Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux:system_administration [2017/08/27 06:24]
 linux:system_administration [2016/03/11 09:59] (current)
onno [Monitoring connections]
Line 1: Line 1:
 +====== System Administration ======
  
 +
 +
 +=====Processes=====
 +How do you know when a daemon is really running? Do //ps//:
 +
 +
 +
 +<code c>
 +[root@1038 /]# ps -ef
 +</code>
 +
 +
 +e: select all processes
 +
 +f: display in a certain mode
 +
 +
 +
 +Or better yet: display only the lines where the daemon appears:
 +
 +
 +
 +<code c>
 +[root@1038 /]# ps -ef |grep mysqld
 +root      1406     1  0 14:05 ?        00:00:00 /bin/sh /usr/bin/safe_mysqld --defaults-file=/etc/my.cnf
 +mysql     1429  1406  0 14:05 ?        00:00:00 /usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking
 +root      3340  1802  0 20:04 pts/0    00:00:00 grep mysqld
 +</code>
 +
 +
 +
 +====Periodically Running Processes with Cron====
 +You can also automatically have programs start at regular intervals. Use the ''**crontab -e**'' command to add the commands to do this. (See also [[http://www.adminschoice.com/docs/crontab.htm|http://www.adminschoice.com/docs/crontab.htm]]). From moodle.org:
 +
 +
 +
 +<code c>
 +*/5 * * * * wget -q -O /dev/null http://example.com/moodle/admin/cron.php
 +</code>
 +
 +
 +This means: run the wget command every 5 minutes. Explanation:
 +
 +
 +
 +<code c>
 +*     *   *   *    *  command to be executed
 +-     -   -   -    -
 +|     |   |   |    |
 +|     |   |   |    +----- day of week (1 - 7) (monday = 1)
 +|     |   |   +------- month (1 - 12)
 +|     |   +--------- day of month (1 - 31)
 +|     +----------- hour (0 - 23)
 ++------------- min (0 - 59) 
 +</code>
 +
 +
 +Attention: the */5 (star slash) notation ensures that the command is run every five minutes. If you do not use the star slash notation, but something like this:
 +
 +
 +
 +<code c>
 +30     18     *     *     *         rm /home/someuser/tmp/*
 +</code>
 +
 +
 +- you are saying: execute the command //at// the 30<sup>th</sup> minute, and //at //the 18<sup>th</sup> hour, at every day of the month, every month, and every day of the week.
 +
 +
 +
 +Use the ''**crontab -l**'' command to show which cron jobs are currently scheduled. The directory location of the crontab files is:''** /var/spool/cron**''. Part of the scheduling commands are located in this file: ''**/etc/crontab**''.
 +
 +
 +
 +
 +===Crontab environment===
 +Crontab runs scripts in the "crontab" environment. From [[http://www.adminschoice.com/docs/crontab.htm|http://www.adminschoice.com/docs/crontab.htm]]:
 +
 +
 +
 +cron invokes the command from the user's HOME directory with the shell, (/usr/bin/sh).cron supplies a default environment for every shell, defining:
 +
 +<code c>
 +HOME=user's-home-directory
 +LOGNAME=user's-login-id
 +PATH=/usr/bin:/usr/sbin:.
 +SHELL=/usr/bin/sh
 +</code>
 +
 +
 +Users who desire to have their .profile executed must explicitly do so in the crontab entry or in a script called by the entry.
 +
 +N.B.: you can also use Webmin to configure the cron tasks.
 +
 +
 +
 +
 +=====Environment=====
 +System wide environment variables are set in ''**/etc/profile**''. Do ''**set | less**'' to look at the present environment variables, such as ''**PATH**''.
 +
 +
 +===User profiles===
 +The bash shell tries to read user profiles each time a user executes a shell script (see [[http://www.comptechdoc.org/os/linux/howlinuxworks/linux_hlbash.html|http://www.comptechdoc.org/os/linux/howlinuxworks/linux_hlbash.html]]: //"files run when bash starts"//).
 +
 +
 +
 +The files containing the profiles are usually located in the users' home directories, but on my system there are none.
