Thursday, May 17, 2012

Notes Linux


- 32bit vs 64bit
- Bitmap Fonts
- CDwriting
- WinXP and Lilo booting sequence
- SSH Tunnelling Enabling and VNC
- SSH X11 port forwarding
- USB Mounting and /etc/fstab editing
- Loading Profiles
- Linux Firewall
- Linux Runlevels
- Block web-ads
- SELinux Configuration
- For using SELinux with cgi-bin and files in Symbolic links
- Installing Source RPMs
- Linux Commands


32bit vs 64bit

CPU 32 bit -> integer pointers are 32bits
2 to power 32 = 4e+09   about 4 Giga stuff

Real*8 is 8 bytes - i.e. 64 bits but these are a separate thing
altogether from integer pointers.

Pointers (a C/C++ concept - alien to Fortran)
Consider an array of REAL*8 Arr(17:27)
   there are 11 elements, i.e. from Arr(17), ...., Arr(27)
   each element can be referenced with a pointer so we need 11 pointers.
   but if the pointer size is 2^32 (4e+09),
      so the max array size(w.r.t. #elements) possible is 4e09

Bitmap Fonts
Eg. Installing Korean Fonts

0. Log in as root

1. Download Korean Fonts and put into /scratch/chee/fonts/Korean-X
The files are:
hanglg16.pcf.gz  hanglm16.pcf.gz  hanglm24.pcf.gz

If the files are in bdf format then,
i) convert to pcf:
   bdftopcf <file>.bdf
ii) compress it
   gzip <file>.pcf
   compress <file>.pcf

2. Create an index file for the fonts in that directory
   mkfontdir /scratch/chee/fonts/Korean-X

this will create fonts.dir in the Korean-X directory

3. Tell the Xserver where to find the new fonts.

   xset fp+ /scratch/chee/fonts/Korean-X
   xset +fp /scratch/chee/fonts/Korean-X

to check the current X settings
   xset q

to add this permanently, add the xset fp to .xinitrc

4. Refresh the Xserver setting when new fonts added if necessary

xset fp rehash

5. To view fonts in IRIX


using cdrtools (cdrecord, mkisofs, etc..)

1. Collect files and make a iso filesystem
mkisofs  -r   -o cd_image   private_collection/

-r   = Rockridge extns (deeper than 8 levels, permissions, etc)
-J   = Joliet extensions - more MS Windows friendly
-o   = output filename
-v   = verbose
-x   = exclude directory path
for second session only:
-C x,y = x is last session start, y is next session start
       = use "cdrecord msinfo" to get -C x,y info
       = must use with -M option
-M path = path where multi session is to merge. Usually path is
        = place normally mount CDROM eg /mnt/cdrom
cd /scratch/chee/software
mkisofs -v  -r -J -o firstImage.raw  forWinPC/AdbeRdr601_enu_full.exe

mkisofs 1.12.1 (i686-pc-linux-gnu)
 61.14% done, estimate finish Fri Sep 10 16:32:27 2004
Total extents actually written = 8189
Total translation table size: 0
Total rockridge attributes bytes: 264
Total directory bytes: 0
Path table size(bytes): 10
Max brk space used 5544
8189 extents written (15 Mb)

2. Test Image
Mount the iso image (cd_image) into the directory /cdrom, so you can check the directories.

mount -t iso9660 -o ro,loop=/dev/loop0 cd_image /cdrom

3. Writing to CD
to test the CD writer and get info

cdrecord -scanbus

to write to the CD
shell> SCSI_BUS=0   # taken from listing 1 "scsibus0:"
shell> SCSI_ID=6    # taken from listing 1 "TOSHIBA XM-3401"
shell> SCSI_LUN=0
shell> cdrecord -v speed=2 dev=$SCSI_BUS,$SCSI_ID,$SCSI_LUN \
                   -data  cd_image

