Install grml to harddisk:

# grml2hd

Notice: You can pre-select the partition for the partition selector
and mbr dialogs inside grml2hd using:
# grml2hd /dev/hda1 -mbr /dev/hda

See: man grml2hd +

Tags: grml2hd, installation

Install grml on software RAID level 1:

Create /dev/md0 (and some more /dev/md* devices) first of all:
# cd /dev && MAKEDEV dev

Create RAID:
# mdadm --create --verbose /dev/md0 --level=raid1         --raid-devices=2   /dev/hda1  /dev/hdc1

Finally install grml on it:
# SWRAID='mbr-only' grml2hd /dev/md0 -mbr /dev/md0

See: man grml2hd +

Tags: grml2hd, installation, mdadm, raid

Install grml in non interactive mode with grml2hd:

Adjust configuration as needed:
# vim /etc/grml2hd/config

Then execute:


or run:

# grml2hd -i

Use with care and only if you really know what you are doing!

See: man grml2hd +

Tags: grml2hd, installation

Configure network:

# grml-network

Tags: configuration, network

Deactivate error correction of zsh:

% NOCOR=1 zsh

Run zsh-help for more information regarding zsh.

Tags: zsh, configuration

Disable automatic setting of title in GNU screen:

% NOPRECMD=1 zsh

Set it manually e.g. via:

% screen -X title foobar

Run zsh-help for more information regarding zsh.

Tags: zsh, configuration

Do not use menu completion in zsh:

% NOMENU=1 zsh

Run zsh-help for more information regarding zsh.

Tags: zsh, configuration

Run GNU screen with grml-configuration:

% grml-screen


% screen -c /etc/grml/screenrc

Tags: screen, configuration

Print out grml-version:

% grml-version

Tags: grml

Configure mutt:

% grml-mutt

Tags: mutt

Configure mutt-ng / muttng:

% grml-muttng

Tags: muttng

Set up Inode-PPTP connection:

# grml-pptp-inode
# grml-pptp-xdsl-students

Tags: pptp, inode, xdsl

Set up VPN / WLAN connection at TUG (TU Graz):

Set ESSID and request for ip-address via DHCP:
# iwconfig $DEVICE essid tug
# dhclient $DEVICE

Now run the main script:
# grml-vpnc-tugraz

After running the script an init script is available:

# /etc/init.d/vpnctug [start|stop]

Tags: tug

Set up PPTP connection at VCG (Virtual Campus Graz):

# grml-pptp-vcgraz

Tags: pptp, vcg

Set up VPN:

# grml-vpn <options>

Usage example:

# grml-vpn -k 2005 add 1000

See: man grml-vpn

Tags: grml, vpn, network

Use encrypted files / partitions:

# grml-crypt <options>

Usage example:


# grml-crypt format /mnt/external1/encrypted_file /mnt/test
# cp big_file /mnt/test
# grml-crypt stop /mnt/test


# grml-crypt start /mnt/external1/encrypted_file /mnt/test
# grml-crypt stop /mnt/test

See: man grml-crypt

Tags: crypto, grml-crypt, dmcrypt, luks

Change resolution of X:

% xrandr -s '1024x768'

Tags: x11, xorg, resolution

Change resolution of framebuffer:

# fbset 800x600-60

Tags: resolution

Configure newsreader slrn:

% grml-slrn

Tags: slrn

Configure grml system:

# grml-config

Or directly run scripts:

# grml-config-root
% grml-config-user

Tags: grml, configuration

Lock screen (X / console):

% grml-lock

Press ctrl-alt-x to lock a GNU screen session.

Tags: grml, lock, grml-lock, screen

Change wallpaper in X:

% grml-wallpaper <press-tab>

Tags: grml, wallpaper

Start X window system (XFree86 / Xorg /


Usage examples:

% grml-x fluxbox
% grml-x -mode '1024x768' wmii
% grml-x -nosync wm-ng

Tags: grml-x, x11, xorg, graphic

Collect hardware information:

% grml-hwinfo

or run as root to collect some more information:

# grml-hwinfo

will generate a file named info.tar.bz2.

Tags: grml, hardware, hwinfo, collect

Configure hardware detection features of harddisk installation:

# grml-autoconfig

or manually edit /etc/grml/autoconfig[.small]

See: man grml-autoconfig

Tags: grml, installation, configuration

Bootoptions / cheatcodes / bootparams for booting grml:

On the grml-ISO if not running grml:
% less /cdrom/GRML/grml-cheatcodes.txt

When running grml:
% most /usr/share/doc/grml-docs/grml-cheatcodes.txt.gz

Tags: grml, cheatcodes, boot, bootoptions, bootparam

Report bugs to Debian's Bug Tracking System (BTS):

% reportbug --bts debian

or adjust /etc/reportbug.conf to your needs.


Tags: bug, reportbug, bts, debian

Offline documentation:

% grml-info

Online documentation:

Tags: info, grml, grml-info, documentation

Mount NTFS partition (read-write):

# mount.ntfs-3g /dev/sda1 /mnt/sda1

Tags: ntfs, mount

Overwrite specific file on an NTFS partition:

ntfscp /dev/hda1 /tmp/file_source path/to/file_target

Resize an NTFS partition:

# ntfsresize ..

Usage example:

ntfsresize -n -s 10G /dev/hda1 # testcase
ntfsresize -s 10G /dev/hda1    # testing was successfull, now really resize partition
cfdisk /dev/hda   # delete partition hda1, create new one with 10000MB and fs-type 07 (NTFS)

Tags: ntfs, resize, ntfsresize

Modify resolution for intel graphic chipsets:

# 915resolution ..

Usage example:

# 915resolution 4d 1400 1050

Connect bluetooth mouse:

# bt-hid start

... and press 'connect' button on your bluetooth device.

Connect bluetooth headset:

# bt-audio start

... and press 'connect' button on your bluetooth device.

Secure delete file / directory / partition:

# wipe -kq /dev/hda1

See: man wipe

Also take a look at shred(1), sfill(1) and

Tags: delete, secure, wipe, shred

Use grml on Samsung X20 laptop:

# apt-get install grml-samsung-x20


Development information regarding grml:

Tags: blog, grml, developmnet

Contact Grml team:

#grml on -

Tags: contact, irc, oftc, email

Join the grml mailinglist:

Tags: grml, mailinglist

Help us - donate!

Tags: grml, donation

Commercial support / system administration / adjusted live-cds:


Tags: grml, commercial, customize

Information regarding the kernel provided by grml:

Tags: documentation, grml, kernel

SMTP command-line test tool:

% swaks <options>

Usage example:


See: man swaks

Tags: swak, smtp, test

NTFS related packages:


Tags: utils, ntfs

Modify service through init script:

# Start ssh
# Stop samba
# Restart apache
# Reload postfix
# service gpm start
# /etc/init.d/lvm start

Tags: init, script, start, stop

Test joystick:

# jstest /dev/input/js0

Play movie:

% mplayer /path/to/movie

Tags: movie, mplayer

Use webcam with mplayer:

% mplayer tv:// -tv driver=v4l:width=352:height=288:outfmt=yv12:device=/dev/video0

Tags: webcam, mplayer

Powerful network discovery tool:

# scapy

Tags: network, python, tool

Grab an entire CD and compress it to Ogg/Vorbis,
MP3, FLAC, Ogg/Speex and/or MPP/MP+(Musepack) format:

% abcde

Tags: rip, abcde, mp3, transcode, audio

Show a console session in several terminals:

% gems

Switch behaviour of caps lock key:

% caps-ctrl

grep with Perl-compatible regular expressions:

% pcregrep

ncp: a fast file copy tool for LANs

Local (send file):
% npush file_to_copy

Remote (receive file):
% npoll

Tags: copy, file, network

utility for sorting records in complex ways:

% msort

a smaller, cheaper, faster SED implementation:

% minised

zsh tips:

% man zsh-lovers


zsh reference card for grml system:

Multiple rename:

% for i in foo* ; do mv "$i" "bar${i/foo}" ; done
% qmv foo*
% prename 's/foo/bar/' foo*
% mmv "foo*"   "bar#1"
% zmv 'foo(*)' 'bar$1'

Test TFT / LCD display:

% lcdtest

Test sound:

% soundtest

Improved grep version:

% glark

Grep with highlighting:

% grep --color=auto ...
% hgrep ...

Tags: grep, color, highlight

Extract matches when grepping:

Usage examples:
% ifconfig | grepc 'inet addr:(.*?)s'
% ifconfig | glark --extract-matches 'inet addr:(.*?)s'

Output text as sound:

% say 'ghroummel'
% xsay            # when running X and text selected via mouse

Adjust a grml harddisk (grml2hd) installation:

# grml2hd-utils

Tags: grml2hd, configuration, installation

Get information on movie files:

% tcprobe -i file.avi

Get an overview of your image files:

% convert 'vid:*.jpg' thumbnails.jpg

List all standard defines:

% gcc -dM -E - < /dev/null

Send a mail as reminder:

echo "mail -s 'check TODO-list' $MAILADDRESS < /dev/null" | at 23:42

ncurses-based presentation tool:

% tpp

See: man tpp and /usr/share/doc/tpp/examples/

Use ICQ / Jabber / Yahoo! / AIM / MSN /... on command line:

% centericq

Use IRC on command line:

% irssi

Diff / merge files:

% vimdiff file1 file2



Moving between diffs:




Hardware monitoring without kernel dependencies:

% mbmon

Install grml-iso to usb-stick:

% grml2usb grml.iso /mount/point

Tags: usbpen, usbstick, installation, grml2usb

Use mplayer on framebuffer console:

% mplayer -vo fbdev ...

Use links2 on framebuffer console:

% links2 -driver fb ...

Switch language / keyboard:

* use the bootparam lang to set language environment ($LANG, $LC_ALL, $LANGUAGE)
* use the bootparams keyboard / xkeyboard to activate specific keyboard layout
  Usage example: 'grml lang=us keyboard=de xkeyboard=de'

Or run one of the following commands:

% grml-lang de
# loadkeys i386/qwertz/de-latin1-nodeadkeys.kmap.gz # console
% setxkbmap de                                      # X11

Tags: language, keyboard, configuration

Switch setting of caps-control key (switch between ctrl + shift) on keyboard:

# caps-ctrl

Mount usb device / usb stick:

% mount /mnt/external1   # corresponds to /dev/sda1
% mount /mnt/external    # corresponds to /dev/sda

Install Sun Java packages:

Download j2re.bin-file from and run

# apt-get install java-package
# fakeroot make-jpkg j2re-*.bin
# dpkg -i sun-j2re*.deb
# update-alternatives --config java

Improved dd version:

ddrescue is an improved version of dd which tries to read and
if it fails it will go on with the next sectors, where tools
like dd will fail.

% ddrescue ...

