Friday, December 20, 2002

Squid Quick Start Guide

Download Squid fron www.squid-cache.org

Next you have to untar the file and change the working directory to squid-*

tar -xvzf squid-*-src.tar.gz
cd squid -*

Now enter the following commands in order to configure, compile and install squid

./configure
make
make install

This will by default, install into "/usr/local/squid". Type ./configure --help to view all available options

Step II - Basic Configuration

Some basic Configuration is to be done in Configuration file. By default this file is in the following path "usr/local/squid/etc/squid.conf". In the configuration file uncomment and edit the following lines.

cache_dir
Set cache_dir to an area that has a large amount of hard disk space in order to devote to caching.
Cache_dir ufs /usr/local/squid/cache 100 16 256 is common.

http_port
Check http_port, 3128 is a default.

http_access
By default http_access is denied to all. You have to set ACL rules as per your requirements. This is important because it prevents people from stealing your network resources

cache_effective_user & cache_effective_ group
Set cache_effective_user and cache_effective_ group to a user and group. This user should have the permission to read and write in the cache directory and in the log files.

Step III - Custom configuration based on your network needs

For Configuring squid for proxy
By default, squid is configured in proxy mode. In order to cache web traffic and to use the squid system as a proxy, you have to configure your browser, which needs at least two pieces of information:

i. _____ the proxy server's host name
ii. ______ the port that the proxy server is accepting requests on

For Configuring squid for transparency
Using squid transparently is a two part process, requiring first that squid be configured properly to accept non-proxy requests (performed in the squid module) , and second that web traffic gets redirected to the squid port (achieved in three ways namely policy based routing, Using smart switching or by setting squid Box as a gateway).

Getting transparent caching to work requires the following steps:
i. ___For some operating systems, you have to configure and build a version of Squid which can recognize the hijacked connections and discern the destination addresses. For Linux this seems to work automatically. For BSD-based systems, you probably have to configure squid with the --enable-ipf-transparent option, and you have to configure squid as:

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

ii. __________ Next you have to configure your cache host to accept the redirected packets - any IP address, on port 80 - and deliver them to your cache application. This is typically done with IP filtering/forwarding features built into the kernel. In Linux they call this ipfilter (kernel 2.4.x), ipchains (2.2.x) or ipfwadm (2.0.x).

For Configuring squid for Reverse Proxy
To run Squid as an accelerator, you probably want to listen on port 80. And you have to define the machine you are accelerating for. This is done in squid module,

http_port 80
httpd_accel_host visolve.com
httpd_accel_port 81
httpd_accel_single_host on
httpd_accel_with_proxy on

If you are using Squid as an accelerator for a virtual host system, then instead of a 'hostname' here you have to use the word virtual as:

http_port 80
httpd_accel_host virtual
httpd_accel_port 81
httpd_accel_with_proxy on
httpd_accel_single_host off

Step IV - Starting Squid

After you've finished editing the configuration file, you can start Squid for the first time. First, you must create the swap directories. Do this by running Squid with the -z option:

/usr/local/squid/sbin/squid -z

Once that completes, you can start Squid and try it out. Probably the best thing to do is run it from your terminal and watch the debugging output. Use this command:

/usr/local/squid/sbin/squid -NCd1

If everything is working okay, then your console displays: "Ready to serve requests".

If you want to run squid in the background, as a daemon process, just leave off all options:

/usr/local/squid/sbin/squid

Here depending on your configuration, you may need to start squid as root.

Step V - To check if Squid is working

Check the cache.log file in your logs directory. This file generates run time error messages that Squid generates.

Wednesday, November 13, 2002

Saturday, October 12, 2002

VNC - Taking Linux Box Control Remotely

For the vncserver box, you don't need to start Xserver, VNC (TightVNC) incorporate one. It's start the window manager which is configured in the $HOME/.vnc/xstartup file.

The server is up by typing : "#vncserver :X" at the prompt. Wehre X is the display'number where you want vncserver reside. It's a virtual screen, like Xwindow can be launch. This precision because the client !!! The second part of VNC, is the client. You can invock it at the command line(under windows too). At this moment vncviewer act like an entire application, consume resource, have a process PID and so on. It consume resource each time youlaucnh vncviewer. Basic.

But, you can invock the viewer by a java browser, and you access the screen inside vncserver had been launching. The difference reside in the fact that the browser consume its resource, no more. Even you can see many vncserver in the same browser like mozilla or konqueror).

