Answers 67

From LXF Wiki

Answers 67

<title>Linux encryption</title>

<question>I am keen to test Linux and eventually would like to migrate to it from Windows XP. Before I do that though, I really need to know if Linux has the following security features, which the Windows XP program DriveCrypt has. I am currently able to encrypt (AES 256-bit) the entire Windows XP operating system before it is booted, entering my password at MBR boot stage. This uses the DriveCrypt Plus Pack program at www.drivecrypt.com, and requires a two-line password. I can encrypt a separate data partition with 1,344-bit Triple Blowfish encryption, and in addition to four-line password entry, I can use a fingerprint sensor to keep my data secure (I'm especially keen to keep this feature as it is so cool). Lastly, I am able to image my Windows OS regularly using Acronis's True Image software. Would I be able to do all of the above with Linux, using separate open source programs to achieve the same end results? </question>

<answer>Encrypted filesystems for Linux do exist, including CFS and TCFS, both of which provide an encrypted layer for any block device. These systems are designed mainly to encrypt specific filesystems running under Linux; however, the 2.6 kernel supports cryptoloop filesystems, which allow any cipher known to the kernel to encrypt the filesystem. You may want to review the documentation at http://linuxfromscratch.org/~devine/erfs-howto.html. CFS/TCFS will not work with external sensors, but you can generate an encryption seed of any length. There is a wide range of algorithms to choose from, although AES is probably the best choice.</answer>

<title>You want glamour?</title>

<question>I wonder if you could point me in the right direction to seek appropriate support? I've just bought a new Evesham PC, and wanted to explore whether I could move away from Windows so I ran SUSE 9.2 from your DVD (having initially partitioned my HD and created a Linux partition and swap partition). I followed the guidance for installing the 32-bit version and have now tried to install it perhaps a dozen times. Most times it freezes completely at some point; but even when it went the whole way I got no display (just a blank screen and the X mouse cursor). I think I've narrowed this down to a problem with the monitor ­ a Viewsonic VX912. A friend advised me to try installing text mode by choosing run level three. This has worked, but isn't very glamorous! Any ideas about how I can resolve this problem or where I'd go for support?</question>

<answer>If the system locks up during install, it is likely to be because of a hardware conflict or a kernel issue with the specification of your system. I'd recommend installing an alternative distro as a test to verify if the problem is specific to SUSE, or impacted by other hardware features, such as SATA, USB2 or expansion cards in your system. The monitor should not cause problems, as all it will do is advertise its model information to the system so the appropriate hsync/vsync values can be configured. The monitor definitely won't make the system lock up or otherwise not install. It may be an issue with your video card, although you didn't say what spec card you have. You may also want to try Knoppix, which will boot directly from CD-ROM and will attempt to automatically detect all of your hardware devices. This should be a good indicator of anything that may have problems with other Linux distributions. Of course, we're assuming that Windows XP ran stably on the same hardware ­otherwise you'll want to get in touch with Evesham and find out if there is a hardware problem with your box.</answer>

<title>X.org frustration</title>

<question>I am having a very hard time with the new X.org, where I previously did not. I have installed Slackware 10 and BSD 5.3 with an NVIDIA card on the same machine and am having the same problems with both. One of these problems is with xvidtune. I started it up in a small X screen in a terminal and adjusted the screen sizes, but it wouldn't write the changes anywhere that I could find them. I finally got the modes and screen sizes right by writing them down and editing the xorg.conf file. For some reason the xvidtune changes work but the resolution starts up wrong, and I have to change it once KDE is up and running to get rid of that blasted virtual screen size. startx still doesn't work in either system. I can start kdm in BSD and select a few different desktops but Slackware only goes to a pre-chosen default. In my older Slackware I could choose which desktop I wanted right from startx. Right now with Slackware ­ installed from the store-bought disks ­ the KDE splash screen and a few announcements about `no sound' come up ­ but no tool bar or anything that works. I got Gnome up but the file manager doesn't work in it. I installed everything to a disk which had plenty of space available, and it seemed to go OK. So where are all the possible configuration files for X.org, and what should they look like? How do I get xvidtune to work, and is there any way to get rid of that irritating sliding screen and pointer thing so I can change resolutions and keep the whole desktop on the monitor?</question>

