Install grml to harddisk:
# grml2hd
Notice: You can pre-select the partition for the partition selector
and mbr dialogs inside grml2hd using:
# grml2hd /dev/hda1 -mbr /dev/hda
See: man grml2hd + http://grml.org/grml2hd/
Tags: grml2hd, installation
Install grml on software RAID level 1:
Create /dev/md0 (and some more /dev/md* devices) first of all:
# cd /dev && MAKEDEV dev
Create RAID:
# mdadm --create --verbose /dev/md0 --level=raid1 --raid-devices=2 /dev/hda1 /dev/hdc1
Finally install grml on it:
# SWRAID='mbr-only' grml2hd /dev/md0 -mbr /dev/md0
See: man grml2hd + http://grml.org/grml2hd/
Tags: grml2hd, installation, mdadm, raid
Install grml in non interactive mode with grml2hd:
Adjust configuration as needed:
# vim /etc/grml2hd/config
Then execute:
# GRML2HD_NONINTERACTIVE=yes grml2hd
or run:
# grml2hd -i
Use with care and only if you really know what you are doing!
See: man grml2hd + http://grml.org/grml2hd/
Tags: grml2hd, installation
Configure network:
# grml-network
Tags: configuration, network
Deactivate error correction of zsh:
% NOCOR=1 zsh
Run zsh-help for more information regarding zsh.
Tags: zsh, configuration
Disable automatic setting of title in GNU screen:
% NOPRECMD=1 zsh
Set it manually e.g. via:
% screen -X title foobar
Run zsh-help for more information regarding zsh.
Tags: zsh, configuration
Do not use menu completion in zsh:
% NOMENU=1 zsh
Run zsh-help for more information regarding zsh.
Tags: zsh, configuration
Run GNU screen with grml-configuration:
% grml-screen
or
% screen -c /etc/grml/screenrc
Tags: screen, configuration
Print out grml-version:
% grml-version
Tags: grml
Configure mutt:
% grml-mutt
Tags: mutt
Configure mutt-ng / muttng:
% grml-muttng
Tags: muttng
Set up Inode-PPTP connection:
# grml-pptp-inode
or
# grml-pptp-xdsl-students
Tags: pptp, inode, xdsl
Set up VPN / WLAN connection at TUG (TU Graz):
Set ESSID and request for ip-address via DHCP:
# iwconfig $DEVICE essid tug
# dhclient $DEVICE
Now run the main script:
# grml-vpnc-tugraz
After running the script an init script is available:
# /etc/init.d/vpnctug [start|stop]
Tags: tug
Set up PPTP connection at VCG (Virtual Campus Graz):
# grml-pptp-vcgraz
Tags: pptp, vcg
Set up VPN:
# grml-vpn <options>
Usage example:
# grml-vpn -k 2005 add 1000 192.168.20.1 192.168.20.2
See: man grml-vpn
Tags: grml, vpn, network
Use encrypted files / partitions:
# grml-crypt <options>
Usage example:
Initialize:
# grml-crypt format /mnt/external1/encrypted_file /mnt/test
# cp big_file /mnt/test
# grml-crypt stop /mnt/test
Use:
# grml-crypt start /mnt/external1/encrypted_file /mnt/test
# grml-crypt stop /mnt/test
See: man grml-crypt
Tags: crypto, grml-crypt, dmcrypt, luks
Change resolution of X:
% xrandr -s '1024x768'
Tags: x11, xorg, resolution
Change resolution of framebuffer:
# fbset 800x600-60
Tags: resolution
Configure newsreader slrn:
% grml-slrn
Tags: slrn
Configure grml system:
# grml-config
Or directly run scripts:
# grml-config-root
% grml-config-user
Tags: grml, configuration
Lock screen (X / console):
% grml-lock
Press ctrl-alt-x to lock a GNU screen session.
Tags: grml, lock, grml-lock, screen
Change wallpaper in X:
% grml-wallpaper <press-tab>
Tags: grml, wallpaper
Start X window system (XFree86 / Xorg / X.org):
% grml-x $WINDOWMANAGER
Usage examples:
% grml-x fluxbox
% grml-x -mode '1024x768' wmii
% grml-x -nosync wm-ng
Tags: grml-x, x11, xorg, graphic
Collect hardware information:
% grml-hwinfo
or run as root to collect some more information:
# grml-hwinfo
will generate a file named info.tar.bz2.
Tags: grml, hardware, hwinfo, collect
Configure hardware detection features of harddisk installation:
# grml-autoconfig
or manually edit /etc/grml/autoconfig[.small]
See: man grml-autoconfig
Tags: grml, installation, configuration
Bootoptions / cheatcodes / bootparams for booting grml:
On the grml-ISO if not running grml:
% less /cdrom/GRML/grml-cheatcodes.txt
When running grml:
% most /usr/share/doc/grml-docs/grml-cheatcodes.txt.gz
Tags: grml, cheatcodes, boot, bootoptions, bootparam
Report bugs to Debian's Bug Tracking System (BTS):
% reportbug --bts debian
or adjust /etc/reportbug.conf to your needs.
See:
http://grml.org/bugs/
http://www.debian.org/Bugs/
Tags: bug, reportbug, bts, debian
Offline documentation:
% grml-info
Online documentation:
http://grml.org/faq/
http://grml.org/docs/
http://wiki.grml.org/doku.php
Tags: info, grml, grml-info, documentation
Mount NTFS partition (read-write):
# mount.ntfs-3g /dev/sda1 /mnt/sda1
Tags: ntfs, mount
Overwrite specific file on an NTFS partition:
ntfscp /dev/hda1 /tmp/file_source path/to/file_target
Resize an NTFS partition:
# ntfsresize ..
Usage example:
ntfsresize -n -s 10G /dev/hda1 # testcase
ntfsresize -s 10G /dev/hda1 # testing was successfull, now really resize partition
cfdisk /dev/hda # delete partition hda1, create new one with 10000MB and fs-type 07 (NTFS)
Tags: ntfs, resize, ntfsresize
Modify resolution for intel graphic chipsets:
# 915resolution ..
Usage example:
# 915resolution 4d 1400 1050
Connect bluetooth mouse:
# bt-hid start
... and press 'connect' button on your bluetooth device.
Connect bluetooth headset:
# bt-audio start
... and press 'connect' button on your bluetooth device.
Secure delete file / directory / partition:
# wipe -kq /dev/hda1
See: man wipe
Also take a look at shred(1), sfill(1) and http://dban.sourceforge.net/
Tags: delete, secure, wipe, shred
Use grml on Samsung X20 laptop:
# apt-get install grml-samsung-x20
See: http://www.michael-prokop.at/computer/samsung_x20.html
Development information regarding grml:
http://blog.grml.org/
Tags: blog, grml, developmnet
Contact Grml team:
#grml on irc.oftc.net - https://grml.org/irc/
http://grml.org/contact/
Tags: contact, irc, oftc, email
Join the grml mailinglist:
http://grml.org/mailinglist/
Tags: grml, mailinglist
Help us - donate!
http://grml.org/donations/
Tags: grml, donation
Commercial support / system administration / adjusted live-cds:
grml-solutions: http://grml.org/solutions/
Tags: grml, commercial, customize
Information regarding the kernel provided by grml:
http://grml.org/kernel/
Tags: documentation, grml, kernel
SMTP command-line test tool:
% swaks <options>
Usage example:
% swaks -s $MAILSERVER -tlsc -a -au $ACCOUNT -ap $PASSWORD -f $MAILADRESSE -t $MAILADRESSE
See: man swaks
Tags: swak, smtp, test
NTFS related packages:
scrounge-ntfs
salvage-ntfs
ntfsprogs
Tags: utils, ntfs
Modify service through init script:
# Start ssh
# Stop samba
# Restart apache
# Reload postfix
# service gpm start
# /etc/init.d/lvm start
Tags: init, script, start, stop
Test joystick:
# jstest /dev/input/js0
Play movie:
% mplayer /path/to/movie
Tags: movie, mplayer
Use webcam with mplayer:
% mplayer tv:// -tv driver=v4l:width=352:height=288:outfmt=yv12:device=/dev/video0
Tags: webcam, mplayer
Powerful network discovery tool:
# scapy
Tags: network, python, tool
Grab an entire CD and compress it to Ogg/Vorbis,
MP3, FLAC, Ogg/Speex and/or MPP/MP+(Musepack) format:
% abcde
Tags: rip, abcde, mp3, transcode, audio
Show a console session in several terminals:
% gems
Switch behaviour of caps lock key:
% caps-ctrl
grep with Perl-compatible regular expressions:
% pcregrep
ncp: a fast file copy tool for LANs
Local (send file):
% npush file_to_copy
Remote (receive file):
% npoll
Tags: copy, file, network
utility for sorting records in complex ways:
% msort
a smaller, cheaper, faster SED implementation:
% minised
zsh tips:
% man zsh-lovers
See: http://grml.org/zsh/
zsh reference card for grml system:
http://grml.org/zsh/
/usr/share/doc/grml-docs/zsh/grml-zsh-refcard.pdf.gz
Multiple rename:
% for i in foo* ; do mv "$i" "bar${i/foo}" ; done
% qmv foo*
% prename 's/foo/bar/' foo*
% mmv "foo*" "bar#1"
% zmv 'foo(*)' 'bar$1'
Test TFT / LCD display:
% lcdtest
Test sound:
% soundtest
Improved grep version:
% glark
Grep with highlighting:
% grep --color=auto ...
% hgrep ...
Tags: grep, color, highlight
Extract matches when grepping:
Usage examples:
% ifconfig | grepc 'inet addr:(.*?)s'
% ifconfig | glark --extract-matches 'inet addr:(.*?)s'
Output text as sound:
% say 'ghroummel'
% xsay # when running X and text selected via mouse
Adjust a grml harddisk (grml2hd) installation:
# grml2hd-utils
Tags: grml2hd, configuration, installation
Get information on movie files:
% tcprobe -i file.avi
Get an overview of your image files:
% convert 'vid:*.jpg' thumbnails.jpg
List all standard defines:
% gcc -dM -E - < /dev/null
Send a mail as reminder:
echo "mail -s 'check TODO-list' $MAILADDRESS < /dev/null" | at 23:42
ncurses-based presentation tool:
% tpp
See: man tpp and /usr/share/doc/tpp/examples/
Use ICQ / Jabber / Yahoo! / AIM / MSN /... on command line:
% centericq
Use IRC on command line:
% irssi
Diff / merge files:
% vimdiff file1 file2
Re-diffing:
:diffupdate
Moving between diffs:
[c
]c
Synchronizing:
:diffget
:diffput
Hardware monitoring without kernel dependencies:
% mbmon
Install grml-iso to usb-stick:
% grml2usb grml.iso /mount/point
Tags: usbpen, usbstick, installation, grml2usb
Use mplayer on framebuffer console:
% mplayer -vo fbdev ...
Use links2 on framebuffer console:
% links2 -driver fb ...
Switch language / keyboard:
* use the bootparam lang to set language environment ($LANG, $LC_ALL, $LANGUAGE)
* use the bootparams keyboard / xkeyboard to activate specific keyboard layout
Usage example: 'grml lang=us keyboard=de xkeyboard=de'
Or run one of the following commands:
% grml-lang de
or
# loadkeys i386/qwertz/de-latin1-nodeadkeys.kmap.gz # console
% setxkbmap de # X11
Tags: language, keyboard, configuration
Switch setting of caps-control key (switch between ctrl + shift) on keyboard:
# caps-ctrl
Mount usb device / usb stick:
% mount /mnt/external1 # corresponds to /dev/sda1
or
% mount /mnt/external # corresponds to /dev/sda
Install Sun Java packages:
Download j2re.bin-file from http://java.sun.com/downloads/index.html and run
# apt-get install java-package
# fakeroot make-jpkg j2re-*.bin
# dpkg -i sun-j2re*.deb
# update-alternatives --config java
Improved dd version:
ddrescue is an improved version of dd which tries to read and
if it fails it will go on with the next sectors, where tools
like dd will fail.
