Windows Server Domain and Forest Functional Levels

ref.: http://blogs.techrepublic.com.com/datacenter/?p=308

	2000 native	2003 native	2008 native
DCs allowed	W2K, W2K3, W2K8	W2K3, W2K8	W2K8 only
Domain features	Universal groups, Group nesting, Group conversions, Security identifier (SID) history	Ability to rename domain controllers via netdom.exe, Logon time stamp dates, Redirect Users and Computers, Authorization Manager policies in AD, Constrained delegation, Selective authentication	Distributed File System replication support for SYSVOL, Advanced encryption, Last Interactive Logon information, Fine-grained password policies
Forest features	All default AD features	Forest trust, domain rename, linked-value replication, Read-only domain controller deployment, instances of the dynamic auxiliary class named dynamicObject in a domain directory partition, convert inetOrgPerson object instance into a User object instance, create instances of new group types to support role-based authorization, deactivation and redefinition of attributes and classes in the schema	No new additional forest-level features

ICMP Security Failures Messages

Error Procedures

   As is usual with ICMP messages, upon receipt of one of these error
   messages that is uninterpretable or otherwise contains an error, no
   ICMP error message is sent in response.  Instead, the message is
   silently discarded.  However, for diagnosis of problems, a node
   SHOULD provide the capability of logging the error, including the
   contents of the silently discarded datagram, and SHOULD record the
   event in a statistics counter.

   On receipt, special care MUST be taken that the ICMP message actually
   includes information that matches a previously sent IP datagram.
   Otherwise, this might provide an opportunity for a denial of service
   attack.

Install X server via YUM on Redhat/CentOS

First you can see all the yum groups available with the command:

yum grouplist

You can install X and Gnome or KDE like this:

yum groupinstall "X Window System" "GNOME Desktop Environment"

or

yum groupinstall "X Window System" "KDE (K Desktop Environment)"

You may also want to add some other groups from the list like "Graphical Internet" or "Office/Productivity"
ref: http://wikinux.wetpaint.com/page/Install+X+server+via+YUM+on+Redhat%2FCentOS

Migrate user accounts from linux server to another linux server

ref.: http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/

Backup
# mkdir /root/move/
# export UGIDLIMIT=500

# awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/passwd > /root/move/passwd.mig
# awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/group > /root/move/group.mig
# awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534) {print $1}' /etc/passwd | tee - |egrep -f - /etc/shadow > /root/move/shadow.mig
# cp /etc/gshadow /root/move/gshadow.mig
# tar -zcvpf /root/move/home.tar.gz /home
# tar -zcvpf /root/move/mail.tar.gz /var/spool/mail

Restore

# mkdir /root/newsusers.bak
# cp /etc/passwd /etc/shadow /etc/group /etc/gshadow /root/newsusers.bak
# cd /path/to/location
# cat passwd.mig >> /etc/passwd
# cat group.mig >> /etc/group
# cat shadow.mig >> /etc/shadow
# /bin/cp gshadow.mig /etc/gshadow
# cd /
# tar -zxvf /path/to/location/home.tar.gz


# cd /
# tar -zxvf /path/to/location/mail.tar.gz
# reboot

Linux delete large number files (argument list too large when using rm)

ref.: http://linux.byexamples.com/archives/326/rm-complains-argument-list-too-long/

There is a limitation of rm command, where you can’t delete a large groups of files with *. For examples,

rm -rf something*

If there are large amount of files initiate with something, rm will fails and complains

/bin/rm: Argument list too long.

The solution is to make use of find, xargs and rm.

find . -name 'something*' -print0 | xargs -0 rm -rf  

Online Diagram Software

http://www.gliffy.com/

Data Recovery with Linux

https://help.ubuntu.com/community/DataRecovery

http://www.cgsecurity.org/wiki/TestDisk

http://www.cgsecurity.org/wiki/PhotoRec

Full backup NTFS partition using Linux

Backup:
Suppose backup partition is sda1 (The first partition on master HD) and the backup data will store on another system/drive

0. Optional step, backup boot menu if your using multiboot. Do it in windows: bcdedit /export "C:\bcdbackup\bcdbackup"
1. Bootup with rescue CD
2. mount another location to place the backup data, as example we use sda2
> mkdir /mnt/backup
> mount /dev/sda2 /mnt/backup
> dd if=/dev/sda of=sda.mbr bs=512 count=1    <----Backup MBR
> sfdisk -l /dev/sda > sda.sf         <---Backup partition status
> ntfsclone --save-image -o - /dev/sda1 | gzip > sda1.pimg.gz <---Wait with coffee
3. Verify the backup data with "ls /mnt/backup"