<answer>Your X.org configuration should live in /etc/X11/xorg.conf, and will include a section defining how to handle your screen. Within this, there will be a list of possible resolutions that your monitor and video card can handle. X will set the root window to be as large as the maximum resolution, but will use the first one in the list, which may be smaller. You can use Ctrl+Alt+(number pad)+ and Ctrl+Alt+(number pad)- to switch the resolutions without restarting X. By changing the order of the resolutions, or simply taking out the ones you don't want, you should be able to end up with a desktop that doesn't scroll around anymore. If startx fails, you will see a dump of all the log output from the X server this should give you a clue as to what is going on, and in turn give a good indicator of what your problem is. Slackware is a good distribution, but for a newer Linux user, something like Mandriva or Fedora Core would be a preferred option. These should install and get everything up and running for you without having to fuss around with manually editing your X configuration.</answer>

<title>Network nonsense</title>

<question>I have been playing around with Linux for about a year, using VMware Workstation on my Windows machine. I know a fair bit about Linux, but I encountered a problem when I decided to install Linux on my real machine. The installation went fine: my problem lies with the network. I have a broadband connection using a BT Home Network 1250 (aka 2Wire Home Portal) connected to a PC, which acts as the router. My machine connects via a BT Home Network PC Adapter (aka 2Wire PC Port) using HomePNA. It works fine on Windows, but there aren't any drivers available for Linux. I have tried NdisWrapper, which just won't work. I am using Fedora Core 3. Is there any way I could get my PC port to work with Linux?</question>

<answer>We had a good look around the usual locations for finding information on USB hardware and came up with nothing. We didn't even find anyone saying it didn't work, or even that they had tried and reached a certain point. Our recommendation would be to go with Ethernet, which can be installed either by using Cat5 cable, or by using a pair of powerline adaptors available from D-Link and other vendors.</answer>

<title>Aaaagh! Daemons!</title>

<question>My Linux server is running ProFTPD, and every day I get these error messages in my mail:

   `fred.co.uk - notice: `Freds
    FTP Server' (x.x.x.x:21)
    already bound to `ProFTPD'
    fred.co.uk - bindings.c:774:
    notice: unable to create
    ipbind `x.x.x.x': Address
    already in use fred.co.uk
    (x.x.x.x[x.x.x.x]) - FTP session
    opened'.

Where can I look to get rid of this? FTP is working fine so I don't think it's a `real' problem. </question>

<answer>This is quite a common message and can have several causes ­ here's the most likely one. ProFTPD can be run in two ways, called standalone and inetd respectively. In standalone mode ProFTPD runs as a daemon and answers incoming FTP requests. When run with the inetd option ProFTPD is run by the super server inetd, which invokes ProFTPD when it receives traffic on port 21. It is possible to have ProFTPD running as a daemon and still have inetd/xinetd configured to listen on port 25. You can check the PID of the process listening to this port with the command

fuser -n tcp 21

and what process is running under that PID with

ps ­ef | grep xxxxx

where xxxxx is the PID. If you have virtual FTP hosts configured in proftpd.conf you also need to be aware that if ProFTPD is configured to run under inetd then port-based virtual hosts are not supported (it may be possible to play with your inetd configuration and /etc/services to get this to work but this is not something I have tried). The only types of virtual host that you can configure are IP-based. If you are running under inetd and you have a virtual host whose name or IP resolves back to the IP being used by your global ProFTPD configuration (that is actually being used by inetd), you will get this `unable to bind' error message that you quoted. Each virtual host needs a separate IP. When run as a daemon ProFTPD also supports port-based virtual hosts. So you will need to check what service is listening to port 21, how the ProFTPD service is configured to run and that it does not conflict with your inetd configuration. If you are running under inetd your virtual host should be running on different IPs.</answer>

<title>It's all a blank</title>

<question>Having long wanted to get away from Windows and associated programs I installed your SUSE Linux 9.2. Installation went a treat it was all really easy ­ up until the reboot, that is. At the end of rebooting Linux asks me for my login and password. Then it says something like `Have a lot of fun with Linux', then a command line appears:

lxuser@linux>

or similar. The machine whirrs away for about half a minute and nothing happens. What do I have to do?</question>

<answer>It sounds like you have successfully logged in to your new Linux system and are sitting at a shell prompt. One option is to type startx to start up a graphical desktop environment; although the fact that your system isn't booting into a graphical login system needs some investigation. Did you select a server install, or otherwise disable any X packages during the installation? A basic workstation install should keep you well away from any shell prompts.</answer>

<title>Safety first...</title>

<question>I have a Mandrake system, which I set up with security at the top of my priority list. I chose good strong passwords, disabled a load of services that weren't required, do regular updates and even got an excellent iptables setup off Google to use as a template. I'm now secure, very secure ­ too secure! I failed to write down the MySQL password, because that's bad security practice right? And now I can't remember what it is. My organisation is trying to get a database added for our first web application and I can't do it. Is there a way to reset the MySQL password to a default or reinstall MySQL without risking my existing data going to the bit bucket?</question>

<answer>Fortunately MySQL has thought of just this type of situation! The following should fix you up:

etc/rc.d/init.d/mysql stop
/usr/bin/safe_mysqld --skip-
granttables &
mysql -u root

The password is actually kept in an encrypted form in the MySQL database. You'll find yourself at a MySQL prompt ­ all you need to do is update the password and you're set.