 +
 +
 +
 +
 +
 +
 +
 +=====SSH – connecting to the Linux server=====
 +Secure Shell: protocol (i.e. standard method) used to connect to Unix/Linux servers
 +
 +
 +
 +Client (i.e. program for ordinary users) on Linux computers: ssh
 +
 +Client on Windows computers: putty.exe (replaces Telnet, search Google for downloads), WinScp (replaces FTP)
 +
 +
 +
 +Server (program on the host computer): sshd
 +
 +
 +
 +Configuration files: ''**/etc/usr/sshd_config**'', ''**/etc/usr/ssh_config**''
 +
 +
 +
 +N.B.: if you add a new user, this user will automatically also have ssh access to the Linux server. You will have to set the password for this user through passwd //username//, though, or the user won't be able to log on using ssh.
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +====Public Key Authentication using SSH====
 +
 +If you regularly log in to several remote servers, you have to remember the password for each server. The alternative is to use Public Key Authentication. This site: [[http://sial.org/howto/openssh/publickey-auth/|http://sial.org/howto/openssh/publickey-auth/]] explains how to set up a private and public key pair. Your public key ends up on all the servers where you want to log in. The private key stays on your computer and must never be known to the outside world.
 +
 +Once you've set up public key authentication, you can log in to all servers which support this, and where your public key is known. Instead of a separate password for each server, you now have a single "pass phrase" for all servers.
 +
 +You log in to a remote server in the same way as before:
 +
 +<code>
 +ssh username@my_server.com
 +</code>
 +
 +=== Bug: 'Agent admitted failure to sign using the key.' ===
 +
 +Apparently there's an Ubuntu bug which leads the local ssh agent (i.e. in my case, my Ubuntu machine) to state "Agent admitted failure to sign using the key.". Before you try to connect, simply issue this setting: ''SSH_AUTH_SOCK=0''. This is what your Gnome desktop configuration file (i.e. the shortcut to a terminal session) may now look like:
 +
 +<code>
 +bash -c "SSH_AUTH_SOCK=0;ssh user@your.server.com"
 +</code>
 +
 +
 +===Reusing Your Private/Public Keys on Another System===
 +If you want to reuse your private/public key pair on another system, simply copy the ''**~/.ssh**'' directory to your new system. Of course, this only works if you're using the same ssh versions on both systems:
 +
 +<code>
 +root@onno-desktop:~/.ssh# ssh -V
 +OpenSSH_4.3p2 Debian-8ubuntu1, OpenSSL 0.9.8c 05 Sep 2006
 +</code>
 +
 +For this particular version, the content of the ''**~/.ssh**'' directory should be at least ''**id_rsa**'' and ''**id_rsa.pub**''.
 +
 +
 +The alternative is to copy your public key to the server:
 +
 +<code>
 +# first, upload public key from client to server
 +client$ scp ~/.ssh/id_rsa.pub server.example.org:
 +
 +# next, setup the public key on server
 +server$ mkdir ~/.ssh
 +server$ chmod 700 ~/.ssh
 +server$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
 +server$ chmod 600 ~/.ssh/authorized_keys
 +server$ rm ~/id_rsa.pub
 +</code>
 +
 +
 +N.B.: if you're logged in as root, the ''~/'' is of course the home directory for root: ''/root''.
 +
 +====Copying files through SSH by Using SCP====
 +
 +SSH replaces FTP. On desktop Linux, you can use a file browser such as Nautilus to establish an ssh connection to a remote server. Open Nautilus and in the location bar, simply type in:
 +
 +<code>
 +ssh://username@my_server.com
 +</code>
 +
 +You will be asked to type in password.
 +
 +To copy files on the commandline, use ''**scp**''. Here's an example where we copy a local file to a remote location:
 +
 +<code>
 +scp /home/onno/test username@my_server.com:/usr/lib/test
 +</code>
 +
 +=====Securing the Linux server=====
 +
 +
 +The server has been secured using the //iptables //firewall.
 +
 +
 +
 +Rules and configuration information:
 +
 +
 +
 +<code c>
 +./iptables -L
 +</code>
 +
 +
 +
 +
 +Do not flush the rules without changing the policies first!
