR root Running # /usr/share/mdadm/mkconf > /etc/mdadm/mdadm.conf might help as well. Monitoring the sw raid # nohup mdadm --monitor --mail=root@localhost --delay=300 /dev/md0 Producing /etc/mdadm/mdadm.conf: # mdadm --detail --scan > /etc/mdadm/mdadm.conf See also: man mdadm | less -p "^EXAMPLES" http://www.tldp.org/HOWTO/Software-RAID-HOWTO.html Tags: raid, raid1, raid5, configuration, mdadm, howto
A quick summary of the most commonly used RAID levels: RAID 0: Striped Set => 2 disks each 160 GB: 320 GB data RAID 1: Mirrored Set => 2 disks each 160 GB: 160 GB data RAID 5: Striped Set with Parity => 3 disks each 160 GB: 320 GB data; 160 GB redundancy Common nested RAID levels: RAID 01: A mirror of stripes RAID 10: A stripe of mirrors RAID 30: A stripe across dedicated parity RAID systems RAID 100: A stripe of a stripe of mirrors -- http://en.wikipedia.org/wiki/RAID Tags: raid, raid1, raid5, raid01, raid10, raid100
Logical Volume Management (LVM) with Linux LVM setup layout: ~~~~~~~~~~~~~~~~~ | hda1 hdc1 (PV:s on partitions or whole disks) | / | / | diskvg (VG) | / | | / | | usrlv rootlv varlv (LV:s) | | | | | ext3 ext3 xfs (filesystems) Often used commands: ~~~~~~~~~~~~~~~~~~~~ Create a physical volume: # pvcreate /dev/hda2 Create a volume group: # vgcreate testvg /dev/hda2 Create a logical volume: # lvcreate -n test_lv -L100 testvg Resize a logical volume: # lvextend -L+100M /dev/resize_me/resize_me # resize2fs /dev/resize_me/resize_me # ext2/3 # xfs_growfs /dev/resize_me/resize_me # xfs # resize_reiserfs -f /dev/resize_me/resize_me # reiserfs online # mount -o remount,resize /dev/resize_me/resize_me # jfs Create a snapshot of a logical volume: # lvcreate -L 500M --snapshot -n mysnap /dev/testvg/test_lv Deactivate a volume group: # vgchange -a n my_volume_group Actually remove a volume group: # vgremove my_volume_group Display information about physical volume: # pvdisplay /dev/hda1 Remove physical volume: # vgreduce my_volume_group /dev/hda1 Remove logical volume: # umount /dev/myvg/homevol # lvremove /dev/myvg/homevol See also: man lvm http://www.tldp.org/HOWTO/LVM-HOWTO/ Tags: lvm, howto, pvcreate, lvcreate
How to use APT locally Sometimes you have lots of packages .deb that you would like to use APT to install so that the dependencies would be automatically solved. Solution: mkdir debs dpkg-scanpackages debs /dev/null | gzip > debs/Packages.gz echo " deb file:/root debs/" >> /etc/apt/sources.list dpkg-scansources debs | gzip > debs/Sources.gz echo " deb-src file:/root debs/" >> /etc/apt/sources.list See also: http://www.debian.org/doc/manuals/apt-howto/ch-basico.en.html Tags: mirror, local
Check filesystem's LABEL: generic way: # blkid /dev/sda1 ext2/3 without blkid: # dumpe2fs /dev/sda1 | grep "Filesystem volume name" xfs without blkid: # xfs_admin -l /dev/sda1 reiserfs without blkid: # debugreiserfs /dev/sda1 | grep -i label jfs without blkid: # jfs_tune -l /dev/sda1 | grep -i label reiser4 without blkid: # debugfs.reiser4 /dev/sda1 | grep -i label Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs, label