Restore:
1. Bootup with rescue CD
2. Start to restore mbr, partition status and partition
> mkdir /mnt/backup
> mount /mnt/backup /dev/sda2
> cd /mnt/backup
> dd of=/dev/sda if=sda.mbr bs=512 count=1
> sfdisk -f /dev/sda < sda.sf
> mknod /dev/sda1 b 8 1     <------create special or ordinary file for sda1, so you need to check major and minor number
> gunzip < sda1.pimg.gz | ntfsclone -r -O /dev/sda1 -
3. Optional step, do it in windows: bcdedit /import "C:\bcdbackup\bcdbackup"

Ubuntu Document search

Good stuff for ubuntu player:
http://people.canonical.com/~kirkland/search.html

Tomcat5 + Apache on Centos

Install Tomcat5:
    The easy way is yum install tomcat5 tomcat5-webapps

Testing:
    netstat -ntlp  <-----------Check the default 8080 port is ready
    http://localhost:8080/   <------Test the url

If you don't wanna join tomcat to apache2 you can stop here.

Join Tomcat to Apache2
There are several ways to join tomcat to apache2

• jk  (mod_jk)
• http_proxy   (mod_proxy)
• proxy_ajp    (mod_proxy_ajp)

Now I use the easiest way - ajp_proxy:

vi /etc/httpd/conf.d/proxy_ajp.conf

LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

ProxyPass /tomcat/ ajp://localhost:8009/

Double check the proxy_ajp.conf have included in httpd.conf

restart httpd and test with url "http://localhost/tomcat/"

Clamav install with yum in Centos

1: Create yum repository file
vi /etc/yum.repos.d/dag.repo
[dag]
name=Dag RPM Repository for RHEL5
baseurl=http://ftp.riken.jp/Linux/dag/redhat/el5/en/$basearch/dag/
enabled=1
gpgcheck=1

2: Download and import the key
wget http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
rpm --import RPM-GPG-KEY.dag.txt

3: yum install clamd

Apache htaccess Digest Authentication config

Suppose the http document directory is /var/www/html
Step 1
Then create .htaccess file in it
vi /var/www/html/.htaccess
AuthName  "myauth"
Authtype  Digest
AuthDigestProvider file
AuthUserFile /etc/httpd/conf.d/.digpass
Require valid-user

Step 2
issue the follow command to create login account
htdigest -c /etc/httpd/conf.d/.digpass myauth tom

ps.: Don't forget to change "AllowOverride AuthConfig" in httpd.conf

Apache+SSL in Centos

1. Install package
yum install mod_ssl openssl

2. Create CA and generate Cert
# Generate private key 
openssl genrsa -out ca.key 1024 

# Generate CSR 
openssl req -new -key ca.key -out ca.csr

# Generate Self Signed Key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

# Move the files to the correct locations
mv ca.crt /etc/pki/tls/certs
mv ca.key /etc/pki/tls/private/ca.key
mv ca.csr /etc/pki/tls/private/ca.csr

3. Config SSL for httpd
Setup the path for the cert and ca key
vi /etc/httpd/conf.d/ssl.conf 
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

4. Setup Virtual Host in Apache

<virtualhost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
<Directory /var/www/vhosts/yoursite.com/httpsdocs>
AllowOverride All
</directory>
DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs
ServerName yoursite.com
</virtualhost>

/etc/init.d/httpd restart

Apache htaccess simple config

AllowOverride AuthConfig - Provide login screen before view the web site
Sample config:
httpd.conf

====================================
    Options FollowSymLinks
    AllowOverride AuthConfig
    Order allow,deny
    Allow from all

AccessFileName .htaccess

====================================

/var/www/html/.htaccess

====================================

AuthName     "htaccess protect"
Authtype     Basic
AuthUserFile /var/www/.htpasswd <---the .htpasswd file will be created later
require      valid-user
(or you can change to specify user "require user     tom")
====================================

Create .htpasswd file:
htpasswd -c /var/www/.htpasswd owner

Add another account:htpasswd /var/www/.htpasswd tom

vmware remote console on firefox 3.6.x problem

The problem is the vmrc plugin is not available on firefox 3.6.x, it return timeout error. So my solution is just run the vmrc directly, you can follow the steps:

copy the plugin from /usr/lib/vmware/webAccess/tomcat/apache-tomcat-6.0.16/webapps/ui/plugin/ to client site.
on client, just unzip it, (for me, unzip vmware-vmrc-linux-x64.xpi)

after extract, you can see vmware-vmrc in plugin folder, run it directly and give the hostname (e.g: 192.168.0.2:8333), username and password.