This means you can launch differents vncserver on differents ports and you access them by entering in web java browser : http://your_vncserver:58xx. Where xx is the screen (01 for "#vncserver :1", 02 for "#vncserver :2", "#...). I.E., with browser which can view more than one page, you'll access all your vncserver installed on all you box. More : you can open more than one session on an unix-box (linux or aix, i'm tried and it's working), for more one user. I create one user on a linuxbox, and i launch 3 vncserver on screen 1 2 3. i can open 3 differents sessions, with the same user. At the work, each one use the same user, but have each one his different session. In AIX Server (5L), i create 3 users (for work, we are 3) and I launch 3 vncserver, one per user. Each one opens his session, without interfer each other. And all in a web browser which have implemented java.

Invoking VNC

vncviewer 

This will prompt for password of VNC server, before displaying window with desktop of remote machine.

It is possible to connect to a VNC viewer using a java enabled browser. This is makes VNC technology much more flexible, as no special software required on the client. This is done by entering the IP address of VNC server followed by the port 5800 +display number though ports are customisable. e.g.

http://192.168.1.1:5801
- Typical for a windows box
http://192.168.1.1:5802
- Typical for a linux box (displays second X display)

Saturday, September 21, 2002

Accessing Windows Share from Linux

Answer to this is smbclient or smbmount ... but we will study smbclient

The smbclient is an ftp-like command line program that allows you to list, get, put, and do other stuff similar to what you can do with an ftp client. There are many options to smbclient; see man smbclient for a complete listing.

This syntax will connect to a Windows share:

smbclient -U valid_windows_user //server/share

A handy way to list the shares available on a Windows host is:

smbclient -U valid_windows_user -L server

Connecting to a Windows share with smbclient gives the following prompt:

smb:\>

at which you can do ftp-like stuff.

When you enter

smb://server/sharename

in the konqueror address bar, you are running smbclient in the background.


Monday, August 12, 2002

Samba Share

Download Samba

curl -L -O ftp://ftp.samba.org/pub/samba/samba-3.x.x.tar.gz

To verify that the package hasn't been tampered with, you can use gpg:
$gunzip samba-3.x.x.tar.gz
$ curl -L -O ftp://ftp.samba.org/pub/samba/samba-3.x.x.tar.asc
$ gpg --keyserver-options auto-key-retrieve --verify samba-3.x.x.tar.asc


You can then build and install Samba with:

$ tar xvf samba-3.x.x.tar
$ cd samba-3.x.x
$ cd source
$ ./configure
$ make
# make install
# cd /usr/bin ; ln -sf /usr/local/samba/bin/* .


You'll want to verify that your /etc/services file contains:

netbios-ns 137/udp # NETBIOS Name Service
netbios-dgm 138/udp # NETBIOS Datagram Service
netbios-ssn 139/tcp # NETBIOS Session Service


Verify that you've typed the syntax of your configuration file:

$ testparm
microsoft-ds 445/tcp # Microsoft-DS

# cd /usr/sbin ; ln -sf /usr/local/samba/sbin/* .


To launch Samba, run:
# smbd -D
# nmbd -D

Configuring Samba


Out of the box, Samba does not contain any configuration files whatsoever. It is up to you, the system administrator, to create this configuration file. By default, it is located in the /usr/local/samba/lib/smb.conf file. The other file you'll need to create is /usr/local/samba/private/smbpasswd. Ironically, its initial contents should be blank, but you can simply create both with:

# touch /usr/local/samba/lib/smb.conf
# touch /usr/local/samba/private/smbpasswd
# chmod 0644 /usr/local/samba/lib/smb.conf
# chmod 0600 /usr/local/samba/private/smbpasswd

So you want to just get things up and running, eh? In a nutshell, you could use something like:

[global]
encrypt passwords = yes
guest account = smbguest
netbios name = MYSERVER
security = share
socket options = TCP_NODELAY IPTOS_LOWDELAY
wins support = yes
workgroup = WORKGROUP

[pub]
path = /cifs/pub
read only = no
guest ok = yes
guest only = yes

Make the following changes to /etc/passwd (Hint: try "man 8 vipw"):

smbguest:x:4000:4000::/dev/null:/bin/false

Make the following changes to /etc/shadow (Hint: try "vipw -s"):

smbguest:*:9797:0:::::

