Answers 63

From LXF Wiki

Answer 63

<title>Going for GUIs</title>

<question>I'm a command line junkie and I'm yet to decide which GUI I dislike least! What I'd really like to do is set up a system where I can log in as either CLI, KDE or Gnome and automatically get the relevant user interface. Incidentally, that doesn't mean a terminal window for the CLI. Can this be done? Of course it can ­ this is Linux! So how do I do it?</question>

<answer>Most display managers, including GDM and KDM, enable you to select the desktop environment you wish to use when you log in. Once you've logged in as each user with the desired environment, it will use the same one each time you log in. Of course, you can also have a single user and select the desktop environment you want manually when you log in. For the CLI, if you don't want to use xterm, rxvt or Eterm, you can simply hit Ctrl+Alt+F1 and switch to a terminal window to log in. A nice, simple window manager, such as twm or fvwm, would be adequate if you wanted to run multiple terminal windows and cut and paste between them. When learning how to use Linux, a pure CLI is often a little complex and lacks the familiar look and feel for those moving from a Windows environment.</answer>

<title>Multiple mailing</title>

<question>I'm a member of a small church that has six computers networked in a peer-to-peer configuration, running Windows XP and 2000. The Internet connection to the local ISP is broadband (384K) We don't have a registered domain name, although we have five POP3 mailboxes on the ISP's server. I'd like to install a Linux server so that the user accounts,passwords and authentication could be managed by the server. I also want to implement file storage on the server. I don't have a problem getting print and file-serving working, though ­ my question has to do with email. We have the five accounts that the paid and unpaid staff use, but we also have many volunteers who I'd like to set up so they could email each other on the local network. They wouldn't have to have Internet access. Microsoft Exchange could do this but we would need a registered domain name and the ISP would have to point the MX record at the domain. In addition, Exchange is expensive and overkill for us. Can Sendmail or Postfix be configured to obtain and send mail for the five ISP accounts from our local ISP, as well as handling internal mail without a registered domain name? Reading the manual strongly implies that this can be done, but how?</question>

<answer>Building a mail server is something that can be done very easily with Linux, and there is quite a range of different mail systems that can be mplemented. Sendmail is particularly complex and unless you're willing to learn the configuration file structure, using Postfix or Exim will make your life much easier. Both Postfix and Exim can be configured to accept mail for any domain, such as example.tld, which wouldn't be accessible via the Internet. Fetchmail can be implemented to download mail from the ISP and distribute it to the appropriate local users. You'll also need to implement a POP3 service to enable clients to download messages from the mail server, and most distributions ship with pop3d, which is a basic POP3 server. For such a small system, a simple POP3 server is more than enough. However, if you want to expand and be able to handle users through a database, the Courier mail system has a courier-pop3 mail service that can function with MySQL. There are many cost-effective options available on the Internet, where you can provide access to mailboxes that you can have people send email to. However, providing email addresses that are only accessible between a small number of hosts will quickly lose its appeal and people will start to ask why they can't send email to the addresses from the outside world. Domains can be purchased extremely cheaply, and many domain providers offer unlimited email addresses.</answer>

<title>Trojan war</title>

<question>I'm running a Debian unstable-based distribution, with chkrootkit for security reasons. It recently gave me a message that reads: "lkm you have 2 process hidden for readdir you have 2 process hidden for ps command warning possible LKM trojan installed". Does anyone know a well-reputed trojan remover for Linux? Does anyone else get messages like this? How would I remove them?</question>

<answer>It's not unusual for chkrootkit to throw up some false positives if it isn't compiled against the specific kernel build being used. With some recent kernels, there are kernel-space processes that throw up false positives and chkrootkit will identify them as being possible trojans. A great way to test the system for malicious processes is with the kstat utility, which can give a list of processes that the kernel knows about as opposed to those picked up by ps. These two lists can then be compared and any malicious processes identified. There are quite a few Linux trojans that install modules and startup processes to perform a variety of malicious activities. However, they generally throw up other red flags in chkrootkit, such as changed system binaries. If you have any concerns that a system is compromised, booting from Knoppix or another rescue disk, or simply using the busybox binary to execute ps and ensure that it isn't compromised, will reassure you that your system is safe.</answer>