# same as above, but shorter:
shell> cdrecord -v speed=2 dev=0,6,0 -multi -data  cd_image

-dummy = simulation (laser off)
-eject = eject after burning
-v    = verbose
-multi = multi-session
-msinfo = get multi-session info
-toc = get table of contents
-data = data file (mode1 YellowBook)
-audio = audio files
speed=x  = x is speed for writing
dev = 0,0,0 for

cdrecord -dummy -v speed=2 dev=0,0,0 -multi -data  firstImage.raw

4. For CDRW
writing the 2nd, 3rd sessions onwards

shell> NEXT_TRACK=`cdrecord -msinfo dev=0,6,0`
shell> echo $NEXT_TRACK
shell> mkisofs -R -o cd_image2 -C $NEXT_TRACK -M /dev/scd5 private_collection/ \

cdrecord -msinfo dev=0,0,0

mkisofs -v  -r -J -o secondImage -C 0,19591 -M /dev/cdrom forWinPC/Firewall

cdrecord -dummy -v speed=2 dev=0,0,0 -multi -data  secondImage

WinXP and Lilo booting sequence
   - Example for Slackware Linux

   - use the linux diskette to startup linux

   - login as root

   - modify the /etc/lilo.conf file as follow:

     boot = /dev/hda1
     vga = 773
     image = /boot/vmlinuz
     root = /dev/hda1
     label = Slackware                <-- no space

   - then do:

     $ lilo -b /dev/hda1              <-- lilo on hda1
     $ dd if=/dev/hda1 of=/dos/boot.lnx bs=512 count=1
     $ shutdown -r now

   - take out the linux boot diskette and re-boot the
     system to WinXP, then do:

     ** copy the file from d:\dos\boot.lnx to c:\
     ** then, modify the file c:\boot.ini to include
        following lines:

        [boot loader]

        [operating systems]
        c:\boot.lnx = "Slareware Linux 9.1"

   - re-start the Wxp and there should be an option on the Wxp
     loader to boot to Linux partition.

   - If you only want to boot to the Linux partition only, just set
     the active partition to the Linux installation partition (in this
     case, it is hda1) and reboot the Windows again.

SSH Tunnelling and VNC

   ssh -L x:localhost:y anotherhost

means connect to anotherhost using ssh and listen to port x on the local machine and forward any connections there to port y on anotherhost.

To start a VNC server type:


To start a VNC viewer type:

   vncviewer <name.of.remote.machine>:<display.number>

Using secure VNC with ssh, if a VNC server is running as display:1 on a system called linuxserver, you can start a secure SSH session by typing:

   ssh -L 5902:localhost:5901 linuxserver

So now, connecting to port 5902 on a local machine actually connects to port 5901 on linuxserver. Thus to connect from a client machine:

   vncviewer localhost:2

SSH X11 port forwarding

On SSH server (remote host):
To check SSH is setup for X11 port forwarding, look at the file:
and see if the statement is present:
X11 Forwarding yes
then restart X11
/etc/init.d/sshd restart

On Cygwin (client):
- copy /etc/defaults/etc/ssh_config into ~/.ssh
- ensure the following are set:
ForwardX11 yes
ForwardX11Trusted yes
- DO NOT export DISPLAY=localhost:0.0

To ssh with X11 forwarding (may be different for different Unix/Linux)
ssh -X <name>@<host>

USB Mounting
1. must be root to do this.
 mount -t vfat /dev/sda1 /mnt/usb/

2. Alternatively, modify /etc/fstab file to have this line
/dev/sda1        /usbdisk         vfat        user,exec            1   1

Then any user can type
  mount /usbdisk

and the files on the usb will have User's permissions

3. To unmount, type:
   umount /mnt/usb/
   umounut /usbdisk

Loading Profiles
/etc/profile  ->  /home/<user>/.profile  ->  /home/<user>/.bashrc

Master startup scripts are in /etc :
bashrc profile csh.cshrc csh.login

/etc/profile.d   contains application specific Macro variables, eg. java.csh

Linux Firewall
/sbin/iptables --- executable
/etc/init.d/iptables                            --- script file
/etc/sysconfig/iptables                         --- configuration file