 +
 +
 +
 +flush all rules (policies will NOT be deleted!):
 +
 +
 +
 +<code c>
 +./iptables -F
 +</code>
 +
 +
 +DO NOT USE THIS COMMAND without due consideration!
 +
 +
 +
 +saving your rules:
 +
 +<code c>
 +./iptables-save > iptables-rules
 +</code>
 +
 +
 +
 +
 +loading the rules:
 +
 +
 +
 +<code c>
 +./iptables-restore < iptables-rules
 +</code>
 +
 +
 +
 +
 +
 +
 +Usefull rules:
 +
 +
 +
 +<code c>
 +./iptables
 +-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT 
 +-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
 +-P INPUT DROP
 +-P OUTPUT ACCEPT
 +-P FORWARD ACCEPT
 +
 +-A = Add a new rule
 +-P = Add a new policy
 +</code>
 +
 +
 +Here, we first define the exceptions: only port 80 (http requests) and
 +
 +port 22 (ssh requests) are left open, while INPUT on all other ports is
 +
 +DROPped.
 +
 +
 +
 +
 +
 +The rules explained:
 +
 +
 +
 +-i interface (eth0 on Flexserver)
 +
 +-p port
 +
 +-m ???
 +
 +-dport address of destination port
 +
 +-j specifies what the firewall should do with requests that match this rule
 +
 +
 +
 +
 +
 +
 +
 +====Update 20060421 – firewall settings for ICMP====
 +
 +
 +After Flexservers changed some internal network gear (probably a router), all my websites suddenly loaded a lot slower. Not so my ftp connections, ssh connection or mail. All this coincided with a MySQL upgrade I had recently installed, as well as some changes to ProFTPD. So it took me a while to figure out what I had to do. 
 +
 +
 +
 +After disabling the firewall (by establishing the policy "ACCEPT" instead of "DROP"), all websites loaded lightning fast again.
 +
 +
 +
 +But experiments showed me that neither UDP nor TCP firewall rules were responsible for the slowdown. I had to look elsewhere, and it turned out that I had to allow all ICMP packets to get up to speed again.
 +
 +
 +
 +So, my firewall rules are now:
 +
 +
 +
 +<code c>
 +[root@1038 init.d]# iptables -L
 +Chain INPUT (policy DROP)
 +target     prot opt source               destination
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8443
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:telnet
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3s
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:10000
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:20000
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:webcache
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
 +ACCEPT     udp  --  anywhere             anywhere            udp dpt:http
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:8000:8050
 +ACCEPT     tcp  --  anywhere             anywhere            tcp state ESTABLISHED
 +ACCEPT     udp  --  anywhere             anywhere            udp spt:domain dpts:1024:65535
 +ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
 +ACCEPT     icmp --  anywhere             anywhere
 +
 +Chain FORWARD (policy ACCEPT)
 +target     prot opt source               destination
 +
 +Chain OUTPUT (policy ACCEPT)
 +target     prot opt source               destination
 +</code>
 +
 +
 +
 +====Update 20060501 – firewall settings for mail server clients (sendmail, Imp) and hackers====
 +After I had noticed some hack attempts, I constricted the firewall rules. But after that, my sendmail (through Postfix) would not, well, send out mail anymore.
 +
 +
 +
 +Turns out that in addition to opening port 25 (smtp) of course, this rule is crucial:
 +
 +
 +
 +<code c>
 +ACCEPT     tcp  --  anywhere             anywhere            tcp state ESTABLISHED
 +</code>
 +
 +
 +Sendmail could be considered a "client" to remote mail servers. My current hypothesis is that the above rule is crucial to all mail server "clients". So, it's no wonder that Imp (the webmail program within the Horde framework) did not function either.
 +
 +
 +
 +
 +
 +Also, put all "DROP" rules in front of everything else, or the rules will NOT apply!
