Difference between pages "Configuration files" and "Linux basics"

From Wikislax
(Difference between pages)
Jump to: navigation, search
(Init configuration)
 
(Using SSH)
 
Line 1: Line 1:
The location of the configuration files depend on the specific distribution, but is usually subdirectories of, or files in <tt>'''/etc'''</tt>, <tt>'''/usr/etc'''</tt>, <tt>'''/usr/local/etc'''</tt>. The files are set up by installation but can be updated later. Applying the configuration change will then be a matter of restarting the corresponding daemon. The main Slackware configuration files are :
+
== Using VI ==
<br/>
 
  
== Init configuration ==
+
'''vi''' (pronounced vee-eye) is the Unix standard text editor so affords editing the configuration files by hand. If you don’t know it yet, it can be a bit surprising. Actually, '''vi''' was created at a time when the keyboards did not have any arrow or insert keys. So there are two modes: the «open» mode and the «insert» mode.
 +
 
 +
The open mode affords moving the cursor. '''j''', '''k''', '''l''', '''m''' move the cursor by one character. '''ctrl-f''' moves one page forward and '''ctrl-b''' moves one page backwards. '''w''' moves one word forward and  '''b''' moves one word backwards. It is also possible to use the arrow keys.
 +
 
 +
'''i''' goes into insert mode before the cursor, '''a''' goes into insert mode after the cursor, and '''A''' goes into insert mode at the end of the line. '''o''' adds a line after the current line, and '''O''' adds a live before the current line. '''R''' goes into rewrite mode.
 +
 
 +
'''esc''' affords getting out of the insert mode.
 +
 
 +
'''c$''' affords replacing the end of the line and '''d$''' affords deleting the end of the line. '''cw''' affords replacing one word and '''dw''' affords deleting one word. '''dd''' affords deleting the current line.
 +
 
 +
''':q''' affords quitting without saving. If the file has been modified, quitting must be forced by typing ''':q!'''. ''':x''' affords saving and quitting. If the file does not have the write rigths, saving must be forced by typing ''':x!'''. ''':w''' affords writing the text in a new file. If the new file already exists, writing must be forced by typing ''':w!'''.
 +
 
 +
''':num''' affords moving to the line number num. ''':$''' affords moving to the end of the file.
 +
''':num1copynum2''' affords copying the line number num1 after the line number num2. ''':num1mnum2''' affords moving the line number num1 after the line number num2.
 +
 
 +
For detailed information, check the [http://vimdoc.sourceforge.net/htmldoc/help.html VIM Documentation]. To enter special characters check the page on [http://vimdoc.sourceforge.net/htmldoc/digraph.html digraphs]. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.
 +
 
 +
== Using SSH ==
 +
 
 +
SSH is a suite of tools affording connecting remotely over encrypted communications. On the client side, '''ssh''' offers a command line terminal, '''scp''' affords copying a file, and '''sftp''' behaves like ftp. The server side consists of sshd, sftp-server, and ssh-agent. ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen afford key management. The SSH present on Slackware and the BSDs is [https://www.openssh.com/ OpenSSH], developped by members of the [https://www.openbsd.org/ OpenBSD] project.
 +
 
 +
'''ssh''' obviously requires your password every time it is executed. This can be avoided by creating on the client a pair of rsa keys and copying the public key to the server. Not specifying a passphrase is not very secure but will afford avoiding having to enter it every time :
 +
 