See: man ddrescue

How to make an audio file (e.g. Musepack format) out of a DVD track:

% mkfifo /tmp/fifo.wav
% mppenc /tmp/fifo.wav track06.mpc &
% mplayer -vo null -vc null -ao pcm:fast:file=/tmp/fifo.wav -dvd-device /dev/dvd dvd://1 -chapter 6-6

Adjust the mppenc line with the encoder you would like to use,
for example 'oggenc -o track06.ogg /tmp/fifo.wav' for ogg files.


% mplayer -vo null -dumpaudio -dumpfile track06.raw -aid N -dvd-device /dev/dvd dvd://1 -chapter 6-6
to extract audio without processing, where 'N' is the corresponding audio channel (see 'man mplayer')

Usage example for getting a PCM/wave file from audio channel 128:
% mplayer -vo null -vc null -ao pcm:fast:file=track06.wav -aid 128 -dvd-device /dev/dvd dvd://6

Create simple chroot:

# make_chroot_jail $USERNAME

Convert DOS formated file to unix format:

sed 's/.$//'    dosfile > unixfile       # assumes that all lines end with CR/LF
sed 's/^M$//'   dosfile > unixfile       # in bash/tcsh, press Ctrl-V then Ctrl-M
sed 's/x0D$//' dosfile > unixfile       # gsed 3.02.80, but top script is easier
awk '{sub(/r$/,"");print}'              # assumes EACH line ends with Ctrl-M
gawk -v BINMODE="w" '1' infile >outfile  # in DOS environment; cannot be done with
                                         # DOS versions of awk, other than gawk
tr -d r < dosfile > unixfile            # GNU tr version 1.22 or higher
tr -d '015' < dosfile > unixfile        # use octal value for "r" (see man ascii)
tr -d '[015032]' < dosfile > unixfile  # sometimes ^Z is appended to DOS-files
vim -c ":set ff=unix" -c ":wq" file      # convert using vim
vim -c "se ff=dos|x" file                # ... and even shorter ;)
recode ibmpc..lat1 file                  # convert using recode
echo -e "s/r//g" > dos2unix.sed; sed -f dos2unix.sed < dosfile > unixfile

Tags: windows, line, convert, recode, tr, line end,

Save live audio stream to file:

% mplayer -ao pcm:file=$FILE $URL

Save live stream to file:

% mplayer -dumpfile $FILE -dumpstream $STREAM


% mencoder mms://$URL -o $FILE -ovc copy -oac copy


% mimms mms://file.wmv

Merge video files:


% avimerge -i *.avi -o blub.avi


% cat *.mpg > blub.mpg


% mencoder file1.wmv -ovc lavc -oac lavc -ofps 25 -srate 48000 -mc 0 -noskip -forceidx -o file1.avi
% mencoder file2.wmv -ovc lavc -oac lavc -ofps 25 -srate 48000 -mc 0 -noskip -forceidx -o file2.avi
% avimerge -i file1.avi file2.avi -o blub.avi

Display MS-Word file:

% strings file.doc | fmt | less


% antiword file.doc

Convert MS-Word file to postscript:

% antiword -p a4 file.doc >

Convert manual to postscript:

% zcat /usr/share/man/man1/zsh.1.gz | groff -man >
% man -t zsh >

Read BIOS:

% dd if=/dev/mem bs=1k skip=768 count=256 2>/dev/null | strings -n 8

Read HTTP via netcat:

echo -e "GET / HTTP/1.1rnHost: $DOMAINrnrn" | netcat $DOMAIN 80

Get X ressources for specific program:

% xrdb -q |grep -i xterm

Get windowid of specific X-window:

% xwininfo -int | grep "Window id:" | cut -d ' ' -f 4

Get titel of specific X-window:

% xprop WM_CLASS

check locale - LC_MESSAGES:

% locale -ck LC_MESSAGES

Create random password:

% pwgen
% dd if=/dev/urandom bs=14 count=1 | hexdump | cut -c 9-

Get tarballs of various Linux Kernel trees:

% ketchup 2.6
to get the current stable 2.6 release

% ketchup -l
to get a list of all supported trees

Transfer your SSH public key to another host:

% ssh-keygen   # ssh-keygen / ssh-key-gen: if you don't have a key yet
% ssh-copy-id -i ~/.ssh/ user@remote-system
% cat $HOME/.ssh/  | ssh user@remote-system 'cat >> .ssh/authorized_keys'

Tags: ssh, ssh key, public key, ssh-copy-id, ssh-keygen

Update /etc/fstab entries:

# grml-rebuildfstab

See "man grml-rebuildfstab" for more details about
generation of /etc/fstab (including stuff like
fs LABELs / UUIDs,...).

Fetch and potentially change SCSI device parameters:

# sdparm /dev/sda

See: man sdparm

reclaim disk space by linking identical files together:

% dupmerge...

Find and remove duplicate files:

% dupseek ...

Perform layer 2 attacks:

# yersinia ...

Tags: network, attack, security


Guess PC-type hard disk partitions / partition table:

# gpart <options>

Perform a standard scan:
# gpart /dev/ice

Write back the guessed table:
# gpart -W /dev/ice /dev/ice

Tags: partition, recovery, disk

Develop, test and use exploit code with the Metasploit Framework:

cd /tmp
unp framework-3.2.tar.gz
cd framework-3.2

Useful documentation:

% w3m   /usr/share/doc/Debian/reference/reference.en.html
% xpdf =(zcat /usr/share/doc/Debian/reference/reference.en.pdf.gz)           grml Documentation           grml Wiki      Debian Documentation         Debian Wiki   Gentoo Documentation         Gentoo Wiki            The Linux Documentation Project

Tips and tricks:

% fortune debian-hints

Tags: documentation

Fun stuff:

% fortune debian-hints
% dpkg -L funny-manpages

Backup master boot record (MBR):

# dd if=/dev/ice of=/tmp/backup_of_mbr bs=512 count=1

Tags: backup, mbr

Backup partition table:

# sfdisk -d /dev/hda > hda.out

Restore partition table:

# sfdisk /dev/hda < hda.out

Tags: backup, partition, sfdisk, recovery

Clone disk via network using netcat:

# nc -vlp 30000 > hda1.img
# dd if=/dev/hda1 | nc -vq 0 30000

Adjust blocksize (dd's option bs=...) and include 'gzip -c'
to tune speed:

# dd if=/dev/hda1 bs=32M | gzip -c | nc -vq 0 30000

Tags: network, backup, dd, netcat

Backup specific directories via cpio and ssh:

# for f in directory_list; do find $f >> backup.list done
# cpio -v -o --format=newc < backup.list | ssh user@host "cat > backup_device"

Tags: backup

Clone disk via ssh:

This one uses CPU cycles on the remote server to compare the files:
# ssh target_address cat remotefile | diff - localfile
# cat localfile | ssh target_address diff - remotefile

This one uses CPU cycles on the local server to compare the files:
# ssh target_address cat <localfile "|" diff - remotefile

Tags: network, backup, ssh

Useful tools for cloning / backups:

* dd: convert and copy a file
* dd_rescue: copies data from one file (or block device) to another
* pcopy: a replacement for dd
* partimage: back up and restore disk partitions
* dirvish: Disk based virtual image network backup system
* devclone: in-place filesystem conversion -- device cloning
* ntfsclone: efficiently clone, image, restore or rescue an NTFS
* dump: ext2/3 filesystem backup
* udpcast: multicast file transfer tool
* cpio: copy files to and from archives
* pax: read and write file archives and copy directory hierarchies
* netcat / ssh / tar / gzip / bzip2: additional helper tools

Tags: network, backup, ssh, udp, rescue, recovery

Use grml as a rescue system:

Different tools:

  * dd: convert and copy a file
  * ddrescue: copies data from one file or block device to another
  * partimage: Linux/UNIX utility to save partitions in a compressed image file
  * cfdisk: Partition a hard drive
  * nparted: Newt and GNU Parted based disk partition table manipulator
  * parted-bf: The GNU Parted disk partition resizing program, small version
  * testdisk: Partition scanner and disk recovery tool
  * gpart: Guess PC disk partition table, find lost partitions


  * e2fsprogs: ext2 file system utilities and libraries
  * e2tools: utilities for manipulating files in an ext2/ext3 filesystem
  * e2undel: Undelete utility for the ext2 file system
  * ext2resize: an ext2 filesystem resizer
  * recover: Undelete files on ext2 partitions


  * reiser4progs: administration utilities for the Reiser4 filesystem
  * reiserfsprogs: User-level tools for ReiserFS filesystems


  * xfsdump: Administrative utilities for the XFS filesystem
  * xfsprogs: Utilities for managing the XFS filesystem


  * jfsutils: utilities for managing the JFS filesystem


  * ntfsprogs: tools for doing neat things in NTFS partitions from Linux
  * salvage-ntfs: free NTFS data recovery tools
  * scrounge-ntfs: data recovery program for NTFS file systems
  * ntfsresize: resize ntfs partitions

Tags: ntfs, jfs, xfs, ext3, rescue, recovery, backup, filesystem, tools

Get ASCII value of a character with zsh:

% char=N ; print $((#char))

Convert a collection of mp3 files to wave or cdr using zsh:

% for i (./*.mp3){mpg321 --w - $i > ${i:r}.wav}

Convert images (foo.gif to foo.png) using zsh:

% for i in **/*.gif; convert $i $i:r.png

Remove all "non txt" files using zsh:

% rm ./^*.txt

Remote Shell Using SSH:

remote host:
% ssh -NR 3333:localhost:22 user@yourhost

local host:
% ssh user@localhost -p 3333

Tags: port forwarding, ssh, remote port, network

Reverse Shell with Netcat:

local host:
% netcat -v -l -p 3333 -e /bin/sh

remote host:
% netcat 3333

TagS: port forwarding, ssh, remote, network

Reverse Shell via SSH:

local host (inside the network):
% ssh -NR 1234:localhost:22 remote_host

remote host (outside the network):
% ssh localhost -p 1234

Tags: port forwarding, ssh, remote port, network

Remove empty directories with zsh:

% rmdir ./**/*(/od) 2> /dev/null

Find all the empty directories in a tree with zsh:

% ls -ld *(/^F)

Find all files without a valid owner and change ownership with zsh:

% chmod user /**/*(D^u:${(j.:u:.)${(f)"$(</etc/passwd)"}%%:*}:)

Display the 5-10 last modified files with zsh:

% print -rl -- /path/to/dir/**/*([5,10])

Find and list the ten newest files in directories and subdirs (recursive) with zsh:

% print -rl -- **/*(Dom[1,10])

Find most recent file in a directory with zsh:

% setopt dotglob ; print directory/**/*(om[1])

Tunnel all traffic through an external server:

% ssh -ND 3333 username@external.machine

Then set the SOCKS4/5 proxy to localhost:3333.
Check whether it's working by surfing e.g. to

Tags: ssh, network, proxy, socks, tunnel

Tunnel everything through SSH via tsocks:

set up the SSH proxy on the client side:

% ssh -ND 3333

Adjust /etc/tsocks.conf afterwards (delete all other lines):

server =
server_port = 3333

For programs who natively support proxying connections (e.g. Mozilla
Firefox) you can now set the proxy address to localhost port 3333.