% ddrescue ...
See: man ddrescue
How to make an audio file (e.g. Musepack format) out of a DVD track:
% mkfifo /tmp/fifo.wav
% mppenc /tmp/fifo.wav track06.mpc &
% mplayer -vo null -vc null -ao pcm:fast:file=/tmp/fifo.wav -dvd-device /dev/dvd dvd://1 -chapter 6-6
Adjust the mppenc line with the encoder you would like to use,
for example 'oggenc -o track06.ogg /tmp/fifo.wav' for ogg files.
Alternative:
% mplayer -vo null -dumpaudio -dumpfile track06.raw -aid N -dvd-device /dev/dvd dvd://1 -chapter 6-6
to extract audio without processing, where 'N' is the corresponding audio channel (see 'man mplayer')
Usage example for getting a PCM/wave file from audio channel 128:
% mplayer -vo null -vc null -ao pcm:fast:file=track06.wav -aid 128 -dvd-device /dev/dvd dvd://6
Create simple chroot:
# make_chroot_jail $USERNAME
Convert DOS formated file to unix format:
sed 's/.$//' dosfile > unixfile # assumes that all lines end with CR/LF
sed 's/^M$//' dosfile > unixfile # in bash/tcsh, press Ctrl-V then Ctrl-M
sed 's/x0D$//' dosfile > unixfile # gsed 3.02.80, but top script is easier
awk '{sub(/r$/,"");print}' # assumes EACH line ends with Ctrl-M
gawk -v BINMODE="w" '1' infile >outfile # in DOS environment; cannot be done with
# DOS versions of awk, other than gawk
tr -d r < dosfile > unixfile # GNU tr version 1.22 or higher
tr -d '015' < dosfile > unixfile # use octal value for "r" (see man ascii)
tr -d '[015032]' < dosfile > unixfile # sometimes ^Z is appended to DOS-files
vim -c ":set ff=unix" -c ":wq" file # convert using vim
vim -c "se ff=dos|x" file # ... and even shorter ;)
recode ibmpc..lat1 file # convert using recode
echo -e "s/r//g" > dos2unix.sed; sed -f dos2unix.sed < dosfile > unixfile
Tags: windows, line, convert, recode, tr, line end,
Save live audio stream to file:
% mplayer -ao pcm:file=$FILE $URL
Save live stream to file:
% mplayer -dumpfile $FILE -dumpstream $STREAM
or
% mencoder mms://$URL -o $FILE -ovc copy -oac copy
or
% mimms mms://file.wmv
Merge video files:
AVI:
% avimerge -i *.avi -o blub.avi
MPEG:
% cat *.mpg > blub.mpg
WMV:
% mencoder file1.wmv -ovc lavc -oac lavc -ofps 25 -srate 48000 -mc 0 -noskip -forceidx -o file1.avi
% mencoder file2.wmv -ovc lavc -oac lavc -ofps 25 -srate 48000 -mc 0 -noskip -forceidx -o file2.avi
% avimerge -i file1.avi file2.avi -o blub.avi
Display MS-Word file:
% strings file.doc | fmt | less
or
% antiword file.doc
Convert MS-Word file to postscript:
% antiword -p a4 file.doc > file.ps
Convert manual to postscript:
% zcat /usr/share/man/man1/zsh.1.gz | groff -man > zsh.1.ps
or
% man -t zsh > zsh.ps
Read BIOS:
% dd if=/dev/mem bs=1k skip=768 count=256 2>/dev/null | strings -n 8
Read HTTP via netcat:
echo -e "GET / HTTP/1.1rnHost: $DOMAINrnrn" | netcat $DOMAIN 80
Get X ressources for specific program:
% xrdb -q |grep -i xterm
Get windowid of specific X-window:
% xwininfo -int | grep "Window id:" | cut -d ' ' -f 4
Get titel of specific X-window:
% xprop WM_CLASS
check locale - LC_MESSAGES:
% locale -ck LC_MESSAGES
Create random password:
% pwgen
or
% dd if=/dev/urandom bs=14 count=1 | hexdump | cut -c 9-
Get tarballs of various Linux Kernel trees:
% ketchup 2.6
to get the current stable 2.6 release
% ketchup -l
to get a list of all supported trees
Transfer your SSH public key to another host:
% ssh-keygen # ssh-keygen / ssh-key-gen: if you don't have a key yet
[...]
% ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote-system
or
% cat $HOME/.ssh/id_rsa.pub | ssh user@remote-system 'cat >> .ssh/authorized_keys'
Tags: ssh, ssh key, public key, ssh-copy-id, ssh-keygen
Update /etc/fstab entries:
# grml-rebuildfstab
See "man grml-rebuildfstab" for more details about
generation of /etc/fstab (including stuff like
fs LABELs / UUIDs,...).
Fetch and potentially change SCSI device parameters:
# sdparm /dev/sda
See: man sdparm
reclaim disk space by linking identical files together:
% dupmerge...
Find and remove duplicate files:
% dupseek ...
Perform layer 2 attacks:
# yersinia ...
Tags: network, attack, security
rootsh
Guess PC-type hard disk partitions / partition table:
# gpart <options>
Perform a standard scan:
# gpart /dev/ice
Write back the guessed table:
# gpart -W /dev/ice /dev/ice
Tags: partition, recovery, disk
Develop, test and use exploit code with the Metasploit Framework:
cd /tmp
wget http://spool.metasploit.com/releases/framework-3.2.tar.gz
unp framework-3.2.tar.gz
cd framework-3.2
./msfcli
Useful documentation:
% w3m /usr/share/doc/Debian/reference/reference.en.html
or
% xpdf =(zcat /usr/share/doc/Debian/reference/reference.en.pdf.gz)
http://grml.org/docs/ grml Documentation
http://wiki.grml.org/ grml Wiki
http://www.debian.org/doc/ Debian Documentation
http://wiki.debian.org/ Debian Wiki
http://www.gentoo.org/doc/en/ Gentoo Documentation
http://gentoo-wiki.com/ Gentoo Wiki
http://www.tldp.org/ The Linux Documentation Project
Tips and tricks:
% fortune debian-hints
Tags: documentation
Fun stuff:
% fortune debian-hints
% dpkg -L funny-manpages
Backup master boot record (MBR):
# dd if=/dev/ice of=/tmp/backup_of_mbr bs=512 count=1
Tags: backup, mbr
Backup partition table:
# sfdisk -d /dev/hda > hda.out
Restore partition table:
# sfdisk /dev/hda < hda.out
Tags: backup, partition, sfdisk, recovery
Clone disk via network using netcat:
Listener:
# nc -vlp 30000 > hda1.img
Source:
# dd if=/dev/hda1 | nc -vq 0 192.168.1.2 30000
Adjust blocksize (dd's option bs=...) and include 'gzip -c'
to tune speed:
# dd if=/dev/hda1 bs=32M | gzip -c | nc -vq 0 192.168.1.2 30000
Tags: network, backup, dd, netcat
Backup specific directories via cpio and ssh:
# for f in directory_list; do find $f >> backup.list done
# cpio -v -o --format=newc < backup.list | ssh user@host "cat > backup_device"
Tags: backup
Clone disk via ssh:
This one uses CPU cycles on the remote server to compare the files:
# ssh target_address cat remotefile | diff - localfile
# cat localfile | ssh target_address diff - remotefile
This one uses CPU cycles on the local server to compare the files:
# ssh target_address cat <localfile "|" diff - remotefile
Tags: network, backup, ssh
Useful tools for cloning / backups:
* dd: convert and copy a file
* dd_rescue: copies data from one file (or block device) to another
* pcopy: a replacement for dd
* partimage: back up and restore disk partitions
* dirvish: Disk based virtual image network backup system
* devclone: in-place filesystem conversion -- device cloning
* ntfsclone: efficiently clone, image, restore or rescue an NTFS
* dump: ext2/3 filesystem backup
* udpcast: multicast file transfer tool
* cpio: copy files to and from archives
* pax: read and write file archives and copy directory hierarchies
* netcat / ssh / tar / gzip / bzip2: additional helper tools
Tags: network, backup, ssh, udp, rescue, recovery
Use grml as a rescue system:
Different tools:
* dd: convert and copy a file
* ddrescue: copies data from one file or block device to another
* partimage: Linux/UNIX utility to save partitions in a compressed image file
* cfdisk: Partition a hard drive
* nparted: Newt and GNU Parted based disk partition table manipulator
* parted-bf: The GNU Parted disk partition resizing program, small version
* testdisk: Partition scanner and disk recovery tool
* gpart: Guess PC disk partition table, find lost partitions
ext2/ext3:
* e2fsprogs: ext2 file system utilities and libraries
* e2tools: utilities for manipulating files in an ext2/ext3 filesystem
* e2undel: Undelete utility for the ext2 file system
* ext2resize: an ext2 filesystem resizer
* recover: Undelete files on ext2 partitions
ReiserFS/Reiser4:
* reiser4progs: administration utilities for the Reiser4 filesystem
* reiserfsprogs: User-level tools for ReiserFS filesystems
XFS:
* xfsdump: Administrative utilities for the XFS filesystem
* xfsprogs: Utilities for managing the XFS filesystem
JFS:
* jfsutils: utilities for managing the JFS filesystem
NTFS:
* ntfsprogs: tools for doing neat things in NTFS partitions from Linux
* salvage-ntfs: free NTFS data recovery tools
* scrounge-ntfs: data recovery program for NTFS file systems
* ntfsresize: resize ntfs partitions
Tags: ntfs, jfs, xfs, ext3, rescue, recovery, backup, filesystem, tools
Get ASCII value of a character with zsh:
% char=N ; print $((#char))
Convert a collection of mp3 files to wave or cdr using zsh:
% for i (./*.mp3){mpg321 --w - $i > ${i:r}.wav}
Convert images (foo.gif to foo.png) using zsh:
% for i in **/*.gif; convert $i $i:r.png
Remove all "non txt" files using zsh:
% rm ./^*.txt
Remote Shell Using SSH:
remote host:
% ssh -NR 3333:localhost:22 user@yourhost
local host:
% ssh user@localhost -p 3333
Tags: port forwarding, ssh, remote port, network
Reverse Shell with Netcat:
local host:
% netcat -v -l -p 3333 -e /bin/sh
remote host:
% netcat 192.168.0.1 3333
TagS: port forwarding, ssh, remote, network
Reverse Shell via SSH:
local host (inside the network):
% ssh -NR 1234:localhost:22 remote_host
remote host (outside the network):
% ssh localhost -p 1234
Tags: port forwarding, ssh, remote port, network
Remove empty directories with zsh:
% rmdir ./**/*(/od) 2> /dev/null
Find all the empty directories in a tree with zsh:
% ls -ld *(/^F)
Find all files without a valid owner and change ownership with zsh:
% chmod user /**/*(D^u:${(j.:u:.)${(f)"$(</etc/passwd)"}%%:*}:)
Display the 5-10 last modified files with zsh:
% print -rl -- /path/to/dir/**/*(D.om[5,10])
Find and list the ten newest files in directories and subdirs (recursive) with zsh:
% print -rl -- **/*(Dom[1,10])
Find most recent file in a directory with zsh:
% setopt dotglob ; print directory/**/*(om[1])
Tunnel all traffic through an external server:
% ssh -ND 3333 username@external.machine
Then set the SOCKS4/5 proxy to localhost:3333.
Check whether it's working by surfing e.g. to checkip.dyndns.org
Tags: ssh, network, proxy, socks, tunnel
Tunnel everything through SSH via tsocks:
set up the SSH proxy on the client side:
% ssh -ND 3333 user@remote.host.example.com
Adjust /etc/tsocks.conf afterwards (delete all other lines):
server = 127.0.0.1
server_port = 3333
For programs who natively support proxying connections (e.g. Mozilla
Firefox) you can now set the proxy address to localhost port 3333.