Check filesystem's UUID: generic way: # blkid /dev/sda1 ext2/3 without blkid: # dumpe2fs /dev/sda1 | grep -i UUID xfs without blkid: # xfs_admin -u /dev/sda1 reiserfs without blkid: # debugreiserfs /dev/sda1 | grep -i UUID reiser4 without blkid: # debugfs.reiser4 /dev/sda1 | grep -i UUID Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs, uuid
Change a filesystem's LABEL: swap: # mkswap -L $LABEL /dev/sda1 ext2/ext3: # e2label /dev/sda1 $LABEL # tune2fs -L $LABEL /dev/sda1 reiserfs: # reiserfstune -l $LABEL /dev/sda1 jfs: # jfs_tune -L $LABEL /dev/sda1 xfs: # xfs_admin -L $LABEL /dev/sda1 fat/vfat: # echo 'drive i: file="/dev/sda1"' >> ~/.mtoolsrc # mlabel -s i:$LABEL ntfs: # ntfslabel $LABEL /dev/sda1 Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs
Disable pdiffs feature of APT: Permanent: # echo 'Acquire::PDiffs "false";' >> /etc/apt/apt.conf Temporary: # apt-get update -o Acquire::Pdiffs=false
Backup big devices or files and create compressed splitted image chunks of it using zsplit Create backup of /dev/sda named archiveofsda_#.spl.zp in directory /mnt/sda1/backup, split the files up into chunks of 1GB each and set read/write buffer to 256kB: # zsplit -b 256 -N archiveofsda -o /mnt/sda1/backup/ -s 1G /dev/sda Restore the backup using unzsplit: # unzsplit -D /dev/sda -d archiveofsda More usage examples: man zsplit + man unzsplit Tags: backup, reocvery, spllt, limit, howto
Measure network performance using iperf: Server side: % iperf -s -V Client side: % iperf -c <server_address> -V or Server with 128k TCP window size: % iperf -s -w128k Client with running for 60 seconds and bidirectional test: % iperf -c <server_address> -r -w128k -t60 Tags: network, benchmark
Framebuffer resolutions: Resolution in pixels Color depth | 640x480 800x600 1024x768 1280x1024 256 (8bit)| 769 771 773 775 32000 (15bit)| 784 787 790 793 65000 (16bit)| 785 788 791 794 16.7 Mill.(24bit)| 786 789 792 795 vga=0x... modes: Mode 0x0300: 640x400 (+640), 8 bits Mode 0x0301: 640x480 (+640), 8 bits Mode 0x0303: 800x600 (+800), 8 bits Mode 0x0303: 800x600 (+832), 8 bits Mode 0x0305: 1024x768 (+1024), 8 bits Mode 0x0307: 1280x1024 (+1280), 8 bits Mode 0x030e: 320x200 (+640), 16 bits Mode 0x030f: 320x200 (+1280), 24 bits Mode 0x0311: 640x480 (+1280), 16 bits Mode 0x0312: 640x480 (+2560), 24 bits Mode 0x0314: 800x600 (+1600), 16 bits Mode 0x0315: 800x600 (+3200), 24 bits Mode 0x0317: 1024x768 (+2048), 16 bits Mode 0x0318: 1024x768 (+4096), 24 bits Mode 0x031a: 1280x1024 (+2560), 16 bits Mode 0x031b: 1280x1024 (+5120), 24 bits Mode 0x0330: 320x200 (+320), 8 bits Mode 0x0331: 320x400 (+320), 8 bits Mode 0x0332: 320x400 (+640), 16 bits Mode 0x0333: 320x400 (+1280), 24 bits Mode 0x0334: 320x240 (+320), 8 bits Mode 0x0335: 320x240 (+640), 16 bits Mode 0x0336: 320x240 (+1280), 24 bits Mode 0x033c: 1400x1050 (+1408), 8 bits Mode 0x033d: 640x400 (+1280), 16 bits Mode 0x033e: 640x400 (+2560), 24 bits Mode 0x0345: 1600x1200 (+1600), 8 bits Mode 0x0346: 1600x1200 (+3200), 16 bits Mode 0x034d: 1400x1050 (+2816), 16 bits Mode 0x035c: 1400x1050 (+5632), 24 bits Tags: framebuffer, resolution
Portscan using netcat: # netcat -v -w2 <host|ip-addr.> 1-1024
Run apt-get but disable apt-listchanges: APT_LISTCHANGES_FRONTEND=none apt-get ... Upgrade system but disable apt-listbugs: APT_LISTBUGS_FRONTEND=none apt-get ...