<title>Website woes</title>

<question>I have Mandrake 10.1 with Apache running my own website in Apache's default document root. A friend asked if I could host his site with his DNS (www.somename.com). I said yes and thought it would take about ten minutes to set up, but as I read Server School Apache from the Complete Linux Handbook's 1 and 2, it didn't seem like it was going to be quite so simple a process. So far, I've simply gone to www.no-ip.com and added his chosen domain to my account, as well as my own. I thought that the next step was to add him to a user account on my system and so I created /home/somename/html and put his website in the html dir. When I tried http://localhost, it came up with my site, so I thought I'd try his www.somename.com site, but it came up with my router's login page and not his. What am I doing wrong here? Here's a copy of my Vhosts.conf, if that helps:

NameVirtualHost 192.168.0.5
<VirtualHost 192.168.0.5>
ServerName www.somename.com
#ServerPath /domain
DocumentRoot /home/somename/
html
</VirtualHost>

</question>

<answer>If you're seeing your router configuration page when you connect, it sounds more like a network issue than an Apache configuration problem. You'll need to permit port 80 through your outer and NAT it onto the 192.168.0.5

nternal address.

If you're hosting your own site, here should already be a rule. However, as you were accessing it via `localhost' rather than its real outside address, there could be a DNS misconfiguration at some point. Your Apache VirtualHosts configuration appears to be correct, and you should be able to see successful requests in the access_log file to verify that the appropriate DocumentRoot entry is being hit. You'll also need to add a VirtualHost entry for your own site, as well as localhost, because once NameVirtualHost is used, the default DocumentRoot configuration options ignored.</answer>

<title> Slave systems</title>

<question>I got a new computer with a 40GB hard drive, so I decided to take 13GB and put Linux into it. I did all the partitioning and I installed Linux in three different partitions, as follows: /dev/hda6 /boot 102 MB, /dev/had7 swap 1977 MB (twice the RAM size I have), and /dev/hda8 / 10080 MB. So far so good. I then decided to put in the hard drive from my old computer, which has a Linux installation already. The size of that hard drive is also 13GB and it had two partitions in it: the swap, with size around 700MB, and / partition. This hard drive was the slave in the old computer so I installed it in my new computer as a slave too. The thing is, I want to use the old Linux installation. However, I can't boot because every time I boot my computer, the new installation kicks in. </question>

<answer>Many BIOSes support booting from a slave disk, and this is the simplest way to switch between the two disks without actually changing anything. You can tell the BIOS to boot from the specific disk you want, rather than from the first one it finds. A fancier approach is to set up your boot loader on the first disk to jump to the second disk when you make a specific selection. With LILO, you can add a section to /etc/lilo.conf as follows, then rerun LILO on the system installed on the first disk:

other=/dev/hdb
label=OldLinux

Depending on which bootloader is installed on the slave disk, it will kick in and you can boot from the disk as if it were the only one on the box. As you had two disks in the past, you may have to install LILO on the second disk because it will have been installed on the first disk when you did the initial Linux installation.</answer>

<title>Log entries</title>

<question>I'm trying to set up a server log file analyser. It runs on one machine (10.0.0.14 on my LAN) but needs an entry in its configuration file to point to the access log file. This log is held on my web server (192.168.0.2 on my DMZ). I know it's a basic question, but what should this entry be? I don't know how to specify that the configuration file needs to look at a file held on another machine. For anybody with a similar system, I'm trying to set up Analog.</question>

<answer>The simplest solution to sharing a file across a LAN is to use NFS, although you'll need to ensure that you can route between your internal network and your DMZ. You can mount your log file directory from Apache on the system running Analog, then point to the appropriate access_log file. You can add a line to /etc/exports on the web server to permit NFS mounts:

/var/log/apache          10.0.0.14(ro,no_
root_squash)

Now perform exportfs -r in order to refresh the Exports list. Mounting this directory on your internal system is as easy as mounting a CD.

