Linux Administration Notes
<< | AdminNotes | >>
On this page... (hide)
- 1. Other Pages
- 2. Random Password Generator
- 3. Attansic L2 Ethernet driver for the psidaq PC at ithemba
- 4. Misc
- 5. ACL (Access Control Lists) on Linux
- 6. SELinux
- 7. To make sure things start after a reboot
- 8. Text-mode screensaver
- 9. printconf
- 10. Enabling ssh access from a new IP address range
- 11. limiting the rights of an SSH login
- 12. get the SSHd fingerprint on the server:
- 13. Enable Java Web Start (for JANIS)
- 14. Enable Java Plugin for Firefox on SL4
- 15. Server Backup
- 16. History of incidents
On PSI is installed APG (using the DAG rpm), a password generator that makes 'readable' passwords. Please use it to generate your new password...
$ apg -M NsCL SloFlewk7 Skyrolg9 6Okqueg3 AtNeenCyt6 Dewpaij8 efKoolt6
Remember that you can change your password from any PSI pc using yppasswd.
(for 2.6 kernels only)
SELinux, or Security Enhanced Linux, is a system to define more fine-grained permissions for files, programs, users, etc. In brief, it is based on a concept of "types" - a program subject to SELinux, like
httpd, will have a certain "type". Certain program types will then be able to access only certain types of files - even if these files are "world readable" in terms of Unix permissions.
If you have SElinux enabled, and you have problems with permissions,
- read the how-to above
- look at /var/log/audit/audit.log
ls -laZto see Unix and SELinux permissions
chconto change SEL permissions
See for example Web Pages.
There are many switches that can be tuned with
httpd_enable_homedirs. Please check those before going to the next, more complicated step.
If you have more "permanent" problems,
audit2allow -l -i /var/log/audit/audit.log
yum install selinux-policy-targeted-sources
Just as an example ....
sudo chkconfig mysqld on
to activate full DPMS screen saver in text mode like you get in X11, you can put this in
for n in 1 2 3 4 5 6 7 8 9 10 11; do setterm -powersave powerdown > /dev/tty$n setterm -powerdown 1 > /dev/tty$n setterm -store > /dev/tty$n done
printconf supports command line options to export/import the full printers configuration to/from XML files, making it quite easy to copy the same configuration to a number of PCs:
# printconf-tui --Xexport > printconf.xml # printconf-tui --Ximport < printconf.xml
I was being unable to stop the browsing; it did work after adding a
Browsing Off line to
Each IP address has to be explicitly allowed by the firewall. This is done by editing the iptables by editing and running the script.
Then if it's OK
/sbin/service iptables save
[sergio@psi ~]$ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub 1024 38:95:1c:67:03:35:e4:1d:10:46:2c:76:e2:5b:1e:b7 /etc/ssh/ssh_host_rsa_key.pub
cd /usr/bin; sudo ln -sf /usr/java/j2sdk1.4.2_12/jre/javaws/javawsbin javaws
# Java Web Start application/x-java-jnlp-file; javaws %s
cd /usr/lib/firefox-22.214.171.124/plugins/; sudo ln -sf /usr/lib/mozilla/plugins/* .
In oder to backup the server, we need a place to put the data. This is one of the other machines in the group. If it is one of the Sun machines, format the extra space on the machine using:
Then make the backups mount point
Then mount that partition by adding the following line to
/dev/sda3 /BACKUPS ext3 rw,defaults 0 0
And export it by adding the following line to
and then reexport everything
and restart the nfs daemon
and keep it going
chkconfig nfs on
The final step is to allow connections from the file server to this machine by altering the iptables.
sudo iptables -I INPUT 6 -s psi -j ACCEPT
Unfortunately, power failure is commonplace at the university. This can lead to a number problems in a machine that was rudely dumped.
- Panel problems: The panel icons are unresponsive or they appear to respond but no program is loaded or there are no icons, or there is no panel.
- Delete the .gconf, .gconfd, and .gnome2/panel2.d directories
- Restart the nfs server on psi:
sudo /sbin/service nfs restart
- Now that we have a battery backup on the server, it will not come up immediately when the power returns. The clients will boot BEFORE the nfs and yp server are running. This will require the following commands to be used to start these client services once the server is up.
sudo service ypbind start sudo service autofs start
2006 Feb 21: Schonlan Firewall
2005 Nov 14: Squirrelmail error
imap was verified to be listening with
[root@SchonLAN log]# netstat -tl | grep -i imap \\ tcp 0 0 *:imaps *:* LISTEN \\ tcp 0 0 *:imap *:* LISTEN
imapproxy. It appears that imapproxy didn't come up again properly after a related to a power failure early Sunday morning. Restarted the imapproxy server which repaired the error.