Set up a Transparent Debian Proxy Install of apt-cacher, the default config will do: # apt-get install apt-cacher Check out the ip address of debian mirror(s). Then add this to your firewall script: DEBIAN_MIRRORS="141.76.2.4 213.129.232.18" for ip in ${DEBIAN_MIRRORS} ; do ${IPTABLES} -t nat -A PREROUTING -s $subnet -d $ip -p tcp --dport 80 -j REDIRECT --to-port 3142 done where ${IPTABLES} is the location of your iptables binary and $subnet is your internal subnet. Now everybody in your subnet who does access either ftp.de.debian.org or ftp.at.debian.org will actually access your apt-cacher instead. To use apt-cacher on the router itself, add the following line to your /etc/apt/apt.conf: Acquire::http::Proxy "http://localhost:3142/"; Tags: proxy, debian, apt-get, howto
Version control using Mercurial Setting up a Mercurial project: % cd project % hg init # creates .hg % hg add # add all files % hg commit # commit all changes, edit changelog entry Branching and merging: % hg clone linux linux-work # create a new branch % cd linux-work <make changes> % hg commit % cd ../linux % hg pull ../linux-work # pull changesets from linux-work % hg merge # merge the new tip from linux-work into # (old versions used "hg update -m" instead) # our working directory % hg commit # commit the result of the merge Importing patches: % cat ../p/patchlist | xargs hg import -p1 -b ../p Exporting a patch: (make changes) % hg commit % hg tip 1234:af3b5cd57dd5 % hg export 1234 > foo.patch # export changeset 1234 Export your current repo via HTTP with browsable interface: % hg serve -n "My repo" -p 80 Pushing changes to a remote repo with SSH: % hg push ssh://user@example.com/~/hg/ Merge changes from a remote machine: host1% hg pull http://foo/ host2% hg merge # merge changes into your working directory Set up a CGI server on your webserver: % cp hgwebdir.cgi ~/public_html/hg/index.cgi % $EDITOR ~/public_html/hg/index.cgi # adjust the defaults
Download binary codecs for mplayer: # /usr/share/mplayer/scripts/win32codecs.sh or # /usr/share/mplayer/scripts/binary_codecs.sh install (depending on the mplayer version you have). To play encrypted DVDs and if you are living in a country where using libdvdcss code is not illegal can install Debian package libdvdread3 and use the script /usr/share/doc/libdvdread3/install-css.sh.
Read manpages of uninstalled packages with debman: % debman -p git-core git
Test network performance using netperf: Server: # netserver Client: # netperf -t TCP_STREAM -H 192.168.0.41 Tags: benchmark, network
Setup Xen within 20 minutes on Debian/grml Install relevant software und update grub's menu.lst (Xen does not work with usual lilo so install grub instead if not done already): apt-get install linux-image-2.6.18-1-xen-686 xen-hypervisor-3.0.3-1-i386 xen-utils-3.0.3-1 xen-tools bridge-utils update-grub Example for installation of Debian etch as DomU: mkdir /mnt/md1/xen xen-create-image --debootstrap --dir=/mnt/md1/xen --size=2Gb --memory=512Mb --fs=ext3 --cache=yes --dist=etch --hostname=xengrml1 --ip 192.168.1.2 --netmask 255.255.255.0 --gateway 192.168.1.1 --initrd=/boot/initrd.img-2.6.18-1-xen-686 --kernel=/boot/vmlinuz-2.6.18-1-xen-686 --mirror=http://ftp.at.debian.org/debian/ Start services: /etc/init.d/xend start /etc/init.d/xendomains start Setup a bridge for network, either manually: brctl addbr xenintbr brctl stp xenintbr off brctl sethello xenintbr 0 brctl setfd xenintbr 0 ifconfig xenintbr 192.168.1.1 netmask 255.255.255.0 up or via /etc/network/interfaces (run ifup xenintbr to bring up the device then without rebooting): auto xenintbr iface xenintbr inet static pre-up brctl addbr xenintbr post-down brctl delbr xenintbr address 192.168.1.1 netmask 255.255.255.0 bridge_fd 0 bridge_hello 0 bridge_stp off Setup forwarding (adjust $PUBLIC_IP; for permanet setup use /etc/sysctl.conf and add the iptables commands to a startup script like /etc/init.d/rc.local): echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j SNAT --to $PUBLIC_IP iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to $PUBLIC_IP Adjust network configuration of Xend: cat >> /etc/xen/xend-config.sxp << EOF (network-script network-route) (vif-bridge xenintbr) (vif-script vif-bridge) EOF List domains, start up a DomU, shutdown later again: xm create -c /etc/xen/xengrml1.cfg xm list xm shutdown 1 This HowTo is also available online at http://grml.org/xen/ Tags: howto, xen, grml
Play tetris with zsh: autoload -U tetris zle -N tetris bindkey "^Xt" tetris Now press 'ctrl-x t'.