All other programs which's connections you want to tunnel through your
external host are prefixed with tsocks, e.g.:

% tsocks netcat 80
% tsocks irssi -c -p 6667

If you call tsocks without parameters it executes a shell witht the
LD_PRELOAD environment variable already set and exported.

Tags: ssh, network, proxy, socks, tunnel, tsocks

smartctl - control and monitor utility for harddisks using Self-Monitoring,
Analysis and Reporting Technology (SMART):

# smartctl --all /dev/ice

If you want to use smartctl on S-ATA (sata) disks use:

# smartctl -d ata --all /dev/sda

Start offline test:
# smartctl -t offline /dev/ice

Start short test:
# smartctl -t short /dev/ice

Display results of test:
# smartctl -l selftest /dev/ice

Query device information:
# smartctl -i /dev/ice

Tags: smart, s.m.a.r.t, info, test, hardware

Mount a BSD / Solaris partition:

# mount -t ufs -o ufstype=ufs2 /dev/hda1 /mnt/hda1

Use ufstype 44bsd  for FreeBSD, NetBSD, OpenBSD (read-write).
Use ufstype ufs2   for >= FreeBSD 5.x (read-only).
Use ufstype sun    for SunOS (Solaris) (read-write).
Use ufstype sunx86 for SunOS for Intel (Solarisx86) (read-write).

See /usr/share/doc/linux-doc-$(uname -r)/Documentation/filesystems/ufs.txt.gz
for more details.

Tags: ufs, bsd, mount, solaris

Read BIOS (and or BIOS) password:

# dd if=/dev/mem bs=512 skip=2 count=1 | hexdump -C | head

Clone one of the kernel trees via git:

 git clone rsync://
This path defines the tree. See for an overview.

Mount filesystems over ssh protocol:

% sshfs user@host:/remote_dir /mnt/test

Unmount via:

% fusermount -u /mnt/test

(Notice: requires fuse kernel module)

Tags: ssh, sshfs, network, mount, directory, remote, fuse

Install Gentoo using grml:


Install (plain) Debian (sarge release) via grml:

Assuming you want to install Debian to sda1:

mkfs.ext3 /dev/sda1           # make an ext3 filesystem on /dev/sda1
mount -o rw,suid,dev /dev/sda1 /mnt/test # now mount the new partition
debootstrap sarge /mnt/test # get main packages from a debian-mirror
chroot /mnt/test /bin/bash    # let's chroot into the new system
mount -t devpts none /dev/pts # ...otherwise running base-config might fail ("Terminated" or "openpty failed")
mount -t proc   none /proc    # make sure we also have a mounted /proc
base-config                   # now configure some main settings
vi /etc/mkinitrd/mkinitrd.conf # adjust $ROOT (to /dev/sda1) for your new partition, autodetection will fail in chroot
cd /dev ; ./MAKEDEV generic                                # make sure we have all necessary devices for lilo
apt-get install lilo linux-image-2.6.12-1-386              # install lilo and a kernel which fits your needs
cp /usr/share/doc/lilo/examples/conf.sample /etc/lilo.conf # let's use a template
vi /etc/lilo.conf && lilo                                  # adjust the file for your needs and run lilo afterwards
umount /proc ; umount /dev/pts                             # we do not need them any more
exit                                                       # now leave chroot
cp /etc/hosts /etc/fstab /mnt/test/etc/           # you might want to take the existing files...
cp /etc/network/interfaces /mnt/test/etc/network/ # ...from the running grml system for your new system
umount /mnt/test && reboot    # unmount partition and reboot...

See also:
Avoid all of the above steps - use grml-debootstrap(8) instead!

Tags: manual, installation, debian, debootstrap

Install (plain) Debian (etch release) via grml

Assuming you want to install Debian to sda1:

mkfs.ext3 /dev/sda1           # make an ext3 filesystem on /dev/sda1
mount -o rw,suid,dev /dev/sda1 /mnt/test # now mount the new partition
debootstrap etch /mnt/test # get main packages from a debian-mirror
chroot /mnt/test /bin/bash    # let's chroot into the new system
mount -t proc   none /proc    # make sure we have a mounted /proc
apt-get install locales console-data  # install locales
dpkg-reconfigure locales console-data # adjust locales to your needs
apt-get install vim most zsh screen less initrd-tools file grub             usbutils pciutils bzip2 sysfsutils dhcp3-client resolvconf          strace lsof w3m # install useful software
apt-get install linux-headers-2.6-686 linux-image-686  # install current kernel

echo "       localhost" > /etc/hosts   # adjust /etc/hosts and network:
cat >> /etc/network/interfaces << EOF
iface lo inet loopback
iface eth0 inet dhcp
auto lo
auto eth0

ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime # adjust timezone and /etc/fstab:
cat >> /etc/fstab << EOF
sysfs          /sys         sysfs   auto                       0   0
proc           /proc        proc    defaults                   0   0
/dev/sda1      /            ext3    defaults,errors=remount-ro 0   1
/dev/sda2      none         swap    sw                         0   0
/dev/cdrom     /mnt/cdrom0  iso9660 ro,user,noauto             0   0
passwd             # set password of user root

mkdir /boot/grub   # setup grub
cp /usr/share/doc/grub/examples/menu.lst /boot/grub
cat >> /boot/grub/menu.lst << EOF
title           Debian Etch, kernel 2.6.18-3-686 (on /dev/sda1)
root            (hd0,0)
kernel          /boot/vmlinuz-2.6.18-3-686 root=/dev/sda1 ro
initrd          /boot/initrd.img-2.6.18-3-686
vim /boot/grub/menu.lst               # adjust grub configuration to your needs
cd /dev && MAKEDEV generic            # create default devices
cp -i /usr/lib/grub/i386-pc/* /boot/grub/ # copy stage-files to /boot/grub/
grub install  # now install grub, run in grub-cmdline following commands:
> root (hd0,0)
> setup (hd0)
> quit
umount -a # unmount all filesystems in chroot and finally:
exit      # exit the chroot and:

If you want to use lilo instead of grub take a look at
/usr/share/doc/lilo/examples/conf.sample or use the following template:

cat > /etc/lilo.conf << EOF
# This allows booting from any partition on disks with more than 1024 cylinders.

# Specifies the boot device

# Specifies the device that should be mounted as root.

# use Debian on software raid:
# raid-extra-boot=mbr-only

# prompt


See also:
Avoid all of the above steps - use grml-debootstrap(8) instead!

Tags: manual, installation, debian, debootstrap, howto

Convert files from Unicode / UTF-8 to ISO:

% iconv -c -f utf8 -t iso-8859-15 < utffile > isofile

and vice versa:

% iconv -f iso-8859-15 -t utf8 < isofile > utffile

Tags: utf-8, iso, unicode, utf8

Assign static setup for network cards (NICs) via udev:

Retrieve information for address (corresponding to MAC address):

  # udevadm info -a -p /sys/class/net/eth0/ | grep -i 'ATTR{address}'

Execute /lib/udev/write_net_rules with according values (INTERFACE
is old NIC name, INTERFACE_NAME is new NIC name and MATCHADDR
is the MAC address retrieved with udevadm info command):

  # INTERFACE=eth0 INTERFACE_NAME=lan0  MATCHADDR=00:00:00:00:00:01 /lib/udev/write_net_rules

This will generate file /etc/udev/rules.d/70-persistent-net.rules with content:

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:00:00:00:00:01", KERNEL=="eth*", NAME="lan0"

Finally take down the interface (ifdown/ifconfig) and execute:

  # udevadm trigger --action=add --subsystem-match=net

so the interface will be renamed. (Rebooting or
unloading drivers/restart udev/loading drivers again
works as well of course.)

Tags: udev, configuration, name, eth0, howto

Change the suffix from *.sh to *.pl using zsh:

% autoload zmv
% zmv -W '*.sh' '*.pl'

Generate SSL certificate:

Create self signed certificate (adjust /etc/ssl/openssl.cnf if necessary):
# openssl req -x509 -newkey rsa:1024 -keyout keyfile -out certfile -days 9999 -nodes

Check certfile:
# openssl x509 -in certfile -text

Verify against CA certificate:
# openssl verify -CAfile cacert.crt -verbose -purpose sslserver

Generate 2048bit RSA-key:
# openssl req -new -x509 -keyout pub-sec-key.pem -out pub-sec-key.pem -days 365 -nodes

As before but add request to existing key pub-sec-key.pem:
# openssl req -new -out request.pem -keyin pub-sec-key.pem

Show request request.pem:
# openssl req -text -noout -in request.pem

Verify signature of request request.pem:
# openssl req -verify -noout -in request.pem

Generate SHA1 fingerprint (modulo key) of request.pem:
# openssl req -noout -modulus -in request.pem | openssl sha1 -c

Generate 2048bit RSA-key and put it to pub-sec-key.pem. Save self signed certificate in self-signed-certificate.pem:
# openssl req -x509 -days 365 -newkey rsa:2048 -out self-signed-certificate.pem -keyout pub-sec-key.pem

As before but create self signed certificate based on existing key pub-sec-key.pem:
# openssl req -x509 -days 365 -new -out self-signed-certificate.pem -key pub-sec-key.pem

Generate new request out of existing self signed certificate:
# openssl x509 -x509toreq -in self-signed-certificate.pem -signkey pub-sec-key.pem -out request.pem

Display certificate self-signed-certificate.pem in plaintext:
# openssl x509 -text -noout -md5 -in self-signed-certificate.pem

Check self signed certificate:
# openssl verify -issuer_checks -CAfile self-signed-certificate.pem self-signed-certificate.pem

Estable OpenSSL-connection using self-signed-certificate.pem and display certificate:
# openssl s_client -showcerts -CAfile self-signed-certificate.pem -connect

Generate ssl-certificate for use with apache2:

export RANDFILE=/dev/random
mkdir /etc/apache2/ssl/
openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem
chmod 600 /etc/apache2/ssl/apache.pem

Also take a look at make-ssl-cert (debconf wrapper for openssl):

# /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/apache.pem

and mod-ssl-makecert (utility to create SSL certificates in /etc/apache/ssl.*/).

Tags: openssl, howto

Change Windows NT password(s):

# mount -o rw /mnt/hda1
# cd /mnt/hda1/WINDOWS/system32/config/
# chntpw SAM SECURITY system

Notice: if mounting the partition read-write did not work (check syslog!)
try using mount.ntfs-3g instead: mount.ntfs-3g /dev/hda1 /mnt/hda1

(Be careful with deactivating syskey!)

Tags: password, windows, recovery, chntpw, howto

glark - replacement for grep written in Ruby:

A replacement for (or supplement to) the grep family, glark offers:
Perl compatible regular expressions, highlighting of matches,
context around matches, complex expressions and automatic exclusion
of non-text files.