# mount 192.168.0.2:/var/log/apache
/var/log/apache

The other option is to use rsync, which can be configured to sync files across a network, without requiring any authentication. This allows it to work very effectively from a cron job script without any user input, and it will transfer all of the changes to the log file each time it's executed. </answer>

<title>Dual drives</title>

<question>I can dual boot my Linux/XP PC on my 20GB disk. I just added a separate 8GB disk drive to my machine. Now I've got two separate drives: 20GB and 8GB. I want to put Linux onto the 8GB one. I was just wondering if the process is still the same, given that I've just installed an extra drive.</question>

<answer>Linux can be installed on the second disk simply by partitioning it and doing an install. However, you'll want to install the boot loader for it onto the first disk because this is what the BIOS will try to boot from. You can then dual boot between Windows XP on the first disk and Linux on the second. Most distributions will enable you to install Grub or LILO onto the first disk during the installation process, as well as adding entries so you can boot Windows XP, or your old Linux install on the first disk.</answer>

<title>Getting some stick</title>

<question>I'm trying to use a memory stick to transfer files between computers. This is a 256MB USB 2.0 device. Initially, I used it to copy files from a Mac to my Linux box. The device was recognised and the files copied, but I was then unable to delete the files from the stick. Only by going back to the Mac was I able to clear the device. I then found that the device wasn't actually recognised on my Linux box, probably because it appeared to be completely unformatted. I then wanted to transfer files from my Windows box, which also found the device to be unformatted, and so I formatted the device and copied some files to it. However, the stick is now inaccessible on the Linux box. Using dmesg, I found it was /dev/sda, but it doesn't recognise the filesystem. I tried using mount -t vfat /mnt/removable as a user and as root, but without any success (there is an fstab entry for /dev/sda to mount to /mnt/removable). Can anyone suggest how I can mount this device, or what filesystem is the most appropriate to use in this situation? Also, how do I format it for this? </question>

<answer>Memory sticks can have some extremely strange partition structures, with some being accessible on sda, some on sda1 and others on sda4. You can verify the partition table on the stick using `fdisk -l /dev/sda', and mount the appropriate filesystem on your Linux system. In theory, using the stick in different boxes won't change the partition structure, although it's not uncommon for certain systems to install the filesystem onto the main device, sda, rather than into the partition that exists. Using VFAT for the filesystem will make it nice and portable, as well as being accessible on Windows, Linux and Mac systems. You won't have the luxury of being able to use Unix UID/GID permissions, but for a simple removable media such as a USB memory stick, it won't matter. </answer>

<title>Disks and distros</title>

<question>I recently bought an Intel 865 desktop board. I have a Seagate 120GB SATA hard drive. I tried installing Red Hat 9 on it, but with no success. Can you tell me which Linux flavour I should use? Will Mandrake 10.1 detect my Seagate SATA hard disk?</question>

<answer>Any recent distribution of Linux will have a kernel capable of supporting SATA controllers, including Mandrake 10.1. If you want a distribution comparable to Red Hat 9, you could install Fedora Core 3, which is the free brand of Red Hat's popular Linux distro. Anything older than a year or two isn't going to have a kernel that supports the use of SATA devices, simply because they didn't exist, and unfortunately there's no compatibility mode with a generic IDE controller to use SATA devices.</answer>

<title>Key distros unlocked</title>

<question>Can you suggest a good USB key distribution? I've looked at Feather Linux, which is a desktop-type distro, but as I don't think I'll use it that regularly, it would be nice if I had some kind of rescue-type disk, preferably including functionality to mess with partitions, troubleshoot Windows/Linux disks, and maybe even reset Windows passwords because I use Windows about as much as Linux for work. Do you have any suggestions for me? I haven't found many USB-specific links online after distrowatch.com appeared not to be searchable in this way. </question>

<answer>The System Rescue CD, which is located at www.sysresccd.org, can be installed onto a USB memory stick and booted from there, assuming the BIOS supports such a boot method. From within the System Rescue CD, you can mount filesystems and perform basic recovery operations. If you have a sufficiently large disk, you could also install a distribution such as Knoppix or SUSE's Live CD onto the memory stick, and then you'd have a complete Linux system, handily contained on a single memory disk. </answer>