Set up a router with grml Run grml-router script: # grml-router Install dnsmasq if not already present: # apt-get update ; apt-get install dnsmasq Adjust /etc/dnsmasq.conf according to your needs: # cat >> /etc/dnsmasq.conf << EOF domain-needed bogus-priv dhcp-range=19.168.0.124,192.168.0.254,1m # dhcp range dhcp-option=3,192.168.0.1 # dns server dhcp-option=1,255.255.255.0 # netmask EOF Start dnsmasq finally: # Restart dnsmasq Tags: network, router, grml
Display stats about memory allocations performed by a program: Usage example for 'ls': % LD_PRELOAD=/lib/libmemusage.so ls > /dev/null
Use KVM (Kernel-based Virtual Machine for Linux): Make sure to install the relevant tools: # apt-get update ; apt-get install kvm # modprobe kvm Test it with a minimal system like ttylinux: # wget http://www.minimalinux.org/ttylinux/packages/bootcd-i386-5.3.iso.gz # gzip -d bootcd-i386-5.3.iso.gz # kvm -cdrom bootcd-i386-5.3.iso
EEPROM data decoding for SDRAM DIMM modules: # modprobe eeprom # /usr/share/doc/lm-sensors/examples/eeprom/decode-dimms.pl
Set up and use DVB: Make sure your device is supported by Linux and running. See http://www.linuxtv.org/ for more details. If the DVB device works on your system (see 'hwinfo --usb' when using a DVB usb device for example), then make sure you have the scan util from dvb-utils available: # aptitude install dvb-utils Then create a channels.conf configuration file: % scan /usr/share/doc/dvb-utils/examples/scan/... > ~/.mplayer/channels.conf You can find some example configuration files on your grml system in ~/.channels. Usage example: % ln -s ~/.mplayer/channels.conf-AT-graz ~/.mplayer/channels.conf Tip: w_scan (see http://free.pages.at/wirbel4vdr/w_scan/index2.html) might be useful if you do not know the initial configuration details.
Get the lastest mercurial snapshot: Make sure you have the python-dev package available: # apt-get update ; apt-get install python-dev Get and build the source: % hg clone http://selenic.com/repo/hg mercurial % cd mercurial % make local % export PYTHONPATH=$(pwd) % export PATH=$PATH:$(pwd) now you should have the newest version of mercurial whenever you execute hg. To update to the lastest development snapshot, additionally use the following commands: % hg pull -u http://hg.intevation.org/mercurial/crew % make local
Configure timezone ================== Available bootoptions relevant in live-cd mode: ----------------------------------------------- * utc: set UTC, if your system clock is set to UTC (GMT) * gmt: set UTC, if your system clock is set to UTC (GMT) [like bootoption utc] * tz=$option: set timezone to corresponding $option, usage example: tz=Europe/Vienna Configuration options relevant on harddisk installation: -------------------------------------------------------- * Use the tzconfig utility to set the local timezone: # tzconfig which adjusts /etc/timezone and /etc/localtime according to the provided information. Running: # dpkg-reconfigure tzdata might be useful as well. * /etc/default/rcS: set variable UTC according to your needs, whether your system clock is set to UTC (UTC='yes') or not (UTC='no') * /etc/localtime: adjust zoneinfo according to your needs: # ln -sf /usr/share/zoneinfo/$WHATEVER_YOU_WANT /etc/localtime The zoneinfo directory contains the time zone files that were compiled by zic. The files contain information such as rules about DST. They allow the kernel to convert UTC UNIX time into appropriate local dates and times. Use the zdump utility to print current time and date (in the specified time zone). * /etc/adjtime: This file is used e.g. by the adjtimex function, which can smoothly adjust system time while the system runs * If you change the time (using 'date --set ...', ntpdate,...) it is worth setting also the hardware clock to the correct time: # hwclock --systohc [--utc] Remember to add the --utc -option if the hardware clock is set to UTC! Still problems? --------------- Check your current settings via: cat /etc/timezone zdump /etc/localtime echo $TZ hwclock --show grep hwclock /etc/runlevel.conf grep '^UTC' /etc/default/rc Further information: -------------------- hwclock(8) tzselect(1) tzconfig(8) http://www.debian.org/doc/manuals/system-administrator/ch-sysadmin-time.html http://wiki.debian.org/TimeZoneChanges Tags: timezone, rtc, configuration