Usage examples:

% glark -y keyword file      # display only the region that matched, not the entire line
% glark -o format print *.h  # search for either "printf" or "format"

More information: man glark

Find CD burning device(s):

General information on CD-ROM:
% cat /proc/sys/dev/cdrom/info

Scan using ATA Packet specific SCSI transport:
# cdrecord -dev=ATA -scanbus
# cdrecord-prodvd -s -scanbus dev=ATA

Get specific information for /dev/ice:
# cdrecord dev=/dev/ice -scanbus

Tags: hardware, info, cd burn

Create devices in /dev on udev:

For example create md devices (/dev/md0, /dev/md1,...):
# cd /dev ; WRITE_ON_UDEV=1 ./MAKEDEV md

Tags: raid, device

Identify network device (NIC):

# ethtool -i $DEVICE

Show NIC statistics:

# ethtool -S $DEVICE

If your NIC shows some aging signs, you may want to be sure:

# ethtool -t $DEVICE

Disable TCP/UDP checksums:

# ethtool -K $DEVICE tx off

Tags: configuration, network, device

grml2hd seems to hang? Getting Squashfs errors? Problems while booting?

Switch to tty12 and take a look at the syslog. If you see something like:

  SQUASHFS error: zlib_fs returned unexpected result 0x........
  SQUASHFS error: Unable to read cache block [.....]
  SQUASHFS error: Unable to read inode [.....]

your ISO/CD-ROM very probably is not ok. Verify it via booting with grml testcd.
Check your CD low-level via running:

# readcd -c2scan dev=/dev/cdrom

If the medium really is ok and it still fails try to boot with deactivated DMA
via using grml nodma at the bootprompt.

Tags: grml2hd, installation, verify, squashfs, error

Write a Microsoft compatible boot record (MBR) using ms-sys

Write a Windows 2000/XP/2003 MBR to a device:

# ms-sys -m /dev/ice

Notice: grab ms-sys from - demo:

 unp ms-sys-2.1.3.tgz
 cd ms-sys-2.1.3
 ./bin/ms-sys ...

Tags: mbr, windows, ms-sys, recovery

Use a Vodafone 3G Datacard (UMTS) with Linux:

Plug in your vodafone card and check in syslog whether the appropriate
(probably /dev/ttyUSB0 or /dev/noz0) has been created. If so run:

# comgt -d $DEVICE
# wvdial --config /etc/wvdial.conf.umts $PROFILE

Usage examples:
# comgt -d /dev/ttyUSB0
# wvdial --config /etc/wvdial.conf.umts a1usb

# comgt -d /dev/noz0
# wvdial --config /etc/wvdial.conf.umts tmnozomi

# comgt -d /dev/noz0
# wvdial --config /etc/wvdial.conf.umts dreiusb

# comgt -d /dev/ttyACM0
# wvdial --config /etc/wvdial.conf.umts yesss

If you receive invalid DNS nameservers when connecting, like:

--> primary   DNS address
--> secondary DNS address

just provide a working nameserver to resolvconf via:

# echo "nameserver" | resolvconf -a ppp0

Notice: some vodafone cards require the nozomi driver (run 'modprobe nozomi' on
your grml system), some other ones require the sierra driver (run
'modprobe sierra').

If your device isn't supported by usbserial yet, manually provide vendor and
product ID when loading the usbserial module. Usage example:

% lsusb
Bus 004 Device 008: ID 1199:6813 Sierra Wireless, Inc.

# modprobe usbserial vendor=0x1199 product=0x6813

To get a list of available providers execute:

# comgt -s -d /dev/ttyUSB0 /etc/comgt/operator

Tags: umts, 3g, vodafone, sierra, wvdial, ppp, howto

hdparm - get/set hard disk parameters

Display the identification info that was obtained from the drive at boot time,
if available:
# hpdarm -i /dev/ice

Request identification info directly from the drive:
# hpdarm -I /dev/ice

Perform timings of device + cache reads for benchmark and comparison purposes:
# hdparm -tT /dev/ice

Tags: hardware, performance, configuration, harddisk

bonnie++ - program to test hard drive performance.

# mkdir /mnt/benchmark
# mount /dev/ice /mnt/benchmark
# chmod go+w /mnt/benchmark
# bonnie -u grml -d /mnt/benchmark -s 2000M

Tags: benchmark, harddisk

Use gizmo with a bluetooth headset:

% DEVICE="/dev/dsp$(awk '/- BT Headset/ {print $1}' /proc/asound/cards)"
% gizmo --mic $DEVICE --speaker $DEVICE

Scan a v4l device for TV stations:

% scantv -c /dev/video0 -C /dev/vbi0 -o ~/.xawtv

Then running xawtv should work:

% xawtv

Run apt-get with timeout of 3 seconds:

# apt-get -o acquire::http::timeout=3  update

Tags: apt-get

Debian GNU/Linux device driver check page


Use dd with status line:

# dd if=/dev/ice conv=noerror,notrunc,sync | buffer -S 100k | dd of=/tmp/file

Generate a 512k file of random data with status bar:

% dd if=/dev/random bs=1024 count=512 | bar -s 512k -of ./random

Install Grub instead of lilo on grml installation (grml2hd):

install grml:
# grml2hd ....

adjust grub's configuration file menu.lst:
# $EDITOR /boot/grub/menu.lst

now install grub (usage example for /dev/sda1):
# grub install
root (hd0,0)
setup (hd0)

Tags: grml2hd, grub

Install Ubuntu using grml:


Tags: ubuntu, installation

Resize ext2 / ext3 partition:

# tune2fs -O '^has_journal' /dev/iceX # disable journaling
# fsck.ext2 -v -y -f /dev/iceX        # check the filesystem
# resize2fs -p /dev/iceX  $SIZE       # resize it (adjust $SIZE)
# fdisk /dev/ice                      # adjust partition in partition table
# fsck.ext2 -v -y -f /dev/iceX        # check filesystem again
# resize2fs -p /dev/iceX              # resize it to maximum
# tune2fs -j /dev/iceX                # re-enable journal

Tags: resize, ext2, ext3, ext4, partition, howto

Tune ext2 / ext3 filesystem:

Check partition first:

# tune2fs -l /dev/iceX

If you don't see dir_index in the list, then enable it:

# tune2fs -O dir_index /dev/iceX

Now run e2fsck with the -D option to have the directories optimized:

# e2fsck -D /dev/iceX

Notice: since e2fsprogs (1.39-1) filesystems are created with
directory indexing and on-line resizing enabled by default.

Tags: configuration, ext2, ext3, ext4, partition

Search for printers via network:

# pconf_detect -m NETWORK -i

Tags: printer, network, scan

Mount a remote directory via webdav (e.g. Mediacenter of GMX):

# mount -t davfs /mnt/test

Tags: webdav, mount, mediacenter, gmx

System-Profiling using oprofile:

Prepare setup:

# opcontrol --reset
# opcontrol --setup --no-vmlinux --event=CPU_CLK_UNHALTED:500000:0:1:1 --separate=library

Start logging:
# opcontrol --start


Stop logging:
# opcontrol --shutdown

Then take a look at the reports using something like e.g.:
# opreport -t 0.5 --exclude-dependent
# opreport -t 0.5 /path/to/executable_to_check
# opannotate -t 0.5 --source --assembly

Tags: profile, profiling, opcontrol, howto

Install ATI's fglrx driver for Xorg /

Usually there already exist drivers for the grml-system:
# apt-get update ; apt-get install fglrx-driver fglrx-kernel-`uname -r`

After installing adjust xorg.conf via running:
# aticonfig --initial --input=/etc/X11/xorg.conf

For more information take a look at

Tags: xorg, x11, driver, ati

Install nvidia driver for Xorg /

Usually there already exist drivers for the grml-system:
# apt-get update ; apt-get install nvidia-glx nvidia-kernel-`uname -r`

Then switch from module nv to nvidia:

# sed -i 's/Driver.*nv.*/Driver      "nvidia"/' /etc/X11/xorg.conf

Tags: xorg, x11, driver, nvidia

glxgears - a GLX demo that draws three rotating gears

To print frames per second (fps) use:
% glxgears -printfps

Tags: xorg, x11, glx,

You forgot to boot with 'grml noeject noprompt' to avoid
ejecting and prompting for CD removal when rebooting/halting
the system?

Either run:

# noeject reboot


# noeject halt

If you want to avoid only the prompting part, run:

# noprompt reboot


# noprompt halt

Tags: bootparam, fix, grml

Mount wikipedia local via fuse:

Adjust configuration:
% cat ~/.wikipediafs/config.xml

Mount it (/wiki must exist of course):
% mount.wikipediafs /wiki
% cat /wiki/wikipedia-en/Cat

Unmount via:
% fusermount -u /wiki

Tags: fuse, wikipedia, mount

Remote notification on X via osd (on screen display):

Start at your local host (listens on port 1234 by default):

Then login to a $REMOTEHOST
% ssh -R 1234:localhost:1234 $REMOTEHOST

Now send the text to your local display via running something like:
% echo "text to send" | nc localhost 1234

Very useful when you are waiting for a long running job
but want to do something else in the meanwhile:

% ./configure && make && echo "finished compiling" | netcat localhost 1234

You can use this in external programs as well of course. Examples:

Use osd in centericq:

% cat ~/.centericq/external
%action osd notify
event msg
proto all
status all
options nowait
if [ -x /usr/bin/socat -a -x /bin/netcat ] ; then
  CONTACT_CUSTOM_NICK=$(cat ${CONTACT_INFODIR}/info | head -n 46 | tail -n 1)
  osd_msg="*** CenterICQ: new ${EVENT_NETWORK} ${EVENT_TYPE} from ${CONTACT_CUSTOM_NICK} ***"
  if echo | socat - TCP4:localhost:1234 &>/dev/null ; then
    echo "${osd_msg}" | netcat localhost 1234

Use it in the IRC console client irssi via running:

/script load

You can even activate the port forwarding by default globally:

% cat ~/.ssh/config
Host *
RemoteForward 1234
ForwardAgent yes

Notice: if you get 'ABORT: Requested font not found' make sure the
requested font is available, running 'LANG=C LC_ALL=C'
might help as well.

Tags: osd, notification, ssh, network, port-forwarding

Avoid automatical startup of init scripts via invoke-rc.d:

First of all make sure the package policyrcd-script-zg2 (which
provides the /usr/sbin/policy-rc.d interface) is installed.

In policyrcd-script-zg2's configuration file named
/etc/zg-policy-rc.d.conf the script /usr/sbin/grml-policy-rc.d is
defined as the interface for handling invoke-rc.d's startup policy.

grml-policy-rc.d can be configure via /etc/policy-rc.d.conf.  By
default you won't notice any differences to Debian's default
behaviour, except that invoke-rc.d won't be executed if a chroot has
been detected (detection: /proc is missing).

If you want to disable automatical startup of newly installed packages
(done via the invoke-rc.d mechanism) just set EXITSTATUS to '101' in

To restore the default behaviour set EXITSTATUS back to '0' in

Tags: policy, init, script, invode-rc.d

Install VMware-Tools for grml:

First of all make sure a CD-ROM device in VMware is available.