 +
 +
 +
 +My current rule set is:
 +
 +
 +
 +<code c>
 +[root@1038 /]# iptables -L
 +Chain INPUT (policy DROP)
 +target     prot opt source               destination
 +DROP       all  --  theinfoguru.com      anywhere
 +DROP       all  --  ns.nikon-precision.net  anywhere
 +DROP       all  --  66.150.29.78         anywhere
 +DROP       all  --  ACA1D644.ipt.aol.com  anywhere
 +DROP       all  --  202.222.19.52        anywhere
 +DROP       all  --  slack203.pav.clg.qc.ca  anywhere
 +DROP       all  --  prod1.cancom.com     anywhere
 +DROP       tcp  --  anywhere             anywhere            tcp dpt:50875
 +DROP       tcp  --  anywhere             anywhere            tcp spt:ircd
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8443
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:telnet
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3s
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:10000
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:20000
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
 +ACCEPT     udp  --  anywhere             anywhere            udp dpt:http
 +ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:8000:8050
 +ACCEPT     udp  --  anywhere             anywhere            udp spt:domain dpts                                             :1024:65535
 +ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
 +ACCEPT     icmp --  anywhere             anywhere
 +DROP       tcp  --  anywhere             anywhere            tcp dpt:50875
 +DROP       tcp  --  anywhere             anywhere            tcp spt:ircd
 +ACCEPT     all  --  localhost.localdomain  anywhere
 +ACCEPT     tcp  --  anywhere             anywhere            tcp state ESTABLISH                                             ED
 +
 +Chain FORWARD (policy ACCEPT)
 +target     prot opt source               destination
 +
 +Chain OUTPUT (policy ACCEPT)
 +target     prot opt source               destination
 +</code>
 +
 +
 +
 +
 +
 +
 +====Monitoring connections====
 +
 +
 +On the Linux computer, use:
 +
 +
 +
 +<code c>
 +netstat --inet -a
 +</code>
 +
 +
 +to display network connections, both listening and established.
 +
 +
 +
 +Also, see the file ''**/etc/services**'' to see which ports the services on the Linux computer are using.
 +
 +Other netstat uses:
 +
 +  * netstat -an | wc -l => current number of connections
 +  * netstat -an | grep :80 | wc -l => current number of connections through port 80 (web traffic)
 +  * netstat -ant | awk '{print $6}' | sort | uniq -c | sort -n => what are the connections doing?
 +  * netstat -p =>  This returns the PID of the process that has the connection. It's also quite useful if you've got someone abusing a PID and you need to find out what IP it is so that you can get in touch with that individual or to block connections from that IP in the future. 
 +
 +See also [[https://www.exchangecore.com/blog/find-number-active-connections-linux-using-netstat/|this site]] for more information.
 +
 +To see how the server looks from the outside (i.e. from a hacker's perspective), use nmap, which is a scanner available for both Windows and Linux computers. Don't forget to allow nmap to navigate through your (local) firewall.
 +
 +
 +
 +Example:
 +
 +
 +
 +<code c>
 +nmap -A -T4 scanme.insecure.org
 +</code>
 +===== Troubleshooting Network Problems =====
 +
 +If you are having network troubles, look at your ''**/etc/resolv.conf**'' file first (see also [[http://ka1fsb.home.att.net/resolve.html|The Resolv.conf File]]). This file contains the ip addresses of the nameservers for your local network.
 +
 +My former hosting company once failed to communicate the changes they had made in the ip addresses of their nameservers. It took me a full week to get them to look at my network troubles before someone over there suggested it could be a nameservers problem (that's why they're now my **former** hosting company).
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +=====Programs and software management=====
 +
 +
 +
 +====RPM====
 +
 +
 +Software on Linux computers can installed and managed in many different ways. Here, we describe very briefly how to use **rpm**, the Redhat Package Manager.
 +
 +
 +
 +Use rpm to find out which packages have been installed, to install new programs, or to uninstall old programs. You can also use rpm to check the integrity of the package against a checksum provided by the authors.
 +
 +
 +
 +Examples:
 +
 +
 +
 +<code c>
 +rpm -q php
 +php-4.3.3-11
 +</code>
 +
 +
 +The option //q// queries the rpm database for the existance of anything resembling //php. //The result is displayed on a new line.
 +
 +
 +
 +
 +
 +Check dependencies:
 +
 +
 +
 +<code c>
 +rpm -e --test php-4.3.3-11
 +</code>
 +
 +
 +This command results in a list of packages which depend on the php package.