Make the following changes to /etc/group (Hint: try "man 8 vigr"):

smbguest::4000

Run the following commands on your server. When prompted for a password for smbguest, just hit ENTER twice:

# mkdir -p /cifs/pub
# chmod 0777 /cifs/pub
# smbpasswd -a smbguest

You'll need to stop and restart the Samba server with something like:

# killall smbd nmbd
# smbd -D
# nmbd -D

If your Windows machine is on the same subnet as your Samba server, you should now be able to connect to the Samba server by clicking on Start / Run and typing:

\\MYSERVER\pub



Friday, July 19, 2002

Breaking/Resetting Grub Password

===================================================
METHOD 1
===================================================
HOW TO RESET UR ROOT PASSWORD IF U FORGET IT

While Booting ( Redhat ) just press "e" in GRUB
u will find 3 lines of code..
Goto to the 2nd line press "e"again and type "1" in the end
then press ENTER..
Then press "b" and it will boot you into your shell..
Just type "passwd" and change your ROOT password...
don't need to know the old one..
===================================================
METHOD 2
===================================================
"I, uh, forgot the root password"

Let's look at recovering the root password from the boot loader. If you're using GRUB, then, as GRUB loads up, highlight the Red Hat Linux entry on the GRUB menu and then press [E] to edit the boot configuration. Locate the following line, something that looks like this:

kernel /boot/vmlinuz-2.4.20-0.70 root=LABEL=/hdc=ide-scsi

Type the number '1' at the end. Doing so boots the PC into run level 1-single user mode, where you're automatically logged in as root. This done, type 'passwd' at the prompt. You can enter a new password here.
===================================================
METHOD 3
===================================================
Question.
I am doing a project on Linux platform. Someone has added the GRUB password to the computer on which I am working and has also changed the root password. I can crack the root password, if there is no Grub password, from the initial screen (i.e. from the init 1); but with the GRUB password. While reading LinuxForYou, I saw your section and thought you may be able to help.

Answer.
To break the GRUB start-up password, follow the steps given below:

1. Boot the system with the first Linux CD. At the boot prompt, type linux rescue to switch to rescue mode. In rescue mode you will be asked if similar steps should be followed, which need to be followed in the installation. Once you get the # prompt, type the following command:

# chmod /mnt/sysImage

2. Edit the grub.conf file and remove the passwd line from the file. Save the file and exit.

3. Once your machine reboots, you will be able to start your Linux OS in the usual manner.
===================================================


Tuesday, June 25, 2002

Reset Mysql Password

This tutorial is written in two ways. One way is for the compiled MySQL and one for the installed MySQL by RPM [tested only in Fedora]. It's not big deal, but I hope it is accessible also to newbies because the directory's change in both examples.

--------------------
If you compiled MySQL by yourself, go this way:

Maybe you have to change the directory where you installed MySQL (here it's /usr/local/mysql/ ).

1. Gain root access to your Linux system
code:
[boby@space boby]$ su -
Password:
[root@space root]#

2. First you have to stop the daemon
code:
[root@space root]# /etc/init.d/mysql.server stop
[root@space root]#

3. You will now start MySQL in safe mode without reading the grant tables with all MySQL database passwords and also you will disable networking. The "safe_mysqld" command will do this trick for you.
code:
[root@space root]# /usr/local/mysql/bin/safe_mysqld --user=mysql --skip-grant-tables --skip-networking &
[root@space root]#

4. The "mysqladmin" command can now reset the root password. In this case we are setting it to "newpassword".
code:
[root@space root]# /usr/local/mysql/bin/mysqladmin -u root flush-privileges password "newpassword"
[root@space root]#

5. And finally restart the daemon
code:
[root@space root]# /etc/init.d/mysql.server restart
[root@space root]#

6. You can use now your new root password
code:
[root@space root]# /usr/local/mysql/bin/mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2 to server version: 4.0.20-standard

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>


--------------------
If you installed MySQL by RPM or use the package that comes with the distribution, go this way:

1. Gain root access to your Linux system
code:
[boby@space boby]$ su -
Password:
[root@space root]#

2. First you have to stop the daemon
code:
[root@space root]# /etc/init.d/mysqld stop
[root@space root]#

3. You will now start MySQL in safe mode without reading the grant tables with all MySQL database passwords and also you will disable networking. The "safe_mysqld" command will do this trick for you.
code:
[root@space root]# /usr/bin/safe_mysqld --user=mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --datadir=/var/lib/mysql
--skip-grant-tables --skip-networking &
[root@space root]#