Mount the CD-ROM device to /mnt/cdrom, then unpack and install
the tools running:

cd /tmp
unp /mnt/cdrom/vmware-linux-tools.tar.gz
cd vmware-tools-distrib

/etc/init.d/networking stop
rmmod pcnet32
rmmod vmxnet
depmod -a
modprobe vmxnet
/etc/init.d/networking start

In an X terminal, launch the VMware Tools running:


Tags: vmware, tool, vmware-toolbox, howto

Some important Postfix stuff

List mail queue:

# mailq
# postqueue -p

Send all messages in the queue:

# postqueue -f

Send all messages in the queue for a specific site:

# postqueue -s site

Delete a specific message
# postsuper -d 12345678942

Deletes all messages held in the queue for later delivery
# postsuper -d ALL deferred

Mail queues in postfix:

    incoming -> mail who just entered the system
    active   -> mail to be delivered
    deferred -> mail to be delivered later because there were problems
    hold     -> mail that should not be delivered until released from hold

For configuration of postfix take a look at
/etc/postfix/  - man 5 master
/etc/postfix/    - man 5 postconf

File permissions

mode 4000 - set user ID (suid):

- for executable files: run as the user who owns the file, instead of the
  user who runs the file
- for directories: not used

mode 2000 - set group ID (guid):

- for executable files: run as the group who owns the file, instead of the
  group of the user who runs the file
- for directories: when a file is created inside the directory, it belongs
  to the group of the directory instead of the default group of the user who
  created the file

mode 1000 - sticky bit:

- for files: not used
- for directories: only the owner of a file can delete or rename the file

Tags: postix, mailq, postsuper, queue, delete, smtp

Create MySQL database

# apt-get install mysql-client mysql-server

Run 'mysql' as root - create a database with:

create database grml

Give a user access to the database (without password):

grant all on grml.* to mika;

Give a user access to the database (with password):

grant all on grml.* to enrico identified by "PASSWORD";

Tags: mysql, database

Setup an HTTPS website:

Create a certificate:

# mkdir /etc/apache2/ssl
# make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

Create a virtual host on port 443:


Enable SSL in the VirtualHost:

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem

Enable listening on the HTTPS port (/etc/apache2/ports.conf):

Listen 443

and make sure the SSL module is used:

# a2enmod ssl

Tags: ssl, https, configuration, apache

Useful Apache / Apache2 stuff

Check configuration file via running:

# apache2ctl configtest

Enable a site:

# a2ensite sitename

Enable a module

# a2enmod modulename

Tags: apache, configuration

Create tar archive and store it on remote machine:

% tar zcf - /sourcedir | ssh user@targethost "cat >file.tgz"

Tags: tar, backup, remote, network, ssh

Pick out and displays images from network traffic:

# driftnet

Tags: remote, network, sniff, image

Install Flash plugin:

# dpkg-reconfigure flashplugin-nonfree

Tags: flash, plugin

To test a proxy, low level way:

% telnet proxy 8080
GET HTTP/1.0 [press enter twice]

Tags: proxy

Adjust system for use of qemu with kqemu:

Make sure you have all you need:
# aptitude update ; aptitude install qemu kqemu-modules-$(uname -r)

Then set up kqemu:

modprobe kqemu
mknod /dev/kqemu c 250 0
chmod 666 /dev/kqemu
chmod 666 /dev/net/tun

Check kqemu support via starting qemu, press
Ctrl-Alt-2 and entering 'info kqemu'.

(High-Load) Debugging related tools:

mpstat  # report processors related statistics
iostat  # report CPU statistics and input/output statistics for devices and partitions
vmstat  # report virtual memory statistics
slabtop # display kernel slab cache information in real time
atsar   # system activity report
dstat   # versatile tool for generating system resource statistics

Usage examples:

# mpstat -P ALL
# iostat -x 1
# iostat -xtc 5 3
# vmstat 1
# atsar -t 60 10
# dstat -af

Tags: test, debug, information, hardware, statistic

Using WPA for network setup manually:

# wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf

Adjust the options and configuration file to your needs.
Also take a look at 'grml-network'.

Tags: wireless, wpa, network, configuration

Start X and lock console via exiting:

% startx 2>~/.xsession-errors &| exit

Tags: xorg, x11, startx, graphical

Which process is writing to disk and/or causes the disk to spin up?

First of all use lsof to check what's going on. Does not help? ->

# echo 1 > /proc/sys/vm/block_dump

The command sets a sysctl to cause the kernel to log all disk
writes. Please notice that there is a lot of data.  So please
disable syslogd/syslog-ng before you do this, or you must make
sure that kernel output is not logged.

When you're done, disable block dump using:
# echo 0 > /proc/sys/vm/block_dump

laptop-mode-tools provides a tool named lm-profiler (laptop mode profiler)
which handles block_dump on its own.

See: $KERNEL-SOURCE/Documentation/laptop-mode.txt

Also take a look at event-viewer(8) which is part of grml-debugtools.

Tags: debug, device, block, partition

Install initrd via initramfs-tools for currently running kernel:

# update-initramfs -c -t -k $(uname -r)

Tags: initrd

Install initrd via yaird for currently running kernel:

# yaird -o /boot/initrd.img-$(uname -r)

Install initrd via yaird for specific kernel:

# mount /proc
# mount /sys
# yaird -o /boot/initrd.img-2.6.15-1-686 2.6.15-1-686

Reinstall package with its original configuration files:

# apt-get install --reinstall -o DPkg::Options::=--force-confmiss -o   DPkg::Options::=--force-confnew package

grml 0.8 funkenzutzler - rt2x00 drivers:

To avoid conflicts with the other rt2x00-drivers the package rt2x00 (which
includes beta-version drivers) is not installed by default. If you want to
use the kernel modules rt2400pci, rt2500pci, rt2500usb, rt61pci and/or
rt73usb please install the package manually running:

# dpkg -i /usr/src/rt2x00-modules-*.deb

Use Java with jikes and jamvm on grml:

Simple demo:

% cp /usr/share/doc/grml-templates/ .
% jikes
% jamvm HelloWorld

Notice that grml exports $JIKESPATH (/usr/share/classpath/,
so you do not have to manually run
jikes --bootclasspath /usr/share/classpath/

Online resizing of (Software-)RAID5:

# Initiate a RAID5 setup for testing purposes:
mdadm --create --verbose /dev/md0 --level=5 --raid-devices=3 /dev/hda1 /dev/hdb1 /dev/hdd1

# Create filesystem, mount md0, create a testfile and save md5sum for
# later check:
mkfs.ext3 /dev/md0
mount /dev/md0 /mnt/test
dd if=/dev/urandom of=/mnt/test/dd bs=512 count=10000
md5sum /mnt/test/dd > md5sum

# Make sure the RAID is synched via checking:
cat /proc/mdstat

# Now remove one partition:
mdadm /dev/md0 --fail /dev/hdd1 --remove /dev/hdd1

# Delete partition, create a new + bigger one and set partition type to fd
# (Linux raid autodetect):
cfdisk /dev/hdd

# And re-add the partition:
mdadm -a /dev/md0 /dev/hdd1

# Make sure the RAID is synched via checking:
cat /proc/mdstat

# Repeat the steps for all other disks/partitions as well:
mdadm /dev/md0 --fail /dev/hdb1 --remove /dev/hdb1
cfdisk /dev/hdb
mdadm -a /dev/md0 /dev/hdb1
cat /proc/mdstat
mdadm /dev/md0 --fail /dev/hda1 --remove /dev/hda1
cfdisk /dev/hda
mdadm -a /dev/md0 /dev/hda1
cat /proc/mdstat

# Now resize the RAID5 system online [see 'man mdadm' for details]:
mdadm --detail /dev/md0 | grep -e 'Array Size' -e 'Device Size'
mdadm --grow /dev/md0 -z max
mdadm --detail /dev/md0 | grep -e "Array Size" -e 'Device Size'

# Last step - resize the filesystem (online again):
resize2fs /dev/md0

Tags: raid, resize, raid5, mdadm

ext3 online resizing:

Starting with Linux kernel 2.6.10 you can resize ext3 online.  With
e2fsprogs >=1.39-1 new filesystems are created with directory indexing and
on-line resizing enabled by default (see /etc/mke2fs.conf).


cfdisk /dev/hda                           # create a partition with type 8e (lvm)
pvcreate /dev/hda2                        # create a physical volume
vgcreate resize_me /dev/hda2              # create volume group
lvcreate -n resize_me -L100 resize_me     # create a logical volume
mkfs.ext3 /dev/resize_me/resize_me        # now create a new filesystem
mount /dev/resize_me/resize_me /mnt/test  # mount the new fs for demonstrating online resizing
df -h                                     # check the size of the partition
lvextend -L+100M /dev/resize_me/resize_me # let's extend the logical volume
resize2fs /dev/resize_me/resize_me        # and finally resize the filesystem
df -h                                     # recheck the size of the partition

This also works for Software-RAID. Demo:

mdadm --create --verbose /dev/md0 --level=raid1 --raid-devices=2 /dev/hda2 /dev/hdb1
mkfs.ext3 /dev/md0
mount /dev/md0 /mnt/test
mdadm /dev/md0 --fail /dev/hda2 --remove /dev/hda2
cfdisk /dev/hda                                  # adjust partition size for hda2
mdadm /dev/md0 --add /dev/hda2
mdadm /dev/md0 --fail /dev/hdb1 --remove /dev/hdb1
cfdisk /dev/hdb                                  # adjust partition size for hdb1
mdadm /dev/md0 --add /dev/hdb1
mdadm --grow /dev/md0 --size=max
resize2fs /dev/md0

Notice: online resizing works as soon as the kernel can re-read the
partition table. So it works for example with LVM and SW-RAID but not with
a plain device (/dev/[sh]d*). The kernel does not re-read the partition
table if the device is already mounted.