Recorder shellscript session using script: % script -t 2>~/upgrade.time -a ~/upgrade.script % scriptreplay ~/upgrade.time ~/upgrade.script
Test UTF-8 capabilities of terminal: wget http://www.linux-cjk.net/Console/garabik/UTF-8-demo.txt.gz zcat UTF-8-demo.txt.gz or: wget http://www.cl.cam.ac.uk/~mgk25/ucs/examples/UTF-8-test.txt cat UTF-8-test.txt
UTF-8 at grml / some general information regarding Unicde/UTF-8: https://github.com/grml/grml/wiki/utf8
This allows one ssh connection attepmt per minute per source ip, with a initial burst of 10. The available burst is like a counter which is initialised with 10. Every connection attempt decrements the counter, and every minute where the connection limit of one per minute is not overstepped the counter is incremented by one. If the burst counter is exhausted the real rate limit comes into play. This gives you 11 connectionattepmts in the first minute before blocked for 10minutes. After 10 minutes block the game restarts. Hint: you could set the burst value to 5 and the block time to only 5 minutes to achive the same average connection rate but with halve the block time. iptables -A inet_in -p tcp --syn --dport 22 -m hashlimit --hashlimit-name ssh --hashlimit 1/minute --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-htable-expire 600000 -j ACCEPT iptables -A inet_in -p tcp --dport 22 -m state --state NEW -j REJECT
Tunnel a specific connection via socat: On the client: % socat TCP4-LISTEN:8003 TCP4:gateway:500 On the gateway: # socat TCP4-LISTEN:500,fork TCP4:target:$PORT Using localhost:8003 on the client uses the tunnel now.
Set date: # date --set=060916102007 where the bits are month(2)/day(2)/hour(2)/minute(2)/year(4) Set date using a relative date: # date -s '+3 mins' or # date -s '+tomorrow' Display a specific relative date: # date -d '+5 days -2 hours' Don't forget to set hardware clock via: # hwlock -w
Booting grml via network / PXE: Start grml-terminalserver on a system with network access and where grml is running: # grml-terminalserver Then booting your client(s) via PXE should work without any further work. See: man grml-terminalserver + http://grml.org/terminalserver/ Tags: howto, pxe, network, boot
Debugging SSL communications: % openssl s_client -connect server.adress:993 > output_file % openssl x509 -noout -text -in output_file or # ssldump -a -A -H -i eth0 See http://prefetch.net/articles/debuggingssl.html for more details. Tags: debug, ssl, openssl
Remove bootmanager from MBR: # lilo -M /dev/hda -s /dev/null Tags: mbr, lilo
Rewrite grub to MBR: # mount /mnt/sda1 # grub-install --recheck --no-floppy --root-directory=/mnt/sda1 /dev/sda Tags: mbr, grub
Rewrite lilo to MBR: # mount /mnt/hda1 # lilo -r /mnt/hda1 Tags: mbr, lilo
Create screenshot of plain/real console - tty1: # fbgrab -c 1 screeni.png
Create screenshot when running X: % scrot Tip: use the gkrellshoot plugin when using gkrellm Tags: screenshot, xorg
Redirect all connections to hostA:portA to hostB:portB, where hostA and hostB are different networks: Run the following commands on hostA: echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -p tcp --dport portA -j DNAT --to hostB:portB iptables -A FORWARD -i eth0 -o eth0 -d hostB -p tcp --dport portB -j ACCEPT iptables -A FORWARD -i eth0 -o eth0 -s hostB -p tcp --sport portB -j ACCEPT iptables -t nat -A POSTROUTING -p tcp -d hostB --dport portB -j SNAT --to-source hostA Tags: howto, network, redirect, port