 +
# '''ssh-keygen -t rsa'''
 +
Generating public/private rsa key pair.
 +
Enter file in which to save the key (/root/.ssh/id_rsa): '''<cr>'''
 +
Enter passphrase (empty for no passphrase): '''<cr>'''
 +
Enter same passphrase again: '''cr>'''
 +
Your identification has been saved in /root/.ssh/id_rsa.
 +
Your public key has been saved in /root/.ssh/id_rsa.pub.
 +
The key fingerprint is:
 +
SHA256:ATSDdER5/l8OJvr+jpINIReJtd81zntVbTjuJW5aobE root@client
 +
The key's randomart image is:
 +
+---[RSA 2048]----+
 +
|  ..=O+..      |
 +
|    ..o++.    ..|
 +
|      oo.    = +|
 +
|      . +o . = +.|
 +
|      oSo. o * o|
 +
|        . o o*.=.|
 +
|        = +E+* .|
 +
|        + ...+.. |
 +
|        ++o+    |
 +
+----[SHA256]-----+
 +
# '''scp root@client:.ssh/id_rsa.pub root@server:.ssh/id_rsa.pub'''
 +
password: '''secret<cr>'''
 +
id_rsa.pub                                          100% 394      1.8MB/s  00:00
 +
# '''ssh server'''
 +
password: '''secret<cr>'''
 +
# '''cd .ssh'''
 +
# '''cat >> authorized_keys < id_rsa.pub'''
 +
# '''chmod 600 authorized_keys'''
 +
# '''rm id_rsa.pub'''
 +
 
 +
== Useful linux commands ==
  
 
{| {{thead}}
 
{| {{thead}}
 
|-
 
|-
! {{chead}} width="200" | File
+
! {{chead}} width="220" | Command
! {{chead}} | Content
+
! {{chead}} | Effect
 
|-
 
|-
| <tt>'''/etc/inittab'''</tt>||contains the default runlevel (3=multi-user, 4=graphical). On a live system, <tt>'''telinit n'''</tt> affords changing the level interactively.
+
|<tt>'''cd'''</tt>||change directory.
 
|-
 
|-
| <tt>'''/etc/fstab'''</tt>||contains descriptions on the filesystems used on this computer, including the device, the mount point, the filesystem type and the opening options. Use <tt>'''man fstab'''</tt>, copy, and try !
+
|<tt>'''chmod -R ppp ddd'''</tt>||recursively change permissions on file or directory.
 
|-
 
|-
| <tt>'''/etc/http'''</tt>||Directory containing the Apache configuration files such as httpd.conf.
+
|<tt>'''chown -R uuu:ggg ddd'''</tt>||recursively change user:group ownership on file or directory.
 
|-
 
|-
| <tt>'''/etc/lilo.conf'''</tt>||used by lilo to generate a boot sector on the device or on the MBR (master boot record). If on the device and using the Windows bootloader, don't forget to copy the boot sector on a disquette so as to be able to use it from Windows.
+
|<tt>'''chgrp -R ggg ddd'''</tt>||recursively change group ownership on file or directory.
 
|-
 
|-
| <tt>'''/etc/mail'''</tt>||Directory containing the Sendmail configuration files such as sendmail.mc and sendmail.cf. Spamassassin configuration also goes here as a subdirectory.
+
|<tt>'''command xxx <nowiki>|</nowiki> grep yyy'''</tt>||search for string yyy in output of command xxx.
 
|-
 
|-
| <tt>'''/etc/mail/aliases'''</tt>||File containing a list of users that do not exist on the server and whose mail is redirected to existing users. After modifying this file the command <tt>'''newaliases'''</tt> must be ran.
+
|<tt>'''ethtool -s eth0 wol g'''</tt>||puts interface eth0 in wake-on-lan status.
# redirect news
 
usenet:        news
 
 
|-
 
|-
| <tt>'''/etc/ntpd.conf'''</tt>||Configuration for the network time protocol. Add ntp servers for your region as below. After an update, restart using <tt>'''/etc/rc.d/rc.ntpd restart'''</tt>.
+
|<tt>'''find xxx -name yyy -print'''</tt>||find file yyy in in subdirectories of xxx.
# NTP server (list one or more) to synchronize with:
 
server 0.fr.pool.ntp.org
 
server 1.fr.pool.ntp.org
 
server 2.fr.pool.ntp.org
 
server 3.fr.pool.ntp.org
 
 
|-
 
|-
| <tt>'''/etc/profile'''</tt>||don't forget to update the paths:
+
|<tt>'''ifconfig -a'''</tt>||kill print the network interfaces configuration.
MANPATH=/usr/local/share/man:/usr/local/man:/usr/man
 
 
|-
 
|-
| <tt>'''/etc/profile.d'''</tt>||the files contained in this directory are executed at login when executable. To remove the "Game of fortune" on user login :
+
|<tt>'''iptables -L'''</tt>||print the firewall rules.
chmod a-x /etc/profile.d/bsd-games-login-fortune.*
 
 
|-
 
|-
| <tt>'''/etc/ld.so.conf'''</tt>||list of additional libraries. Needs <tt>'''/sbin/ldconfig'''</tt> after adding new libraries. Add <tt>'''/usr/local/lib64'''</tt> here.
+
|<tt>'''killall xxx'''</tt>||kill program named xxx.
 