All other programs which's connections you want to tunnel through your
external host are prefixed with tsocks, e.g.:
% tsocks netcat example.com 80
% tsocks irssi -c irc.quakenet.eu.org -p 6667
If you call tsocks without parameters it executes a shell witht the
LD_PRELOAD environment variable already set and exported.
Tags: ssh, network, proxy, socks, tunnel, tsocks
smartctl - control and monitor utility for harddisks using Self-Monitoring,
Analysis and Reporting Technology (SMART):
# smartctl --all /dev/ice
If you want to use smartctl on S-ATA (sata) disks use:
# smartctl -d ata --all /dev/sda
Start offline test:
# smartctl -t offline /dev/ice
Start short test:
# smartctl -t short /dev/ice
Display results of test:
# smartctl -l selftest /dev/ice
Query device information:
# smartctl -i /dev/ice
Tags: smart, s.m.a.r.t, info, test, hardware
Mount a BSD / Solaris partition:
# mount -t ufs -o ufstype=ufs2 /dev/hda1 /mnt/hda1
Use ufstype 44bsd for FreeBSD, NetBSD, OpenBSD (read-write).
Use ufstype ufs2 for >= FreeBSD 5.x (read-only).
Use ufstype sun for SunOS (Solaris) (read-write).
Use ufstype sunx86 for SunOS for Intel (Solarisx86) (read-write).
See /usr/share/doc/linux-doc-$(uname -r)/Documentation/filesystems/ufs.txt.gz
for more details.
Tags: ufs, bsd, mount, solaris
Read BIOS (and or BIOS) password:
# dd if=/dev/mem bs=512 skip=2 count=1 | hexdump -C | head
Clone one of the kernel trees via git:
git clone rsync://rsync.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This path defines the tree. See http://kernel.org/git/ for an overview.
Mount filesystems over ssh protocol:
% sshfs user@host:/remote_dir /mnt/test
Unmount via:
% fusermount -u /mnt/test
(Notice: requires fuse kernel module)
Tags: ssh, sshfs, network, mount, directory, remote, fuse
Install Gentoo using grml:
See http://www.gentoo.org/doc/en/altinstall.xml
Install (plain) Debian (sarge release) via grml:
Assuming you want to install Debian to sda1:
mkfs.ext3 /dev/sda1 # make an ext3 filesystem on /dev/sda1
mount -o rw,suid,dev /dev/sda1 /mnt/test # now mount the new partition
debootstrap sarge /mnt/test ftp://ftp.tugraz.at/mirror/debian # get main packages from a debian-mirror
chroot /mnt/test /bin/bash # let's chroot into the new system
mount -t devpts none /dev/pts # ...otherwise running base-config might fail ("Terminated" or "openpty failed")
mount -t proc none /proc # make sure we also have a mounted /proc
base-config # now configure some main settings
vi /etc/mkinitrd/mkinitrd.conf # adjust $ROOT (to /dev/sda1) for your new partition, autodetection will fail in chroot
cd /dev ; ./MAKEDEV generic # make sure we have all necessary devices for lilo
apt-get install lilo linux-image-2.6.12-1-386 # install lilo and a kernel which fits your needs
cp /usr/share/doc/lilo/examples/conf.sample /etc/lilo.conf # let's use a template
vi /etc/lilo.conf && lilo # adjust the file for your needs and run lilo afterwards
umount /proc ; umount /dev/pts # we do not need them any more
exit # now leave chroot
cp /etc/hosts /etc/fstab /mnt/test/etc/ # you might want to take the existing files...
cp /etc/network/interfaces /mnt/test/etc/network/ # ...from the running grml system for your new system
umount /mnt/test && reboot # unmount partition and reboot...
See also: http://www.debian.org/releases/stable/i386/apcs04.html.en
Avoid all of the above steps - use grml-debootstrap(8) instead!
Tags: manual, installation, debian, debootstrap
Install (plain) Debian (etch release) via grml
Assuming you want to install Debian to sda1:
mkfs.ext3 /dev/sda1 # make an ext3 filesystem on /dev/sda1
mount -o rw,suid,dev /dev/sda1 /mnt/test # now mount the new partition
debootstrap etch /mnt/test ftp://ftp.tugraz.at/mirror/debian # get main packages from a debian-mirror
chroot /mnt/test /bin/bash # let's chroot into the new system
mount -t proc none /proc # make sure we have a mounted /proc
apt-get install locales console-data # install locales
dpkg-reconfigure locales console-data # adjust locales to your needs
apt-get install vim most zsh screen less initrd-tools file grub usbutils pciutils bzip2 sysfsutils dhcp3-client resolvconf strace lsof w3m # install useful software
apt-get install linux-headers-2.6-686 linux-image-686 # install current kernel
echo "127.0.0.1 localhost" > /etc/hosts # adjust /etc/hosts and network:
cat >> /etc/network/interfaces << EOF
iface lo inet loopback
iface eth0 inet dhcp
auto lo
auto eth0
EOF
ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime # adjust timezone and /etc/fstab:
cat >> /etc/fstab << EOF
sysfs /sys sysfs auto 0 0
proc /proc proc defaults 0 0
/dev/sda1 / ext3 defaults,errors=remount-ro 0 1
/dev/sda2 none swap sw 0 0
/dev/cdrom /mnt/cdrom0 iso9660 ro,user,noauto 0 0
EOF
passwd # set password of user root
mkdir /boot/grub # setup grub
cp /usr/share/doc/grub/examples/menu.lst /boot/grub
cat >> /boot/grub/menu.lst << EOF
title Debian Etch, kernel 2.6.18-3-686 (on /dev/sda1)
root (hd0,0)
kernel /boot/vmlinuz-2.6.18-3-686 root=/dev/sda1 ro
initrd /boot/initrd.img-2.6.18-3-686
EOF
vim /boot/grub/menu.lst # adjust grub configuration to your needs
cd /dev && MAKEDEV generic # create default devices
cp -i /usr/lib/grub/i386-pc/* /boot/grub/ # copy stage-files to /boot/grub/
grub install # now install grub, run in grub-cmdline following commands:
> root (hd0,0)
> setup (hd0)
> quit
umount -a # unmount all filesystems in chroot and finally:
exit # exit the chroot and:
reboot
If you want to use lilo instead of grub take a look at
/usr/share/doc/lilo/examples/conf.sample or use the following template:
cat > /etc/lilo.conf << EOF
# This allows booting from any partition on disks with more than 1024 cylinders.
lba32
# Specifies the boot device
boot=/dev/sda1
# Specifies the device that should be mounted as root.
root=/dev/sda1
# use Debian on software raid:
# raid-extra-boot=mbr-only
install=text
# prompt
timeout=1
map=/boot/map
vga=normal
image=/boot/vmlinuz-2.6.18-grml
label="2.6.18-grml"
#append="...."
read-only
initrd=/boot/initrd.img-2.6.18-grml
EOF
See also: http://www.debian.org/releases/stable/i386/apcs04.html.en
Avoid all of the above steps - use grml-debootstrap(8) instead!
Tags: manual, installation, debian, debootstrap, howto
Convert files from Unicode / UTF-8 to ISO:
% iconv -c -f utf8 -t iso-8859-15 < utffile > isofile
and vice versa:
% iconv -f iso-8859-15 -t utf8 < isofile > utffile
Tags: utf-8, iso, unicode, utf8
Assign static setup for network cards (NICs) via udev:
Retrieve information for address (corresponding to MAC address):
# udevadm info -a -p /sys/class/net/eth0/ | grep -i 'ATTR{address}'
Execute /lib/udev/write_net_rules with according values (INTERFACE
is old NIC name, INTERFACE_NAME is new NIC name and MATCHADDR
is the MAC address retrieved with udevadm info command):
# INTERFACE=eth0 INTERFACE_NAME=lan0 MATCHADDR=00:00:00:00:00:01 /lib/udev/write_net_rules
This will generate file /etc/udev/rules.d/70-persistent-net.rules with content:
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:00:00:00:00:01", KERNEL=="eth*", NAME="lan0"
Finally take down the interface (ifdown/ifconfig) and execute:
# udevadm trigger --action=add --subsystem-match=net
so the interface will be renamed. (Rebooting or
unloading drivers/restart udev/loading drivers again
works as well of course.)
Tags: udev, configuration, name, eth0, howto
Change the suffix from *.sh to *.pl using zsh:
% autoload zmv
% zmv -W '*.sh' '*.pl'
Generate SSL certificate:
Create self signed certificate (adjust /etc/ssl/openssl.cnf if necessary):
# openssl req -x509 -newkey rsa:1024 -keyout keyfile -out certfile -days 9999 -nodes
Check certfile:
# openssl x509 -in certfile -text
Verify against CA certificate:
# openssl verify -CAfile cacert.crt -verbose -purpose sslserver
Generate 2048bit RSA-key:
# openssl req -new -x509 -keyout pub-sec-key.pem -out pub-sec-key.pem -days 365 -nodes
As before but add request to existing key pub-sec-key.pem:
# openssl req -new -out request.pem -keyin pub-sec-key.pem
Show request request.pem:
# openssl req -text -noout -in request.pem
Verify signature of request request.pem:
# openssl req -verify -noout -in request.pem
Generate SHA1 fingerprint (modulo key) of request.pem:
# openssl req -noout -modulus -in request.pem | openssl sha1 -c
Generate 2048bit RSA-key and put it to pub-sec-key.pem. Save self signed certificate in self-signed-certificate.pem:
# openssl req -x509 -days 365 -newkey rsa:2048 -out self-signed-certificate.pem -keyout pub-sec-key.pem
As before but create self signed certificate based on existing key pub-sec-key.pem:
# openssl req -x509 -days 365 -new -out self-signed-certificate.pem -key pub-sec-key.pem
Generate new request out of existing self signed certificate:
# openssl x509 -x509toreq -in self-signed-certificate.pem -signkey pub-sec-key.pem -out request.pem
Display certificate self-signed-certificate.pem in plaintext:
# openssl x509 -text -noout -md5 -in self-signed-certificate.pem
Check self signed certificate:
# openssl verify -issuer_checks -CAfile self-signed-certificate.pem self-signed-certificate.pem
Estable OpenSSL-connection using self-signed-certificate.pem and display certificate:
# openssl s_client -showcerts -CAfile self-signed-certificate.pem -connect www.example.com:443
Generate ssl-certificate for use with apache2:
export RANDFILE=/dev/random
mkdir /etc/apache2/ssl/
openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem
chmod 600 /etc/apache2/ssl/apache.pem
Also take a look at make-ssl-cert (debconf wrapper for openssl):
# /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/apache.pem
and mod-ssl-makecert (utility to create SSL certificates in /etc/apache/ssl.*/).
Tags: openssl, howto
Change Windows NT password(s):
# mount -o rw /mnt/hda1
# cd /mnt/hda1/WINDOWS/system32/config/
# chntpw SAM SECURITY system
Notice: if mounting the partition read-write did not work (check syslog!)
try using mount.ntfs-3g instead: mount.ntfs-3g /dev/hda1 /mnt/hda1
(Be careful with deactivating syskey!)
Tags: password, windows, recovery, chntpw, howto
glark - replacement for grep written in Ruby:
A replacement for (or supplement to) the grep family, glark offers:
Perl compatible regular expressions, highlighting of matches,
context around matches, complex expressions and automatic exclusion
of non-text files.