To stop firewall
/etc/init.d/iptables stop

To start firewall
/etc/init.d/iptables start

To check firewall
/sbin/iptables -L --line-numbers                --- to see various rules
/sbin/iptables -nL <INPUT/OUTPUT/RH-Firewall>   --- to see various rules and ports

/sbin/iptables -F [chain]                       --- deleting all rules in the chain
/sbin/iptables -X [chain]                       --- delete optional user-def chain
/sbin/iptables -Z [chain]                       --- to reset / zero packet and byte counter
/sbin/iptables -N [chain]                       --- to create new user-def chain

<Target>: {Accept, Queue, Drop, Return}

/sbin/iptables -D chain rule                    --- delete rule in chain
/sbin/iptables -A chain rule                    --- append rule to end of chain
/sbin/iptables -I chain [rulenum] rule          --- insert rule at rulenum or 1st position of chain
/sbin/iptables -R chain rulenum rule            --- replace rule to at rulenum positin of chain

Rules specs: -<s/d> [!] IPaddr[/mask] [!] [port[:port]]
   !=negate, []=optional

Other Parameters
-i           --- interface, eg eth0
-p           --- protocol, eg tcp, udp, icmp, all
-s           --- source (see above)
-d           --- destination (see above)
-j           --- jump <target>
-m state     --- match with the state module

<James Sainsbury help>
Example - Webserver httpd - open at port 80
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT - Open HTTP port


So locate the rule in RH-Firewall-1-INPUT for WWW
eg    iptables --line -L RH-Firewall-1-INPUT

eg    9  ACCEPT  tcp  --  anywhere  anywhere  state NEW tcp dpt:http
and insert a rule just after that rule (9 here) so insert before rule 10

# iptables -I RH-Firewall-1-INPUT 10 -p tcp -s 0/0 -d enrol1 -dport 8080 -m state --state NEW -j ACCEPT
If you are satisfied the rule is working save the ruleset with
    /etc/init.d/iptables save
If you trash the ruleset but haven't saved just
    /etc/init.d/iptables restart
(You will notice there is a preceding rule
    7  ACCEPT  all  --  anywhere  anywhere  state  RELATED,ESTABLISHED
which accepts incoming packets as part of an ongoing connection.)
</James Sainsbury help>

To Save iptables:
/sbin/service iptables save

My Example for opening ports on local enrol1 to communicate with BIS on eb
iptables -I RH-Firewall-1-INPUT 12 -p tcp -s eb -d enrol1 --sport 49153:49155 -m state --state NEW -j ACCEPT

- To redirect all external traffic coming into port 80 into port 8080:
1. Use firewall configuration software to accept all TCP traffic from destination port 8080
2. (as root): iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j REDIRECT --to-port 8080

- To redirect internal traffic coming into port 80 to port 8080
1. use program called rinetd.
2. in the /etc/rinetd.conf, have the line
"xx.xx.xx.xx 80 xx.xx.xx.xx 8080"
3. start the rinetd service

Linux Runlevels - Auto Startup
/usr/sbin/xxxd              --- daemon or startup file to run
/etc/xxx.conf               --- configuration file of the progran
/var/run/           --- process ID of the file that run

0   - system shutdown
1   - single user, no networking or daemons, for maintenance
2   - multiuser but no NFS, can access network but others cannot get in
3   - normal multiuser, no X login
4   - undefined
5   - multiuser X Display manager, X login from consoles
6   - reboot
s/S - single user mode

/etc/inittab            - shows how the system is initialized
/etc/rc.d/init.d/         - list of daemon files, used or not used in startup
/etc/rc.d/rc3.d/        - links to actual files in init.d, at this particular runlevel 3

Program Sequence       Config file
at Startup
/sbin/init             /etc/inittab

/etc/rc.d/init.d/*     /etc/sysconfig/daemons

(Sym links of init.d)

Note the files in rcN.d are preceded by K or S and a number
K = kill job
S = start job
number = order of pograms