Linux:
vmware-vmrc -h [<hostname>] [-u <username> -p <password>] [-M <moid> | <datastore path>]

Windows:
vmware-vmrc.exe -h <hostname> [-u <username> -p <password>] -M <moid> | <datastore path>

You can find the object id (moid) from vmInventory.xml
For example: "C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in\vmware-vmrc.exe" -h localhost:8333 -M 16

Windows startup no desktop screen -- explorer.exe don't startup

open registry (menu Start -> run (or run Comand prompt): regedit).

open: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Current
Version \ Winlogon

At right pane there is "Shell". The value of it must be "explorer.exe"

sql 2008 server express installation fail - Performance counter registry hive consistency

Solution1:
Install with the following command:
C:\Users\Administrator\Downloads\SQLEXPRWT_x64_EN.exe U>setup.exe /ACTION=install /SKIPRULES=PerfMonCounterNotCorruptedCheck


Solution2 (Environment: win vista sp2 32bit):
I fixed by change the registry
go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
then you can copy 0404 reg key and create new reg key call 004
Then install again.

Ubuntu 內的千千靜聽 － amarok

apt-get install amarok

https://help.ubuntu.com/community/Amarok

Debian/Ubuntu inter-vlan configuration

Suppose your switch is ready.
Install vlan package > add 802.1q module > config interface

1. apt-get install vlan

2. modprobe 8021q

3. vi /etc/network/interfaces
#add the following content, here I create 3 VLANs

auto vlan10 vlan20 vlan30

iface vlan10 inet static
address 192.168.10.1
netmask 255.255.255.0
mtu 1500
vlan_raw_device eth0

iface vlan20 inet static
address 192.168.20.1
netmask 255.255.255.0
mtu 1500
vlan_raw_device eth0

iface vlan30 inet static
address 192.168.30.1
netmask 255.255.255.0
mtu 1500
vlan_raw_device eth0

iptables in NAT (MASQUERADE, SNAT, DNAT)

Assumption in the case to config NAT
eth0 connection to external network
eth1 connection to internal network
Enable ip route
echo 1 > /proc/sys/net/ipv4/ip_forward

Set up IP FORWARDing and Masquerading
(this is the most simple method to config NAT for internal users)

[root@linux ~]#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[root@linux ~]#iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
[root@linux ~]#iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

For this case using MASQUERADE, there is alternative
[root@linux ~]#iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

(suppose ppp0 is ready for external network)

More information (Just sample for your reference):
SNAT
Example: Internal users access external network with private IP

[root@linux ~]#iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 202.175.12.34
(Map source addresses to 202.175.12.34)

[root@linux ~]#iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 202.175.12.34-202.175.12.39
(Map source addresses to the range of 202.175.12.34~202.175.12.39)

DNAT
Example: External users access internal server

[root@linux ~]# iptables -t nat -A PREROUTING -i eth0 -j DNAT --to 192.168.1.10
[root@linux ~]# iptables -t nat -A PREROUTING -i eth0 -j DNAT --to 192.168.1.5-192.168.1.10
[root@linux ~]# iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to 192.168.1.10:80 
[root@linux ~]# iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to 192.168.1.10:8080
[root@linux ~]# iptables -t nat -A PREROUTING -p tcp  --dport 80 -j REDIRECT --to-ports 8080

iptables general configuration

List iptables contents

[root@linux ~]# iptables -L -n
[root@linux ~]# iptables -L -nv
[root@linux ~]# iptables -t nat -L -n

Flush iptables contents
[root@linux ~]# iptables -F
[root@linux ~]# iptables -t nat -F
[root@linux ~]# iptables -F FORWARD
[root@linux ~]# iptables -X MYCHAIN

Set policy for chain
Example:
[root@linux ~]# iptables -P INPUT DROP
Result:
Chain INPUT (policy DROP)
target     prot opt source               destination 

Add rules to the chain
Template:
iptables [-AI Chain] [-io interface] [-p protocal] [-s source ip] [-d destination ip] -j [ACCEPT|DROP]
Example:
[root@linux ~]# iptables -A INPUT -i eth0 -s 192.168.0.1 -j ACCEPT
[root@linux ~]# iptables -A INPUT -i eth0 -s 192.168.1.0/24 -j ACCEPT
[root@linux ~]# iptables -A INPUT -s 192.168.2.200 -j LOG
(log all traffic from 192.168.2.200 and record to /var/log/messages)
[root@linux ~]# iptables -A INPUT -p icmp -j ACCEPT
[root@linux ~]# iptables -A INPUT -i eth0 -p tcp --dport 21 -j DROP
[root@linux ~]# iptables -A INPUT -i eth0 -p udp --dport 137:138 -j ACCEPT
[root@linux ~]# iptables -A INPUT -i eth0 -p tcp -s 192.168.1.0/24 \
> --sport 1024:65534 --dport ssh -j DROP
[root@linux ~]# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
(Accept the response packet, here state can be NEW,RELATED,ESTABLISHED,INVALID)
[root@linux ~]# iptables -A INPUT -m state --state INVALID -j DROP
[root@linux ~]# iptables -A INPUT -m mac --mac-source aa:bb:cc:dd:ee:ff -j ACCEPT