Usage examples:
% glark -y keyword file # display only the region that matched, not the entire line
% glark -o format print *.h # search for either "printf" or "format"
More information: man glark
Find CD burning device(s):
General information on CD-ROM:
% cat /proc/sys/dev/cdrom/info
Scan using ATA Packet specific SCSI transport:
# cdrecord -dev=ATA -scanbus
# cdrecord-prodvd -s -scanbus dev=ATA
Get specific information for /dev/ice:
# cdrecord dev=/dev/ice -scanbus
Tags: hardware, info, cd burn
Create devices in /dev on udev:
For example create md devices (/dev/md0, /dev/md1,...):
# cd /dev ; WRITE_ON_UDEV=1 ./MAKEDEV md
Tags: raid, device
Identify network device (NIC):
# ethtool -i $DEVICE
Show NIC statistics:
# ethtool -S $DEVICE
If your NIC shows some aging signs, you may want to be sure:
# ethtool -t $DEVICE
Disable TCP/UDP checksums:
# ethtool -K $DEVICE tx off
Tags: configuration, network, device
grml2hd seems to hang? Getting Squashfs errors? Problems while booting?
Switch to tty12 and take a look at the syslog. If you see something like:
SQUASHFS error: zlib_fs returned unexpected result 0x........
SQUASHFS error: Unable to read cache block [.....]
SQUASHFS error: Unable to read inode [.....]
your ISO/CD-ROM very probably is not ok. Verify it via booting with grml testcd.
Check your CD low-level via running:
# readcd -c2scan dev=/dev/cdrom
If the medium really is ok and it still fails try to boot with deactivated DMA
via using grml nodma at the bootprompt.
Tags: grml2hd, installation, verify, squashfs, error
Write a Microsoft compatible boot record (MBR) using ms-sys
Write a Windows 2000/XP/2003 MBR to a device:
# ms-sys -m /dev/ice
Notice: grab ms-sys from http://ms-sys.sourceforge.net/ - demo:
wget http://surfnet.dl.sourceforge.net/sourceforge/ms-sys/ms-sys-2.1.3.tgz
unp ms-sys-2.1.3.tgz
cd ms-sys-2.1.3
make
./bin/ms-sys ...
Tags: mbr, windows, ms-sys, recovery
Use a Vodafone 3G Datacard (UMTS) with Linux:
Plug in your vodafone card and check in syslog whether the appropriate
(probably /dev/ttyUSB0 or /dev/noz0) has been created. If so run:
# comgt -d $DEVICE
# wvdial --config /etc/wvdial.conf.umts $PROFILE
Usage examples:
# comgt -d /dev/ttyUSB0
# wvdial --config /etc/wvdial.conf.umts a1usb
# comgt -d /dev/noz0
# wvdial --config /etc/wvdial.conf.umts tmnozomi
# comgt -d /dev/noz0
# wvdial --config /etc/wvdial.conf.umts dreiusb
# comgt -d /dev/ttyACM0
# wvdial --config /etc/wvdial.conf.umts yesss
If you receive invalid DNS nameservers when connecting, like:
[...]
--> primary DNS address 10.11.12.13
--> secondary DNS address 10.11.12.14
just provide a working nameserver to resolvconf via:
# echo "nameserver 80.120.17.70" | resolvconf -a ppp0
Notice: some vodafone cards require the nozomi driver (run 'modprobe nozomi' on
your grml system), some other ones require the sierra driver (run
'modprobe sierra').
If your device isn't supported by usbserial yet, manually provide vendor and
product ID when loading the usbserial module. Usage example:
% lsusb
[...]
Bus 004 Device 008: ID 1199:6813 Sierra Wireless, Inc.
# modprobe usbserial vendor=0x1199 product=0x6813
To get a list of available providers execute:
# comgt -s -d /dev/ttyUSB0 /etc/comgt/operator
Tags: umts, 3g, vodafone, sierra, wvdial, ppp, howto
hdparm - get/set hard disk parameters
Display the identification info that was obtained from the drive at boot time,
if available:
# hpdarm -i /dev/ice
Request identification info directly from the drive:
# hpdarm -I /dev/ice
Perform timings of device + cache reads for benchmark and comparison purposes:
# hdparm -tT /dev/ice
Tags: hardware, performance, configuration, harddisk
bonnie++ - program to test hard drive performance.
# mkdir /mnt/benchmark
# mount /dev/ice /mnt/benchmark
# chmod go+w /mnt/benchmark
# bonnie -u grml -d /mnt/benchmark -s 2000M
Tags: benchmark, harddisk
Use gizmo with a bluetooth headset:
% DEVICE="/dev/dsp$(awk '/- BT Headset/ {print $1}' /proc/asound/cards)"
% gizmo --mic $DEVICE --speaker $DEVICE
Scan a v4l device for TV stations:
% scantv -c /dev/video0 -C /dev/vbi0 -o ~/.xawtv
Then running xawtv should work:
% xawtv
Run apt-get with timeout of 3 seconds:
# apt-get -o acquire::http::timeout=3 update
Tags: apt-get
Debian GNU/Linux device driver check page
% $BROWSER http://kmuto.jp/debian/hcl/index.cgi
Use dd with status line:
# dd if=/dev/ice conv=noerror,notrunc,sync | buffer -S 100k | dd of=/tmp/file
Generate a 512k file of random data with status bar:
% dd if=/dev/random bs=1024 count=512 | bar -s 512k -of ./random
Install Grub instead of lilo on grml installation (grml2hd):
install grml:
# grml2hd ....
adjust grub's configuration file menu.lst:
# $EDITOR /boot/grub/menu.lst
now install grub (usage example for /dev/sda1):
# grub install
root (hd0,0)
setup (hd0)
Tags: grml2hd, grub
Install Ubuntu using grml:
See https://wiki.ubuntu.com/Installation/FromKnoppix
Tags: ubuntu, installation
Resize ext2 / ext3 partition:
# tune2fs -O '^has_journal' /dev/iceX # disable journaling
# fsck.ext2 -v -y -f /dev/iceX # check the filesystem
# resize2fs -p /dev/iceX $SIZE # resize it (adjust $SIZE)
# fdisk /dev/ice # adjust partition in partition table
# fsck.ext2 -v -y -f /dev/iceX # check filesystem again
# resize2fs -p /dev/iceX # resize it to maximum
# tune2fs -j /dev/iceX # re-enable journal
Tags: resize, ext2, ext3, ext4, partition, howto
Tune ext2 / ext3 filesystem:
Check partition first:
# tune2fs -l /dev/iceX
If you don't see dir_index in the list, then enable it:
# tune2fs -O dir_index /dev/iceX
Now run e2fsck with the -D option to have the directories optimized:
# e2fsck -D /dev/iceX
Notice: since e2fsprogs (1.39-1) filesystems are created with
directory indexing and on-line resizing enabled by default.
Tags: configuration, ext2, ext3, ext4, partition
Search for printers via network:
# pconf_detect -m NETWORK -i 192.168.0.1/24
Tags: printer, network, scan
Mount a remote directory via webdav (e.g. Mediacenter of GMX):
# mount -t davfs https://mediacenter.gmx.net/ /mnt/test
Tags: webdav, mount, mediacenter, gmx
System-Profiling using oprofile:
Prepare setup:
# opcontrol --reset
# opcontrol --setup --no-vmlinux --event=CPU_CLK_UNHALTED:500000:0:1:1 --separate=library
Start logging:
# opcontrol --start
Now $DO_SOME_TASKS...
Stop logging:
# opcontrol --shutdown
Then take a look at the reports using something like e.g.:
# opreport -t 0.5 --exclude-dependent
# opreport -t 0.5 /path/to/executable_to_check
# opannotate -t 0.5 --source --assembly
Tags: profile, profiling, opcontrol, howto
Install ATI's fglrx driver for Xorg / X.org:
Usually there already exist drivers for the grml-system:
# apt-get update ; apt-get install fglrx-driver fglrx-kernel-`uname -r`
After installing adjust xorg.conf via running:
# aticonfig --initial --input=/etc/X11/xorg.conf
For more information take a look at http://wiki.grml.org/doku.php?id=ati
Tags: xorg, x11, driver, ati
Install nvidia driver for Xorg / X.org:
Usually there already exist drivers for the grml-system:
# apt-get update ; apt-get install nvidia-glx nvidia-kernel-`uname -r`
Then switch from module nv to nvidia:
# sed -i 's/Driver.*nv.*/Driver "nvidia"/' /etc/X11/xorg.conf
Tags: xorg, x11, driver, nvidia
glxgears - a GLX demo that draws three rotating gears
To print frames per second (fps) use:
% glxgears -printfps
Tags: xorg, x11, glx,
You forgot to boot with 'grml noeject noprompt' to avoid
ejecting and prompting for CD removal when rebooting/halting
the system?
Either run:
# noeject reboot
or:
# noeject halt
If you want to avoid only the prompting part, run:
# noprompt reboot
or:
# noprompt halt
Tags: bootparam, fix, grml
Mount wikipedia local via fuse:
Adjust configuration:
% cat ~/.wikipediafs/config.xml
<wfs-config>
<general>
<article-cache-time>300
</general>
<sites>
<site>
<dirname>wikipedia-de
<host>de.wikipedia.org
<basename>/w/index.php
</site>
<site>
<dirname>wikipedia-en
<host>en.wikipedia.org
<basename>/w/index.php
</site>
</sites>
</wfs-config>
Mount it (/wiki must exist of course):
% mount.wikipediafs /wiki
% cat /wiki/wikipedia-en/Cat
Unmount via:
% fusermount -u /wiki
Tags: fuse, wikipedia, mount
Remote notification on X via osd (on screen display):
Start osd_server.py at your local host (listens on port 1234 by default):
% osd_server.py
Then login to a $REMOTEHOST
% ssh -R 1234:localhost:1234 $REMOTEHOST
Now send the text to your local display via running something like:
% echo "text to send" | nc localhost 1234
Very useful when you are waiting for a long running job
but want to do something else in the meanwhile:
% ./configure && make && echo "finished compiling" | netcat localhost 1234
You can use this in external programs as well of course. Examples:
Use osd in centericq:
% cat ~/.centericq/external
[...]
%action osd notify
event msg
proto all
status all
options nowait
%exec
#!/bin/bash
if [ -x /usr/bin/socat -a -x /bin/netcat ] ; then
CONTACT_CUSTOM_NICK=$(cat ${CONTACT_INFODIR}/info | head -n 46 | tail -n 1)
osd_msg="*** CenterICQ: new ${EVENT_NETWORK} ${EVENT_TYPE} from ${CONTACT_CUSTOM_NICK} ***"
if echo | socat - TCP4:localhost:1234 &>/dev/null ; then
echo "${osd_msg}" | netcat localhost 1234
fi
fi
Use it in the IRC console client irssi via running:
/script load osd.pl
You can even activate the port forwarding by default globally:
% cat ~/.ssh/config
[...]
Host *
RemoteForward 1234 127.0.0.1:1234
ForwardAgent yes
Notice: if you get 'ABORT: Requested font not found' make sure the
requested font is available, running 'LANG=C LC_ALL=C osd_server.py...'
might help as well.
Tags: osd, notification, ssh, network, port-forwarding
Avoid automatical startup of init scripts via invoke-rc.d:
First of all make sure the package policyrcd-script-zg2 (which
provides the /usr/sbin/policy-rc.d interface) is installed.
In policyrcd-script-zg2's configuration file named
/etc/zg-policy-rc.d.conf the script /usr/sbin/grml-policy-rc.d is
defined as the interface for handling invoke-rc.d's startup policy.
grml-policy-rc.d can be configure via /etc/policy-rc.d.conf. By
default you won't notice any differences to Debian's default
behaviour, except that invoke-rc.d won't be executed if a chroot has
been detected (detection: /proc is missing).
If you want to disable automatical startup of newly installed packages
(done via the invoke-rc.d mechanism) just set EXITSTATUS to '101' in
/etc/policy-rc.d.conf.
To restore the default behaviour set EXITSTATUS back to '0' in
/etc/policy-rc.d.conf.
Tags: policy, init, script, invode-rc.d
Install VMware-Tools for grml:
First of all make sure a CD-ROM device in VMware is available.