<title>Backup systems</title>

<question>I'm responsible for a Linux server and 30 workstations, running Windows 2000 and numerous software packages. I need a backup system that can handle the Linux filesystem and, where appropriate, be able to back up a Windows 2000 client. I was advised to use either Arkeia or BrightStor Arcserve Backup and I'm trying to find out which one of these two is more appropriate for my network for best backup results. It would be much appreciated if you based your recommendation on the pros and cons of the packages mentioned above, or do you think there's another software application that would help me more? </question>

<answer>Most of the applications that will do what you're looking for out of the box are only available commercially. However, Arkeia and BrightStor both seem to be very good products, with all the bells and whistles you would expect in an enterprise backup suite. You can download a free 30-day trial version of Arkeia from the company's website. You even get 30 days of free installation support and I recommend taking advantage of this. That way, if you can't get it working for whatever reason, you don't pay. Its user interface can be slightly non-intuitive, but it's very powerful. Arkeia are a very Linux-friendly company and it's worth supporting its product if they're right for you. Computer Associates' BrightStor ARCServer suite is also excellent. It runs from a web GUI that's very intuitive. BrightStor is probably easier to use than Arkeia, and it has the huge corporate backing of CA. Another popular feature is the fact that its media is compatible between Linux and Windows versions. The potential to build your own solution exists too. The problem comes with accessing files on the Windows systems. Built-in commands like tar and dump can access mounted Samba filesystems, but you'll have problems with system states and open files. Depending on your scenario, this may not be a realistic option for you. In the enterprise backup industry, I'd have to say that commercial software is the only realistic option.</answer>

<title>Hacked off</title>

<question>I've been subscribed to LXF since LXF30 and I love it. Thanks for an excellent magazine ­each month I'm that much wiser. Hopefully you can answer a question for me now! I have a server that has been acting strangely lately. I sometimes need to press Enter twice at the end of each line when logged in over SSH from home, but this never happens locally. Also, some of the system commands, like lsmod, are giving me segmentation faults. Actually, it's only lsmod. I think my system might be compromised. I have no problem reloading from CD because this is just a test environment, but what can I do to confirm that I've been hacked? Also, if this was my live system, what could I do to recover from this? </question>

<answer>Unfortunately, there are many types of system compromises around today. From the information you've given me, it's difficult to tell what state your system is in. In a distribution that comes with precompiled binaries, system files such us lsmod definitely shouldn't be segfaulting. This could be put down to bad hardware but you would probably see more commands causing these problems if that was the case. Let's assume the worst but be sure to rule hardware out. If you find that the server has been compromised, the best thing to do is re-install your operating system. Even if you're extremely skilled at routing out the attacker, you can never be absolutely sure that you've got every single backdoor secured. If re-installation isn't an option then knowing exactly what has been done should help you get your system back to a usable state. If you have access to your bandwidth stats, now would be a good time to check them out. Of the compromised servers we see, most of them are used to launch further attacks, send spam or carry out other illicit activities. If you see any sudden increase in traffic, you should get a rough idea of when an attacker gained access. This should enable you to narrow your search down somewhat. From the clues the bandwidth charts may have given you, go through your log files. Check /var/log/ messages for any strange ssh activity. Also, /var/log/maillog may show lots of mail leaving your server. Apache's logs can give you a clue if Apache was used to compromise the server, so look for lines containing wget, cmd, ftpget or cat. It could be that one of your pages allows remote execution of commands. If you get a status of 200 to any of the above commands, they successfully ran the command. dmesg may show if somebody has tried to put a network card into promiscuous mode or if any strange kernel modules have been loaded. You could also look at lastlog to see if there are any users you weren't expecting to log in that did so. If you use one of the RPM-based distributions you could do an RPM verify (rpm ­Va). This will show you any file that differs from the installed RPM package. Any binary files should get your attention here. There are several toolkits you can use to check for rootkits. Two of my personal favourites are chkrootkit (www.chkrootkit.org) and rkhunter (http://rootkit.nl). It's worth opening /etc/passwd to look for non-root users who have a UID of 0. While you're there, check if there are any user accounts you don't recognise. You may be lucky enough to find a `hax0r' or `r00t', although it could also be a service name that's slightly misspelled. Open the .bash_history file for any users that have logged in to look for any suspicious commands. The last thing I'm going to cover is processes. Tools like netstat, top and ps will all show you if there are any unusual programs running. It's worth noting that these are often the first files an attacker will overwrite, often with a version that will cover his tracks. Make sure that top's CPU and memory usage are in line with the processes it shows. Check netstat for sshd (or other processes) running on an unusual port number. Be especially cautions of the high ports (above 1,024) because these don't require root privileges to open. This is a very broad topic and my discussion is by no means intended to be definitive ­ entire volumes have been written on this subject and nothing will beat good, solid research here.</answer>