Tags: resize, raid, lvm, ext2, ext3, ext4, raid1

Use vim as an outline editor:

% $PAGER /usr/share/doc/vim-vimoutliner/README.Debian
% vim ~/foo.otl
:he vo

Monitor directories/files for changes using iwatch

Monitor /tmp for changes:
% iwatch /tmp/

Monitor files/directories specified in /etc/iwatch.xml
and send mail on changes:
% iwatch

Tags: inotify, watch, file, directory

Some often used mdadm commands:

Set up RAID1:
# mdadm --create --verbose /dev/md0 --level=raid1 --raid-devices=2 /dev/hda1 /dev/hdb1

Display details of specific RAID:
# mdadm --detail /dev/md0
# cat /proc/mdstat

Simulating a drive failure by software:
# mdadm --manage --set-faulty /dev/md0 /dev/hda1

Remove disk from RAID:
# mdadm /dev/md0 -r /dev/hda1

Set disk as faulty and remove from RAID:
# mdadm /dev/md0 --fail /dev/hda1 --remove /dev/hda1

Stop a RAID-device:
# mdadm -S /dev/md0

Restart a RAID-device:
# mdadm -R /dev/md0

Add another disk to existing RAID setup (hotadd):
# mdadm /dev/md0 -a /dev/hde1
# mdadm --grow /dev/md0 --raid-devices=4

Assemble and start all arrays:
# mdadm --assemble --scan

Assemble a specific array:
# mdadm --assemble /dev/md0 /dev/sda1 /dev/sdb1 /dev/sdc1

# mdadm --assemble --run --force --update=resync /dev/md0 /dev/sda1 /dev/sda2

Stop and rebuild:
# mdadm --stop --scan

Scan for and setup arrays automatically:
# mdadm --assemble --scan --auto=yes --verbose

Notice: If the above does not work make sure /etc/mdadm/mdadm.conf contains:
DEVICE partitions
CREATE owner=root group=disk mode=0660 auto=yes
HOMEHOST <system>

# /usr/share/mdadm/mkconf > /etc/mdadm/mdadm.conf
might help as well.

Monitoring the sw raid
# nohup mdadm --monitor --mail=root@localhost --delay=300 /dev/md0

Producing /etc/mdadm/mdadm.conf:
# mdadm --detail --scan > /etc/mdadm/mdadm.conf

See also: man mdadm | less -p "^EXAMPLES"

Tags: raid, raid1, raid5, configuration, mdadm, howto

A quick summary of the most commonly used RAID levels:

RAID 0: Striped Set
 => 2 disks each 160 GB: 320 GB data
RAID 1: Mirrored Set
 => 2 disks each 160 GB: 160 GB data
RAID 5: Striped Set with Parity
 => 3 disks each 160 GB: 320 GB data; 160 GB redundancy

Common nested RAID levels:
RAID 01: A mirror of stripes
RAID 10: A stripe of mirrors
RAID 30: A stripe across dedicated parity RAID systems
RAID 100: A stripe of a stripe of mirrors


Tags: raid, raid1, raid5, raid01, raid10, raid100

Logical Volume Management (LVM) with Linux

LVM setup layout:

|    hda1   hdc1      (PV:s on partitions or whole disks)
|          /
|         /
|       diskvg        (VG)
|       /  |  |      /   |   |  usrlv rootlv varlv (LV:s)
|    |      |     |
| ext3    ext3  xfs   (filesystems)

Often used commands:

Create a physical volume:
# pvcreate /dev/hda2

Create a volume group:
# vgcreate testvg /dev/hda2

Create a logical volume:
# lvcreate -n test_lv -L100 testvg

Resize a logical volume:
# lvextend -L+100M /dev/resize_me/resize_me
# resize2fs /dev/resize_me/resize_me               # ext2/3
# xfs_growfs  /dev/resize_me/resize_me             # xfs
# resize_reiserfs -f /dev/resize_me/resize_me      # reiserfs online
# mount -o remount,resize /dev/resize_me/resize_me # jfs

Create a snapshot of a logical volume:
# lvcreate -L 500M --snapshot -n mysnap /dev/testvg/test_lv

Deactivate a volume group:
# vgchange -a n my_volume_group

Actually remove a volume group:
# vgremove my_volume_group

Display information about physical volume:
# pvdisplay /dev/hda1

Remove physical volume:
# vgreduce my_volume_group /dev/hda1

Remove logical volume:
# umount /dev/myvg/homevol
# lvremove /dev/myvg/homevol

See also: man lvm

Tags: lvm, howto, pvcreate, lvcreate

How to use APT locally

Sometimes you have lots of packages .deb that you would like to use APT to
install so that the dependencies would be automatically solved. Solution:

mkdir debs
dpkg-scanpackages debs /dev/null | gzip > debs/Packages.gz
echo "  deb file:/root debs/" >> /etc/apt/sources.list
dpkg-scansources debs | gzip > debs/Sources.gz
echo "  deb-src file:/root debs/" >> /etc/apt/sources.list

See also:

Tags: mirror, local

Check filesystem's LABEL:

generic way:
# blkid /dev/sda1

ext2/3 without blkid:
# dumpe2fs /dev/sda1 | grep "Filesystem volume name"

xfs without blkid:
# xfs_admin -l /dev/sda1

reiserfs without blkid:
# debugreiserfs /dev/sda1 | grep -i label

jfs without blkid:
# jfs_tune -l /dev/sda1 | grep -i label

reiser4 without blkid:
# debugfs.reiser4 /dev/sda1 | grep -i label

Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs, label

Check filesystem's UUID:

generic way:
# blkid /dev/sda1

ext2/3 without blkid:
# dumpe2fs /dev/sda1 | grep -i UUID

xfs without blkid:
# xfs_admin -u /dev/sda1

reiserfs without blkid:
# debugreiserfs /dev/sda1 | grep -i UUID

reiser4 without blkid:
# debugfs.reiser4 /dev/sda1 | grep -i UUID

Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs, uuid

Change a filesystem's LABEL:

# mkswap -L $LABEL /dev/sda1

# e2label /dev/sda1 $LABEL
# tune2fs -L $LABEL /dev/sda1

# reiserfstune -l $LABEL /dev/sda1

# jfs_tune -L $LABEL /dev/sda1

# xfs_admin -L $LABEL /dev/sda1

# echo 'drive i: file="/dev/sda1"' >> ~/.mtoolsrc
# mlabel -s i:$LABEL

# ntfslabel $LABEL /dev/sda1

Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs

Disable pdiffs feature of APT:

# echo 'Acquire::PDiffs "false";' >> /etc/apt/apt.conf

# apt-get update -o Acquire::Pdiffs=false

Backup big devices or files and create compressed splitted
image chunks of it using zsplit

Create backup of /dev/sda named archiveofsda_#.spl.zp in directory
/mnt/sda1/backup, split the files up into chunks of 1GB each and set
read/write buffer to 256kB:
# zsplit -b 256 -N archiveofsda -o /mnt/sda1/backup/ -s 1G /dev/sda

Restore the backup using unzsplit:
# unzsplit -D /dev/sda -d archiveofsda

More usage examples: man zsplit + man unzsplit

Tags: backup, reocvery, spllt, limit, howto

Measure network performance using iperf:

Server side:
% iperf -s -V

Client side:
% iperf -c <server_address> -V


Server with 128k TCP window size:
% iperf -s -w128k

Client with running for 60 seconds and bidirectional test:
% iperf -c <server_address> -r -w128k -t60

Tags: network, benchmark

Framebuffer resolutions:

                              Resolution in pixels
Color depth      |   640x480      800x600      1024x768      1280x1024
256        (8bit)|     769          771           773           775
32000     (15bit)|     784          787           790           793
65000     (16bit)|     785          788           791           794
16.7 Mill.(24bit)|     786          789           792           795

vga=0x... modes:

  Mode 0x0300: 640x400 (+640), 8 bits
  Mode 0x0301: 640x480 (+640), 8 bits
  Mode 0x0303: 800x600 (+800), 8 bits
  Mode 0x0303: 800x600 (+832), 8 bits
  Mode 0x0305: 1024x768 (+1024), 8 bits
  Mode 0x0307: 1280x1024 (+1280), 8 bits
  Mode 0x030e: 320x200 (+640), 16 bits
  Mode 0x030f: 320x200 (+1280), 24 bits
  Mode 0x0311: 640x480 (+1280), 16 bits
  Mode 0x0312: 640x480 (+2560), 24 bits
  Mode 0x0314: 800x600 (+1600), 16 bits
  Mode 0x0315: 800x600 (+3200), 24 bits
  Mode 0x0317: 1024x768 (+2048), 16 bits
  Mode 0x0318: 1024x768 (+4096), 24 bits
  Mode 0x031a: 1280x1024 (+2560), 16 bits
  Mode 0x031b: 1280x1024 (+5120), 24 bits
  Mode 0x0330: 320x200 (+320), 8 bits
  Mode 0x0331: 320x400 (+320), 8 bits
  Mode 0x0332: 320x400 (+640), 16 bits
  Mode 0x0333: 320x400 (+1280), 24 bits
  Mode 0x0334: 320x240 (+320), 8 bits
  Mode 0x0335: 320x240 (+640), 16 bits
  Mode 0x0336: 320x240 (+1280), 24 bits
  Mode 0x033c: 1400x1050 (+1408), 8 bits
  Mode 0x033d: 640x400 (+1280), 16 bits
  Mode 0x033e: 640x400 (+2560), 24 bits
  Mode 0x0345: 1600x1200 (+1600), 8 bits
  Mode 0x0346: 1600x1200 (+3200), 16 bits
  Mode 0x034d: 1400x1050 (+2816), 16 bits
  Mode 0x035c: 1400x1050 (+5632), 24 bits

Tags: framebuffer, resolution

Portscan using netcat:

# netcat -v -w2 <host|ip-addr.> 1-1024

Run apt-get but disable apt-listchanges:


Upgrade system but disable apt-listbugs:

APT_LISTBUGS_FRONTEND=none apt-get ...

Set up a Transparent Debian Proxy

Install of apt-cacher, the default config will do:
# apt-get install apt-cacher

Check out the ip address of debian mirror(s).
Then add this to your firewall script:

for ip in ${DEBIAN_MIRRORS} ; do
  ${IPTABLES} -t nat -A PREROUTING -s $subnet -d $ip -p tcp --dport 80 -j REDIRECT --to-port 3142

where ${IPTABLES} is the location of your iptables binary
and $subnet is your internal subnet.

Now everybody in your subnet who does access either or will actually
access your apt-cacher instead.

To use apt-cacher on the router itself, add the following
line to your /etc/apt/apt.conf:

Acquire::http::Proxy "http://localhost:3142/";

Tags: proxy, debian, apt-get, howto

Version control using Mercurial

Setting up a Mercurial project:

% cd project
% hg init           # creates .hg
% hg add            # add all files
% hg commit         # commit all changes, edit changelog entry

Branching and merging:

% hg clone linux linux-work  # create a new branch
% cd linux-work
<make changes>
% hg commit
% cd ../linux
% hg pull ../linux-work     # pull changesets from linux-work
% hg merge                  # merge the new tip from linux-work into
                            # (old versions used "hg update -m" instead)
                            # our working directory
% hg commit                 # commit the result of the merge

Importing patches:

% cat ../p/patchlist | xargs hg import -p1 -b ../p

Exporting a patch:

(make changes)
% hg commit
% hg tip
% hg export 1234 > foo.patch    # export changeset 1234

Export your current repo via HTTP with browsable interface:

% hg serve -n "My repo" -p 80

Pushing changes to a remote repo with SSH:

% hg push ssh://

Merge changes from a remote machine:

host1% hg pull http://foo/
host2% hg merge # merge changes into your working directory

Set up a CGI server on your webserver:
% cp hgwebdir.cgi ~/public_html/hg/index.cgi
% $EDITOR ~/public_html/hg/index.cgi # adjust the defaults

Download binary codecs for mplayer:

# /usr/share/mplayer/scripts/


# /usr/share/mplayer/scripts/ install

(depending on the mplayer version you have).