Mount the CD-ROM device to /mnt/cdrom, then unpack and install
the tools running:
cd /tmp
unp /mnt/cdrom/vmware-linux-tools.tar.gz
cd vmware-tools-distrib
./vmware-install.pl
/etc/init.d/networking stop
rmmod pcnet32
rmmod vmxnet
depmod -a
modprobe vmxnet
/etc/init.d/networking start
In an X terminal, launch the VMware Tools running:
vmware-toolbox
Tags: vmware, tool, vmware-toolbox, howto
Some important Postfix stuff
List mail queue:
# mailq
or
# postqueue -p
Send all messages in the queue:
# postqueue -f
Send all messages in the queue for a specific site:
# postqueue -s site
Delete a specific message
# postsuper -d 12345678942
Deletes all messages held in the queue for later delivery
# postsuper -d ALL deferred
Mail queues in postfix:
incoming -> mail who just entered the system
active -> mail to be delivered
deferred -> mail to be delivered later because there were problems
hold -> mail that should not be delivered until released from hold
For configuration of postfix take a look at
/etc/postfix/master.cf - man 5 master
/etc/postfix/main.cf - man 5 postconf
and http://www.postfix.org/documentation.html.
File permissions
mode 4000 - set user ID (suid):
- for executable files: run as the user who owns the file, instead of the
user who runs the file
- for directories: not used
mode 2000 - set group ID (guid):
- for executable files: run as the group who owns the file, instead of the
group of the user who runs the file
- for directories: when a file is created inside the directory, it belongs
to the group of the directory instead of the default group of the user who
created the file
mode 1000 - sticky bit:
- for files: not used
- for directories: only the owner of a file can delete or rename the file
Tags: postix, mailq, postsuper, queue, delete, smtp
Create MySQL database
# apt-get install mysql-client mysql-server
Run 'mysql' as root - create a database with:
create database grml
Give a user access to the database (without password):
grant all on grml.* to mika;
Give a user access to the database (with password):
grant all on grml.* to enrico identified by "PASSWORD";
Tags: mysql, database
Setup an HTTPS website:
Create a certificate:
# mkdir /etc/apache2/ssl
# make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
Create a virtual host on port 443:
<VirtualHost www.foo.invalid:443>
[...]
</VirtualHost>
Enable SSL in the VirtualHost:
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
Enable listening on the HTTPS port (/etc/apache2/ports.conf):
Listen 443
and make sure the SSL module is used:
# a2enmod ssl
Tags: ssl, https, configuration, apache
Useful Apache / Apache2 stuff
Check configuration file via running:
# apache2ctl configtest
Enable a site:
# a2ensite sitename
Enable a module
# a2enmod modulename
Tags: apache, configuration
Create tar archive and store it on remote machine:
% tar zcf - /sourcedir | ssh user@targethost "cat >file.tgz"
Tags: tar, backup, remote, network, ssh
Pick out and displays images from network traffic:
# driftnet
Tags: remote, network, sniff, image
Install Flash plugin:
# dpkg-reconfigure flashplugin-nonfree
Tags: flash, plugin
To test a proxy, low level way:
% telnet proxy 8080
[...]
GET http://www.google.com HTTP/1.0 [press enter twice]
Tags: proxy
Adjust system for use of qemu with kqemu:
Make sure you have all you need:
# aptitude update ; aptitude install qemu kqemu-modules-$(uname -r)
Then set up kqemu:
modprobe kqemu
mknod /dev/kqemu c 250 0
chmod 666 /dev/kqemu
chmod 666 /dev/net/tun
Check kqemu support via starting qemu, press
Ctrl-Alt-2 and entering 'info kqemu'.
(High-Load) Debugging related tools:
mpstat # report processors related statistics
iostat # report CPU statistics and input/output statistics for devices and partitions
vmstat # report virtual memory statistics
slabtop # display kernel slab cache information in real time
atsar # system activity report
dstat # versatile tool for generating system resource statistics
Usage examples:
# mpstat -P ALL
# iostat -x 1
# iostat -xtc 5 3
# vmstat 1
# atsar -t 60 10
# dstat -af
Tags: test, debug, information, hardware, statistic
Using WPA for network setup manually:
# wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf
Adjust the options and configuration file to your needs.
Also take a look at 'grml-network'.
Tags: wireless, wpa, network, configuration
Start X and lock console via exiting:
% startx 2>~/.xsession-errors &| exit
Tags: xorg, x11, startx, graphical
Which process is writing to disk and/or causes the disk to spin up?
First of all use lsof to check what's going on. Does not help? ->
# echo 1 > /proc/sys/vm/block_dump
The command sets a sysctl to cause the kernel to log all disk
writes. Please notice that there is a lot of data. So please
disable syslogd/syslog-ng before you do this, or you must make
sure that kernel output is not logged.
When you're done, disable block dump using:
# echo 0 > /proc/sys/vm/block_dump
Alternative:
laptop-mode-tools provides a tool named lm-profiler (laptop mode profiler)
which handles block_dump on its own.
See: $KERNEL-SOURCE/Documentation/laptop-mode.txt
Also take a look at event-viewer(8) which is part of grml-debugtools.
Tags: debug, device, block, partition
Install initrd via initramfs-tools for currently running kernel:
# update-initramfs -c -t -k $(uname -r)
Tags: initrd
Install initrd via yaird for currently running kernel:
# yaird -o /boot/initrd.img-$(uname -r)
Install initrd via yaird for specific kernel:
# mount /proc
# mount /sys
# yaird -o /boot/initrd.img-2.6.15-1-686 2.6.15-1-686
Reinstall package with its original configuration files:
# apt-get install --reinstall -o DPkg::Options::=--force-confmiss -o DPkg::Options::=--force-confnew package
grml 0.8 funkenzutzler - rt2x00 drivers:
To avoid conflicts with the other rt2x00-drivers the package rt2x00 (which
includes beta-version drivers) is not installed by default. If you want to
use the kernel modules rt2400pci, rt2500pci, rt2500usb, rt61pci and/or
rt73usb please install the package manually running:
# dpkg -i /usr/src/rt2x00-modules-*.deb
Use Java with jikes and jamvm on grml:
Simple demo:
% cp /usr/share/doc/grml-templates/template.java .
% jikes template.java
% jamvm HelloWorld
Notice that grml exports $JIKESPATH (/usr/share/classpath/glibj.zip),
so you do not have to manually run
jikes --bootclasspath /usr/share/classpath/glibj.zip
Online resizing of (Software-)RAID5:
# Initiate a RAID5 setup for testing purposes:
mdadm --create --verbose /dev/md0 --level=5 --raid-devices=3 /dev/hda1 /dev/hdb1 /dev/hdd1
# Create filesystem, mount md0, create a testfile and save md5sum for
# later check:
mkfs.ext3 /dev/md0
mount /dev/md0 /mnt/test
dd if=/dev/urandom of=/mnt/test/dd bs=512 count=10000
md5sum /mnt/test/dd > md5sum
# Make sure the RAID is synched via checking:
cat /proc/mdstat
# Now remove one partition:
mdadm /dev/md0 --fail /dev/hdd1 --remove /dev/hdd1
# Delete partition, create a new + bigger one and set partition type to fd
# (Linux raid autodetect):
cfdisk /dev/hdd
# And re-add the partition:
mdadm -a /dev/md0 /dev/hdd1
# Make sure the RAID is synched via checking:
cat /proc/mdstat
# Repeat the steps for all other disks/partitions as well:
mdadm /dev/md0 --fail /dev/hdb1 --remove /dev/hdb1
cfdisk /dev/hdb
mdadm -a /dev/md0 /dev/hdb1
cat /proc/mdstat
mdadm /dev/md0 --fail /dev/hda1 --remove /dev/hda1
cfdisk /dev/hda
mdadm -a /dev/md0 /dev/hda1
cat /proc/mdstat
# Now resize the RAID5 system online [see 'man mdadm' for details]:
mdadm --detail /dev/md0 | grep -e 'Array Size' -e 'Device Size'
mdadm --grow /dev/md0 -z max
mdadm --detail /dev/md0 | grep -e "Array Size" -e 'Device Size'
# Last step - resize the filesystem (online again):
resize2fs /dev/md0
Tags: raid, resize, raid5, mdadm
ext3 online resizing:
Starting with Linux kernel 2.6.10 you can resize ext3 online. With
e2fsprogs >=1.39-1 new filesystems are created with directory indexing and
on-line resizing enabled by default (see /etc/mke2fs.conf).
Demo:
cfdisk /dev/hda # create a partition with type 8e (lvm)
pvcreate /dev/hda2 # create a physical volume
vgcreate resize_me /dev/hda2 # create volume group
lvcreate -n resize_me -L100 resize_me # create a logical volume
mkfs.ext3 /dev/resize_me/resize_me # now create a new filesystem
mount /dev/resize_me/resize_me /mnt/test # mount the new fs for demonstrating online resizing
df -h # check the size of the partition
lvextend -L+100M /dev/resize_me/resize_me # let's extend the logical volume
resize2fs /dev/resize_me/resize_me # and finally resize the filesystem
df -h # recheck the size of the partition
This also works for Software-RAID. Demo:
mdadm --create --verbose /dev/md0 --level=raid1 --raid-devices=2 /dev/hda2 /dev/hdb1
mkfs.ext3 /dev/md0
mount /dev/md0 /mnt/test
mdadm /dev/md0 --fail /dev/hda2 --remove /dev/hda2
cfdisk /dev/hda # adjust partition size for hda2
mdadm /dev/md0 --add /dev/hda2
mdadm /dev/md0 --fail /dev/hdb1 --remove /dev/hdb1
cfdisk /dev/hdb # adjust partition size for hdb1
mdadm /dev/md0 --add /dev/hdb1
mdadm --grow /dev/md0 --size=max
resize2fs /dev/md0
Notice: online resizing works as soon as the kernel can re-read the
partition table. So it works for example with LVM and SW-RAID but not with
a plain device (/dev/[sh]d*). The kernel does not re-read the partition
table if the device is already mounted.
Tags: resize, raid, lvm, ext2, ext3, ext4, raid1
Use vim as an outline editor:
% $PAGER /usr/share/doc/vim-vimoutliner/README.Debian
% vim ~/foo.otl
:he vo
Monitor directories/files for changes using iwatch
Monitor /tmp for changes:
% iwatch /tmp/
Monitor files/directories specified in /etc/iwatch.xml
and send mail on changes:
% iwatch
Tags: inotify, watch, file, directory
Some often used mdadm commands:
Set up RAID1:
# mdadm --create --verbose /dev/md0 --level=raid1 --raid-devices=2 /dev/hda1 /dev/hdb1
Display details of specific RAID:
# mdadm --detail /dev/md0
# cat /proc/mdstat
Simulating a drive failure by software:
# mdadm --manage --set-faulty /dev/md0 /dev/hda1
Remove disk from RAID:
# mdadm /dev/md0 -r /dev/hda1
Set disk as faulty and remove from RAID:
# mdadm /dev/md0 --fail /dev/hda1 --remove /dev/hda1
Stop a RAID-device:
# mdadm -S /dev/md0
Restart a RAID-device:
# mdadm -R /dev/md0
Add another disk to existing RAID setup (hotadd):
# mdadm /dev/md0 -a /dev/hde1
# mdadm --grow /dev/md0 --raid-devices=4
Assemble and start all arrays:
# mdadm --assemble --scan
Assemble a specific array:
# mdadm --assemble /dev/md0 /dev/sda1 /dev/sdb1 /dev/sdc1
Resync:
# mdadm --assemble --run --force --update=resync /dev/md0 /dev/sda1 /dev/sda2
Stop and rebuild:
# mdadm --stop --scan
Scan for and setup arrays automatically:
# mdadm --assemble --scan --auto=yes --verbose
Notice: If the above does not work make sure /etc/mdadm/mdadm.conf contains:
DEVICE partitions
CREATE owner=root group=disk mode=0660 auto=yes
HOMEHOST <system>
MAILADDR root
Running
# /usr/share/mdadm/mkconf > /etc/mdadm/mdadm.conf
might help as well.