 +
 +
 +
 +
 +
 +Uninstalling a package:
 +
 +
 +
 +<code c>
 +rpm -e php-4.3.3-11
 +</code>
 +
 +
 +Where //-e //is erase. The parameter --test in the previous example ensures that nothing is actually erased. Instead, only the dependencies are checked.
 +
 +
 +
 +The uninstall command will fail if there are any dependencies. If you absolutely need to uninstall the package anyway, use:
 +
 +
 +
 +<code c>
 +rpm -e --nodeps php-4.3.3-11
 +</code>
 +
 +
 +
 +
 +
 +
 +To check the **integrity **of a package, look for the //internal md5 //on the website of the authors or distributors of the package. This is your value for --//pkgid://
 +
 +
 +
 +<code c>
 +[root@1038 psa]#  -q --pkgid 3d16dbd631367be3c809ffa0c31a7437
 +binutils-2.14.90.0.6-3
 +</code>
 +
 +
 +So, in the example above, the long string is the internal md5 provided by the authors of //binutils//. Fortunately, the package associated with this string on my Linux system, turns out to be exactly the version of //binutils //it should be.
 +
 +
 +
 +
 +===20051115 – More about uninstalling with rpm===
 +If ''**rpm -e --nodeps php-4.3.3-11**'' fails, then you may have to use the option ''**--noscripts**''. Do exercise great care, though! The pre- and post-uninstall scripts are usually there for a good reason.
 +
 +
 +
 +I used it today to uninstall the ''**psa-agent**'' and ''**psa-qmail**'' remnants of the plesk configuration panel. I had previously deleted the directories for these applications, which apparently made it impossible for rpm to erase the corresponding packages. Rpm came up with a message stating that some "''**scriptlet failed**''". I forgot to copy this error message, but on the net I found something similar:
 +
 +
 +
 +<code c>
 +error: %preun(aimsgmc-R8.3_alpha-9.i386) scriptlet failed, exit status 255
 +</code>
 +
 +
 +In the end, I successfully removed them using the ''**--noscripts**'' option, so I assume the the "scriptlet" was either a pre- or post-uninstall script.
 +
 +
 +
 +
 +====YUM====
 +
 +
 +You could also use an extension to rpm, for some Linux distributions, such as this one (Fedora). On the flexserver computer, a version of //yum// has been installed. This seems to be a powerfull rpm installer­/updater/­uninstaller, which can also check the dependencies between packages, and then install the additionally required packages automatically.
 +
 +
 +
 +Yum can be configured through ''**/etc/yum.conf**''. I had, for instance, trouble getting the required pgp keys, which are used for validation, so I have set:
 +
 +
 +
 +<code c>
 +gpgcheck=0
 +</code>
 +
 +
 +Of course, I proceeded to manually check the md5 checksums in the way described above. This can be done, because in the end all //yum //ever does, is installing rpm packages.
 +
 +=== Exclude List ===
 +In yum, it's possible to exclude packages. So, whenever an installation fails because of dependency issues, first make sure that the required packages are not excluded.
 +
 +In ''/etc/yum.conf'' look for a line starting with 'exclude', under the ''[main]'' section.
 +
 +
 +====GUI Installers====
 +(Added 20050720)
 +
 +Some systems, such as Mandrake, have graphical installers. I had trouble installing php4 after I had installed Apache2 under Mandrake however. It seems that you have to install them both at once.
 +
 +====Compiling and building programs====
 +Another way to install programs under Linux is by compiling and building them. Advantages:
 +
 +  *You don't have to look for a specific RPM which supports your specific flavor of Linux;
 +  *You exercise more control over locations and options;
 +  *It's saver, as long as you check the digital signature or the checksum of the downloaded source files, than RPM.
 +
 +
 +Check the integrity of a downloaded source file using md5sum, a utility to calculate the checksum:
 +
 +
 +
 +<code c>
 +md5sum apache_1.3.33.tar.gz
 +3dfd2c3778f37a2dfc22b97417a61407  apache_1.3.33.tar.gz
 +</code>
 +
 +
 +On the first line, the command is issued; on the second line, the utility displays the calculated checksum. The authors or distributors of apache_1.3.33.tar.gz will have calculated a checksum as well (which you should find on their website). Your checksum must match theirs, or the source files have been compromised.
