Answers 80

From LXF Wiki

Answers 80

<title>Grub grief</title>

<question>I've been trying to duplicate a Linux system drive ­ it's a SCSI drive, if that makes any difference. I have a new drive, which I've partitioned in broadly the same way with swap and root partitions; the root is ext3. Another drive, which I'm not concerned with, is mounted in /home. I booted Knoppix, mounted both drives and successfully copied everything over using dump piped into restore. Everything compares nicely and I have a reliable duplicate. The last bit is to make the new drive bootable, and this is where I'm getting stuck. The old drive is /dev/sda (sda1:swap, sda2:ext3) : grub: hd0. The new one is /dev/sdb (sdb1:swap, sdb2:ext3) : grub: hd1. When I then remove the old drive and try booting, I get `GRUB boot disk error' or something similar. I have tried a variety of things ­ too many to list ­ but it seems to me that the problem could be linked to the fact that I install Grub on an address that it isn't booting from. Thus I'm booting from /dev/sda and installing Grub on hd1 and then removing /dev/sda, so hd1 becomes hd0 and Grub can't find it. Is this possible? If so, how do I get around it? </question>

<answer> Grub numbers the drives in the order in which they are discovered by the BIOS. When you remove the first drive, the remaining drives move up a number, so hd1 becomes hd0, as you suspected. There are two ways you can deal with this. The easiest involves using a Live CD that includes Grub, such as Knoppix or a Gentoo minimal installation CD (which is a much smaller download than the standard Knoppix install). After removing the old hard disk, boot from the Live CD. If you're using Knoppix, type knoppix 2 at the boot prompt to take you straight to a root console. Then install Grub on your hard disk, as you did before, with

grub-install /dev/sda

If grub-install gives problems, you can install manually from the Grub shell with

grub
root (hd0,0)
setup (hd0)
quit

I take it you have already edited /etc/fstab and /boot/grub/menu.lst to use /dev/sda instead of /boot/sdb. The other way of doing it is to use the feature available in some BIOSes to swap the boot order of the hard disks, so that your new drive is discovered first. As the new disk doesn't have Grub installed yet, the computer would still boot from the second (old) disk, but when you run grub to install it to the new hd0, this disk would be booted from next time onwards. You could then swap out the old disk and set the BIOS back to its previous boot order. This method is more fiddly than the first and is not guaranteed to work on all hardware, so only try this if you cannot use a Live CD for any reason. </answer>

<title>Securing Apache</title>

<question>Can you point me in the right direction for generating an SSL certificate and applying it to an Apache web server on a Red Hat Enterprise Linux 4 server and a Fedora Core 4 server? </question>

<answer> Configuring secure connections on the Apache web server on RHEL4 and FC4 is one of the most useful things you can learn to do with your Apache server. The majority of commercial public websites should be using a certificate that has been signed with a trusted key from a recognised certificate authority to indicate a higher level of trust than is required for internal company or personal websites. You can create such a key with OpenSSL (www.openssl.org), which I'll assume you have installed as it's a standard component. First, create a private key. You could secure it with a pass phrase, but depending on how security-conscious you are I would recommend removing it, as it will mean delaying or disabling your entire web server if you do not manually enter the pass phrase when the web server restarts. You'll use the openssl package's help files to create the certificate with the root user. Before you overwrite any current certificate, move it out of the way with

mv /etc/httpd/conf/ssl.*/server* /root/

Next cd /etc/pki/tls/certs (FC4) or cd /usr/share/ssl/certs/ (RHEL4) and run make testcert. This will ask you for a pass phrase, which we will remove later. Fill out the other information it asks for. The most important bit is `Common Name []', where you should put the domain name that you want the secure site to run off. Generating the key should put the files in the correct place. You should then make sure the default configuration Apache mod_ssl file (/etc/httpd/conf.d/ssl.conf) has the correct information ­ the two parameters SSLCertificateFile and SSLCertificateKeyFile, the certificate and key file respectively, should correctly reflect the location. Now remove the pass phrase if you want the site to restart without manual intervention and make sure that Apache starts when the machine does with the chkconfig file. Do

cd /etc/httpd/conf/ssl.key/
openssl rsa -in server.key -out server.
nopassphrase.key
mv server.key server.key.orig
mv server.nopassphrase.key server.
key
chkconfig httpd on

This is how you configure Apache on RHEL4 and FC4 to serve HTTPS requests from the default DocumentRoot. Bear in mind that due to the way TLS/SSL works you need one IP address per TLS/SSL site. </answer>

<title>Sold on SSL</title>

<question>Let me first say that I am a Windows administrator who can `do' Linux, and at this point I am extremely sick of the cost and maintenance associated with Windows. I'm looking for a solution to replace our Windows virtual private network [VPN] and want to go the Linux route. I was hoping to use an open source SSL VPN that can be run over a browser, but am having trouble finding one. Can you enlighten me and tell me what is hot now in the Linux VPN market? I know Freeswan is popular, but that is IPSec. OpenVPN seems to be another high-ranking product; it's SSL but won't run over a browser. I have looked at commercial products too (namely SmoothWall), but I wanted to do this myself (and I am a cheapskate). My co-worker, who is a 20-year veteran of the Unix world, wants to use SSH for the VPN, but I have heard that the overhead is too high and performance suffers. </question>

<answer>This does seem to be a field that is dominated by large commercial applications, which is not that surprising considering that they are aimed at enterprise users. But one open source project stands out: SSL-Explorer. This appears to offer what you need ­ SSL VPN accessible from any standard web browser. SSL-Explorer is available from http://sourceforge.net/projects/sslexplorer. While the free version may appeal to your cheapskate tendencies, if you are using it to provide access to a commercial network, you should consider the security and financial implications of incorrect installation or configuration. If you have any doubts about your experience in this area, it may be prudent to consider SSL-Explorer Xtra ($490 for one to five users). This provides some extra software and, most importantly, commercial support. As is so often the case with open source, the choice is yours. Any form of encrypted communication is going to impinge on performance. This affects both SSH and SSL, and you need to ensure that your server is capable of handling the expected loads. One advantage of using SSL is that the use of certificates ensures that you are connecting to the correct server, which safeguards against anyone redirecting traffic to another server to harvest passwords and other data. </answer>

<title>RAID to last?</title>

<question>I have recently set up a file server using SUSE Enterprise Server 9. There are three hard disks in the system: an 80GB disk and two 120GB disks. The 80GB disk contains the OS. The two 120GB disks are formatted as two RAID 1 partitions, primarily to store user data. The RAID is software implemented via SUSE, not hardware RAID via a controller. The filesystem is ReiserFS. Everything is working fine and hopefully will for a long time. However, at some stage, one of these mirrored disks may fail and will have to be replaced. Will LXF in the future discuss the processes involved in replacing a crashed mirror and restoring the data from the other drive? Are there any methods or utilities to determine the health of a RAID system? It seems to me that there is much discussion regarding the merits of RAID and implementing it but nothing, or very little, on maintenance or recovery. </question>

<answer> A detailed article on RAID is a good idea. For now, here's a quick overview. There are several ways of examining the status of an array. The following code,

cat /proc/mdstat
mdadm --detail /dev/md*

gives a quick overview of the status of any RAID array. The mdadm program also has a daemon mode that will run in the background. You'll need to edit /etc/mdadm.conf and test it on the command line first, then set mdadmd to start at boot in Yast > System > System Services. It will send you an email if it detects any problems. With RAID 1, if a disk fails the array carries on working using just the good disk. To replace the broken disk, first remove it from the RAID with

mdadm /dev/mdX --fail /dev/hdYn --
remove /dev/hdYn

where mdX and hdYn are the array and partition device nodes respectively. Then you can power down, replace the disk with a new one, reboot, create the necessary partitions on the disk as you did when setting up the array in the first place, and add it to the array with

mdadm /dev/mdX --add /dev/hdYn

The array will be rebuilt automatically. There will be a slight reduction in performance while the rebuild takes place. Either of the two commands given for examining an array can be used to tell when the rebuilding is complete. You can use the raidtools package instead of mdadm for these tasks, but mdadm is my preferred choice ­ it is newer and more consistent to use. You may also consider running smartmontools to monitor the disks themselves. </answer>

<title>Run Argonium</title>

<question>I've been trying to get the Argonium game working on Ubuntu 5.10 [coverdisc, LXF73] but for some reason it won't. I've extracted it and gone into the directory but when I run ./argonium it gives the following errors among its output:

couldn't exec config.cfg
/dev/dsp: Broken pipe
LoadLibrary("./refresh.so")
ref_gl version: GL 1.0

./libGL.so: cannot open shared object

file: No such file or directory
Segmentation fault

Now, being new to Linux I have little to no idea what's going on. I looked for config.cfg but I couldn't find it. I don't know if this is the problem but please, please help! </question>

<answer>There are a number of errors and warnings here, not all of them critical. The first, about config.cfg, has no effect. It just means no config file has been found, because you haven't run the game and changed the settings yet. When you do, this file will be created in .argonium/data in your home directory. The next one, about /dev/dsp, is a little more important. The warning means you won't have any sound, as /dev/dsp is the sound device for OSS, the old sound system still used by some programs. ALSA, the current sound system, can emulate OSS. For this to work, the relevant module has to be loaded with

sudo modprobe snd_pcm_oss
To do this automatically when you boot, add the module name to /etc/modules with
echo snd_pcm_oss >>/etc/modules

The next error is more significant. Argonium is trying to load libGL.so from the current directory, when it is actually in /usr/lib. A symbolic link will fix this ­ see the Quick Reference box on page 95 for more information.

ln -s /usr/lib/libGL.so.1 libGL.so

This should get you past all the errors and warnings you have seen. Note, however, that you will need a graphics card with 3D acceleration and suitable drivers, such as an Nvidia card with the drivers from www.nvidia.com/object/unix.html. </answer>

<title>Wild Blueyonder</title>

<question>I managed to install the KDE desktop environment version of SUSE 10.0 but I cannot get the Motorola SB4200 modem supplied by Blueyonder, my ISP, to connect to the internet via the USB port. I know the forums all suggest using the NIC connection, but would you be partial to any information that would allow me to get a working connection between SUSE Linux and my modem? </question>

<answer>There are good reasons why so many people recommend using the Ethernet connection rather than USB. The main three are:

Ethernet is faster
Ethernet is trivial to set up
Ethernet is faster

Yes, there is a huge speed difference between the two. I haven't tried it with this modem, but on my ADSL line the superior performance of Ethernet over USB modems is striking, particularly in terms of responsiveness. This is hardly surprising, as it's just what Ethernet was designed for, whereas USB is a universal system originally designed for low-speed devices. If your PC does not have an Ethernet port already, a PCI card can be bought for less than £5 and SUSE will take care of its configuration. You may also need to register the MAC address (a unique hardware identifier) of your network card with Blueyonder; the company uses this to validate your login. To find this, start the Yast Control Centre and go to Hardware > Hardware Info. Click on your network card and then Resources > Hwaddr. Call Blueyonder's support team and give them this number. To use the USB connection, you need the CDCEther driver. This is compiled into the standard SUSE 10.0 kernel, so the modem should `just work'. Does SUSE detect the modem when you connect it? If so, but there is no network interface for it, you will need to set this up from the Network Device section of Yast. The type should be USB and you should select Automatic Address Setup. </answer>

<title>Trouble and strife</title>

<question>Buying your magazine this month was my first venture into the world of open source. Since I first heard of it, I've been very keen on open source in principle, but I felt that it required too much technical wizardry for me to benefit from. Computers are expensive and I didn't want to take a wrong turn and end up ruining one. As I have access to a PC emulator on a Mac G4, I thought I had nothing to lose if I did a bodged job, so I went for it, installed Slackware, and it worked like a dream. I got a bit lost when the machine asked me for `darkstar login' so I went to one of the forums mentioned in your magazine and found the members welcoming and very helpful. So far so good. Emboldened by this I then took the big step of trying to install it on my wife's Advent notebook PC (model 7081 CELM350) as a dual boot, in the hope of weaning us both off Windows altogether. Panic ensued as the install failed to take. I think it has something to with some drivers or files that the model PC needs and were not included in the default installation. I don't know how to get around this. To cap it all, when I go to boot up now, I get an OS missing' message. The impact of this on my marriage is not positive. Are you familiar with this type of situation? What can I do to get the Slackware up and running? I'm so impressed with the little I have seen of the open source distros and community that I'm really reluctant to abandon the project. </question>

<answer>It is unusual for a failed installation to leave the computer unusable. The bootloader is normally set up at the end of the installation, and until this happens rebooting will take you straight back into Windows. The most likely explanation is that something failed the during bootloader setup. To fix bootloader so you at least have Windows back, boot from your Windows CD and select the rescue option. Type fixmbr at the prompt and all should be well. This is for Windows XP, for 98 the command is fdisk /mbr. Installing Linux on laptops is notoriously tricky because of the amount of custom hardware they use. Emulators, on the other hand, tend to emulate bog -standard hardware. The safest option is to use a distro that has a Live CD. You can run the distro from the CD before installing anything, which gives you a chance to check that your hardware is supported. Suitable distros include PCLinuxOS (www.pclinuxos.com), SimplyMepis (www.mepis.org or LXF79's cover DVD), Kubuntu (www.kubuntu.org) and, of course, Knoppix (www.knoppix.com). All of these Live CDs allow you to run the full distro from CD/DVD before committing to an installation. You could then revisit Slackware, knowing what hardware you have and what drivers you need. </answer>

<title>Starting out</title>

<question>I am interested in getting away from Windows and running Linux. I need to be able to design websites, edit photos, use MS Office, email, use the internet and play flight simulators. I know there are some Office replacement options and things like VMware for running Windows programs. I am OK with that because I could run some Windows programs and save them to a storage drive then take them into Linux. I am not a very literate programmer, and am looking for something that's easy to install and use. My specs are:

Motherboard Asus K8V SE Deluxe
CPU AMD 64-bit 3000
RAM 1GB
Graphics card BFG 6600 OC GeForce 128MB

I would like to use an OS that will allow me to use my 64-bit processor and achieve my operational needs without running Windows, with the exception or maybe using VMware. What OS would you suggest that I try? The last time I tried Linux there was no USB support. Does VMware support gaming? I am fed up with Windows, but I so want to be able to view all websites and use all of my hardware. </question>

<answer>There are several distros available in full 64-bit versions that are well suited to an inexperienced user. In no particular order, Mandriva (www.mandriva.com), SUSE (www.suse.com) and Ubuntu (www.ubuntu.com) are all well worth considering. These systems all have Live CD variants. Live CDs are distros that boot and run from a CD or DVD, requiring no installation. They run a little slower and can't be customised, but provide an excellent way to evaluate a distro before installing it (see page 34 for more). If the only Windows software you want to run is MS Office, you don't need a full-blown (and expensive) virtual machine like VMware, CrossOver Office (from www.codeweavers.com) allows you to run MS Office, and many other Windows programs, on Linux. An even better solution for most people is to use OpenOffice.org instead. This comes will all major distros and is as good as Office in many areas, better in some. Everything else you mention is more than adequately covered by Linux software, much of which will be included in the above distros. However, gaming in VMware is generally not that good ­ in fact gaming is one of the main reasons why people keep Windows on their hard disks. </answer>

<title>Hanging around</title>

<question>I have Red Hat Enterprise Linux ES 4 running on my server. It uses Vsftp as an FTP service. FTP seems to work OK, but I have increasingly noticed that when I attempt to make a connection from a remote location that uses ADSL or I am behind a firewall, the connection occurs as I get prompted for a username and password, but I am unable to list directory content or upload files. There is no obvious error ­ it just hangs, whether I use an FTP client or a command line. I am using Iptables for firewall protection, which I have only recently enabled, and I think this might be related, because when I turn Iptables off the FTP works fine. </question>

<answer> The problem here is with regards to the Iptables modules running on the server. You will need to enable two `nat helper' modules for the Iptables. They are called ip_nat_ftp and ip_conntrack_ftp. Run them by typing

modprobe ip_nat_ftp
modprobe ip_conntrack_ftp

Now lsmod will reveal:

Module             Size Used by
ip_nat_ftp         4913       0
iptable_nat        23037 1
ip_nat_ftp
ip_conntrack_ftp 72689 1
ip_nat_ftp
ipt_LOG            6465       1
ipt_state          1857       1
ip_conntrack       40565 4
ip_nat_ftp,iptable_nat, ip_
conntrack_ftp,ipt_state
iptable_filter     2753       1
ip_tables          16705 4
iptable_nat,ipt_LOG, ipt_state,
iptable_filter

Please note that running this modprobe will not keep these modules loaded, because when Iptables is restarted for any reason, it will not load the modules again, and you would need to run the modprobe again. To bypass this, you can edit the /etc/sysconfig/iptables-config and add the following entry:

IPTABLES_MODULES="ip_nat_ftp
ip_conntrack_ftp"

Now when you restart Iptables you will see the following:

   `Loading additional iptables
    modules: ip_nat_ftp ip_conntrac[ OK ]'.

This should resolve any FTP issues through the firewall. </answer>

<title>Memory loss</title>

<question>I have just installed SUSE Linux 10.0 on to my Toshiba L10 laptop. It went on a treat but it wouldn't recognise my LG USB drive, which is a removable 1GB, so I re-installed SUSE with the stick plugged in and it worked fine. When I took it out again, it disappeared. After SUSE was installed, My Computer showed my hard drive (hda2) and LG 1GB. After I'd restarted it, it showed CD-Recorder, hard disk hda2 and another hard disk, sda1. </question>

<answer> As this is a laptop, it is reasonable to assume that it only has one hard disk, so the second hard disk you can see (sda) will be your USB stick. IDE hard drives are denoted hda, hdb and so on. Memory sticks, and other USB mass storage devices, are treated as SCSI hard disks and are denoted sda, sdb etc. The number refers to the partition number, so sda1 is the first partition on the first SCSI disk ­ in this case, the only partition on the memory stick. Look at the contents of this and I'm sure you will find it is your memory stick. </answer>

<title>1-2-VNC</title>

<question>I've installed a minimal CentOS 4 installation on a headless PC at home, which I plan to use for email, DNS, web hosting etc. I'm relatively new to Linux and really like the X-based system-config-tools that Red Hat has provided for system administration. I've read about VNC and have installed the vnc-server RPM but cannot get Vncserver to run. Can you please offer some insight to assist me in getting VNC up and running? </question>

<answer>Installing Vncserver on CentOS/RHEL is straightforward, but it does require a few other packages to operate correctly. Provided you're running a minimal install, the first step is to install vnc-server, xorg-x11, gnome-session and gnome-terminal. The xorg-x11 and gnome-session packages have numerous dependencies, so if you're installing via Yum and you have a slow internet connection, now would be a great time to go grab a coffee. Alternatively, you can avoid installing the Gnome-related packages and use the default TWM window manager. This will need xorg-x11-twm. If you do choose to use TWM, you can leave ~/.vnc/xstartup with the default configuration. If you plan to use Gnome, you can use the following:

#!/bin/sh
vncconfig -iconic &
gnome-terminal &
gnome-session &

Once that's been saved, ensure that xstartup is executable. Finally, to start the VNC server, use the vncserver command. This will first ask for a password to use when you connect with your VNC client. If you do not specify a display for Vncserver to use, it will default to the first available display number (which is usually :1). You should now be able to use your VNC viewer to connect to your IP followed by display number (ie 192.168.1.10:1 for example). To get Vncserver to start at boot, use the chkconfig command to enable the service to start in the default runlevel. Additionally, on Centos/RHEL there is a Sysconfig file for Vncserver, located in /etc/sysconfig. This file is used to tell Vncserver which user to run under and which display to connect to. </answer>