Below are my notes that I made after taking and passing the Red Hat Certified Systems Administrator (RHCSA) test. As usual I looked for RHCSA study guides and notes. I was not impressed with any of them so I made my own.
Use the notes below after going through a book like the RHCSA/RHCE Red Hat Linux Certification Study Guide. The book will help you understand what your doing below better. These notes are just quick descriptions and commands on how to get things done. It was made as more of an easy way to review different topics and run through how to do different tasks. There are also little notes on things you should know.
##################### ### Installing OS ### ##################### # Use CentOS to practice as it is almost exactly the same as RH. The differences won't matter. # Install CentOS directly to a machine, don't use a VM. You will make another VM later to practice # On the initial boot screen hit Tab to see boot options. Put the word "text" at the end # of the boot option to boot in text mode. # For FTP or HTTP install start install and select "URL" then put in: # ftp://192.168.0.1/pub/inst or similar FTP url where install files are # http://192.168.0.1/pub/inst or similar HTTP url where install files are # Press Alt-F3,Alt-F4 or Alt-F5 if you have issues during install. They will show you the # log and error messages. Also you can get to a prompt and other cool things if you try # other Alt-F? keys. # By default SELinux is enabled in enforcing mode.You can check this with the "sestatus" command. # Iptables is turned on by default. ############################## ### General Administration ### ############################## # From the desktop get to terminal consoles. CTRL-ALT-F1 through F6 # From desktop bring up a GUI terminal click Applications -> System Tools -> Terminal. # You can also right click anywhere on the desktop and select "Open Terminal". # Linux uses 3 data streams. Standard In (STDIN), Standard Out (STDOUT), # Standard Error (STERR). You can send data to and from programs and files. < and > # can direct these streams in different directions to programs and files. Programs # can also send data to each other using the pipe | # Output from ls command to a file. Do this with grep or any other program also ls > filename # Send data from file to contacts program contacts < datafile # cat a file and read it with less cat /var/log/messages | less # Run program blah and send all errors to file errors blah 2> errors # Pwd shows you which directory your currently in pwd # Change to a dir like /var cd /var # Show regular files in a directory ls # Show all file in a dir including hidden ones. Hidden files start with a period. ls -a # Show all files in var dir with a long listing and with SELinux contexts ls -laZ /var # Make a blank file blah touch blah # Change date/time of current file to right now touch filename # Make a directory blah in the /tmp dir mkdir /tmp/blah # Delete the dir you just made rmdir /tmp/blah # Copy file /etc/passwd to /tmp cp /etc/passwd /tmp # Copy all files and directories from /etc/ to /tmp. -r recursive copy. cp -r /etc/* /tmp # To rename a file use the move command. Rename file blah to blah1 mv blah blah1 # Move a file /var/boss to /tmp mv /var/boss /tmp # Delete a file using the remove command (rm). Delete file boss rm boss # Remove a whole dir with all files in it. Example removing /tmp/blah dir. -f force -r recursive rm -rf /tmp/blah # Create a link to a file. Allows you to make a shortcut to the file name. # Hard links include a copy of the file. Create link to blah in current dir to file /etc/blah ln /etc/blah blah # Softlink is just a redirect to the file. It uses the -s option. ln -s /etc/blah blah # Show all running processes. First column is username, second is Process ID, CPU usage is third # The top of the output tells you what each column is. Check it out for the rest of the columns. ps -aux # Show processes for just user blah ps -u blah # Show all processes in SELinux context ps auxZ # Use Top to see system load and processor and memory usage. Watch processes. top # To change process priority use nice and renice commands. -20 highest priority, 19 lowest # Start process at lowest priority nice -n 19 ./process_intensive_task # Change priority of running process PID 455 renice -1 455 # To kill process with process id 22 (use ps to find id's) kill 22 # Kill all proceses of a certian name blah killall blah # Find files named blah using the find command starting from the root dir /. Case sensitive. find / -name blah # Case insensitive search for same find / -iname blah # Use glob characters (* ? []) to help find things # * - any number of alphanumeric chars. Ex. blah* finds any word blah with 0 or more letters or numbers after it. # ? - any single alphanumeric chars. Ex. blah? finds any word blah with one letter or number after it. # [] - any range of letters or numbers. Ex. blah[12] finds any combo of blah1 blah2 # Find a files owned by user jose find / -user jose # Find file belonging to group boo find / -group boo # Use