4. The "mysqladmin" command will now reset[rewrite] the root password. In this case we are setting it to "newpassword".
code:
[root@space root]# mysqladmin -u root flush-privileges password "newpassword"
[root@space root]#

5. Stop the running daemon
code:
kill `cat /var/run/mysqld/mysqld.pid`

6. And finally restart it
code:
[root@space root]# /etc/init.d/mysqld start
[root@space root]#

7. You can use now your new root password
code:
[root@space root]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2 to server version: 4.0.20-standard

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

Tuesday, May 21, 2002

Use Cpan for installing Perl Modules

Use Cpan for installing Perl Modules

perl -MCPAN -eshell

cpan> install gd
CPAN: Storable loaded ok

Wednesday, April 03, 2002

Redirecting Shell Output

Some times when executing commands the output turns out to be too long, making difficult to read it properly. One can "pipe" the output via less, with something of this type:

command | less

However that does not work all the time, so we need to learn how to redirect commands’ output to some files. First of all, there are two types of output, called standard output and standard error. The first one contains the "results" of your command, what you are usually interested on. The error part is precisely for that, for the system to inform you of things that go wrong.

Usually the standard output and errors appear in the terminal. However any of these two outputs can be redirected somewhere else, usually a file. There is a very useful file in the system called /dev/null: whatever is written here gets automatically deleted! If you wonder about the use of it, think of a command that produces a lot of error output; redirecting it to /dev/null erases all errors.

The standard output and error have "nicknames" in the system, namely 1 and 2 respectively (remember file descriptors from C?). We will see in the examples below how to use these short names.

An example of a situation where is useful to delete errors is given by the command find Suppose you are looking for a file called interfaces in the /etc/etc/network/interfaces). One possible way of finding it is with the following command: directory (I have chosen a file that exists in my system,

find /etc -name interfaces

However, executing the command as given above will produce errors: a warning message for each directory in which you are not authorised to look for files. That might be a little distracting, so we redirect the errors to /dev/null to get rid of them:

find /etc -name interfaces 2>/dev/null

The last part says to sent the standard error to /dev/null, so it gets erased. Note: in this case, if there is no file with the name interfaces then you will not get any output: the standard output is empty as there is no such file, the standard error get erased.

A common use of output redirection is to get the "result" of your commands in a file. For example, you might want to list all the files in your account; the output could be long, so you can redirect it to a file, and then look at it carefully. Here is a possible way of doing it:

ls -lR ~ 1>/tmp/log

After executing this command a full list of your files will be available in the file /tmp/log.

Redirection of files is also used when you execute a command that has an output that you need, but the execution takes a long time. Let’s take an "advanced" example (do not worry if you don’t understand the precise command, it is just an example). Suppose you have to execute a make command that takes a long time, say a kernel compilation. You want to keep the output (standard output = 1) and the error (standard error = 2) for future reference. But since hte compilation is going to take time you want to continue using the shell. You can do it like this example, where the "nice" output will go to the file correct.log while the errors get written to incorrect.log:

make 2>incorrect.log 1>correct.log &

The last ampersand (&) says that the shell should execute the command make and continue taking input from your keyboard. If you had not redirected output, but put the ampersand, you can continue working, but the command make will keep writing into your terminal, making life a little complicated :-)

Wednesday, March 20, 2002

History

To recall History Commands

So, how do you recall history-commands? One possible way is by using the Up and Down arrows in your keyboard (warning: this might not work is your shell set up is to vi-keys).

Another way is by using the exclamation mark. Something like this:


!l

will recall the latest (most recent) command that starts with the character l. You can do longer things, like !fi or similar.

Another way of recalling history is by using the exclamation mark and a number. A little explanation first: if you look at the ouput of the history command then you will see each command comes with a number. Then doing something like this:


!500

will recall the command with history number 500.


Saturday, February 09, 2002

Check your Settings

As mentioned earlier, the shell is the command between you and the Linux kernel. I also said I will explain things for the bash shell, since it is the one I know better.