To play encrypted DVDs and if you are living in a country where using
libdvdcss code is not illegal can install Debian package libdvdread3
and use the script /usr/share/doc/libdvdread3/

Read manpages of uninstalled packages with debman:

% debman -p git-core git

Test network performance using netperf:

# netserver

# netperf -t TCP_STREAM -H

Tags: benchmark, network

Setup Xen within 20 minutes on Debian/grml

Install relevant software und update grub's menu.lst (Xen does not work with
usual lilo so install grub instead if not done already):

apt-get install linux-image-2.6.18-1-xen-686 xen-hypervisor-3.0.3-1-i386                  xen-utils-3.0.3-1 xen-tools bridge-utils

Example for installation of Debian etch as DomU:

mkdir /mnt/md1/xen
xen-create-image --debootstrap --dir=/mnt/md1/xen --size=2Gb --memory=512Mb --fs=ext3    --cache=yes --dist=etch --hostname=xengrml1 --ip --netmask   --gateway --initrd=/boot/initrd.img-2.6.18-1-xen-686   --kernel=/boot/vmlinuz-2.6.18-1-xen-686 --mirror=

Start services:

/etc/init.d/xend start
/etc/init.d/xendomains start

Setup a bridge for network, either manually:

brctl addbr xenintbr
brctl stp xenintbr off
brctl sethello xenintbr 0
brctl setfd xenintbr 0
ifconfig xenintbr netmask up

or via /etc/network/interfaces (run ifup xenintbr to bring up the device then
without rebooting):

auto xenintbr
iface xenintbr inet static
  pre-up brctl addbr xenintbr
  post-down brctl delbr xenintbr
  bridge_fd 0
  bridge_hello 0
  bridge_stp off

Setup forwarding (adjust $PUBLIC_IP; for permanet setup use /etc/sysctl.conf and
add the iptables commands to a startup script like /etc/init.d/rc.local):

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -s -j SNAT --to $PUBLIC_IP
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to $PUBLIC_IP

Adjust network configuration of Xend:

cat >> /etc/xen/xend-config.sxp << EOF
(network-script    network-route)
(vif-bridge        xenintbr)
(vif-script        vif-bridge)

List domains, start up a DomU, shutdown later again:

xm create -c /etc/xen/xengrml1.cfg
xm list
xm shutdown 1

This HowTo is also available online at

Tags: howto, xen, grml

Play tetris with zsh:

autoload -U tetris
zle -N tetris
bindkey "^Xt" tetris

Now press 'ctrl-x t'.

Set up a router with grml

Run grml-router script:
# grml-router

Install dnsmasq if not already present:
# apt-get update ; apt-get install dnsmasq

Adjust /etc/dnsmasq.conf according to your needs:
# cat >> /etc/dnsmasq.conf << EOF
dhcp-range=,,1m # dhcp range
dhcp-option=3,   # dns server
dhcp-option=1, # netmask

Start dnsmasq finally:
# Restart dnsmasq

Tags: network, router, grml

Display stats about memory allocations performed by a program:

Usage example for 'ls':

% LD_PRELOAD=/lib/ ls > /dev/null

Use KVM (Kernel-based Virtual Machine for Linux):

Make sure to install the relevant tools:
# apt-get update ; apt-get install kvm
# modprobe kvm

Test it with a minimal system like ttylinux:
# wget
# gzip -d bootcd-i386-5.3.iso.gz
# kvm -cdrom bootcd-i386-5.3.iso

EEPROM data decoding for SDRAM DIMM modules:

# modprobe eeprom
# /usr/share/doc/lm-sensors/examples/eeprom/

Set up and use DVB:

Make sure your device is supported by Linux and running.
See for more details.

If the DVB device works on your system (see 'hwinfo --usb'
when using a DVB usb device for example), then make sure you
have the scan util from dvb-utils available:

# aptitude install dvb-utils

Then create a channels.conf configuration file:

% scan /usr/share/doc/dvb-utils/examples/scan/... > ~/.mplayer/channels.conf

You can find some example configuration files on
your grml system in ~/.channels. Usage example:

% ln -s ~/.mplayer/channels.conf-AT-graz ~/.mplayer/channels.conf

Tip: w_scan (see
might be useful if you do not know the initial configuration

Get the lastest mercurial snapshot:

Make sure you have the python-dev package available:
# apt-get update ; apt-get install python-dev

Get and build the source:
% hg clone mercurial
% cd mercurial
% make local
% export PYTHONPATH=$(pwd)
% export PATH=$PATH:$(pwd)

now you should have the newest version of mercurial whenever you execute hg.

To update to the lastest development snapshot, additionally use
the following commands:
% hg pull -u
% make local

Configure timezone

Available bootoptions relevant in live-cd mode:

* utc: set UTC, if your system clock is set to UTC (GMT)
* gmt: set UTC, if your system clock is set to UTC (GMT) [like bootoption utc]
* tz=$option: set timezone to corresponding $option, usage example:

Configuration options relevant on harddisk installation:

* Use the tzconfig utility to set the local timezone:

  # tzconfig

  which adjusts /etc/timezone and /etc/localtime according
  to the provided information. Running:

  # dpkg-reconfigure tzdata

  might be useful as well.

* /etc/default/rcS: set variable UTC according to your needs,
  whether your system clock is set to UTC (UTC='yes') or
  not (UTC='no')

* /etc/localtime: adjust zoneinfo according to your needs:

  # ln -sf /usr/share/zoneinfo/$WHATEVER_YOU_WANT /etc/localtime

  The zoneinfo directory contains the time zone files that were
  compiled by zic. The files contain information such as rules
  about DST. They allow the kernel to convert UTC UNIX time into
  appropriate local dates and times. Use the zdump utility to
  print current time and date (in the specified time zone).

* /etc/adjtime: This file is used e.g. by the adjtimex function,
  which can smoothly adjust system time while the system runs

* If you change the time (using 'date --set ...', ntpdate,...)
  it is worth setting also the hardware clock to the correct time:

  # hwclock --systohc [--utc]

  Remember to add the --utc -option if the hardware clock is set
  to UTC!

Still problems?

Check your current settings via:

  cat /etc/timezone
  zdump /etc/localtime
  echo $TZ
  hwclock --show
  grep hwclock /etc/runlevel.conf
  grep '^UTC' /etc/default/rc

Further information:

  hwclock(8) tzselect(1) tzconfig(8)

Tags: timezone, rtc, configuration

Recorder shellscript session using script:

% script -t 2>~/upgrade.time -a ~/upgrade.script
% scriptreplay ~/upgrade.time ~/upgrade.script

Test UTF-8 capabilities of terminal:

zcat UTF-8-demo.txt.gz


cat UTF-8-test.txt

UTF-8 at grml / some general information regarding Unicde/UTF-8:

This allows one ssh connection attepmt per minute per source ip, with a initial
burst of 10.  The available burst is like a counter which is initialised with
10. Every connection attempt decrements the counter, and every minute where the
connection limit of one per minute is not overstepped the counter is
incremented by one.  If the burst counter is exhausted the real rate limit
comes into play. This gives you 11 connectionattepmts in the first minute
before blocked for 10minutes.  After 10 minutes block the game restarts.

Hint: you could set the burst value to 5 and the block time to only 5 minutes
to achive the same average connection rate but with halve the block time.

iptables -A inet_in -p tcp --syn --dport 22 -m hashlimit --hashlimit-name ssh          --hashlimit 1/minute  --hashlimit-burst 10 --hashlimit-mode srcip            --hashlimit-htable-expire 600000 -j ACCEPT
iptables -A inet_in -p tcp --dport 22 -m state --state NEW -j REJECT

Tunnel a specific connection via socat:

On the client:
% socat TCP4-LISTEN:8003 TCP4:gateway:500

On the gateway:
# socat TCP4-LISTEN:500,fork TCP4:target:$PORT

Using localhost:8003 on the client uses the tunnel now.

Set date:

# date --set=060916102007

where the bits are month(2)/day(2)/hour(2)/minute(2)/year(4)

Set date using a relative date:

# date -s '+3 mins'


# date -s '+tomorrow'

Display a specific relative date:

# date -d '+5 days -2 hours'

Don't forget to set hardware clock via:

# hwlock -w

Booting grml via network / PXE:

Start grml-terminalserver on a system with network access
and where grml is running:

# grml-terminalserver

Then booting your client(s) via PXE should work without
any further work.

See: man grml-terminalserver +

Tags: howto, pxe, network, boot

Debugging SSL communications:

% openssl s_client -connect server.adress:993 > output_file
% openssl x509 -noout -text -in output_file


# ssldump -a -A -H -i eth0

See for more details.

Tags: debug, ssl, openssl

Remove bootmanager from MBR:

# lilo -M /dev/hda -s /dev/null

Tags: mbr, lilo

Rewrite grub to MBR:

# mount /mnt/sda1
# grub-install --recheck --no-floppy --root-directory=/mnt/sda1 /dev/sda

Tags: mbr, grub

Rewrite lilo to MBR:

# mount /mnt/hda1
# lilo -r /mnt/hda1

Tags: mbr, lilo

Create screenshot of plain/real console - tty1:

# fbgrab -c 1 screeni.png

Create screenshot when running X:

% scrot

Tip: use the gkrellshoot plugin when using gkrellm

Tags: screenshot, xorg

Redirect all connections to hostA:portA to hostB:portB, where hostA and hostB are
different networks:

Run the following commands on hostA:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --dport portA -j DNAT --to hostB:portB
iptables -A FORWARD -i eth0 -o eth0 -d hostB -p tcp --dport portB -j ACCEPT
iptables -A FORWARD -i eth0 -o eth0 -s hostB -p tcp --sport portB -j ACCEPT
iptables -t nat -A POSTROUTING -p tcp -d hostB --dport portB -j SNAT --to-source hostA

Tags: howto, network, redirect, port

Flash BIOS without DOS/Windows:

Dump flash info and set the flash chip to writable:
# flashrom

Backup the original BIOS:
# flashrom -r backup.bin

Notice: the following step will overwrite your current BIOS!
So make sure you really know what you are doing.

Flash the BIOS image:
# flashrom -wv newbios.bin

Also check out LinuxBIOS:

Enable shadow passwords:

# shadowconfig on

Set up an IPv6 tunnel on grml:

# ipv6-tunnel start

Set up console newsreader slrn for use with Usenet:

% grml-slrn

Calculate with IPv6 addresses:

% ipv6calc

For usage examples refer to manpage ipv6calc(8).