Insert a rule to the chain
[root@linux ~]# iptables -I INPUT 2 -i eth0 -p tcp --dport 21 -j DROP
(Insert to the 2rd rule)

Replace a rule
[root@linux ~]# iptables -R INPUT 2 -i eth0 -p tcp --dport 21 -j DROP
(Replace the 2rd rule)

Delete rules
[root@linux ~]# iptables -D INPUT -i eth0 -p tcp --dport 21 -j DROP
[root@linux ~]# iptables -D INPUT 2
(Delete the 2rd rule)

Save and Restore
Whatever you did in command, it will lost after system reboot, so we need to save
to the file that will load when system bootup. For redhat distribution, it will 
save in /etc/sysconfig/iptables
Two command used to backup and restore.
Example:
[root@linux ~]# iptables-save > filename
(Save iptables from running config to a file)
[root@linux ~]# iptables-save > /etc/sysconfig/iptables
(Save iptables from running config to startup config)
[root@linux ~]# iptables-restore < filename

vsftpd simple config

ref.: http://ubuntuforums.org
Basic Setup

To disable anonymous login and to enable local users login and give them write permissions:

Code:

# No anonymous login
anonymous_enable=NO
# Let local users login
# If you connect from the internet with local users, you should enable TLS/SSL/FTPS
local_enable=YES

# Write permissions
write_enable=YES

NOTE: It is not advisable to use FTP without TLS/SSL/FTPS over the internet because the FTP protocol does not encrypt passwords. If you do need to transfer files over FTP, consider the use of virtual users (same system users but with non system passwords) or TLS/SSL/FTPS (see below).

To chroot users

To jail/chroot users (not the vsftpd service), there are three choices. Search for "chroot_local_users" on the file and consider one of the following:

Code:

# 1. All users are jailed by default:
chroot_local_user=YES
chroot_list_enable=NO

# 2. Just some users are jailed:
chroot_local_user=NO
chroot_list_enable=YES
# Create the file /etc/vsftpd.chroot_list with a list of the jailed users.

# 3. Just some users are "free":
chroot_local_user=YES
chroot_list_enable=YES
# Create the file /etc/vsftpd.chroot_list with a list of the "free" users.

To deny (or allow) just some users to login

To deny some users to login, add the following options in the end of the file:

Code:

userlist_deny=YES
userlist_file=/etc/vsftpd.denied_users

In the file /etc/vsftpd.denied_users add the username of the users that can't login. One username per line.

To allow just some users to login:

Code:

userlist_deny=NO
userlist_enable=YES
userlist_file=/etc/vsftpd.allowed_users

In the file /etc/vsftpd.allowed_users add the username of the users that can login.

The not allowed users will get an error that they can't login before they type their password.

TLS/SSL/FTPS

NOTE: you definitely have to use this if you connect from the Internet.

To use vsftpd with encryption (it's safer), change or add the following options (some options aren't on the original config file, so add them):

Code:

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
# Filezilla uses port 21 if you don't set any port
# in Servertype "FTPES - FTP over explicit TLS/SSL"
# Port 990 is the default used for FTPS protocol.
# Uncomment it if you want/have to use port 990.
#listen_port=990

No need to create a certificate. vstfpd uses the certificate Ubuntu creates upon it's installation, the "snake-oil" certificate (openssl package, installed by default).

Install a VNC Server in Ubuntu

Step1: Install vnc4server and xinetd
sudo apt-get install vnc4server xinetd

Step2: Edit ~/.vnc/xstartup
Uncomment the lines that start with unset and exec. Comment out the lines that start with xsetroot, vncconfig, xterm, and twm.
The final file should look like:
#!/bin/sh
# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
#xsetroot -solid grey
#vncconfig -iconic &
#xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
#twm &


Step3: Stop vncserver
vnc4server -kill :1

Step4: start vncserver
vnc4server

No Password login - SSH

Step 1: Create public and private keys using ssh-key-gen on local-host

jsmith@local-host$ [Note: You are on local-host here]

jsmith@local-host$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):[Enter key]
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Pess enter key]
Your identification has been saved in /home/jsmith/.ssh/id_rsa.
Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub.
The key fingerprint is:
33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 
jsmith@local-host

Step 2: Copy the public key to remote-host using ssh-copy-id

jsmith@local-host$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
jsmith@remote-host's password:
Now try logging into the machine, with "ssh 'remote-host'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.