To check what services are running:
/sbin/chkconfig --list
    service <service name> status

- Remember to check Linux Firewalls if network services do not start

- edit script files in /etc/init.d/ to contain
1. start/stop functions (and others functions restart)
2. commands in start function MUST NOT BE EXECUTABLE commands. They
   should be executable scripts.
3. use daemon function to run as non-root user
4. DO NOT USE & (forking) at the end of command
5. Example:
        daemon --user=<userName> <ShellScriptName> 1> job.log 2>&1

- To register
/sbin/chkconfig --level 5 initdScript on

Block web-ads

Most of us can't stand getting pummeled by ads everytime we go to a website. There
are a couple of ways to stop these ads.  One is to edit your /etc/hosts file and list
 your loopback address,, with the ad hosting address. For example, to
block ads from open up /etc/hosts as root:

[root@blueox]# vim /etc/hosts

Next, add the following line:

This will line will tell your browser to look on for the ads from  Since localhost doesn't have the ad, it won't be displated.
You can download a hosts file that has a multitude of ads to block.
Personally I DO NOT RECOMMEND THIS approach.  I have noticed that
my computer slows down trying to search through the hosts file.

The RECOMMENDED approach for firefox and mozilla users is to go to
the chrome directory of your personal browser folder.

[lumbrjackedpcj@blueox]# cd ~/.mozilla/firefox/dxshwykf.default/chrome

The directory dxshwykf.default will be different for you installation.

1. First, create the file userContent.css

[lumbrjackedpcj@blueox]# touch userContent.css

2. Next, edit this file with your favorite text editor

[lumbrjackedpcj@blueox]# vim userContent.css

3. Now, following the instrunctions on,
  copy this userContent.css and paste it in yours.

SELinux Configuration
The latest releases of Linux distributions incorporate the mandatory access
control architecture SELinux of the NSA into the Linux kernels.
More information on SELinux can be found at the following link:

/usr/sbin/sestatus -v                      --- to get status of selinux

En/Disabling SELinux:
1 - in your /etc/sysconfig/selinux file, set:
... this is not TRUE disable, it only switches off enforcing and skips loading policy.

2 - if using GRUB as bootloader
go to /boot/grub/grub.conf or menu.lst (symlink to grub.conf)
add this line to the correct boot section

3 - if using LILO (... to be completed ..., contributions welcome)

Error Message:
"error while loading shared libraries: /usr/lib/ cannot restore segment prot after reloc: Permission denied"
then your SELinux configuration is preventing your application from launching.

For shared libraries failing to load, try:
chcon -t texrel_shlib_t /usr/lib/
For some other libraries
chcon -c -v -R -u system_u -r object_r -t lib_t $InstallationDirectory/SystemFiles/Libraries/

# View file/directory contexts: ls -Z /var/www
# Set file/directory context:
    chcon -R -h -t httpd_sys_content_t /home/user1/public_html
    * -R: Recursive. Files and directories in current directory and all subdirectories.
    * -h: Affect symbolic links.
    * -t: Specify type of security context.
# View security context of running processes: ps -eZ
# View security context of a user: id
    uid=500(user1) gid=500(user1) groups=500(user1) context=user_u:system_r:unconfined_t
# Security contexts for a new file default to that of the parent directory.

For using SELinux with cgi-bin and files in Symbolic links
perl script:      /var/www/cgi-bin/overview
Data file:        /home/BIS/BIS/log/ANGLE.txt
Symbolic Link:    /var/www/html/BIS/ANGLE.txt

The security context, especially the subdirectories that contain it are
as follows:

/var/www/cgi-bin/overview      root:object_r:httpd_sys_script_exec_t

/var/www/html/BIS              user_u:object_r:httpd_sys_content_t
/var/www/html/BIS/ANGLE.txt    user_u:object_r:httpd_sys_content_t

/home                          system_u:object_r:home_root_t
/home/BIS                      user_u:object_r:user_home_dir_t
/home/BIS/BIS                  user_u:object_r:httpd_sys_content_t
/home/BIS/BIS/log              user_u:object_r:httpd_sys_content_t
/home/BIS/BIS/log/ANGLE.txt    user_u:object_r:httpd_sys_content_t

Note that it is enough to ensure the "type" context at the /home/BIS/BIS
level and its contents seem to inherit the type.