the locate command to find files faster than find. # Locate file dog locate dog # You have to make the locate database for this to work. It is run every day from cron. /etc/cron.daily/mlocate.cron # Hint is to run this when you first start the test and background it like so /etc/cron.daily/mlocate.cron & # View files on the screent with cat. Ex. show file boo cat boo # Use programs less and more to open and look at files. Ex file boo # Use arrows or page up and down keys to scroll up and down more boo or less boo # Show the beginning of a file with the head command head /etc/passwd # Show the end of a file with the tail command tail /etc/passwd # Show last 20 lines of file tail -n 20 /etc/passwd # Use the sort program show lines of a file in alphabetical order depending on the first # letter in each line. Check man page to see how to sort in other orders sort /etc/passwd # Use the grep command to find words or patterns in files. Like the word bash in /etc/passwd grep bash /etc/passwd # Find word dog in file /etc/blah. Output matching lines to file /tmp/boo grep dog /etc/blah > /tmp/boo # Use diff command to see differences in files. Like between files boot and pie diff boot pie # Wc can count words or lines of a file # Count words in a file boo wc -w boo # Count lines in file boo wc -l boo # Use sed to stream edit files. Which means change them on the fly. # Like open file boo and change word dog to cat then save it sed -e 's/dog/cat/g' boo # See more examples here http://www.pantz.org/software/shell/shelloneliners.html # Use awk to find words or numbers in files and print them out in a column format # Find all lines with the word bash in it awk '/bash/ {print $0}' /etc/passwd # See more examples here http://www.pantz.org/software/shell/shelloneliners.html # Learn to edit files from a terminal with the program Vi. # Go here to learn the commands http://www.pantz.org/software/vi/vireference.html # Sysstat package has sar and iostat. Use sar to check system activty and io over time # Reports are put in /var/log/sa dir. # Check cron jobs in /etc/cron.d to run at intervals. Configs are in /etc/sysconfig/sysstat # /etc/cron.d/sysstat sar -A (shows output) # Use gzip or bzip2 to compress a file gzip file1.txt bzip2 file1.txt # uncompress either with -d gzip -d file1.txt.gz bzip2 -d file1.txt.bz2 # Use tar to collect a bunch of files into one file # Tar up and compress all files in /opt into file called opt.tar.gz tar czvf opt.tar.gz /opt # Untar files back to /opt tar xvzf opt.tar.gz /opt # User star to archive files on a system using SELinux # install star yum install star # Create file opt.star and save all extended attribs record headers with acl star -xattr -H=exustar -c -f=opt.star /opt/ # Extract archive tar -x -f=opt.star # System wide crontab is at /etc/crontab. Cron job files are also in /etc/cron.d/ dir. # Cron files can have their own environment variables located in the file like the following SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/ # Cron job file format is the following, except for /etc/crontab that has an extra field for user # Minute Hour Day of Month Month Day of Week Command # (0-59) (0-23) (1-31) (1-12 or Jan-Dec) (0-6 or Sun-Sat) 0 2 12 * 0,6 /usr/bin/find # Users have their own cron files called crontabs. # Edit your own crontab file crontab -e # Show your crontabs crontab -l # As root edit user1's crontab crontab -u user1 # If /etc/cron.allow does not exist and cron.deny does then users listed in .deny can't edit their tab # If both exist then only users in cron.allow can edit cron tabs. Same goes for at.allow and at.deny # You can use the at program to schedule a one time command at now +2 hour at> /sbin/ping -c 127.0.0.1 at>Ctrl-D # Will ping localhost in 2hrs # show at jobs atq # Remove job 1 atrm 1 # Config files for rsyslog are /etc/init.d/rsyslog and /etc/rsyslog.conf # Levels of logging in ascending order: debug, info, notice, warn, err, crit, alert, emerg # There is also none priority that logs nothing like warn.none logs no warning messages # rsyslogd logs all messages of a given priority or higher. use that level and it logs that # level and higher. Use * to log all levels like auth.* # Most log files are written to /var/log/ # Logrotate facility rotates logs on a weekly basis. Check /etc/logrotate.conf and the # scripts in /etc/logrotate.d dir. # Install a VNC server and client. RH uses tigervnc yum install vinagre tigervnc tigervnc-server # Edit /etc/sysconfig/vncservers file put in lines for user1 and user2. examples are in file. VNCSERVER="1:user1 2:user2" VNCSERVERARGS[2]="-geometry 800x600" # Stop vnc server, so we can setup the users service vncserver stop # Login as the user or su to the. start vncserver or port 5902 vncserver :2 # Make sure iptables has port 5902 open if not open it system-config-firewall-tui # Connect to server on port 5902 with vnc client like vncviewer or vinagre vncviewer 192.168.0.1:2 # To start a gui: vnc viewer Applications | Internet | Remote Desktop Viewer or Tiger VNC Viewer # To configure gnome based