Step 3: Login to remote-host without entering the password

jsmith@local-host$ ssh remote-host
Last login: Sun Nov 16 17:22:33 2008 from 192.168.1.2
[Note: SSH did not ask for password.]

jsmith@remote-host$ [Note: You are on remote-host here]

ref.: http://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id/

Apache+SSL in Debian Quick Setup

Step1: apt-get install apache2 openssl

Step2: (Generate cert file)

mkdir /etc/apache2/ssl
 
  RANDFILE=/dev/random openssl req $@ -new -x509 -days 365 -nodes \
    -out /etc/apache2/ssl/apache.pem \
    -keyout /etc/apache2/ssl/apache.pem

  chmod 600 /etc/apache2/ssl/apache.pem

Step3: (Config for apache2)
  cd /etc/apache2/sites-available/
  cp default ssl

Step4: (Enable the site. This is done by making a sym-link to the configuration 
from /etc/apache2/sites-enabled/.)
  a2ensite ssl

Step5: (To enable the ssl module from /etc/apache2/mods-available)
  a2enmod ssl

Step6: (Add 443 port to /etc/apache2/ports.conf)
  Listen 443

Step7: (Edit /etc/apache2/sites-available/ssl)
  NameVirtualHost *:443
  
   SSLEngine On
   SSLCertificateFile /etc/apache2/ssl/apache.pem
 

Step8: Restart apache2  /etc/init.d/apache2 restart 

Simple logrotate - make your log file archieve

If you want to make your log files archieve, you can create file in /etc/logrotate.d, those files will be included in logrotate.conf
Here is the file sample:

/var/log/linuxserver/linux.log {
        rotate 7
        daily
        compress
        delaycompress
        missingok
        notifempty
        create 660 linuxuser linuxuser } 

This config file will run daily, create maximum 7 archives owned by linuxuser 
and linuxuser group with 660 permissions,compress all logs and exclude only yesterdays and empty log files.
Here are some selected logrotate configuration keywords.

daily	Log files are rotated every day.
weekly	Log files are rotated if the current weekday is less than the weekday of the last rotation or if more than a week has passed since the last rotation. This is normally the same as rotating logs on the first day of the week, but if logrotate is not being run every night a log rotation will happen at the first valid opportunity.
monthly	Log files are rotated the first time logrotate is run in a month (this is normally on the first day of the month).
notifempty	Do not rotate the log if it is empty (this overrides the ifempty option).
nocompress	Old versions of log files are not compressed.
delaycompress	Postpone compression of the previous log file to the next rotation cycle. This only has effect when used in combination with compress. It can be used when some program cannot be told to close its logfile and thus might continue writing to the previous log file for some time.
compress	Old versions of log files are compressed with gzip by default.
mail address	When a log is rotated out of existence, it is mailed to address. If no mail should be generated by a particular log, the nomail directive may be used.
missingok	If the log file is missing, go on to the next one without issuing an error message.

To run the logrotate manually, issue the command:
logrotate -v /etc/logrotate.conf

Journaled quota

Journaled quota

(Assume installed quota package)

• vi /etc/fstab
• /dev/sda1 / ext4 defaults,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 0 1
• touch /aquota.user /aquota.group
• mount -o remount /
• quotacheck -avug
• quotaon -avug
• edquota -u ray
• edquota -g myquotagrp

RPM command example

Install

# rpm -ivh foo-2.0-4.i386.rpm
# rpm -i ftp://ftp.redhat.com/pub/redhat/RPMS/foo-1.0-1.i386.rpm
# rpm -i http://oss.oracle.com/projects/firewire/dist/files/kernel-2.4.20-18.10.1.i686.rpm

Erase
# rpm -e foo

Upgrade
# rpm -Uvh foo-1.0-2.i386.rpm
# rpm -Uvh ftp://ftp.redhat.com/pub/redhat/RPMS/foo-1.0-1.i386.rpm
# rpm -Uvh http://oss.oracle.com/projects/firewire/dist/files/kernel-2.4.20-18.10.1.i686.rpm

Query

# rpm -qa  <------To query all installed packages.

# rpm -q foo  <------To query a RPM package.

# rpm -qi foo  <------To display package information.

# rpm -ql foo  <------To list files in installed package

# rpm -qf /usr/bin/mysql  <------Which package owns a file?
mysql-3.23.52-3

# rpm -qpl kernel-2.4.20-18.10.1.i686.rpm
# rpm -qpl ftp://ftp.redhat.com/pub/redhat/RPMS/foo-1.0-1.i386.rpm
# rpm -qpl http://oss.oracle.com/projects/firewire/dist/files/kernel-2.4.20-18.10.1.i686.rpm

List files in RPM file.

Verify
# rpm --verify mysql

To verify an installed package. The output is listed using the following codes that signify what failed:

S File size
  M Mode (includes permissions and file type)
  5 MD5 sum
  L Symlink 
  D Device 
  U User 
  G Group 
  T Mtime

Take for example the following:

# rpm --verify mysql
  S.5....T c /etc/my.cnf

This example indicates that file /etc/my.cnf failed on:

File size 
  MD5 Sum 
  Modified Time 

However, the "c" tells us this is a configuration file so that explains the changes. It should still be looked at to determine what the changes were.