|-
 
|-
| <tt>'''.bashrc'''</tt>||Specify <tt>'''. /etc/profile'''</tt> on a line of itself to use in <tt>'''konsole'''</tt> the same environment as in the command line. This will afford <tt>'''colorls'''</tt> to work in new <tt>'''konsole'''</tt> tabs.
+
|<tt>'''ldconfig'''</tt>||reload libraries taking into account new libraries just built.
|}
+
|-
<br clear=all>
+
|<tt>'''ln -s existing new'''</tt>||create a symbolic link new to an existing directory or file.
 
+
|-
== The /etc/rc.d directory ==
+
|<tt>'''ls -al'''</tt>||list the working directory, including files beginning with a dot.
 
+
|-
The <tt>'''/etc/rc.d'''</tt> directory contains the scripts used to initialize the system services at the end of the boot.  To use a specific script at startup, make it user-executable. To stop using it, remove the execution rights. Depending on the situation, scripts are called with the <tt>'''start'''</tt>, <tt>'''stop'''</tt>, or <tt>'''restart'''</tt> parameter.
+
|<tt>'''man xxx'''</tt>||display the xxx command manual page.
<br/>
+
|-
 
+
|<tt>'''more xxx'''</tt>||display file xxx with the possibility of moving up and down. '''less''' and '''most''' are similar commands.
== Network configuration ==
+
|-
 
+
|<tt>'''mount -t ttt /dev/xxx /mnt/ddd'''</tt>||mount device xxx as type ttt under directory ddd.
The network configuration is done during system installation but it is possible to change it later by editing the files and restarting the right daemon:
+
|-
 
+
|<tt>'''(u)mount /mnt/ddd'''</tt>||(u)mount device ddd as specified in /etc/fstab.
{| {{thead}}
 
 
|-
 
|-
! {{chead}} width="200" | File
+
|<tt>'''nmap <i>host</i>'''</tt>||check filtering status of ports on <i>host</i>. '''-sU''' for UDP.
! {{chead}} | Content
 
 
|-
 
|-
| <tt>'''/etc/rc.d/rc.inet1.conf'''</tt>||configuration of the network. For Xen the standard configuration uses a bridge. A bridge gathers several physical network interfaces. The bridge is configured with an IP address while the physical network interfaces are left unconfigured. After an update, restart using <tt>'''/etc/rc.d/rc.inet1 restart'''</tt>.
+
|<tt>'''ps -ef'''</tt>||list the running processes.
# Config information for eth0:
 
IPADDR[0]=""
 
NETMASK[0]=""
 
USE_DHCP[0]=""
 
DHCP_HOSTNAME[0]=""
 
. . .
 
# Example of how to configure a bridge:
 
# Note the added "BRNICS" variable which contains a space-separated list
 
# of the physical network interfaces you want to add to the bridge.
 
IFNAME[0]="br0"
 
BRNICS[0]="eth0"
 
IPADDR[0]="192.168.0.1"
 
NETMASK[0]="255.255.255.0"
 
USE_DHCP[0]=""
 
DHCP_HOSTNAME[0]=""
 
 
|-
 
|-
| <tt>'''/etc/rc.d/rc.networkmanager'''</tt>||is a script to allow network automatic configuration. If you manually set '''rc.inet1.conf''', make sure this scrit does not have execution rights.
+
|<tt>'''pwd'''</tt>||print working directory.
 