UPDATE user SET
Password=PASSWORD("your new
password here")
WHERE User="root";
exit

Once you're back at the Linux prompt you'll need to bring the backgrounded safe_mysqld to a stop, which is probably easiest by typing fg 1 and hitting Ctrl+C. The last thing left to do is bring the MySQL service back up with /etc/init.d/mysqld start and give it a test.</answer>

<title>Net user access</title>

<question>I manage a small network on a residential site, which is looking to restrict staff use of the internet (especially out of hours) to 30-minute sessions per user. The network is a Windows 2000 domain, but the internet area could be on its own subnet linked directly to the router. At the moment we are looking at cheap solutions like Internet Caffe from Antamedia, but I wondered if there was something that could be done through Linux. Perhaps some form of LDAP terminal server using a MySQL database? The transport layer securit protocol project (TLSP) makes me think that someone else must have asked this question at least once, but the web discussions all seem to head back towards MS servers, which seems a pity. The machines are all low-spec P400/800s, with 128­256 RAM, which could possibly be increased. Access to a common shared drive (via CIFS or NFS) and a shared printer (networked Brother) would also be useful. Obviously, all the programmes that you might want are there ­ MPlayer, RealPlayer, Firefox, Thunderbird, Xpdf, OpenOffice.org, Gaim/Kopete etc. Any suggestions would be greatly appreciated, as the Windows options seem to require fairly careful running.</question>

<answer>Proxy software such as Squid would be ideal for this, as you can configure it to require authentication and time out after a given duration. You will know exactly who is accessing sites and what they are doing. You can find Squid at www.squid-cache.org, and there are plenty of example configurations in the documentation. The hardware you're using sounds more than adequate, and nearly all current Linux distributions provide the tools and programs you list. Mandriva, Ubuntu, Fedora Core or even SUSE are great options for desktop systems as an alternative to Microsoft Windows.</answer>

<title>Putting the boot in</title>

<question>I'm thinking of switching my operating system to Linux. I bought your magazine, and read the article about the various distros [Ultimate Distros, LXF62]. The magazine suggests that there are two CDs and one DVD, but all this magazine had was the DVD. I am interested in trying to install Ubuntu. I am wondering if all the programs listed in the back of the magazine are on the DVD, and if so, how does one get them off? I am currently running (limping) with Windows XP and have purchased another hard drive to load Linux on to. I understand Fedora expects unassigned disk space, but I'm not sure about Ubuntu. Should I partition the drive first? If so, where should I put a boot manager?</question>

<answer>You can happily install Ubuntu on to a fresh disk ­either manually partition the disk within the installer or let it partition it itself based on the size of the disk and the memory in the system. Once installed, Ubuntu will install its boot loader (Grub) on to the first disk, overwriting the boot loader for Windows. However, during the installation process, Ubuntu will add a boot option for Windows within Grub; so as default you will boot into Linux, but if you want Windows XP you can manually select it at boot time. You could always install Grub into the second disk's MBR and use the BIOS to switch between the two disks at boot time, but this is really confusing and requires a lot of brainpower to sort things out when they break. Everything listed in the magazine as being available on the CDs is on the DVD. Distributions may be in ISO format and require burning to a regular CD-R before they can be used, but everything else is accessible directly from the mounted DVD.</answer>

<title>A wise man writes</title>

<question>I've got a few comments with regard to what James Thompson had to say about iptables, Gentoo et al [Gentoo Concerns, Answers, LXF62]. Your answer to him was unfortunately not very clear on the kernel configuration bit, although the other questions were handled well. Firstly, James, what a brave move for a newbie to run Gentoo! I've been using Gentoo now for almost two years, and even though I'm a seasoned Linux user and OSS professional, it keeps me on my toes. You're in for a continuous learning curve like no other distribution can offer (except maybe Linux From Scratch). Doing a kernel configuration for iptables is in fact not a difficult task. The kernel HOWTO at the Linux Documentation Project (http://tldp.org) handles the nitty-gritty of the build process rather nicely, and it's a very well-written doc. The iptables part is easy select everything under your Netfilter configuration bit as modules, except for the very last two (ipchains and ipfwadm). You'll notice that some of the options have square brackets while others have sharp brackets. The square bracket options are simple on or off switches, while the sharp bracket options allow you to select items either as modules or statically compiled into the kernel. Wherever you can, select everything as modules (highlight a feature and press M). If your machine is a P-II or newer you needn't bother with 2.4x kernels unless you have serious hardware issues. Use Portage to get the latest 2.6 kernel you can get your hands on:

# emerge sys-kernel/gentoo-dev-sources

You should be getting a 2.6.10 or 2.6.11 derivative. Note: the Gentoo source's ebuild will only give you a 2.4x kernel. On page 102 of LXF62, below your letter, there's a picture of fwbuilder (oldish version that uses GTK) ­ it's a fine tool, especially the new version 2 series (Qt-based and a lot more stable for it). Apart from it being a lot more logical from a newbie perspective to look at iptables through the fwbuilder policy editor, fwbuilder is a serious, professional tool. You won't win any geek points by using fwbuilder, but you will have one of the most sophisticated firewall systems available. Firewall technicians familiar with the Check Point Firewall-1 system feel right at home with fwbuilder, because the policy editor mimics the FW-1 front-end quite happily. How to get it? With Gentoo it's simple:

# emerge net-firewall/fwbuilder

You'll find that there are a lot of very helpful wizards tucked away in the policy editor, helping you to set up basic policies you can use as templates. Furthermore, there are some nice HOWTO docs on the fwbuilder site, handling a range of issues from the basic to the intricate. Fwbuilder compiles your policy into a normal shell script, which you can then open in your favourite text editor and read through ­ this is a great way to learn. At the same time you'll learn some pretty advanced Bash scripting, which is always a good thing. Happy net filtering, and don't be afraid to tinker and experiment. You won't break anything ­ and you can always use your Gentoo Live CD to help you out when things go pear-shaped.</question>

<answer>Thanks for all the useful information Jan! Gentoo users should pay close attention to everything Jan has to say.</answer>

<title>Oldie but a goodie</title>

<question>My company recently bought an old but still powerful server for a bargain price on eBay. We loaded Linux on it and it is really providing outstanding value. It has several 18GB SCA 80-pin SCSI drives in a RAID5 array. All this has been up and running for a couple of months now without a single hitch. However, last week one of the drives in the RAID started making a ticking noise, and its light was no longer blinking when all the other drives were. I was curious to see if Linux would be able to interface with the Mylex Acceleraid card and if it would be aware of the issue ­ and I was pleasantly surprised that it was! There were tens of entries in /var/log/messages from the DAC960 module saying that drive 0:3 had failed. Fantastic. As this server is in no way mission-critical, a total wipe of the data would be fine. Having this opportunity to practice doing a rebuild with no associated risk, I'd like to see if we can do this `live' without rebooting the system. We have put a spare drive into the slot but the rebuild has not happened automatically. Do you perhaps know how or if I can initiate this without having to reboot into the BIOS?</question>

<answer>Marcus, I did some investigating for a very similar question a year or two ago. I've gone back to the resources I found and it appears that they're still valid. The Mylex card, as you have discovered, has excellent Linux support and is a favourite of many sysadmins because of this. The kernel module provides great support directly from the command line without any third-party application being required; although excellent apps are available if you feel like splashing some cash. You can download the very good Mylex Global Array Manager (GAM) software from LSI's website at www.lsilogic.com. LSI has recently bought out Mylex but is still providing support for its products. GAM has a client and a server. The client installs on to your servers and the GAM server needs to be run from a Windows-based system. This, in my opinion, is the only downside to using this software ­ who wants to pay a Windows tax to run RAID monitoring software? The second and preferred choice is to do this from the command line. The GAM module creates a directory tree called /proc/rd, where it puts plenty of relevant information about your array. Have a browse there and you'll see lots of info right down to the firmware version of each of the drives in the array. If this is your primary or only array it will be called c0 (for container 0). This proc structure also allows you to input data to it in order to issue commands to the controller. You can enter data into /proc/rd/c0/ user_command using echo to do a myriad of functions, including rebuilding, for example:

echo "rebuild 0:3" > /proc/rd/c0/user_command

Keep checking out log messages or the proc filesystem and you should see the rebuild taking place. Try viewing the file you just pumped the command into and you should see it giving feedback there too. Mylex put together good documentation on this proc structure in the README. DAC960 that should be packaged with your kernel's sources.</answer>