Flash BIOS without DOS/Windows: Dump flash info and set the flash chip to writable: # flashrom Backup the original BIOS: # flashrom -r backup.bin Notice: the following step will overwrite your current BIOS! So make sure you really know what you are doing. Flash the BIOS image: # flashrom -wv newbios.bin Also check out LinuxBIOS: http://linuxbios.org/
Enable shadow passwords: # shadowconfig on
Set up an IPv6 tunnel on grml: # ipv6-tunnel start
Set up console newsreader slrn for use with Usenet: % grml-slrn
Calculate with IPv6 addresses: % ipv6calc For usage examples refer to manpage ipv6calc(8). Tags: ipv6
Common network debugging tools for use with IPv6: % ping6 % tracepath6 % traceroute6 % tracert6 % nc6 % tcpspray6 Tags: ipv6
Set up NFS (Network File System): Server-side ~~~~~~~~~~~ Make sure the relevant services are running on the server side: # /etc/init.d/portmap start # /etc/init.d/nfs-common start # /etc/init.d/nfs-kernel-server start Export shares via /etc/exports: /backups 192.168.1.100/24(rw,wdelay,no_root_squash,async,subtree_check) ... or manually export a directory running: # exportfs -o rw,wdelay,no_root_squash,async,subtree_check 192.168.1.100:/backups and unexport a share running: # exportfs -u 192.168.1.100:/backups and every time when you modify /etc/exports file run # exportfs -ra Display what NFS components are running: # rpcinfo -p Display list of exported shares: # exportfs -v or # showmount -e Client-side ~~~~~~~~~~~ Make sure the relevant services are running on the client side: # /etc/init.d/portmap start # /etc/init.d/nfs-common start Verify that the server allows you to access its RPC/NFS services: # rpcinfo -p server_name Check what directories the server exports: # showmount -e server_name On the client side you can use something like the following in /etc/fstab: 192.168.1.101:/backups /mnt/nfs nfs defaults,users,wsize=8192,rsize=8192 0 0 Tags: nfs, howto, network
Mount a cloop file: # aptitude install cloop-src # m-a a-i cloop-src # modprobe cloop file=/path/to/cloop/file # mount -r -t iso9660 /dev/cloop /mnt/test
Create a PS/PDF of a plaintext file: % a2ps --medium A4dj -E -o output.ps input_file % ps2pdf output.ps
Print two pages on one in a PDF file: % pdfnup --nup 2x1 input.pdf Concatenate, extract pages/parts, encrypt/decrypt, compress PDFs using 'pdftk'.
Read a PS/PDF file on console: % pstotext file.pdf or on plain framebuffer console in graphical mode: % pdf2ps file.pdf ; ps2png file.ps file.png ; fbi file.png or % fbgs file.pdf
Bypass the password of a PDF file: % gs -q -dNOPAUSE -sDEVICE=pdfwrite -sOutputFile=output.pdf input.pdf -c quit
Record sound: % rec test.aiff This will record a AIFF audio file.
Change passphrase / password of an existing SSH key: % ssh-keygen -p
Enable syntax highlighting in nano: Just uncomment the include directives for your respective language at the bottom of the file /etc/nanorc
Create netboot package for grml-terminalserver: # bash /usr/share/doc/grml-terminalserver/examples/create-netboot
To boot grml via network (PXE) check out grml-terminalserver: # grml-terminalserver See https://grml.org/terminalserver/ for more details.
Rotate pictures: Using the 'Orientation' tag of the Exif header, rotate the image so that it is upright: % jhead -autorot *.jpg Manually rotate a picture: % convert -rotate 270 input.jpg output.jpg
Rename files based on the information inside their exif header: % jhead -n%Y-%m-%d_%Hh%M_%f *.jpg This will rename a file named img_2071.jpg to something like: 2007-08-17_10h38_img_2071.jpg if it was shot at 10:38 o'clock on 2007-08-17 (according to the information inside the exif header).
Calculate network / netmask: Usage examples: % ipcalc 10.0.0.28 255.255.255.0 % ipcalc 10.0.0.0/24
Blacklist a kernel module: # blacklist <name_of_kernel_module> -> running 'blacklist hostap_cs' for example will generate an entry like this in /etc/modprobe.d/grml: blacklist hostap_cs alias hostap_cs off To remove the module from the blacklist again just invoke: # unblacklist <name_of_kernel_module> or manually remove the entry from /etc/modprobe.d/grml.