 +
 +
 +
 +
 +
 +
 +===Requirements===
 +
 +
 +You have to have a c compiler (most Linux software is written in C):
 +
 +
 +
 +gcc, cc, acc, or c89.
 +
 +
 +
 +You cannot install a C-compiler by compiling and building it, so you have to install a binary file. For instance through the use of rpm...
 +
 +
 +
 +Example:
 +
 +
 +
 +<code c>
 +[root@1038 psa]# rpm -i --test gcc-3.3.2-1.i386.rpm
 +warning: gcc-3.3.2-1.i386.rpm: V3 DSA signature: NOKEY, key ID 4f2a6fd2
 +error: Failed dependencies:
 +        binutils >= 2.14.90.0.4-4 is needed by gcc-3.3.2-1
 +        cpp = 3.3.2-1 is needed by gcc-3.3.2-1
 +        glibc-devel >= 2.2.90-12 is needed by gcc-3.3.2-1
 +[root@1038 psa]#
 +</code>
 +
 +
 +This is an attempt to install the gcc compiler. This compiler however, requires other utilities to be present as well. Install those packages, and pay particular attention to warnings such as: 
 +
 +
 +
 +<code c>
 +cpp = 3.3.2-1 is needed by gcc-3.3.2-1
 +</code>
 +
 +
 +Because if you install a package with a slightly different version number, things WILL go wrong!
 +
 +
 +===ldconfig===
 +You can use ldconfig to dynamically link libraries. First find the location of the library, then do (for instance):
 +
 +<code c>
 +ldconfig /usr/local/lib
 +</code>
 +
 +
 +At boot time, the file ''**ld.so.conf**'' is read, to achieve the same results, so make sure that you include any special locations for your libraries in this file.
 +
 +
 +
 +
 +
 +=====Apt-get=====
 +Apt-get is an important part of Debian. Apt-get is a package installer similar to (but better than) rpm. It solves //dependency hell //(or at least that's what the Debian people claim).
 +
 +To install a package, first you must find out what its name is. Go to:
 +
 +[[http://www.debian.org/distrib/packages|http://www.debian.org/distrib/packages]]
 +
 +If you want to be careful, you can first run a simulation:
 +
 +<code c>
 +apt-get -s install apache2
 +</code>
 +
 +
 +To actually install the package, just leave out the "''**-s**''" parameter.
 +
 +You can tell apt-get where to look for its packages using the file ''**/etc/apt/sources.list**''. Mine contained this:
 +
 +<code c>
 +#deb ftp://ftp.debian.org/debian stable main contrib non-free
 +deb http://security.debian.org stable/updates main contrib non-free
 +
 +#Host Europe server:
 +deb ftp://80.237.136.138/mirror/ftp.debian.org/debian/ sarge main contrib non-free
 +</code>
 +
 +
 +To install backports, I have followed the advice from this usergroup posting: (But be aware that mixing packages can lead to serious dependency issues!)
 +
 +[[http://groups.google.com/group/linux.debian.user/browse_frm/thread/c55c7846cd345221/58f94bde8135ef63?lnk=st&q=debian+sarge+mysql5&rnum=4&hl=en#58f94bde8135ef63|http://groups.google.com/group/linux.debian.user/browse_frm/thread/c55c7846cd345221/58f94bde8135ef63?lnk=st&q=debian+sarge+mysql5&rnum=4&hl=en#58f94bde8135ef63]]
 +
 +Which is:
 +
 +  -To add ''**deb **''[[http://www.backports.org/debian/|http://www.backports.org/debian/]]''** sarge-backports main **''to your sources.list
 +  -For a particular package, specify the priority in ''**preferences**'' (create in ''**/etc/apt **''if necessary):
 +
 +
 +<code c>
 +Package: *
 +Pin: release a=sarge-backports
 +Pin-Priority: 200
 +
 +Package: mysql
 +Pin: release a=sarge
 +</code>
 +This does not seem to be enough for all packages, however. For example, MySQL 5 does not seem to be installable this way. So I added the following lines to sources.list as well:
 +
 +<code c>
 +deb http://dotdeb.netmirror.org/ stable all
 +deb-src http://dotdeb.netmirror.org/ stable all
 +</code>
 +
 +
 +And after running apt-get update, I was able to starting installing MySQL 5.