Tags: ipv6

Common network debugging tools for use with IPv6:

% ping6
% tracepath6
% traceroute6
% tracert6
% nc6
% tcpspray6

Tags: ipv6

Set up NFS (Network File System):

Make sure the relevant services are running on the server side:

# /etc/init.d/portmap start
# /etc/init.d/nfs-common start
# /etc/init.d/nfs-kernel-server start

Export shares via /etc/exports:


... or manually export a directory running:

# exportfs -o rw,wdelay,no_root_squash,async,subtree_check

and unexport a share running:

# exportfs -u

and every time when you modify /etc/exports file run

# exportfs -ra

Display what NFS components are running:

# rpcinfo -p

Display list of exported shares:

# exportfs -v
# showmount -e

Make sure the relevant services are running on the client side:

# /etc/init.d/portmap start
# /etc/init.d/nfs-common start

Verify that the server allows you to access its RPC/NFS services:

# rpcinfo -p server_name

Check what directories the server exports:

# showmount -e server_name

On the client side you can use something like the following in /etc/fstab: /mnt/nfs nfs defaults,users,wsize=8192,rsize=8192 0 0

Tags: nfs, howto, network

Mount a cloop file:

# aptitude install cloop-src
# m-a a-i cloop-src

# modprobe cloop file=/path/to/cloop/file
# mount -r -t iso9660 /dev/cloop /mnt/test

Create a PS/PDF of a plaintext file:

% a2ps --medium A4dj -E -o input_file
% ps2pdf

Print two pages on one in a PDF file:

% pdfnup --nup 2x1 input.pdf

Concatenate, extract pages/parts, encrypt/decrypt,
compress PDFs using 'pdftk'.

Read a PS/PDF file on console:

% pstotext file.pdf

or on plain framebuffer console in graphical mode:

% pdf2ps file.pdf ; ps2png file.png ; fbi file.png


% fbgs file.pdf

Bypass the password of a PDF file:

% gs -q -dNOPAUSE -sDEVICE=pdfwrite -sOutputFile=output.pdf input.pdf -c quit

Record sound:

% rec test.aiff

This will record a AIFF audio file.

Change passphrase / password of an existing SSH key:

% ssh-keygen -p

Enable syntax highlighting in nano:

Just uncomment the include directives for your respective
language at the bottom of the file /etc/nanorc

Create netboot package for grml-terminalserver:

# bash /usr/share/doc/grml-terminalserver/examples/create-netboot

To boot grml via network (PXE) check out grml-terminalserver:

# grml-terminalserver

See for more details.

Rotate pictures:

Using the 'Orientation' tag of the Exif header, rotate
the image so that it is upright:
% jhead -autorot *.jpg

Manually rotate a picture:
% convert -rotate 270 input.jpg output.jpg

Rename files based on the information inside their exif header:

% jhead -n%Y-%m-%d_%Hh%M_%f *.jpg

This will rename a file named img_2071.jpg to something like:


if it was shot at 10:38 o'clock on 2007-08-17 (according to
the information inside the exif header).

Calculate network / netmask:

Usage examples:
% ipcalc
% ipcalc

Blacklist a kernel module:

# blacklist <name_of_kernel_module>

-> running 'blacklist hostap_cs' for example will generate an
entry like this in /etc/modprobe.d/grml:

blacklist hostap_cs
alias hostap_cs off

To remove the module from the blacklist again just invoke:

# unblacklist <name_of_kernel_module>

or manually remove the entry from /etc/modprobe.d/grml.

Create a Debian package of a perl module:

% dh-make-perl --cpan Acme::Smirch --build

The Magic SysRq Keys (SysReq or Sys Req, short for System Request):

To reboot your system using the SysRq keys just hold down the Alt and
SysRq (Print Screen) key while pressing the keys REISUB ("Raising
Elephants Is So Utterly Boring").

R = take the keyboard out of raw mode
E = terminates all processes (except init)
I = kills all processes (except init)
S = synchronizes the disk(s)
U = remounts all filesystems read-only
B = reboot the system

Notice: use O instead of B for poweroff.

Or write the sequence to /proc/sysrq-trigger instead:

# for i in r e i s u b ; do echo $i > /proc/sysrq-trigger ; done

To enable or disable SysRq calls:

# echo 0 > /proc/sys/kernel/sysrq
# echo 1 > /proc/sys/kernel/sysrq

See for more details.

Tags: reboot, documentation, sysrq, magic

Memtest / memcheck:

Just boot your grml Live-CD with "memtest" to execute a memcheck/memtest
with Memtest86+.

Tunnel TCP-Traffic through DNS using dns2tcp:

1. Create necessary DNS-Records:     3600    IN      NS     3600    IN      A       3600    IN      A

2. Configure dns2tcpd on
# cat /etc/dns2tcpd.conf 
listen =          #the ip dns2tcpd should listen on
port = 53                     #" port " " " "
user = nobody
chroot = /tmp
domain =  # the zone as specified inside dns
ressources = ssh: # available resources

3. Start the daemon:
# cat > /etc/default/dns2tcp << EOF
# Set ENABLED to 1 if you want the init script to start dns2tcpd.
# /etc/init.d/dns2tcp start

You have two possibilities:
- Use the DNS inside your network (DNS must allow resolving for external domains)
# grep nameserver /etc/resolv.conf 
# dns2tcpc -z
Available connection(s) : 
# dns2tcpc -r ssh -l 2222 -z &
Listening on port : 2222
# ssh localhost -p 2222

- Directly contact the endpoint (port 53 UDP must be allowed outgoing)
# dns2tcpc -z
Available connection(s) : 
# dns2tcpc -r ssh -l 2222 -z &
Listenning on port : 2222
# ssh localhost -p 2222

Notice: using 'ssh -D 8080 ..' you will get a socks5-proxy listening on
localhost:8080 which you can use to tunnel everything through your "dns-uplink".

Tags: howto, network, tunnel

Configure a MadWifi device for adhoc mode:

Disable the autocreation of athX devices:
# echo "options ath_pci autocreate=none" > /etc/modprobe.d/madwifi

Remove the autocreated device for now:
# wlanconfig ath0 destroy

Configuration in /etc/network/interfaces:

iface ath0 inet static
  madwifi-base wifi0
  madwifi-mode adhoc

  - Do not use interface names without ending 0 (otherwise startup fails).
  - Only chooss unique names for interfaces.

Find dangling symlinks using zsh:

% ls **/*(-@)

Use approx with runit supervision

Install the packages:
# apt-get install approx runit

Add user approxlog for the logging daemon:
# adduser --system --home /nonexistent --no-create-home approxlog

Create config directory:
# mkdir /etc/sv/approx

Use /var/run/sv.approx as supervise directory:
# ln -s /var/run/sv.approx /etc/sv/approx/supervise

# cat > /etc/sv/approx/run << EOF
echo 'approx starting'
exec approx -f 2>&1

You normally do not need a logging service for approx because it logs
to syslog too. So just for completion:
# mkdir -p /etc/sv/approx/log
# ln -s /var/run/sv.approx.log /etc/sv/approx/log/supervise
# cat > /etc/sv/approx/log/run << EOF
set -e
test -d "$LOG" || mkdir -p -m2750 "$LOG" && chown approxlog:adm "$LOG"
exec chpst -uapproxlog svlogd -tt -v "$LOG"

Now activate the new approx service (will be started within 5s):
# ln -s /etc/sv/approx/ /var/service/

Make approx managed via runit available via init-script interface:
# dpkg-divert --local --rename /etc/init.d/approx
# ln -s /usr/bin/sv /etc/init.d/approx

Remote-reboot a grml system using SysRQ via /proc (execute as root):

eject &>/dev/null
umount -l /cdrom
eject /dev/cdrom
echo b > /proc/sysrq-trigger

Tags: reboot, howto, grml, network

Show what happens on /dev/sda0:

# mount the debugfs to relay kernel info to userspace
mount -t debugfs none /sys/kernel/debug

# is a convenient wrapper arround blktrace and blkparse
btrace /dev/sda0

Tags: debug, block, partition, trace

Convert Flash to Avi:

% ffmpeg -i input.flv output.avi

Extract MP3 from Flash file:

% for i in *.flv; do ffmpeg -i $i -acodec copy ${i%.flv}.mp3 ; done

Usage example for cryptsetup / -luks encrypted partition on LVM:

volume group name:   x61
logical volume name: home

echo "grml-crypt_home /dev/mapper/x61-home none luks" >> /etc/crypttab
Start cryptdisks
mount /dev/mapper/grml-crypt_home /mnt/test

fdisk/parted/... complains with something like
'unable to open /dev/sda - unrecognised disk label'?!

See =>

* use /sbin/fdisk.distrib from util-linux
* switch to sfdisk, cfdisk,...
* use parted's mklabel command (but please read the
  parted manual before executing this command)

dmraid - support for SW-RAID / FakeRAID controllers
like Highpoint HPT and Promise FastTrack

Activate all software RAID sets discovered:
# dmraid -ay

Deactivates all active software RAID sets:
# dmraid  -an

Discover all software RAID devices supported on the system:
# dmraid -r

Extract winmail.dat:

List content:
% ytnef winmail.dat

Extract files to current directory:
% ytnef -f . winmail.dat

Approx - Debian package proxy/cacher howto

% apt-get install approx
% echo 'debian' >>/etc/approx/approx.conf
% Restart approx

Add your new approx to sources.list

deb http://localhost:9999/debian  unstable  main contrib non-free

use approx in grml-debootstrap like:
% grml-debootstrap -r lenny -t /dev/sda1 -m

Simple webserver with python:

% python -m SimpleHTTPServer

Upgrade only packages from the grml-stable Debian repository:

echo 'deb grml-stable main' > /etc/apt/grml-stable.list
apt-get -o Dir::Etc::sourcelist=/etc/apt/grml-stable.list -o Dir::Etc::sourceparts=/doesnotexist update
apt-get upgrade

Install Centos into a directory:

% febootstrap centos-5 directory

Install Fedora into a directory:

% febootstrap fedora-11 target_directory

Use Nessus / OpenVAS (remote network security auditor):

Install software packages:
# apt-get update
# apt-get install openvas-client openvas-server openvas-plugins-base openvas-plugins-dfsg

Add a user:
# openvas-adduser

Start openvas server (takes a while):
# Start openvas-server

Invoke client as user:
% OpenVAS-Client

Find packages not available from any active apt repository:

% apt-show-versions | awk '/No available version in archive/{print $1}'

Simple mailserver with python:

% python -m smtpd -n -c DebuggingServer localhost:1025

finger via netcat:

echo $USER | nc $HOST 79

Install Archlinux using Grml:

Export blockdevices via AoE (ATA over Ethernet):

% vblade -m 11:22:33:44:55:66 160 2 eth0 /dev/sdb1

Allow the host with the mac address 11:22:33:44:55:66 to access /dev/sdb1
via eth0, using the shelf and slot numbers 160 and 2. These numbers are
arbitrary but should be unique within the network.

A word of warning: AoE is prone to all kind of nasty ethernet attacks,
especially arp spoofing. Do not use in hostile networks.

Tags: aoe, blockdevice, export, server

Access blockdevices via AoE (ATA over Ethernet):

% sudo aoe-discover

and the device should show up under /dev/etherd/. If your shelf and
slot numbers re 160 and 2 the device will be /dev/etherd/e160.2

A word of warning: AoE is prone to all kind of nasty ethernet attacks,
especially arp spoofing. Do not use in hostile networks.

Tags: aoe, blockdevice, export, client