Monitoring the sw raid
# nohup mdadm --monitor --mail=root@localhost --delay=300 /dev/md0
Producing /etc/mdadm/mdadm.conf:
# mdadm --detail --scan > /etc/mdadm/mdadm.conf
See also: man mdadm | less -p "^EXAMPLES"
http://www.tldp.org/HOWTO/Software-RAID-HOWTO.html
Tags: raid, raid1, raid5, configuration, mdadm, howto
A quick summary of the most commonly used RAID levels:
RAID 0: Striped Set
=> 2 disks each 160 GB: 320 GB data
RAID 1: Mirrored Set
=> 2 disks each 160 GB: 160 GB data
RAID 5: Striped Set with Parity
=> 3 disks each 160 GB: 320 GB data; 160 GB redundancy
Common nested RAID levels:
RAID 01: A mirror of stripes
RAID 10: A stripe of mirrors
RAID 30: A stripe across dedicated parity RAID systems
RAID 100: A stripe of a stripe of mirrors
-- http://en.wikipedia.org/wiki/RAID
Tags: raid, raid1, raid5, raid01, raid10, raid100
Logical Volume Management (LVM) with Linux
LVM setup layout:
~~~~~~~~~~~~~~~~~
| hda1 hdc1 (PV:s on partitions or whole disks)
| /
| /
| diskvg (VG)
| / | | / | | usrlv rootlv varlv (LV:s)
| | | |
| ext3 ext3 xfs (filesystems)
Often used commands:
~~~~~~~~~~~~~~~~~~~~
Create a physical volume:
# pvcreate /dev/hda2
Create a volume group:
# vgcreate testvg /dev/hda2
Create a logical volume:
# lvcreate -n test_lv -L100 testvg
Resize a logical volume:
# lvextend -L+100M /dev/resize_me/resize_me
# resize2fs /dev/resize_me/resize_me # ext2/3
# xfs_growfs /dev/resize_me/resize_me # xfs
# resize_reiserfs -f /dev/resize_me/resize_me # reiserfs online
# mount -o remount,resize /dev/resize_me/resize_me # jfs
Create a snapshot of a logical volume:
# lvcreate -L 500M --snapshot -n mysnap /dev/testvg/test_lv
Deactivate a volume group:
# vgchange -a n my_volume_group
Actually remove a volume group:
# vgremove my_volume_group
Display information about physical volume:
# pvdisplay /dev/hda1
Remove physical volume:
# vgreduce my_volume_group /dev/hda1
Remove logical volume:
# umount /dev/myvg/homevol
# lvremove /dev/myvg/homevol
See also: man lvm
http://www.tldp.org/HOWTO/LVM-HOWTO/
Tags: lvm, howto, pvcreate, lvcreate
How to use APT locally
Sometimes you have lots of packages .deb that you would like to use APT to
install so that the dependencies would be automatically solved. Solution:
mkdir debs
dpkg-scanpackages debs /dev/null | gzip > debs/Packages.gz
echo " deb file:/root debs/" >> /etc/apt/sources.list
dpkg-scansources debs | gzip > debs/Sources.gz
echo " deb-src file:/root debs/" >> /etc/apt/sources.list
See also: http://www.debian.org/doc/manuals/apt-howto/ch-basico.en.html
Tags: mirror, local
Check filesystem's LABEL:
generic way:
# blkid /dev/sda1
ext2/3 without blkid:
# dumpe2fs /dev/sda1 | grep "Filesystem volume name"
xfs without blkid:
# xfs_admin -l /dev/sda1
reiserfs without blkid:
# debugreiserfs /dev/sda1 | grep -i label
jfs without blkid:
# jfs_tune -l /dev/sda1 | grep -i label
reiser4 without blkid:
# debugfs.reiser4 /dev/sda1 | grep -i label
Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs, label
Check filesystem's UUID:
generic way:
# blkid /dev/sda1
ext2/3 without blkid:
# dumpe2fs /dev/sda1 | grep -i UUID
xfs without blkid:
# xfs_admin -u /dev/sda1
reiserfs without blkid:
# debugreiserfs /dev/sda1 | grep -i UUID
reiser4 without blkid:
# debugfs.reiser4 /dev/sda1 | grep -i UUID
Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs, uuid
Change a filesystem's LABEL:
swap:
# mkswap -L $LABEL /dev/sda1
ext2/ext3:
# e2label /dev/sda1 $LABEL
# tune2fs -L $LABEL /dev/sda1
reiserfs:
# reiserfstune -l $LABEL /dev/sda1
jfs:
# jfs_tune -L $LABEL /dev/sda1
xfs:
# xfs_admin -L $LABEL /dev/sda1
fat/vfat:
# echo 'drive i: file="/dev/sda1"' >> ~/.mtoolsrc
# mlabel -s i:$LABEL
ntfs:
# ntfslabel $LABEL /dev/sda1
Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs
Disable pdiffs feature of APT:
Permanent:
# echo 'Acquire::PDiffs "false";' >> /etc/apt/apt.conf
Temporary:
# apt-get update -o Acquire::Pdiffs=false
Backup big devices or files and create compressed splitted
image chunks of it using zsplit
Create backup of /dev/sda named archiveofsda_#.spl.zp in directory
/mnt/sda1/backup, split the files up into chunks of 1GB each and set
read/write buffer to 256kB:
# zsplit -b 256 -N archiveofsda -o /mnt/sda1/backup/ -s 1G /dev/sda
Restore the backup using unzsplit:
# unzsplit -D /dev/sda -d archiveofsda
More usage examples: man zsplit + man unzsplit
Tags: backup, reocvery, spllt, limit, howto
Measure network performance using iperf:
Server side:
% iperf -s -V
Client side:
% iperf -c <server_address> -V
or
Server with 128k TCP window size:
% iperf -s -w128k
Client with running for 60 seconds and bidirectional test:
% iperf -c <server_address> -r -w128k -t60
Tags: network, benchmark
Framebuffer resolutions:
Resolution in pixels
Color depth | 640x480 800x600 1024x768 1280x1024
256 (8bit)| 769 771 773 775
32000 (15bit)| 784 787 790 793
65000 (16bit)| 785 788 791 794
16.7 Mill.(24bit)| 786 789 792 795
vga=0x... modes:
Mode 0x0300: 640x400 (+640), 8 bits
Mode 0x0301: 640x480 (+640), 8 bits
Mode 0x0303: 800x600 (+800), 8 bits
Mode 0x0303: 800x600 (+832), 8 bits
Mode 0x0305: 1024x768 (+1024), 8 bits
Mode 0x0307: 1280x1024 (+1280), 8 bits
Mode 0x030e: 320x200 (+640), 16 bits
Mode 0x030f: 320x200 (+1280), 24 bits
Mode 0x0311: 640x480 (+1280), 16 bits
Mode 0x0312: 640x480 (+2560), 24 bits
Mode 0x0314: 800x600 (+1600), 16 bits
Mode 0x0315: 800x600 (+3200), 24 bits
Mode 0x0317: 1024x768 (+2048), 16 bits
Mode 0x0318: 1024x768 (+4096), 24 bits
Mode 0x031a: 1280x1024 (+2560), 16 bits
Mode 0x031b: 1280x1024 (+5120), 24 bits
Mode 0x0330: 320x200 (+320), 8 bits
Mode 0x0331: 320x400 (+320), 8 bits
Mode 0x0332: 320x400 (+640), 16 bits
Mode 0x0333: 320x400 (+1280), 24 bits
Mode 0x0334: 320x240 (+320), 8 bits
Mode 0x0335: 320x240 (+640), 16 bits
Mode 0x0336: 320x240 (+1280), 24 bits
Mode 0x033c: 1400x1050 (+1408), 8 bits
Mode 0x033d: 640x400 (+1280), 16 bits
Mode 0x033e: 640x400 (+2560), 24 bits
Mode 0x0345: 1600x1200 (+1600), 8 bits
Mode 0x0346: 1600x1200 (+3200), 16 bits
Mode 0x034d: 1400x1050 (+2816), 16 bits
Mode 0x035c: 1400x1050 (+5632), 24 bits
Tags: framebuffer, resolution
Portscan using netcat:
# netcat -v -w2 <host|ip-addr.> 1-1024
Run apt-get but disable apt-listchanges:
APT_LISTCHANGES_FRONTEND=none apt-get ...
Upgrade system but disable apt-listbugs:
APT_LISTBUGS_FRONTEND=none apt-get ...
Set up a Transparent Debian Proxy
Install of apt-cacher, the default config will do:
# apt-get install apt-cacher
Check out the ip address of debian mirror(s).
Then add this to your firewall script:
DEBIAN_MIRRORS="141.76.2.4 213.129.232.18"
for ip in ${DEBIAN_MIRRORS} ; do
${IPTABLES} -t nat -A PREROUTING -s $subnet -d $ip -p tcp --dport 80 -j REDIRECT --to-port 3142
done
where ${IPTABLES} is the location of your iptables binary
and $subnet is your internal subnet.
Now everybody in your subnet who does access either
ftp.de.debian.org or ftp.at.debian.org will actually
access your apt-cacher instead.
To use apt-cacher on the router itself, add the following
line to your /etc/apt/apt.conf:
Acquire::http::Proxy "http://localhost:3142/";
Tags: proxy, debian, apt-get, howto
Version control using Mercurial
Setting up a Mercurial project:
% cd project
% hg init # creates .hg
% hg add # add all files
% hg commit # commit all changes, edit changelog entry
Branching and merging:
% hg clone linux linux-work # create a new branch
% cd linux-work
<make changes>
% hg commit
% cd ../linux
% hg pull ../linux-work # pull changesets from linux-work
% hg merge # merge the new tip from linux-work into
# (old versions used "hg update -m" instead)
# our working directory
% hg commit # commit the result of the merge
Importing patches:
% cat ../p/patchlist | xargs hg import -p1 -b ../p
Exporting a patch:
(make changes)
% hg commit
% hg tip
1234:af3b5cd57dd5
% hg export 1234 > foo.patch # export changeset 1234
Export your current repo via HTTP with browsable interface:
% hg serve -n "My repo" -p 80
Pushing changes to a remote repo with SSH:
% hg push ssh://user@example.com/~/hg/
Merge changes from a remote machine:
host1% hg pull http://foo/
host2% hg merge # merge changes into your working directory
Set up a CGI server on your webserver:
% cp hgwebdir.cgi ~/public_html/hg/index.cgi
% $EDITOR ~/public_html/hg/index.cgi # adjust the defaults
Download binary codecs for mplayer:
# /usr/share/mplayer/scripts/win32codecs.sh
or
# /usr/share/mplayer/scripts/binary_codecs.sh install
(depending on the mplayer version you have).
To play encrypted DVDs and if you are living in a country where using
libdvdcss code is not illegal can install Debian package libdvdread3
and use the script /usr/share/doc/libdvdread3/install-css.sh.