Recommended application and installation for new Ubuntu user

For those just finished the system installation, please look below:

1. Setup input method:
go System>administration>language support>install/remove languages then choose what you want.

2. Compiz fusion - using simple-ccsm:
open terminal, execute the command "apt-get install simple-ccsm"

3. Google desktop:
You can download and install the plugin on your desktop.
http://desktop.google.com/plugins/

4. Virtual box
http://www.virtualbox.org/wiki/Linux_Downloads

5. vmserver
http://register.vmware.com/content/download.html

...to be continuous

Linux - Compression and Uncompression Example

compress
compress bigfile     <--------- compress bigfile to be bigfile.Z, bigfile will be disappear.
compress -r myfolder     <---------compress all file to be .Z file in myfolder
compress -c bigfile     <---------display the result to stdout
compress -c bigfile > smallfile.Z      <---------by which, unchange bigfile but saveas another compressed file(smallfile.Z).

uncompress
uncompress smallfile.Z

gzip
gzip bigfile     <--------- compress bigfile to be bigfile.gz
gzip -9 bigfile     <--------- compress bigfile to be bigfile.gz, -9 is best quality but slowest, -1 is the fastest but low compress, default is -6.
gzip -c bigfile > smallfile.gz      <--------- unchange bigfile but save as another compressed file(smallfile.gz).

gunzip
gunzip smallfile.gz     <--------- extract the gz file
gunzip -c smallfile.gz > file     <--------- extract smallfile.gz to a file,and don't smallfile.gz

zcat
zcat smallfile.gz     <---------see the file content without unzip

bzip2, bunzip2, bzcat

bzip2 default compress level 2
the usage is like gzip, gunzip, zcat
(Hints: gzip is better than compress, bzip2 is the best)

Change process priority - nice and renice

Nice number
• Range: -20 ~ +19
• User process default: 0
• + no. lower the priority
• - no. raise the priority
• Only root can lower the no.
• Don’t assign +no. to fg jobs -- sluggish

Syntax
• Just nice shows current priority
• nice [-n no.] [command]
• nice [-no.] [command]
• Normal user: no. = 1~19
• Root: no. = -20~19
• Not specified no.: default to 10

Examples

[law@localhost ~]$ nice seq 1000000&
Using default nice# 10 to reduce priority

[law@localhost ~]$ nice -n -10 vi /etc/hosts.deny
Start vi at high priority (-10)

renice
Modify nice no. of a running program
Syntax:
Renice [+|-]nicenumber [option] targets

Examples
[law@localhost ~]$ renice 19 501
 Lower process 501's priority
[law@localhost ~]$ renice -10 -u law -p 501
 Increase all law's process and process 501

Checking system status

ps aux             <----show all process
ps auxf             <----show all process as tree format
ps a -l             <----here -l means long format, see detail

pstree             <----show process as tree format
pstree -p             <----display with pid
pstree -H 1974             <----high light the 1974 process

top
top -d 2             <----Change data with 2 second.
top -b -n 2 > /home/ray/topresult     <----run top 2 times and redirect the result to a file
in top interface:
press q is exit
press M is sort by memory
press < or > means sort by previous or next column

free -m              <----Check memory status

netstat -ntlp             <----Show the network status, here "l" means those listening process

vmstat 2             <----Check CPU status, take snapshot with 2 seconds
vmstat 2 4            <----Check CPU status, take snapshot with 2 seconds and do it 4 times
vmstat -d               <----Show disk read write status

df -h               <----Show harddisk space size

runlevel               <----Show previous and current runlevel

Linux command - cut, sed, awk

Cut

cut -c 1-7 f1 will output the first 7 characters in each line of file 'f1'.

cut -c 2,4-7,10- f1 will output the character 2, characters 4 – 7, characters 10 until the end of line in each line of file 'f1'.

cut -f 1,4,5 f1 will output 'fields' 1, 4 and 5 in file 'f1'. The fields are assumed to be separated by tab in 'f1'.

cut -d ' ' -f 1,4,5 f1 will output 'fields' 1, 4 and 5 in file 'f1'. The fields are assumed to be separated by a single space in 'f1'.

Sed

Let's make a test file
ls -l /etc > testsed

"d" means delete
sed '1,4d' testsed
sed '/yum/d' testsed
sed '/yum/!d' testsed

"s" is replace, -n means hide the other output, p is display
sed -n 's/pass/xxxxx/p' testsed