Create a Debian package of a perl module: % dh-make-perl --cpan Acme::Smirch --build
The Magic SysRq Keys (SysReq or Sys Req, short for System Request): To reboot your system using the SysRq keys just hold down the Alt and SysRq (Print Screen) key while pressing the keys REISUB ("Raising Elephants Is So Utterly Boring"). R = take the keyboard out of raw mode E = terminates all processes (except init) I = kills all processes (except init) S = synchronizes the disk(s) U = remounts all filesystems read-only B = reboot the system Notice: use O instead of B for poweroff. Or write the sequence to /proc/sysrq-trigger instead: # for i in r e i s u b ; do echo $i > /proc/sysrq-trigger ; done To enable or disable SysRq calls: # echo 0 > /proc/sys/kernel/sysrq # echo 1 > /proc/sys/kernel/sysrq See https://en.wikipedia.org/wiki/Magic_SysRq_key for more details. Tags: reboot, documentation, sysrq, magic
Memtest / memcheck: Just boot your grml Live-CD with "memtest" to execute a memcheck/memtest with Memtest86+.
Tunnel TCP-Traffic through DNS using dns2tcp: Server-side: ~~~~~~~~~~~~ 1. Create necessary DNS-Records: dnstun.example.com. 3600 IN NS host.example.com. dnstun.example.com. 3600 IN A 192.168.1.1 host.example.com. 3600 IN A 192.168.1.1 2. Configure dns2tcpd on host.example.com.: # cat /etc/dns2tcpd.conf listen = 192.168.1.1 #the ip dns2tcpd should listen on port = 53 #" port " " " " user = nobody chroot = /tmp domain = dnstun.example.com. # the zone as specified inside dns ressources = ssh:127.0.0.1:22 # available resources 3. Start the daemon: # cat > /etc/default/dns2tcp << EOF # Set ENABLED to 1 if you want the init script to start dns2tcpd. ENABLED=1 USER=nobody EOF # /etc/init.d/dns2tcp start Client-side: ~~~~~~~~~~~~ You have two possibilities: - Use the DNS inside your network (DNS must allow resolving for external domains) # grep nameserver /etc/resolv.conf nameserver 172.16.42.1 # dns2tcpc -z dnstun.example.com 172.16.42.1 Available connection(s) : ssh # dns2tcpc -r ssh -l 2222 -z dnstun.example.com 172.16.42.1 & Listening on port : 2222 # ssh localhost -p 2222 user@host.example.com:~# - Directly contact the endpoint (port 53 UDP must be allowed outgoing) # dns2tcpc -z dnstun.example.com dnstun.example.com Available connection(s) : ssh # dns2tcpc -r ssh -l 2222 -z dnstun.example.com dnstun.example.com & Listenning on port : 2222 # ssh localhost -p 2222 user@host.example.com:~# Notice: using 'ssh -D 8080 ..' you will get a socks5-proxy listening on localhost:8080 which you can use to tunnel everything through your "dns-uplink". Tags: howto, network, tunnel
Configure a MadWifi device for adhoc mode: Disable the autocreation of athX devices: # echo "options ath_pci autocreate=none" > /etc/modprobe.d/madwifi Remove the autocreated device for now: # wlanconfig ath0 destroy Configuration in /etc/network/interfaces: iface ath0 inet static madwifi-base wifi0 madwifi-mode adhoc ... Hints: - Do not use interface names without ending 0 (otherwise startup fails). - Only chooss unique names for interfaces.