There are several configuration files for bash (do not worry if you don't understand all terms in this list):

  1. /etc/profile: system configuration for logging shells
  2. /etc/bash.bashrc: system configuration for interactive shells
  3. /etc/bash_logout: system configuration to be executed when you log out
  4. ~/.bash_profile: personal configuration for logging shells
  5. ~/.bashrc: personal configuration for interactive shells
  6. ~/.bash_logout: personal configuration for logging out

An interactive shell is when, for example, you execute a command in a remote machine via ssh (more on connections to other machines in other posts). On the other hand, a logging shell is what you get when you log on in the system.

The system configuration files can be changed only by the super user, root, so I will not talk about them here. The personal configuration files allow you to change the settings done by the system. There are plenty of variables that you can put in your configuration files; I will explain some below, but first a note about interactive/loggging configurations. In my account the files ~/.bashrc and ~/.bash_profile are identical, so I do not worry about missing something in a logging shell, or in an interactive one. I do not know if it is a good practice, but I find it convenient.

Now about some of the variables you can set up. I will explain what they are, and I will give examples of how the configuration file should look like.

How to find your settings

If you want to know the current settings of your shell you can use the set or env
commands.

EDITOR

Many commands require to call an editor, which is normally set up in the variable EDITOR of your shell. The system might have a default editor, for example in mine is nano. If you do not like it you can change to something else, say emacs, with this configuration line:


export EDITOR=emacs

Be sure you can find emacs in your path; test it by just typing emacs in your shell and see it comes.

How to update changes

After you have editing your configuration file you can make the changes active by either logging out and in, or just with this:


source ~/.bashrc

Here, obviously, I assumed you modified your ~/.bashrc file.

HISTORY

This history keeps a record of the last commands you have typed in the shell. Usually you can "recover" them with the up/down arrows: pressing them will show the different commands you have executed in the shell, perhaps saving you the time of typing them again. The following configuration line will keep 100 commands in the history file (~/.bash_history):


set history=100

For personal experience I know that more than 100 commands is not very useful, but you might want to keep the last 500, 1000, whatever. I do not know the limit.

PATH

This is a set of directories where the shell will look for commands. The different directories should be separated by colons (:). In the example below I have broken the line in several shorter lines so it displays nicely, but you should put a single, long line in your configuration file:


export PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin:/usr/local/bin:
/usr/share/bin:/usr/local/share/bin:~/bin

The last directory, ~/bin, means a directory called bin in your home directory (the tilde ~ stands for your home directory). I have one such directory where I keep all programs that I compile myself. You can add one more directory, ., dot, which means the current directory from which you execute the command (for those that have used Linux, adding dot will allow you to execute a.out instead of ./a.out).

Wednesday, January 09, 2002

Host Command

As mentioned many times in these posts, to make a connection from your computer to another one, your machine has to find the IP number that corresponds to a given host name. This is done in the background when you use for example a browser: when you type an address in your browser the system will look for the IP number of that host (actually, for any process that requires connection to the Internet –mail, ftp, telnet, ssh, etc) the translation to IP numbers is done in the background. However, you can use the command host to do that translation yourself.

The basic way to use host is an in this example:

host a-computer-name

That will give you the IP number of a-computer-name. These IP numbers are stored in some machines called name servers. But the name servers usually keep other information associated to computers, beside the IP number, that you can find with the host command. To find some information you have to give the -t TYPE, where TYPE is the kind of information you want.

The IP number is known as the address information, and the corresponding TYPE is A. So the above command is equivalent to this:

host -t A a-computer-name

Other possible values of TYPE are the following (I’m listing only the less technical options):

  1. MX: will give you the machines that receive mail for a-computer-name
  2. CNAME: some machines have more than one name; this option will give you the "real" name of the machine, all other names being aliases to that "real" one
  3. NS: name server, will tell you which machine has all this information for the a-computer-name machine (not for your machine!)
  4. PRT: will do the reverse translation, namely convert IP numbers to host names. Actually, with the latest versions of host you do not need to give this option, that is host 123.4.5.6 is equivalent to host -t PTR 123.4.5.6

If you want to see all records associated to a host try

host -a a-computer-name

where -a stands for all. The output will look quite complicated to a person not familiar with the way name servers work.

To see how the command host works, what is doing in the background, you can try the verbose option:

host -v a-computer-name

Note: before the command host appear the way of doing all the above was with the command nslookup. This command still works, but according to the (bind) documentation it might be removed in the future, so you better start using host if you have not switched to it yet.