 +
 +
 +
 +
 +====The dpkg Package Installer====
 +The dpkg utility can be used to install individual packages: file ending in ''**.deb**''. Sometimes programmers put their stuff in a single .deb file for you to download and install. I don't know where - in the directory structure - you are supposed to store .deb files, so I put them here, on my system:
 +
 +<code c>
 +/usr/deb
 +</code>
 +
 +
 +Use ''**dpkg**'' to install or remove individual packages, using the parameter ''**-i**'' and ''**-r**''.
 +
 +Here's an example:
 +
 +<code c>
 +lvps87-230-7-11:/usr/deb# dpkg -i webmin_1.300_all.deb
 +Selecting previously deselected package webmin.
 +(Reading database ... 16956 files and directories currently installed.)
 +Unpacking webmin (from webmin_1.300_all.deb) ...
 +dpkg: dependency problems prevent configuration of webmin:
 + webmin depends on libio-pty-perl; however:
 +  Package libio-pty-perl is not installed.
 +dpkg: error processing webmin (--install):
 + dependency problems - leaving unconfigured
 +Errors were encountered while processing:
 + webmin
 +</code>
 +
 +
 +As you can see, using just ''**dpkg**'' reintroduces "dependency hell"... In this example, there's just one missing library, so we use apt-get to install it.
 +
 +<code c>
 +lvps87-230-7-11:/usr/deb# apt-get install -s libio-pty-perl
 +Reading Package Lists... Done
 +Building Dependency Tree... Done
 +The following NEW packages will be installed:
 +  libio-pty-perl
 +0 upgraded, 1 newly installed, 0 to remove and 24 not upgraded.
 +1 not fully installed or removed.
 +Inst libio-pty-perl (1:1.02-2 Debian:3.1r3/stable)
 +Conf libio-pty-perl (1:1.02-2 Debian:3.1r3/stable)
 +Conf webmin (1.300 )
 +lvps87-230-7-11:/usr/deb# apt-get install libio-pty-perl
 +Reading Package Lists... Done
 +Building Dependency Tree... Done
 +The following NEW packages will be installed:
 +  libio-pty-perl
 +0 upgraded, 1 newly installed, 0 to remove and 24 not upgraded.
 +1 not fully installed or removed.
 +Need to get 39.4kB of archives.
 +After unpacking 106kB of additional disk space will be used.
 +Get:1 ftp://80.237.136.138 sarge/main libio-pty-perl 1:1.02-2 [39.4kB]
 +Fetched 39.4kB in 0s (255kB/s)
 +Selecting previously deselected package libio-pty-perl.
 +(Reading database ... 31035 files and directories currently installed.)
 +Unpacking libio-pty-perl (from .../libio-pty-perl_1%3a1.02-2_i386.deb) ...
 +Setting up libio-pty-perl (1.02-2) ...
 +Setting up webmin (1.300) ...
 +Webmin install complete. You can now login to https://lvps87-230-7-11.dedicated.hosteurope.de:10000/
 +as root with your root password, or as any user who can use sudo
 +to run commands as root.
 +</code>
 +
 +
 +This is quite a surprise! As soon as the missing library is installed, apt-get also finishes installing webmin for us!
 +
 +
 +=====Time and Date=====
 +Okay, winter has arrived. Daylight saving time kicks in. But my Linux system does not seem to have noticed. I couldn't figure out how to tell the system we have Daylight Saving Time in the Netherlands, so I manually set the clock one hour back:
 +
 +<code c>
 +[root@1038 /]# date -s "15:02"
 +Tue Nov 15 15:02:00 CET 2005
 +</code>
 +
 +
 +Now if only I could get rid of the "Central European Time"...