Find dangling symlinks using zsh: % ls **/*(-@)
Use approx with runit supervision ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Install the packages: # apt-get install approx runit Add user approxlog for the logging daemon: # adduser --system --home /nonexistent --no-create-home approxlog Create config directory: # mkdir /etc/sv/approx Use /var/run/sv.approx as supervise directory: # ln -s /var/run/sv.approx /etc/sv/approx/supervise # cat > /etc/sv/approx/run << EOF #!/bin/sh echo 'approx starting' exec approx -f 2>&1 EOF You normally do not need a logging service for approx because it logs to syslog too. So just for completion: # mkdir -p /etc/sv/approx/log # ln -s /var/run/sv.approx.log /etc/sv/approx/log/supervise # cat > /etc/sv/approx/log/run << EOF #!/bin/sh set -e LOG="/var/log/approx" test -d "$LOG" || mkdir -p -m2750 "$LOG" && chown approxlog:adm "$LOG" exec chpst -uapproxlog svlogd -tt -v "$LOG" EOF Now activate the new approx service (will be started within 5s): # ln -s /etc/sv/approx/ /var/service/ Make approx managed via runit available via init-script interface: # dpkg-divert --local --rename /etc/init.d/approx # ln -s /usr/bin/sv /etc/init.d/approx
Remote-reboot a grml system using SysRQ via /proc (execute as root): eject &>/dev/null umount -l /cdrom eject /dev/cdrom echo b > /proc/sysrq-trigger Tags: reboot, howto, grml, network
Show what happens on /dev/sda0: # mount the debugfs to relay kernel info to userspace mount -t debugfs none /sys/kernel/debug # is a convenient wrapper arround blktrace and blkparse btrace /dev/sda0 Tags: debug, block, partition, trace
Convert Flash to Avi: % ffmpeg -i input.flv output.avi Extract MP3 from Flash file: % for i in *.flv; do ffmpeg -i $i -acodec copy ${i%.flv}.mp3 ; done
Usage example for cryptsetup / -luks encrypted partition on LVM: volume group name: x61 logical volume name: home echo "grml-crypt_home /dev/mapper/x61-home none luks" >> /etc/crypttab Start cryptdisks mount /dev/mapper/grml-crypt_home /mnt/test
fdisk/parted/... complains with something like 'unable to open /dev/sda - unrecognised disk label'?! See https://grml.org/faq/#fdisk => * use /sbin/fdisk.distrib from util-linux * switch to sfdisk, cfdisk,... * use parted's mklabel command (but please read the parted manual before executing this command)
dmraid - support for SW-RAID / FakeRAID controllers like Highpoint HPT and Promise FastTrack Activate all software RAID sets discovered: # dmraid -ay Deactivates all active software RAID sets: # dmraid -an Discover all software RAID devices supported on the system: # dmraid -r
Extract winmail.dat: List content: % ytnef winmail.dat Extract files to current directory: % ytnef -f . winmail.dat
Approx - Debian package proxy/cacher howto % apt-get install approx % echo 'debian http://ftp.de.debian.org/debian' >>/etc/approx/approx.conf % Restart approx Add your new approx to sources.list eg. deb http://localhost:9999/debian unstable main contrib non-free use approx in grml-debootstrap like: % grml-debootstrap -r lenny -t /dev/sda1 -m http://127.0.0.1:9999/debian
Simple webserver with python: % python -m SimpleHTTPServer
Upgrade only packages from the grml-stable Debian repository: echo 'deb http://deb.grml.org/ grml-stable main' > /etc/apt/grml-stable.list apt-get -o Dir::Etc::sourcelist=/etc/apt/grml-stable.list -o Dir::Etc::sourceparts=/doesnotexist update apt-get upgrade
Install Centos into a directory: % febootstrap centos-5 directory http://mirror.centos.org/centos-5/5.3/os/i386/
Install Fedora into a directory: % febootstrap fedora-11 target_directory
Use Nessus / OpenVAS (remote network security auditor): Install software packages: # apt-get update # apt-get install openvas-client openvas-server openvas-plugins-base openvas-plugins-dfsg Add a user: # openvas-adduser Start openvas server (takes a while): # Start openvas-server Invoke client as user: % OpenVAS-Client
Find packages not available from any active apt repository: % apt-show-versions | awk '/No available version in archive/{print $1}'
Simple mailserver with python: % python -m smtpd -n -c DebuggingServer localhost:1025
finger via netcat: echo $USER | nc $HOST 79
Install Archlinux using Grml: https://wiki.archlinux.org/index.php/Install_from_Existing_Linux or wget http://tokland.googlecode.com/svn/trunk/archlinux/arch-bootstrap.sh
Export blockdevices via AoE (ATA over Ethernet): % vblade -m 11:22:33:44:55:66 160 2 eth0 /dev/sdb1 Allow the host with the mac address 11:22:33:44:55:66 to access /dev/sdb1 via eth0, using the shelf and slot numbers 160 and 2. These numbers are arbitrary but should be unique within the network. A word of warning: AoE is prone to all kind of nasty ethernet attacks, especially arp spoofing. Do not use in hostile networks. Tags: aoe, blockdevice, export, server
Access blockdevices via AoE (ATA over Ethernet): % sudo aoe-discover and the device should show up under /dev/etherd/. If your shelf and slot numbers re 160 and 2 the device will be /dev/etherd/e160.2 A word of warning: AoE is prone to all kind of nasty ethernet attacks, especially arp spoofing. Do not use in hostile networks. Tags: aoe, blockdevice, export, client