|-
 
|-
| <tt>'''/etc/rc.d/rc.ipforward'''</tt>||is a script to allow forwarding of packets between the interfaces. This is useful for a computer with several interfaces, for instance a firewall. To allow forwarding, just make the script executable.
+
|<tt>'''rm -r'''</tt>||remove file or directory recursively.
 
|-
 
|-
| <tt>'''/etc/ssh/sshd_config'''</tt>||ssh server configuration. '''PermitRootLogin yes''' affords login as root. To authorize X11Forwarding use '''ForwardX11 yes'''. After an update, restart using '''/etc/rc.d/rc.sshd restart'''.
+
|<tt>'''route'''</tt>||display the network routing table.
 
|-
 
|-
| <tt>'''/etc/ssh/ssh_config'''</tt>||ssh client configuration. To authorize X11Forwarding use '''ForwardX11 yes''' and '''ForwardX11Trusted yes''' to avoid a warning using '''ssh''' and get better security.
+
|<tt>'''screen <i>-S<name></i>'''</tt>||screen offers a frame to run a shell, detach from it (<ctrl>-a d) and later reattach to it.
 
|-
 
|-
| <tt>'''/etc/hosts'''</tt>||contains the addresses of the local hosts that bind cannot resolve, as they are in a private addressing plan. It is also possible to specify here addresses that will be chosen in lieu of their official address.
+
|<tt>'''ssh <i>host</i>'''</tt>||connect remotely to site <i>host</i>.
 
|-
 
|-
| <tt>'''/etc/rc.d/rc.bind'''</tt>||setting this script as user-executable will afford running the local computer to be its own DNS.
+
|<tt>'''su -l uuuu'''</tt>||execute shell as another user. if -l is used an environment similar to what the other user would have had with a direct login is provided.
 
|-
 
|-
| <tt>'''/etc/named.conf'''</tt>||uncomment the query-source directive to suppress the port-unreachable packets on '''lo'''.
+
|<tt>'''telinit n'''</tt>||go to the runlevel n (1=single-user, 3=multi-user, 4=graphical, 6=reboot).
 
|-
 
|-
| <tt>'''/etc/resolv.conf'''</tt>||if using local bind, which is recommended, append a line with <tt>'''nameserver 127.0.0.1'''</tt>.
+
|<tt>'''umask'''</tt>||edit /etc/profile to change the default umask value of 022 and '''set it to 027''' (files not readable by other users), a good setting except when installing as root server software to be ran as a standard user account (permission issues).
 
|-
 
|-
| <tt>'''/etc/udev/rules.d/70-persistent-net.rules'''</tt>||affords changing which interface is eth0.
+
|<tt>'''vi'''</tt>||run the vi text editor. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.
 
|}
 
|}
 +
 
<br clear=all>
 
<br clear=all>
  
<u>Note</u> : In case of network issue, it can be a good idea to check the configuration using <tt>'''ifconfig -a'''</tt>, <tt>'''netstat -f inet -rn'''</tt>, and <tt>'''route'''</tt>. The routes are kept from one boot to the other and it may become necessary to delete the existing routes using <tt>'''route flush'''</tt>, then reboot.
+
{{pFoot|[[Maintaining Slackware]]|[[Main Page]]|[[Configuration files]]}}
 
 
<br/>
 
 
 
{{pFoot|[[Linux basics]]|[[Main Page]]|[[IPTables]]}}
 

Latest revision as of 21:58, 18 December 2022

Using VI

vi (pronounced vee-eye) is the Unix standard text editor so affords editing the configuration files by hand. If you don’t know it yet, it can be a bit surprising. Actually, vi was created at a time when the keyboards did not have any arrow or insert keys. So there are two modes: the «open» mode and the «insert» mode.

The open mode affords moving the cursor. j, k, l, m move the cursor by one character. ctrl-f moves one page forward and ctrl-b moves one page backwards. w moves one word forward and b moves one word backwards. It is also possible to use the arrow keys.

i goes into insert mode before the cursor, a goes into insert mode after the cursor, and A goes into insert mode at the end of the line. o adds a line after the current line, and O adds a live before the current line. R goes into rewrite mode.

esc affords getting out of the insert mode.

c$ affords replacing the end of the line and d$ affords deleting the end of the line. cw affords replacing one word and dw affords deleting one word. dd affords deleting the current line.

:q affords quitting without saving. If the file has been modified, quitting must be forced by typing :q!. :x affords saving and quitting. If the file does not have the write rigths, saving must be forced by typing :x!. :w affords writing the text in a new file. If the new file already exists, writing must be forced by typing :w!.

:num affords moving to the line number num. :$ affords moving to the end of the file. :num1copynum2 affords copying the line number num1 after the line number num2. :num1mnum2 affords moving the line number num1 after the line number num2.

For detailed information, check the VIM Documentation. To enter special characters check the page on digraphs. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.

Using SSH

SSH is a suite of tools affording connecting remotely over encrypted communications. On the client side, ssh offers a command line terminal, scp affords copying a file, and sftp behaves like ftp. The server side consists of sshd, sftp-server, and ssh-agent. ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen afford key management. The SSH present on Slackware and the BSDs is OpenSSH, developped by members of the OpenBSD project.

ssh obviously requires your password every time it is executed. This can be avoided by creating on the client a pair of rsa keys and copying the public key to the server. Not specifying a passphrase is not very secure but will afford avoiding having to enter it every time :

# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): <cr>
Enter passphrase (empty for no passphrase): <cr>
Enter same passphrase again: cr>
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ATSDdER5/l8OJvr+jpINIReJtd81zntVbTjuJW5aobE root@client
The key's randomart image is:
+---[RSA 2048]----+
|   ..=O+..       |
|    ..o++.     ..|
|       oo.    = +|
|      . +o . = +.|
|       oSo. o * o|
|        . o o*.=.|
|         = +E+* .|
|        + ...+.. |
|         ++o+    |
+----[SHA256]-----+
# scp root@client:.ssh/id_rsa.pub root@server:.ssh/id_rsa.pub
password: secret<cr>
id_rsa.pub                                          100% 394      1.8MB/s   00:00
# ssh server
password: secret<cr>
# cd .ssh
# cat >> authorized_keys < id_rsa.pub
# chmod 600 authorized_keys
# rm id_rsa.pub

Useful linux commands

Command Effect
cd change directory.
chmod -R ppp ddd recursively change permissions on file or directory.
chown -R uuu:ggg ddd recursively change user:group ownership on file or directory.
chgrp -R ggg ddd recursively change group ownership on file or directory.
command xxx | grep yyy search for string yyy in output of command xxx.
ethtool -s eth0 wol g puts interface eth0 in wake-on-lan status.
find xxx -name yyy -print find file yyy in in subdirectories of xxx.
ifconfig -a kill print the network interfaces configuration.
iptables -L print the firewall rules.
killall xxx kill program named xxx.
ldconfig reload libraries taking into account new libraries just built.
ln -s existing new create a symbolic link new to an existing directory or file.
ls -al list the working directory, including files beginning with a dot.
man xxx display the xxx command manual page.
more xxx display file xxx with the possibility of moving up and down. less and most are similar commands.
mount -t ttt /dev/xxx /mnt/ddd mount device xxx as type ttt under directory ddd.
(u)mount /mnt/ddd (u)mount device ddd as specified in /etc/fstab.
nmap host check filtering status of ports on host. -sU for UDP.
ps -ef list the running processes.
pwd print working directory.
rm -r remove file or directory recursively.
route display the network routing table.
screen -S<name> screen offers a frame to run a shell, detach from it (<ctrl>-a d) and later reattach to it.
ssh host connect remotely to site host.
su -l uuuu execute shell as another user. if -l is used an environment similar to what the other user would have had with a direct login is provided.
telinit n go to the runlevel n (1=single-user, 3=multi-user, 4=graphical, 6=reboot).
umask edit /etc/profile to change the default umask value of 022 and set it to 027 (files not readable by other users), a good setting except when installing as root server software to be ran as a standard user account (permission issues).
vi run the vi text editor. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.


Maintaining Slackware Main Page Configuration files