Redhat package manager

rpm -q -a                        --- list all packages
rpm -q -p <package_path.rpm>     --- list packages inside package_path rpm file
rpm -q -l -p <package_path.rpm>  --- list all files inside package_path rpm file
rpm -q -a -i                     --- list info on all packages
rpm -q -a -f                     --- list files of all packages

Installing Source RPMs
1. Get source code in rpm form from the "SRPMS" or "SOURCE" directories
   in common repositories

2. As root, unpack the source RPMs
   rpm -ivh example.src.rpm

.... this will put the patches in /usr/src/redhat/SOURCES. But these
are not the real working file.
.... there is also a build *.spec file put in /usr/src/redhat/SPECS
3. Build the source code of the packages using:
 command: rpmbuild -bp --target=<arch> kernel.spec
      # cd /usr/src/redhat/SPECS/
      # rpmbuild -bp --target=i686 kernel-2.6.spec
.... the source may appear in /usr/src/redhat/BUILD

4. Modify and recompile source
5. Package into rpm using:

Linux Commands

/usr/sbin/mouseconfig  ------- mouse
chsh ------------------------- to change default shell
grep chee /etc/passwd -------- tells you what shell you are from

Xconfigurator ---------------- to use XFree86
/etc/X11/XF86Config ---------- configuration file
ls /usr/lib/X11/rgb.txt ------ to see a list of X11 defined color names

/usr/sbin/timeconfig --------- change time

/usr/sbin/ntsysv ------------- choose program to
/sbin/chkconfig -------------- boot during startup

/usr/doc/HOWTO --------------- HowTo help files

useradd **** ----------------- add user with name ****
passwd ***** ----------------- make password for user
pwd -------------------------- print working directory
su **** ---------------------- to change to another user (from superuser)
su --------------------------- superuser
/sbin/shutdown -r now -------- shutdown and reboot now
startx ----------------------- to start X windows
ps -e/f/a/l/u ---------------- process
mount /dev/fd0 /tmp ---------- mount 1st floppy drive to /tmp
umount /tmp ------------------ umount any device from /tmp
cat notes >> notes2 ---------- prints the contents of a file to standard output
      and then redirects and APPEND to file "notes2"
head [-count] *****       list first few lines of file
tail [-/+ [startline] [bcl]] ***  list the last few lines
wc **** ---------------------- count the number of words, lines etc in a file
alias l='ls -al' ------------- make an alias, eg. to list files
ln **file1** **file2** ------- link file2 to original file 1 (hard link)
ln -s **file1** **file2**----- do symbolic link
ls -i ------------------------ list file and look and their i-node to see linked files
rsync -auv src dest ---------- copy / update between local/remote src/dest
size ------------------------- to calculate the size of the program
wc -l/c/w **file** ----------- Word Count lines, characters, words in a file
tr --------------------------- Translate, delete or replace text in a file.
tar cf - . | zip name -  ***** Tar and then zip
unzip -p backup | tar xf - *** reverse of above - ie. unzip and untar
script <filename> ------------ starts a shell - records the whole sesion - exit the shell to stop script

Help Commands:
man -k **** ------------------ to search for keywords in manual entries
man # intro ------------------ #={1..8}, 8 intro topics of Unix manual.
man -M /opt/lam/man mpirun --- manual for "mpirun" program installed in /opt/lam
rpm -qdf /usr/bin/rtin ------- query
zless /usr/doc/HOWTO/...gz --- read compressed howto files without uncompressing
locate -d <dbfile> <filename>- find a command or file called filename
updatedb --localpath=<dirPath> --output=<dbfile>
                               to update data file before using locate
                               dirPath=path of file system to put in db
                               dbfile=database file to log info to.
slocate ......                 replaces updatedb and locate commands
/etc/cron.daily/update ------- create database before using locate
find / -name .... ------------ find the file named ....
find ~ -size 0 -print -------- find file with zero size
crontab -e ------------------- to edit the crontab for current user