Awk
Make another file to test awk
ps aux > testawk

Show column 11
awk '{print $11}' testawk

awk '/sbin/{print $2,$11}' testawk

ps aux 各欄位的意義

在 ps aux 顯示的項目中，各欄位的意義為：

* USER：該 process 屬於那個使用者帳號的？
* PID ：該 process 的程序識別碼。
* %CPU：該 process 使用掉的 CPU 資源百分比；
* %MEM：該 process 所佔用的實體記憶體百分比；
* VSZ ：該 process 使用掉的虛擬記憶體量 (Kbytes)
* RSS ：該 process 佔用的固定的記憶體量 (Kbytes)
* TTY ：該 process 是在那個終端機上面運作，若與終端機無關則顯示 ?，另外， tty1-tty6 是本機上面的登入者程序，若為 pts/0 等等的，則表示為由網路連接進主機的程序。
* STAT：該程序目前的狀態，狀態顯示與 ps -l 的 S 旗標相同 (R/S/T/Z)
* START：該 process 被觸發啟動的時間；
* TIME ：該 process 實際使用 CPU 運作的時間。
* COMMAND：該程序的實際指令為何？

Fine tune your VM - Extend vm disk size in Linux

Step1: Login with admin, shutdown your PC

Step2: Eg: Extend your vm to 40GB
vmware-vdiskmanager -x 40GB winxp.vmdk
Then your disk space would be expanded, but the free space is not assigned to your system.

Step3: List your registered vm, check the ID
vmware-vim-cmd vmsvc/getallvms

Step4: Poweron your vm
vmware-vim-cmd vmsvc/power.on 96

Step5: If you the vm is windows, then go to computer manager to assign the free space to C: or D: as you like.
To expand system driver (such as C: which holding winxp) then you may need to do it with thrid party partition tools. Here you can get more information: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004071

Fedora 12 enable root login in GUI

1. edit /etc/pam.d/gdm and /etc/pam.d/gdm-password
2. Add comment(#) to the following line
# auth required pam_succeed_if.so user != root quiet

editor - vi

.vi 的操作模式
==============
        vi 提供兩種操作模式：輸入模式(insert mode)和指令模式(command mode)
        。當使用者進入 vi 後，即處在指令模式下，此刻鍵入之任何字元皆被視為
        指令。在此模式下可進行刪除、修改等動作。若要輸入資料，則需進入輸入
        模式。

.輸入模式
=========
        如何進入輸入模式
                a (append)      由游標之後加入資料。
                A               由該行之末加入資料。
                i (insert)      由游標之前加入資料。
                I               由該行之首加入資料。
                o (open)        新增一行於該行之下供輸入資料之用。
                O               新增一行於該行之上供輸入資料之用。

如何離開輸入模式
                《ESC》 結束輸入模式。

.指令模式
=========
游標之移動
        h       向左移一個字元。
        j       向上移一個字元。
        k       向下移一個字元。
        l       向右移一個字元。
        0       移至該行之首
        $       移至該行之末。
        ^       移至該行的第一個字元處。
        H       移至視窗的第一列。
        M       移至視窗的中間那列。
        L       移至視窗的最後一列。
        G       移至該檔案的最後一列。
        +       移至下一列的第一個字元處。
        -       移至上一列的第一個字元處。
        (       移至該句之首。 (註一)
        )       移至該句之末。
        {       移至該段落之首。 (註二)
        }       移至該段落之末。
        nG      移至該檔案的第 n 列。
        n+      移至游標所在位置之後的第 n 列。
        n-      移至游標所在位置之前的第 n 列。
        <Ctrl><g>       會顯示該行之行號、檔案名稱、檔案中最末行之行號、游標
                        所在行號佔總行號之百分比。

註一：句子(sentence)在vi中是指以『！』、『.』或『？』結束的一串字。
        註二：段落(paragraph)在vi中是指以空白行隔開的文字。

.視窗的移動
===========
        <Ctrl><f>       視窗往下捲一頁。
        <Ctrl><b>       視窗往上捲一頁。
        <Ctrl><d>       視窗往下捲半頁。
        <Ctrl><u>       視窗往上捲半頁。
        <Ctrl><e>       視窗往下捲一行。
        <Ctrl><y>       視窗往上捲一行。

.刪除、複製及修改指令介紹 (此單元較少使用)
=========================
        d(delete)、c(change)和y(yank)這一類的指令在 vi 中的指令格式為：
        Operator + Scope = command
        (運算子)   (範圍)
        運算子：
        d       刪除指令。刪除資料，但會將刪除資料複製到記憶體緩衝區。
        y       將資料(字組、行列、句子或段落)複製到緩衝區。
        p       放置(put)指令，與 d 和 y 配和使用。可將最後delete或yank的資
                料放置於游標所在位置之行列下。
        c       修改(change)指令，類似delete與insert的組和。刪除一個字組、句
                子等之資料，並插入新鍵資料。

範圍：
        e       由游標所在位置至該字串的最後一個字元。
        w       由游標所在位置至下一個字串的第一個字元。
        b       由游標所在位置至前一個字串的第一個字元。
        $       由游標所在位置至該行的最後一個字元。
        0       由游標所在位置至該行的第一個字元。
        )       由游標所在位置至下一個句子的第一個字元。
        (       由游標所在位置至該句子的第一個字元。
        {       由游標所在位置至該段落的最後一個字元。
        }       由游標所在位置至該段落的第一個字元。