<title>Laptop threesome</title>

<question>I love VMware but I don't have enough CPU and memory on my laptop. What I want to do is have three distros on one hard disk and I'm guessing Grub will be my best option. I have an 80GB hard drive on my laptop. Since I have to use Windows 2000 for work, I already have this on the first partition. Installing, say, FC2 as a dual boot option is simple enough using Grub, so here's what I'd like to know. Since I want to install a third OS, where should I install the boot loader? Does it really matter? When installing the third OS, what do I do at the end of the install when it asks me where to install the boot loader (mbr/boot sector)? The last time I installed the third boot loader, it wiped the reference to one of the OSes so I could only dual boot. Finally, how do I get Grub to recognise the third OS?</question>

<answer>If you're booting three different operating systems and two of them are recent Linux distributions, both of which use Grub, it `s easy to build the appropriate boot loader configuration and install it on the MBR. You can do each of the installs and the final Linux installation will pick up the other two operating systems on the disk. It may take a little manual editing of your menu.1st file to make sure that Grub loads each kernel from the appropriate disk, but it should be as simple as copying the section of the file from one filesystem to the other. Of course, you'll only want to maintain the MBR through one of the distributions, otherwise you'll simply blow away your configuration every time Grub is reinstalled onto the inactive distribution.</answer>

<title>Loading errors</title>

<question>I get the `bringing up interface eth0 FAILED' error as Mandrake 10.1 is loading on my system. I'm dual booting Mandrake with Windows XP, and XP has no problem whatsoever with the network card ­ there's a cable plugged in and it works fine in XP. I've fiddled with the Hardware Configuration utility in Mandrake but this hasn't helped. The network interface is a Via Rhine 10/100 (or something like that) built into the motherboard. It's connected to a switch, which is also connected to an ADSL router and one other PC.</question>

<answer>When a system detects an interface but fails to bring it up, it can often be due to an issue with the chipset telling the kernel it can interrupt in a specific way, when in fact it can't. You can try adding `noapic' to your kernel command line because this will switch the kernel back to using basic old PIC, which occasionally works better. VIA chipsets aren't always the greatest. However, once you have the workaround in place, you can add it to your boot loader configuration to avoid having to type it each time the system boots up. Switching from APIC to PIC isn't going to impact on any major parts of the system, unless you're starting to run out of IRQs, so it's safe to run the system long term with `noapic' set.</answer>

<title>Weird science</title>

<question>I'm trying to perform an experiment on my Fedora box, to set up a RAM disk to use as a swap device to replace the swap partition. There seems to be some debate over whether there's any point to this so I thought that I'd set it up and test the performance with a few games of Doom 3. Can someone explain how I might go about this?</question>

<answer>We've been trying to figure out why you would want to do this, but we really have no idea. It's easy enough to build a RAM disk, then install a swap filesystem on the block device. You can make a swap filesystem on the RAM device, assuming it's compiled into the kernel, with:

# mkswap /dev/ram0
# swapoff -a
# swapon /dev/ram0

You can monitor the use of the swap device with `free', and the actual paging with `vmstat' as you're doing your testing. We'd be very interested to see what results you get from your testing, though, because we don't think that anything exciting is going to happen at all!</answer>