Read manpages of uninstalled packages with debman:
% debman -p git-core git
Test network performance using netperf:
Server:
# netserver
Client:
# netperf -t TCP_STREAM -H 192.168.0.41
Tags: benchmark, network
Setup Xen within 20 minutes on Debian/grml
Install relevant software und update grub's menu.lst (Xen does not work with
usual lilo so install grub instead if not done already):
apt-get install linux-image-2.6.18-1-xen-686 xen-hypervisor-3.0.3-1-i386 xen-utils-3.0.3-1 xen-tools bridge-utils
update-grub
Example for installation of Debian etch as DomU:
mkdir /mnt/md1/xen
xen-create-image --debootstrap --dir=/mnt/md1/xen --size=2Gb --memory=512Mb --fs=ext3 --cache=yes --dist=etch --hostname=xengrml1 --ip 192.168.1.2 --netmask 255.255.255.0 --gateway 192.168.1.1 --initrd=/boot/initrd.img-2.6.18-1-xen-686 --kernel=/boot/vmlinuz-2.6.18-1-xen-686 --mirror=http://ftp.at.debian.org/debian/
Start services:
/etc/init.d/xend start
/etc/init.d/xendomains start
Setup a bridge for network, either manually:
brctl addbr xenintbr
brctl stp xenintbr off
brctl sethello xenintbr 0
brctl setfd xenintbr 0
ifconfig xenintbr 192.168.1.1 netmask 255.255.255.0 up
or via /etc/network/interfaces (run ifup xenintbr to bring up the device then
without rebooting):
auto xenintbr
iface xenintbr inet static
pre-up brctl addbr xenintbr
post-down brctl delbr xenintbr
address 192.168.1.1
netmask 255.255.255.0
bridge_fd 0
bridge_hello 0
bridge_stp off
Setup forwarding (adjust $PUBLIC_IP; for permanet setup use /etc/sysctl.conf and
add the iptables commands to a startup script like /etc/init.d/rc.local):
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j SNAT --to $PUBLIC_IP
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to $PUBLIC_IP
Adjust network configuration of Xend:
cat >> /etc/xen/xend-config.sxp << EOF
(network-script network-route)
(vif-bridge xenintbr)
(vif-script vif-bridge)
EOF
List domains, start up a DomU, shutdown later again:
xm create -c /etc/xen/xengrml1.cfg
xm list
xm shutdown 1
This HowTo is also available online at http://grml.org/xen/
Tags: howto, xen, grml
Play tetris with zsh:
autoload -U tetris
zle -N tetris
bindkey "^Xt" tetris
Now press 'ctrl-x t'.
Set up a router with grml
Run grml-router script:
# grml-router
Install dnsmasq if not already present:
# apt-get update ; apt-get install dnsmasq
Adjust /etc/dnsmasq.conf according to your needs:
# cat >> /etc/dnsmasq.conf << EOF
domain-needed
bogus-priv
dhcp-range=19.168.0.124,192.168.0.254,1m # dhcp range
dhcp-option=3,192.168.0.1 # dns server
dhcp-option=1,255.255.255.0 # netmask
EOF
Start dnsmasq finally:
# Restart dnsmasq
Tags: network, router, grml
Display stats about memory allocations performed by a program:
Usage example for 'ls':
% LD_PRELOAD=/lib/libmemusage.so ls > /dev/null
Use KVM (Kernel-based Virtual Machine for Linux):
Make sure to install the relevant tools:
# apt-get update ; apt-get install kvm
# modprobe kvm
Test it with a minimal system like ttylinux:
# wget http://www.minimalinux.org/ttylinux/packages/bootcd-i386-5.3.iso.gz
# gzip -d bootcd-i386-5.3.iso.gz
# kvm -cdrom bootcd-i386-5.3.iso
EEPROM data decoding for SDRAM DIMM modules:
# modprobe eeprom
# /usr/share/doc/lm-sensors/examples/eeprom/decode-dimms.pl
Set up and use DVB:
Make sure your device is supported by Linux and running.
See http://www.linuxtv.org/ for more details.
If the DVB device works on your system (see 'hwinfo --usb'
when using a DVB usb device for example), then make sure you
have the scan util from dvb-utils available:
# aptitude install dvb-utils
Then create a channels.conf configuration file:
% scan /usr/share/doc/dvb-utils/examples/scan/... > ~/.mplayer/channels.conf
You can find some example configuration files on
your grml system in ~/.channels. Usage example:
% ln -s ~/.mplayer/channels.conf-AT-graz ~/.mplayer/channels.conf
Tip: w_scan (see http://free.pages.at/wirbel4vdr/w_scan/index2.html)
might be useful if you do not know the initial configuration
details.
Get the lastest mercurial snapshot:
Make sure you have the python-dev package available:
# apt-get update ; apt-get install python-dev
Get and build the source:
% hg clone http://selenic.com/repo/hg mercurial
% cd mercurial
% make local
% export PYTHONPATH=$(pwd)
% export PATH=$PATH:$(pwd)
now you should have the newest version of mercurial whenever you execute hg.
To update to the lastest development snapshot, additionally use
the following commands:
% hg pull -u http://hg.intevation.org/mercurial/crew
% make local
Configure timezone
==================
Available bootoptions relevant in live-cd mode:
-----------------------------------------------
* utc: set UTC, if your system clock is set to UTC (GMT)
* gmt: set UTC, if your system clock is set to UTC (GMT) [like bootoption utc]
* tz=$option: set timezone to corresponding $option, usage example:
tz=Europe/Vienna
Configuration options relevant on harddisk installation:
--------------------------------------------------------
* Use the tzconfig utility to set the local timezone:
# tzconfig
which adjusts /etc/timezone and /etc/localtime according
to the provided information. Running:
# dpkg-reconfigure tzdata
might be useful as well.
* /etc/default/rcS: set variable UTC according to your needs,
whether your system clock is set to UTC (UTC='yes') or
not (UTC='no')
* /etc/localtime: adjust zoneinfo according to your needs:
# ln -sf /usr/share/zoneinfo/$WHATEVER_YOU_WANT /etc/localtime
The zoneinfo directory contains the time zone files that were
compiled by zic. The files contain information such as rules
about DST. They allow the kernel to convert UTC UNIX time into
appropriate local dates and times. Use the zdump utility to
print current time and date (in the specified time zone).
* /etc/adjtime: This file is used e.g. by the adjtimex function,
which can smoothly adjust system time while the system runs
* If you change the time (using 'date --set ...', ntpdate,...)
it is worth setting also the hardware clock to the correct time:
# hwclock --systohc [--utc]
Remember to add the --utc -option if the hardware clock is set
to UTC!
Still problems?
---------------
Check your current settings via:
cat /etc/timezone
zdump /etc/localtime
echo $TZ
hwclock --show
grep hwclock /etc/runlevel.conf
grep '^UTC' /etc/default/rc
Further information:
--------------------
hwclock(8) tzselect(1) tzconfig(8)
http://www.debian.org/doc/manuals/system-administrator/ch-sysadmin-time.html
http://wiki.debian.org/TimeZoneChanges
Tags: timezone, rtc, configuration
Recorder shellscript session using script:
% script -t 2>~/upgrade.time -a ~/upgrade.script
% scriptreplay ~/upgrade.time ~/upgrade.script
Test UTF-8 capabilities of terminal:
wget http://www.linux-cjk.net/Console/garabik/UTF-8-demo.txt.gz
zcat UTF-8-demo.txt.gz
or:
wget http://www.cl.cam.ac.uk/~mgk25/ucs/examples/UTF-8-test.txt
cat UTF-8-test.txt
UTF-8 at grml / some general information regarding Unicde/UTF-8:
http://wiki.grml.org/doku.php?id=utf8
This allows one ssh connection attepmt per minute per source ip, with a initial
burst of 10. The available burst is like a counter which is initialised with
10. Every connection attempt decrements the counter, and every minute where the
connection limit of one per minute is not overstepped the counter is
incremented by one. If the burst counter is exhausted the real rate limit
comes into play. This gives you 11 connectionattepmts in the first minute
before blocked for 10minutes. After 10 minutes block the game restarts.
Hint: you could set the burst value to 5 and the block time to only 5 minutes
to achive the same average connection rate but with halve the block time.
iptables -A inet_in -p tcp --syn --dport 22 -m hashlimit --hashlimit-name ssh --hashlimit 1/minute --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-htable-expire 600000 -j ACCEPT
iptables -A inet_in -p tcp --dport 22 -m state --state NEW -j REJECT
Tunnel a specific connection via socat:
On the client:
% socat TCP4-LISTEN:8003 TCP4:gateway:500
On the gateway:
# socat TCP4-LISTEN:500,fork TCP4:target:$PORT
Using localhost:8003 on the client uses the tunnel now.
Set date:
# date --set=060916102007
where the bits are month(2)/day(2)/hour(2)/minute(2)/year(4)
Set date using a relative date:
# date -s '+3 mins'
or
# date -s '+tomorrow'
Display a specific relative date:
# date -d '+5 days -2 hours'
Don't forget to set hardware clock via:
# hwlock -w
Booting grml via network / PXE:
Start grml-terminalserver on a system with network access
and where grml is running:
# grml-terminalserver
Then booting your client(s) via PXE should work without
any further work.
See: man grml-terminalserver + http://grml.org/terminalserver/
Tags: howto, pxe, network, boot
Debugging SSL communications:
% openssl s_client -connect server.adress:993 > output_file
% openssl x509 -noout -text -in output_file
or
# ssldump -a -A -H -i eth0
See http://prefetch.net/articles/debuggingssl.html for more details.
Tags: debug, ssl, openssl
Remove bootmanager from MBR:
# lilo -M /dev/hda -s /dev/null
Tags: mbr, lilo
Rewrite grub to MBR:
# mount /mnt/sda1
# grub-install --recheck --no-floppy --root-directory=/mnt/sda1 /dev/sda
Tags: mbr, grub
Rewrite lilo to MBR:
# mount /mnt/hda1
# lilo -r /mnt/hda1
Tags: mbr, lilo
Create screenshot of plain/real console - tty1:
# fbgrab -c 1 screeni.png
Create screenshot when running X:
% scrot
Tip: use the gkrellshoot plugin when using gkrellm
Tags: screenshot, xorg
Redirect all connections to hostA:portA to hostB:portB, where hostA and hostB are
different networks:
Run the following commands on hostA:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --dport portA -j DNAT --to hostB:portB
iptables -A FORWARD -i eth0 -o eth0 -d hostB -p tcp --dport portB -j ACCEPT
iptables -A FORWARD -i eth0 -o eth0 -s hostB -p tcp --sport portB -j ACCEPT
iptables -t nat -A POSTROUTING -p tcp -d hostB --dport portB -j SNAT --to-source hostA
Tags: howto, network, redirect, port
Flash BIOS without DOS/Windows:
Dump flash info and set the flash chip to writable:
# flashrom
Backup the original BIOS:
# flashrom -r backup.bin
Notice: the following step will overwrite your current BIOS!
So make sure you really know what you are doing.
Flash the BIOS image:
# flashrom -wv newbios.bin
Also check out LinuxBIOS: http://linuxbios.org/
Enable shadow passwords:
# shadowconfig on
Set up an IPv6 tunnel on grml:
# ipv6-tunnel start
Set up console newsreader slrn for use with Usenet:
% grml-slrn
Calculate with IPv6 addresses:
% ipv6calc
For usage examples refer to manpage ipv6calc(8).
Tags: ipv6
Common network debugging tools for use with IPv6:
% ping6
% tracepath6
% traceroute6
% tracert6
% nc6
% tcpspray6
Tags: ipv6
Set up NFS (Network File System):
Server-side
~~~~~~~~~~~
Make sure the relevant services are running on the server side:
# /etc/init.d/portmap start
# /etc/init.d/nfs-common start
# /etc/init.d/nfs-kernel-server start
Export shares via /etc/exports:
/backups 192.168.1.100/24(rw,wdelay,no_root_squash,async,subtree_check)
... or manually export a directory running:
# exportfs -o rw,wdelay,no_root_squash,async,subtree_check 192.168.1.100:/backups
and unexport a share running:
# exportfs -u 192.168.1.100:/backups
and every time when you modify /etc/exports file run
# exportfs -ra
Display what NFS components are running:
# rpcinfo -p
Display list of exported shares:
# exportfs -v
or
# showmount -e
Client-side
~~~~~~~~~~~
Make sure the relevant services are running on the client side:
# /etc/init.d/portmap start
# /etc/init.d/nfs-common start
Verify that the server allows you to access its RPC/NFS services:
# rpcinfo -p server_name
Check what directories the server exports:
# showmount -e server_name
On the client side you can use something like the following in /etc/fstab:
192.168.1.101:/backups /mnt/nfs nfs defaults,users,wsize=8192,rsize=8192 0 0
Tags: nfs, howto, network
Mount a cloop file:
# aptitude install cloop-src
# m-a a-i cloop-src
# modprobe cloop file=/path/to/cloop/file
# mount -r -t iso9660 /dev/cloop /mnt/test
Create a PS/PDF of a plaintext file:
% a2ps --medium A4dj -E -o output.ps input_file
% ps2pdf output.ps
Print two pages on one in a PDF file:
% pdfnup --nup 2x1 input.pdf
Concatenate, extract pages/parts, encrypt/decrypt,
compress PDFs using 'pdftk'.