整行動作
        dd      刪除整行。
        D       以行為單位，刪除游標後之所有字元。
        cc      修改整行的內容。
        yy      yank整行，使游標所在該行複製到記憶體緩衝區。

.刪除與修改
===========
        x       刪除游標所在該字元。
        X       刪除游標所在之前一字元。
        dd      刪除游標所在該行。
        r       用接於此指令之後的字元取代(replace)游標所在字元。
                如： ra 將游標所在字元以 a 取代之。
        R       進入取代狀態，直到《ESC》為止。
        s       刪除游標所在之字元，並進入輸入模式直到《ESC》。
        S       刪除游標所在之該行資料，並進入輸入模式直到《ESC》。

.搬移與複製
==========
        利用 delete 及 put 指令可完成資料搬移之目的。
        利用 yank 及 put 指令可完成資料複製之目的。
        yank 和 delete 可將指定的資料複製到記憶體緩衝區，而藉由 put 指令
        可將緩衝區內的資料複製到螢幕上。
        例：
        搬移一行        ‧在該行執行 dd
                        ‧游標移至目的地
                        ‧執行 p
        複製一行        ‧在該行執行 yy
                        ‧游標移至目的地
                        ‧執行 p

.指令重複
=========
        在指令模式中，可在指令前面加入一數字 n，則此指令動作會重複執行 n
        次。
        例：
        刪除10行                ‧10dd
        複製10行                ‧10yy
                                ‧游標移至目的地
                                ‧p
        指標往下移10行  ‧10j

.取消前一動作(Undo)
===================
        即復原執行上一指令前的內容。

u       恢復最後一個指令之前的結果。
        U       恢復游標該行之所有改變。

.搜尋
=====
        在vi中可搜尋某一字串，使游標移至該處。

/字串           往游標之後尋找該字串。
        ?字串           往游標之前尋找該字串。
        n               往下繼續尋找下一個相同的字串。
        N               往上繼續尋找下一個相同的字串。

.資料的連接
===========
        J       句子的連接。將游標所在之下一行連接至游標該行的後面。

若某行資料太長亦可將其分成兩行，只要將游標移至分開點，進入輸入模式
        (可利用 a、i等指令)再按《Enter》即可。

.環境的設定
===========
        ：set nu                設定資料的行號。
        ：set nonu              取消行號設定。
        ：set ai                自動內縮。
        ：set noai              取消自動內縮。

自動內縮(automatic indentation)
        在編輯文件或程式時，有時會遇到需要內縮的狀況，『：set ai』即提供自
        動內縮的功能，用下例解釋之：
        ‧vi test
        ‧(進入編輯視窗後)
          this is the test for auto indent
          《Tab》start indent           ← ：set ai (設自動內縮)
          《Tab》data
          《Tab》data
          《Tab》data                   ← ：set noai (取消自動內縮)
        the end of auto indent.
        ‧註：<Ctrl><d> 可刪除《Tab》字元。

.ex指令
=======
        讀寫資料
        ：w                     將緩衝區的資料寫入磁碟中。
        ：10,20w test   將第10行至第20行的資料寫入test檔案。
        ：10,20w>>test  將第10行至第20行的資料加在test檔案之後。
        ：r test                將test檔案的資料讀入編輯緩衝區的最後。

刪除、複製及搬移
        ：10,20d                刪除第10行至第20行的資料。
        ：10d                   刪除第10行的資料。
        ：%d                    刪除整個編輯緩衝區。
        ：10,20co30             將第10行至第20行的資料複製至第30行之後。
        ：10,20mo30             將第10行至第20行的資料搬移至第30行之後。

字串搜尋與取代
        s(substitute)指令可搜尋某行列範圍。
        g(global)指令則可搜尋整個編輯緩衝區的資料。
        s指令以第一個滿足該條件的字串為其取代的對象，若該行有數個滿足該條
        件的字串，也僅能取代第一個，若想取代所有的字串則需加上g參數。
        ：1,$s/old/new/g                將檔案中所有的『old』改成『new』。
        ：10,20s/^/   /         將第10行至第20行資料的最前面插入5個空白。
        ：%s/old/new/g          將編輯緩衝區中所有的『old』改成『new』。

.恢復編輯時被中斷的檔案
=======================
        在編輯過程中，若系統當掉或連線中斷，而緩衝區的資料並還未
        被寫回磁碟時，當再度回到系統，執行下列指令即可回復中斷前
        的檔案內容。
        %vi -r filename

.編輯多個檔案
=============
        vi亦提供同時編輯多個檔案的功能，方法如下：
        %vi file1 file2 ..

當第一個檔案編修完成後，可利用『：w』將該緩衝區存檔，而後
        再利用 『：n』載入下一個檔案。