<title>Compiling question</title>

<question>I used the DVD coverdisk from the March issue [SUSE 9.2, LXF64] to created a dual booting system with MS Windows XP. As promised, the installation was smooth ­ but it won't connect to the internet, and it won't print. I've looked at a few forums regarding my USB modem (a BT Voyager 105), and it seems that plenty of other people have had the same problem. There is software out there to drive this modem, but it seems that there's no RPM for SUSE. The next problem is that I don't actually know the difference between source, an RPM and a binary, and what steps I have to go through. I understand the basic concept of compiling etc, but I don't actually have a compiler. To make matters worse, I am still accessing the internet via MS Windows, so after I've downloaded files I need to put them somewhere that Linux can see them when I re-boot. This isn't a problem as such, but is rather time-consuming ­and frustrating when I don't know if I am doing things right. I'm certain that other people have got stuck on this point. What is annoying is that I have been here before with the Storm Linux distro from LXF2 and got stuck in roughly the same predicament. I prefer the KDE environment to Windows XP ­ and I love the stability Linux offers ­ so any pointers in the right direction would be most appreciated.</question>

<answer>You can get an RPM in one of two different formats: source and binary. The source RPM contains the original code used to build the binary RPM, and isn't necessary if all you want to do is to install the software. The binary RPM contains the compiled code ready to run. Likewise, software is also distributed in a non-distribution specific `source' tarball, containing pure source code; or occasionally in a binary format, which has to be installed by hand. We located some great documentation describing exactly how to set up the Voyager modem under Linux, which can be found at www.lack-of.org.uk/viewarticle.php?article=114. You may want to print it out before rebooting into Linux so you have it as a reference. You can also download information to your Windows C: drive and mount it from Linux with:

# mount -t vfat /dev/hda1 /mnt/win-c

</answer>

<title>Un-soundcard</title>

<question>I have a Dell 8300 with a Pentium 4, 1GB of RAM and a 120GB disk running XP Home and two logical partitions running Swap and SUSE 9.2 from your March DVD [LXF64], upgraded from 9.1 Pro, which I bought previously. I had no sound on any SUSE applications and, finding a lack of a driver on the web for the non-standard sound chip supplied by Dell, I bought a standard Sound Blaster Live! digital board. This works fine with XP but not with SUSE. I searched the web again but none of the tips worked. Dell said they didn't support Linux and SUSE installation support said they didn't support sound! I also tried MEPIS Linux kernel 2.6.10 from your April DVD [LXF65] and, run from CD, the sound works fine. I installed MEPIS from the CD, but when it's booted with Grub it won't set up sound as it can't find the motherboard. How can I make SUSE work the Sound Blaster Live! card and why won't the MEPIS system on the hard disk do the same as the MEPIS system on the CD? </question>

<answer>Sound Blaster Live! support in the Linux kernel is provided by the Emu10k1 kernel module, so you may wish to manually load that module using modprobe and investigate what the system does. Run dmesg to output any signs that the kernel picked up your soundcard. You can check with dmesg from MEPIS to find out if it uses the same kernel module and if the sound works as you expect. You can verify within SUSE if it tries to load the kernel module or if it fails to initiate part of the sound system. Output from dmesg would be helpful in resolving this problem, as it's clear to see if the kernel module is loaded, which IRQ (interrupt request line) the soundcard lives on and if there are any conflicts with other devices on the system.</answer>

<title>Psion Word up</title>

<question>I still use my old Psion MX5 as my PDA because nothing else I've seen comes close. My current distro is Fedora Core 3, which I am very happy with ­ except for the fact that it doesn't have the Psion Word plugin. Do you know where I can find an AbiWord build for Fedora Core 3 that includes the Psion plugin? </question>

<answer>There is an import/export plugin package, which is distributed at www.abisource.com. Specifically for Fedora Core 3, you need to download www.abisource.com/downloads/abiword/2.2.5/Linux/Fedora/3/abiword-plugins-impexp-2.2.5-1.fc3.i386.rpm.</answer>

<title>Upload problems</title>

<question>I have a customer on my server who is unable to upload files larger than 500k, yet they have set the /etc/php.ini directive upload_max_filesize =10M. This should have allowed him to upload his 2­4MB JPEGs without any problem, but he can't. Any file smaller than 500k uploads without a problem. Am I missing something obvious here? I've tried changing the number to 20M and it does the same thing. I know it's working, because if I bring it down to less than 512k it will block smaller files too. </question>

<answer>PHP probably isn't the problem here. Apache also has this parameter to safeguard your server from abuse, and the chances are that Apache is the culprit that's limiting you. I've seen this becoming an issue in Red Hat Enterprise Server 3 as they've set a 512k default. The directive can be found in /etc/httpd/conf.d/php.conf as LimitRequestBody 524288. Just change this to a number that suits your application and restart Apache. You should be good to go.</answer>