Read a PS/PDF file on console:
% pstotext file.pdf
or on plain framebuffer console in graphical mode:
% pdf2ps file.pdf ; ps2png file.ps file.png ; fbi file.png
or
% fbgs file.pdf
Bypass the password of a PDF file:
% gs -q -dNOPAUSE -sDEVICE=pdfwrite -sOutputFile=output.pdf input.pdf -c quit
Record sound:
% rec test.aiff
This will record a AIFF audio file.
Change passphrase / password of an existing SSH key:
% ssh-keygen -p
Enable syntax highlighting in nano:
Just uncomment the include directives for your respective
language at the bottom of the file /etc/nanorc
Create netboot package for grml-terminalserver:
# bash /usr/share/doc/grml-terminalserver/examples/create-netboot
To boot grml via network (PXE) check out grml-terminalserver:
# grml-terminalserver
See http://grml.org/terminalserver/ for more details.
Rotate pictures:
Using the 'Orientation' tag of the Exif header, rotate
the image so that it is upright:
% jhead -autorot *.jpg
Manually rotate a picture:
% convert -rotate 270 input.jpg output.jpg
Rename files based on the information inside their exif header:
% jhead -n%Y-%m-%d_%Hh%M_%f *.jpg
This will rename a file named img_2071.jpg to something like:
2007-08-17_10h38_img_2071.jpg
if it was shot at 10:38 o'clock on 2007-08-17 (according to
the information inside the exif header).
Calculate network / netmask:
Usage examples:
% ipcalc 10.0.0.28 255.255.255.0
% ipcalc 10.0.0.0/24
Blacklist a kernel module:
# blacklist <name_of_kernel_module>
-> running 'blacklist hostap_cs' for example will generate an
entry like this in /etc/modprobe.d/grml:
blacklist hostap_cs
alias hostap_cs off
To remove the module from the blacklist again just invoke:
# unblacklist <name_of_kernel_module>
or manually remove the entry from /etc/modprobe.d/grml.
Create a Debian package of a perl module:
% dh-make-perl --cpan Acme::Smirch --build
The Magic SysRq Keys (SysReq or Sys Req, short for System Request):
To reboot your system using the SysRq keys just hold down the Alt and
SysRq (Print Screen) key while pressing the keys REISUB ("Raising
Elephants Is So Utterly Boring").
R = take the keyboard out of raw mode
E = terminates all processes (except init)
I = kills all processes (except init)
S = synchronizes the disk(s)
U = remounts all filesystems read-only
B = reboot the system
Notice: use O instead of B for poweroff.
Or write the sequence to /proc/sysrq-trigger instead:
# for i in r e i s u b ; do echo $i > /proc/sysrq-trigger ; done
To enable or disable SysRq calls:
# echo 0 > /proc/sys/kernel/sysrq
# echo 1 > /proc/sys/kernel/sysrq
See http://en.wikipedia.org/wiki/Magic_SysRq_key for more details.
Tags: reboot, documentation, sysrq, magic
Memtest / memcheck:
Just boot your grml Live-CD with "memtest" to execute a memcheck/memtest
with Memtest86+.
Tunnel TCP-Traffic through DNS using dns2tcp:
Server-side:
~~~~~~~~~~~~
1. Create necessary DNS-Records:
dnstun.example.com. 3600 IN NS host.example.com.
dnstun.example.com. 3600 IN A 192.168.1.1
host.example.com. 3600 IN A 192.168.1.1
2. Configure dns2tcpd on host.example.com.:
# cat /etc/dns2tcpd.conf
listen = 192.168.1.1 #the ip dns2tcpd should listen on
port = 53 #" port " " " "
user = nobody
chroot = /tmp
domain = dnstun.example.com. # the zone as specified inside dns
ressources = ssh:127.0.0.1:22 # available resources
3. Start the daemon:
# cat > /etc/default/dns2tcp << EOF
# Set ENABLED to 1 if you want the init script to start dns2tcpd.
ENABLED=1
USER=nobody
EOF
# /etc/init.d/dns2tcp start
Client-side:
~~~~~~~~~~~~
You have two possibilities:
- Use the DNS inside your network (DNS must allow resolving for external domains)
# grep nameserver /etc/resolv.conf
nameserver 172.16.42.1
# dns2tcpc -z dnstun.example.com 172.16.42.1
Available connection(s) :
ssh
# dns2tcpc -r ssh -l 2222 -z dnstun.example.com 172.16.42.1 &
Listening on port : 2222
# ssh localhost -p 2222
user@host.example.com:~#
- Directly contact the endpoint (port 53 UDP must be allowed outgoing)
# dns2tcpc -z dnstun.example.com dnstun.example.com
Available connection(s) :
ssh
# dns2tcpc -r ssh -l 2222 -z dnstun.example.com dnstun.example.com &
Listenning on port : 2222
# ssh localhost -p 2222
user@host.example.com:~#
Notice: using 'ssh -D 8080 ..' you will get a socks5-proxy listening on
localhost:8080 which you can use to tunnel everything through your "dns-uplink".
Tags: howto, network, tunnel
Configure a MadWifi device for adhoc mode:
Disable the autocreation of athX devices:
# echo "options ath_pci autocreate=none" > /etc/modprobe.d/madwifi
Remove the autocreated device for now:
# wlanconfig ath0 destroy
Configuration in /etc/network/interfaces:
iface ath0 inet static
madwifi-base wifi0
madwifi-mode adhoc
...
Hints:
- Do not use interface names without ending 0 (otherwise startup fails).
- Only chooss unique names for interfaces.
Find dangling symlinks using zsh:
% ls **/*(-@)
Use approx with runit supervision
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Install the packages:
# apt-get install approx runit
Add user approxlog for the logging daemon:
# adduser --system --home /nonexistent --no-create-home approxlog
Create config directory:
# mkdir /etc/sv/approx
Use /var/run/sv.approx as supervise directory:
# ln -s /var/run/sv.approx /etc/sv/approx/supervise
# cat > /etc/sv/approx/run << EOF
#!/bin/sh
echo 'approx starting'
exec approx -f 2>&1
EOF
You normally do not need a logging service for approx because it logs
to syslog too. So just for completion:
# mkdir -p /etc/sv/approx/log
# ln -s /var/run/sv.approx.log /etc/sv/approx/log/supervise
# cat > /etc/sv/approx/log/run << EOF
#!/bin/sh
set -e
LOG="/var/log/approx"
test -d "$LOG" || mkdir -p -m2750 "$LOG" && chown approxlog:adm "$LOG"
exec chpst -uapproxlog svlogd -tt -v "$LOG"
EOF
Now activate the new approx service (will be started within 5s):
# ln -s /etc/sv/approx/ /var/service/
Make approx managed via runit available via init-script interface:
# dpkg-divert --local --rename /etc/init.d/approx
# ln -s /usr/bin/sv /etc/init.d/approx
Remote-reboot a grml system using SysRQ via /proc (execute as root):
eject &>/dev/null
umount -l /cdrom
eject /dev/cdrom
echo b > /proc/sysrq-trigger
Tags: reboot, howto, grml, network
Show what happens on /dev/sda0:
# mount the debugfs to relay kernel info to userspace
mount -t debugfs none /sys/kernel/debug
# is a convenient wrapper arround blktrace and blkparse
btrace /dev/sda0
Tags: debug, block, partition, trace
Convert Flash to Avi:
% ffmpeg -i input.flv output.avi
Extract MP3 from Flash file:
% for i in *.flv; do ffmpeg -i $i -acodec copy ${i%.flv}.mp3 ; done
Usage example for cryptsetup / -luks encrypted partition on LVM:
volume group name: x61
logical volume name: home
echo "grml-crypt_home /dev/mapper/x61-home none luks" >> /etc/crypttab
Start cryptdisks
mount /dev/mapper/grml-crypt_home /mnt/test
fdisk/parted/... complains with something like
'unable to open /dev/sda - unrecognised disk label'?!
See http://grml.org/faq/#fdisk =>
* use /sbin/fdisk.distrib from util-linux
* switch to sfdisk, cfdisk,...
* use parted's mklabel command (but please read the
parted manual before executing this command)
dmraid - support for SW-RAID / FakeRAID controllers
like Highpoint HPT and Promise FastTrack
Activate all software RAID sets discovered:
# dmraid -ay
Deactivates all active software RAID sets:
# dmraid -an
Discover all software RAID devices supported on the system:
# dmraid -r
Extract winmail.dat:
List content:
% ytnef winmail.dat
Extract files to current directory:
% ytnef -f . winmail.dat
Approx - Debian package proxy/cacher howto
% apt-get install approx
% echo 'debian http://ftp.de.debian.org/debian' >>/etc/approx/approx.conf
% Restart approx
Add your new approx to sources.list
eg.
deb http://localhost:9999/debian unstable main contrib non-free
use approx in grml-debootstrap like:
% grml-debootstrap -r lenny -t /dev/sda1 -m http://127.0.0.1:9999/debian
Simple webserver with python:
% python -m SimpleHTTPServer
Upgrade only packages from the grml-stable Debian repository:
echo 'deb http://deb.grml.org/ grml-stable main' > /etc/apt/grml-stable.list
apt-get -o Dir::Etc::sourcelist=/etc/apt/grml-stable.list -o Dir::Etc::sourceparts=/doesnotexist update
apt-get upgrade
Install Centos into a directory:
% febootstrap centos-5 directory http://mirror.centos.org/centos-5/5.3/os/i386/
Install Fedora into a directory:
% febootstrap fedora-11 target_directory
Use Nessus / OpenVAS (remote network security auditor):
Install software packages:
# apt-get update
# apt-get install openvas-client openvas-server openvas-plugins-base openvas-plugins-dfsg
Add a user:
# openvas-adduser
Start openvas server (takes a while):
# Start openvas-server
Invoke client as user:
% OpenVAS-Client
Find packages not available from any active apt repository:
% apt-show-versions | awk '/No available version in archive/{print $1}'
Simple mailserver with python:
% python -m smtpd -n -c DebuggingServer localhost:1025
finger via netcat:
echo $USER | nc $HOST 79
Install Archlinux using Grml:
https://wiki.archlinux.org/index.php/Install_from_Existing_Linux
or
wget http://tokland.googlecode.com/svn/trunk/archlinux/arch-bootstrap.sh
Export blockdevices via AoE (ATA over Ethernet):
% vblade -m 11:22:33:44:55:66 160 2 eth0 /dev/sdb1
Allow the host with the mac address 11:22:33:44:55:66 to access /dev/sdb1
via eth0, using the shelf and slot numbers 160 and 2. These numbers are
arbitrary but should be unique within the network.
A word of warning: AoE is prone to all kind of nasty ethernet attacks,
especially arp spoofing. Do not use in hostile networks.
Tags: aoe, blockdevice, export, server
Access blockdevices via AoE (ATA over Ethernet):
% sudo aoe-discover
and the device should show up under /dev/etherd/. If your shelf and
slot numbers re 160 and 2 the device will be /dev/etherd/e160.2
A word of warning: AoE is prone to all kind of nasty ethernet attacks,
especially arp spoofing. Do not use in hostile networks.
Tags: aoe, blockdevice, export, client