 +
 +
 +
 +=====20061009 Changing Locale=====
 +
 +
 +I wanted the system to use utf8, because this is a widely accepted standard. At first, the locale is:
 +
 +
 +
 +<code c>
 +lvps87-230-7-11:~# locale
 +LANG=POSIX
 +LC_CTYPE="POSIX"
 +LC_NUMERIC="POSIX"
 +LC_TIME="POSIX"
 +LC_COLLATE="POSIX"
 +LC_MONETARY="POSIX"
 +LC_MESSAGES="POSIX"
 +LC_PAPER="POSIX"
 +LC_NAME="POSIX"
 +LC_ADDRESS="POSIX"
 +LC_TELEPHONE="POSIX"
 +LC_MEASUREMENT="POSIX"
 +LC_IDENTIFICATION="POSIX"
 +LC_ALL=
 +lvps87-230-7-11:~#
 +</code>
 +
 +
 +After an export:
 +
 +
 +
 +<code c>
 +lvps87-230-7-11:~# export LANG=nl_NL.utf8
 +lvps87-230-7-11:~# locale
 +locale: Cannot set LC_CTYPE to default locale: No such file or directory
 +locale: Cannot set LC_MESSAGES to default locale: No such file or directory
 +locale: Cannot set LC_ALL to default locale: No such file or directory
 +LANG=nl_NL.utf8
 +LC_CTYPE="nl_NL.utf8"
 +LC_NUMERIC="nl_NL.utf8"
 +LC_TIME="nl_NL.utf8"
 +LC_COLLATE="nl_NL.utf8"
 +LC_MONETARY="nl_NL.utf8"
 +LC_MESSAGES="nl_NL.utf8"
 +LC_PAPER="nl_NL.utf8"
 +LC_NAME="nl_NL.utf8"
 +LC_ADDRESS="nl_NL.utf8"
 +LC_TELEPHONE="nl_NL.utf8"
 +LC_MEASUREMENT="nl_NL.utf8"
 +LC_IDENTIFICATION="nl_NL.utf8"
 +LC_ALL=
 +</code>
 +
 +
 +But after logging in again, it turned out that the export command is only valid for the duration of the session...
 +
 +So I looked around on the web, and found this site: [[http://gallery.menalto.com/wiki/Debian_locale_HowTo|http://gallery.menalto.com/wiki/Debian_locale_HowTo]]
 +
 +I followed the instructions:
 +
 +<code c>
 +lvps87-230-7-11:~# dpkg-reconfigure locales
 +Generating locales...
 +  nl_NL.UTF-8... done
 +  nl_NL.UTF-8@euro... done
 +Generation complete.
 +</code>
 +
 +
 +I got to choose from various locales and chose two. Doing ''**locale**'' on the CLI still produced the "POSIX" output. But then I filled in ''**nl_NL.UTF-8@euro**'' in the configuration of the php program Moodle, and now the date comes up correctly in the calendar.
 +
 +
 +=====Memory and Disk Usage=====
 +
 +Scott Granneman summarizes on his [[http://www.granneman.com/techinfo/linux/thelinuxenvironment/memoryanddiskusage.htm|website]]:
 +
 +====Memory====
 +<code>
 +cat /proc/meminfo = memory usage information
 +free = how much memory is currently unused
 +</code>
 +
 +
 +====Disk space====
 +<code>
 +df // disk usage for all partitions
 +du -h --max-depth=1 // disk usage for the current directory and all sub-directories, with usage listed per subdirectory
 +</code>
 +
 +
 +=====Setting Up A VPN Tunnel=====
 +
 +Under Ubuntu 12.04, I use netExtender to set up a VPN tunnel. There is one catch however: after I end the session, my ''/etc/resolv.conf'' will be polluted with worthless directives. This results in my provider's DNS servers not being found. In other words: "the internet is down".
 +
 +Solution: simply delete the file (''sudo rm /etc/resolv.conf'') and the OS will create a new one on the fly.
 +
 +
 +=====apt-get sources.list=====
 +
 +The sources for apt-get are listed in ''/etc/apt/sources.list''.
 +
 +If you ever get 'not found' messages, try to change 'archive' into 'old-releases'. Example:
 +
 +''deb http://archive.ubuntu.com/ubuntu hardy-updates main restricted universe''
 +
 +is replaced by:
 +
 +''deb http://old-releases.ubuntu.com/ubuntu hardy-updates main restricted universe''

Personal Tools