Build / Compile Programs
./configure --prefix=/home/che sets the installation to your local dir so no need root permissions

set -------------------------- to list enviroment variables
xport AUTO=VW ---------------- set the variable auto=vw
alias ls='ls -color=auto' ---- colorize ls .. put this in .profile or .bashrc

./a.out ---------------------- to execute the file "a.out"
. <command/script> ----------- execute command or script in CURRENT environment

Process Control:
kill -9 PID ----------------- sure kill the process
nohup **** ------------------ No hang-up for process ****
nice -# **** ---------------- reduce priority of command
nice --# **** --------------- increase priority of command
sleep **** ------------------ timer - stalls for certain time
at -l/r/m time date **** ---- timer - run command AT specified TIME

cc -------------------------- SGI MIPS c compiler
CC -------------------------- SGI MIPS c++ compiler
gcc ------------------------- gnu c compiler
g++ ------------------------- gnu c++ compiler
insight --------------------- online help manual on SGI MIPS C/C++ compilers

load "plotfile" ------------- runs the script file "plotfile"
set term postscript color
set output "" -------

<shift> <left-mouse> -------- change font size
.Xdefaults ------------------ change emacs properties
M-x replace-strings --------- to replace all occurances of strings
C-q C-m --------------------- produces the letters "^M"
M-x replace-strings, C-q C-m  dos2unix file conversion within emacs
C-c C-w --------------------- Fortran End of Column marker
C-c C-r --------------------- Fortran ruler
M-C-j ----------------------- Fortran continuation line

netscape -install ----------- make colour look better

gif2ppm --------------------- convert gif to portable pixmap format
pnmtogif -------------------- convert any pixmap to gif
pstoimg -transparent -------- make background transparent

Secure Operations
scp newfile

nslookup ----- returns the IP address of the URL
ping ------------------------
ifconfig <ethernet card> ---- configuration of adapter
netstat -in -----------------
echo 1 >/proc/sys/net/ipv4/ip_forward -- allow routing
echo 1 >/proc/sys/net/ipv4/conf/all/rp_filter -- prevent IP spoofing

System Admin / Setup
/etc/passwd ----------------- user details
/etc/sys_id ----------------- name of the system
/etc/hosts ------------------ list of IP address and Names
~/.rhosts ------------------- list of computers and usernames for rsh without password
background ------------------ customizing background of screen
ls -l /lib/libc-*  ---------- check the glibc version
uname -r   ------------------ check the kernel version
/etc/rc.d/rc.local ---------- startup programs are included here

System /Hardware Information
lsmod ----------------------- list loaded modules
lsdev ----------------------- display info about installed hardware
modinfo --------------------- information about installed modules
free ------------------------ display free/used memory on the system
more /proc/interrupts ------- view IRQ channels
more /proc/dma -------------- view dma channels
more /proc/ioports ---------- view I/O memory addresses

Change Resources
ulimit -a ------------------- check user limit
ulimit -aH ------------------ check user HARD-limit
ulimit -s 32678 ------------- set SOFT & HARD stack limit
ulimit -sS 32678 ------------ set SOFT stack limit
echo 8192 >/proc/sys/fs/file-max   --- increase number of files openable
echo 16384 >/proc/sys/fs/inode-max --- increase number of files openable

File Commands
file ***** ------------------- prints the type of the file ****
find -c ---------------------- find file which has changed
stat -t ---------------------- provides info about file
diff file1 file2 ------------- output differences between files

Remote X Gui Interface
startX ----------------------- starts the X server
startkde --------------------- starts the KDE desktop

insmod ----------------------- insert module quick UNSAFE way
modprobe --------------------- insert module SAFE way

No comments: