Wikislax - User contributions [en]

Creating VMs

2026-04-06T20:55:03Z

Wikislax: /* Creating a PV VM */

{{RightTOC}}

== the xl tool ==

There is a variety of tools and commands to handle virtual machines. Here we will use the Xen '''xl''' command.

* '''xl create ''file''''' affords creating a virtual machine based on the configuration in file ''file''. A one-starting sequential domain id is created.

* '''xl destroy ''domid''''' affords destroying a virtual machine with domain id ''domid''. Of course using the system in the VM will be a preferred method to terminate.

* '''xl help''' affords getting more information on other xm commands.

Xen supports paravirtualisation and hardware virtualization. Both can be used at the same time on a single Xen system.

== Creating a PV VM ==

* in paravirtualization (PV) guest operating systems are modified so they are able to interlock with Xen without emulation or virtual emulated hardware. Xen PV guest kernels exist for Linux, NetBSD, FreeBSD, OpenSolaris and Novell Netware. Upstream kernel.org Linux kernels since Linux 2.6.24 include Xen PV guest (domU) support based on the Linux pvops framework, so every upstream Linux kernel can be automatically used as Xen PV guest kernel without any additional patches or modifications.

Paravirtualization requires storing the kernel to boot in the dom0 filesystem, and populating the system in a virtual partition. The kernel generated must be able to manage [http://wiki.qemu.org/download/qemu-doc.html#QEMU-PC-System-emulator the QEMU devices] and include the .config file [http://wiki.xen.org/wiki/Mainline_Linux_Kernel_Configs#Configuring_the_kernel domU options]. Here is a minimal example of such a [{{SERVER}}/wikislax/download/config-domU .config domU] file. The swap partition and VM filesystem can be created as below. Don't forget to update the root device in fstab :

# dd if=/dev/zero of=sl12.swp bs=1024k count=1024 status=progress
# mkswap sl12.swp
# dd if=/dev/zero of=sl12.img bs=1024k count=16384 status=progress
# mkfs -t ext3 sl12.img
# mkdir loop
# mount -o loop sl12.img loop
# cp -ax /mnt/sl12/{0,bin,boot,etc,home,lib,lib64,media,mnt,opt,root,run,sbin,srv,sys,usr,var} loop
# mkdir loop/{dev,proc,tmp}
# chmod 777 loop/tmp
# vi loop/etc/fstab
# umount loop
# dd if=/dev/zero bs=1G count=8 >> sl12.img
# e2fsck -f sl12.img
# resize2fs sl12.img

Then a PV config file needs to be created. Samples are available from the /etc/xen directory. Here is an [{{SERVER}}/wikislax/download/sl12 example] running in a X window for slackware 12.1 (32 bits). The main config options to modify are :

# Kernel image file in dom0 filesystem
kernel = "/boot/vmlinuz-3.4.2-domU"
# Not using any optional ramdisk
#ramdisk = "/boot/initrd.gz"
# Initial memory allocation (in megabytes) for the new domain.
memory = 2048
# A name for the new domain. All domains have to have different names,
name = "sl12"
# Number of virtual CPUs
vcpus = 2
# Define network interfaces
vif = [ ' ' ]
# Define disk devices. Note the device names xvda and xvdb
disk = [ 'file:/mnt/xen/sl12.img,xvda1,w', 'file:/mnt/xen/sl12.swap,xvdb,w' ]
# Define frame buffer device. Use sdl to view virtual machine in a window
vfb = [ 'sdl=1' ]
# Set root device.
root = "/dev/xvda1 ro"
# Window resolution additional parameters
extra = "xen-fbfront.video=16,1680,1024"

The VM can then be launched with '''xl create ''file''''' :

root@inner:/etc/xen# xl create sl12
Parsing config from sl12
root@inner:/etc/xen#

== Creating a HVM ==

* in full hardware virtualization (HVM) guests require CPU virtualization extensions from the host CPU (Intel VT-x, AMD-V). Xen uses a modified version of Qemu to emulate full PC hardware, including BIOS, IDE disk controller, VGA graphic adapter, USB controller, network adapter etc for HVM guests. CPU virtualization extensions are used to boost performance of the emulation. Fully virtualized guests do not require kernel support, so for example Windows operating systems can be used as Xen HVM guest. Fully virtualized guests are usually slower than paravirtualized guests, because of the required emulation.

Full hardware virtualization requires only a disk image to execute in. Then a HV config file needs to be created. Samples are available from the /etc/xen directory. Here is an [{{SERVER}}/wikislax/download/win7 example] running in a X window for Windows 7. The main config options to modify are :

# Initial memory allocation (in megabytes) for the new domain.
memory = 2048
# A name for the new domain. All domains have to have different names,
name = "win7"
# Number of virtual CPUs
vcpus = 4
# Define network interfaces
vif = [ 'type=ioemu, bridge=br0' ]
# Define disk devices. Note the device names xvda and xvdb
disk = [ 'file:/mnt/xen/win7.img,hda,w', 'file:/mnt/xen/win7.iso,hdc:cdrom,r' ]
# enable SDL library for graphics, default = 0
sdl=1
# enable VNC library for graphics, default = 1
vnc=0
# set VNC display number, default = domid
vncdisplay=7

The VM can then be launched with '''xl create ''file''''' :

root@inner:/etc/xen# xl create win7
Parsing config from win7
root@inner:/etc/xen#

== A little screen shot ==

The 3 VMs displayed on this slackware 13.37 dom0 are slackware 12.1, windows 7 and windows 8.

[[file:Screenshot.png]]

 

{{pFoot|[[Using Grub2]]|[[Main Page]]|[[OpenSSL]]}}

Creating VMs

2026-04-01T13:52:33Z

Wikislax: /* Creating a PV VM */

{{RightTOC}}

== the xl tool ==

There is a variety of tools and commands to handle virtual machines. Here we will use the Xen '''xl''' command.

* '''xl create ''file''''' affords creating a virtual machine based on the configuration in file ''file''. A one-starting sequential domain id is created.

* '''xl destroy ''domid''''' affords destroying a virtual machine with domain id ''domid''. Of course using the system in the VM will be a preferred method to terminate.

* '''xl help''' affords getting more information on other xm commands.

Xen supports paravirtualisation and hardware virtualization. Both can be used at the same time on a single Xen system.

== Creating a PV VM ==

* in paravirtualization (PV) guest operating systems are modified so they are able to interlock with Xen without emulation or virtual emulated hardware. Xen PV guest kernels exist for Linux, NetBSD, FreeBSD, OpenSolaris and Novell Netware. Upstream kernel.org Linux kernels since Linux 2.6.24 include Xen PV guest (domU) support based on the Linux pvops framework, so every upstream Linux kernel can be automatically used as Xen PV guest kernel without any additional patches or modifications.

Paravirtualization requires storing the kernel to boot in the dom0 filesystem, and populating the system in a virtual partition. The kernel generated must be able to manage [http://wiki.qemu.org/download/qemu-doc.html#QEMU-PC-System-emulator the QEMU devices] and include the .config file [http://wiki.xen.org/wiki/Mainline_Linux_Kernel_Configs#Configuring_the_kernel domU options]. Here is a minimal example of such a [{{SERVER}}/wikislax/download/config-domU .config domU] file. The swap partition and VM filesystem can be created as below. Don't forget to update the root device in fstab :

# dd if=/dev/zero of=sl12.swp bs=1024k count=1024 status=progress
# mkswap sl12.swp
# dd if=/dev/zero of=sl12.img bs=1024k count=16384 status=progress
# mkfs -t ext3 sl12.img
# mkdir loop
# mount -o loop sl12.img loop
# cp -ax /mnt/sl12/{0,bin,boot,etc,home,initrd*,lib,lib64,media,mnt,opt,root,run,sbin,srv,sys,usr,var,vmlinuz*} loop
# mkdir loop/{dev,proc,tmp}
# chmod 777 loop/tmp
# vi loop/etc/fstab
# umount loop
# dd if=/dev/zero bs=1G count=8 >> sl12.img
# e2fsck -f sl12.img
# resize2fs sl12.img

Then a PV config file needs to be created. Samples are available from the /etc/xen directory. Here is an [{{SERVER}}/wikislax/download/sl12 example] running in a X window for slackware 12.1 (32 bits). The main config options to modify are :

# Kernel image file in dom0 filesystem
kernel = "/boot/vmlinuz-3.4.2-domU"
# Not using any optional ramdisk
#ramdisk = "/boot/initrd.gz"
# Initial memory allocation (in megabytes) for the new domain.
memory = 2048
# A name for the new domain. All domains have to have different names,
name = "sl12"
# Number of virtual CPUs
vcpus = 2
# Define network interfaces
vif = [ ' ' ]
# Define disk devices. Note the device names xvda and xvdb
disk = [ 'file:/mnt/xen/sl12.img,xvda1,w', 'file:/mnt/xen/sl12.swap,xvdb,w' ]
# Define frame buffer device. Use sdl to view virtual machine in a window
vfb = [ 'sdl=1' ]
# Set root device.
root = "/dev/xvda1 ro"
# Window resolution additional parameters
extra = "xen-fbfront.video=16,1680,1024"

The VM can then be launched with '''xl create ''file''''' :

root@inner:/etc/xen# xl create sl12
Parsing config from sl12
root@inner:/etc/xen#

== Creating a HVM ==

* in full hardware virtualization (HVM) guests require CPU virtualization extensions from the host CPU (Intel VT-x, AMD-V). Xen uses a modified version of Qemu to emulate full PC hardware, including BIOS, IDE disk controller, VGA graphic adapter, USB controller, network adapter etc for HVM guests. CPU virtualization extensions are used to boost performance of the emulation. Fully virtualized guests do not require kernel support, so for example Windows operating systems can be used as Xen HVM guest. Fully virtualized guests are usually slower than paravirtualized guests, because of the required emulation.

Full hardware virtualization requires only a disk image to execute in. Then a HV config file needs to be created. Samples are available from the /etc/xen directory. Here is an [{{SERVER}}/wikislax/download/win7 example] running in a X window for Windows 7. The main config options to modify are :

# Initial memory allocation (in megabytes) for the new domain.
memory = 2048
# A name for the new domain. All domains have to have different names,
name = "win7"
# Number of virtual CPUs
vcpus = 4
# Define network interfaces
vif = [ 'type=ioemu, bridge=br0' ]
# Define disk devices. Note the device names xvda and xvdb
disk = [ 'file:/mnt/xen/win7.img,hda,w', 'file:/mnt/xen/win7.iso,hdc:cdrom,r' ]
# enable SDL library for graphics, default = 0
sdl=1
# enable VNC library for graphics, default = 1
vnc=0
# set VNC display number, default = domid
vncdisplay=7

The VM can then be launched with '''xl create ''file''''' :

root@inner:/etc/xen# xl create win7
Parsing config from win7
root@inner:/etc/xen#

== A little screen shot ==

The 3 VMs displayed on this slackware 13.37 dom0 are slackware 12.1, windows 7 and windows 8.

[[file:Screenshot.png]]

 

{{pFoot|[[Using Grub2]]|[[Main Page]]|[[OpenSSL]]}}

IPTables

2026-04-01T07:25:09Z

Wikislax: /* Iptables Filtering */

{{RightTOC}}

Packet filtering affords opening access only to these services you have decided to open. The TCP or UDP packets include a piece of information called the port number, that is used to identify the type of service. Secure ports were defined as SSL counterparts of the native ports but were superseded by [https://en.wikipedia.org/wiki/Transport_Layer_Security TLS] and are now deprecated due to security weaknesses in the SSL protocol. SSL should not be used any longer. Instead, use TLS. Current version is v1.2.

{| {{thead}}
|-
! {{chead}} width="100" | Protocol
! {{chead}} | Port #
! {{chead}} | Secure Protocol
! {{chead}} | Secure Port #
! {{chead}} | Service
|-
|SMTP||25||SMTPS||465||Mail exchange
|-
|HTTP||80||HTTPS||443||Web browsing
|-
|POP3||110||POP3S||995||Mail retrieval
|-
|NTTP||119||NTTPS||563||News exchange
|-
|IMAP||143||IMAPS||993||Mail retrieval
|-
|LDAP||389||LDAPS||636||Ldap Directory
|}

 

On server side, the services are provided by applications that may have vulnerabilities and be attacked. Examples of attacks are buffer overflow or format string attacks, that afford getting full access on the target machine by crafting special strings sent to it. An attacker could then obtain any information present there or modify or destroy the system.

To reduce the number of possible attacks, the number of services authorized, or who can access the system, must be restricted. This is known as packet filtering. It is only an aspect of security (obviously, the applications on the server side must also be secured ...), but it is important. Never *** ever *** connect to the network a computer not protected by a packet filter !

To illustrate, let's configure our two-interfaces computer to be its own firewall. '''eth0''' is the Internet interface, it uses network 192.168.0.x, the gateway is an ADSL router/switch at 192.168.0.254. '''eth1''' is the (Intranet) interface to the internal network 192.168.1.x.

== Iptables Filtering ==

Since Linux 2.4, packet filtering is effected inside the kernel, and configuration effected by the '''iptables''' user-space program. In addition to rules for incoming and outgoing packets, iptables affords defining rules for routing between the interfaces. The '''iptables''' command affords entering the rules '''one by one'''. Using a script affords entering all the rules. '''iptable -L -v''' affords viewing the current rules.

For more information, see the [http://www.netfilter.org/ netfilter] official site. This site has links to various documents, including a simple introduction to packet filtering in this [http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html HOWTO].

In Slackware, the script used is <tt>'''/etc/rc.d/rc.firewall'''</tt>. It is called automatically when the system starts or stops, using commands <tt>'''./rc.firewall start'''</tt> or <tt>'''./rc.firewall stop'''</tt>.

#! /bin/sh
#
# startup script for local packet filter
#
fw_start () {
echo "Loading packet filter rules"

The flush command affords deleting all the active nat and filtering rules:

# flush old rules
iptables -t nat --flush
iptables -flush

The -P option affords defining the default policy. A good practise is to forbid by default everything not authorized. This is done here for packets incoming, outgoing, and routed between the interfaces:

# drop by default
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

Connections already established are authorized to continue:

# accept packets that are part of previously OK'ed sessions
iptables -A INPUT -j ACCEPT -m conntrack --ctstate ESTABLISHED,RELATED
iptables -A OUTPUT -j ACCEPT -m conntrack --ctstate ESTABLISHED,RELATED
iptables -A FORWARD -j ACCEPT -m conntrack --ctstate ESTABLISHED,RELATED

The -A option affords adding a rule. Here all the packets on the loopback interface are accepted:

# INBOUND POLICY

# pass all traffic for network 127.0.0.0/8 on loopback interface
iptables -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT

Addresses of RFC 1918 private networks are not routable on the Internet. So packets with such addresses are not expected on the internal network. However as anti-spoofing is ensured by Internet box we do not need to introduce anti-spoofing rules here:

# anti-spoofing done by Internet box so not needed here
# iptables -A INPUT -s 10.0.0.0/8 -j LOG --log-prefix "INPUT spoofed IP "
# iptables -A INPUT -s 10.0.0.0/8 -j DROP
# . . .

The protocols corresponding to services offered or used externally are accepted:

# services SMTP HTTP HTTPS
# iptables -A INPUT -p tcp -j ACCEPT --dport 25 -m conntrack --ctstate NEW
iptables -A INPUT -p tcp -j ACCEPT --dport 80 -m conntrack --ctstate NEW
# iptables -A INPUT -p tcp -j ACCEPT --dport 143 -m conntrack --ctstate NEW
iptables -A INPUT -p tcp -j ACCEPT --dport 443 -m conntrack --ctstate NEW

The protocols corresponding to services offered on the local network are accepted:

# services on local network FTP DNS BOOTP NNTP SUBMIT VNC
iptables -A INPUT -p tcp -j ACCEPT --dport 20 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 21 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 53 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 53 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 69 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 119 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 587 -m conntrack --ctstate NEW -s 192.168.53.0/24
# iptables -A INPUT -p tcp -j ACCEPT --dport 5900:5912 -m conntrack --ctstate NEW -s 192.168.53.0/24

We accept X-Window traffic on the local network:

# SSH-tunnelled X-Window output appears as input on interface lo
iptables -A INPUT -p udp -j ACCEPT --dport 177 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 6000:6063 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -i lo -p tcp -j ACCEPT --dport 6000:6063 -m conntrack --ctstate NEW -s 192.168.53.0/24

We accept NFS on the local network and fix the NFS ports:

# NFS ports
iptables -A INPUT -p udp -j ACCEPT --dport 111 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 111 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 2049 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 2049 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 32764:32769 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 32764:32769 -m conntrack --ctstate NEW -s 192.168.53.0/24

We accept samba traffic on the local network:

# samba ports
iptables -A INPUT -p udp -j ACCEPT --dport 135 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 135 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 137 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 137 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 138 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 139 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 445 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 445 -m conntrack --ctstate NEW -s 192.168.53.0/24

Broadcast traffic is also OK:

# broadcast traffic
iptables -A INPUT -p udp -s 0.0.0.0 -sport 67:68 -d 255.255.255.255 -j ACCEPT

We accept pings on the local network:

# accept some icmp packets
iptables -A INPUT -p icmp --icmp-type echo-request -s 192.168.53.0/24 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT

We could log anything not accepted above:

# log anything not accepted above
# iptables -A INPUT -j LOG --log-prefix "INPUT bad traffic "

We accept all outbound packets, which would for example afford using a network scanner. In a production environment, there would be a stricter policy:

# OUTBOUND POLICY

# accept all outbound packets
iptables -A OUTPUT -j ACCEPT

For routing between the interfaces, everything is accepted. In a production environment, there might be a stricter policy:

# FORWARD POLICY

# forward all outbound packets
iptables -A FORWARD -j ACCEPT
}

After the fw_start() function ends, the fw_stop() function is defined to authorize everything:

fw_stop () {
echo "Unloading all packet filter rules"
iptables -t nat --flush
iptables -flush

# accept by default
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
}

case "$1" in
‘start’)
fw_start
;;
’stop’)
fw_stop
;;
’restart’)
fw_start
;;
*)
echo "usage $0 start | stop | restart"

== Testing the firewall ==

Use '''nmap -sU hostname''' (UDP) and '''nmap -sT hostname''' (TCP) to make sure what ports are visible locally and do the same from the outside.

== Download example ==

[{{SERVER}}/wikislax/download/rc.firewall Download file rc.firewall]

 

{{pFoot|[[Configuration files]]|[[Main Page]]|[[X11 configuration]]}}

Compiling Xen

2026-03-30T09:35:23Z

Wikislax: /* Installing acpica */

{{RightTOC}}

== What is Xen ? ==

[http://wiki.xen.org/wiki/Xen_Overview Xen] is an hypervisor, a thin software layer executing multiple virtual machines, each running its own operating system. Xen is normally used as a server virtualization platform, running on headless servers without graphical console and controlled through the network. However it is also possible to run Xen on graphical desktops, and with proper hardware virtualization, to dedicate the primary graphics card (and keyboard / mouse) to a virtual machine, making it possible to have high performance full 3D and video acceleration in a virtual machine (see [http://wiki.xen.org/wiki/Xen_VGA_Passthrough Xen VGA Passthru]). Xen is otherwise free and open source.

== A few quirks ==

The '''dev86-0.16.21-x86_64-1.txz''' package included with Slackware 14.2 does not afford compiling '''xen-4.9.0''' properly, and must be replaced by '''[{{SERVER}}/wikislax/download/dev86-0.16.17-x86_64-2.txz dev86-0.16.17-x86_64-2.txz]''', that can be found on the Slackware 13.37, 14.0, or 14.1 distribution disks, in directory '''slackware64/d'''. Trying to compile dev86 [http://v3.sk/~lkundrak/dev86/ from source] is not an alternative : dev86 source versions 0.16.18 to 0.16.21 have the same issue compiling xen-4.9.0, and older 0.16.17 does not compile on Slackware 14.2. No such issue compiling xen-4.18.4 on slackware 15.0.

# removepkg /var/log/packages/dev86-0.16.21-x86_64-1.txz
# installpkg dev86-0.16.17-x86_64-2.txz

Also, the '''grub-2.00''' included with Slackware 14.2 does not afford booting xen. However, getting the latest version '''grub-2.02''' from source does work. Slackware 15.0 includes grub-2.06 which is no problem.

== Hardware requirements ==

Xen runs on Intel X86 hardware and requires a processor and motherboard supporting VT-x and optionally VT-d for hardware virtualization. See this [http://www.intel.com/support/motherboards/desktop/sb/cs-030922.htm page] for a list of Intel compatible motherboards and chipsets and this [http://ark.intel.com/ page] for a list of compatible processors. Our system running Xen successfully at the time of this writing (and since June 2012) is based on a DZ77GA70K Intel motherboard, an Intel® Core™ i7-3770 Processor (the overclockable i7-3770 "K" model does not afford virtualization), 32 Gb of PC12800 memory and an MSI GeForce G210 graphics board.

== Documentation difficulties ==

Although the software itself works well and is pretty straighforward, good quality Internet information is missing. The volume of information on the Xen wiki is plethoric, but mostly irrelevant as pertaining to old versions of everything. Building the big picture requires interpretation of tiny bits in forum messages, a pretty painful process, although I have to recognize that it worked for me in the end. An alternative is to use one of these old-style information repositories named "books". Yes it is pretty old-fashionned ;) but actually there are good ones on the topic. Here is [http://www.amazon.co.uk/The-Book-Xen-Practical-Administrator/dp/1593271867/ref=sr_1_1?s=books&ie=UTF8&qid=1341037874&sr=1-1 the most recent I found], it is a good value but of course you can find more on [http://www.amazon.co.uk/s/ref=nb_sb_noss_2?url=search-alias%3Dstripbooks&field-keywords=xen&x=0&y=0 amazon(.co.uk)].

== Software constraints ==

To make a long story short, at the time of this writing (and since June 2012) working with nVidia graphic boards on Xen and X11 requires the "nouveau" driver. Other drivers like nv or the nVidia proprietary driver do not support Xen and switch off the screen when launched or do not display properly. "Nouveau" requires a fairly recent version of X11. Slackware 13.37 or newer is required. "Nouveau" is available in kernel 3.4.2 upstream and was previously included as a staging driver. Xen dom0 support was included in kernel 3.0. To benefit from both Xen and "Nouveau", the best is to use kernel 3.4.2 upstream.

== Installing acpica ==

Xen requires acpica. [https://www.acpica.org/downloads Download] then install as below :

Note : the choice of license pertains to software redistribution. 1 - Intel, 2 - GPLV2 or BSD.

# tar -C /usr/local -xvf acpica-unix-yyyymmdd.tar.gz
# cd /usr/local
# chown -R root:root acpica-unix-yyyymmdd
# cd acpica-unix-yyyymmdd
# make
# make install

== Installing yajl ==

Xen 4.19.1 requires yajl. [http://lloyd.github.io/yajl/ Download] then install as below. Note : there is no option to specify the target library directory so the files need to be moved manually.

# tar -C /usr/local -xvf lloyd-yajl-17b1790.tar.gz
# cd /usr/local
# chown -R root:root lloyd-yajl-17b1790
# cd lloyd-yajl-17b1790
# ./configure
# make
# make install
# cd ../lib
# mv libyajl* ../lib64
# ldconfig

== Compiling Xen ==

[http://xen.org/products/xen_source.html Download Xen] from the official [http://www.xen.org xen.org] site. Note : File stubs-32.h is missing in the compiler includes so we add a link to the existing stubs-64.h. Also, some Xen Python scripts are installed in /usr/local/lib64/python-2.7/site-packages which python cannot find so we add links from the standard library as well.

# cd /usr/include/gnu
# ln -s stubs-64.h stubs-32.h
# cd
# tar -C /usr/local -xvf xen-x.y.z.tar.gz
# cd /usr/local
# chown -R root:root xen-x.y.z
# cd xen-x.y.z
# ./configure --libdir=/usr/local/lib64 --with-initddir=/etc/rc.d
# make world
# make install
# make clean
# cd ../lib64/python2.7/site-packages
# ln -s xen /usr/lib64/python2.7/site-packages
# ln -s xen-3.0-py2.7.egg-info /usr/lib64/python2.7/site-packages

== Adjusting rc.local* ==

Xen needs a couple of daemons to run to ensure VM management. Add these lines to rc.local and rc.local_shutdown :

PATH=/usr/local/sbin:/usr/local/bin:$PATH
export PATH

# start xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons start
fi

# stop xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons stop
fi

== Compiling a dom0 Kernel ==

Domain-0 (dom0 for short) is a special guest (virtual machine) that the Xen hypervisor always loads on host startup. Dom0 is used to control and manage the Xen hypervisor, and provides virtual disks and networks for other unprivileged guests (=domUs). Dom0 support was introduced in Linux kernel 3.0. The kernel generated must include the .config file domU and [http://wiki.xen.org/wiki/Mainline_Linux_Kernel_Configs#Configuring_the_kernel dom0 options]. Here is a minimal example of such a [{{SERVER}}/wikislax/download/config-dom0 .config dom0] file. Feel free to use it as a base, replacing device drivers as required. The rest of the kernel compilation is nominal :

# tar -C /usr/src -xvf linux-4.4.88.tar.bz2
# cd /usr/local
# rm linux
# ln -s linux-4.4.88 linux
# cd linux
# make menuconfig
# make
# make modules_install
# cp arch/x86_64/boot/bzImage /boot/vmlinuz-4.4.88-dom0
# cp System.map /boot/System.map-4.4.88-dom0
# cp .config /boot/config-4.4.88-dom0

We're now all set up, Xen is ready to be booted by grub2 !

 

{{ pFoot |[[Compiling from Source]]|[[Main Page]]|[[Using Grub2]]}}

Linux basics

2026-03-29T19:38:40Z

Wikislax: /* Useful linux commands */

== Using VI ==

'''vi''' (pronounced vee-eye) is the Unix standard text editor so affords editing the configuration files by hand. If you don’t know it yet, it can be a bit surprising. Actually, '''vi''' was created at a time when the keyboards did not have any arrow or insert keys. So there are two modes: the «open» mode and the «insert» mode.

The open mode affords moving the cursor. '''j''', '''k''', '''l''', '''m''' move the cursor by one character. '''ctrl-f''' moves one page forward and '''ctrl-b''' moves one page backwards. '''w''' moves one word forward and '''b''' moves one word backwards. It is also possible to use the arrow keys.

'''i''' goes into insert mode before the cursor, '''a''' goes into insert mode after the cursor, and '''A''' goes into insert mode at the end of the line. '''o''' adds a line after the current line, and '''O''' adds a live before the current line. '''R''' goes into rewrite mode.

'''esc''' affords getting out of the insert mode.

'''c$''' affords replacing the end of the line and '''d$''' affords deleting the end of the line. '''cw''' affords replacing one word and '''dw''' affords deleting one word. '''dd''' affords deleting the current line.

''':q''' affords quitting without saving. If the file has been modified, quitting must be forced by typing ''':q!'''. ''':x''' affords saving and quitting. If the file does not have the write rigths, saving must be forced by typing ''':x!'''. ''':w''' affords writing the text in a new file. If the new file already exists, writing must be forced by typing ''':w!'''.

''':num''' affords moving to the line number num. ''':$''' affords moving to the end of the file.
''':num1copynum2''' affords copying the line number num1 after the line number num2. ''':num1mnum2''' affords moving the line number num1 after the line number num2.

For detailed information, check the [http://vimdoc.sourceforge.net/htmldoc/help.html VIM Documentation]. To enter special characters check the page on [http://vimdoc.sourceforge.net/htmldoc/digraph.html digraphs]. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.

To get syntax highligting instead of '''vi''' use the '''vim'''(vi improved) replacement :

# '''cd /usr/bin'''
# '''rm vi'''
# '''ln -s vim vi'''

== Using SSH ==

SSH is a suite of tools affording connecting remotely over encrypted communications. On the client side, '''ssh''' offers a command line terminal, '''scp''' affords copying a file, and '''sftp''' behaves like ftp. The server side consists of sshd, sftp-server, and ssh-agent. ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen afford key management. The SSH present on Slackware and the BSDs is [https://www.openssh.com/ OpenSSH], developped by members of the [https://www.openbsd.org/ OpenBSD] project.

'''ssh''' obviously requires your password every time it is executed. This can be avoided by creating on the client a pair of rsa keys and copying the public key to the server. Not specifying a passphrase is not very secure but will afford avoiding having to enter it every time :

# '''ssh-keygen -t rsa'''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): '''<cr>'''
Enter passphrase (empty for no passphrase): '''<cr>'''
Enter same passphrase again: '''cr>'''
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ATSDdER5/l8OJvr+jpINIReJtd81zntVbTjuJW5aobE root@client
The key's randomart image is:
+---[RSA 2048]----+
| ..=O+.. |
| ..o++. ..|
| oo. = +|
| . +o . = +.|
| oSo. o * o|
| . o o*.=.|
| = +E+* .|
| + ...+.. |
| ++o+ |
+----[SHA256]-----+
# '''scp root@client:.ssh/id_rsa.pub root@server:.ssh/id_rsa.pub'''
password: '''secret<cr>'''
id_rsa.pub 100% 394 1.8MB/s 00:00
# '''ssh server'''
password: '''secret<cr>'''
# '''cd .ssh'''
# '''cat >> authorized_keys < id_rsa.pub'''
# '''chmod 600 authorized_keys'''
# '''rm id_rsa.pub'''

== Useful linux commands ==

{| {{thead}}
|-
! {{chead}} width="220" | Command
! {{chead}} | Effect
|-
|<tt>'''cd'''</tt>||change directory.
|-
|<tt>'''chmod -R ppp ddd'''</tt>||recursively change permissions on file or directory.
|-
|<tt>'''chown -R uuu:ggg ddd'''</tt>||recursively change user:group ownership on file or directory.
|-
|<tt>'''chgrp -R ggg ddd'''</tt>||recursively change group ownership on file or directory.
|-
|<tt>'''command xxx <nowiki>|</nowiki> grep yyy'''</tt>||search for string yyy in output of command xxx.
|-
|<tt>'''ethtool -s eth0 wol g'''</tt>||puts interface eth0 in wake-on-lan status.
|-
|<tt>'''find xxx -name yyy -print'''</tt>||find file yyy in in subdirectories of xxx.
|-
|<tt>'''groupadd <group>'''</tt>||add group <group>.
|-
|<tt>'''ifconfig -a'''</tt>||print the network interfaces configuration.
|-
|<tt>'''iptables -L'''</tt>||print the firewall rules.
|-
|<tt>'''killall xxx'''</tt>||kill program named xxx.
|-
|<tt>'''ldconfig'''</tt>||reload libraries taking into account new libraries just built.
|-
|<tt>'''ln -s existing new'''</tt>||create a symbolic link new to an existing directory or file.
|-
|<tt>'''ls -al'''</tt>||list the working directory, including files beginning with a dot.
|-
|<tt>'''man xxx'''</tt>||display the xxx command manual page.
|-
|<tt>'''mkisofs -o xxx.iso -J -r xxx'''</tt>||Put directory or file xxx into an iso image.
|-
|<tt>'''more xxx'''</tt>||display file xxx with the possibility of moving up and down. '''less''' and '''most''' are similar commands.
|-
|<tt>'''mount -t ttt /dev/xxx /mnt/ddd'''</tt>||mount device xxx as type ttt under directory ddd.
|-
|<tt>'''(u)mount /mnt/ddd'''</tt>||(u)mount device ddd as specified in /etc/fstab.
|-
|<tt>'''nmap host'''</tt>||check filtering status of ports on host. '''-sU''' for UDP.
|-
|<tt>'''ntpdate -bv 0.fr.pool.ntp.org'''</tt>|| force ntp synchronization.
|-
|<tt>'''ps -ef'''</tt>||list the running processes.
|-
|<tt>'''pwd'''</tt>||print working directory.
|-
|<tt>'''rm -r'''</tt>||remove file or directory recursively.
|-
|<tt>'''route'''</tt>||display the network routing table.
|-
|<tt>'''scp -p usr1@hst1:/str1 usr2@hst2:/str2'''</tt>||copy files between hosts. -p to preserve attributes.
|-
|<tt>'''screen -S<name>'''</tt>||screen offers a frame to run a shell, detach from it (<ctrl>-a d) and later reattach to it.
|-
|<tt>'''ssh host'''</tt>||connect remotely to site host.
|-
|<tt>'''su -l uuuu'''</tt>||execute shell as another user. if -l is used an environment similar to what the other user would have had with a direct login is provided.
|-
|<tt>'''telinit n'''</tt>||go to the runlevel n (1=single-user, 3=multi-user, 4=graphical, 6=reboot).
|-
|<tt>'''umask'''</tt>||edit /etc/profile to change the default umask value of 022 and '''set it to 027''' (files not readable by other users), a good setting except when installing as root server software to be ran as a standard user account (permission issues).
|-
|<tt>'''useradd <group> <user>'''</tt>||add <user> as a member of group <group>.
|-
|<tt>'''vi'''</tt>||run the vi text editor. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.
|}

 

{{pFoot|[[Maintaining Slackware]]|[[Main Page]]|[[Configuration files]]}}

Linux basics

2026-03-29T11:46:16Z

Wikislax: /* Useful linux commands */

== Using VI ==

'''vi''' (pronounced vee-eye) is the Unix standard text editor so affords editing the configuration files by hand. If you don’t know it yet, it can be a bit surprising. Actually, '''vi''' was created at a time when the keyboards did not have any arrow or insert keys. So there are two modes: the «open» mode and the «insert» mode.

The open mode affords moving the cursor. '''j''', '''k''', '''l''', '''m''' move the cursor by one character. '''ctrl-f''' moves one page forward and '''ctrl-b''' moves one page backwards. '''w''' moves one word forward and '''b''' moves one word backwards. It is also possible to use the arrow keys.

'''i''' goes into insert mode before the cursor, '''a''' goes into insert mode after the cursor, and '''A''' goes into insert mode at the end of the line. '''o''' adds a line after the current line, and '''O''' adds a live before the current line. '''R''' goes into rewrite mode.

'''esc''' affords getting out of the insert mode.

'''c$''' affords replacing the end of the line and '''d$''' affords deleting the end of the line. '''cw''' affords replacing one word and '''dw''' affords deleting one word. '''dd''' affords deleting the current line.

''':q''' affords quitting without saving. If the file has been modified, quitting must be forced by typing ''':q!'''. ''':x''' affords saving and quitting. If the file does not have the write rigths, saving must be forced by typing ''':x!'''. ''':w''' affords writing the text in a new file. If the new file already exists, writing must be forced by typing ''':w!'''.

''':num''' affords moving to the line number num. ''':$''' affords moving to the end of the file.
''':num1copynum2''' affords copying the line number num1 after the line number num2. ''':num1mnum2''' affords moving the line number num1 after the line number num2.

For detailed information, check the [http://vimdoc.sourceforge.net/htmldoc/help.html VIM Documentation]. To enter special characters check the page on [http://vimdoc.sourceforge.net/htmldoc/digraph.html digraphs]. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.

To get syntax highligting instead of '''vi''' use the '''vim'''(vi improved) replacement :

# '''cd /usr/bin'''
# '''rm vi'''
# '''ln -s vim vi'''

== Using SSH ==

SSH is a suite of tools affording connecting remotely over encrypted communications. On the client side, '''ssh''' offers a command line terminal, '''scp''' affords copying a file, and '''sftp''' behaves like ftp. The server side consists of sshd, sftp-server, and ssh-agent. ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen afford key management. The SSH present on Slackware and the BSDs is [https://www.openssh.com/ OpenSSH], developped by members of the [https://www.openbsd.org/ OpenBSD] project.

'''ssh''' obviously requires your password every time it is executed. This can be avoided by creating on the client a pair of rsa keys and copying the public key to the server. Not specifying a passphrase is not very secure but will afford avoiding having to enter it every time :

# '''ssh-keygen -t rsa'''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): '''<cr>'''
Enter passphrase (empty for no passphrase): '''<cr>'''
Enter same passphrase again: '''cr>'''
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ATSDdER5/l8OJvr+jpINIReJtd81zntVbTjuJW5aobE root@client
The key's randomart image is:
+---[RSA 2048]----+
| ..=O+.. |
| ..o++. ..|
| oo. = +|
| . +o . = +.|
| oSo. o * o|
| . o o*.=.|
| = +E+* .|
| + ...+.. |
| ++o+ |
+----[SHA256]-----+
# '''scp root@client:.ssh/id_rsa.pub root@server:.ssh/id_rsa.pub'''
password: '''secret<cr>'''
id_rsa.pub 100% 394 1.8MB/s 00:00
# '''ssh server'''
password: '''secret<cr>'''
# '''cd .ssh'''
# '''cat >> authorized_keys < id_rsa.pub'''
# '''chmod 600 authorized_keys'''
# '''rm id_rsa.pub'''

== Useful linux commands ==

{| {{thead}}
|-
! {{chead}} width="220" | Command
! {{chead}} | Effect
|-
|<tt>'''cd'''</tt>||change directory.
|-
|<tt>'''chmod -R ppp ddd'''</tt>||recursively change permissions on file or directory.
|-
|<tt>'''chown -R uuu:ggg ddd'''</tt>||recursively change user:group ownership on file or directory.
|-
|<tt>'''chgrp -R ggg ddd'''</tt>||recursively change group ownership on file or directory.
|-
|<tt>'''command xxx <nowiki>|</nowiki> grep yyy'''</tt>||search for string yyy in output of command xxx.
|-
|<tt>'''ethtool -s eth0 wol g'''</tt>||puts interface eth0 in wake-on-lan status.
|-
|<tt>'''find xxx -name yyy -print'''</tt>||find file yyy in in subdirectories of xxx.
|-
|<tt>'''groupadd <group>'''</tt>||add group <group>.
|-
|<tt>'''ifconfig -a'''</tt>||print the network interfaces configuration.
|-
|<tt>'''iptables -L'''</tt>||print the firewall rules.
|-
|<tt>'''killall xxx'''</tt>||kill program named xxx.
|-
|<tt>'''ldconfig'''</tt>||reload libraries taking into account new libraries just built.
|-
|<tt>'''ln -s existing new'''</tt>||create a symbolic link new to an existing directory or file.
|-
|<tt>'''ls -al'''</tt>||list the working directory, including files beginning with a dot.
|-
|<tt>'''man xxx'''</tt>||display the xxx command manual page.
|-
|<tt>'''mkisofs -o Windows7SP1.iso -J -r xxx'''</tt>||Put directory or file xxx into an iso image.
|-
|<tt>'''more xxx'''</tt>||display file xxx with the possibility of moving up and down. '''less''' and '''most''' are similar commands.
|-
|<tt>'''mount -t ttt /dev/xxx /mnt/ddd'''</tt>||mount device xxx as type ttt under directory ddd.
|-
|<tt>'''(u)mount /mnt/ddd'''</tt>||(u)mount device ddd as specified in /etc/fstab.
|-
|<tt>'''nmap host'''</tt>||check filtering status of ports on host. '''-sU''' for UDP.
|-
|<tt>'''ntpdate -bv 0.fr.pool.ntp.org'''</tt>|| force ntp synchronization.
|-
|<tt>'''ps -ef'''</tt>||list the running processes.
|-
|<tt>'''pwd'''</tt>||print working directory.
|-
|<tt>'''rm -r'''</tt>||remove file or directory recursively.
|-
|<tt>'''route'''</tt>||display the network routing table.
|-
|<tt>'''scp -p usr1@hst1:/str1 usr2@hst2:/str2'''</tt>||copy files between hosts. -p to preserve attributes.
|-
|<tt>'''screen -S<name>'''</tt>||screen offers a frame to run a shell, detach from it (<ctrl>-a d) and later reattach to it.
|-
|<tt>'''ssh host'''</tt>||connect remotely to site host.
|-
|<tt>'''su -l uuuu'''</tt>||execute shell as another user. if -l is used an environment similar to what the other user would have had with a direct login is provided.
|-
|<tt>'''telinit n'''</tt>||go to the runlevel n (1=single-user, 3=multi-user, 4=graphical, 6=reboot).
|-
|<tt>'''umask'''</tt>||edit /etc/profile to change the default umask value of 022 and '''set it to 027''' (files not readable by other users), a good setting except when installing as root server software to be ran as a standard user account (permission issues).
|-
|<tt>'''useradd <group> <user>'''</tt>||add <user> as a member of group <group>.
|-
|<tt>'''vi'''</tt>||run the vi text editor. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.
|}

 

{{pFoot|[[Maintaining Slackware]]|[[Main Page]]|[[Configuration files]]}}

Linux basics

2026-03-29T11:45:33Z

Wikislax: /* Useful linux commands */

== Using VI ==

'''vi''' (pronounced vee-eye) is the Unix standard text editor so affords editing the configuration files by hand. If you don’t know it yet, it can be a bit surprising. Actually, '''vi''' was created at a time when the keyboards did not have any arrow or insert keys. So there are two modes: the «open» mode and the «insert» mode.

The open mode affords moving the cursor. '''j''', '''k''', '''l''', '''m''' move the cursor by one character. '''ctrl-f''' moves one page forward and '''ctrl-b''' moves one page backwards. '''w''' moves one word forward and '''b''' moves one word backwards. It is also possible to use the arrow keys.

'''i''' goes into insert mode before the cursor, '''a''' goes into insert mode after the cursor, and '''A''' goes into insert mode at the end of the line. '''o''' adds a line after the current line, and '''O''' adds a live before the current line. '''R''' goes into rewrite mode.

'''esc''' affords getting out of the insert mode.

'''c$''' affords replacing the end of the line and '''d$''' affords deleting the end of the line. '''cw''' affords replacing one word and '''dw''' affords deleting one word. '''dd''' affords deleting the current line.

''':q''' affords quitting without saving. If the file has been modified, quitting must be forced by typing ''':q!'''. ''':x''' affords saving and quitting. If the file does not have the write rigths, saving must be forced by typing ''':x!'''. ''':w''' affords writing the text in a new file. If the new file already exists, writing must be forced by typing ''':w!'''.

''':num''' affords moving to the line number num. ''':$''' affords moving to the end of the file.
''':num1copynum2''' affords copying the line number num1 after the line number num2. ''':num1mnum2''' affords moving the line number num1 after the line number num2.

For detailed information, check the [http://vimdoc.sourceforge.net/htmldoc/help.html VIM Documentation]. To enter special characters check the page on [http://vimdoc.sourceforge.net/htmldoc/digraph.html digraphs]. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.

To get syntax highligting instead of '''vi''' use the '''vim'''(vi improved) replacement :

# '''cd /usr/bin'''
# '''rm vi'''
# '''ln -s vim vi'''

== Using SSH ==

SSH is a suite of tools affording connecting remotely over encrypted communications. On the client side, '''ssh''' offers a command line terminal, '''scp''' affords copying a file, and '''sftp''' behaves like ftp. The server side consists of sshd, sftp-server, and ssh-agent. ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen afford key management. The SSH present on Slackware and the BSDs is [https://www.openssh.com/ OpenSSH], developped by members of the [https://www.openbsd.org/ OpenBSD] project.

'''ssh''' obviously requires your password every time it is executed. This can be avoided by creating on the client a pair of rsa keys and copying the public key to the server. Not specifying a passphrase is not very secure but will afford avoiding having to enter it every time :

# '''ssh-keygen -t rsa'''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): '''<cr>'''
Enter passphrase (empty for no passphrase): '''<cr>'''
Enter same passphrase again: '''cr>'''
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ATSDdER5/l8OJvr+jpINIReJtd81zntVbTjuJW5aobE root@client
The key's randomart image is:
+---[RSA 2048]----+
| ..=O+.. |
| ..o++. ..|
| oo. = +|
| . +o . = +.|
| oSo. o * o|
| . o o*.=.|
| = +E+* .|
| + ...+.. |
| ++o+ |
+----[SHA256]-----+
# '''scp root@client:.ssh/id_rsa.pub root@server:.ssh/id_rsa.pub'''
password: '''secret<cr>'''
id_rsa.pub 100% 394 1.8MB/s 00:00
# '''ssh server'''
password: '''secret<cr>'''
# '''cd .ssh'''
# '''cat >> authorized_keys < id_rsa.pub'''
# '''chmod 600 authorized_keys'''
# '''rm id_rsa.pub'''

== Useful linux commands ==

{| {{thead}}
|-
! {{chead}} width="220" | Command
! {{chead}} | Effect
|-
|<tt>'''cd'''</tt>||change directory.
|-
|<tt>'''chmod -R ppp ddd'''</tt>||recursively change permissions on file or directory.
|-
|<tt>'''chown -R uuu:ggg ddd'''</tt>||recursively change user:group ownership on file or directory.
|-
|<tt>'''chgrp -R ggg ddd'''</tt>||recursively change group ownership on file or directory.
|-
|<tt>'''command xxx <nowiki>|</nowiki> grep yyy'''</tt>||search for string yyy in output of command xxx.
|-
|<tt>'''ethtool -s eth0 wol g'''</tt>||puts interface eth0 in wake-on-lan status.
|-
|<tt>'''find xxx -name yyy -print'''</tt>||find file yyy in in subdirectories of xxx.
|-
|<tt>'''groupadd <group>'''</tt>||add group <group>.
|-
|<tt>'''ifconfig -a'''</tt>||print the network interfaces configuration.
|-
|<tt>'''iptables -L'''</tt>||print the firewall rules.
|-
|<tt>'''killall xxx'''</tt>||kill program named xxx.
|-
|<tt>'''ldconfig'''</tt>||reload libraries taking into account new libraries just built.
|-
|<tt>'''ln -s existing new'''</tt>||create a symbolic link new to an existing directory or file.
|-
|<tt>'''ls -al'''</tt>||list the working directory, including files beginning with a dot.
|-
|<tt>'''man xxx'''</tt>||display the xxx command manual page.
|-
|<tt>'''mkisofs -o Windows7SP1.iso -J -r xxx'''</tt>||Put directory or file xxx into an iso image.
|-
|<tt>'''more xxx'''</tt>||display file xxx with the possibility of moving up and down. '''less''' and '''most''' are similar commands.
|-
|<tt>'''mount -t ttt /dev/xxx /mnt/ddd'''</tt>||mount device xxx as type ttt under directory ddd.
|-
|<tt>'''(u)mount /mnt/ddd'''</tt>||(u)mount device ddd as specified in /etc/fstab.
|-
|<tt>'''nmap host'''</tt>||check filtering status of ports on host. '''-sU''' for UDP.
|-
|<tt>'''ntpdate -bv 0.fr.pool.ntp.org'''</tt>|| force ntp synchronization.
|-
|<tt>'''ps -ef'''</tt>||list the running processes.
|-
|<tt>'''pwd'''</tt>||print working directory.
|-
|<tt>'''rm -r'''</tt>||remove file or directory recursively.
|-
|<tt>'''route'''</tt>||display the network routing table.
|-
|<tt>'''scp -p usr1@hst1:/str1 usr2@hst2:/str2'''</tt>||copy files between hosts.
|-
|<tt>'''screen -S<name>'''</tt>||screen offers a frame to run a shell, detach from it (<ctrl>-a d) and later reattach to it.
|-
|<tt>'''ssh host'''</tt>||connect remotely to site host.
|-
|<tt>'''su -l uuuu'''</tt>||execute shell as another user. if -l is used an environment similar to what the other user would have had with a direct login is provided.
|-
|<tt>'''telinit n'''</tt>||go to the runlevel n (1=single-user, 3=multi-user, 4=graphical, 6=reboot).
|-
|<tt>'''umask'''</tt>||edit /etc/profile to change the default umask value of 022 and '''set it to 027''' (files not readable by other users), a good setting except when installing as root server software to be ran as a standard user account (permission issues).
|-
|<tt>'''useradd <group> <user>'''</tt>||add <user> as a member of group <group>.
|-
|<tt>'''vi'''</tt>||run the vi text editor. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.
|}

 

{{pFoot|[[Maintaining Slackware]]|[[Main Page]]|[[Configuration files]]}}

Linux basics

2026-03-29T11:44:54Z

Wikislax: /* Useful linux commands */

== Using VI ==

'''vi''' (pronounced vee-eye) is the Unix standard text editor so affords editing the configuration files by hand. If you don’t know it yet, it can be a bit surprising. Actually, '''vi''' was created at a time when the keyboards did not have any arrow or insert keys. So there are two modes: the «open» mode and the «insert» mode.

The open mode affords moving the cursor. '''j''', '''k''', '''l''', '''m''' move the cursor by one character. '''ctrl-f''' moves one page forward and '''ctrl-b''' moves one page backwards. '''w''' moves one word forward and '''b''' moves one word backwards. It is also possible to use the arrow keys.

'''i''' goes into insert mode before the cursor, '''a''' goes into insert mode after the cursor, and '''A''' goes into insert mode at the end of the line. '''o''' adds a line after the current line, and '''O''' adds a live before the current line. '''R''' goes into rewrite mode.

'''esc''' affords getting out of the insert mode.

'''c$''' affords replacing the end of the line and '''d$''' affords deleting the end of the line. '''cw''' affords replacing one word and '''dw''' affords deleting one word. '''dd''' affords deleting the current line.

''':q''' affords quitting without saving. If the file has been modified, quitting must be forced by typing ''':q!'''. ''':x''' affords saving and quitting. If the file does not have the write rigths, saving must be forced by typing ''':x!'''. ''':w''' affords writing the text in a new file. If the new file already exists, writing must be forced by typing ''':w!'''.

''':num''' affords moving to the line number num. ''':$''' affords moving to the end of the file.
''':num1copynum2''' affords copying the line number num1 after the line number num2. ''':num1mnum2''' affords moving the line number num1 after the line number num2.

For detailed information, check the [http://vimdoc.sourceforge.net/htmldoc/help.html VIM Documentation]. To enter special characters check the page on [http://vimdoc.sourceforge.net/htmldoc/digraph.html digraphs]. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.

To get syntax highligting instead of '''vi''' use the '''vim'''(vi improved) replacement :

# '''cd /usr/bin'''
# '''rm vi'''
# '''ln -s vim vi'''

== Using SSH ==

SSH is a suite of tools affording connecting remotely over encrypted communications. On the client side, '''ssh''' offers a command line terminal, '''scp''' affords copying a file, and '''sftp''' behaves like ftp. The server side consists of sshd, sftp-server, and ssh-agent. ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen afford key management. The SSH present on Slackware and the BSDs is [https://www.openssh.com/ OpenSSH], developped by members of the [https://www.openbsd.org/ OpenBSD] project.

'''ssh''' obviously requires your password every time it is executed. This can be avoided by creating on the client a pair of rsa keys and copying the public key to the server. Not specifying a passphrase is not very secure but will afford avoiding having to enter it every time :

# '''ssh-keygen -t rsa'''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): '''<cr>'''
Enter passphrase (empty for no passphrase): '''<cr>'''
Enter same passphrase again: '''cr>'''
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ATSDdER5/l8OJvr+jpINIReJtd81zntVbTjuJW5aobE root@client
The key's randomart image is:
+---[RSA 2048]----+
| ..=O+.. |
| ..o++. ..|
| oo. = +|
| . +o . = +.|
| oSo. o * o|
| . o o*.=.|
| = +E+* .|
| + ...+.. |
| ++o+ |
+----[SHA256]-----+
# '''scp root@client:.ssh/id_rsa.pub root@server:.ssh/id_rsa.pub'''
password: '''secret<cr>'''
id_rsa.pub 100% 394 1.8MB/s 00:00
# '''ssh server'''
password: '''secret<cr>'''
# '''cd .ssh'''
# '''cat >> authorized_keys < id_rsa.pub'''
# '''chmod 600 authorized_keys'''
# '''rm id_rsa.pub'''

== Useful linux commands ==

{| {{thead}}
|-
! {{chead}} width="220" | Command
! {{chead}} | Effect
|-
|<tt>'''cd'''</tt>||change directory.
|-
|<tt>'''chmod -R ppp ddd'''</tt>||recursively change permissions on file or directory.
|-
|<tt>'''chown -R uuu:ggg ddd'''</tt>||recursively change user:group ownership on file or directory.
|-
|<tt>'''chgrp -R ggg ddd'''</tt>||recursively change group ownership on file or directory.
|-
|<tt>'''command xxx <nowiki>|</nowiki> grep yyy'''</tt>||search for string yyy in output of command xxx.
|-
|<tt>'''ethtool -s eth0 wol g'''</tt>||puts interface eth0 in wake-on-lan status.
|-
|<tt>'''find xxx -name yyy -print'''</tt>||find file yyy in in subdirectories of xxx.
|-
|<tt>'''groupadd <group>'''</tt>||add group <group>.
|-
|<tt>'''ifconfig -a'''</tt>||print the network interfaces configuration.
|-
|<tt>'''iptables -L'''</tt>||print the firewall rules.
|-
|<tt>'''killall xxx'''</tt>||kill program named xxx.
|-
|<tt>'''ldconfig'''</tt>||reload libraries taking into account new libraries just built.
|-
|<tt>'''ln -s existing new'''</tt>||create a symbolic link new to an existing directory or file.
|-
|<tt>'''ls -al'''</tt>||list the working directory, including files beginning with a dot.
|-
|<tt>'''man xxx'''</tt>||display the xxx command manual page.
|-
|<tt>'''mkisofs -o Windows7SP1.iso -J -r xxx'''</tt>||Put xxx in an iso image.
|-
|<tt>'''more xxx'''</tt>||display file xxx with the possibility of moving up and down. '''less''' and '''most''' are similar commands.
|-
|<tt>'''mount -t ttt /dev/xxx /mnt/ddd'''</tt>||mount device xxx as type ttt under directory ddd.
|-
|<tt>'''(u)mount /mnt/ddd'''</tt>||(u)mount device ddd as specified in /etc/fstab.
|-
|<tt>'''nmap host'''</tt>||check filtering status of ports on host. '''-sU''' for UDP.
|-
|<tt>'''ntpdate -bv 0.fr.pool.ntp.org'''</tt>|| force ntp synchronization.
|-
|<tt>'''ps -ef'''</tt>||list the running processes.
|-
|<tt>'''pwd'''</tt>||print working directory.
|-
|<tt>'''rm -r'''</tt>||remove file or directory recursively.
|-
|<tt>'''route'''</tt>||display the network routing table.
|-
|<tt>'''scp -p usr1@hst1:/str1 usr2@hst2:/str2'''</tt>||copy files between hosts.
|-
|<tt>'''screen -S<name>'''</tt>||screen offers a frame to run a shell, detach from it (<ctrl>-a d) and later reattach to it.
|-
|<tt>'''ssh host'''</tt>||connect remotely to site host.
|-
|<tt>'''su -l uuuu'''</tt>||execute shell as another user. if -l is used an environment similar to what the other user would have had with a direct login is provided.
|-
|<tt>'''telinit n'''</tt>||go to the runlevel n (1=single-user, 3=multi-user, 4=graphical, 6=reboot).
|-
|<tt>'''umask'''</tt>||edit /etc/profile to change the default umask value of 022 and '''set it to 027''' (files not readable by other users), a good setting except when installing as root server software to be ran as a standard user account (permission issues).
|-
|<tt>'''useradd <group> <user>'''</tt>||add <user> as a member of group <group>.
|-
|<tt>'''vi'''</tt>||run the vi text editor. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.
|}

 

{{pFoot|[[Maintaining Slackware]]|[[Main Page]]|[[Configuration files]]}}

X11 over the network

2026-03-29T08:55:10Z

Wikislax: /* Kdm */

{{RightTOC}}

Using X over the network affords accessing remote servers graphically as if you were on the console. So for instance, from your Windows workstation, you can run Windows and Linux side by side, full screen, and switch with function-key combinations such as alt-tab or ctrl-alt-F7 or F8. A very handy feature. X is natively present and fast on Linux. On Windows, it will always be a bit slower, and you need to install an X server. [https://sourceforge.net/projects/vcxsrv/ VcXrv] is a very competent one.

The software presenting an X window on a terminal is called an X server, which is contrary to what we are used to, as the X server is not on the server but actually on the client ! Over the Internet, you will always encapsulate X11 in SSH ('''X11 forwarding''', to configure in '''/etc/ssh/sshd_config''') as the X protocols are not secure. However, X needs a significant bandwidth so it is not likely that you will use it over an ADSL connection as it would be too slow. Optical fiber could be OK though.

For more information on using remote X applications, check this [http://www.xs4all.nl/~zweije/xauth.html mini-HOWTO] or this excellent [http://shop.oreilly.com/product/9780596101954.do O'Reilly book].

== Xdm, Kdm, Gdm ==

X requires a daemon on the server to handle connections. The base daemon is Xdm, that offers a graphical login directly under X, with no desktop manager. Access can be local on the computer console, or can be from an X terminal or X emulated terminal on the network.

The KDE and Gnome desktop environments Kdm and Gdm come with Xdm variants that have a different look and feel. It is possible to run one or several of the three, provided that they will not compete for management of the same terminals.

However it makes sense to use only one. Kdm is a good choice as it affords choosing the Session Window Manager (Kde, Xfce4, ...) from the connection dialog box.

== Kdm ==

For KDE to manage X terminals over the network, update '''/etc/kde/kdm/kdmrc''' specifying '''Enable=true''' for '''[Xdmcp]'''.

To be able to connect as root, update '''/etc/kde/kdm/kdmrc''', specifying '''AllowRootLogin=true''' for '''[X-*-Core]'''.

In '''/etc/kde/kdm/Xaccess''', uncomment line '''#* # any host can get a login window''' to authorize connection from any incoming IP address (or to restrict usage to your local network).

== Xdm ==

In '''/etc/X11/xdm/xdm-config''', comment out the line '''#DisplayManager.requestPort: 0''' to authorize X terminal access from the network. Else port 177 won't be listened, as can be verified using '''nmap -sU localhost''', that lists the listening UDP ports. If checking with tcpdump, '''udp port xdmcp unreachable''' will be seen on the wire.

In '''/etc/X11/xdm/Xaccess''', uncomment line '''#* # any host can get a login window''' to authorize connection from any incoming IP address (or to restrict usage to your local network). In '''/etc/X11/xdm/Xservers''', comment out the line with ''':0''' to avoid getting an X login screen on the console.

To automatically launch '''xdm''' during Slackware init, add the following lines to '''/etc/rc.d/rc.local''' :

# Xdm
if [ -x /usr/X11/bin/xdm ]; then
/usr/X11/bin/xdm
fi

== X11 firewalling ==

At the firewall level, the X terminal must be able to contact the host using '''UDP 177''' and the host must be able to callback the X terminal using '''TCP 6000:6063'''. Open the corresponding ports, but to avoid login information to be sent over the wire, restrict usage to the local network :

# SSH-tunnelled X-Window output appears as input on interface lo
iptables -A INPUT -p udp -j ACCEPT --dport 177 -s 192.168.0.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 6000:6063 -m state --state NEW -s 192.168.0.0/24
iptables -A INPUT -i lo -p tcp -j ACCEPT --dport 6000:6063 -m state --state NEW -s 192.168.0.0/24

For access from the Internet, il will be better to encapsulate X11 within an SSH session, using the X11 forwarding option. Due to encryption, this is however much slower. In this case, instead of KDE, prefer a less network-intensive window manager such as xfce4.

== X11 server ==

The X terminal can be a Linux computer on which you run the X server to display X from a remote client. For instance typing '''nohup X -query host :1 &''' will display X from host host on virtual terminal 8. This way you will be able to keep local X and remote X side by side and switch between them using '''<ctrl><alt><F7>''' and '''<ctrl><alt><F8>'''.

The X terminal can also be a Windows PC equipped with an X emulator such as [https://sourceforge.net/projects/vcxsrv/ VcXrv] or other software found from the Internet. At the time of this writing though, such software is frustrating due to unstability or poor licensing conditions, so VcXrv seems to currently be the better choice, although a bit slow. '''Note''' : Specify in the configuration that you will be using XDMCP.

== Windows firewall ==

On Windows, use the firewall with «'''Allow exceptions'''» and create an entry in the firewall for the X11 protocol (port 6000), specifying in the scope the server IP address or the local network (not the Internet).

 

{{pFoot|[[X11 configuration]]|[[Main Page]]|[[Compiling the Kernel]]}}

DVDless install

2026-03-26T21:08:41Z

Wikislax: /* Slackware setup */

{{RightTOC}}

The (local) network is an additional choice to install Slackware from when your hardware has this capability. Installing from the local network is much faster than from a DVD and is a good choice when playing around with the installation. This page explains how to configure a Slackware server for this usage. It was inspired by the [http://alien.slackbook.org/dokuwiki/doku.php?id=slackware:pxe AlienBob's blog page] on the same topic. To install Slackware over the network we need :

* A service to download the Slackware files during the Slackware setup. HTTP, FTP, or NFS can be used. In the example below we show how to use the NFS and FTP services included with Slackware.
* A service implementing the TFTP protocol. TFTP is used to effectively download the bootstrap code from the server identified. We will use the TFTP protocol included with Slackware.

* A service implementing the BOOTP protocol. BOOTP is used by the PXE firmware to identify on the network a server to download the bootloader code from. The DHCP server included with the Slackware distribution has this capability.

== Configuring NFS ==

NFS is SUN's Network File System. It is lightning fast and can be used as a mount point, but depending on configuration may be unsecure and must be used locally only. Also, it uses some random port numbers that need to be fixed if firewalling. The directories used are defined in '''/etc/exports'''. Edit as follows. '''ro''' means read-only, '''sync''' makes sure that no asynchronous requests are made, '''insecure''' affords using different NFS ports from other NFS implementations, '''all_squash''' maps all uids and gids to the anonymous user for public access, '''no_subtree_check''' improves reliability in some circumstances. See '''man exports''' for more details.

# See exports(5) for a description.
# This file contains a list of all directories exported to other computers.
# It is used by rpc.nfsd and rpc.mountd.

/var/pub 192.168.53.1/24(ro,sync,insecure,all_squash,no_subtree_check)

The NFS server is launched using '''/etc/rc.d/rc.nfsd'''. Make this script executable so as to use it on every boot. You can also '''start''' it to test it immediately. The NFS client is launched using '''/etc/rc.d/rc.rpc''' and affords using NFS mount points from other NFS servers. Make this script executable if you want to use it and have it started on every reboot. This can be handy to cross-test NFS machines. Otherwise it should not be necessary.

# chmod u+x /etc/rc.d/rc.nfsd
# chmod u+x /etc/rc.d/rc.rpc

== Configuring FTP ==

As SSH affords encrypted authentication and transfers, FTP will be used on our site only for anonymous public downloads. FTP uses fixed port numbers so it is easy to firewall, but it is much slower than NFS. Slackware includes two FTPs : ProFTPd and vsFTP. We will use the latter. Using vsFTP requires very little configuration : setting the home directory of the ftp user to where we want our files to be downloaded from, uncommenting the correct '''ftp''' line in '''/etc/inetd.conf''' and '''/etc/rc.d/rc.inetd restart''', updating the firewall rules. For more details '''man vsftpd.conf'''.

# usermod --home /var/pub ftp
. . .
# Very Secure File Transfer Protocol (FTP) server.
ftp stream tcp nowait root /usr/sbin/tcpd vsftpd
. . .
# /etc/rc.d/rc.inetd restart
. . .
# services on local network FTP BOOTP HTTP NNTP IMAP HTTPS SUBMIT VNC VOIP
iptables -A INPUT -p tcp -j ACCEPT --dport 20 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 21 -m conntrack --ctstate NEW -s 192.168.53.0/24

== Putting the Slackware install files online ==

Copy the content of the slackware DVD to a disk directory, for instance '''/var/pub/slackware64-15.0'''

# mkdir /mnt/dvd
# mkdir /var/pub/slackware64-15.0
# mount -o loop slackware64-15.0-install-dvd.iso /mnt/dvd
# cp -a /mnt/dvd/* /var/pub/slackware64-15.0/
# umount /mnt/dvd

During install, when asked for the source directory specify subdirectory '''slackware64''' that is, '''/var/pub/slackware64-15.0/slackware64'''

The Slackware network setup uses NFS version 3 meaning that directory paths are absolute.

== Configuring TFTPBOOT ==

TFTP is the trivial ftp protocol (for use on a local network). Let's create the '''tftp bootp''' file structure under the default '''/tftpboot''' directory. The directory where we store the bootloader files is '''/tftpboot/slackware64-15.0''' :

# mkdir /tftpboot
# mkdir /tftpboot/slackware64-15.0
# mkdir /tftpboot/slackware64-15.0/pxelinux.cfg
# cp /usr/share/syslinux/pxelinux.0 /tftpboot/slackware64-15.0/
# cp /var/pub/slackware64-15.0/isolinux/message.txt /tftpboot/slackware64-15.0/
# cp /var/pub/slackware64-15.0/isolinux/f2.txt /tftpboot/slackware64-15.0/
# cp -a /var/pub/slackware64-15.0/kernels /tftpboot/slackware64-15.0/
# cp /var/pub/slackware64-15.0/usb-and-pxe-installers/pxelinux.cfg_default /tftpboot/slackware64-15.0/pxelinux.cfg/default
# cp /var/pub/slackware64-15.0/isolinux/initrd.img /tftpboot/slackware64-15.0/

Tftpboot is handled by '''inetd'''. To activate it, uncomment the tftp line in '''/etc/inetd.conf''' then '''/etc/rc.d/rc.inetd restart''' or reboot.

tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot -r blksize

== Configuring DHCP ==

We configure '''/etc/dhcpd.conf''' as follows. Our subnet is '''192.168.53.0''', our network mask '''255.255.255.0''', our IP address is '''192.168.53.1''', our router address '''192.168.53.254'''. The IP DHCP range is '''192.168.53.154''' to '''192.168.53.253'''. For more details on other configuration possbilities, '''man dhcpd.conf'''.

# dhcpd.conf
#
# Configuration file for ISC dhcpd (see 'man dhcpd.conf')
#

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
ddns-update-style none;

# Allow bootp requests
allow bootp;

# Point to the TFTP server:
next-server 192.168.53.1;

# Default lease is 1 week (604800 sec.)
default-lease-time 604800;
# Max lease is 4 weeks (2419200 sec.)
max-lease-time 2419200;

subnet 192.168.53.0 netmask 255.255.255.0 {
option domain-name "studioware.com";
option broadcast-address 192.168.53.255;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.53.1;
option routers 192.168.53.254;
range dynamic-bootp 192.168.53.154 192.168.53.253;
use-host-decl-names on;
if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
filename "/slackware64-15.0/pxelinux.0";
}
}

Next is to create a script '''/etc/rc.d/rc.dhcpd''' to launch dhcp. Our bridged interface is '''br0''' :

#!/bin/sh
#
# /etc/rc.d/rc.dhcpd
# This shell script takes care of starting and stopping
# the ISC DHCPD service
#

# Put the command line options here that you want to pass to dhcpd:
DHCPD_OPTIONS="-q '''br0'''"

[ -x /usr/sbin/dhcpd ] || exit 0

[ -f /etc/dhcpd.conf ] || exit 0

start() {
# Start daemons.
echo -n "Starting dhcpd: /usr/sbin/dhcpd $DHCPD_OPTIONS "
/usr/sbin/dhcpd $DHCPD_OPTIONS
echo
}
stop() {
# Stop daemons.
echo -n "Shutting down dhcpd: "
killall -TERM dhcpd
echo
}
status() {
PIDS=$(pidof dhcpd)
if [ "$PIDS" == "" ]; then
echo "dhcpd is not running!"
else
echo "dhcpd is running at pid(s) ${PIDS}."
fi
}
restart() {
stop
start
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
status)
status
;;
*)
echo "Usage: $0 {start|stop|status|restart}"
;;
esac

exit 0

Next is to make '''/etc/rc.d/rc.dhcpd''' executable, launch it from '''/etc/rc.d/rc.local''' and stop it from '''/etc/rc.d/rc.local_shutdown''' :

# chmod u+x rc.dhcpd
. . .
# start dhcpd
if [ -x /etc/rc.d/rc.dhcpd ]; then
/etc/rc.d/rc.dhcpd start
fi
. . .
# stop dhcpd
if [ -x /etc/rc.d/rc.dhcpd ]; then
/etc/rc.d/rc.dhcpd stop
fi

== Firewalling NFS ==

Refer to [[IPTables]] for an introduction on packet filtering. NFS uses some random ports by defaults, that we need to fix if we want to be able to do proper packet filtering. To be precise, NFS uses sunrpc/111 and nfsd/2049, and random port numbers are used by other NFS daemons but it is possible to specify alternative port numbers on the command line or in the '''/etc/services''' file, to which we add :

rpc.nfs-cb 32764/tcp # RPC nfs callback
rpc.nfs-cb 32764/udp # RPC nfs callback
status 32765/udp # NFS status (listen)
status 32765/tcp # NFS status (listen)
status 32766/udp # NFS status (send)
status 32766/tcp # NFS status (send)
mountd 32767/udp # NFS mountd
mountd 32767/tcp # NFS mountd
lockd 32768/udp # NFS lock daemon/manager
lockd 32768/tcp # NFS lock daemon/manager
rquotad 32769/udp # NFS rquotad
rquotad 32769/tcp # NFS rquotad

The '''/etc/rc.d/rc.nfsd''' and '''/etc/rc.d/rc.rpc''' scripts are modified to specify port numbers on the command lines :

if [ -x /usr/sbin/rpc.rquotad ]; then
echo " /usr/sbin/rpc.rquotad '''-p 32769'''"
/usr/sbin/rpc.rquotad '''-p 32769'''
fi

if [ -x /usr/sbin/rpc.mountd ]; then
echo " /usr/sbin/rpc.mountd '''-p 32767'''"
/usr/sbin/rpc.mountd '''-p 32767'''
fi

if ! ps axc | grep -q rpc.statd ; then
echo "Starting RPC NSM (Network Status Monitor): /sbin/rpc.statd '''-p 32765 -o 32766'''"
/sbin/rpc.statd '''-p 32765 -o 32766'''
fi

To make the lock daemon listen on port '''32768''' only and set the nfs callback port to '''32764''' we need to create file '''/etc/sysctl.d/nfs.conf''' :

fs.nfs.nlm_udpport=32768
fs.nfs.nlm_tcpport=32768
fs.nfs.nfs_callback_tcpport=32764

Last BOOTP and the NFS ports must be added to '''/etc/rc.d/rc.firewall''' :

# BOOTP
iptables -A INPUT -p udp -j ACCEPT --dport 69 -s 192.168.53.0/24

# NFS ports
iptables -A INPUT -p udp -j ACCEPT --dport 111 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 111 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 2049 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 2049 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 32764:32769 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 32764:32769 -m conntrack --ctstate NEW -s 192.168.53.0/24

== Slackware setup ==

A few pieces of advice to make your Slackware setup from network easier :

* For some reason Slackare might use an interface other than eth0. Just move the cable to the right slot or update (or remove) /etc/udev/rules.d/70-persistent-net.rules.

* Slackware network setup uses NFS version 3 meaning that directory paths are absolute. For instance /var/pub/slackware64-15.0/slackware64.

* The FTP directory paths are instead relative to the ftp user home directory.

 

{{pFoot|[[Managing partitions]]|[[Main Page]]|[[Installing Slackware]]}}

DVDless install

2026-03-26T20:44:57Z

Wikislax: /* Firewalling NFS */

{{RightTOC}}

The (local) network is an additional choice to install Slackware from when your hardware has this capability. Installing from the local network is much faster than from a DVD and is a good choice when playing around with the installation. This page explains how to configure a Slackware server for this usage. It was inspired by the [http://alien.slackbook.org/dokuwiki/doku.php?id=slackware:pxe AlienBob's blog page] on the same topic. To install Slackware over the network we need :

* A service to download the Slackware files during the Slackware setup. HTTP, FTP, or NFS can be used. In the example below we show how to use the NFS and FTP services included with Slackware.
* A service implementing the TFTP protocol. TFTP is used to effectively download the bootstrap code from the server identified. We will use the TFTP protocol included with Slackware.

* A service implementing the BOOTP protocol. BOOTP is used by the PXE firmware to identify on the network a server to download the bootloader code from. The DHCP server included with the Slackware distribution has this capability.

== Configuring NFS ==

NFS is SUN's Network File System. It is lightning fast and can be used as a mount point, but depending on configuration may be unsecure and must be used locally only. Also, it uses some random port numbers that need to be fixed if firewalling. The directories used are defined in '''/etc/exports'''. Edit as follows. '''ro''' means read-only, '''sync''' makes sure that no asynchronous requests are made, '''insecure''' affords using different NFS ports from other NFS implementations, '''all_squash''' maps all uids and gids to the anonymous user for public access, '''no_subtree_check''' improves reliability in some circumstances. See '''man exports''' for more details.

# See exports(5) for a description.
# This file contains a list of all directories exported to other computers.
# It is used by rpc.nfsd and rpc.mountd.

/var/pub 192.168.53.1/24(ro,sync,insecure,all_squash,no_subtree_check)

The NFS server is launched using '''/etc/rc.d/rc.nfsd'''. Make this script executable so as to use it on every boot. You can also '''start''' it to test it immediately. The NFS client is launched using '''/etc/rc.d/rc.rpc''' and affords using NFS mount points from other NFS servers. Make this script executable if you want to use it and have it started on every reboot. This can be handy to cross-test NFS machines. Otherwise it should not be necessary.

# chmod u+x /etc/rc.d/rc.nfsd
# chmod u+x /etc/rc.d/rc.rpc

== Configuring FTP ==

As SSH affords encrypted authentication and transfers, FTP will be used on our site only for anonymous public downloads. FTP uses fixed port numbers so it is easy to firewall, but it is much slower than NFS. Slackware includes two FTPs : ProFTPd and vsFTP. We will use the latter. Using vsFTP requires very little configuration : setting the home directory of the ftp user to where we want our files to be downloaded from, uncommenting the correct '''ftp''' line in '''/etc/inetd.conf''' and '''/etc/rc.d/rc.inetd restart''', updating the firewall rules. For more details '''man vsftpd.conf'''.

# usermod --home /var/pub ftp
. . .
# Very Secure File Transfer Protocol (FTP) server.
ftp stream tcp nowait root /usr/sbin/tcpd vsftpd
. . .
# /etc/rc.d/rc.inetd restart
. . .
# services on local network FTP BOOTP HTTP NNTP IMAP HTTPS SUBMIT VNC VOIP
iptables -A INPUT -p tcp -j ACCEPT --dport 20 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 21 -m conntrack --ctstate NEW -s 192.168.53.0/24

== Putting the Slackware install files online ==

Copy the content of the slackware DVD to a disk directory, for instance '''/var/pub/slackware64-15.0'''

# mkdir /mnt/dvd
# mkdir /var/pub/slackware64-15.0
# mount -o loop slackware64-15.0-install-dvd.iso /mnt/dvd
# cp -a /mnt/dvd/* /var/pub/slackware64-15.0/
# umount /mnt/dvd

During install, when asked for the source directory specify subdirectory '''slackware64''' that is, '''/var/pub/slackware64-15.0/slackware64'''

The Slackware network setup uses NFS version 3 meaning that directory paths are absolute.

== Configuring TFTPBOOT ==

TFTP is the trivial ftp protocol (for use on a local network). Let's create the '''tftp bootp''' file structure under the default '''/tftpboot''' directory. The directory where we store the bootloader files is '''/tftpboot/slackware64-15.0''' :

# mkdir /tftpboot
# mkdir /tftpboot/slackware64-15.0
# mkdir /tftpboot/slackware64-15.0/pxelinux.cfg
# cp /usr/share/syslinux/pxelinux.0 /tftpboot/slackware64-15.0/
# cp /var/pub/slackware64-15.0/isolinux/message.txt /tftpboot/slackware64-15.0/
# cp /var/pub/slackware64-15.0/isolinux/f2.txt /tftpboot/slackware64-15.0/
# cp -a /var/pub/slackware64-15.0/kernels /tftpboot/slackware64-15.0/
# cp /var/pub/slackware64-15.0/usb-and-pxe-installers/pxelinux.cfg_default /tftpboot/slackware64-15.0/pxelinux.cfg/default
# cp /var/pub/slackware64-15.0/isolinux/initrd.img /tftpboot/slackware64-15.0/

Tftpboot is handled by '''inetd'''. To activate it, uncomment the tftp line in '''/etc/inetd.conf''' then '''/etc/rc.d/rc.inetd restart''' or reboot.

tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot -r blksize

== Configuring DHCP ==

We configure '''/etc/dhcpd.conf''' as follows. Our subnet is '''192.168.53.0''', our network mask '''255.255.255.0''', our IP address is '''192.168.53.1''', our router address '''192.168.53.254'''. The IP DHCP range is '''192.168.53.154''' to '''192.168.53.253'''. For more details on other configuration possbilities, '''man dhcpd.conf'''.

# dhcpd.conf
#
# Configuration file for ISC dhcpd (see 'man dhcpd.conf')
#

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
ddns-update-style none;

# Allow bootp requests
allow bootp;

# Point to the TFTP server:
next-server 192.168.53.1;

# Default lease is 1 week (604800 sec.)
default-lease-time 604800;
# Max lease is 4 weeks (2419200 sec.)
max-lease-time 2419200;

subnet 192.168.53.0 netmask 255.255.255.0 {
option domain-name "studioware.com";
option broadcast-address 192.168.53.255;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.53.1;
option routers 192.168.53.254;
range dynamic-bootp 192.168.53.154 192.168.53.253;
use-host-decl-names on;
if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
filename "/slackware64-15.0/pxelinux.0";
}
}

Next is to create a script '''/etc/rc.d/rc.dhcpd''' to launch dhcp. Our bridged interface is '''br0''' :

#!/bin/sh
#
# /etc/rc.d/rc.dhcpd
# This shell script takes care of starting and stopping
# the ISC DHCPD service
#

# Put the command line options here that you want to pass to dhcpd:
DHCPD_OPTIONS="-q '''br0'''"

[ -x /usr/sbin/dhcpd ] || exit 0

[ -f /etc/dhcpd.conf ] || exit 0

start() {
# Start daemons.
echo -n "Starting dhcpd: /usr/sbin/dhcpd $DHCPD_OPTIONS "
/usr/sbin/dhcpd $DHCPD_OPTIONS
echo
}
stop() {
# Stop daemons.
echo -n "Shutting down dhcpd: "
killall -TERM dhcpd
echo
}
status() {
PIDS=$(pidof dhcpd)
if [ "$PIDS" == "" ]; then
echo "dhcpd is not running!"
else
echo "dhcpd is running at pid(s) ${PIDS}."
fi
}
restart() {
stop
start
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
status)
status
;;
*)
echo "Usage: $0 {start|stop|status|restart}"
;;
esac

exit 0

Next is to make '''/etc/rc.d/rc.dhcpd''' executable, launch it from '''/etc/rc.d/rc.local''' and stop it from '''/etc/rc.d/rc.local_shutdown''' :

# chmod u+x rc.dhcpd
. . .
# start dhcpd
if [ -x /etc/rc.d/rc.dhcpd ]; then
/etc/rc.d/rc.dhcpd start
fi
. . .
# stop dhcpd
if [ -x /etc/rc.d/rc.dhcpd ]; then
/etc/rc.d/rc.dhcpd stop
fi

== Firewalling NFS ==

Refer to [[IPTables]] for an introduction on packet filtering. NFS uses some random ports by defaults, that we need to fix if we want to be able to do proper packet filtering. To be precise, NFS uses sunrpc/111 and nfsd/2049, and random port numbers are used by other NFS daemons but it is possible to specify alternative port numbers on the command line or in the '''/etc/services''' file, to which we add :

rpc.nfs-cb 32764/tcp # RPC nfs callback
rpc.nfs-cb 32764/udp # RPC nfs callback
status 32765/udp # NFS status (listen)
status 32765/tcp # NFS status (listen)
status 32766/udp # NFS status (send)
status 32766/tcp # NFS status (send)
mountd 32767/udp # NFS mountd
mountd 32767/tcp # NFS mountd
lockd 32768/udp # NFS lock daemon/manager
lockd 32768/tcp # NFS lock daemon/manager
rquotad 32769/udp # NFS rquotad
rquotad 32769/tcp # NFS rquotad

The '''/etc/rc.d/rc.nfsd''' and '''/etc/rc.d/rc.rpc''' scripts are modified to specify port numbers on the command lines :

if [ -x /usr/sbin/rpc.rquotad ]; then
echo " /usr/sbin/rpc.rquotad '''-p 32769'''"
/usr/sbin/rpc.rquotad '''-p 32769'''
fi

if [ -x /usr/sbin/rpc.mountd ]; then
echo " /usr/sbin/rpc.mountd '''-p 32767'''"
/usr/sbin/rpc.mountd '''-p 32767'''
fi

if ! ps axc | grep -q rpc.statd ; then
echo "Starting RPC NSM (Network Status Monitor): /sbin/rpc.statd '''-p 32765 -o 32766'''"
/sbin/rpc.statd '''-p 32765 -o 32766'''
fi

To make the lock daemon listen on port '''32768''' only and set the nfs callback port to '''32764''' we need to create file '''/etc/sysctl.d/nfs.conf''' :

fs.nfs.nlm_udpport=32768
fs.nfs.nlm_tcpport=32768
fs.nfs.nfs_callback_tcpport=32764

Last BOOTP and the NFS ports must be added to '''/etc/rc.d/rc.firewall''' :

# BOOTP
iptables -A INPUT -p udp -j ACCEPT --dport 69 -s 192.168.53.0/24

# NFS ports
iptables -A INPUT -p udp -j ACCEPT --dport 111 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 111 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 2049 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 2049 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 32764:32769 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 32764:32769 -m conntrack --ctstate NEW -s 192.168.53.0/24

== Slackware setup ==

A few pieces of advice to make your Slackware setup from network easier :

* For some reason Slackare might use an interface other than eth0. Just move the cable to the right slot or update (or remove) /etc/udev/rules.d/70-persistent-net.rules.

* Slackware network setup uses NFS version 3 meaning that directory paths are absolute. For instance /var/pub/slackware64-14.2/slackware64.

* The FTP directory paths are instead relative to the ftp user home directory.

 

{{pFoot|[[Managing partitions]]|[[Main Page]]|[[Installing Slackware]]}}

DVDless install

2026-03-26T20:18:57Z

Wikislax: /* Configuring FTP */

{{RightTOC}}

The (local) network is an additional choice to install Slackware from when your hardware has this capability. Installing from the local network is much faster than from a DVD and is a good choice when playing around with the installation. This page explains how to configure a Slackware server for this usage. It was inspired by the [http://alien.slackbook.org/dokuwiki/doku.php?id=slackware:pxe AlienBob's blog page] on the same topic. To install Slackware over the network we need :

* A service to download the Slackware files during the Slackware setup. HTTP, FTP, or NFS can be used. In the example below we show how to use the NFS and FTP services included with Slackware.
* A service implementing the TFTP protocol. TFTP is used to effectively download the bootstrap code from the server identified. We will use the TFTP protocol included with Slackware.

* A service implementing the BOOTP protocol. BOOTP is used by the PXE firmware to identify on the network a server to download the bootloader code from. The DHCP server included with the Slackware distribution has this capability.

== Configuring NFS ==

NFS is SUN's Network File System. It is lightning fast and can be used as a mount point, but depending on configuration may be unsecure and must be used locally only. Also, it uses some random port numbers that need to be fixed if firewalling. The directories used are defined in '''/etc/exports'''. Edit as follows. '''ro''' means read-only, '''sync''' makes sure that no asynchronous requests are made, '''insecure''' affords using different NFS ports from other NFS implementations, '''all_squash''' maps all uids and gids to the anonymous user for public access, '''no_subtree_check''' improves reliability in some circumstances. See '''man exports''' for more details.

# See exports(5) for a description.
# This file contains a list of all directories exported to other computers.
# It is used by rpc.nfsd and rpc.mountd.

/var/pub 192.168.53.1/24(ro,sync,insecure,all_squash,no_subtree_check)

The NFS server is launched using '''/etc/rc.d/rc.nfsd'''. Make this script executable so as to use it on every boot. You can also '''start''' it to test it immediately. The NFS client is launched using '''/etc/rc.d/rc.rpc''' and affords using NFS mount points from other NFS servers. Make this script executable if you want to use it and have it started on every reboot. This can be handy to cross-test NFS machines. Otherwise it should not be necessary.

# chmod u+x /etc/rc.d/rc.nfsd
# chmod u+x /etc/rc.d/rc.rpc

== Configuring FTP ==

As SSH affords encrypted authentication and transfers, FTP will be used on our site only for anonymous public downloads. FTP uses fixed port numbers so it is easy to firewall, but it is much slower than NFS. Slackware includes two FTPs : ProFTPd and vsFTP. We will use the latter. Using vsFTP requires very little configuration : setting the home directory of the ftp user to where we want our files to be downloaded from, uncommenting the correct '''ftp''' line in '''/etc/inetd.conf''' and '''/etc/rc.d/rc.inetd restart''', updating the firewall rules. For more details '''man vsftpd.conf'''.

# usermod --home /var/pub ftp
. . .
# Very Secure File Transfer Protocol (FTP) server.
ftp stream tcp nowait root /usr/sbin/tcpd vsftpd
. . .
# /etc/rc.d/rc.inetd restart
. . .
# services on local network FTP BOOTP HTTP NNTP IMAP HTTPS SUBMIT VNC VOIP
iptables -A INPUT -p tcp -j ACCEPT --dport 20 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 21 -m conntrack --ctstate NEW -s 192.168.53.0/24

== Putting the Slackware install files online ==

Copy the content of the slackware DVD to a disk directory, for instance '''/var/pub/slackware64-15.0'''

# mkdir /mnt/dvd
# mkdir /var/pub/slackware64-15.0
# mount -o loop slackware64-15.0-install-dvd.iso /mnt/dvd
# cp -a /mnt/dvd/* /var/pub/slackware64-15.0/
# umount /mnt/dvd

During install, when asked for the source directory specify subdirectory '''slackware64''' that is, '''/var/pub/slackware64-15.0/slackware64'''

The Slackware network setup uses NFS version 3 meaning that directory paths are absolute.

== Configuring TFTPBOOT ==

TFTP is the trivial ftp protocol (for use on a local network). Let's create the '''tftp bootp''' file structure under the default '''/tftpboot''' directory. The directory where we store the bootloader files is '''/tftpboot/slackware64-15.0''' :

# mkdir /tftpboot
# mkdir /tftpboot/slackware64-15.0
# mkdir /tftpboot/slackware64-15.0/pxelinux.cfg
# cp /usr/share/syslinux/pxelinux.0 /tftpboot/slackware64-15.0/
# cp /var/pub/slackware64-15.0/isolinux/message.txt /tftpboot/slackware64-15.0/
# cp /var/pub/slackware64-15.0/isolinux/f2.txt /tftpboot/slackware64-15.0/
# cp -a /var/pub/slackware64-15.0/kernels /tftpboot/slackware64-15.0/
# cp /var/pub/slackware64-15.0/usb-and-pxe-installers/pxelinux.cfg_default /tftpboot/slackware64-15.0/pxelinux.cfg/default
# cp /var/pub/slackware64-15.0/isolinux/initrd.img /tftpboot/slackware64-15.0/

Tftpboot is handled by '''inetd'''. To activate it, uncomment the tftp line in '''/etc/inetd.conf''' then '''/etc/rc.d/rc.inetd restart''' or reboot.

tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot -r blksize

== Configuring DHCP ==

We configure '''/etc/dhcpd.conf''' as follows. Our subnet is '''192.168.53.0''', our network mask '''255.255.255.0''', our IP address is '''192.168.53.1''', our router address '''192.168.53.254'''. The IP DHCP range is '''192.168.53.154''' to '''192.168.53.253'''. For more details on other configuration possbilities, '''man dhcpd.conf'''.

# dhcpd.conf
#
# Configuration file for ISC dhcpd (see 'man dhcpd.conf')
#

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
ddns-update-style none;

# Allow bootp requests
allow bootp;

# Point to the TFTP server:
next-server 192.168.53.1;

# Default lease is 1 week (604800 sec.)
default-lease-time 604800;
# Max lease is 4 weeks (2419200 sec.)
max-lease-time 2419200;

subnet 192.168.53.0 netmask 255.255.255.0 {
option domain-name "studioware.com";
option broadcast-address 192.168.53.255;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.53.1;
option routers 192.168.53.254;
range dynamic-bootp 192.168.53.154 192.168.53.253;
use-host-decl-names on;
if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
filename "/slackware64-15.0/pxelinux.0";
}
}

Next is to create a script '''/etc/rc.d/rc.dhcpd''' to launch dhcp. Our bridged interface is '''br0''' :

#!/bin/sh
#
# /etc/rc.d/rc.dhcpd
# This shell script takes care of starting and stopping
# the ISC DHCPD service
#

# Put the command line options here that you want to pass to dhcpd:
DHCPD_OPTIONS="-q '''br0'''"

[ -x /usr/sbin/dhcpd ] || exit 0

[ -f /etc/dhcpd.conf ] || exit 0

start() {
# Start daemons.
echo -n "Starting dhcpd: /usr/sbin/dhcpd $DHCPD_OPTIONS "
/usr/sbin/dhcpd $DHCPD_OPTIONS
echo
}
stop() {
# Stop daemons.
echo -n "Shutting down dhcpd: "
killall -TERM dhcpd
echo
}
status() {
PIDS=$(pidof dhcpd)
if [ "$PIDS" == "" ]; then
echo "dhcpd is not running!"
else
echo "dhcpd is running at pid(s) ${PIDS}."
fi
}
restart() {
stop
start
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
status)
status
;;
*)
echo "Usage: $0 {start|stop|status|restart}"
;;
esac

exit 0

Next is to make '''/etc/rc.d/rc.dhcpd''' executable, launch it from '''/etc/rc.d/rc.local''' and stop it from '''/etc/rc.d/rc.local_shutdown''' :

# chmod u+x rc.dhcpd
. . .
# start dhcpd
if [ -x /etc/rc.d/rc.dhcpd ]; then
/etc/rc.d/rc.dhcpd start
fi
. . .
# stop dhcpd
if [ -x /etc/rc.d/rc.dhcpd ]; then
/etc/rc.d/rc.dhcpd stop
fi

== Firewalling NFS ==

Refer to [[IPTables]] for an introduction on packet filtering. NFS uses some random ports by defaults, that we need to fix if we want to be able to do proper packet filtering. To be precise, NFS uses sunrpc/111 and nfsd/2049, and random port numbers are used by other NFS daemons but it is possible to specify alternative port numbers on the command line or in the '''/etc/services''' file, to which we add :

rpc.nfs-cb 32764/tcp # RPC nfs callback
rpc.nfs-cb 32764/udp # RPC nfs callback
status 32765/udp # NFS status (listen)
status 32765/tcp # NFS status (listen)
status 32766/udp # NFS status (send)
status 32766/tcp # NFS status (send)
mountd 32767/udp # NFS mountd
mountd 32767/tcp # NFS mountd
lockd 32768/udp # NFS lock daemon/manager
lockd 32768/tcp # NFS lock daemon/manager
rquotad 32769/udp # NFS rquotad
rquotad 32769/tcp # NFS rquotad

The '''/etc/rc.d/rc.nfsd''' and '''/etc/rc.d/rc.rpc''' scripts are modified to specify port numbers on the command lines :

if [ -x /usr/sbin/rpc.rquotad ]; then
echo " /usr/sbin/rpc.rquotad '''-p 32769'''"
/usr/sbin/rpc.rquotad '''-p 32769'''
fi

if [ -x /usr/sbin/rpc.mountd ]; then
echo " /usr/sbin/rpc.mountd '''-p 32767'''"
/usr/sbin/rpc.mountd '''-p 32767'''
fi

if ! ps axc | grep -q rpc.statd ; then
echo "Starting RPC NSM (Network Status Monitor): /sbin/rpc.statd '''-p 32765 -o 32766'''"
/sbin/rpc.statd '''-p 32765 -o 32766'''
fi

To make the lock daemon listen on port '''32768''' only and set the nfs callback port to '''32764''' we need to create file '''/etc/sysctl.d/nfs.conf''' :

fs.nfs.nlm_udpport=32768
fs.nfs.nlm_tcpport=32768
fs.nfs.nfs_callback_tcpport=32764

Last BOOTP and the NFS ports must be added to '''/etc/rc.d/rc.firewall''' :

# BOOTP
iptables -A INPUT -p udp -j ACCEPT --dport 69 -s 192.168.0.0/16

# NFS ports
iptables -A INPUT -p udp -j ACCEPT --dport 111 -s 192.168.0.0/16
iptables -A INPUT -p tcp -j ACCEPT --dport 111 -m state --state NEW -s 192.168.0.0/16
iptables -A INPUT -p udp -j ACCEPT --dport 2049 -s 192.168.0.0/16
iptables -A INPUT -p tcp -j ACCEPT --dport 2049 -m state --state NEW -s 192.168.0.0/16
iptables -A INPUT -p udp -j ACCEPT --dport 32764 -s 192.168.0.0/16
iptables -A INPUT -p tcp -j ACCEPT --dport 32764 -m state --state NEW -s 192.168.0.0/16
iptables -A INPUT -p udp -j ACCEPT --dport 32765 -s 192.168.0.0/16
iptables -A INPUT -p tcp -j ACCEPT --dport 32765 -m state --state NEW -s 192.168.0.0/16
iptables -A INPUT -p udp -j ACCEPT --dport 32766 -s 192.168.0.0/16
iptables -A INPUT -p tcp -j ACCEPT --dport 32766 -m state --state NEW -s 192.168.0.0/16
iptables -A INPUT -p udp -j ACCEPT --dport 32767 -s 192.168.0.0/16
iptables -A INPUT -p tcp -j ACCEPT --dport 32767 -m state --state NEW -s 192.168.0.0/16
iptables -A INPUT -p udp -j ACCEPT --dport 32768 -s 192.168.0.0/16
iptables -A INPUT -p tcp -j ACCEPT --dport 32768 -m state --state NEW -s 192.168.0.0/16
iptables -A INPUT -p udp -j ACCEPT --dport 32769 -s 192.168.0.0/16
iptables -A INPUT -p tcp -j ACCEPT --dport 32769 -m state --state NEW -s 192.168.0.0/16

== Slackware setup ==

A few pieces of advice to make your Slackware setup from network easier :

* For some reason Slackare might use an interface other than eth0. Just move the cable to the right slot or update (or remove) /etc/udev/rules.d/70-persistent-net.rules.

* Slackware network setup uses NFS version 3 meaning that directory paths are absolute. For instance /var/pub/slackware64-14.2/slackware64.

* The FTP directory paths are instead relative to the ftp user home directory.

 

{{pFoot|[[Managing partitions]]|[[Main Page]]|[[Installing Slackware]]}}

IPTables

2026-03-26T11:22:48Z

Wikislax: /* Iptables Filtering */

{{RightTOC}}

Packet filtering affords opening access only to these services you have decided to open. The TCP or UDP packets include a piece of information called the port number, that is used to identify the type of service. Secure ports were defined as SSL counterparts of the native ports but were superseded by [https://en.wikipedia.org/wiki/Transport_Layer_Security TLS] and are now deprecated due to security weaknesses in the SSL protocol. SSL should not be used any longer. Instead, use TLS. Current version is v1.2.

{| {{thead}}
|-
! {{chead}} width="100" | Protocol
! {{chead}} | Port #
! {{chead}} | Secure Protocol
! {{chead}} | Secure Port #
! {{chead}} | Service
|-
|SMTP||25||SMTPS||465||Mail exchange
|-
|HTTP||80||HTTPS||443||Web browsing
|-
|POP3||110||POP3S||995||Mail retrieval
|-
|NTTP||119||NTTPS||563||News exchange
|-
|IMAP||143||IMAPS||993||Mail retrieval
|-
|LDAP||389||LDAPS||636||Ldap Directory
|}

 

On server side, the services are provided by applications that may have vulnerabilities and be attacked. Examples of attacks are buffer overflow or format string attacks, that afford getting full access on the target machine by crafting special strings sent to it. An attacker could then obtain any information present there or modify or destroy the system.

To reduce the number of possible attacks, the number of services authorized, or who can access the system, must be restricted. This is known as packet filtering. It is only an aspect of security (obviously, the applications on the server side must also be secured ...), but it is important. Never *** ever *** connect to the network a computer not protected by a packet filter !

To illustrate, let's configure our two-interfaces computer to be its own firewall. '''eth0''' is the Internet interface, it uses network 192.168.0.x, the gateway is an ADSL router/switch at 192.168.0.254. '''eth1''' is the (Intranet) interface to the internal network 192.168.1.x.

== Iptables Filtering ==

Since Linux 2.4, packet filtering is effected inside the kernel, and configuration effected by the '''iptables''' user-space program. In addition to rules for incoming and outgoing packets, iptables affords defining rules for routing between the interfaces. The '''iptables''' command affords entering the rules '''one by one'''. Using a script affords entering all the rules. '''iptable -L -v''' affords viewing the current rules.

For more information, see the [http://www.netfilter.org/ netfilter] official site. This site has links to various documents, including a simple introduction to packet filtering in this [http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html HOWTO].

In Slackware, the script used is <tt>'''/etc/rc.d/rc.firewall'''</tt>. It is called automatically when the system starts or stops, using commands <tt>'''./rc.firewall start'''</tt> or <tt>'''./rc.firewall stop'''</tt>.

#! /bin/sh
#
# startup script for local packet filter
#
fw_start () {
echo "Loading packet filter rules"

The flush command affords deleting all the active nat and filtering rules:

# flush old rules
iptables -t nat --flush
iptables -flush

The -P option affords defining the default policy. A good practise is to forbid by default everything not authorized. This is done here for packets incoming, outgoing, and routed between the interfaces:

# drop by default
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

Connections already established are authorized to continue:

# accept packets that are part of previously OK'ed sessions
iptables -A INPUT -j ACCEPT -m conntrack --ctstate ESTABLISHED,RELATED
iptables -A OUTPUT -j ACCEPT -m conntrack --ctstate ESTABLISHED,RELATED
iptables -A FORWARD -j ACCEPT -m conntrack --ctstate ESTABLISHED,RELATED

The -A option affords adding a rule. Here all the packets on the loopback interface are accepted:

# INBOUND POLICY

# pass all traffic for network 127.0.0.0/8 on loopback interface
iptables -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT

Addresses of RFC 1918 private networks are not routable on the Internet. So packets with such addresses are not expected on the internal network. However as anti-spoofing is ensured by Internet box we do not need to introduce anti-spoofing rules here:

# anti-spoofing done by Internet box so not needed here
# iptables -A INPUT -s 10.0.0.0/8 -j LOG --log-prefix "INPUT spoofed IP "
# iptables -A INPUT -s 10.0.0.0/8 -j DROP
# . . .

The protocols corresponding to services offered or used externally are accepted:

# services SMTP HTTP HTTPS
# iptables -A INPUT -p tcp -j ACCEPT --dport 25 -m conntrack --ctstate NEW
iptables -A INPUT -p tcp -j ACCEPT --dport 80 -m conntrack --ctstate NEW
# iptables -A INPUT -p tcp -j ACCEPT --dport 143 -m conntrack --ctstate NEW
iptables -A INPUT -p tcp -j ACCEPT --dport 443 -m conntrack --ctstate NEW

The protocols corresponding to services offered on the local network are accepted:

# services on local network FTP DNS BOOTP NNTP SUBMIT VNC
iptables -A INPUT -p tcp -j ACCEPT --dport 20 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 21 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 53 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 53 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 69 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 119 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 587 -m conntrack --ctstate NEW -s 192.168.53.0/24
# iptables -A INPUT -p tcp -j ACCEPT --dport 5900:5912 -m conntrack --ctstate NEW -s 192.168.53.0/24

We accept X-Window traffic on the local network:

# SSH-tunnelled X-Window output appears as input on interface lo
iptables -A INPUT -p udp -j ACCEPT --dport 177 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 6000:6063 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -i lo -p tcp -j ACCEPT --dport 6000:6063 -m conntrack --ctstate NEW -s 192.168.53.0/24

We accept NFS on the local network and fix the NFS ports:

# NFS ports
iptables -A INPUT -p udp -j ACCEPT --dport 111 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 111 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 2049 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 2049 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 32764:32769 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 32764:32769 -m conntrack --ctstate NEW -s 192.168.53.0/24

We accept samba traffic on the local network:

# samba ports
iptables -A INPUT -p udp -j ACCEPT --dport 135 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 135 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 137 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 137 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 138 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 139 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 445 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 445 -m conntrack --ctstate NEW -s 192.168.53.0/24

Broadcast traffic is also OK:

# broadcast traffic
iptables -A INPUT -p udp -s 0.0.0.0 -sport 67:68 -d 255.255.255.255 -j ACCEPT

We accept pings on the local network:

# accept some icmp packets
iptables -A INPUT -p icmp --icmp-type echo-request -s 192.168.53.0/24 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT

We could log anything not accepted above:

# log anything not accepted above
# iptables -A INPUT -j LOG --log-prefix "INPUT bad traffic "

We accept all outbound packets, which would for example afford using a network scanner. In a production environment, there would be a stricter policy:

# OUTBOUND POLICY

# accept all outbound packets
iptables -A OUTPUT -j ACCEPT
}

After the fw_start() function ends, the fw_stop() function is defined to authorize everything:

fw_stop () {
echo "Unloading all packet filter rules"
iptables -t nat --flush
iptables -flush

# accept by default
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
}

case "$1" in
‘start’)
fw_start
;;
’stop’)
fw_stop
;;
’restart’)
fw_start
;;
*)
echo "usage $0 start | stop | restart"

== Testing the firewall ==

Use '''nmap -sU hostname''' (UDP) and '''nmap -sT hostname''' (TCP) to make sure what ports are visible locally and do the same from the outside.

== Download example ==

[{{SERVER}}/wikislax/download/rc.firewall Download file rc.firewall]

 

{{pFoot|[[Configuration files]]|[[Main Page]]|[[X11 configuration]]}}

IPTables

2026-03-26T11:20:24Z

Wikislax: /* Iptables Filtering */

{{RightTOC}}

Packet filtering affords opening access only to these services you have decided to open. The TCP or UDP packets include a piece of information called the port number, that is used to identify the type of service. Secure ports were defined as SSL counterparts of the native ports but were superseded by [https://en.wikipedia.org/wiki/Transport_Layer_Security TLS] and are now deprecated due to security weaknesses in the SSL protocol. SSL should not be used any longer. Instead, use TLS. Current version is v1.2.

{| {{thead}}
|-
! {{chead}} width="100" | Protocol
! {{chead}} | Port #
! {{chead}} | Secure Protocol
! {{chead}} | Secure Port #
! {{chead}} | Service
|-
|SMTP||25||SMTPS||465||Mail exchange
|-
|HTTP||80||HTTPS||443||Web browsing
|-
|POP3||110||POP3S||995||Mail retrieval
|-
|NTTP||119||NTTPS||563||News exchange
|-
|IMAP||143||IMAPS||993||Mail retrieval
|-
|LDAP||389||LDAPS||636||Ldap Directory
|}

 

On server side, the services are provided by applications that may have vulnerabilities and be attacked. Examples of attacks are buffer overflow or format string attacks, that afford getting full access on the target machine by crafting special strings sent to it. An attacker could then obtain any information present there or modify or destroy the system.

To reduce the number of possible attacks, the number of services authorized, or who can access the system, must be restricted. This is known as packet filtering. It is only an aspect of security (obviously, the applications on the server side must also be secured ...), but it is important. Never *** ever *** connect to the network a computer not protected by a packet filter !

To illustrate, let's configure our two-interfaces computer to be its own firewall. '''eth0''' is the Internet interface, it uses network 192.168.0.x, the gateway is an ADSL router/switch at 192.168.0.254. '''eth1''' is the (Intranet) interface to the internal network 192.168.1.x.

== Iptables Filtering ==

Since Linux 2.4, packet filtering is effected inside the kernel, and configuration effected by the '''iptables''' user-space program. In addition to rules for incoming and outgoing packets, iptables affords defining rules for routing between the interfaces. The '''iptables''' command affords entering the rules '''one by one'''. Using a script affords entering all the rules. '''iptable -L -v''' affords viewing the current rules.

For more information, see the [http://www.netfilter.org/ netfilter] official site. This site has links to various documents, including a simple introduction to packet filtering in this [http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html HOWTO].

In Slackware, the script used is <tt>'''/etc/rc.d/rc.firewall'''</tt>. It is called automatically when the system starts or stops, using commands <tt>'''./rc.firewall start'''</tt> or <tt>'''./rc.firewall stop'''</tt>.

#! /bin/sh
#
# startup script for local packet filter
#
fw_start () {
echo "Loading packet filter rules"

The flush command affords deleting all the active nat and filtering rules:

# flush old rules
iptables -t nat --flush
iptables -flush

The -P option affords defining the default policy. A good practise is to forbid by default everything not authorized. This is done here for packets incoming, outgoing, and routed between the interfaces:

# drop by default
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

Connections already established are authorized to continue:

# accept packets that are part of previously OK'ed sessions
iptables -A INPUT -j ACCEPT -m conntrack --ctstate ESTABLISHED,RELATED
iptables -A OUTPUT -j ACCEPT -m conntrack --ctstate ESTABLISHED,RELATED
iptables -A FORWARD -j ACCEPT -m conntrack --ctstate ESTABLISHED,RELATED

The -A option affords adding a rule. Here all the packets on the loopback interface are accepted:

# INBOUND POLICY

# pass all traffic for network 127.0.0.0/8 on loopback interface
iptables -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT

Addresses of RFC 1918 private networks are not routable on the Internet. So packets with such addresses are not expected on the internal network. However as anti-spoofing is ensured by Internet box we do not need to introduce anti-spoofing rules here:

# anti-spoofing done by Internet box so not needed here
# iptables -A INPUT -s 10.0.0.0/8 -j LOG --log-prefix "INPUT spoofed IP "
# iptables -A INPUT -s 10.0.0.0/8 -j DROP
# . . .

The protocols corresponding to services offered or used externally are accepted:

# services SMTP HTTP HTTPS
# iptables -A INPUT -p tcp -j ACCEPT --dport 25 -m conntrack --ctstate NEW
iptables -A INPUT -p tcp -j ACCEPT --dport 80 -m conntrack --ctstate NEW
# iptables -A INPUT -p tcp -j ACCEPT --dport 143 -m conntrack --ctstate NEW
iptables -A INPUT -p tcp -j ACCEPT --dport 443 -m conntrack --ctstate NEW

The protocols corresponding to services offered on the local network are accepted:

# services on local network FTP DNS BOOTP NNTP SUBMIT VNC SIP RTP
iptables -A INPUT -p tcp -j ACCEPT --dport 20 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 21 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 53 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 53 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 69 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 119 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 587 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 5900:5912 -m conntrack --ctstate NEW -s 192.168.53.0/24

We accept X-Window traffic on the local network:

# SSH-tunnelled X-Window output appears as input on interface lo
iptables -A INPUT -p udp -j ACCEPT --dport 177 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 6000:6063 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -i lo -p tcp -j ACCEPT --dport 6000:6063 -m conntrack --ctstate NEW -s 192.168.53.0/24

We accept NFS on the local network and fix the NFS ports:

# NFS ports
iptables -A INPUT -p udp -j ACCEPT --dport 111 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 111 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 2049 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 2049 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 32764:32769 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 32764:32769 -m conntrack --ctstate NEW -s 192.168.53.0/24

We accept samba traffic on the local network:

# samba ports
iptables -A INPUT -p udp -j ACCEPT --dport 135 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 135 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 137 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 137 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 138 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 139 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 445 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 445 -m conntrack --ctstate NEW -s 192.168.53.0/24

Broadcast traffic is also OK:

# broadcast traffic
iptables -A INPUT -p udp -s 0.0.0.0 -sport 67:68 -d 255.255.255.255 -j ACCEPT

We accept pings on the local network:

# accept some icmp packets
iptables -A INPUT -p icmp --icmp-type echo-request -s 192.168.53.0/24 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT

We could log anything not accepted above:

# log anything not accepted above
# iptables -A INPUT -j LOG --log-prefix "INPUT bad traffic "

We accept all outbound packets, which would for example afford using a network scanner. In a production environment, there would be a stricter policy:

# OUTBOUND POLICY

# accept all outbound packets
iptables -A OUTPUT -j ACCEPT
}

After the fw_start() function ends, the fw_stop() function is defined to authorize everything:

fw_stop () {
echo "Unloading all packet filter rules"
iptables -t nat --flush
iptables -flush

# accept by default
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
}

case "$1" in
‘start’)
fw_start
;;
’stop’)
fw_stop
;;
’restart’)
fw_start
;;
*)
echo "usage $0 start | stop | restart"

== Testing the firewall ==

Use '''nmap -sU hostname''' (UDP) and '''nmap -sT hostname''' (TCP) to make sure what ports are visible locally and do the same from the outside.

== Download example ==

[{{SERVER}}/wikislax/download/rc.firewall Download file rc.firewall]

 

{{pFoot|[[Configuration files]]|[[Main Page]]|[[X11 configuration]]}}

IPTables

2026-03-26T11:19:30Z

Wikislax: /* Iptables Filtering */

{{RightTOC}}

Packet filtering affords opening access only to these services you have decided to open. The TCP or UDP packets include a piece of information called the port number, that is used to identify the type of service. Secure ports were defined as SSL counterparts of the native ports but were superseded by [https://en.wikipedia.org/wiki/Transport_Layer_Security TLS] and are now deprecated due to security weaknesses in the SSL protocol. SSL should not be used any longer. Instead, use TLS. Current version is v1.2.

{| {{thead}}
|-
! {{chead}} width="100" | Protocol
! {{chead}} | Port #
! {{chead}} | Secure Protocol
! {{chead}} | Secure Port #
! {{chead}} | Service
|-
|SMTP||25||SMTPS||465||Mail exchange
|-
|HTTP||80||HTTPS||443||Web browsing
|-
|POP3||110||POP3S||995||Mail retrieval
|-
|NTTP||119||NTTPS||563||News exchange
|-
|IMAP||143||IMAPS||993||Mail retrieval
|-
|LDAP||389||LDAPS||636||Ldap Directory
|}

 

On server side, the services are provided by applications that may have vulnerabilities and be attacked. Examples of attacks are buffer overflow or format string attacks, that afford getting full access on the target machine by crafting special strings sent to it. An attacker could then obtain any information present there or modify or destroy the system.

To reduce the number of possible attacks, the number of services authorized, or who can access the system, must be restricted. This is known as packet filtering. It is only an aspect of security (obviously, the applications on the server side must also be secured ...), but it is important. Never *** ever *** connect to the network a computer not protected by a packet filter !

To illustrate, let's configure our two-interfaces computer to be its own firewall. '''eth0''' is the Internet interface, it uses network 192.168.0.x, the gateway is an ADSL router/switch at 192.168.0.254. '''eth1''' is the (Intranet) interface to the internal network 192.168.1.x.

== Iptables Filtering ==

Since Linux 2.4, packet filtering is effected inside the kernel, and configuration effected by the '''iptables''' user-space program. In addition to rules for incoming and outgoing packets, iptables affords defining rules for routing between the interfaces. The '''iptables''' command affords entering the rules '''one by one'''. Using a script affords entering all the rules. '''iptable -L -v''' affords viewing the current rules.

For more information, see the [http://www.netfilter.org/ netfilter] official site. This site has links to various documents, including a simple introduction to packet filtering in this [http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html HOWTO].

In Slackware, the script used is <tt>'''/etc/rc.d/rc.firewall'''</tt>. It is called automatically when the system starts or stops, using commands <tt>'''./rc.firewall start'''</tt> or <tt>'''./rc.firewall stop'''</tt>.

#! /bin/sh
#
# startup script for local packet filter
#
fw_start () {
echo "Loading packet filter rules"

The flush command affords deleting all the active nat and filtering rules:

# flush old rules
iptables -t nat --flush
iptables -flush

The -P option affords defining the default policy. A good practise is to forbid by default everything not authorized. This is done here for packets incoming, outgoing, and routed between the interfaces:

# drop by default
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

Connections already established are authorized to continue:

# accept packets that are part of previously OK'ed sessions
iptables -A INPUT -j ACCEPT -m conntrack --ctstate ESTABLISHED,RELATED
iptables -A OUTPUT -j ACCEPT -m conntrack --ctstate ESTABLISHED,RELATED
iptables -A FORWARD -j ACCEPT -m conntrack --ctstate ESTABLISHED,RELATED

The -A option affords adding a rule. Here all the packets on the loopback interface are accepted:

# INBOUND POLICY

# pass all traffic for network 127.0.0.0/8 on loopback interface
iptables -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT

Addresses of RFC 1918 private networks are not routable on the Internet. So packets with such addresses are not expected on the internal network. However as anti-spoofing is ensured by Internet box we do not need to introduce anti-spoofing rules here:

# anti-spoofing done by Internet box so not needed here
# iptables -A INPUT -s 10.0.0.0/8 -j LOG --log-prefix "INPUT spoofed IP "
# iptables -A INPUT -s 10.0.0.0/8 -j DROP
# . . .

The protocols corresponding to services offered or used externally are accepted:

# services SMTP HTTP HTTPS
# iptables -A INPUT -p tcp -j ACCEPT --dport 25 -m conntrack --ctstate NEW
iptables -A INPUT -p tcp -j ACCEPT --dport 80 -m conntrack --ctstate NEW
# iptables -A INPUT -p tcp -j ACCEPT --dport 143 -m conntrack --ctstate NEW
iptables -A INPUT -p tcp -j ACCEPT --dport 443 -m conntrack --ctstate NEW

The protocols corresponding to services offered on the local network are accepted:

# services on local network FTP DNS BOOTP NNTP SUBMIT VNC SIP RTP
iptables -A INPUT -p tcp -j ACCEPT --dport 20 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 21 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 53 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 53 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 69 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 119 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 587 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 5900:5912 -m conntrack --ctstate NEW -s 192.168.53.0/24

We accept X-Window traffic on the local network:

# SSH-tunnelled X-Window output appears as input on interface lo
iptables -A INPUT -p udp -j ACCEPT --dport 177 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 6000:6063 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -i lo -p tcp -j ACCEPT --dport 6000:6063 -m conntrack --ctstate NEW -s 192.168.53.0/24

We accept NFS on the local network and fix the NFS ports:

# NFS ports
iptables -A INPUT -p udp -j ACCEPT --dport 111 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 111 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 2049 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 2049 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 32764:32769 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 32764:32769 -m conntrack --ctstate NEW -s 192.168.53.0/24

We accept samba traffic on the local network:

# samba ports
iptables -A INPUT -p udp -j ACCEPT --dport 135 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 135 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 137 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 137 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 138 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 139 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p udp -j ACCEPT --dport 445 -m conntrack --ctstate NEW -s 192.168.53.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 445 -m conntrack --ctstate NEW -s 192.168.53.0/24

Broadcast traffic is also OK:

# broadcast traffic
iptables -A INPUT -p udp -s 0.0.0.0 -sport 67:68 -d 255.255.255.255 -j ACCEPT

We accept pings on the local network:

# accept some icmp packets
iptables -A INPUT -p icmp --icmp-type echo-request -s 192.168.53.0/24 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT

We could log anything not accepted above:

# log anything not accepted above
# iptables -A INPUT -j LOG --log-prefix "INPUT bad traffic "

We accept all outbound packets, which would for example afford using a network scanner. In a production environment, there would be a stricter policy:

# OUTBOUND POLICY

# accept all outbound packets
iptables -A OUTPUT -j ACCEPT
}

After the fw_start() function ends, the fw_stop() function is defined to authorize everything:

fw_stop () {
echo "Unloading all packet filter rules"
iptables -t nat --flush
iptables -flush

# accept by default
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
}

case "$1" in
‘start’)
fw_start
;;
’stop’)
fw_stop
;;
’restart’)
fw_start
;;
*)
echo "usage $0 start | stop | restart"

== Testing the firewall ==

Use '''nmap -sU hostname''' (UDP) and '''nmap -sT hostname''' (TCP) to make sure what ports are visible locally and do the same from the outside.

== Download example ==

[{{SERVER}}/wikislax/download/rc.firewall Download file rc.firewall]

 

{{pFoot|[[Configuration files]]|[[Main Page]]|[[X11 configuration]]}}

OwnCloud

2026-03-23T11:51:12Z

Wikislax: /* Creating the OwnCloud database */

{{RightTOC}}

== What is OwnCloud ? ==

[http://owncloud.com/ OwnCloud] is a file synchronization server. It affords keeping a hierarchy of files synchronized on different clients and operating systems.

The [https://doc.owncloud.com/server/10.15/admin_manual/installation/quick_guides/ubuntu_20_04.html/ Owncloud install doc] provided is for Ubuntu.

It is adapted below for Slackware 15.0.

== Installing OwnCloud ==

OwnCloud is a PHP application. [https://owncloud.com/download-server download] tarball then untar and install.

# tar -C /usr/local -xvf owncloud-complete-20240724.tar.bz2
# chown -R apache:apache owncloud
# cd /var/www/htdocs
# ln -s /usr/local/owncloud owncloud
# chown -R apache:apache owncloud

== Creating the occ helper script ==

occ is an OwnCloud administration command.

# FILE="/usr/local/bin/occ"
# cat <<EOM >$FILE
> #! /bin/bash
> cd /usr/local/owncloud
> sudo -E -u apache /usr/bin/php /usr/local/owncloud/occ "\$@"
> EOM
# chmod u+x $FILE

== Creating the OwnCloud database ==

OwnCloud can use a variety of databases. We will be using MySQL. The database can be created as follows :

# mysql -u root -e \
"CREATE DATABASE IF NOT EXISTS owncloud; \
CREATE USER IF NOT EXISTS 'owncloud'@'localhost' IDENTIFIED BY 'password'; \
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'localhost' WITH GRANT OPTION; \
FLUSH PRIVILEGES;"
# mysql -u root -e \
"CREATE USER 'owncloud'@'127.0.0.1' IDENTIFIED BY 'password'; \
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'127.0.0.1' WITH GRANT OPTION; \
FLUSH PRIVILEGES;"
#

It is also possible to create user owncloud@localhost and database from phpmyadmin.

== setting up the owncloud database ==

The admin user is the one who will manage the other users and OwnCloud from the OwnCloud web page.

# occ maintenance:install \
--database "mysql" \
--database-name "owncloud" \
--database-user "owncloud" \
--database-pass "password" \
--data-dir "/var/www/htdocs/owncloud/data" \
--admin-user "admin" \
--admin-pass "password"
ownCloud was successfully installed
#

== Configure ownCloud’s Trusted Domains ==

# my_ip=$(hostname -I|cut -f1 -d ' ')
# occ config:system:set trusted_domains 1 --value="$my_ip"
System config value trusted_domains => 1 set to string '''x.y.z.t'''
# occ config:system:set trusted_domains 2 --value="$HOSTNAME"
System config value trusted_domains => 2 set to string '''your.domain.tld'''
#

== Configure the cron jobs ==

Set your background job mode to cron:

# occ background:cron
Set mode for background jobs to 'cron'
#

== Configure the execution of the cron job to every 15 min and the cleanup of chunks every night at 2 am: ==

# echo "MIN HOUR DAY MONTH DAYOFWEEK COMMAND" >> /var/spool/cron/crontabs/apache
# echo "*/15 * * * * /var/www/htdocs/owncloud/occ system:cron" >> /var/spool/cron/crontabs/apache
# echo "0 2 * * * /var/www/htdocs/owncloud/occ dav:cleanup-chunks" >> /var/spool/cron/crontabs/apache
# chgrp apache /var/spool/cron/crontabs/apache
#

== Configure Log Rotation ==

# FILE="/etc/logrotate.d/owncloud"
# cat <<EOM >$FILE
/var/www/htdocs/owncloud/data/owncloud.log {
size 10M
rotate 12
copytruncate
missingok
compress
compresscmd /bin/gzip
}
EOM
#

 

{{pFoot|[[Asterisk]]|[[Main Page]]|[[Desktop software]]}}

OwnCloud

2026-03-23T11:49:30Z

Wikislax: /* Creating the OwnCloud database */

{{RightTOC}}

== What is OwnCloud ? ==

[http://owncloud.com/ OwnCloud] is a file synchronization server. It affords keeping a hierarchy of files synchronized on different clients and operating systems.

The [https://doc.owncloud.com/server/10.15/admin_manual/installation/quick_guides/ubuntu_20_04.html/ Owncloud install doc] provided is for Ubuntu.

It is adapted below for Slackware 15.0.

== Installing OwnCloud ==

OwnCloud is a PHP application. [https://owncloud.com/download-server download] tarball then untar and install.

# tar -C /usr/local -xvf owncloud-complete-20240724.tar.bz2
# chown -R apache:apache owncloud
# cd /var/www/htdocs
# ln -s /usr/local/owncloud owncloud
# chown -R apache:apache owncloud

== Creating the occ helper script ==

occ is an OwnCloud administration command.

# FILE="/usr/local/bin/occ"
# cat <<EOM >$FILE
> #! /bin/bash
> cd /usr/local/owncloud
> sudo -E -u apache /usr/bin/php /usr/local/owncloud/occ "\$@"
> EOM
# chmod u+x $FILE

== Creating the OwnCloud database ==

OwnCloud can use a variety of databases. We will be using MySQL. The database can be created as follows :

# mysql -u root -e \
"CREATE DATABASE IF NOT EXISTS owncloud; \
CREATE USER IF NOT EXISTS 'owncloud'@'localhost' IDENTIFIED BY 'password'; \
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'localhost' WITH GRANT OPTION; \
FLUSH PRIVILEGES;"
# mysql -u root -e \
"CREATE USER 'owncloud'@'127.0.0.1' IDENTIFIED BY 'password'; \
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'127.0.0.1'; WITH GRANT OPTION; \
FLUSH PRIVILEGES;"
#

It is also possible to create user owncloud@localhost and database from phpmyadmin.

== setting up the owncloud database ==

The admin user is the one who will manage the other users and OwnCloud from the OwnCloud web page.

# occ maintenance:install \
--database "mysql" \
--database-name "owncloud" \
--database-user "owncloud" \
--database-pass "password" \
--data-dir "/var/www/htdocs/owncloud/data" \
--admin-user "admin" \
--admin-pass "password"
ownCloud was successfully installed
#

== Configure ownCloud’s Trusted Domains ==

# my_ip=$(hostname -I|cut -f1 -d ' ')
# occ config:system:set trusted_domains 1 --value="$my_ip"
System config value trusted_domains => 1 set to string '''x.y.z.t'''
# occ config:system:set trusted_domains 2 --value="$HOSTNAME"
System config value trusted_domains => 2 set to string '''your.domain.tld'''
#

== Configure the cron jobs ==

Set your background job mode to cron:

# occ background:cron
Set mode for background jobs to 'cron'
#

== Configure the execution of the cron job to every 15 min and the cleanup of chunks every night at 2 am: ==

# echo "MIN HOUR DAY MONTH DAYOFWEEK COMMAND" >> /var/spool/cron/crontabs/apache
# echo "*/15 * * * * /var/www/htdocs/owncloud/occ system:cron" >> /var/spool/cron/crontabs/apache
# echo "0 2 * * * /var/www/htdocs/owncloud/occ dav:cleanup-chunks" >> /var/spool/cron/crontabs/apache
# chgrp apache /var/spool/cron/crontabs/apache
#

== Configure Log Rotation ==

# FILE="/etc/logrotate.d/owncloud"
# cat <<EOM >$FILE
/var/www/htdocs/owncloud/data/owncloud.log {
size 10M
rotate 12
copytruncate
missingok
compress
compresscmd /bin/gzip
}
EOM
#

 

{{pFoot|[[Asterisk]]|[[Main Page]]|[[Desktop software]]}}

PhpMyAdmin

2026-03-21T22:19:29Z

Wikislax: /* Installing PhpMyAdmin */

{{RightTOC}}

== What is PhpMyAdmin ? ==

[http://www.phpmyadmin.net/home_page PhpMyAdmin] is a PHP application that affords managing [[MySQL]] databases.

== Installing PhpMyAdmin ==

[http://www.phpmyadmin.net/home_page/downloads.php Download] and install for example in a subdirectory of the Apache DocumentRoot or under /usr/local using a symbolic link. The files must be readable by the user running apache.

# tar -C /usr/local -xvf phpMyAdmin-x.y.z.t-english.tar.gz
# cd /var/www/htdocs
# ln -s /usr/local/phpMyAdmin-x.y.z.t-english phpmyadmin
# cd phpmyadmin
# cp config.sample.inc.php config.inc.php
# cd ..
# chown -R apache:apache phpmyadmin

Edit '''config.inc.php''' to give a value (any string of '''max 46 characters''') to '''$cfg['blowfish_secret'] = <nowiki>''</nowiki>;''' that is used when '''$cfg['Servers'][$i]['auth_type'] = 'cookie';'''. Also add the lines '''$cfg['Servers'][$i]['socket'] = '/var/run/mysql/mysql.sock'; & $cfg['Servers'][$i]['connect_type'] = 'socket';'''. After that it should be possible to open page http://localhost/phpmyadmin using your browser.

$cfg['blowfish_secret'] = 'mysecret'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
/*
* Servers configuration
*/
$i = 0;
/*
* First server
*/
$i++;
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'cookie';
/* Server parameters */
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['DisableIS'] = true; # BUG PHPMYADMIN 5.2.3
$cfg['Servers'][$i]['socket'] = '/var/run/mysql/mysql.sock';
$cfg['Servers'][$i]['connect_type'] = 'socket';
$cfg['Servers'][$i]['compress'] = false;
/* Select mysqli if your server has it */
$cfg['Servers'][$i]['extension'] = 'mysql';
$cfg['Servers'][$i]['AllowNoPassword'] = false;

 

{{pFoot|[[PHP]]|[[Main Page]]|[[MediaWiki]]}}

OwnCloud

2026-03-21T18:03:20Z

Wikislax: /* setting up the owncloud database */

{{RightTOC}}

== What is OwnCloud ? ==

[http://owncloud.com/ OwnCloud] is a file synchronization server. It affords keeping a hierarchy of files synchronized on different clients and operating systems.

The [https://doc.owncloud.com/server/10.15/admin_manual/installation/quick_guides/ubuntu_20_04.html/ Owncloud install doc] provided is for Ubuntu.

It is adapted below for Slackware 15.0.

== Installing OwnCloud ==

OwnCloud is a PHP application. [https://owncloud.com/download-server download] tarball then untar and install.

# tar -C /usr/local -xvf owncloud-complete-20240724.tar.bz2
# chown -R apache:apache owncloud
# cd /var/www/htdocs
# ln -s /usr/local/owncloud owncloud
# chown -R apache:apache owncloud

== Creating the occ helper script ==

occ is an OwnCloud administration command.

# FILE="/usr/local/bin/occ"
# cat <<EOM >$FILE
> #! /bin/bash
> cd /usr/local/owncloud
> sudo -E -u apache /usr/bin/php /usr/local/owncloud/occ "\$@"
> EOM
# chmod u+x $FILE

== Creating the OwnCloud database ==

OwnCloud can use a variety of databases. We will be using MySQL. The database can be created as follows :

# mysql -u root -e \
"CREATE DATABASE IF NOT EXISTS owncloud; \
CREATE USER IF NOT EXISTS 'owncloud'@'localhost' IDENTIFIED BY 'password'; \
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'localhost' WITH GRANT OPTION; \
FLUSH PRIVILEGES;"
# mysql -u root -e \
"CREATE USER 'owncloud'@'127.0.0.1' IDENTIFIED BY 'password'; \
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'127.0.0.1'; \
FLUSH PRIVILEGES;"
#

It is also possible to create user owncloud@localhost and database from phpmyadmin.

== setting up the owncloud database ==

The admin user is the one who will manage the other users and OwnCloud from the OwnCloud web page.

# occ maintenance:install \
--database "mysql" \
--database-name "owncloud" \
--database-user "owncloud" \
--database-pass "password" \
--data-dir "/var/www/htdocs/owncloud/data" \
--admin-user "admin" \
--admin-pass "password"
ownCloud was successfully installed
#

== Configure ownCloud’s Trusted Domains ==

# my_ip=$(hostname -I|cut -f1 -d ' ')
# occ config:system:set trusted_domains 1 --value="$my_ip"
System config value trusted_domains => 1 set to string '''x.y.z.t'''
# occ config:system:set trusted_domains 2 --value="$HOSTNAME"
System config value trusted_domains => 2 set to string '''your.domain.tld'''
#

== Configure the cron jobs ==

Set your background job mode to cron:

# occ background:cron
Set mode for background jobs to 'cron'
#

== Configure the execution of the cron job to every 15 min and the cleanup of chunks every night at 2 am: ==

# echo "MIN HOUR DAY MONTH DAYOFWEEK COMMAND" >> /var/spool/cron/crontabs/apache
# echo "*/15 * * * * /var/www/htdocs/owncloud/occ system:cron" >> /var/spool/cron/crontabs/apache
# echo "0 2 * * * /var/www/htdocs/owncloud/occ dav:cleanup-chunks" >> /var/spool/cron/crontabs/apache
# chgrp apache /var/spool/cron/crontabs/apache
#

== Configure Log Rotation ==

# FILE="/etc/logrotate.d/owncloud"
# cat <<EOM >$FILE
/var/www/htdocs/owncloud/data/owncloud.log {
size 10M
rotate 12
copytruncate
missingok
compress
compresscmd /bin/gzip
}
EOM
#

 

{{pFoot|[[Asterisk]]|[[Main Page]]|[[Desktop software]]}}

OwnCloud

2026-03-21T18:02:48Z

Wikislax: /* Creating the OwnCloud database */

{{RightTOC}}

== What is OwnCloud ? ==

[http://owncloud.com/ OwnCloud] is a file synchronization server. It affords keeping a hierarchy of files synchronized on different clients and operating systems.

The [https://doc.owncloud.com/server/10.15/admin_manual/installation/quick_guides/ubuntu_20_04.html/ Owncloud install doc] provided is for Ubuntu.

It is adapted below for Slackware 15.0.

== Installing OwnCloud ==

OwnCloud is a PHP application. [https://owncloud.com/download-server download] tarball then untar and install.

# tar -C /usr/local -xvf owncloud-complete-20240724.tar.bz2
# chown -R apache:apache owncloud
# cd /var/www/htdocs
# ln -s /usr/local/owncloud owncloud
# chown -R apache:apache owncloud

== Creating the occ helper script ==

occ is an OwnCloud administration command.

# FILE="/usr/local/bin/occ"
# cat <<EOM >$FILE
> #! /bin/bash
> cd /usr/local/owncloud
> sudo -E -u apache /usr/bin/php /usr/local/owncloud/occ "\$@"
> EOM
# chmod u+x $FILE

== Creating the OwnCloud database ==

OwnCloud can use a variety of databases. We will be using MySQL. The database can be created as follows :

# mysql -u root -e \
"CREATE DATABASE IF NOT EXISTS owncloud; \
CREATE USER IF NOT EXISTS 'owncloud'@'localhost' IDENTIFIED BY 'password'; \
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'localhost' WITH GRANT OPTION; \
FLUSH PRIVILEGES;"
# mysql -u root -e \
"CREATE USER 'owncloud'@'127.0.0.1' IDENTIFIED BY 'password'; \
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'127.0.0.1'; \
FLUSH PRIVILEGES;"
#

It is also possible to create user owncloud@localhost and database from phpmyadmin.

== setting up the owncloud database ==

The admin user is the one who will manage the other users and OwnCloud from the OwnCloud web page.

# occ maintenance:install \
--database "mysql" \
--database-name "owncloud" \
--database-user "owncloud" \
--database-pass "password" \
--data-dir "/var/www/htdocs/owncloud/data" \
--admin-user "admin" \
--admin-pass "admin"
ownCloud was successfully installed
#

== Configure ownCloud’s Trusted Domains ==

# my_ip=$(hostname -I|cut -f1 -d ' ')
# occ config:system:set trusted_domains 1 --value="$my_ip"
System config value trusted_domains => 1 set to string '''x.y.z.t'''
# occ config:system:set trusted_domains 2 --value="$HOSTNAME"
System config value trusted_domains => 2 set to string '''your.domain.tld'''
#

== Configure the cron jobs ==

Set your background job mode to cron:

# occ background:cron
Set mode for background jobs to 'cron'
#

== Configure the execution of the cron job to every 15 min and the cleanup of chunks every night at 2 am: ==

# echo "MIN HOUR DAY MONTH DAYOFWEEK COMMAND" >> /var/spool/cron/crontabs/apache
# echo "*/15 * * * * /var/www/htdocs/owncloud/occ system:cron" >> /var/spool/cron/crontabs/apache
# echo "0 2 * * * /var/www/htdocs/owncloud/occ dav:cleanup-chunks" >> /var/spool/cron/crontabs/apache
# chgrp apache /var/spool/cron/crontabs/apache
#

== Configure Log Rotation ==

# FILE="/etc/logrotate.d/owncloud"
# cat <<EOM >$FILE
/var/www/htdocs/owncloud/data/owncloud.log {
size 10M
rotate 12
copytruncate
missingok
compress
compresscmd /bin/gzip
}
EOM
#

 

{{pFoot|[[Asterisk]]|[[Main Page]]|[[Desktop software]]}}

OwnCloud

2026-03-21T18:00:28Z

Wikislax: /* Creating the OwnCloud database */

{{RightTOC}}

== What is OwnCloud ? ==

[http://owncloud.com/ OwnCloud] is a file synchronization server. It affords keeping a hierarchy of files synchronized on different clients and operating systems.

The [https://doc.owncloud.com/server/10.15/admin_manual/installation/quick_guides/ubuntu_20_04.html/ Owncloud install doc] provided is for Ubuntu.

It is adapted below for Slackware 15.0.

== Installing OwnCloud ==

OwnCloud is a PHP application. [https://owncloud.com/download-server download] tarball then untar and install.

# tar -C /usr/local -xvf owncloud-complete-20240724.tar.bz2
# chown -R apache:apache owncloud
# cd /var/www/htdocs
# ln -s /usr/local/owncloud owncloud
# chown -R apache:apache owncloud

== Creating the occ helper script ==

occ is an OwnCloud administration command.

# FILE="/usr/local/bin/occ"
# cat <<EOM >$FILE
> #! /bin/bash
> cd /usr/local/owncloud
> sudo -E -u apache /usr/bin/php /usr/local/owncloud/occ "\$@"
> EOM
# chmod u+x $FILE

== Creating the OwnCloud database ==

OwnCloud can use a variety of databases. We will be using MySQL. The database can be created as follows :

# mysql -u root -e \
"CREATE DATABASE IF NOT EXISTS owncloud; \
CREATE USER IF NOT EXISTS 'owncloud'@'localhost' IDENTIFIED BY 'password'; \
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'localhost' WITH GRANT OPTION; \
FLUSH PRIVILEGES;"
# mysql -u root -e \
"CREATE USER 'owncloud'@'127.0.0.1' IDENTIFIED BY 'password'; \
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'127.0.0.1'; \
FLUSH PRIVILEGES;"
#

It is also possible to create user owncloud@localhost and database from phpmyadmin.

== setting up the owncloud database ==

The admin user is the one who will manage the other users and OwnCloud from the OwnCloud web page.

# occ maintenance:install \
--database "mysql" \
--database-name "owncloud" \
--database-user "owncloud" \
--database-pass "password" \
--data-dir "/var/www/htdocs/owncloud/data" \
--admin-user "admin" \
--admin-pass "admin"
ownCloud was successfully installed
#

== Configure ownCloud’s Trusted Domains ==

# my_ip=$(hostname -I|cut -f1 -d ' ')
# occ config:system:set trusted_domains 1 --value="$my_ip"
System config value trusted_domains => 1 set to string '''x.y.z.t'''
# occ config:system:set trusted_domains 2 --value="$HOSTNAME"
System config value trusted_domains => 2 set to string '''your.domain.tld'''
#

== Configure the cron jobs ==

Set your background job mode to cron:

# occ background:cron
Set mode for background jobs to 'cron'
#

== Configure the execution of the cron job to every 15 min and the cleanup of chunks every night at 2 am: ==

# echo "MIN HOUR DAY MONTH DAYOFWEEK COMMAND" >> /var/spool/cron/crontabs/apache
# echo "*/15 * * * * /var/www/htdocs/owncloud/occ system:cron" >> /var/spool/cron/crontabs/apache
# echo "0 2 * * * /var/www/htdocs/owncloud/occ dav:cleanup-chunks" >> /var/spool/cron/crontabs/apache
# chgrp apache /var/spool/cron/crontabs/apache
#

== Configure Log Rotation ==

# FILE="/etc/logrotate.d/owncloud"
# cat <<EOM >$FILE
/var/www/htdocs/owncloud/data/owncloud.log {
size 10M
rotate 12
copytruncate
missingok
compress
compresscmd /bin/gzip
}
EOM
#

 

{{pFoot|[[Asterisk]]|[[Main Page]]|[[Desktop software]]}}

OwnCloud

2026-03-21T13:48:38Z

Wikislax: /* Configure ownCloud’s Trusted Domains */

{{RightTOC}}

== What is OwnCloud ? ==

[http://owncloud.com/ OwnCloud] is a file synchronization server. It affords keeping a hierarchy of files synchronized on different clients and operating systems.

The [https://doc.owncloud.com/server/10.15/admin_manual/installation/quick_guides/ubuntu_20_04.html/ Owncloud install doc] provided is for Ubuntu.

It is adapted below for Slackware 15.0.

== Installing OwnCloud ==

OwnCloud is a PHP application. [https://owncloud.com/download-server download] tarball then untar and install.

# tar -C /usr/local -xvf owncloud-complete-20240724.tar.bz2
# chown -R apache:apache owncloud
# cd /var/www/htdocs
# ln -s /usr/local/owncloud owncloud
# chown -R apache:apache owncloud

== Creating the occ helper script ==

occ is an OwnCloud administration command.

# FILE="/usr/local/bin/occ"
# cat <<EOM >$FILE
> #! /bin/bash
> cd /usr/local/owncloud
> sudo -E -u apache /usr/bin/php /usr/local/owncloud/occ "\$@"
> EOM
# chmod u+x $FILE

== Creating the OwnCloud database ==

OwnCloud can use a variety of databases. We will be using MySQL. The database can be created as follows :

# mysql -u root -e \
"CREATE DATABASE IF NOT EXISTS owncloud; \
CREATE USER IF NOT EXISTS 'owncloud'@'localhost' IDENTIFIED BY 'password'; \
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'localhost' WITH GRANT OPTION; \
FLUSH PRIVILEGES;"
# mysql -u root -e \
CREATE USER 'owncloud'@'127.0.0.1' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'127.0.0.1';
FLUSH PRIVILEGES;
#

It is also possible to create user owncloud@localhost and database from phpmyadmin.

== setting up the owncloud database ==

The admin user is the one who will manage the other users and OwnCloud from the OwnCloud web page.

# occ maintenance:install \
--database "mysql" \
--database-name "owncloud" \
--database-user "owncloud" \
--database-pass "password" \
--data-dir "/var/www/htdocs/owncloud/data" \
--admin-user "admin" \
--admin-pass "admin"
ownCloud was successfully installed
#

== Configure ownCloud’s Trusted Domains ==

# my_ip=$(hostname -I|cut -f1 -d ' ')
# occ config:system:set trusted_domains 1 --value="$my_ip"
System config value trusted_domains => 1 set to string '''x.y.z.t'''
# occ config:system:set trusted_domains 2 --value="$HOSTNAME"
System config value trusted_domains => 2 set to string '''your.domain.tld'''
#

== Configure the cron jobs ==

Set your background job mode to cron:

# occ background:cron
Set mode for background jobs to 'cron'
#

== Configure the execution of the cron job to every 15 min and the cleanup of chunks every night at 2 am: ==

# echo "MIN HOUR DAY MONTH DAYOFWEEK COMMAND" >> /var/spool/cron/crontabs/apache
# echo "*/15 * * * * /var/www/htdocs/owncloud/occ system:cron" >> /var/spool/cron/crontabs/apache
# echo "0 2 * * * /var/www/htdocs/owncloud/occ dav:cleanup-chunks" >> /var/spool/cron/crontabs/apache
# chgrp apache /var/spool/cron/crontabs/apache
#

== Configure Log Rotation ==

# FILE="/etc/logrotate.d/owncloud"
# cat <<EOM >$FILE
/var/www/htdocs/owncloud/data/owncloud.log {
size 10M
rotate 12
copytruncate
missingok
compress
compresscmd /bin/gzip
}
EOM
#

 

{{pFoot|[[Asterisk]]|[[Main Page]]|[[Desktop software]]}}

OwnCloud

2026-03-21T13:48:11Z

Wikislax: /* Configure ownCloud’s Trusted Domains */

{{RightTOC}}

== What is OwnCloud ? ==

[http://owncloud.com/ OwnCloud] is a file synchronization server. It affords keeping a hierarchy of files synchronized on different clients and operating systems.

The [https://doc.owncloud.com/server/10.15/admin_manual/installation/quick_guides/ubuntu_20_04.html/ Owncloud install doc] provided is for Ubuntu.

It is adapted below for Slackware 15.0.

== Installing OwnCloud ==

OwnCloud is a PHP application. [https://owncloud.com/download-server download] tarball then untar and install.

# tar -C /usr/local -xvf owncloud-complete-20240724.tar.bz2
# chown -R apache:apache owncloud
# cd /var/www/htdocs
# ln -s /usr/local/owncloud owncloud
# chown -R apache:apache owncloud

== Creating the occ helper script ==

occ is an OwnCloud administration command.

# FILE="/usr/local/bin/occ"
# cat <<EOM >$FILE
> #! /bin/bash
> cd /usr/local/owncloud
> sudo -E -u apache /usr/bin/php /usr/local/owncloud/occ "\$@"
> EOM
# chmod u+x $FILE

== Creating the OwnCloud database ==

OwnCloud can use a variety of databases. We will be using MySQL. The database can be created as follows :

# mysql -u root -e \
"CREATE DATABASE IF NOT EXISTS owncloud; \
CREATE USER IF NOT EXISTS 'owncloud'@'localhost' IDENTIFIED BY 'password'; \
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'localhost' WITH GRANT OPTION; \
FLUSH PRIVILEGES;"
# mysql -u root -e \
CREATE USER 'owncloud'@'127.0.0.1' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'127.0.0.1';
FLUSH PRIVILEGES;
#

It is also possible to create user owncloud@localhost and database from phpmyadmin.

== setting up the owncloud database ==

The admin user is the one who will manage the other users and OwnCloud from the OwnCloud web page.

# occ maintenance:install \
--database "mysql" \
--database-name "owncloud" \
--database-user "owncloud" \
--database-pass "password" \
--data-dir "/var/www/htdocs/owncloud/data" \
--admin-user "admin" \
--admin-pass "admin"
ownCloud was successfully installed
#

== Configure ownCloud’s Trusted Domains ==

# my_ip=$(hostname -I|cut -f1 -d ' ')
# occ config:system:set trusted_domains 1 --value="$my_ip"
System config value trusted_domains => 1 set to string x.y.z.t
# occ config:system:set trusted_domains 2 --value="$HOSTNAME"
System config value trusted_domains => 2 set to string your.domain.tld
#

== Configure the cron jobs ==

Set your background job mode to cron:

# occ background:cron
Set mode for background jobs to 'cron'
#

== Configure the execution of the cron job to every 15 min and the cleanup of chunks every night at 2 am: ==

# echo "MIN HOUR DAY MONTH DAYOFWEEK COMMAND" >> /var/spool/cron/crontabs/apache
# echo "*/15 * * * * /var/www/htdocs/owncloud/occ system:cron" >> /var/spool/cron/crontabs/apache
# echo "0 2 * * * /var/www/htdocs/owncloud/occ dav:cleanup-chunks" >> /var/spool/cron/crontabs/apache
# chgrp apache /var/spool/cron/crontabs/apache
#

== Configure Log Rotation ==

# FILE="/etc/logrotate.d/owncloud"
# cat <<EOM >$FILE
/var/www/htdocs/owncloud/data/owncloud.log {
size 10M
rotate 12
copytruncate
missingok
compress
compresscmd /bin/gzip
}
EOM
#

 

{{pFoot|[[Asterisk]]|[[Main Page]]|[[Desktop software]]}}

OwnCloud

2026-03-21T13:44:16Z

Wikislax: /* Creating the OwnCloud database */

{{RightTOC}}

== What is OwnCloud ? ==

[http://owncloud.com/ OwnCloud] is a file synchronization server. It affords keeping a hierarchy of files synchronized on different clients and operating systems.

The [https://doc.owncloud.com/server/10.15/admin_manual/installation/quick_guides/ubuntu_20_04.html/ Owncloud install doc] provided is for Ubuntu.

It is adapted below for Slackware 15.0.

== Installing OwnCloud ==

OwnCloud is a PHP application. [https://owncloud.com/download-server download] tarball then untar and install.

# tar -C /usr/local -xvf owncloud-complete-20240724.tar.bz2
# chown -R apache:apache owncloud
# cd /var/www/htdocs
# ln -s /usr/local/owncloud owncloud
# chown -R apache:apache owncloud

== Creating the occ helper script ==

occ is an OwnCloud administration command.

# FILE="/usr/local/bin/occ"
# cat <<EOM >$FILE
> #! /bin/bash
> cd /usr/local/owncloud
> sudo -E -u apache /usr/bin/php /usr/local/owncloud/occ "\$@"
> EOM
# chmod u+x $FILE

== Creating the OwnCloud database ==

OwnCloud can use a variety of databases. We will be using MySQL. The database can be created as follows :

# mysql -u root -e \
"CREATE DATABASE IF NOT EXISTS owncloud; \
CREATE USER IF NOT EXISTS 'owncloud'@'localhost' IDENTIFIED BY 'password'; \
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'localhost' WITH GRANT OPTION; \
FLUSH PRIVILEGES;"
# mysql -u root -e \
CREATE USER 'owncloud'@'127.0.0.1' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'127.0.0.1';
FLUSH PRIVILEGES;
#

It is also possible to create user owncloud@localhost and database from phpmyadmin.

== setting up the owncloud database ==

The admin user is the one who will manage the other users and OwnCloud from the OwnCloud web page.

# occ maintenance:install \
--database "mysql" \
--database-name "owncloud" \
--database-user "owncloud" \
--database-pass "password" \
--data-dir "/var/www/htdocs/owncloud/data" \
--admin-user "admin" \
--admin-pass "admin"
ownCloud was successfully installed
#

== Configure ownCloud’s Trusted Domains ==

# my_ip=$(hostname -I|cut -f1 -d ' ')
# occ config:system:set trusted_domains 1 --value="$my_ip"
System config value trusted_domains => 1 set to string x.y.z.t
# occ config:system:set trusted_domains 2 --value="$HOSTNAME"
System config value trusted_domains => 2 set to string your.domain.tld
#

== Configure the cron jobs ==

Set your background job mode to cron:

# occ background:cron
Set mode for background jobs to 'cron'
#

== Configure the execution of the cron job to every 15 min and the cleanup of chunks every night at 2 am: ==

# echo "MIN HOUR DAY MONTH DAYOFWEEK COMMAND" >> /var/spool/cron/crontabs/apache
# echo "*/15 * * * * /var/www/htdocs/owncloud/occ system:cron" >> /var/spool/cron/crontabs/apache
# echo "0 2 * * * /var/www/htdocs/owncloud/occ dav:cleanup-chunks" >> /var/spool/cron/crontabs/apache
# chgrp apache /var/spool/cron/crontabs/apache
#

== Configure Log Rotation ==

# FILE="/etc/logrotate.d/owncloud"
# cat <<EOM >$FILE
/var/www/htdocs/owncloud/data/owncloud.log {
size 10M
rotate 12
copytruncate
missingok
compress
compresscmd /bin/gzip
}
EOM
#

 

{{pFoot|[[Asterisk]]|[[Main Page]]|[[Desktop software]]}}

OwnCloud

2026-03-21T13:43:48Z

Wikislax: /* Creating the OwnCloud database */

{{RightTOC}}

== What is OwnCloud ? ==

[http://owncloud.com/ OwnCloud] is a file synchronization server. It affords keeping a hierarchy of files synchronized on different clients and operating systems.

The [https://doc.owncloud.com/server/10.15/admin_manual/installation/quick_guides/ubuntu_20_04.html/ Owncloud install doc] provided is for Ubuntu.

It is adapted below for Slackware 15.0.

== Installing OwnCloud ==

OwnCloud is a PHP application. [https://owncloud.com/download-server download] tarball then untar and install.

# tar -C /usr/local -xvf owncloud-complete-20240724.tar.bz2
# chown -R apache:apache owncloud
# cd /var/www/htdocs
# ln -s /usr/local/owncloud owncloud
# chown -R apache:apache owncloud

== Creating the occ helper script ==

occ is an OwnCloud administration command.

# FILE="/usr/local/bin/occ"
# cat <<EOM >$FILE
> #! /bin/bash
> cd /usr/local/owncloud
> sudo -E -u apache /usr/bin/php /usr/local/owncloud/occ "\$@"
> EOM
# chmod u+x $FILE

== Creating the OwnCloud database ==

OwnCloud can use a variety of databases. We will be using MySQL. The database can be created as follows :

# mysql -u root -e \
"CREATE DATABASE IF NOT EXISTS owncloud; \
CREATE USER IF NOT EXISTS 'owncloud'@'localhost' IDENTIFIED BY 'password'; \
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'localhost' WITH GRANT OPTION; \
FLUSH PRIVILEGES;"
# mysql -u root -e \
CREATE USER 'owncloud'@'127.0.0.1' IDENTIFIED BY 'z0m8upnt';
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'127.0.0.1';
FLUSH PRIVILEGES;
#

It is also possible to create user owncloud@localhost and database from phpmyadmin.

== setting up the owncloud database ==

The admin user is the one who will manage the other users and OwnCloud from the OwnCloud web page.

# occ maintenance:install \
--database "mysql" \
--database-name "owncloud" \
--database-user "owncloud" \
--database-pass "password" \
--data-dir "/var/www/htdocs/owncloud/data" \
--admin-user "admin" \
--admin-pass "admin"
ownCloud was successfully installed
#

== Configure ownCloud’s Trusted Domains ==

# my_ip=$(hostname -I|cut -f1 -d ' ')
# occ config:system:set trusted_domains 1 --value="$my_ip"
System config value trusted_domains => 1 set to string x.y.z.t
# occ config:system:set trusted_domains 2 --value="$HOSTNAME"
System config value trusted_domains => 2 set to string your.domain.tld
#

== Configure the cron jobs ==

Set your background job mode to cron:

# occ background:cron
Set mode for background jobs to 'cron'
#

== Configure the execution of the cron job to every 15 min and the cleanup of chunks every night at 2 am: ==

# echo "MIN HOUR DAY MONTH DAYOFWEEK COMMAND" >> /var/spool/cron/crontabs/apache
# echo "*/15 * * * * /var/www/htdocs/owncloud/occ system:cron" >> /var/spool/cron/crontabs/apache
# echo "0 2 * * * /var/www/htdocs/owncloud/occ dav:cleanup-chunks" >> /var/spool/cron/crontabs/apache
# chgrp apache /var/spool/cron/crontabs/apache
#

== Configure Log Rotation ==

# FILE="/etc/logrotate.d/owncloud"
# cat <<EOM >$FILE
/var/www/htdocs/owncloud/data/owncloud.log {
size 10M
rotate 12
copytruncate
missingok
compress
compresscmd /bin/gzip
}
EOM
#

 

{{pFoot|[[Asterisk]]|[[Main Page]]|[[Desktop software]]}}

OwnCloud

2026-03-21T13:30:30Z

Wikislax: /* Creating the OwnCloud database */

{{RightTOC}}

== What is OwnCloud ? ==

[http://owncloud.com/ OwnCloud] is a file synchronization server. It affords keeping a hierarchy of files synchronized on different clients and operating systems.

The [https://doc.owncloud.com/server/10.15/admin_manual/installation/quick_guides/ubuntu_20_04.html/ Owncloud install doc] provided is for Ubuntu.

It is adapted below for Slackware 15.0.

== Installing OwnCloud ==

OwnCloud is a PHP application. [https://owncloud.com/download-server download] tarball then untar and install.

# tar -C /usr/local -xvf owncloud-complete-20240724.tar.bz2
# chown -R apache:apache owncloud
# cd /var/www/htdocs
# ln -s /usr/local/owncloud owncloud
# chown -R apache:apache owncloud

== Creating the occ helper script ==

occ is an OwnCloud administration command.

# FILE="/usr/local/bin/occ"
# cat <<EOM >$FILE
> #! /bin/bash
> cd /usr/local/owncloud
> sudo -E -u apache /usr/bin/php /usr/local/owncloud/occ "\$@"
> EOM
# chmod u+x $FILE

== Creating the OwnCloud database ==

OwnCloud can use a variety of databases. We will be using MySQL. The database can be created as follows :

# mysql -u root -e \
"CREATE DATABASE IF NOT EXISTS owncloud; \
CREATE USER IF NOT EXISTS 'owncloud'@'localhost' IDENTIFIED BY 'password'; \
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'localhost' WITH GRANT OPTION; \
FLUSH PRIVILEGES;"
#

It is also possible to create user owncloud@localhost and database from phpmyadmin.

== setting up the owncloud database ==

The admin user is the one who will manage the other users and OwnCloud from the OwnCloud web page.

# occ maintenance:install \
--database "mysql" \
--database-name "owncloud" \
--database-user "owncloud" \
--database-pass "password" \
--data-dir "/var/www/htdocs/owncloud/data" \
--admin-user "admin" \
--admin-pass "admin"
ownCloud was successfully installed
#

== Configure ownCloud’s Trusted Domains ==

# my_ip=$(hostname -I|cut -f1 -d ' ')
# occ config:system:set trusted_domains 1 --value="$my_ip"
System config value trusted_domains => 1 set to string x.y.z.t
# occ config:system:set trusted_domains 2 --value="$HOSTNAME"
System config value trusted_domains => 2 set to string your.domain.tld
#

== Configure the cron jobs ==

Set your background job mode to cron:

# occ background:cron
Set mode for background jobs to 'cron'
#

== Configure the execution of the cron job to every 15 min and the cleanup of chunks every night at 2 am: ==

# echo "MIN HOUR DAY MONTH DAYOFWEEK COMMAND" >> /var/spool/cron/crontabs/apache
# echo "*/15 * * * * /var/www/htdocs/owncloud/occ system:cron" >> /var/spool/cron/crontabs/apache
# echo "0 2 * * * /var/www/htdocs/owncloud/occ dav:cleanup-chunks" >> /var/spool/cron/crontabs/apache
# chgrp apache /var/spool/cron/crontabs/apache
#

== Configure Log Rotation ==

# FILE="/etc/logrotate.d/owncloud"
# cat <<EOM >$FILE
/var/www/htdocs/owncloud/data/owncloud.log {
size 10M
rotate 12
copytruncate
missingok
compress
compresscmd /bin/gzip
}
EOM
#

 

{{pFoot|[[Asterisk]]|[[Main Page]]|[[Desktop software]]}}

Linux basics

2026-03-21T12:24:04Z

Wikislax: /* Useful linux commands */

== Using VI ==

'''vi''' (pronounced vee-eye) is the Unix standard text editor so affords editing the configuration files by hand. If you don’t know it yet, it can be a bit surprising. Actually, '''vi''' was created at a time when the keyboards did not have any arrow or insert keys. So there are two modes: the «open» mode and the «insert» mode.

The open mode affords moving the cursor. '''j''', '''k''', '''l''', '''m''' move the cursor by one character. '''ctrl-f''' moves one page forward and '''ctrl-b''' moves one page backwards. '''w''' moves one word forward and '''b''' moves one word backwards. It is also possible to use the arrow keys.

'''i''' goes into insert mode before the cursor, '''a''' goes into insert mode after the cursor, and '''A''' goes into insert mode at the end of the line. '''o''' adds a line after the current line, and '''O''' adds a live before the current line. '''R''' goes into rewrite mode.

'''esc''' affords getting out of the insert mode.

'''c$''' affords replacing the end of the line and '''d$''' affords deleting the end of the line. '''cw''' affords replacing one word and '''dw''' affords deleting one word. '''dd''' affords deleting the current line.

''':q''' affords quitting without saving. If the file has been modified, quitting must be forced by typing ''':q!'''. ''':x''' affords saving and quitting. If the file does not have the write rigths, saving must be forced by typing ''':x!'''. ''':w''' affords writing the text in a new file. If the new file already exists, writing must be forced by typing ''':w!'''.

''':num''' affords moving to the line number num. ''':$''' affords moving to the end of the file.
''':num1copynum2''' affords copying the line number num1 after the line number num2. ''':num1mnum2''' affords moving the line number num1 after the line number num2.

For detailed information, check the [http://vimdoc.sourceforge.net/htmldoc/help.html VIM Documentation]. To enter special characters check the page on [http://vimdoc.sourceforge.net/htmldoc/digraph.html digraphs]. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.

To get syntax highligting instead of '''vi''' use the '''vim'''(vi improved) replacement :

# '''cd /usr/bin'''
# '''rm vi'''
# '''ln -s vim vi'''

== Using SSH ==

SSH is a suite of tools affording connecting remotely over encrypted communications. On the client side, '''ssh''' offers a command line terminal, '''scp''' affords copying a file, and '''sftp''' behaves like ftp. The server side consists of sshd, sftp-server, and ssh-agent. ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen afford key management. The SSH present on Slackware and the BSDs is [https://www.openssh.com/ OpenSSH], developped by members of the [https://www.openbsd.org/ OpenBSD] project.

'''ssh''' obviously requires your password every time it is executed. This can be avoided by creating on the client a pair of rsa keys and copying the public key to the server. Not specifying a passphrase is not very secure but will afford avoiding having to enter it every time :

# '''ssh-keygen -t rsa'''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): '''<cr>'''
Enter passphrase (empty for no passphrase): '''<cr>'''
Enter same passphrase again: '''cr>'''
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ATSDdER5/l8OJvr+jpINIReJtd81zntVbTjuJW5aobE root@client
The key's randomart image is:
+---[RSA 2048]----+
| ..=O+.. |
| ..o++. ..|
| oo. = +|
| . +o . = +.|
| oSo. o * o|
| . o o*.=.|
| = +E+* .|
| + ...+.. |
| ++o+ |
+----[SHA256]-----+
# '''scp root@client:.ssh/id_rsa.pub root@server:.ssh/id_rsa.pub'''
password: '''secret<cr>'''
id_rsa.pub 100% 394 1.8MB/s 00:00
# '''ssh server'''
password: '''secret<cr>'''
# '''cd .ssh'''
# '''cat >> authorized_keys < id_rsa.pub'''
# '''chmod 600 authorized_keys'''
# '''rm id_rsa.pub'''

== Useful linux commands ==

{| {{thead}}
|-
! {{chead}} width="220" | Command
! {{chead}} | Effect
|-
|<tt>'''cd'''</tt>||change directory.
|-
|<tt>'''chmod -R ppp ddd'''</tt>||recursively change permissions on file or directory.
|-
|<tt>'''chown -R uuu:ggg ddd'''</tt>||recursively change user:group ownership on file or directory.
|-
|<tt>'''chgrp -R ggg ddd'''</tt>||recursively change group ownership on file or directory.
|-
|<tt>'''command xxx <nowiki>|</nowiki> grep yyy'''</tt>||search for string yyy in output of command xxx.
|-
|<tt>'''ethtool -s eth0 wol g'''</tt>||puts interface eth0 in wake-on-lan status.
|-
|<tt>'''find xxx -name yyy -print'''</tt>||find file yyy in in subdirectories of xxx.
|-
|<tt>'''groupadd <group>'''</tt>||add group <group>.
|-
|<tt>'''ifconfig -a'''</tt>||print the network interfaces configuration.
|-
|<tt>'''iptables -L'''</tt>||print the firewall rules.
|-
|<tt>'''killall xxx'''</tt>||kill program named xxx.
|-
|<tt>'''ldconfig'''</tt>||reload libraries taking into account new libraries just built.
|-
|<tt>'''ln -s existing new'''</tt>||create a symbolic link new to an existing directory or file.
|-
|<tt>'''ls -al'''</tt>||list the working directory, including files beginning with a dot.
|-
|<tt>'''man xxx'''</tt>||display the xxx command manual page.
|-
|<tt>'''more xxx'''</tt>||display file xxx with the possibility of moving up and down. '''less''' and '''most''' are similar commands.
|-
|<tt>'''mount -t ttt /dev/xxx /mnt/ddd'''</tt>||mount device xxx as type ttt under directory ddd.
|-
|<tt>'''(u)mount /mnt/ddd'''</tt>||(u)mount device ddd as specified in /etc/fstab.
|-
|<tt>'''nmap host'''</tt>||check filtering status of ports on host. '''-sU''' for UDP.
|-
|<tt>'''ntpdate -bv 0.fr.pool.ntp.org'''</tt>|| force ntp synchronization.
|-
|<tt>'''ps -ef'''</tt>||list the running processes.
|-
|<tt>'''pwd'''</tt>||print working directory.
|-
|<tt>'''rm -r'''</tt>||remove file or directory recursively.
|-
|<tt>'''route'''</tt>||display the network routing table.
|-
|<tt>'''scp -p usr1@hst1:/str1 usr2@hst2:/str2'''</tt>||copy files between hosts.
|-
|<tt>'''screen -S<name>'''</tt>||screen offers a frame to run a shell, detach from it (<ctrl>-a d) and later reattach to it.
|-
|<tt>'''ssh host'''</tt>||connect remotely to site host.
|-
|<tt>'''su -l uuuu'''</tt>||execute shell as another user. if -l is used an environment similar to what the other user would have had with a direct login is provided.
|-
|<tt>'''telinit n'''</tt>||go to the runlevel n (1=single-user, 3=multi-user, 4=graphical, 6=reboot).
|-
|<tt>'''umask'''</tt>||edit /etc/profile to change the default umask value of 022 and '''set it to 027''' (files not readable by other users), a good setting except when installing as root server software to be ran as a standard user account (permission issues).
|-
|<tt>'''useradd <group> <user>'''</tt>||add <user> as a member of group <group>.
|-
|<tt>'''vi'''</tt>||run the vi text editor. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.
|}

 

{{pFoot|[[Maintaining Slackware]]|[[Main Page]]|[[Configuration files]]}}

Linux basics

2026-03-21T12:22:52Z

Wikislax: /* Useful linux commands */

== Using VI ==

'''vi''' (pronounced vee-eye) is the Unix standard text editor so affords editing the configuration files by hand. If you don’t know it yet, it can be a bit surprising. Actually, '''vi''' was created at a time when the keyboards did not have any arrow or insert keys. So there are two modes: the «open» mode and the «insert» mode.

The open mode affords moving the cursor. '''j''', '''k''', '''l''', '''m''' move the cursor by one character. '''ctrl-f''' moves one page forward and '''ctrl-b''' moves one page backwards. '''w''' moves one word forward and '''b''' moves one word backwards. It is also possible to use the arrow keys.

'''i''' goes into insert mode before the cursor, '''a''' goes into insert mode after the cursor, and '''A''' goes into insert mode at the end of the line. '''o''' adds a line after the current line, and '''O''' adds a live before the current line. '''R''' goes into rewrite mode.

'''esc''' affords getting out of the insert mode.

'''c$''' affords replacing the end of the line and '''d$''' affords deleting the end of the line. '''cw''' affords replacing one word and '''dw''' affords deleting one word. '''dd''' affords deleting the current line.

''':q''' affords quitting without saving. If the file has been modified, quitting must be forced by typing ''':q!'''. ''':x''' affords saving and quitting. If the file does not have the write rigths, saving must be forced by typing ''':x!'''. ''':w''' affords writing the text in a new file. If the new file already exists, writing must be forced by typing ''':w!'''.

''':num''' affords moving to the line number num. ''':$''' affords moving to the end of the file.
''':num1copynum2''' affords copying the line number num1 after the line number num2. ''':num1mnum2''' affords moving the line number num1 after the line number num2.

For detailed information, check the [http://vimdoc.sourceforge.net/htmldoc/help.html VIM Documentation]. To enter special characters check the page on [http://vimdoc.sourceforge.net/htmldoc/digraph.html digraphs]. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.

To get syntax highligting instead of '''vi''' use the '''vim'''(vi improved) replacement :

# '''cd /usr/bin'''
# '''rm vi'''
# '''ln -s vim vi'''

== Using SSH ==

SSH is a suite of tools affording connecting remotely over encrypted communications. On the client side, '''ssh''' offers a command line terminal, '''scp''' affords copying a file, and '''sftp''' behaves like ftp. The server side consists of sshd, sftp-server, and ssh-agent. ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen afford key management. The SSH present on Slackware and the BSDs is [https://www.openssh.com/ OpenSSH], developped by members of the [https://www.openbsd.org/ OpenBSD] project.

'''ssh''' obviously requires your password every time it is executed. This can be avoided by creating on the client a pair of rsa keys and copying the public key to the server. Not specifying a passphrase is not very secure but will afford avoiding having to enter it every time :

# '''ssh-keygen -t rsa'''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): '''<cr>'''
Enter passphrase (empty for no passphrase): '''<cr>'''
Enter same passphrase again: '''cr>'''
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ATSDdER5/l8OJvr+jpINIReJtd81zntVbTjuJW5aobE root@client
The key's randomart image is:
+---[RSA 2048]----+
| ..=O+.. |
| ..o++. ..|
| oo. = +|
| . +o . = +.|
| oSo. o * o|
| . o o*.=.|
| = +E+* .|
| + ...+.. |
| ++o+ |
+----[SHA256]-----+
# '''scp root@client:.ssh/id_rsa.pub root@server:.ssh/id_rsa.pub'''
password: '''secret<cr>'''
id_rsa.pub 100% 394 1.8MB/s 00:00
# '''ssh server'''
password: '''secret<cr>'''
# '''cd .ssh'''
# '''cat >> authorized_keys < id_rsa.pub'''
# '''chmod 600 authorized_keys'''
# '''rm id_rsa.pub'''

== Useful linux commands ==

{| {{thead}}
|-
! {{chead}} width="220" | Command
! {{chead}} | Effect
|-
|<tt>'''cd'''</tt>||change directory.
|-
|<tt>'''chmod -R ppp ddd'''</tt>||recursively change permissions on file or directory.
|-
|<tt>'''chown -R uuu:ggg ddd'''</tt>||recursively change user:group ownership on file or directory.
|-
|<tt>'''chgrp -R ggg ddd'''</tt>||recursively change group ownership on file or directory.
|-
|<tt>'''command xxx <nowiki>|</nowiki> grep yyy'''</tt>||search for string yyy in output of command xxx.
|-
|<tt>'''ethtool -s eth0 wol g'''</tt>||puts interface eth0 in wake-on-lan status.
|-
|<tt>'''find xxx -name yyy -print'''</tt>||find file yyy in in subdirectories of xxx.
|-
|<tt>'''groupadd <group>'''</tt>||add group <group>.
|-
|<tt>'''ifconfig -a'''</tt>||print the network interfaces configuration.
|-
|<tt>'''iptables -L'''</tt>||print the firewall rules.
|-
|<tt>'''killall xxx'''</tt>||kill program named xxx.
|-
|<tt>'''ldconfig'''</tt>||reload libraries taking into account new libraries just built.
|-
|<tt>'''ln -s existing new'''</tt>||create a symbolic link new to an existing directory or file.
|-
|<tt>'''ls -al'''</tt>||list the working directory, including files beginning with a dot.
|-
|<tt>'''man xxx'''</tt>||display the xxx command manual page.
|-
|<tt>'''more xxx'''</tt>||display file xxx with the possibility of moving up and down. '''less''' and '''most''' are similar commands.
|-
|<tt>'''mount -t ttt /dev/xxx /mnt/ddd'''</tt>||mount device xxx as type ttt under directory ddd.
|-
|<tt>'''(u)mount /mnt/ddd'''</tt>||(u)mount device ddd as specified in /etc/fstab.
|-
|<tt>'''nmap host'''</tt>||check filtering status of ports on host. '''-sU''' for UDP.
|-
|<tt>'''ntpdate -bv 0.fr.pool.ntp.org'''</tt>|| force ntp synchronization.
|-
|<tt>'''ps -ef'''</tt>||list the running processes.
|-
|<tt>'''pwd'''</tt>||print working directory.
|-
|<tt>'''rm -r'''</tt>||remove file or directory recursively.
|-
|<tt>'''route'''</tt>||display the network routing table.
|-
|<tt>'''scp -p usr1@hst1:/str1 usr2@hst2:/str2'''</tt>||copy files between hosts.
|-
|<tt>'''screen -S<name>'''</tt>||screen offers a frame to run a shell, detach from it (<ctrl>-a d) and later reattach to it.
|-
|<tt>'''ssh host'''</tt>||connect remotely to site host.
|-
|<tt>'''su -l uuuu'''</tt>||execute shell as another user. if -l is used an environment similar to what the other user would have had with a direct login is provided.
|-
|<tt>'''telinit n'''</tt>||go to the runlevel n (1=single-user, 3=multi-user, 4=graphical, 6=reboot).
|-
|<tt>'''umask'''</tt>||edit /etc/profile to change the default umask value of 022 and '''set it to 027''' (files not readable by other users), a good setting except when installing as root server software to be ran as a standard user account (permission issues).
|-
|<tt>'''useradd <group> <user>'''</tt>||add <user> as a member of group <group>.
|-
|<tt>'''vi'''</tt>||run the vi text editor. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.
|}

 

{{pFoot|[[Maintaining Slackware]]|[[Main Page]]|[[Configuration files]]}}

Linux basics

2026-03-21T12:21:11Z

Wikislax: /* Useful linux commands */

== Using VI ==

'''vi''' (pronounced vee-eye) is the Unix standard text editor so affords editing the configuration files by hand. If you don’t know it yet, it can be a bit surprising. Actually, '''vi''' was created at a time when the keyboards did not have any arrow or insert keys. So there are two modes: the «open» mode and the «insert» mode.

The open mode affords moving the cursor. '''j''', '''k''', '''l''', '''m''' move the cursor by one character. '''ctrl-f''' moves one page forward and '''ctrl-b''' moves one page backwards. '''w''' moves one word forward and '''b''' moves one word backwards. It is also possible to use the arrow keys.

'''i''' goes into insert mode before the cursor, '''a''' goes into insert mode after the cursor, and '''A''' goes into insert mode at the end of the line. '''o''' adds a line after the current line, and '''O''' adds a live before the current line. '''R''' goes into rewrite mode.

'''esc''' affords getting out of the insert mode.

'''c$''' affords replacing the end of the line and '''d$''' affords deleting the end of the line. '''cw''' affords replacing one word and '''dw''' affords deleting one word. '''dd''' affords deleting the current line.

''':q''' affords quitting without saving. If the file has been modified, quitting must be forced by typing ''':q!'''. ''':x''' affords saving and quitting. If the file does not have the write rigths, saving must be forced by typing ''':x!'''. ''':w''' affords writing the text in a new file. If the new file already exists, writing must be forced by typing ''':w!'''.

''':num''' affords moving to the line number num. ''':$''' affords moving to the end of the file.
''':num1copynum2''' affords copying the line number num1 after the line number num2. ''':num1mnum2''' affords moving the line number num1 after the line number num2.

For detailed information, check the [http://vimdoc.sourceforge.net/htmldoc/help.html VIM Documentation]. To enter special characters check the page on [http://vimdoc.sourceforge.net/htmldoc/digraph.html digraphs]. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.

To get syntax highligting instead of '''vi''' use the '''vim'''(vi improved) replacement :

# '''cd /usr/bin'''
# '''rm vi'''
# '''ln -s vim vi'''

== Using SSH ==

SSH is a suite of tools affording connecting remotely over encrypted communications. On the client side, '''ssh''' offers a command line terminal, '''scp''' affords copying a file, and '''sftp''' behaves like ftp. The server side consists of sshd, sftp-server, and ssh-agent. ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen afford key management. The SSH present on Slackware and the BSDs is [https://www.openssh.com/ OpenSSH], developped by members of the [https://www.openbsd.org/ OpenBSD] project.

'''ssh''' obviously requires your password every time it is executed. This can be avoided by creating on the client a pair of rsa keys and copying the public key to the server. Not specifying a passphrase is not very secure but will afford avoiding having to enter it every time :

# '''ssh-keygen -t rsa'''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): '''<cr>'''
Enter passphrase (empty for no passphrase): '''<cr>'''
Enter same passphrase again: '''cr>'''
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ATSDdER5/l8OJvr+jpINIReJtd81zntVbTjuJW5aobE root@client
The key's randomart image is:
+---[RSA 2048]----+
| ..=O+.. |
| ..o++. ..|
| oo. = +|
| . +o . = +.|
| oSo. o * o|
| . o o*.=.|
| = +E+* .|
| + ...+.. |
| ++o+ |
+----[SHA256]-----+
# '''scp root@client:.ssh/id_rsa.pub root@server:.ssh/id_rsa.pub'''
password: '''secret<cr>'''
id_rsa.pub 100% 394 1.8MB/s 00:00
# '''ssh server'''
password: '''secret<cr>'''
# '''cd .ssh'''
# '''cat >> authorized_keys < id_rsa.pub'''
# '''chmod 600 authorized_keys'''
# '''rm id_rsa.pub'''

== Useful linux commands ==

{| {{thead}}
|-
! {{chead}} width="220" | Command
! {{chead}} | Effect
|-
|<tt>'''cd'''</tt>||change directory.
|-
|<tt>'''chmod -R ppp ddd'''</tt>||recursively change permissions on file or directory.
|-
|<tt>'''chown -R uuu:ggg ddd'''</tt>||recursively change user:group ownership on file or directory.
|-
|<tt>'''chgrp -R ggg ddd'''</tt>||recursively change group ownership on file or directory.
|-
|<tt>'''command xxx <nowiki>|</nowiki> grep yyy'''</tt>||search for string yyy in output of command xxx.
|-
|<tt>'''ethtool -s eth0 wol g'''</tt>||puts interface eth0 in wake-on-lan status.
|-
|<tt>'''find xxx -name yyy -print'''</tt>||find file yyy in in subdirectories of xxx.
|-
|<tt>'''groupadd <group>'''</tt>||add group <group>.
|-
|<tt>'''ifconfig -a'''</tt>||print the network interfaces configuration.
|-
|<tt>'''iptables -L'''</tt>||print the firewall rules.
|-
|<tt>'''killall xxx'''</tt>||kill program named xxx.
|-
|<tt>'''ldconfig'''</tt>||reload libraries taking into account new libraries just built.
|-
|<tt>'''ln -s existing new'''</tt>||create a symbolic link new to an existing directory or file.
|-
|<tt>'''ls -al'''</tt>||list the working directory, including files beginning with a dot.
|-
|<tt>'''man xxx'''</tt>||display the xxx command manual page.
|-
|<tt>'''more xxx'''</tt>||display file xxx with the possibility of moving up and down. '''less''' and '''most''' are similar commands.
|-
|<tt>'''mount -t ttt /dev/xxx /mnt/ddd'''</tt>||mount device xxx as type ttt under directory ddd.
|-
|<tt>'''(u)mount /mnt/ddd'''</tt>||(u)mount device ddd as specified in /etc/fstab.
|-
|<tt>'''nmap host'''</tt>||check filtering status of ports on host. '''-sU''' for UDP.
|-
|<tt>'''ntpdate -bv 0.fr.pool.ntp.org'''</tt>|| force ntp synchronization.
|-
|<tt>'''ps -ef'''</tt>||list the running processes.
|-
|<tt>'''pwd'''</tt>||print working directory.
|-
|<tt>'''rm -r'''</tt>||remove file or directory recursively.
|-
|<tt>'''route'''</tt>||display the network routing table.
|-
|<tt>'''scp -p usr1@hst1:/str1 usr2@hst2:/str2'''</tt>||copy files between hosts.
|-
|<tt>'''screen -S<name>'''</tt>||screen offers a frame to run a shell, detach from it (<ctrl>-a d) and later reattach to it.
|-
|<tt>'''ssh host'''</tt>||connect remotely to site host.
|-
|<tt>'''su -l uuuu'''</tt>||execute shell as another user. if -l is used an environment similar to what the other user would have had with a direct login is provided.
|-
|<tt>'''telinit n'''</tt>||go to the runlevel n (1=single-user, 3=multi-user, 4=graphical, 6=reboot).
|-
|<tt>'''umask'''</tt>||edit /etc/profile to change the default umask value of 022 and '''set it to 027''' (files not readable by other users), a good setting except when installing as root server software to be ran as a standard user account (permission issues).
|-
|<tt>'''useradd <group> <user>'''</tt>||add <user> as a member of group <group>.
|-
|<tt>'''vi'''</tt>||run the vi text editor. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.
|}

 

{{pFoot|[[Maintaining Slackware]]|[[Main Page]]|[[Configuration files]]}}

Linux basics

2026-03-21T12:17:43Z

Wikislax: /* Useful linux commands */

== Using VI ==

'''vi''' (pronounced vee-eye) is the Unix standard text editor so affords editing the configuration files by hand. If you don’t know it yet, it can be a bit surprising. Actually, '''vi''' was created at a time when the keyboards did not have any arrow or insert keys. So there are two modes: the «open» mode and the «insert» mode.

The open mode affords moving the cursor. '''j''', '''k''', '''l''', '''m''' move the cursor by one character. '''ctrl-f''' moves one page forward and '''ctrl-b''' moves one page backwards. '''w''' moves one word forward and '''b''' moves one word backwards. It is also possible to use the arrow keys.

'''i''' goes into insert mode before the cursor, '''a''' goes into insert mode after the cursor, and '''A''' goes into insert mode at the end of the line. '''o''' adds a line after the current line, and '''O''' adds a live before the current line. '''R''' goes into rewrite mode.

'''esc''' affords getting out of the insert mode.

'''c$''' affords replacing the end of the line and '''d$''' affords deleting the end of the line. '''cw''' affords replacing one word and '''dw''' affords deleting one word. '''dd''' affords deleting the current line.

''':q''' affords quitting without saving. If the file has been modified, quitting must be forced by typing ''':q!'''. ''':x''' affords saving and quitting. If the file does not have the write rigths, saving must be forced by typing ''':x!'''. ''':w''' affords writing the text in a new file. If the new file already exists, writing must be forced by typing ''':w!'''.

''':num''' affords moving to the line number num. ''':$''' affords moving to the end of the file.
''':num1copynum2''' affords copying the line number num1 after the line number num2. ''':num1mnum2''' affords moving the line number num1 after the line number num2.

For detailed information, check the [http://vimdoc.sourceforge.net/htmldoc/help.html VIM Documentation]. To enter special characters check the page on [http://vimdoc.sourceforge.net/htmldoc/digraph.html digraphs]. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.

To get syntax highligting instead of '''vi''' use the '''vim'''(vi improved) replacement :

# '''cd /usr/bin'''
# '''rm vi'''
# '''ln -s vim vi'''

== Using SSH ==

SSH is a suite of tools affording connecting remotely over encrypted communications. On the client side, '''ssh''' offers a command line terminal, '''scp''' affords copying a file, and '''sftp''' behaves like ftp. The server side consists of sshd, sftp-server, and ssh-agent. ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen afford key management. The SSH present on Slackware and the BSDs is [https://www.openssh.com/ OpenSSH], developped by members of the [https://www.openbsd.org/ OpenBSD] project.

'''ssh''' obviously requires your password every time it is executed. This can be avoided by creating on the client a pair of rsa keys and copying the public key to the server. Not specifying a passphrase is not very secure but will afford avoiding having to enter it every time :

# '''ssh-keygen -t rsa'''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): '''<cr>'''
Enter passphrase (empty for no passphrase): '''<cr>'''
Enter same passphrase again: '''cr>'''
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ATSDdER5/l8OJvr+jpINIReJtd81zntVbTjuJW5aobE root@client
The key's randomart image is:
+---[RSA 2048]----+
| ..=O+.. |
| ..o++. ..|
| oo. = +|
| . +o . = +.|
| oSo. o * o|
| . o o*.=.|
| = +E+* .|
| + ...+.. |
| ++o+ |
+----[SHA256]-----+
# '''scp root@client:.ssh/id_rsa.pub root@server:.ssh/id_rsa.pub'''
password: '''secret<cr>'''
id_rsa.pub 100% 394 1.8MB/s 00:00
# '''ssh server'''
password: '''secret<cr>'''
# '''cd .ssh'''
# '''cat >> authorized_keys < id_rsa.pub'''
# '''chmod 600 authorized_keys'''
# '''rm id_rsa.pub'''

== Useful linux commands ==

{| {{thead}}
|-
! {{chead}} width="220" | Command
! {{chead}} | Effect
|-
|<tt>'''cd'''</tt>||change directory.
|-
|<tt>'''chmod -R ppp ddd'''</tt>||recursively change permissions on file or directory.
|-
|<tt>'''chown -R uuu:ggg ddd'''</tt>||recursively change user:group ownership on file or directory.
|-
|<tt>'''chgrp -R ggg ddd'''</tt>||recursively change group ownership on file or directory.
|-
|<tt>'''command xxx <nowiki>|</nowiki> grep yyy'''</tt>||search for string yyy in output of command xxx.
|-
|<tt>'''ethtool -s eth0 wol g'''</tt>||puts interface eth0 in wake-on-lan status.
|-
|<tt>'''find xxx -name yyy -print'''</tt>||find file yyy in in subdirectories of xxx.
|-
|<tt>'''ifconfig -a'''</tt>||print the network interfaces configuration.
|-
|<tt>'''iptables -L'''</tt>||print the firewall rules.
|-
|<tt>'''killall xxx'''</tt>||kill program named xxx.
|-
|<tt>'''ldconfig'''</tt>||reload libraries taking into account new libraries just built.
|-
|<tt>'''ln -s existing new'''</tt>||create a symbolic link new to an existing directory or file.
|-
|<tt>'''ls -al'''</tt>||list the working directory, including files beginning with a dot.
|-
|<tt>'''man xxx'''</tt>||display the xxx command manual page.
|-
|<tt>'''more xxx'''</tt>||display file xxx with the possibility of moving up and down. '''less''' and '''most''' are similar commands.
|-
|<tt>'''mount -t ttt /dev/xxx /mnt/ddd'''</tt>||mount device xxx as type ttt under directory ddd.
|-
|<tt>'''(u)mount /mnt/ddd'''</tt>||(u)mount device ddd as specified in /etc/fstab.
|-
|<tt>'''nmap host'''</tt>||check filtering status of ports on host. '''-sU''' for UDP.
|-
|<tt>'''ntpdate -bv 0.fr.pool.ntp.org'''</tt>|| force ntp synchronization.
|-
|<tt>'''ps -ef'''</tt>||list the running processes.
|-
|<tt>'''pwd'''</tt>||print working directory.
|-
|<tt>'''rm -r'''</tt>||remove file or directory recursively.
|-
|<tt>'''route'''</tt>||display the network routing table.
|-
|<tt>'''scp -p usr1@hst1:/str1 usr2@hst2:/str2'''</tt>||copy files between hosts.
|-
|<tt>'''screen -S<name>'''</tt>||screen offers a frame to run a shell, detach from it (<ctrl>-a d) and later reattach to it.
|-
|<tt>'''ssh host'''</tt>||connect remotely to site host.
|-
|<tt>'''su -l uuuu'''</tt>||execute shell as another user. if -l is used an environment similar to what the other user would have had with a direct login is provided.
|-
|<tt>'''telinit n'''</tt>||go to the runlevel n (1=single-user, 3=multi-user, 4=graphical, 6=reboot).
|-
|<tt>'''umask'''</tt>||edit /etc/profile to change the default umask value of 022 and '''set it to 027''' (files not readable by other users), a good setting except when installing as root server software to be ran as a standard user account (permission issues).
|-
|<tt>'''vi'''</tt>||run the vi text editor. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.
|}

 

{{pFoot|[[Maintaining Slackware]]|[[Main Page]]|[[Configuration files]]}}

Linux basics

2026-03-21T12:10:37Z

Wikislax:

== Using VI ==

'''vi''' (pronounced vee-eye) is the Unix standard text editor so affords editing the configuration files by hand. If you don’t know it yet, it can be a bit surprising. Actually, '''vi''' was created at a time when the keyboards did not have any arrow or insert keys. So there are two modes: the «open» mode and the «insert» mode.

The open mode affords moving the cursor. '''j''', '''k''', '''l''', '''m''' move the cursor by one character. '''ctrl-f''' moves one page forward and '''ctrl-b''' moves one page backwards. '''w''' moves one word forward and '''b''' moves one word backwards. It is also possible to use the arrow keys.

'''i''' goes into insert mode before the cursor, '''a''' goes into insert mode after the cursor, and '''A''' goes into insert mode at the end of the line. '''o''' adds a line after the current line, and '''O''' adds a live before the current line. '''R''' goes into rewrite mode.

'''esc''' affords getting out of the insert mode.

'''c$''' affords replacing the end of the line and '''d$''' affords deleting the end of the line. '''cw''' affords replacing one word and '''dw''' affords deleting one word. '''dd''' affords deleting the current line.

''':q''' affords quitting without saving. If the file has been modified, quitting must be forced by typing ''':q!'''. ''':x''' affords saving and quitting. If the file does not have the write rigths, saving must be forced by typing ''':x!'''. ''':w''' affords writing the text in a new file. If the new file already exists, writing must be forced by typing ''':w!'''.

''':num''' affords moving to the line number num. ''':$''' affords moving to the end of the file.
''':num1copynum2''' affords copying the line number num1 after the line number num2. ''':num1mnum2''' affords moving the line number num1 after the line number num2.

For detailed information, check the [http://vimdoc.sourceforge.net/htmldoc/help.html VIM Documentation]. To enter special characters check the page on [http://vimdoc.sourceforge.net/htmldoc/digraph.html digraphs]. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.

To get syntax highligting instead of '''vi''' use the '''vim'''(vi improved) replacement :

# '''cd /usr/bin'''
# '''rm vi'''
# '''ln -s vim vi'''

== Using SSH ==

SSH is a suite of tools affording connecting remotely over encrypted communications. On the client side, '''ssh''' offers a command line terminal, '''scp''' affords copying a file, and '''sftp''' behaves like ftp. The server side consists of sshd, sftp-server, and ssh-agent. ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen afford key management. The SSH present on Slackware and the BSDs is [https://www.openssh.com/ OpenSSH], developped by members of the [https://www.openbsd.org/ OpenBSD] project.

'''ssh''' obviously requires your password every time it is executed. This can be avoided by creating on the client a pair of rsa keys and copying the public key to the server. Not specifying a passphrase is not very secure but will afford avoiding having to enter it every time :

# '''ssh-keygen -t rsa'''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): '''<cr>'''
Enter passphrase (empty for no passphrase): '''<cr>'''
Enter same passphrase again: '''cr>'''
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ATSDdER5/l8OJvr+jpINIReJtd81zntVbTjuJW5aobE root@client
The key's randomart image is:
+---[RSA 2048]----+
| ..=O+.. |
| ..o++. ..|
| oo. = +|
| . +o . = +.|
| oSo. o * o|
| . o o*.=.|
| = +E+* .|
| + ...+.. |
| ++o+ |
+----[SHA256]-----+
# '''scp root@client:.ssh/id_rsa.pub root@server:.ssh/id_rsa.pub'''
password: '''secret<cr>'''
id_rsa.pub 100% 394 1.8MB/s 00:00
# '''ssh server'''
password: '''secret<cr>'''
# '''cd .ssh'''
# '''cat >> authorized_keys < id_rsa.pub'''
# '''chmod 600 authorized_keys'''
# '''rm id_rsa.pub'''

== Useful linux commands ==

{| {{thead}}
|-
! {{chead}} width="220" | Command
! {{chead}} | Effect
|-
|<tt>'''cd'''</tt>||change directory.
|-
|<tt>'''chmod -R ppp ddd'''</tt>||recursively change permissions on file or directory.
|-
|<tt>'''chown -R uuu:ggg ddd'''</tt>||recursively change user:group ownership on file or directory.
|-
|<tt>'''chgrp -R ggg ddd'''</tt>||recursively change group ownership on file or directory.
|-
|<tt>'''command xxx <nowiki>|</nowiki> grep yyy'''</tt>||search for string yyy in output of command xxx.
|-
|<tt>'''ethtool -s eth0 wol g'''</tt>||puts interface eth0 in wake-on-lan status.
|-
|<tt>'''find xxx -name yyy -print'''</tt>||find file yyy in in subdirectories of xxx.
|-
|<tt>'''ifconfig -a'''</tt>||kill print the network interfaces configuration.
|-
|<tt>'''iptables -L'''</tt>||print the firewall rules.
|-
|<tt>'''killall xxx'''</tt>||kill program named xxx.
|-
|<tt>'''ldconfig'''</tt>||reload libraries taking into account new libraries just built.
|-
|<tt>'''ln -s existing new'''</tt>||create a symbolic link new to an existing directory or file.
|-
|<tt>'''ls -al'''</tt>||list the working directory, including files beginning with a dot.
|-
|<tt>'''man xxx'''</tt>||display the xxx command manual page.
|-
|<tt>'''more xxx'''</tt>||display file xxx with the possibility of moving up and down. '''less''' and '''most''' are similar commands.
|-
|<tt>'''mount -t ttt /dev/xxx /mnt/ddd'''</tt>||mount device xxx as type ttt under directory ddd.
|-
|<tt>'''(u)mount /mnt/ddd'''</tt>||(u)mount device ddd as specified in /etc/fstab.
|-
|<tt>'''nmap host'''</tt>||check filtering status of ports on host. '''-sU''' for UDP.
|-
|<tt>'''ntpdate -bv 0.fr.pool.ntp.org'''</tt>|| force ntp synchronization.
|-
|<tt>'''ps -ef'''</tt>||list the running processes.
|-
|<tt>'''pwd'''</tt>||print working directory.
|-
|<tt>'''rm -r'''</tt>||remove file or directory recursively.
|-
|<tt>'''route'''</tt>||display the network routing table.
|-
|<tt>'''scp -p usr1@hst1:/str1 usr2@hst2:/str2'''</tt>||copy files between hosts.
|-
|<tt>'''screen -S<name>'''</tt>||screen offers a frame to run a shell, detach from it (<ctrl>-a d) and later reattach to it.
|-
|<tt>'''ssh host'''</tt>||connect remotely to site host.
|-
|<tt>'''su -l uuuu'''</tt>||execute shell as another user. if -l is used an environment similar to what the other user would have had with a direct login is provided.
|-
|<tt>'''telinit n'''</tt>||go to the runlevel n (1=single-user, 3=multi-user, 4=graphical, 6=reboot).
|-
|<tt>'''umask'''</tt>||edit /etc/profile to change the default umask value of 022 and '''set it to 027''' (files not readable by other users), a good setting except when installing as root server software to be ran as a standard user account (permission issues).
|-
|<tt>'''vi'''</tt>||run the vi text editor. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.
|}

 

{{pFoot|[[Maintaining Slackware]]|[[Main Page]]|[[Configuration files]]}}

Linux basics

2026-03-21T12:09:42Z

Wikislax:

== Using VI ==

'''vi''' (pronounced vee-eye) is the Unix standard text editor so affords editing the configuration files by hand. If you don’t know it yet, it can be a bit surprising. Actually, '''vi''' was created at a time when the keyboards did not have any arrow or insert keys. So there are two modes: the «open» mode and the «insert» mode.

The open mode affords moving the cursor. '''j''', '''k''', '''l''', '''m''' move the cursor by one character. '''ctrl-f''' moves one page forward and '''ctrl-b''' moves one page backwards. '''w''' moves one word forward and '''b''' moves one word backwards. It is also possible to use the arrow keys.

'''i''' goes into insert mode before the cursor, '''a''' goes into insert mode after the cursor, and '''A''' goes into insert mode at the end of the line. '''o''' adds a line after the current line, and '''O''' adds a live before the current line. '''R''' goes into rewrite mode.

'''esc''' affords getting out of the insert mode.

'''c$''' affords replacing the end of the line and '''d$''' affords deleting the end of the line. '''cw''' affords replacing one word and '''dw''' affords deleting one word. '''dd''' affords deleting the current line.

''':q''' affords quitting without saving. If the file has been modified, quitting must be forced by typing ''':q!'''. ''':x''' affords saving and quitting. If the file does not have the write rigths, saving must be forced by typing ''':x!'''. ''':w''' affords writing the text in a new file. If the new file already exists, writing must be forced by typing ''':w!'''.

''':num''' affords moving to the line number num. ''':$''' affords moving to the end of the file.
''':num1copynum2''' affords copying the line number num1 after the line number num2. ''':num1mnum2''' affords moving the line number num1 after the line number num2.

For detailed information, check the [http://vimdoc.sourceforge.net/htmldoc/help.html VIM Documentation]. To enter special characters check the page on [http://vimdoc.sourceforge.net/htmldoc/digraph.html digraphs]. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.

To get syntax highligting instead of '''vi''' use the '''vim'''(vi improved) replacement :

# cd /usr/bin
# rm vi
# ln -s vim vi

== Using SSH ==

SSH is a suite of tools affording connecting remotely over encrypted communications. On the client side, '''ssh''' offers a command line terminal, '''scp''' affords copying a file, and '''sftp''' behaves like ftp. The server side consists of sshd, sftp-server, and ssh-agent. ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen afford key management. The SSH present on Slackware and the BSDs is [https://www.openssh.com/ OpenSSH], developped by members of the [https://www.openbsd.org/ OpenBSD] project.

'''ssh''' obviously requires your password every time it is executed. This can be avoided by creating on the client a pair of rsa keys and copying the public key to the server. Not specifying a passphrase is not very secure but will afford avoiding having to enter it every time :

# '''ssh-keygen -t rsa'''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): '''<cr>'''
Enter passphrase (empty for no passphrase): '''<cr>'''
Enter same passphrase again: '''cr>'''
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ATSDdER5/l8OJvr+jpINIReJtd81zntVbTjuJW5aobE root@client
The key's randomart image is:
+---[RSA 2048]----+
| ..=O+.. |
| ..o++. ..|
| oo. = +|
| . +o . = +.|
| oSo. o * o|
| . o o*.=.|
| = +E+* .|
| + ...+.. |
| ++o+ |
+----[SHA256]-----+
# '''scp root@client:.ssh/id_rsa.pub root@server:.ssh/id_rsa.pub'''
password: '''secret<cr>'''
id_rsa.pub 100% 394 1.8MB/s 00:00
# '''ssh server'''
password: '''secret<cr>'''
# '''cd .ssh'''
# '''cat >> authorized_keys < id_rsa.pub'''
# '''chmod 600 authorized_keys'''
# '''rm id_rsa.pub'''

== Useful linux commands ==

{| {{thead}}
|-
! {{chead}} width="220" | Command
! {{chead}} | Effect
|-
|<tt>'''cd'''</tt>||change directory.
|-
|<tt>'''chmod -R ppp ddd'''</tt>||recursively change permissions on file or directory.
|-
|<tt>'''chown -R uuu:ggg ddd'''</tt>||recursively change user:group ownership on file or directory.
|-
|<tt>'''chgrp -R ggg ddd'''</tt>||recursively change group ownership on file or directory.
|-
|<tt>'''command xxx <nowiki>|</nowiki> grep yyy'''</tt>||search for string yyy in output of command xxx.
|-
|<tt>'''ethtool -s eth0 wol g'''</tt>||puts interface eth0 in wake-on-lan status.
|-
|<tt>'''find xxx -name yyy -print'''</tt>||find file yyy in in subdirectories of xxx.
|-
|<tt>'''ifconfig -a'''</tt>||kill print the network interfaces configuration.
|-
|<tt>'''iptables -L'''</tt>||print the firewall rules.
|-
|<tt>'''killall xxx'''</tt>||kill program named xxx.
|-
|<tt>'''ldconfig'''</tt>||reload libraries taking into account new libraries just built.
|-
|<tt>'''ln -s existing new'''</tt>||create a symbolic link new to an existing directory or file.
|-
|<tt>'''ls -al'''</tt>||list the working directory, including files beginning with a dot.
|-
|<tt>'''man xxx'''</tt>||display the xxx command manual page.
|-
|<tt>'''more xxx'''</tt>||display file xxx with the possibility of moving up and down. '''less''' and '''most''' are similar commands.
|-
|<tt>'''mount -t ttt /dev/xxx /mnt/ddd'''</tt>||mount device xxx as type ttt under directory ddd.
|-
|<tt>'''(u)mount /mnt/ddd'''</tt>||(u)mount device ddd as specified in /etc/fstab.
|-
|<tt>'''nmap host'''</tt>||check filtering status of ports on host. '''-sU''' for UDP.
|-
|<tt>'''ntpdate -bv 0.fr.pool.ntp.org'''</tt>|| force ntp synchronization.
|-
|<tt>'''ps -ef'''</tt>||list the running processes.
|-
|<tt>'''pwd'''</tt>||print working directory.
|-
|<tt>'''rm -r'''</tt>||remove file or directory recursively.
|-
|<tt>'''route'''</tt>||display the network routing table.
|-
|<tt>'''scp -p usr1@hst1:/str1 usr2@hst2:/str2'''</tt>||copy files between hosts.
|-
|<tt>'''screen -S<name>'''</tt>||screen offers a frame to run a shell, detach from it (<ctrl>-a d) and later reattach to it.
|-
|<tt>'''ssh host'''</tt>||connect remotely to site host.
|-
|<tt>'''su -l uuuu'''</tt>||execute shell as another user. if -l is used an environment similar to what the other user would have had with a direct login is provided.
|-
|<tt>'''telinit n'''</tt>||go to the runlevel n (1=single-user, 3=multi-user, 4=graphical, 6=reboot).
|-
|<tt>'''umask'''</tt>||edit /etc/profile to change the default umask value of 022 and '''set it to 027''' (files not readable by other users), a good setting except when installing as root server software to be ran as a standard user account (permission issues).
|-
|<tt>'''vi'''</tt>||run the vi text editor. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.
|}

 

{{pFoot|[[Maintaining Slackware]]|[[Main Page]]|[[Configuration files]]}}

X11 over the network

2026-03-20T10:00:08Z

Wikislax: /* Xdm */

{{RightTOC}}

Using X over the network affords accessing remote servers graphically as if you were on the console. So for instance, from your Windows workstation, you can run Windows and Linux side by side, full screen, and switch with function-key combinations such as alt-tab or ctrl-alt-F7 or F8. A very handy feature. X is natively present and fast on Linux. On Windows, it will always be a bit slower, and you need to install an X server. [https://sourceforge.net/projects/vcxsrv/ VcXrv] is a very competent one.

The software presenting an X window on a terminal is called an X server, which is contrary to what we are used to, as the X server is not on the server but actually on the client ! Over the Internet, you will always encapsulate X11 in SSH ('''X11 forwarding''', to configure in '''/etc/ssh/sshd_config''') as the X protocols are not secure. However, X needs a significant bandwidth so it is not likely that you will use it over an ADSL connection as it would be too slow. Optical fiber could be OK though.

For more information on using remote X applications, check this [http://www.xs4all.nl/~zweije/xauth.html mini-HOWTO] or this excellent [http://shop.oreilly.com/product/9780596101954.do O'Reilly book].

== Xdm, Kdm, Gdm ==

X requires a daemon on the server to handle connections. The base daemon is Xdm, that offers a graphical login directly under X, with no desktop manager. Access can be local on the computer console, or can be from an X terminal or X emulated terminal on the network.

The KDE and Gnome desktop environments Kdm and Gdm come with Xdm variants that have a different look and feel. It is possible to run one or several of the three, provided that they will not compete for management of the same terminals.

However it makes sense to use only one. Kdm is a good choice as it affords choosing the Session Window Manager (Kde, Xfce4, ...) from the connection dialog box.

== Kdm ==

For KDE to manage X terminals over the network, update '''/etc/kde/kdm/kdmrc''' specifying '''Enable=true''' for '''[Xdmcp]'''.

In '''/etc/kde/kdm/Xaccess''', uncomment line '''#* # any host can get a login window''' to authorize connection from any incoming IP address (or to restrict usage to your local network).

Another trick using KDM : to be able to connect as root, update '''/etc/kde/kdm/kdmrc''', specifying '''AllowRootLogin=true''' for '''[X-*-Core]'''.

== Xdm ==

In '''/etc/X11/xdm/xdm-config''', comment out the line '''#DisplayManager.requestPort: 0''' to authorize X terminal access from the network. Else port 177 won't be listened, as can be verified using '''nmap -sU localhost''', that lists the listening UDP ports. If checking with tcpdump, '''udp port xdmcp unreachable''' will be seen on the wire.

In '''/etc/X11/xdm/Xaccess''', uncomment line '''#* # any host can get a login window''' to authorize connection from any incoming IP address (or to restrict usage to your local network). In '''/etc/X11/xdm/Xservers''', comment out the line with ''':0''' to avoid getting an X login screen on the console.

To automatically launch '''xdm''' during Slackware init, add the following lines to '''/etc/rc.d/rc.local''' :

# Xdm
if [ -x /usr/X11/bin/xdm ]; then
/usr/X11/bin/xdm
fi

== X11 firewalling ==

At the firewall level, the X terminal must be able to contact the host using '''UDP 177''' and the host must be able to callback the X terminal using '''TCP 6000:6063'''. Open the corresponding ports, but to avoid login information to be sent over the wire, restrict usage to the local network :

# SSH-tunnelled X-Window output appears as input on interface lo
iptables -A INPUT -p udp -j ACCEPT --dport 177 -s 192.168.0.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 6000:6063 -m state --state NEW -s 192.168.0.0/24
iptables -A INPUT -i lo -p tcp -j ACCEPT --dport 6000:6063 -m state --state NEW -s 192.168.0.0/24

For access from the Internet, il will be better to encapsulate X11 within an SSH session, using the X11 forwarding option. Due to encryption, this is however much slower. In this case, instead of KDE, prefer a less network-intensive window manager such as xfce4.

== X11 server ==

The X terminal can be a Linux computer on which you run the X server to display X from a remote client. For instance typing '''nohup X -query host :1 &''' will display X from host host on virtual terminal 8. This way you will be able to keep local X and remote X side by side and switch between them using '''<ctrl><alt><F7>''' and '''<ctrl><alt><F8>'''.

The X terminal can also be a Windows PC equipped with an X emulator such as [https://sourceforge.net/projects/vcxsrv/ VcXrv] or other software found from the Internet. At the time of this writing though, such software is frustrating due to unstability or poor licensing conditions, so VcXrv seems to currently be the better choice, although a bit slow. '''Note''' : Specify in the configuration that you will be using XDMCP.

== Windows firewall ==

On Windows, use the firewall with «'''Allow exceptions'''» and create an entry in the firewall for the X11 protocol (port 6000), specifying in the scope the server IP address or the local network (not the Internet).

 

{{pFoot|[[X11 configuration]]|[[Main Page]]|[[Compiling the Kernel]]}}

X11 over the network

2026-03-20T09:59:16Z

Wikislax: /* Xdm */

{{RightTOC}}

Using X over the network affords accessing remote servers graphically as if you were on the console. So for instance, from your Windows workstation, you can run Windows and Linux side by side, full screen, and switch with function-key combinations such as alt-tab or ctrl-alt-F7 or F8. A very handy feature. X is natively present and fast on Linux. On Windows, it will always be a bit slower, and you need to install an X server. [https://sourceforge.net/projects/vcxsrv/ VcXrv] is a very competent one.

The software presenting an X window on a terminal is called an X server, which is contrary to what we are used to, as the X server is not on the server but actually on the client ! Over the Internet, you will always encapsulate X11 in SSH ('''X11 forwarding''', to configure in '''/etc/ssh/sshd_config''') as the X protocols are not secure. However, X needs a significant bandwidth so it is not likely that you will use it over an ADSL connection as it would be too slow. Optical fiber could be OK though.

For more information on using remote X applications, check this [http://www.xs4all.nl/~zweije/xauth.html mini-HOWTO] or this excellent [http://shop.oreilly.com/product/9780596101954.do O'Reilly book].

== Xdm, Kdm, Gdm ==

X requires a daemon on the server to handle connections. The base daemon is Xdm, that offers a graphical login directly under X, with no desktop manager. Access can be local on the computer console, or can be from an X terminal or X emulated terminal on the network.

The KDE and Gnome desktop environments Kdm and Gdm come with Xdm variants that have a different look and feel. It is possible to run one or several of the three, provided that they will not compete for management of the same terminals.

However it makes sense to use only one. Kdm is a good choice as it affords choosing the Session Window Manager (Kde, Xfce4, ...) from the connection dialog box.

== Kdm ==

For KDE to manage X terminals over the network, update '''/etc/kde/kdm/kdmrc''' specifying '''Enable=true''' for '''[Xdmcp]'''.

In '''/etc/kde/kdm/Xaccess''', uncomment line '''#* # any host can get a login window''' to authorize connection from any incoming IP address (or to restrict usage to your local network).

Another trick using KDM : to be able to connect as root, update '''/etc/kde/kdm/kdmrc''', specifying '''AllowRootLogin=true''' for '''[X-*-Core]'''.

== Xdm ==

In '''/etc/X11/xdm/xdm-config''', comment out the last line '''!DisplayManager.requestPort: 0''' to authorize X terminal access from the network. Else port 177 won't be listened, as can be verified using '''nmap -sU localhost''', that lists the listening UDP ports. If checking with tcpdump, '''udp port xdmcp unreachable''' will be seen on the wire.

In '''/etc/X11/xdm/Xaccess''', uncomment line '''#* # any host can get a login window''' to authorize connection from any incoming IP address (or to restrict usage to your local network). In '''/etc/X11/xdm/Xservers''', comment out the line with ''':0''' to avoid getting an X login screen on the console.

To automatically launch '''xdm''' during Slackware init, add the following lines to '''/etc/rc.d/rc.local''' :

# Xdm
if [ -x /usr/X11/bin/xdm ]; then
/usr/X11/bin/xdm
fi

== X11 firewalling ==

At the firewall level, the X terminal must be able to contact the host using '''UDP 177''' and the host must be able to callback the X terminal using '''TCP 6000:6063'''. Open the corresponding ports, but to avoid login information to be sent over the wire, restrict usage to the local network :

# SSH-tunnelled X-Window output appears as input on interface lo
iptables -A INPUT -p udp -j ACCEPT --dport 177 -s 192.168.0.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 6000:6063 -m state --state NEW -s 192.168.0.0/24
iptables -A INPUT -i lo -p tcp -j ACCEPT --dport 6000:6063 -m state --state NEW -s 192.168.0.0/24

For access from the Internet, il will be better to encapsulate X11 within an SSH session, using the X11 forwarding option. Due to encryption, this is however much slower. In this case, instead of KDE, prefer a less network-intensive window manager such as xfce4.

== X11 server ==

The X terminal can be a Linux computer on which you run the X server to display X from a remote client. For instance typing '''nohup X -query host :1 &''' will display X from host host on virtual terminal 8. This way you will be able to keep local X and remote X side by side and switch between them using '''<ctrl><alt><F7>''' and '''<ctrl><alt><F8>'''.

The X terminal can also be a Windows PC equipped with an X emulator such as [https://sourceforge.net/projects/vcxsrv/ VcXrv] or other software found from the Internet. At the time of this writing though, such software is frustrating due to unstability or poor licensing conditions, so VcXrv seems to currently be the better choice, although a bit slow. '''Note''' : Specify in the configuration that you will be using XDMCP.

== Windows firewall ==

On Windows, use the firewall with «'''Allow exceptions'''» and create an entry in the firewall for the X11 protocol (port 6000), specifying in the scope the server IP address or the local network (not the Internet).

 

{{pFoot|[[X11 configuration]]|[[Main Page]]|[[Compiling the Kernel]]}}

Linux basics

2026-01-05T21:50:06Z

Wikislax: /* Useful linux commands */

== Using VI ==

'''vi''' (pronounced vee-eye) is the Unix standard text editor so affords editing the configuration files by hand. If you don’t know it yet, it can be a bit surprising. Actually, '''vi''' was created at a time when the keyboards did not have any arrow or insert keys. So there are two modes: the «open» mode and the «insert» mode.

The open mode affords moving the cursor. '''j''', '''k''', '''l''', '''m''' move the cursor by one character. '''ctrl-f''' moves one page forward and '''ctrl-b''' moves one page backwards. '''w''' moves one word forward and '''b''' moves one word backwards. It is also possible to use the arrow keys.

'''i''' goes into insert mode before the cursor, '''a''' goes into insert mode after the cursor, and '''A''' goes into insert mode at the end of the line. '''o''' adds a line after the current line, and '''O''' adds a live before the current line. '''R''' goes into rewrite mode.

'''esc''' affords getting out of the insert mode.

'''c$''' affords replacing the end of the line and '''d$''' affords deleting the end of the line. '''cw''' affords replacing one word and '''dw''' affords deleting one word. '''dd''' affords deleting the current line.

''':q''' affords quitting without saving. If the file has been modified, quitting must be forced by typing ''':q!'''. ''':x''' affords saving and quitting. If the file does not have the write rigths, saving must be forced by typing ''':x!'''. ''':w''' affords writing the text in a new file. If the new file already exists, writing must be forced by typing ''':w!'''.

''':num''' affords moving to the line number num. ''':$''' affords moving to the end of the file.
''':num1copynum2''' affords copying the line number num1 after the line number num2. ''':num1mnum2''' affords moving the line number num1 after the line number num2.

For detailed information, check the [http://vimdoc.sourceforge.net/htmldoc/help.html VIM Documentation]. To enter special characters check the page on [http://vimdoc.sourceforge.net/htmldoc/digraph.html digraphs]. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.

== Using SSH ==

SSH is a suite of tools affording connecting remotely over encrypted communications. On the client side, '''ssh''' offers a command line terminal, '''scp''' affords copying a file, and '''sftp''' behaves like ftp. The server side consists of sshd, sftp-server, and ssh-agent. ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen afford key management. The SSH present on Slackware and the BSDs is [https://www.openssh.com/ OpenSSH], developped by members of the [https://www.openbsd.org/ OpenBSD] project.

'''ssh''' obviously requires your password every time it is executed. This can be avoided by creating on the client a pair of rsa keys and copying the public key to the server. Not specifying a passphrase is not very secure but will afford avoiding having to enter it every time :

# '''ssh-keygen -t rsa'''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): '''<cr>'''
Enter passphrase (empty for no passphrase): '''<cr>'''
Enter same passphrase again: '''cr>'''
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ATSDdER5/l8OJvr+jpINIReJtd81zntVbTjuJW5aobE root@client
The key's randomart image is:
+---[RSA 2048]----+
| ..=O+.. |
| ..o++. ..|
| oo. = +|
| . +o . = +.|
| oSo. o * o|
| . o o*.=.|
| = +E+* .|
| + ...+.. |
| ++o+ |
+----[SHA256]-----+
# '''scp root@client:.ssh/id_rsa.pub root@server:.ssh/id_rsa.pub'''
password: '''secret<cr>'''
id_rsa.pub 100% 394 1.8MB/s 00:00
# '''ssh server'''
password: '''secret<cr>'''
# '''cd .ssh'''
# '''cat >> authorized_keys < id_rsa.pub'''
# '''chmod 600 authorized_keys'''
# '''rm id_rsa.pub'''

== Useful linux commands ==

{| {{thead}}
|-
! {{chead}} width="220" | Command
! {{chead}} | Effect
|-
|<tt>'''cd'''</tt>||change directory.
|-
|<tt>'''chmod -R ppp ddd'''</tt>||recursively change permissions on file or directory.
|-
|<tt>'''chown -R uuu:ggg ddd'''</tt>||recursively change user:group ownership on file or directory.
|-
|<tt>'''chgrp -R ggg ddd'''</tt>||recursively change group ownership on file or directory.
|-
|<tt>'''command xxx <nowiki>|</nowiki> grep yyy'''</tt>||search for string yyy in output of command xxx.
|-
|<tt>'''ethtool -s eth0 wol g'''</tt>||puts interface eth0 in wake-on-lan status.
|-
|<tt>'''find xxx -name yyy -print'''</tt>||find file yyy in in subdirectories of xxx.
|-
|<tt>'''ifconfig -a'''</tt>||kill print the network interfaces configuration.
|-
|<tt>'''iptables -L'''</tt>||print the firewall rules.
|-
|<tt>'''killall xxx'''</tt>||kill program named xxx.
|-
|<tt>'''ldconfig'''</tt>||reload libraries taking into account new libraries just built.
|-
|<tt>'''ln -s existing new'''</tt>||create a symbolic link new to an existing directory or file.
|-
|<tt>'''ls -al'''</tt>||list the working directory, including files beginning with a dot.
|-
|<tt>'''man xxx'''</tt>||display the xxx command manual page.
|-
|<tt>'''more xxx'''</tt>||display file xxx with the possibility of moving up and down. '''less''' and '''most''' are similar commands.
|-
|<tt>'''mount -t ttt /dev/xxx /mnt/ddd'''</tt>||mount device xxx as type ttt under directory ddd.
|-
|<tt>'''(u)mount /mnt/ddd'''</tt>||(u)mount device ddd as specified in /etc/fstab.
|-
|<tt>'''nmap host'''</tt>||check filtering status of ports on host. '''-sU''' for UDP.
|-
|<tt>'''ntpdate -bv 0.fr.pool.ntp.org'''</tt>|| force ntp synchronization.
|-
|<tt>'''ps -ef'''</tt>||list the running processes.
|-
|<tt>'''pwd'''</tt>||print working directory.
|-
|<tt>'''rm -r'''</tt>||remove file or directory recursively.
|-
|<tt>'''route'''</tt>||display the network routing table.
|-
|<tt>'''scp -p usr1@hst1:/str1 usr2@hst2:/str2'''</tt>||copy files between hosts.
|-
|<tt>'''screen -S<name>'''</tt>||screen offers a frame to run a shell, detach from it (<ctrl>-a d) and later reattach to it.
|-
|<tt>'''ssh host'''</tt>||connect remotely to site host.
|-
|<tt>'''su -l uuuu'''</tt>||execute shell as another user. if -l is used an environment similar to what the other user would have had with a direct login is provided.
|-
|<tt>'''telinit n'''</tt>||go to the runlevel n (1=single-user, 3=multi-user, 4=graphical, 6=reboot).
|-
|<tt>'''umask'''</tt>||edit /etc/profile to change the default umask value of 022 and '''set it to 027''' (files not readable by other users), a good setting except when installing as root server software to be ran as a standard user account (permission issues).
|-
|<tt>'''vi'''</tt>||run the vi text editor. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.
|}

 

{{pFoot|[[Maintaining Slackware]]|[[Main Page]]|[[Configuration files]]}}

Linux basics

2025-03-25T21:54:51Z

Wikislax: /* Useful linux commands */

== Using VI ==

'''vi''' (pronounced vee-eye) is the Unix standard text editor so affords editing the configuration files by hand. If you don’t know it yet, it can be a bit surprising. Actually, '''vi''' was created at a time when the keyboards did not have any arrow or insert keys. So there are two modes: the «open» mode and the «insert» mode.

The open mode affords moving the cursor. '''j''', '''k''', '''l''', '''m''' move the cursor by one character. '''ctrl-f''' moves one page forward and '''ctrl-b''' moves one page backwards. '''w''' moves one word forward and '''b''' moves one word backwards. It is also possible to use the arrow keys.

'''i''' goes into insert mode before the cursor, '''a''' goes into insert mode after the cursor, and '''A''' goes into insert mode at the end of the line. '''o''' adds a line after the current line, and '''O''' adds a live before the current line. '''R''' goes into rewrite mode.

'''esc''' affords getting out of the insert mode.

'''c$''' affords replacing the end of the line and '''d$''' affords deleting the end of the line. '''cw''' affords replacing one word and '''dw''' affords deleting one word. '''dd''' affords deleting the current line.

''':q''' affords quitting without saving. If the file has been modified, quitting must be forced by typing ''':q!'''. ''':x''' affords saving and quitting. If the file does not have the write rigths, saving must be forced by typing ''':x!'''. ''':w''' affords writing the text in a new file. If the new file already exists, writing must be forced by typing ''':w!'''.

''':num''' affords moving to the line number num. ''':$''' affords moving to the end of the file.
''':num1copynum2''' affords copying the line number num1 after the line number num2. ''':num1mnum2''' affords moving the line number num1 after the line number num2.

For detailed information, check the [http://vimdoc.sourceforge.net/htmldoc/help.html VIM Documentation]. To enter special characters check the page on [http://vimdoc.sourceforge.net/htmldoc/digraph.html digraphs]. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.

== Using SSH ==

SSH is a suite of tools affording connecting remotely over encrypted communications. On the client side, '''ssh''' offers a command line terminal, '''scp''' affords copying a file, and '''sftp''' behaves like ftp. The server side consists of sshd, sftp-server, and ssh-agent. ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen afford key management. The SSH present on Slackware and the BSDs is [https://www.openssh.com/ OpenSSH], developped by members of the [https://www.openbsd.org/ OpenBSD] project.

'''ssh''' obviously requires your password every time it is executed. This can be avoided by creating on the client a pair of rsa keys and copying the public key to the server. Not specifying a passphrase is not very secure but will afford avoiding having to enter it every time :

# '''ssh-keygen -t rsa'''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): '''<cr>'''
Enter passphrase (empty for no passphrase): '''<cr>'''
Enter same passphrase again: '''cr>'''
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ATSDdER5/l8OJvr+jpINIReJtd81zntVbTjuJW5aobE root@client
The key's randomart image is:
+---[RSA 2048]----+
| ..=O+.. |
| ..o++. ..|
| oo. = +|
| . +o . = +.|
| oSo. o * o|
| . o o*.=.|
| = +E+* .|
| + ...+.. |
| ++o+ |
+----[SHA256]-----+
# '''scp root@client:.ssh/id_rsa.pub root@server:.ssh/id_rsa.pub'''
password: '''secret<cr>'''
id_rsa.pub 100% 394 1.8MB/s 00:00
# '''ssh server'''
password: '''secret<cr>'''
# '''cd .ssh'''
# '''cat >> authorized_keys < id_rsa.pub'''
# '''chmod 600 authorized_keys'''
# '''rm id_rsa.pub'''

== Useful linux commands ==

{| {{thead}}
|-
! {{chead}} width="220" | Command
! {{chead}} | Effect
|-
|<tt>'''cd'''</tt>||change directory.
|-
|<tt>'''chmod -R ppp ddd'''</tt>||recursively change permissions on file or directory.
|-
|<tt>'''chown -R uuu:ggg ddd'''</tt>||recursively change user:group ownership on file or directory.
|-
|<tt>'''chgrp -R ggg ddd'''</tt>||recursively change group ownership on file or directory.
|-
|<tt>'''command xxx <nowiki>|</nowiki> grep yyy'''</tt>||search for string yyy in output of command xxx.
|-
|<tt>'''ethtool -s eth0 wol g'''</tt>||puts interface eth0 in wake-on-lan status.
|-
|<tt>'''find xxx -name yyy -print'''</tt>||find file yyy in in subdirectories of xxx.
|-
|<tt>'''ifconfig -a'''</tt>||kill print the network interfaces configuration.
|-
|<tt>'''iptables -L'''</tt>||print the firewall rules.
|-
|<tt>'''killall xxx'''</tt>||kill program named xxx.
|-
|<tt>'''ldconfig'''</tt>||reload libraries taking into account new libraries just built.
|-
|<tt>'''ln -s existing new'''</tt>||create a symbolic link new to an existing directory or file.
|-
|<tt>'''ls -al'''</tt>||list the working directory, including files beginning with a dot.
|-
|<tt>'''man xxx'''</tt>||display the xxx command manual page.
|-
|<tt>'''more xxx'''</tt>||display file xxx with the possibility of moving up and down. '''less''' and '''most''' are similar commands.
|-
|<tt>'''mount -t ttt /dev/xxx /mnt/ddd'''</tt>||mount device xxx as type ttt under directory ddd.
|-
|<tt>'''(u)mount /mnt/ddd'''</tt>||(u)mount device ddd as specified in /etc/fstab.
|-
|<tt>'''nmap host'''</tt>||check filtering status of ports on host. '''-sU''' for UDP.
|-
|<tt>'''ntpdate -bv 0.fr.pool.ntp.org'''</tt>|| force ntp synchronization.
|-
|<tt>'''ps -ef'''</tt>||list the running processes.
|-
|<tt>'''pwd'''</tt>||print working directory.
|-
|<tt>'''rm -r'''</tt>||remove file or directory recursively.
|-
|<tt>'''route'''</tt>||display the network routing table.
|-
|<tt>'''screen -S<name>'''</tt>||screen offers a frame to run a shell, detach from it (<ctrl>-a d) and later reattach to it.
|-
|<tt>'''ssh host'''</tt>||connect remotely to site host.
|-
|<tt>'''su -l uuuu'''</tt>||execute shell as another user. if -l is used an environment similar to what the other user would have had with a direct login is provided.
|-
|<tt>'''telinit n'''</tt>||go to the runlevel n (1=single-user, 3=multi-user, 4=graphical, 6=reboot).
|-
|<tt>'''umask'''</tt>||edit /etc/profile to change the default umask value of 022 and '''set it to 027''' (files not readable by other users), a good setting except when installing as root server software to be ran as a standard user account (permission issues).
|-
|<tt>'''vi'''</tt>||run the vi text editor. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.
|}

 

{{pFoot|[[Maintaining Slackware]]|[[Main Page]]|[[Configuration files]]}}

Linux basics

2025-03-25T21:54:13Z

Wikislax: /* Useful linux commands */

== Using VI ==

'''vi''' (pronounced vee-eye) is the Unix standard text editor so affords editing the configuration files by hand. If you don’t know it yet, it can be a bit surprising. Actually, '''vi''' was created at a time when the keyboards did not have any arrow or insert keys. So there are two modes: the «open» mode and the «insert» mode.

The open mode affords moving the cursor. '''j''', '''k''', '''l''', '''m''' move the cursor by one character. '''ctrl-f''' moves one page forward and '''ctrl-b''' moves one page backwards. '''w''' moves one word forward and '''b''' moves one word backwards. It is also possible to use the arrow keys.

'''i''' goes into insert mode before the cursor, '''a''' goes into insert mode after the cursor, and '''A''' goes into insert mode at the end of the line. '''o''' adds a line after the current line, and '''O''' adds a live before the current line. '''R''' goes into rewrite mode.

'''esc''' affords getting out of the insert mode.

'''c$''' affords replacing the end of the line and '''d$''' affords deleting the end of the line. '''cw''' affords replacing one word and '''dw''' affords deleting one word. '''dd''' affords deleting the current line.

''':q''' affords quitting without saving. If the file has been modified, quitting must be forced by typing ''':q!'''. ''':x''' affords saving and quitting. If the file does not have the write rigths, saving must be forced by typing ''':x!'''. ''':w''' affords writing the text in a new file. If the new file already exists, writing must be forced by typing ''':w!'''.

''':num''' affords moving to the line number num. ''':$''' affords moving to the end of the file.
''':num1copynum2''' affords copying the line number num1 after the line number num2. ''':num1mnum2''' affords moving the line number num1 after the line number num2.

For detailed information, check the [http://vimdoc.sourceforge.net/htmldoc/help.html VIM Documentation]. To enter special characters check the page on [http://vimdoc.sourceforge.net/htmldoc/digraph.html digraphs]. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.

== Using SSH ==

SSH is a suite of tools affording connecting remotely over encrypted communications. On the client side, '''ssh''' offers a command line terminal, '''scp''' affords copying a file, and '''sftp''' behaves like ftp. The server side consists of sshd, sftp-server, and ssh-agent. ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen afford key management. The SSH present on Slackware and the BSDs is [https://www.openssh.com/ OpenSSH], developped by members of the [https://www.openbsd.org/ OpenBSD] project.

'''ssh''' obviously requires your password every time it is executed. This can be avoided by creating on the client a pair of rsa keys and copying the public key to the server. Not specifying a passphrase is not very secure but will afford avoiding having to enter it every time :

# '''ssh-keygen -t rsa'''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): '''<cr>'''
Enter passphrase (empty for no passphrase): '''<cr>'''
Enter same passphrase again: '''cr>'''
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ATSDdER5/l8OJvr+jpINIReJtd81zntVbTjuJW5aobE root@client
The key's randomart image is:
+---[RSA 2048]----+
| ..=O+.. |
| ..o++. ..|
| oo. = +|
| . +o . = +.|
| oSo. o * o|
| . o o*.=.|
| = +E+* .|
| + ...+.. |
| ++o+ |
+----[SHA256]-----+
# '''scp root@client:.ssh/id_rsa.pub root@server:.ssh/id_rsa.pub'''
password: '''secret<cr>'''
id_rsa.pub 100% 394 1.8MB/s 00:00
# '''ssh server'''
password: '''secret<cr>'''
# '''cd .ssh'''
# '''cat >> authorized_keys < id_rsa.pub'''
# '''chmod 600 authorized_keys'''
# '''rm id_rsa.pub'''

== Useful linux commands ==

{| {{thead}}
|-
! {{chead}} width="220" | Command
! {{chead}} | Effect
|-
|<tt>'''cd'''</tt>||change directory.
|-
|<tt>'''chmod -R ppp ddd'''</tt>||recursively change permissions on file or directory.
|-
|<tt>'''chown -R uuu:ggg ddd'''</tt>||recursively change user:group ownership on file or directory.
|-
|<tt>'''chgrp -R ggg ddd'''</tt>||recursively change group ownership on file or directory.
|-
|<tt>'''command xxx <nowiki>|</nowiki> grep yyy'''</tt>||search for string yyy in output of command xxx.
|-
|<tt>'''ethtool -s eth0 wol g'''</tt>||puts interface eth0 in wake-on-lan status.
|-
|<tt>'''find xxx -name yyy -print'''</tt>||find file yyy in in subdirectories of xxx.
|-
|<tt>'''ifconfig -a'''</tt>||kill print the network interfaces configuration.
|-
|<tt>'''iptables -L'''</tt>||print the firewall rules.
|-
|<tt>'''killall xxx'''</tt>||kill program named xxx.
|-
|<tt>'''ldconfig'''</tt>||reload libraries taking into account new libraries just built.
|-
|<tt>'''ln -s existing new'''</tt>||create a symbolic link new to an existing directory or file.
|-
|<tt>'''ls -al'''</tt>||list the working directory, including files beginning with a dot.
|-
|<tt>'''man xxx'''</tt>||display the xxx command manual page.
|-
|<tt>'''more xxx'''</tt>||display file xxx with the possibility of moving up and down. '''less''' and '''most''' are similar commands.
|-
|<tt>'''mount -t ttt /dev/xxx /mnt/ddd'''</tt>||mount device xxx as type ttt under directory ddd.
|-
|<tt>'''(u)mount /mnt/ddd'''</tt>||(u)mount device ddd as specified in /etc/fstab.
|-
|<tt>'''nmap host'''</tt>||check filtering status of ports on host. '''-sU''' for UDP.
|-
|<tt>'''ntpdate -bv 0.fr.pool.ntp.org|| force ntp synchronization.
|-
|<tt>'''ps -ef'''</tt>||list the running processes.
|-
|<tt>'''pwd'''</tt>||print working directory.
|-
|<tt>'''rm -r'''</tt>||remove file or directory recursively.
|-
|<tt>'''route'''</tt>||display the network routing table.
|-
|<tt>'''screen -S<name>'''</tt>||screen offers a frame to run a shell, detach from it (<ctrl>-a d) and later reattach to it.
|-
|<tt>'''ssh host'''</tt>||connect remotely to site host.
|-
|<tt>'''su -l uuuu'''</tt>||execute shell as another user. if -l is used an environment similar to what the other user would have had with a direct login is provided.
|-
|<tt>'''telinit n'''</tt>||go to the runlevel n (1=single-user, 3=multi-user, 4=graphical, 6=reboot).
|-
|<tt>'''umask'''</tt>||edit /etc/profile to change the default umask value of 022 and '''set it to 027''' (files not readable by other users), a good setting except when installing as root server software to be ran as a standard user account (permission issues).
|-
|<tt>'''vi'''</tt>||run the vi text editor. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.
|}

 

{{pFoot|[[Maintaining Slackware]]|[[Main Page]]|[[Configuration files]]}}

Compiling Xen

2025-02-08T20:56:31Z

Wikislax: /* A few quirks */

{{RightTOC}}

== What is Xen ? ==

[http://wiki.xen.org/wiki/Xen_Overview Xen] is an hypervisor, a thin software layer executing multiple virtual machines, each running its own operating system. Xen is normally used as a server virtualization platform, running on headless servers without graphical console and controlled through the network. However it is also possible to run Xen on graphical desktops, and with proper hardware virtualization, to dedicate the primary graphics card (and keyboard / mouse) to a virtual machine, making it possible to have high performance full 3D and video acceleration in a virtual machine (see [http://wiki.xen.org/wiki/Xen_VGA_Passthrough Xen VGA Passthru]). Xen is otherwise free and open source.

== A few quirks ==

The '''dev86-0.16.21-x86_64-1.txz''' package included with Slackware 14.2 does not afford compiling '''xen-4.9.0''' properly, and must be replaced by '''[{{SERVER}}/wikislax/download/dev86-0.16.17-x86_64-2.txz dev86-0.16.17-x86_64-2.txz]''', that can be found on the Slackware 13.37, 14.0, or 14.1 distribution disks, in directory '''slackware64/d'''. Trying to compile dev86 [http://v3.sk/~lkundrak/dev86/ from source] is not an alternative : dev86 source versions 0.16.18 to 0.16.21 have the same issue compiling xen-4.9.0, and older 0.16.17 does not compile on Slackware 14.2. No such issue compiling xen-4.18.4 on slackware 15.0.

# removepkg /var/log/packages/dev86-0.16.21-x86_64-1.txz
# installpkg dev86-0.16.17-x86_64-2.txz

Also, the '''grub-2.00''' included with Slackware 14.2 does not afford booting xen. However, getting the latest version '''grub-2.02''' from source does work. Slackware 15.0 includes grub-2.06 which is no problem.

== Hardware requirements ==

Xen runs on Intel X86 hardware and requires a processor and motherboard supporting VT-x and optionally VT-d for hardware virtualization. See this [http://www.intel.com/support/motherboards/desktop/sb/cs-030922.htm page] for a list of Intel compatible motherboards and chipsets and this [http://ark.intel.com/ page] for a list of compatible processors. Our system running Xen successfully at the time of this writing (and since June 2012) is based on a DZ77GA70K Intel motherboard, an Intel® Core™ i7-3770 Processor (the overclockable i7-3770 "K" model does not afford virtualization), 32 Gb of PC12800 memory and an MSI GeForce G210 graphics board.

== Documentation difficulties ==

Although the software itself works well and is pretty straighforward, good quality Internet information is missing. The volume of information on the Xen wiki is plethoric, but mostly irrelevant as pertaining to old versions of everything. Building the big picture requires interpretation of tiny bits in forum messages, a pretty painful process, although I have to recognize that it worked for me in the end. An alternative is to use one of these old-style information repositories named "books". Yes it is pretty old-fashionned ;) but actually there are good ones on the topic. Here is [http://www.amazon.co.uk/The-Book-Xen-Practical-Administrator/dp/1593271867/ref=sr_1_1?s=books&ie=UTF8&qid=1341037874&sr=1-1 the most recent I found], it is a good value but of course you can find more on [http://www.amazon.co.uk/s/ref=nb_sb_noss_2?url=search-alias%3Dstripbooks&field-keywords=xen&x=0&y=0 amazon(.co.uk)].

== Software constraints ==

To make a long story short, at the time of this writing (and since June 2012) working with nVidia graphic boards on Xen and X11 requires the "nouveau" driver. Other drivers like nv or the nVidia proprietary driver do not support Xen and switch off the screen when launched or do not display properly. "Nouveau" requires a fairly recent version of X11. Slackware 13.37 or newer is required. "Nouveau" is available in kernel 3.4.2 upstream and was previously included as a staging driver. Xen dom0 support was included in kernel 3.0. To benefit from both Xen and "Nouveau", the best is to use kernel 3.4.2 upstream.

== Installing acpica ==

Xen requires acpica. [https://www.acpica.org/downloads Download] then install as below :

# tar -C /usr/local -xvf acpica-unix-yyyymmdd.tar.gz
# cd /usr/local
# chown -R root:root acpica-unix-yyyymmdd
# cd acpica-unix-yyyymmdd
# make
# make install

== Installing yajl ==

Xen 4.19.1 requires yajl. [http://lloyd.github.io/yajl/ Download] then install as below. Note : there is no option to specify the target library directory so the files need to be moved manually.

# tar -C /usr/local -xvf lloyd-yajl-17b1790.tar.gz
# cd /usr/local
# chown -R root:root lloyd-yajl-17b1790
# cd lloyd-yajl-17b1790
# ./configure
# make
# make install
# cd ../lib
# mv libyajl* ../lib64
# ldconfig

== Compiling Xen ==

[http://xen.org/products/xen_source.html Download Xen] from the official [http://www.xen.org xen.org] site. Note : File stubs-32.h is missing in the compiler includes so we add a link to the existing stubs-64.h. Also, some Xen Python scripts are installed in /usr/local/lib64/python-2.7/site-packages which python cannot find so we add links from the standard library as well.

# cd /usr/include/gnu
# ln -s stubs-64.h stubs-32.h
# cd
# tar -C /usr/local -xvf xen-x.y.z.tar.gz
# cd /usr/local
# chown -R root:root xen-x.y.z
# cd xen-x.y.z
# ./configure --libdir=/usr/local/lib64 --with-initddir=/etc/rc.d
# make world
# make install
# make clean
# cd ../lib64/python2.7/site-packages
# ln -s xen /usr/lib64/python2.7/site-packages
# ln -s xen-3.0-py2.7.egg-info /usr/lib64/python2.7/site-packages

== Adjusting rc.local* ==

Xen needs a couple of daemons to run to ensure VM management. Add these lines to rc.local and rc.local_shutdown :

PATH=/usr/local/sbin:/usr/local/bin:$PATH
export PATH

# start xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons start
fi

# stop xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons stop
fi

== Compiling a dom0 Kernel ==

Domain-0 (dom0 for short) is a special guest (virtual machine) that the Xen hypervisor always loads on host startup. Dom0 is used to control and manage the Xen hypervisor, and provides virtual disks and networks for other unprivileged guests (=domUs). Dom0 support was introduced in Linux kernel 3.0. The kernel generated must include the .config file domU and [http://wiki.xen.org/wiki/Mainline_Linux_Kernel_Configs#Configuring_the_kernel dom0 options]. Here is a minimal example of such a [{{SERVER}}/wikislax/download/config-dom0 .config dom0] file. Feel free to use it as a base, replacing device drivers as required. The rest of the kernel compilation is nominal :

# tar -C /usr/src -xvf linux-4.4.88.tar.bz2
# cd /usr/local
# rm linux
# ln -s linux-4.4.88 linux
# cd linux
# make menuconfig
# make
# make modules_install
# cp arch/x86_64/boot/bzImage /boot/vmlinuz-4.4.88-dom0
# cp System.map /boot/System.map-4.4.88-dom0
# cp .config /boot/config-4.4.88-dom0

We're now all set up, Xen is ready to be booted by grub2 !

 

{{ pFoot |[[Compiling from Source]]|[[Main Page]]|[[Using Grub2]]}}

Compiling Xen

2025-02-08T20:45:03Z

Wikislax:

{{RightTOC}}

== What is Xen ? ==

[http://wiki.xen.org/wiki/Xen_Overview Xen] is an hypervisor, a thin software layer executing multiple virtual machines, each running its own operating system. Xen is normally used as a server virtualization platform, running on headless servers without graphical console and controlled through the network. However it is also possible to run Xen on graphical desktops, and with proper hardware virtualization, to dedicate the primary graphics card (and keyboard / mouse) to a virtual machine, making it possible to have high performance full 3D and video acceleration in a virtual machine (see [http://wiki.xen.org/wiki/Xen_VGA_Passthrough Xen VGA Passthru]). Xen is otherwise free and open source.

== A few quirks ==

The '''dev86-0.16.21-x86_64-1.txz''' package included with Slackware 14.2 does not afford compiling '''xen-4.9.0''' properly, and must be replaced by '''[{{SERVER}}/wikislax/download/dev86-0.16.17-x86_64-2.txz dev86-0.16.17-x86_64-2.txz]''', that can be found on the Slackware 13.37, 14.0, or 14.1 distribution disks, in directory '''slackware64/d'''. Trying to compile dev86 [http://v3.sk/~lkundrak/dev86/ from source] is not an alternative : dev86 source versions 0.16.18 to 0.16.21 have the same issue compiling xen-4.9.0, and older 0.16.17 does not compile on Slackware 14.2.

# removepkg /var/log/packages/dev86-0.16.21-x86_64-1.txz
# installpkg dev86-0.16.17-x86_64-2.txz

Also, the '''grub-2.00''' included with Slackware 14.2 does not afford booting xen. However, getting the latest version '''grub-2.02''' from source does work.

== Hardware requirements ==

Xen runs on Intel X86 hardware and requires a processor and motherboard supporting VT-x and optionally VT-d for hardware virtualization. See this [http://www.intel.com/support/motherboards/desktop/sb/cs-030922.htm page] for a list of Intel compatible motherboards and chipsets and this [http://ark.intel.com/ page] for a list of compatible processors. Our system running Xen successfully at the time of this writing (and since June 2012) is based on a DZ77GA70K Intel motherboard, an Intel® Core™ i7-3770 Processor (the overclockable i7-3770 "K" model does not afford virtualization), 32 Gb of PC12800 memory and an MSI GeForce G210 graphics board.

== Documentation difficulties ==

Although the software itself works well and is pretty straighforward, good quality Internet information is missing. The volume of information on the Xen wiki is plethoric, but mostly irrelevant as pertaining to old versions of everything. Building the big picture requires interpretation of tiny bits in forum messages, a pretty painful process, although I have to recognize that it worked for me in the end. An alternative is to use one of these old-style information repositories named "books". Yes it is pretty old-fashionned ;) but actually there are good ones on the topic. Here is [http://www.amazon.co.uk/The-Book-Xen-Practical-Administrator/dp/1593271867/ref=sr_1_1?s=books&ie=UTF8&qid=1341037874&sr=1-1 the most recent I found], it is a good value but of course you can find more on [http://www.amazon.co.uk/s/ref=nb_sb_noss_2?url=search-alias%3Dstripbooks&field-keywords=xen&x=0&y=0 amazon(.co.uk)].

== Software constraints ==

To make a long story short, at the time of this writing (and since June 2012) working with nVidia graphic boards on Xen and X11 requires the "nouveau" driver. Other drivers like nv or the nVidia proprietary driver do not support Xen and switch off the screen when launched or do not display properly. "Nouveau" requires a fairly recent version of X11. Slackware 13.37 or newer is required. "Nouveau" is available in kernel 3.4.2 upstream and was previously included as a staging driver. Xen dom0 support was included in kernel 3.0. To benefit from both Xen and "Nouveau", the best is to use kernel 3.4.2 upstream.

== Installing acpica ==

Xen requires acpica. [https://www.acpica.org/downloads Download] then install as below :

# tar -C /usr/local -xvf acpica-unix-yyyymmdd.tar.gz
# cd /usr/local
# chown -R root:root acpica-unix-yyyymmdd
# cd acpica-unix-yyyymmdd
# make
# make install

== Installing yajl ==

Xen 4.19.1 requires yajl. [http://lloyd.github.io/yajl/ Download] then install as below. Note : there is no option to specify the target library directory so the files need to be moved manually.

# tar -C /usr/local -xvf lloyd-yajl-17b1790.tar.gz
# cd /usr/local
# chown -R root:root lloyd-yajl-17b1790
# cd lloyd-yajl-17b1790
# ./configure
# make
# make install
# cd ../lib
# mv libyajl* ../lib64
# ldconfig

== Compiling Xen ==

[http://xen.org/products/xen_source.html Download Xen] from the official [http://www.xen.org xen.org] site. Note : File stubs-32.h is missing in the compiler includes so we add a link to the existing stubs-64.h. Also, some Xen Python scripts are installed in /usr/local/lib64/python-2.7/site-packages which python cannot find so we add links from the standard library as well.

# cd /usr/include/gnu
# ln -s stubs-64.h stubs-32.h
# cd
# tar -C /usr/local -xvf xen-x.y.z.tar.gz
# cd /usr/local
# chown -R root:root xen-x.y.z
# cd xen-x.y.z
# ./configure --libdir=/usr/local/lib64 --with-initddir=/etc/rc.d
# make world
# make install
# make clean
# cd ../lib64/python2.7/site-packages
# ln -s xen /usr/lib64/python2.7/site-packages
# ln -s xen-3.0-py2.7.egg-info /usr/lib64/python2.7/site-packages

== Adjusting rc.local* ==

Xen needs a couple of daemons to run to ensure VM management. Add these lines to rc.local and rc.local_shutdown :

PATH=/usr/local/sbin:/usr/local/bin:$PATH
export PATH

# start xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons start
fi

# stop xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons stop
fi

== Compiling a dom0 Kernel ==

Domain-0 (dom0 for short) is a special guest (virtual machine) that the Xen hypervisor always loads on host startup. Dom0 is used to control and manage the Xen hypervisor, and provides virtual disks and networks for other unprivileged guests (=domUs). Dom0 support was introduced in Linux kernel 3.0. The kernel generated must include the .config file domU and [http://wiki.xen.org/wiki/Mainline_Linux_Kernel_Configs#Configuring_the_kernel dom0 options]. Here is a minimal example of such a [{{SERVER}}/wikislax/download/config-dom0 .config dom0] file. Feel free to use it as a base, replacing device drivers as required. The rest of the kernel compilation is nominal :

# tar -C /usr/src -xvf linux-4.4.88.tar.bz2
# cd /usr/local
# rm linux
# ln -s linux-4.4.88 linux
# cd linux
# make menuconfig
# make
# make modules_install
# cp arch/x86_64/boot/bzImage /boot/vmlinuz-4.4.88-dom0
# cp System.map /boot/System.map-4.4.88-dom0
# cp .config /boot/config-4.4.88-dom0

We're now all set up, Xen is ready to be booted by grub2 !

 

{{ pFoot |[[Compiling from Source]]|[[Main Page]]|[[Using Grub2]]}}

Compiling Xen

2025-02-08T20:03:22Z

Wikislax: /* Installing yajl */

{{RightTOC}}

== What is Xen ? ==

[http://wiki.xen.org/wiki/Xen_Overview Xen] is an hypervisor, a thin software layer executing multiple virtual machines, each running its own operating system. Xen is normally used as a server virtualization platform, running on headless servers without graphical console and controlled through the network. However it is also possible to run Xen on graphical desktops, and with proper hardware virtualization, to dedicate the primary graphics card (and keyboard / mouse) to a virtual machine, making it possible to have high performance full 3D and video acceleration in a virtual machine (see [http://wiki.xen.org/wiki/Xen_VGA_Passthrough Xen VGA Passthru]). Xen is otherwise free and open source.

== A few quirks ==

The '''dev86-0.16.21-x86_64-1.txz''' package included with Slackware 14.2 does not afford compiling '''xen-4.9.0''' properly, and must be replaced by '''[{{SERVER}}/wikislax/download/dev86-0.16.17-x86_64-2.txz dev86-0.16.17-x86_64-2.txz]''', that can be found on the Slackware 13.37, 14.0, or 14.1 distribution disks, in directory '''slackware64/d'''. Trying to compile dev86 [http://v3.sk/~lkundrak/dev86/ from source] is not an alternative : dev86 source versions 0.16.18 to 0.16.21 have the same issue compiling xen-4.9.0, and older 0.16.17 does not compile on Slackware 14.2.

# removepkg /var/log/packages/dev86-0.16.21-x86_64-1.txz
# installpkg dev86-0.16.17-x86_64-2.txz

Also, the '''grub-2.00''' included with Slackware 14.2 does not afford booting xen. However, getting the latest version '''grub-2.02''' from source does work.

== Hardware requirements ==

Xen runs on Intel X86 hardware and requires a processor and motherboard supporting VT-x and optionally VT-d for hardware virtualization. See this [http://www.intel.com/support/motherboards/desktop/sb/cs-030922.htm page] for a list of Intel compatible motherboards and chipsets and this [http://ark.intel.com/ page] for a list of compatible processors. Our system running Xen successfully at the time of this writing (and since June 2012) is based on a DZ77GA70K Intel motherboard, an Intel® Core™ i7-3770 Processor (the overclockable i7-3770 "K" model does not afford virtualization), 32 Gb of PC12800 memory and an MSI GeForce G210 graphics board.

== Documentation difficulties ==

Although the software itself works well and is pretty straighforward, good quality Internet information is missing. The volume of information on the Xen wiki is plethoric, but mostly irrelevant as pertaining to old versions of everything. Building the big picture requires interpretation of tiny bits in forum messages, a pretty painful process, although I have to recognize that it worked for me in the end. An alternative is to use one of these old-style information repositories named "books". Yes it is pretty old-fashionned ;) but actually there are good ones on the topic. Here is [http://www.amazon.co.uk/The-Book-Xen-Practical-Administrator/dp/1593271867/ref=sr_1_1?s=books&ie=UTF8&qid=1341037874&sr=1-1 the most recent I found], it is a good value but of course you can find more on [http://www.amazon.co.uk/s/ref=nb_sb_noss_2?url=search-alias%3Dstripbooks&field-keywords=xen&x=0&y=0 amazon(.co.uk)].

== Software constraints ==

To make a long story short, at the time of this writing (and since June 2012) working with nVidia graphic boards on Xen and X11 requires the "nouveau" driver. Other drivers like nv or the nVidia proprietary driver do not support Xen and switch off the screen when launched or do not display properly. "Nouveau" requires a fairly recent version of X11. Slackware 13.37 or newer is required. "Nouveau" is available in kernel 3.4.2 upstream and was previously included as a staging driver. Xen dom0 support was included in kernel 3.0. To benefit from both Xen and "Nouveau", the best is to use kernel 3.4.2 upstream.

== Installing acpica ==

Xen requires acpica. [https://www.acpica.org/downloads Download] then install as below :

# tar -C /usr/local -xvf acpica-unix-yyyymmdd.tar.gz
# cd /usr/local
# chown -R root:root acpica-unix-yyyymmdd
# cd acpica-unix-yyyymmdd
# make
# make install

== Installing yajl ==

Xen 4.19.1 requires yajl. [http://lloyd.github.io/yajl/ Download] then install as below. Note : there is no option to specify the target library directory so the files need to be moved manually.

# tar -C /usr/local -xvf lloyd-yajl-17b1790.tar.gz
# cd /usr/local
# chown -R root:root lloyd-yajl-17b1790
# cd lloyd-yajl-17b1790
# ./configure
# make
# make install
# cd ../lib
# mv libyajl* ../lib64
# ldconfig

== Updating go ==

Xen 4.19.1 requires the go language. Go is included as part of gcc but does not work "as is" and must be replaced by the version from the go web site. [https://go.dev/dl/ Download] then install as below.

# cd /var/log/packages
# ls | grep gcc-go
gcc-go-11.2.0-x86_64-2
# removepkg gcc-go-11.2.0-x86_64-2
. . .
# tar -C /usr/local -xvf go1.23.5.linux-amd64.tar.gz

Then add the '''/usr/local/go/bin''' to '''$PATH''' in /etc/profile. Make sure it works :

# go version
go version go1.23.5 linux/amd64
#

== Compiling Xen ==

[http://xen.org/products/xen_source.html Download Xen] from the official [http://www.xen.org xen.org] site. Note : File stubs-32.h is missing in the compiler includes so we add a link to the existing stubs-64.h. Also, some Xen Python scripts are installed in /usr/local/lib64/python-2.7/site-packages which python cannot find so we add links from the standard library as well.

# cd /usr/include/gnu
# ln -s stubs-64.h stubs-32.h
# cd
# tar -C /usr/local -xvf xen-x.y.z.tar.gz
# cd /usr/local
# chown -R root:root xen-x.y.z
# cd xen-x.y.z
# ./configure --libdir=/usr/local/lib64 --with-initddir=/etc/rc.d
# make world
# make install
# make clean
# cd ../lib64/python2.7/site-packages
# ln -s xen /usr/lib64/python2.7/site-packages
# ln -s xen-3.0-py2.7.egg-info /usr/lib64/python2.7/site-packages

== Adjusting rc.local* ==

Xen needs a couple of daemons to run to ensure VM management. Add these lines to rc.local and rc.local_shutdown :

PATH=/usr/local/sbin:/usr/local/bin:$PATH
export PATH

# start xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons start
fi

# stop xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons stop
fi

== Compiling a dom0 Kernel ==

Domain-0 (dom0 for short) is a special guest (virtual machine) that the Xen hypervisor always loads on host startup. Dom0 is used to control and manage the Xen hypervisor, and provides virtual disks and networks for other unprivileged guests (=domUs). Dom0 support was introduced in Linux kernel 3.0. The kernel generated must include the .config file domU and [http://wiki.xen.org/wiki/Mainline_Linux_Kernel_Configs#Configuring_the_kernel dom0 options]. Here is a minimal example of such a [{{SERVER}}/wikislax/download/config-dom0 .config dom0] file. Feel free to use it as a base, replacing device drivers as required. The rest of the kernel compilation is nominal :

# tar -C /usr/src -xvf linux-4.4.88.tar.bz2
# cd /usr/local
# rm linux
# ln -s linux-4.4.88 linux
# cd linux
# make menuconfig
# make
# make modules_install
# cp arch/x86_64/boot/bzImage /boot/vmlinuz-4.4.88-dom0
# cp System.map /boot/System.map-4.4.88-dom0
# cp .config /boot/config-4.4.88-dom0

We're now all set up, Xen is ready to be booted by grub2 !

 

{{ pFoot |[[Compiling from Source]]|[[Main Page]]|[[Using Grub2]]}}

Compiling Xen

2025-02-04T13:13:21Z

Wikislax:

{{RightTOC}}

== What is Xen ? ==

[http://wiki.xen.org/wiki/Xen_Overview Xen] is an hypervisor, a thin software layer executing multiple virtual machines, each running its own operating system. Xen is normally used as a server virtualization platform, running on headless servers without graphical console and controlled through the network. However it is also possible to run Xen on graphical desktops, and with proper hardware virtualization, to dedicate the primary graphics card (and keyboard / mouse) to a virtual machine, making it possible to have high performance full 3D and video acceleration in a virtual machine (see [http://wiki.xen.org/wiki/Xen_VGA_Passthrough Xen VGA Passthru]). Xen is otherwise free and open source.

== A few quirks ==

The '''dev86-0.16.21-x86_64-1.txz''' package included with Slackware 14.2 does not afford compiling '''xen-4.9.0''' properly, and must be replaced by '''[{{SERVER}}/wikislax/download/dev86-0.16.17-x86_64-2.txz dev86-0.16.17-x86_64-2.txz]''', that can be found on the Slackware 13.37, 14.0, or 14.1 distribution disks, in directory '''slackware64/d'''. Trying to compile dev86 [http://v3.sk/~lkundrak/dev86/ from source] is not an alternative : dev86 source versions 0.16.18 to 0.16.21 have the same issue compiling xen-4.9.0, and older 0.16.17 does not compile on Slackware 14.2.

# removepkg /var/log/packages/dev86-0.16.21-x86_64-1.txz
# installpkg dev86-0.16.17-x86_64-2.txz

Also, the '''grub-2.00''' included with Slackware 14.2 does not afford booting xen. However, getting the latest version '''grub-2.02''' from source does work.

== Hardware requirements ==

Xen runs on Intel X86 hardware and requires a processor and motherboard supporting VT-x and optionally VT-d for hardware virtualization. See this [http://www.intel.com/support/motherboards/desktop/sb/cs-030922.htm page] for a list of Intel compatible motherboards and chipsets and this [http://ark.intel.com/ page] for a list of compatible processors. Our system running Xen successfully at the time of this writing (and since June 2012) is based on a DZ77GA70K Intel motherboard, an Intel® Core™ i7-3770 Processor (the overclockable i7-3770 "K" model does not afford virtualization), 32 Gb of PC12800 memory and an MSI GeForce G210 graphics board.

== Documentation difficulties ==

Although the software itself works well and is pretty straighforward, good quality Internet information is missing. The volume of information on the Xen wiki is plethoric, but mostly irrelevant as pertaining to old versions of everything. Building the big picture requires interpretation of tiny bits in forum messages, a pretty painful process, although I have to recognize that it worked for me in the end. An alternative is to use one of these old-style information repositories named "books". Yes it is pretty old-fashionned ;) but actually there are good ones on the topic. Here is [http://www.amazon.co.uk/The-Book-Xen-Practical-Administrator/dp/1593271867/ref=sr_1_1?s=books&ie=UTF8&qid=1341037874&sr=1-1 the most recent I found], it is a good value but of course you can find more on [http://www.amazon.co.uk/s/ref=nb_sb_noss_2?url=search-alias%3Dstripbooks&field-keywords=xen&x=0&y=0 amazon(.co.uk)].

== Software constraints ==

To make a long story short, at the time of this writing (and since June 2012) working with nVidia graphic boards on Xen and X11 requires the "nouveau" driver. Other drivers like nv or the nVidia proprietary driver do not support Xen and switch off the screen when launched or do not display properly. "Nouveau" requires a fairly recent version of X11. Slackware 13.37 or newer is required. "Nouveau" is available in kernel 3.4.2 upstream and was previously included as a staging driver. Xen dom0 support was included in kernel 3.0. To benefit from both Xen and "Nouveau", the best is to use kernel 3.4.2 upstream.

== Installing acpica ==

Xen requires acpica. [https://www.acpica.org/downloads Download] then install as below :

# tar -C /usr/local -xvf acpica-unix-yyyymmdd.tar.gz
# cd /usr/local
# chown -R root:root acpica-unix-yyyymmdd
# cd acpica-unix-yyyymmdd
# make
# make install

== Installing yajl ==

Xen 4.19.1 requires yajl. Yajl is part of Slackware 15.0 but must be replaced by a newer version. [http://lloyd.github.io/yajl/ Download] then install as below. Note : there is no option to specify the target library directory so the files need to be moved manually.

# cd /var/log/packages
# ls | grep yajl
yajl-2.1.0-x86_64-3_SBo
# removepkg yajl-2.1.0-x86_64-3_SBo
. . .
#

# tar -C /usr/local -xvf lloyd-yajl-17b1790.tar.gz
# cd /usr/local
# chown -R root:root lloyd-yajl-17b1790
# cd lloyd-yajl-17b1790
# ./configure
# make
# make install
# cd ../lib
# mv libyajl* ../lib64
# ldconfig

== Updating go ==

Xen 4.19.1 requires the go language. Go is included as part of gcc but does not work "as is" and must be replaced by the version from the go web site. [https://go.dev/dl/ Download] then install as below.

# cd /var/log/packages
# ls | grep gcc-go
gcc-go-11.2.0-x86_64-2
# removepkg gcc-go-11.2.0-x86_64-2
. . .
# tar -C /usr/local -xvf go1.23.5.linux-amd64.tar.gz

Then add the '''/usr/local/go/bin''' to '''$PATH''' in /etc/profile. Make sure it works :

# go version
go version go1.23.5 linux/amd64
#

== Compiling Xen ==

[http://xen.org/products/xen_source.html Download Xen] from the official [http://www.xen.org xen.org] site. Note : File stubs-32.h is missing in the compiler includes so we add a link to the existing stubs-64.h. Also, some Xen Python scripts are installed in /usr/local/lib64/python-2.7/site-packages which python cannot find so we add links from the standard library as well.

# cd /usr/include/gnu
# ln -s stubs-64.h stubs-32.h
# cd
# tar -C /usr/local -xvf xen-x.y.z.tar.gz
# cd /usr/local
# chown -R root:root xen-x.y.z
# cd xen-x.y.z
# ./configure --libdir=/usr/local/lib64 --with-initddir=/etc/rc.d
# make world
# make install
# make clean
# cd ../lib64/python2.7/site-packages
# ln -s xen /usr/lib64/python2.7/site-packages
# ln -s xen-3.0-py2.7.egg-info /usr/lib64/python2.7/site-packages

== Adjusting rc.local* ==

Xen needs a couple of daemons to run to ensure VM management. Add these lines to rc.local and rc.local_shutdown :

PATH=/usr/local/sbin:/usr/local/bin:$PATH
export PATH

# start xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons start
fi

# stop xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons stop
fi

== Compiling a dom0 Kernel ==

Domain-0 (dom0 for short) is a special guest (virtual machine) that the Xen hypervisor always loads on host startup. Dom0 is used to control and manage the Xen hypervisor, and provides virtual disks and networks for other unprivileged guests (=domUs). Dom0 support was introduced in Linux kernel 3.0. The kernel generated must include the .config file domU and [http://wiki.xen.org/wiki/Mainline_Linux_Kernel_Configs#Configuring_the_kernel dom0 options]. Here is a minimal example of such a [{{SERVER}}/wikislax/download/config-dom0 .config dom0] file. Feel free to use it as a base, replacing device drivers as required. The rest of the kernel compilation is nominal :

# tar -C /usr/src -xvf linux-4.4.88.tar.bz2
# cd /usr/local
# rm linux
# ln -s linux-4.4.88 linux
# cd linux
# make menuconfig
# make
# make modules_install
# cp arch/x86_64/boot/bzImage /boot/vmlinuz-4.4.88-dom0
# cp System.map /boot/System.map-4.4.88-dom0
# cp .config /boot/config-4.4.88-dom0

We're now all set up, Xen is ready to be booted by grub2 !

 

{{ pFoot |[[Compiling from Source]]|[[Main Page]]|[[Using Grub2]]}}

Compiling Xen

2025-02-04T12:56:15Z

Wikislax: /* Compiling yajl */

{{RightTOC}}

== What is Xen ? ==

[http://wiki.xen.org/wiki/Xen_Overview Xen] is an hypervisor, a thin software layer executing multiple virtual machines, each running its own operating system. Xen is normally used as a server virtualization platform, running on headless servers without graphical console and controlled through the network. However it is also possible to run Xen on graphical desktops, and with proper hardware virtualization, to dedicate the primary graphics card (and keyboard / mouse) to a virtual machine, making it possible to have high performance full 3D and video acceleration in a virtual machine (see [http://wiki.xen.org/wiki/Xen_VGA_Passthrough Xen VGA Passthru]). Xen is otherwise free and open source.

== A few quirks ==

The '''dev86-0.16.21-x86_64-1.txz''' package included with Slackware 14.2 does not afford compiling '''xen-4.9.0''' properly, and must be replaced by '''[{{SERVER}}/wikislax/download/dev86-0.16.17-x86_64-2.txz dev86-0.16.17-x86_64-2.txz]''', that can be found on the Slackware 13.37, 14.0, or 14.1 distribution disks, in directory '''slackware64/d'''. Trying to compile dev86 [http://v3.sk/~lkundrak/dev86/ from source] is not an alternative : dev86 source versions 0.16.18 to 0.16.21 have the same issue compiling xen-4.9.0, and older 0.16.17 does not compile on Slackware 14.2.

# removepkg /var/log/packages/dev86-0.16.21-x86_64-1.txz
# installpkg dev86-0.16.17-x86_64-2.txz

Also, the '''grub-2.00''' included with Slackware 14.2 does not afford booting xen. However, getting the latest version '''grub-2.02''' from source does work.

== Hardware requirements ==

Xen runs on Intel X86 hardware and requires a processor and motherboard supporting VT-x and optionally VT-d for hardware virtualization. See this [http://www.intel.com/support/motherboards/desktop/sb/cs-030922.htm page] for a list of Intel compatible motherboards and chipsets and this [http://ark.intel.com/ page] for a list of compatible processors. Our system running Xen successfully at the time of this writing (and since June 2012) is based on a DZ77GA70K Intel motherboard, an Intel® Core™ i7-3770 Processor (the overclockable i7-3770 "K" model does not afford virtualization), 32 Gb of PC12800 memory and an MSI GeForce G210 graphics board.

== Documentation difficulties ==

Although the software itself works well and is pretty straighforward, good quality Internet information is missing. The volume of information on the Xen wiki is plethoric, but mostly irrelevant as pertaining to old versions of everything. Building the big picture requires interpretation of tiny bits in forum messages, a pretty painful process, although I have to recognize that it worked for me in the end. An alternative is to use one of these old-style information repositories named "books". Yes it is pretty old-fashionned ;) but actually there are good ones on the topic. Here is [http://www.amazon.co.uk/The-Book-Xen-Practical-Administrator/dp/1593271867/ref=sr_1_1?s=books&ie=UTF8&qid=1341037874&sr=1-1 the most recent I found], it is a good value but of course you can find more on [http://www.amazon.co.uk/s/ref=nb_sb_noss_2?url=search-alias%3Dstripbooks&field-keywords=xen&x=0&y=0 amazon(.co.uk)].

== Software constraints ==

To make a long story short, at the time of this writing (and since June 2012) working with nVidia graphic boards on Xen and X11 requires the "nouveau" driver. Other drivers like nv or the nVidia proprietary driver do not support Xen and switch off the screen when launched or do not display properly. "Nouveau" requires a fairly recent version of X11. Slackware 13.37 or newer is required. "Nouveau" is available in kernel 3.4.2 upstream and was previously included as a staging driver. Xen dom0 support was included in kernel 3.0. To benefit from both Xen and "Nouveau", the best is to use kernel 3.4.2 upstream.

== Installing acpica ==

Xen requires acpica. [https://www.acpica.org/downloads Download] then install as below :

# tar -C /usr/local -xvf acpica-unix-yyyymmdd.tar.gz
# cd /usr/local
# chown -R root:root acpica-unix-yyyymmdd
# cd acpica-unix-yyyymmdd
# make
# make install

== Installing yajl ==

Xen requires yajl. [http://lloyd.github.io/yajl/ Download] then install as below. Note : there is no option to specify the target library directory so the files need to be moved manually.

# tar -C /usr/local -xvf lloyd-yajl-x.y.z.66cb08c.tar.gz
# cd /usr/local
# chown -R root:root lloyd-yajl-66cb08c
# cd lloyd-yajl-66cb08c
# ./configure
# make
# make install
# cd ../lib
# mv libyajl* ../lib64
# ldconfig
# cd ..
# rm -r lloyd-yajl-66cb08c

== Updating go ==

Xen 4.19.1 requires the go language. Go is included as part of gcc but does not work "as is" and must be replaced by the version from the go web site. [https://go.dev/dl/ Download] then install as below.

# ls /var/log/packages | grep gcc-go
gcc-go-11.2.0-x86_64-2
# removepkg gcc-go-11.2.0-x86_64-2
. . .
# tar -C /usr/local -xvf go1.23.5.linux-amd64.tar.gz

Then add the '''/usr/local/go/bin''' to '''$PATH''' in /etc/profile. Make sure it works :

# go version
go version go1.23.5 linux/amd64
#

== Compiling Xen ==

[http://xen.org/products/xen_source.html Download Xen] from the official [http://www.xen.org xen.org] site. Note : File stubs-32.h is missing in the compiler includes so we add a link to the existing stubs-64.h. Also, some Xen Python scripts are installed in /usr/local/lib64/python-2.7/site-packages which python cannot find so we add links from the standard library as well.

# cd /usr/include/gnu
# ln -s stubs-64.h stubs-32.h
# cd
# tar -C /usr/local -xvf xen-x.y.z.tar.gz
# cd /usr/local
# chown -R root:root xen-x.y.z
# cd xen-x.y.z
# ./configure --libdir=/usr/local/lib64 --with-initddir=/etc/rc.d
# make world
# make install
# make clean
# cd ../lib64/python2.7/site-packages
# ln -s xen /usr/lib64/python2.7/site-packages
# ln -s xen-3.0-py2.7.egg-info /usr/lib64/python2.7/site-packages

== Adjusting rc.local* ==

Xen needs a couple of daemons to run to ensure VM management. Add these lines to rc.local and rc.local_shutdown :

PATH=/usr/local/sbin:/usr/local/bin:$PATH
export PATH

# start xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons start
fi

# stop xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons stop
fi

== Compiling a dom0 Kernel ==

Domain-0 (dom0 for short) is a special guest (virtual machine) that the Xen hypervisor always loads on host startup. Dom0 is used to control and manage the Xen hypervisor, and provides virtual disks and networks for other unprivileged guests (=domUs). Dom0 support was introduced in Linux kernel 3.0. The kernel generated must include the .config file domU and [http://wiki.xen.org/wiki/Mainline_Linux_Kernel_Configs#Configuring_the_kernel dom0 options]. Here is a minimal example of such a [{{SERVER}}/wikislax/download/config-dom0 .config dom0] file. Feel free to use it as a base, replacing device drivers as required. The rest of the kernel compilation is nominal :

# tar -C /usr/src -xvf linux-4.4.88.tar.bz2
# cd /usr/local
# rm linux
# ln -s linux-4.4.88 linux
# cd linux
# make menuconfig
# make
# make modules_install
# cp arch/x86_64/boot/bzImage /boot/vmlinuz-4.4.88-dom0
# cp System.map /boot/System.map-4.4.88-dom0
# cp .config /boot/config-4.4.88-dom0

We're now all set up, Xen is ready to be booted by grub2 !

 

{{ pFoot |[[Compiling from Source]]|[[Main Page]]|[[Using Grub2]]}}

Compiling Xen

2025-02-04T12:52:26Z

Wikislax: /* Compiling acpica */

{{RightTOC}}

== What is Xen ? ==

[http://wiki.xen.org/wiki/Xen_Overview Xen] is an hypervisor, a thin software layer executing multiple virtual machines, each running its own operating system. Xen is normally used as a server virtualization platform, running on headless servers without graphical console and controlled through the network. However it is also possible to run Xen on graphical desktops, and with proper hardware virtualization, to dedicate the primary graphics card (and keyboard / mouse) to a virtual machine, making it possible to have high performance full 3D and video acceleration in a virtual machine (see [http://wiki.xen.org/wiki/Xen_VGA_Passthrough Xen VGA Passthru]). Xen is otherwise free and open source.

== A few quirks ==

The '''dev86-0.16.21-x86_64-1.txz''' package included with Slackware 14.2 does not afford compiling '''xen-4.9.0''' properly, and must be replaced by '''[{{SERVER}}/wikislax/download/dev86-0.16.17-x86_64-2.txz dev86-0.16.17-x86_64-2.txz]''', that can be found on the Slackware 13.37, 14.0, or 14.1 distribution disks, in directory '''slackware64/d'''. Trying to compile dev86 [http://v3.sk/~lkundrak/dev86/ from source] is not an alternative : dev86 source versions 0.16.18 to 0.16.21 have the same issue compiling xen-4.9.0, and older 0.16.17 does not compile on Slackware 14.2.

# removepkg /var/log/packages/dev86-0.16.21-x86_64-1.txz
# installpkg dev86-0.16.17-x86_64-2.txz

Also, the '''grub-2.00''' included with Slackware 14.2 does not afford booting xen. However, getting the latest version '''grub-2.02''' from source does work.

== Hardware requirements ==

Xen runs on Intel X86 hardware and requires a processor and motherboard supporting VT-x and optionally VT-d for hardware virtualization. See this [http://www.intel.com/support/motherboards/desktop/sb/cs-030922.htm page] for a list of Intel compatible motherboards and chipsets and this [http://ark.intel.com/ page] for a list of compatible processors. Our system running Xen successfully at the time of this writing (and since June 2012) is based on a DZ77GA70K Intel motherboard, an Intel® Core™ i7-3770 Processor (the overclockable i7-3770 "K" model does not afford virtualization), 32 Gb of PC12800 memory and an MSI GeForce G210 graphics board.

== Documentation difficulties ==

Although the software itself works well and is pretty straighforward, good quality Internet information is missing. The volume of information on the Xen wiki is plethoric, but mostly irrelevant as pertaining to old versions of everything. Building the big picture requires interpretation of tiny bits in forum messages, a pretty painful process, although I have to recognize that it worked for me in the end. An alternative is to use one of these old-style information repositories named "books". Yes it is pretty old-fashionned ;) but actually there are good ones on the topic. Here is [http://www.amazon.co.uk/The-Book-Xen-Practical-Administrator/dp/1593271867/ref=sr_1_1?s=books&ie=UTF8&qid=1341037874&sr=1-1 the most recent I found], it is a good value but of course you can find more on [http://www.amazon.co.uk/s/ref=nb_sb_noss_2?url=search-alias%3Dstripbooks&field-keywords=xen&x=0&y=0 amazon(.co.uk)].

== Software constraints ==

To make a long story short, at the time of this writing (and since June 2012) working with nVidia graphic boards on Xen and X11 requires the "nouveau" driver. Other drivers like nv or the nVidia proprietary driver do not support Xen and switch off the screen when launched or do not display properly. "Nouveau" requires a fairly recent version of X11. Slackware 13.37 or newer is required. "Nouveau" is available in kernel 3.4.2 upstream and was previously included as a staging driver. Xen dom0 support was included in kernel 3.0. To benefit from both Xen and "Nouveau", the best is to use kernel 3.4.2 upstream.

== Installing acpica ==

Xen requires acpica. [https://www.acpica.org/downloads Download] then install as below :

# tar -C /usr/local -xvf acpica-unix-yyyymmdd.tar.gz
# cd /usr/local
# chown -R root:root acpica-unix-yyyymmdd
# cd acpica-unix-yyyymmdd
# make
# make install

== Compiling yajl ==

Xen requires yajl. [http://lloyd.github.io/yajl/ Download] then install as below. Note : there is no option to specify the target library directory so the files need to be moved manually.

# tar -C /usr/local -xvf lloyd-yajl-x.y.z.66cb08c.tar.gz
# cd /usr/local
# chown -R root:root lloyd-yajl-66cb08c
# cd lloyd-yajl-66cb08c
# ./configure
# make
# make install
# cd ../lib
# mv libyajl* ../lib64
# ldconfig
# cd ..
# rm -r lloyd-yajl-66cb08c

== Updating go ==

Xen 4.19.1 requires the go language. Go is included as part of gcc but does not work "as is" and must be replaced by the version from the go web site. [https://go.dev/dl/ Download] then install as below.

# ls /var/log/packages | grep gcc-go
gcc-go-11.2.0-x86_64-2
# removepkg gcc-go-11.2.0-x86_64-2
. . .
# tar -C /usr/local -xvf go1.23.5.linux-amd64.tar.gz

Then add the '''/usr/local/go/bin''' to '''$PATH''' in /etc/profile. Make sure it works :

# go version
go version go1.23.5 linux/amd64
#

== Compiling Xen ==

[http://xen.org/products/xen_source.html Download Xen] from the official [http://www.xen.org xen.org] site. Note : File stubs-32.h is missing in the compiler includes so we add a link to the existing stubs-64.h. Also, some Xen Python scripts are installed in /usr/local/lib64/python-2.7/site-packages which python cannot find so we add links from the standard library as well.

# cd /usr/include/gnu
# ln -s stubs-64.h stubs-32.h
# cd
# tar -C /usr/local -xvf xen-x.y.z.tar.gz
# cd /usr/local
# chown -R root:root xen-x.y.z
# cd xen-x.y.z
# ./configure --libdir=/usr/local/lib64 --with-initddir=/etc/rc.d
# make world
# make install
# make clean
# cd ../lib64/python2.7/site-packages
# ln -s xen /usr/lib64/python2.7/site-packages
# ln -s xen-3.0-py2.7.egg-info /usr/lib64/python2.7/site-packages

== Adjusting rc.local* ==

Xen needs a couple of daemons to run to ensure VM management. Add these lines to rc.local and rc.local_shutdown :

PATH=/usr/local/sbin:/usr/local/bin:$PATH
export PATH

# start xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons start
fi

# stop xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons stop
fi

== Compiling a dom0 Kernel ==

Domain-0 (dom0 for short) is a special guest (virtual machine) that the Xen hypervisor always loads on host startup. Dom0 is used to control and manage the Xen hypervisor, and provides virtual disks and networks for other unprivileged guests (=domUs). Dom0 support was introduced in Linux kernel 3.0. The kernel generated must include the .config file domU and [http://wiki.xen.org/wiki/Mainline_Linux_Kernel_Configs#Configuring_the_kernel dom0 options]. Here is a minimal example of such a [{{SERVER}}/wikislax/download/config-dom0 .config dom0] file. Feel free to use it as a base, replacing device drivers as required. The rest of the kernel compilation is nominal :

# tar -C /usr/src -xvf linux-4.4.88.tar.bz2
# cd /usr/local
# rm linux
# ln -s linux-4.4.88 linux
# cd linux
# make menuconfig
# make
# make modules_install
# cp arch/x86_64/boot/bzImage /boot/vmlinuz-4.4.88-dom0
# cp System.map /boot/System.map-4.4.88-dom0
# cp .config /boot/config-4.4.88-dom0

We're now all set up, Xen is ready to be booted by grub2 !

 

{{ pFoot |[[Compiling from Source]]|[[Main Page]]|[[Using Grub2]]}}

Compiling Xen

2025-02-04T12:50:35Z

Wikislax: /* Updating go */

{{RightTOC}}

== What is Xen ? ==

[http://wiki.xen.org/wiki/Xen_Overview Xen] is an hypervisor, a thin software layer executing multiple virtual machines, each running its own operating system. Xen is normally used as a server virtualization platform, running on headless servers without graphical console and controlled through the network. However it is also possible to run Xen on graphical desktops, and with proper hardware virtualization, to dedicate the primary graphics card (and keyboard / mouse) to a virtual machine, making it possible to have high performance full 3D and video acceleration in a virtual machine (see [http://wiki.xen.org/wiki/Xen_VGA_Passthrough Xen VGA Passthru]). Xen is otherwise free and open source.

== A few quirks ==

The '''dev86-0.16.21-x86_64-1.txz''' package included with Slackware 14.2 does not afford compiling '''xen-4.9.0''' properly, and must be replaced by '''[{{SERVER}}/wikislax/download/dev86-0.16.17-x86_64-2.txz dev86-0.16.17-x86_64-2.txz]''', that can be found on the Slackware 13.37, 14.0, or 14.1 distribution disks, in directory '''slackware64/d'''. Trying to compile dev86 [http://v3.sk/~lkundrak/dev86/ from source] is not an alternative : dev86 source versions 0.16.18 to 0.16.21 have the same issue compiling xen-4.9.0, and older 0.16.17 does not compile on Slackware 14.2.

# removepkg /var/log/packages/dev86-0.16.21-x86_64-1.txz
# installpkg dev86-0.16.17-x86_64-2.txz

Also, the '''grub-2.00''' included with Slackware 14.2 does not afford booting xen. However, getting the latest version '''grub-2.02''' from source does work.

== Hardware requirements ==

Xen runs on Intel X86 hardware and requires a processor and motherboard supporting VT-x and optionally VT-d for hardware virtualization. See this [http://www.intel.com/support/motherboards/desktop/sb/cs-030922.htm page] for a list of Intel compatible motherboards and chipsets and this [http://ark.intel.com/ page] for a list of compatible processors. Our system running Xen successfully at the time of this writing (and since June 2012) is based on a DZ77GA70K Intel motherboard, an Intel® Core™ i7-3770 Processor (the overclockable i7-3770 "K" model does not afford virtualization), 32 Gb of PC12800 memory and an MSI GeForce G210 graphics board.

== Documentation difficulties ==

Although the software itself works well and is pretty straighforward, good quality Internet information is missing. The volume of information on the Xen wiki is plethoric, but mostly irrelevant as pertaining to old versions of everything. Building the big picture requires interpretation of tiny bits in forum messages, a pretty painful process, although I have to recognize that it worked for me in the end. An alternative is to use one of these old-style information repositories named "books". Yes it is pretty old-fashionned ;) but actually there are good ones on the topic. Here is [http://www.amazon.co.uk/The-Book-Xen-Practical-Administrator/dp/1593271867/ref=sr_1_1?s=books&ie=UTF8&qid=1341037874&sr=1-1 the most recent I found], it is a good value but of course you can find more on [http://www.amazon.co.uk/s/ref=nb_sb_noss_2?url=search-alias%3Dstripbooks&field-keywords=xen&x=0&y=0 amazon(.co.uk)].

== Software constraints ==

To make a long story short, at the time of this writing (and since June 2012) working with nVidia graphic boards on Xen and X11 requires the "nouveau" driver. Other drivers like nv or the nVidia proprietary driver do not support Xen and switch off the screen when launched or do not display properly. "Nouveau" requires a fairly recent version of X11. Slackware 13.37 or newer is required. "Nouveau" is available in kernel 3.4.2 upstream and was previously included as a staging driver. Xen dom0 support was included in kernel 3.0. To benefit from both Xen and "Nouveau", the best is to use kernel 3.4.2 upstream.

== Compiling acpica ==

Xen requires acpica. [https://www.acpica.org/downloads Download] then install as below :

# tar -C /usr/local -xvf acpica-unix-yyyymmdd.tar.gz
# cd /usr/local
# chown -R root:root acpica-unix-yyyymmdd
# cd acpica-unix-yyyymmdd
# make
# make install
# cd ..
# rm -r acpica-unix-yyyymmdd

== Compiling yajl ==

Xen requires yajl. [http://lloyd.github.io/yajl/ Download] then install as below. Note : there is no option to specify the target library directory so the files need to be moved manually.

# tar -C /usr/local -xvf lloyd-yajl-x.y.z.66cb08c.tar.gz
# cd /usr/local
# chown -R root:root lloyd-yajl-66cb08c
# cd lloyd-yajl-66cb08c
# ./configure
# make
# make install
# cd ../lib
# mv libyajl* ../lib64
# ldconfig
# cd ..
# rm -r lloyd-yajl-66cb08c

== Updating go ==

Xen 4.19.1 requires the go language. Go is included as part of gcc but does not work "as is" and must be replaced by the version from the go web site. [https://go.dev/dl/ Download] then install as below.

# ls /var/log/packages | grep gcc-go
gcc-go-11.2.0-x86_64-2
# removepkg gcc-go-11.2.0-x86_64-2
. . .
# tar -C /usr/local -xvf go1.23.5.linux-amd64.tar.gz

Then add the '''/usr/local/go/bin''' to '''$PATH''' in /etc/profile. Make sure it works :

# go version
go version go1.23.5 linux/amd64
#

== Compiling Xen ==

[http://xen.org/products/xen_source.html Download Xen] from the official [http://www.xen.org xen.org] site. Note : File stubs-32.h is missing in the compiler includes so we add a link to the existing stubs-64.h. Also, some Xen Python scripts are installed in /usr/local/lib64/python-2.7/site-packages which python cannot find so we add links from the standard library as well.

# cd /usr/include/gnu
# ln -s stubs-64.h stubs-32.h
# cd
# tar -C /usr/local -xvf xen-x.y.z.tar.gz
# cd /usr/local
# chown -R root:root xen-x.y.z
# cd xen-x.y.z
# ./configure --libdir=/usr/local/lib64 --with-initddir=/etc/rc.d
# make world
# make install
# make clean
# cd ../lib64/python2.7/site-packages
# ln -s xen /usr/lib64/python2.7/site-packages
# ln -s xen-3.0-py2.7.egg-info /usr/lib64/python2.7/site-packages

== Adjusting rc.local* ==

Xen needs a couple of daemons to run to ensure VM management. Add these lines to rc.local and rc.local_shutdown :

PATH=/usr/local/sbin:/usr/local/bin:$PATH
export PATH

# start xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons start
fi

# stop xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons stop
fi

== Compiling a dom0 Kernel ==

Domain-0 (dom0 for short) is a special guest (virtual machine) that the Xen hypervisor always loads on host startup. Dom0 is used to control and manage the Xen hypervisor, and provides virtual disks and networks for other unprivileged guests (=domUs). Dom0 support was introduced in Linux kernel 3.0. The kernel generated must include the .config file domU and [http://wiki.xen.org/wiki/Mainline_Linux_Kernel_Configs#Configuring_the_kernel dom0 options]. Here is a minimal example of such a [{{SERVER}}/wikislax/download/config-dom0 .config dom0] file. Feel free to use it as a base, replacing device drivers as required. The rest of the kernel compilation is nominal :

# tar -C /usr/src -xvf linux-4.4.88.tar.bz2
# cd /usr/local
# rm linux
# ln -s linux-4.4.88 linux
# cd linux
# make menuconfig
# make
# make modules_install
# cp arch/x86_64/boot/bzImage /boot/vmlinuz-4.4.88-dom0
# cp System.map /boot/System.map-4.4.88-dom0
# cp .config /boot/config-4.4.88-dom0

We're now all set up, Xen is ready to be booted by grub2 !

 

{{ pFoot |[[Compiling from Source]]|[[Main Page]]|[[Using Grub2]]}}

Compiling Xen

2025-02-04T12:48:06Z

Wikislax: /* Updating go */

{{RightTOC}}

== What is Xen ? ==

[http://wiki.xen.org/wiki/Xen_Overview Xen] is an hypervisor, a thin software layer executing multiple virtual machines, each running its own operating system. Xen is normally used as a server virtualization platform, running on headless servers without graphical console and controlled through the network. However it is also possible to run Xen on graphical desktops, and with proper hardware virtualization, to dedicate the primary graphics card (and keyboard / mouse) to a virtual machine, making it possible to have high performance full 3D and video acceleration in a virtual machine (see [http://wiki.xen.org/wiki/Xen_VGA_Passthrough Xen VGA Passthru]). Xen is otherwise free and open source.

== A few quirks ==

The '''dev86-0.16.21-x86_64-1.txz''' package included with Slackware 14.2 does not afford compiling '''xen-4.9.0''' properly, and must be replaced by '''[{{SERVER}}/wikislax/download/dev86-0.16.17-x86_64-2.txz dev86-0.16.17-x86_64-2.txz]''', that can be found on the Slackware 13.37, 14.0, or 14.1 distribution disks, in directory '''slackware64/d'''. Trying to compile dev86 [http://v3.sk/~lkundrak/dev86/ from source] is not an alternative : dev86 source versions 0.16.18 to 0.16.21 have the same issue compiling xen-4.9.0, and older 0.16.17 does not compile on Slackware 14.2.

# removepkg /var/log/packages/dev86-0.16.21-x86_64-1.txz
# installpkg dev86-0.16.17-x86_64-2.txz

Also, the '''grub-2.00''' included with Slackware 14.2 does not afford booting xen. However, getting the latest version '''grub-2.02''' from source does work.

== Hardware requirements ==

Xen runs on Intel X86 hardware and requires a processor and motherboard supporting VT-x and optionally VT-d for hardware virtualization. See this [http://www.intel.com/support/motherboards/desktop/sb/cs-030922.htm page] for a list of Intel compatible motherboards and chipsets and this [http://ark.intel.com/ page] for a list of compatible processors. Our system running Xen successfully at the time of this writing (and since June 2012) is based on a DZ77GA70K Intel motherboard, an Intel® Core™ i7-3770 Processor (the overclockable i7-3770 "K" model does not afford virtualization), 32 Gb of PC12800 memory and an MSI GeForce G210 graphics board.

== Documentation difficulties ==

Although the software itself works well and is pretty straighforward, good quality Internet information is missing. The volume of information on the Xen wiki is plethoric, but mostly irrelevant as pertaining to old versions of everything. Building the big picture requires interpretation of tiny bits in forum messages, a pretty painful process, although I have to recognize that it worked for me in the end. An alternative is to use one of these old-style information repositories named "books". Yes it is pretty old-fashionned ;) but actually there are good ones on the topic. Here is [http://www.amazon.co.uk/The-Book-Xen-Practical-Administrator/dp/1593271867/ref=sr_1_1?s=books&ie=UTF8&qid=1341037874&sr=1-1 the most recent I found], it is a good value but of course you can find more on [http://www.amazon.co.uk/s/ref=nb_sb_noss_2?url=search-alias%3Dstripbooks&field-keywords=xen&x=0&y=0 amazon(.co.uk)].

== Software constraints ==

To make a long story short, at the time of this writing (and since June 2012) working with nVidia graphic boards on Xen and X11 requires the "nouveau" driver. Other drivers like nv or the nVidia proprietary driver do not support Xen and switch off the screen when launched or do not display properly. "Nouveau" requires a fairly recent version of X11. Slackware 13.37 or newer is required. "Nouveau" is available in kernel 3.4.2 upstream and was previously included as a staging driver. Xen dom0 support was included in kernel 3.0. To benefit from both Xen and "Nouveau", the best is to use kernel 3.4.2 upstream.

== Compiling acpica ==

Xen requires acpica. [https://www.acpica.org/downloads Download] then install as below :

# tar -C /usr/local -xvf acpica-unix-yyyymmdd.tar.gz
# cd /usr/local
# chown -R root:root acpica-unix-yyyymmdd
# cd acpica-unix-yyyymmdd
# make
# make install
# cd ..
# rm -r acpica-unix-yyyymmdd

== Compiling yajl ==

Xen requires yajl. [http://lloyd.github.io/yajl/ Download] then install as below. Note : there is no option to specify the target library directory so the files need to be moved manually.

# tar -C /usr/local -xvf lloyd-yajl-x.y.z.66cb08c.tar.gz
# cd /usr/local
# chown -R root:root lloyd-yajl-66cb08c
# cd lloyd-yajl-66cb08c
# ./configure
# make
# make install
# cd ../lib
# mv libyajl* ../lib64
# ldconfig
# cd ..
# rm -r lloyd-yajl-66cb08c

== Updating go ==

Xen 4.19.1 requires the go language. Go is included as part of gcc but does not work "as is" and must be replaced by the version from the go web site. [https://go.dev/dl/ Download] then install as below.

# ls /var/log/packages | grep gcc-go
gcc-go-11.2.0-x86_64-2
# removepkg gcc-go-11.2.0-x86_64-2
. . .
# tar -C /usr/local -xvf go1.23.5.linux-amd64.tar.gz

Then add the '''/usr/local/go/bin''' to '''$PATH''' in /etc/profile.

== Compiling Xen ==

[http://xen.org/products/xen_source.html Download Xen] from the official [http://www.xen.org xen.org] site. Note : File stubs-32.h is missing in the compiler includes so we add a link to the existing stubs-64.h. Also, some Xen Python scripts are installed in /usr/local/lib64/python-2.7/site-packages which python cannot find so we add links from the standard library as well.

# cd /usr/include/gnu
# ln -s stubs-64.h stubs-32.h
# cd
# tar -C /usr/local -xvf xen-x.y.z.tar.gz
# cd /usr/local
# chown -R root:root xen-x.y.z
# cd xen-x.y.z
# ./configure --libdir=/usr/local/lib64 --with-initddir=/etc/rc.d
# make world
# make install
# make clean
# cd ../lib64/python2.7/site-packages
# ln -s xen /usr/lib64/python2.7/site-packages
# ln -s xen-3.0-py2.7.egg-info /usr/lib64/python2.7/site-packages

== Adjusting rc.local* ==

Xen needs a couple of daemons to run to ensure VM management. Add these lines to rc.local and rc.local_shutdown :

PATH=/usr/local/sbin:/usr/local/bin:$PATH
export PATH

# start xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons start
fi

# stop xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons stop
fi

== Compiling a dom0 Kernel ==

Domain-0 (dom0 for short) is a special guest (virtual machine) that the Xen hypervisor always loads on host startup. Dom0 is used to control and manage the Xen hypervisor, and provides virtual disks and networks for other unprivileged guests (=domUs). Dom0 support was introduced in Linux kernel 3.0. The kernel generated must include the .config file domU and [http://wiki.xen.org/wiki/Mainline_Linux_Kernel_Configs#Configuring_the_kernel dom0 options]. Here is a minimal example of such a [{{SERVER}}/wikislax/download/config-dom0 .config dom0] file. Feel free to use it as a base, replacing device drivers as required. The rest of the kernel compilation is nominal :

# tar -C /usr/src -xvf linux-4.4.88.tar.bz2
# cd /usr/local
# rm linux
# ln -s linux-4.4.88 linux
# cd linux
# make menuconfig
# make
# make modules_install
# cp arch/x86_64/boot/bzImage /boot/vmlinuz-4.4.88-dom0
# cp System.map /boot/System.map-4.4.88-dom0
# cp .config /boot/config-4.4.88-dom0

We're now all set up, Xen is ready to be booted by grub2 !

 

{{ pFoot |[[Compiling from Source]]|[[Main Page]]|[[Using Grub2]]}}

Compiling Xen

2025-02-04T12:46:52Z

Wikislax: /* Updating go */

{{RightTOC}}

== What is Xen ? ==

[http://wiki.xen.org/wiki/Xen_Overview Xen] is an hypervisor, a thin software layer executing multiple virtual machines, each running its own operating system. Xen is normally used as a server virtualization platform, running on headless servers without graphical console and controlled through the network. However it is also possible to run Xen on graphical desktops, and with proper hardware virtualization, to dedicate the primary graphics card (and keyboard / mouse) to a virtual machine, making it possible to have high performance full 3D and video acceleration in a virtual machine (see [http://wiki.xen.org/wiki/Xen_VGA_Passthrough Xen VGA Passthru]). Xen is otherwise free and open source.

== A few quirks ==

The '''dev86-0.16.21-x86_64-1.txz''' package included with Slackware 14.2 does not afford compiling '''xen-4.9.0''' properly, and must be replaced by '''[{{SERVER}}/wikislax/download/dev86-0.16.17-x86_64-2.txz dev86-0.16.17-x86_64-2.txz]''', that can be found on the Slackware 13.37, 14.0, or 14.1 distribution disks, in directory '''slackware64/d'''. Trying to compile dev86 [http://v3.sk/~lkundrak/dev86/ from source] is not an alternative : dev86 source versions 0.16.18 to 0.16.21 have the same issue compiling xen-4.9.0, and older 0.16.17 does not compile on Slackware 14.2.

# removepkg /var/log/packages/dev86-0.16.21-x86_64-1.txz
# installpkg dev86-0.16.17-x86_64-2.txz

Also, the '''grub-2.00''' included with Slackware 14.2 does not afford booting xen. However, getting the latest version '''grub-2.02''' from source does work.

== Hardware requirements ==

Xen runs on Intel X86 hardware and requires a processor and motherboard supporting VT-x and optionally VT-d for hardware virtualization. See this [http://www.intel.com/support/motherboards/desktop/sb/cs-030922.htm page] for a list of Intel compatible motherboards and chipsets and this [http://ark.intel.com/ page] for a list of compatible processors. Our system running Xen successfully at the time of this writing (and since June 2012) is based on a DZ77GA70K Intel motherboard, an Intel® Core™ i7-3770 Processor (the overclockable i7-3770 "K" model does not afford virtualization), 32 Gb of PC12800 memory and an MSI GeForce G210 graphics board.

== Documentation difficulties ==

Although the software itself works well and is pretty straighforward, good quality Internet information is missing. The volume of information on the Xen wiki is plethoric, but mostly irrelevant as pertaining to old versions of everything. Building the big picture requires interpretation of tiny bits in forum messages, a pretty painful process, although I have to recognize that it worked for me in the end. An alternative is to use one of these old-style information repositories named "books". Yes it is pretty old-fashionned ;) but actually there are good ones on the topic. Here is [http://www.amazon.co.uk/The-Book-Xen-Practical-Administrator/dp/1593271867/ref=sr_1_1?s=books&ie=UTF8&qid=1341037874&sr=1-1 the most recent I found], it is a good value but of course you can find more on [http://www.amazon.co.uk/s/ref=nb_sb_noss_2?url=search-alias%3Dstripbooks&field-keywords=xen&x=0&y=0 amazon(.co.uk)].

== Software constraints ==

To make a long story short, at the time of this writing (and since June 2012) working with nVidia graphic boards on Xen and X11 requires the "nouveau" driver. Other drivers like nv or the nVidia proprietary driver do not support Xen and switch off the screen when launched or do not display properly. "Nouveau" requires a fairly recent version of X11. Slackware 13.37 or newer is required. "Nouveau" is available in kernel 3.4.2 upstream and was previously included as a staging driver. Xen dom0 support was included in kernel 3.0. To benefit from both Xen and "Nouveau", the best is to use kernel 3.4.2 upstream.

== Compiling acpica ==

Xen requires acpica. [https://www.acpica.org/downloads Download] then install as below :

# tar -C /usr/local -xvf acpica-unix-yyyymmdd.tar.gz
# cd /usr/local
# chown -R root:root acpica-unix-yyyymmdd
# cd acpica-unix-yyyymmdd
# make
# make install
# cd ..
# rm -r acpica-unix-yyyymmdd

== Compiling yajl ==

Xen requires yajl. [http://lloyd.github.io/yajl/ Download] then install as below. Note : there is no option to specify the target library directory so the files need to be moved manually.

# tar -C /usr/local -xvf lloyd-yajl-x.y.z.66cb08c.tar.gz
# cd /usr/local
# chown -R root:root lloyd-yajl-66cb08c
# cd lloyd-yajl-66cb08c
# ./configure
# make
# make install
# cd ../lib
# mv libyajl* ../lib64
# ldconfig
# cd ..
# rm -r lloyd-yajl-66cb08c

== Updating go ==

Xen 4.19.1 requires the go language. Go is included as part of gcc but does not work "as is" and must be replaced by the version from the go web site. [https://go.dev/dl/ Download] then install as below.

# ls /var/log/packages | grep gcc-go
gcc-go-11.2.0-x86_64-2
# removepkg gcc-go-11.2.0-x86_64-2
. . .
# tar -C /usr/local -xvf go1.23.5.linux-amd64.tar.gz

Then add the '''/usr/local/go''' to '''$PATH''' in /etc/profile.

== Compiling Xen ==

[http://xen.org/products/xen_source.html Download Xen] from the official [http://www.xen.org xen.org] site. Note : File stubs-32.h is missing in the compiler includes so we add a link to the existing stubs-64.h. Also, some Xen Python scripts are installed in /usr/local/lib64/python-2.7/site-packages which python cannot find so we add links from the standard library as well.

# cd /usr/include/gnu
# ln -s stubs-64.h stubs-32.h
# cd
# tar -C /usr/local -xvf xen-x.y.z.tar.gz
# cd /usr/local
# chown -R root:root xen-x.y.z
# cd xen-x.y.z
# ./configure --libdir=/usr/local/lib64 --with-initddir=/etc/rc.d
# make world
# make install
# make clean
# cd ../lib64/python2.7/site-packages
# ln -s xen /usr/lib64/python2.7/site-packages
# ln -s xen-3.0-py2.7.egg-info /usr/lib64/python2.7/site-packages

== Adjusting rc.local* ==

Xen needs a couple of daemons to run to ensure VM management. Add these lines to rc.local and rc.local_shutdown :

PATH=/usr/local/sbin:/usr/local/bin:$PATH
export PATH

# start xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons start
fi

# stop xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons stop
fi

== Compiling a dom0 Kernel ==

Domain-0 (dom0 for short) is a special guest (virtual machine) that the Xen hypervisor always loads on host startup. Dom0 is used to control and manage the Xen hypervisor, and provides virtual disks and networks for other unprivileged guests (=domUs). Dom0 support was introduced in Linux kernel 3.0. The kernel generated must include the .config file domU and [http://wiki.xen.org/wiki/Mainline_Linux_Kernel_Configs#Configuring_the_kernel dom0 options]. Here is a minimal example of such a [{{SERVER}}/wikislax/download/config-dom0 .config dom0] file. Feel free to use it as a base, replacing device drivers as required. The rest of the kernel compilation is nominal :

# tar -C /usr/src -xvf linux-4.4.88.tar.bz2
# cd /usr/local
# rm linux
# ln -s linux-4.4.88 linux
# cd linux
# make menuconfig
# make
# make modules_install
# cp arch/x86_64/boot/bzImage /boot/vmlinuz-4.4.88-dom0
# cp System.map /boot/System.map-4.4.88-dom0
# cp .config /boot/config-4.4.88-dom0

We're now all set up, Xen is ready to be booted by grub2 !

 

{{ pFoot |[[Compiling from Source]]|[[Main Page]]|[[Using Grub2]]}}

Compiling Xen

2025-02-04T12:41:46Z

Wikislax: /* Updating go */

{{RightTOC}}

== What is Xen ? ==

[http://wiki.xen.org/wiki/Xen_Overview Xen] is an hypervisor, a thin software layer executing multiple virtual machines, each running its own operating system. Xen is normally used as a server virtualization platform, running on headless servers without graphical console and controlled through the network. However it is also possible to run Xen on graphical desktops, and with proper hardware virtualization, to dedicate the primary graphics card (and keyboard / mouse) to a virtual machine, making it possible to have high performance full 3D and video acceleration in a virtual machine (see [http://wiki.xen.org/wiki/Xen_VGA_Passthrough Xen VGA Passthru]). Xen is otherwise free and open source.

== A few quirks ==

The '''dev86-0.16.21-x86_64-1.txz''' package included with Slackware 14.2 does not afford compiling '''xen-4.9.0''' properly, and must be replaced by '''[{{SERVER}}/wikislax/download/dev86-0.16.17-x86_64-2.txz dev86-0.16.17-x86_64-2.txz]''', that can be found on the Slackware 13.37, 14.0, or 14.1 distribution disks, in directory '''slackware64/d'''. Trying to compile dev86 [http://v3.sk/~lkundrak/dev86/ from source] is not an alternative : dev86 source versions 0.16.18 to 0.16.21 have the same issue compiling xen-4.9.0, and older 0.16.17 does not compile on Slackware 14.2.

# removepkg /var/log/packages/dev86-0.16.21-x86_64-1.txz
# installpkg dev86-0.16.17-x86_64-2.txz

Also, the '''grub-2.00''' included with Slackware 14.2 does not afford booting xen. However, getting the latest version '''grub-2.02''' from source does work.

== Hardware requirements ==

Xen runs on Intel X86 hardware and requires a processor and motherboard supporting VT-x and optionally VT-d for hardware virtualization. See this [http://www.intel.com/support/motherboards/desktop/sb/cs-030922.htm page] for a list of Intel compatible motherboards and chipsets and this [http://ark.intel.com/ page] for a list of compatible processors. Our system running Xen successfully at the time of this writing (and since June 2012) is based on a DZ77GA70K Intel motherboard, an Intel® Core™ i7-3770 Processor (the overclockable i7-3770 "K" model does not afford virtualization), 32 Gb of PC12800 memory and an MSI GeForce G210 graphics board.

== Documentation difficulties ==

Although the software itself works well and is pretty straighforward, good quality Internet information is missing. The volume of information on the Xen wiki is plethoric, but mostly irrelevant as pertaining to old versions of everything. Building the big picture requires interpretation of tiny bits in forum messages, a pretty painful process, although I have to recognize that it worked for me in the end. An alternative is to use one of these old-style information repositories named "books". Yes it is pretty old-fashionned ;) but actually there are good ones on the topic. Here is [http://www.amazon.co.uk/The-Book-Xen-Practical-Administrator/dp/1593271867/ref=sr_1_1?s=books&ie=UTF8&qid=1341037874&sr=1-1 the most recent I found], it is a good value but of course you can find more on [http://www.amazon.co.uk/s/ref=nb_sb_noss_2?url=search-alias%3Dstripbooks&field-keywords=xen&x=0&y=0 amazon(.co.uk)].

== Software constraints ==

To make a long story short, at the time of this writing (and since June 2012) working with nVidia graphic boards on Xen and X11 requires the "nouveau" driver. Other drivers like nv or the nVidia proprietary driver do not support Xen and switch off the screen when launched or do not display properly. "Nouveau" requires a fairly recent version of X11. Slackware 13.37 or newer is required. "Nouveau" is available in kernel 3.4.2 upstream and was previously included as a staging driver. Xen dom0 support was included in kernel 3.0. To benefit from both Xen and "Nouveau", the best is to use kernel 3.4.2 upstream.

== Compiling acpica ==

Xen requires acpica. [https://www.acpica.org/downloads Download] then install as below :

# tar -C /usr/local -xvf acpica-unix-yyyymmdd.tar.gz
# cd /usr/local
# chown -R root:root acpica-unix-yyyymmdd
# cd acpica-unix-yyyymmdd
# make
# make install
# cd ..
# rm -r acpica-unix-yyyymmdd

== Compiling yajl ==

Xen requires yajl. [http://lloyd.github.io/yajl/ Download] then install as below. Note : there is no option to specify the target library directory so the files need to be moved manually.

# tar -C /usr/local -xvf lloyd-yajl-x.y.z.66cb08c.tar.gz
# cd /usr/local
# chown -R root:root lloyd-yajl-66cb08c
# cd lloyd-yajl-66cb08c
# ./configure
# make
# make install
# cd ../lib
# mv libyajl* ../lib64
# ldconfig
# cd ..
# rm -r lloyd-yajl-66cb08c

== Updating go ==

Xen 4.19.1 requires the go language. Go is included as part of gcc but does not work "as is" and must be replaced by the version from the go web site. [https://go.dev/dl/ Download] then install as below.

# ls /var/log/packages | grep gcc-go
gcc-go-11.2.0-x86_64-2
# removepkg gcc-go-11.2.0-x86_64-2
. . .
# tar -C /usr/local -xvf go1.23.5.linux-amd64.tar.gz

== Compiling Xen ==

[http://xen.org/products/xen_source.html Download Xen] from the official [http://www.xen.org xen.org] site. Note : File stubs-32.h is missing in the compiler includes so we add a link to the existing stubs-64.h. Also, some Xen Python scripts are installed in /usr/local/lib64/python-2.7/site-packages which python cannot find so we add links from the standard library as well.

# cd /usr/include/gnu
# ln -s stubs-64.h stubs-32.h
# cd
# tar -C /usr/local -xvf xen-x.y.z.tar.gz
# cd /usr/local
# chown -R root:root xen-x.y.z
# cd xen-x.y.z
# ./configure --libdir=/usr/local/lib64 --with-initddir=/etc/rc.d
# make world
# make install
# make clean
# cd ../lib64/python2.7/site-packages
# ln -s xen /usr/lib64/python2.7/site-packages
# ln -s xen-3.0-py2.7.egg-info /usr/lib64/python2.7/site-packages

== Adjusting rc.local* ==

Xen needs a couple of daemons to run to ensure VM management. Add these lines to rc.local and rc.local_shutdown :

PATH=/usr/local/sbin:/usr/local/bin:$PATH
export PATH

# start xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons start
fi

# stop xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons stop
fi

== Compiling a dom0 Kernel ==

Domain-0 (dom0 for short) is a special guest (virtual machine) that the Xen hypervisor always loads on host startup. Dom0 is used to control and manage the Xen hypervisor, and provides virtual disks and networks for other unprivileged guests (=domUs). Dom0 support was introduced in Linux kernel 3.0. The kernel generated must include the .config file domU and [http://wiki.xen.org/wiki/Mainline_Linux_Kernel_Configs#Configuring_the_kernel dom0 options]. Here is a minimal example of such a [{{SERVER}}/wikislax/download/config-dom0 .config dom0] file. Feel free to use it as a base, replacing device drivers as required. The rest of the kernel compilation is nominal :

# tar -C /usr/src -xvf linux-4.4.88.tar.bz2
# cd /usr/local
# rm linux
# ln -s linux-4.4.88 linux
# cd linux
# make menuconfig
# make
# make modules_install
# cp arch/x86_64/boot/bzImage /boot/vmlinuz-4.4.88-dom0
# cp System.map /boot/System.map-4.4.88-dom0
# cp .config /boot/config-4.4.88-dom0

We're now all set up, Xen is ready to be booted by grub2 !

 

{{ pFoot |[[Compiling from Source]]|[[Main Page]]|[[Using Grub2]]}}

Compiling Xen

2025-02-04T08:30:53Z

Wikislax: /* Updating go */

{{RightTOC}}

== What is Xen ? ==

[http://wiki.xen.org/wiki/Xen_Overview Xen] is an hypervisor, a thin software layer executing multiple virtual machines, each running its own operating system. Xen is normally used as a server virtualization platform, running on headless servers without graphical console and controlled through the network. However it is also possible to run Xen on graphical desktops, and with proper hardware virtualization, to dedicate the primary graphics card (and keyboard / mouse) to a virtual machine, making it possible to have high performance full 3D and video acceleration in a virtual machine (see [http://wiki.xen.org/wiki/Xen_VGA_Passthrough Xen VGA Passthru]). Xen is otherwise free and open source.

== A few quirks ==

The '''dev86-0.16.21-x86_64-1.txz''' package included with Slackware 14.2 does not afford compiling '''xen-4.9.0''' properly, and must be replaced by '''[{{SERVER}}/wikislax/download/dev86-0.16.17-x86_64-2.txz dev86-0.16.17-x86_64-2.txz]''', that can be found on the Slackware 13.37, 14.0, or 14.1 distribution disks, in directory '''slackware64/d'''. Trying to compile dev86 [http://v3.sk/~lkundrak/dev86/ from source] is not an alternative : dev86 source versions 0.16.18 to 0.16.21 have the same issue compiling xen-4.9.0, and older 0.16.17 does not compile on Slackware 14.2.

# removepkg /var/log/packages/dev86-0.16.21-x86_64-1.txz
# installpkg dev86-0.16.17-x86_64-2.txz

Also, the '''grub-2.00''' included with Slackware 14.2 does not afford booting xen. However, getting the latest version '''grub-2.02''' from source does work.

== Hardware requirements ==

Xen runs on Intel X86 hardware and requires a processor and motherboard supporting VT-x and optionally VT-d for hardware virtualization. See this [http://www.intel.com/support/motherboards/desktop/sb/cs-030922.htm page] for a list of Intel compatible motherboards and chipsets and this [http://ark.intel.com/ page] for a list of compatible processors. Our system running Xen successfully at the time of this writing (and since June 2012) is based on a DZ77GA70K Intel motherboard, an Intel® Core™ i7-3770 Processor (the overclockable i7-3770 "K" model does not afford virtualization), 32 Gb of PC12800 memory and an MSI GeForce G210 graphics board.

== Documentation difficulties ==

Although the software itself works well and is pretty straighforward, good quality Internet information is missing. The volume of information on the Xen wiki is plethoric, but mostly irrelevant as pertaining to old versions of everything. Building the big picture requires interpretation of tiny bits in forum messages, a pretty painful process, although I have to recognize that it worked for me in the end. An alternative is to use one of these old-style information repositories named "books". Yes it is pretty old-fashionned ;) but actually there are good ones on the topic. Here is [http://www.amazon.co.uk/The-Book-Xen-Practical-Administrator/dp/1593271867/ref=sr_1_1?s=books&ie=UTF8&qid=1341037874&sr=1-1 the most recent I found], it is a good value but of course you can find more on [http://www.amazon.co.uk/s/ref=nb_sb_noss_2?url=search-alias%3Dstripbooks&field-keywords=xen&x=0&y=0 amazon(.co.uk)].

== Software constraints ==

To make a long story short, at the time of this writing (and since June 2012) working with nVidia graphic boards on Xen and X11 requires the "nouveau" driver. Other drivers like nv or the nVidia proprietary driver do not support Xen and switch off the screen when launched or do not display properly. "Nouveau" requires a fairly recent version of X11. Slackware 13.37 or newer is required. "Nouveau" is available in kernel 3.4.2 upstream and was previously included as a staging driver. Xen dom0 support was included in kernel 3.0. To benefit from both Xen and "Nouveau", the best is to use kernel 3.4.2 upstream.

== Compiling acpica ==

Xen requires acpica. [https://www.acpica.org/downloads Download] then install as below :

# tar -C /usr/local -xvf acpica-unix-yyyymmdd.tar.gz
# cd /usr/local
# chown -R root:root acpica-unix-yyyymmdd
# cd acpica-unix-yyyymmdd
# make
# make install
# cd ..
# rm -r acpica-unix-yyyymmdd

== Compiling yajl ==

Xen requires yajl. [http://lloyd.github.io/yajl/ Download] then install as below. Note : there is no option to specify the target library directory so the files need to be moved manually.

# tar -C /usr/local -xvf lloyd-yajl-x.y.z.66cb08c.tar.gz
# cd /usr/local
# chown -R root:root lloyd-yajl-66cb08c
# cd lloyd-yajl-66cb08c
# ./configure
# make
# make install
# cd ../lib
# mv libyajl* ../lib64
# ldconfig
# cd ..
# rm -r lloyd-yajl-66cb08c

== Updating go ==

Xen 4.19.1 requires the go language. Go is included as part of gcc but does not work "as is" and must be replaced by the version from the go web site.

# ls /var/log/packages | grep gcc-go
gcc-go-11.2.0-x86_64-2
# removepkg gcc-go-11.2.0-x86_64-2
. . .
# wget https://go.dev/dl/go1.23.5.linux-amd64.tar.gz
# tar -C /usr/local -xvf go1.23.5.linux-amd64.tar.gz

== Compiling Xen ==

[http://xen.org/products/xen_source.html Download Xen] from the official [http://www.xen.org xen.org] site. Note : File stubs-32.h is missing in the compiler includes so we add a link to the existing stubs-64.h. Also, some Xen Python scripts are installed in /usr/local/lib64/python-2.7/site-packages which python cannot find so we add links from the standard library as well.

# cd /usr/include/gnu
# ln -s stubs-64.h stubs-32.h
# cd
# tar -C /usr/local -xvf xen-x.y.z.tar.gz
# cd /usr/local
# chown -R root:root xen-x.y.z
# cd xen-x.y.z
# ./configure --libdir=/usr/local/lib64 --with-initddir=/etc/rc.d
# make world
# make install
# make clean
# cd ../lib64/python2.7/site-packages
# ln -s xen /usr/lib64/python2.7/site-packages
# ln -s xen-3.0-py2.7.egg-info /usr/lib64/python2.7/site-packages

== Adjusting rc.local* ==

Xen needs a couple of daemons to run to ensure VM management. Add these lines to rc.local and rc.local_shutdown :

PATH=/usr/local/sbin:/usr/local/bin:$PATH
export PATH

# start xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons start
fi

# stop xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons stop
fi

== Compiling a dom0 Kernel ==

Domain-0 (dom0 for short) is a special guest (virtual machine) that the Xen hypervisor always loads on host startup. Dom0 is used to control and manage the Xen hypervisor, and provides virtual disks and networks for other unprivileged guests (=domUs). Dom0 support was introduced in Linux kernel 3.0. The kernel generated must include the .config file domU and [http://wiki.xen.org/wiki/Mainline_Linux_Kernel_Configs#Configuring_the_kernel dom0 options]. Here is a minimal example of such a [{{SERVER}}/wikislax/download/config-dom0 .config dom0] file. Feel free to use it as a base, replacing device drivers as required. The rest of the kernel compilation is nominal :

# tar -C /usr/src -xvf linux-4.4.88.tar.bz2
# cd /usr/local
# rm linux
# ln -s linux-4.4.88 linux
# cd linux
# make menuconfig
# make
# make modules_install
# cp arch/x86_64/boot/bzImage /boot/vmlinuz-4.4.88-dom0
# cp System.map /boot/System.map-4.4.88-dom0
# cp .config /boot/config-4.4.88-dom0

We're now all set up, Xen is ready to be booted by grub2 !

 

{{ pFoot |[[Compiling from Source]]|[[Main Page]]|[[Using Grub2]]}}

Compiling Xen

2025-02-04T08:26:34Z

Wikislax: /* Updating go */

{{RightTOC}}

== What is Xen ? ==

[http://wiki.xen.org/wiki/Xen_Overview Xen] is an hypervisor, a thin software layer executing multiple virtual machines, each running its own operating system. Xen is normally used as a server virtualization platform, running on headless servers without graphical console and controlled through the network. However it is also possible to run Xen on graphical desktops, and with proper hardware virtualization, to dedicate the primary graphics card (and keyboard / mouse) to a virtual machine, making it possible to have high performance full 3D and video acceleration in a virtual machine (see [http://wiki.xen.org/wiki/Xen_VGA_Passthrough Xen VGA Passthru]). Xen is otherwise free and open source.

== A few quirks ==

The '''dev86-0.16.21-x86_64-1.txz''' package included with Slackware 14.2 does not afford compiling '''xen-4.9.0''' properly, and must be replaced by '''[{{SERVER}}/wikislax/download/dev86-0.16.17-x86_64-2.txz dev86-0.16.17-x86_64-2.txz]''', that can be found on the Slackware 13.37, 14.0, or 14.1 distribution disks, in directory '''slackware64/d'''. Trying to compile dev86 [http://v3.sk/~lkundrak/dev86/ from source] is not an alternative : dev86 source versions 0.16.18 to 0.16.21 have the same issue compiling xen-4.9.0, and older 0.16.17 does not compile on Slackware 14.2.

# removepkg /var/log/packages/dev86-0.16.21-x86_64-1.txz
# installpkg dev86-0.16.17-x86_64-2.txz

Also, the '''grub-2.00''' included with Slackware 14.2 does not afford booting xen. However, getting the latest version '''grub-2.02''' from source does work.

== Hardware requirements ==

Xen runs on Intel X86 hardware and requires a processor and motherboard supporting VT-x and optionally VT-d for hardware virtualization. See this [http://www.intel.com/support/motherboards/desktop/sb/cs-030922.htm page] for a list of Intel compatible motherboards and chipsets and this [http://ark.intel.com/ page] for a list of compatible processors. Our system running Xen successfully at the time of this writing (and since June 2012) is based on a DZ77GA70K Intel motherboard, an Intel® Core™ i7-3770 Processor (the overclockable i7-3770 "K" model does not afford virtualization), 32 Gb of PC12800 memory and an MSI GeForce G210 graphics board.

== Documentation difficulties ==

Although the software itself works well and is pretty straighforward, good quality Internet information is missing. The volume of information on the Xen wiki is plethoric, but mostly irrelevant as pertaining to old versions of everything. Building the big picture requires interpretation of tiny bits in forum messages, a pretty painful process, although I have to recognize that it worked for me in the end. An alternative is to use one of these old-style information repositories named "books". Yes it is pretty old-fashionned ;) but actually there are good ones on the topic. Here is [http://www.amazon.co.uk/The-Book-Xen-Practical-Administrator/dp/1593271867/ref=sr_1_1?s=books&ie=UTF8&qid=1341037874&sr=1-1 the most recent I found], it is a good value but of course you can find more on [http://www.amazon.co.uk/s/ref=nb_sb_noss_2?url=search-alias%3Dstripbooks&field-keywords=xen&x=0&y=0 amazon(.co.uk)].

== Software constraints ==

To make a long story short, at the time of this writing (and since June 2012) working with nVidia graphic boards on Xen and X11 requires the "nouveau" driver. Other drivers like nv or the nVidia proprietary driver do not support Xen and switch off the screen when launched or do not display properly. "Nouveau" requires a fairly recent version of X11. Slackware 13.37 or newer is required. "Nouveau" is available in kernel 3.4.2 upstream and was previously included as a staging driver. Xen dom0 support was included in kernel 3.0. To benefit from both Xen and "Nouveau", the best is to use kernel 3.4.2 upstream.

== Compiling acpica ==

Xen requires acpica. [https://www.acpica.org/downloads Download] then install as below :

# tar -C /usr/local -xvf acpica-unix-yyyymmdd.tar.gz
# cd /usr/local
# chown -R root:root acpica-unix-yyyymmdd
# cd acpica-unix-yyyymmdd
# make
# make install
# cd ..
# rm -r acpica-unix-yyyymmdd

== Compiling yajl ==

Xen requires yajl. [http://lloyd.github.io/yajl/ Download] then install as below. Note : there is no option to specify the target library directory so the files need to be moved manually.

# tar -C /usr/local -xvf lloyd-yajl-x.y.z.66cb08c.tar.gz
# cd /usr/local
# chown -R root:root lloyd-yajl-66cb08c
# cd lloyd-yajl-66cb08c
# ./configure
# make
# make install
# cd ../lib
# mv libyajl* ../lib64
# ldconfig
# cd ..
# rm -r lloyd-yajl-66cb08c

== Updating go ==

Xen requires the go language. Go is included as part of gcc but does not work "as is" and must be replaced by the version from the go web site.

# ls /var/log/packages | grep gcc-go
gcc-go-11.2.0-x86_64-2
# removepkg gcc-go-11.2.0-x86_64-2
. . .
# wget https://go.dev/dl/go1.23.5.linux-amd64.tar.gz
# tar -C /usr/local -xvf go1.23.5.linux-amd64.tar.gz

== Compiling Xen ==

[http://xen.org/products/xen_source.html Download Xen] from the official [http://www.xen.org xen.org] site. Note : File stubs-32.h is missing in the compiler includes so we add a link to the existing stubs-64.h. Also, some Xen Python scripts are installed in /usr/local/lib64/python-2.7/site-packages which python cannot find so we add links from the standard library as well.

# cd /usr/include/gnu
# ln -s stubs-64.h stubs-32.h
# cd
# tar -C /usr/local -xvf xen-x.y.z.tar.gz
# cd /usr/local
# chown -R root:root xen-x.y.z
# cd xen-x.y.z
# ./configure --libdir=/usr/local/lib64 --with-initddir=/etc/rc.d
# make world
# make install
# make clean
# cd ../lib64/python2.7/site-packages
# ln -s xen /usr/lib64/python2.7/site-packages
# ln -s xen-3.0-py2.7.egg-info /usr/lib64/python2.7/site-packages

== Adjusting rc.local* ==

Xen needs a couple of daemons to run to ensure VM management. Add these lines to rc.local and rc.local_shutdown :

PATH=/usr/local/sbin:/usr/local/bin:$PATH
export PATH

# start xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons start
fi

# stop xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons stop
fi

== Compiling a dom0 Kernel ==

Domain-0 (dom0 for short) is a special guest (virtual machine) that the Xen hypervisor always loads on host startup. Dom0 is used to control and manage the Xen hypervisor, and provides virtual disks and networks for other unprivileged guests (=domUs). Dom0 support was introduced in Linux kernel 3.0. The kernel generated must include the .config file domU and [http://wiki.xen.org/wiki/Mainline_Linux_Kernel_Configs#Configuring_the_kernel dom0 options]. Here is a minimal example of such a [{{SERVER}}/wikislax/download/config-dom0 .config dom0] file. Feel free to use it as a base, replacing device drivers as required. The rest of the kernel compilation is nominal :

# tar -C /usr/src -xvf linux-4.4.88.tar.bz2
# cd /usr/local
# rm linux
# ln -s linux-4.4.88 linux
# cd linux
# make menuconfig
# make
# make modules_install
# cp arch/x86_64/boot/bzImage /boot/vmlinuz-4.4.88-dom0
# cp System.map /boot/System.map-4.4.88-dom0
# cp .config /boot/config-4.4.88-dom0

We're now all set up, Xen is ready to be booted by grub2 !

 

{{ pFoot |[[Compiling from Source]]|[[Main Page]]|[[Using Grub2]]}}

Compiling Xen

2025-02-04T08:25:27Z

Wikislax: /* Compiling yajl */

{{RightTOC}}

== What is Xen ? ==

[http://wiki.xen.org/wiki/Xen_Overview Xen] is an hypervisor, a thin software layer executing multiple virtual machines, each running its own operating system. Xen is normally used as a server virtualization platform, running on headless servers without graphical console and controlled through the network. However it is also possible to run Xen on graphical desktops, and with proper hardware virtualization, to dedicate the primary graphics card (and keyboard / mouse) to a virtual machine, making it possible to have high performance full 3D and video acceleration in a virtual machine (see [http://wiki.xen.org/wiki/Xen_VGA_Passthrough Xen VGA Passthru]). Xen is otherwise free and open source.

== A few quirks ==

The '''dev86-0.16.21-x86_64-1.txz''' package included with Slackware 14.2 does not afford compiling '''xen-4.9.0''' properly, and must be replaced by '''[{{SERVER}}/wikislax/download/dev86-0.16.17-x86_64-2.txz dev86-0.16.17-x86_64-2.txz]''', that can be found on the Slackware 13.37, 14.0, or 14.1 distribution disks, in directory '''slackware64/d'''. Trying to compile dev86 [http://v3.sk/~lkundrak/dev86/ from source] is not an alternative : dev86 source versions 0.16.18 to 0.16.21 have the same issue compiling xen-4.9.0, and older 0.16.17 does not compile on Slackware 14.2.

# removepkg /var/log/packages/dev86-0.16.21-x86_64-1.txz
# installpkg dev86-0.16.17-x86_64-2.txz

Also, the '''grub-2.00''' included with Slackware 14.2 does not afford booting xen. However, getting the latest version '''grub-2.02''' from source does work.

== Hardware requirements ==

Xen runs on Intel X86 hardware and requires a processor and motherboard supporting VT-x and optionally VT-d for hardware virtualization. See this [http://www.intel.com/support/motherboards/desktop/sb/cs-030922.htm page] for a list of Intel compatible motherboards and chipsets and this [http://ark.intel.com/ page] for a list of compatible processors. Our system running Xen successfully at the time of this writing (and since June 2012) is based on a DZ77GA70K Intel motherboard, an Intel® Core™ i7-3770 Processor (the overclockable i7-3770 "K" model does not afford virtualization), 32 Gb of PC12800 memory and an MSI GeForce G210 graphics board.

== Documentation difficulties ==

Although the software itself works well and is pretty straighforward, good quality Internet information is missing. The volume of information on the Xen wiki is plethoric, but mostly irrelevant as pertaining to old versions of everything. Building the big picture requires interpretation of tiny bits in forum messages, a pretty painful process, although I have to recognize that it worked for me in the end. An alternative is to use one of these old-style information repositories named "books". Yes it is pretty old-fashionned ;) but actually there are good ones on the topic. Here is [http://www.amazon.co.uk/The-Book-Xen-Practical-Administrator/dp/1593271867/ref=sr_1_1?s=books&ie=UTF8&qid=1341037874&sr=1-1 the most recent I found], it is a good value but of course you can find more on [http://www.amazon.co.uk/s/ref=nb_sb_noss_2?url=search-alias%3Dstripbooks&field-keywords=xen&x=0&y=0 amazon(.co.uk)].

== Software constraints ==

To make a long story short, at the time of this writing (and since June 2012) working with nVidia graphic boards on Xen and X11 requires the "nouveau" driver. Other drivers like nv or the nVidia proprietary driver do not support Xen and switch off the screen when launched or do not display properly. "Nouveau" requires a fairly recent version of X11. Slackware 13.37 or newer is required. "Nouveau" is available in kernel 3.4.2 upstream and was previously included as a staging driver. Xen dom0 support was included in kernel 3.0. To benefit from both Xen and "Nouveau", the best is to use kernel 3.4.2 upstream.

== Compiling acpica ==

Xen requires acpica. [https://www.acpica.org/downloads Download] then install as below :

# tar -C /usr/local -xvf acpica-unix-yyyymmdd.tar.gz
# cd /usr/local
# chown -R root:root acpica-unix-yyyymmdd
# cd acpica-unix-yyyymmdd
# make
# make install
# cd ..
# rm -r acpica-unix-yyyymmdd

== Compiling yajl ==

Xen requires yajl. [http://lloyd.github.io/yajl/ Download] then install as below. Note : there is no option to specify the target library directory so the files need to be moved manually.

# tar -C /usr/local -xvf lloyd-yajl-x.y.z.66cb08c.tar.gz
# cd /usr/local
# chown -R root:root lloyd-yajl-66cb08c
# cd lloyd-yajl-66cb08c
# ./configure
# make
# make install
# cd ../lib
# mv libyajl* ../lib64
# ldconfig
# cd ..
# rm -r lloyd-yajl-66cb08c

== Updating go ==

Xen requires the go language. Go is included as part of gcc but must be replace by the version from the go web site.

# ls /var/log/packages | grep gcc-go
gcc-go-11.2.0-x86_64-2
# removepkg gcc-go-11.2.0-x86_64-2
. . .
# wget https://go.dev/dl/go1.23.5.linux-amd64.tar.gz
# tar -C /usr/local -xvf go1.23.5.linux-amd64.tar.gz

== Compiling Xen ==

[http://xen.org/products/xen_source.html Download Xen] from the official [http://www.xen.org xen.org] site. Note : File stubs-32.h is missing in the compiler includes so we add a link to the existing stubs-64.h. Also, some Xen Python scripts are installed in /usr/local/lib64/python-2.7/site-packages which python cannot find so we add links from the standard library as well.

# cd /usr/include/gnu
# ln -s stubs-64.h stubs-32.h
# cd
# tar -C /usr/local -xvf xen-x.y.z.tar.gz
# cd /usr/local
# chown -R root:root xen-x.y.z
# cd xen-x.y.z
# ./configure --libdir=/usr/local/lib64 --with-initddir=/etc/rc.d
# make world
# make install
# make clean
# cd ../lib64/python2.7/site-packages
# ln -s xen /usr/lib64/python2.7/site-packages
# ln -s xen-3.0-py2.7.egg-info /usr/lib64/python2.7/site-packages

== Adjusting rc.local* ==

Xen needs a couple of daemons to run to ensure VM management. Add these lines to rc.local and rc.local_shutdown :

PATH=/usr/local/sbin:/usr/local/bin:$PATH
export PATH

# start xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons start
fi

# stop xencommons
if [ -x /etc/rc.d/xencommons ]; then
/etc/rc.d/xencommons stop
fi

== Compiling a dom0 Kernel ==

Domain-0 (dom0 for short) is a special guest (virtual machine) that the Xen hypervisor always loads on host startup. Dom0 is used to control and manage the Xen hypervisor, and provides virtual disks and networks for other unprivileged guests (=domUs). Dom0 support was introduced in Linux kernel 3.0. The kernel generated must include the .config file domU and [http://wiki.xen.org/wiki/Mainline_Linux_Kernel_Configs#Configuring_the_kernel dom0 options]. Here is a minimal example of such a [{{SERVER}}/wikislax/download/config-dom0 .config dom0] file. Feel free to use it as a base, replacing device drivers as required. The rest of the kernel compilation is nominal :

# tar -C /usr/src -xvf linux-4.4.88.tar.bz2
# cd /usr/local
# rm linux
# ln -s linux-4.4.88 linux
# cd linux
# make menuconfig
# make
# make modules_install
# cp arch/x86_64/boot/bzImage /boot/vmlinuz-4.4.88-dom0
# cp System.map /boot/System.map-4.4.88-dom0
# cp .config /boot/config-4.4.88-dom0

We're now all set up, Xen is ready to be booted by grub2 !

 

{{ pFoot |[[Compiling from Source]]|[[Main Page]]|[[Using Grub2]]}}