vnc server called vino run vino-preferences # SSH line to connect to vnc over ssh on a remote system ssh -L 5902:sv1.example.com:5902 [email protected] # Then use a vnc client to connect to 127.0.0.1:2 as the server is listening on localhost ############################ ### System Documentation ### ############################ # /usr/share/doc has tons of documentation on programs # Run commands by themselves for a quick help. # Run "man command" to see docs on that command # To search man pages title keywords use "whatis" like "whatis virsh" # To search man pages with keywords in the description use "apropos" like "apropos virsh" # To ensure that you can access the appropriate man pages, after installing new packages run /etc/crond.daily/makewhatis.cron ########################### ### Installing Software ### ########################### # Install Apache webserver (as root) yum install httpd service httpd start # Check if running on localhost with browser http://127.0.0.1/. Install firefox if need be. yum install firefox # If not check if iptables is allowing it. Use system-config-firewall command to open port 80 chkconfig httpd on # By default webserver files are kept in /var/www/html/ # Install VSFTP server (as root) yum install vsftpd service vsftpd start # Check if running on localhost with browser ftp://127.0.0.1/ # If not check if iptables is allowing it. Use system-config-firewall command to open port 21. chkconfig vsftpd on ######################## ### File Permissions ### ######################## # Chmod g or o or u (for section) + or - (to add or remove permisison) r or w or x (to set perm) chmod u+x file or chmod ugo+w file # Chmod number equiv r = 4, w = 2, and x = 1. Combine numbers for permisison setting. chmod 755 file (equiv to 4+2+1,4+1,4+1) # SUID SGUID and sticky are SUID=4, SGID=2, and sticky bit=1 chmod 4764 file sets SUID bit. # Sticky bit (t) on dir using ugo/rwx format chmod o+t /tmp # Set group id bit on dir test chmod g+s /tmp/test # Chown user and group use -R for recursive chown username.groupname file # Chgrp changes group onwership.Below changes file owership to testgrp chgrp testgrp file ###################### ### File Attribues ### ###################### # Lsattr lists file attributes. chattr sets file attributes chattr +i /etc/file (keep a file from being written to) lsattr /etc/file (look at attributes) chattr -i /etc/file (remove imutable attribute) ############# ### ACL's ### ############# # File system has to have acl's turned on to use them. Edit /etc/fstab and in the # options section put "acl" like /dev/sdb2 /home ext4 defaults,acl 1,2. # Then remount file system to apply. mount -o remount /home # Get file ACL's (acl package has to be installed) getfacl filename # Modify acl's. Example for user Bob giving him rwx to file setfacl -m u:bob:rwx file # Remove acl on file for user bob setfacl -x u:bob file (add in -R to recursivly do the same) # Set acl group access for group luser on file setfacl -m g:luser:r-- # Remove all acls on a file (going nuclear) setfacl -b file # Set acl mask (what file is allowed to be set to) setfacl -m mask:r-- file (makes it so only read acl can be set from now on) ############################################ ### IPTables (Firewall) and TCP wrappers ### ############################################ # Iptables file is kept in file /etc/sysconfig/iptables # Start iptables /etc/init.d/iptables start or service iptables start # List all rules iptables -L # List all rules with rule numbers iptables -L --line-numbers # Stop iptables /etc/init.d/iptables stop or service iptables stop # Look in /etc/services file for any ports of the services you might need to open # You can add a rules to a running system # Append a rule to the end of the INPUT chain iptables -A INPUT -p tcp --dport 80 -j ACCEPT # Insert a rule at postion number 2 on the INPUT chain iptables -I INPUT 2 -p tcp --dport 80 -j ACCEPT # Delete a specific rule. Rule #3 on the INPUT chain. iptables -D INPUT 3 # Replace a current rule Example replacing rule #3 iptables -R INPUT 3 -p tcp -s 192.168.0.0/24 --dport 80 -j ACCEPT # To save any of these additions run the save command. This will put them in /etc/sysconfig/iptables service iptables save # To make changes to the /etc/sysconfig/iptables file directly service iptables stop vi /etc/sysconfig/iptables (put in your line or mod a current line) then save it. service iptables start # Console firewall tool # Saving anything in here overwrites any changes made by hand to the file /etc/sysconfig/iptables system-config-firewall-tui # GUI based firewall tool # Saving anything in here overwrites any changes made by hand to the file /etc/sysconfig/iptables system-config-firewall # TCP wrappers protect services that communicate using TCP. This is similar to # Iptables, but protects the TCP ports on a service basis. Binaries linked to # libwrap.so.0 can be protected using the /etc/hosts.allow and /etc/hosts.deny files. # If a match is found in the /etc/hosts.allow file it's allowed. Matching stops. Checked 1st. # If a match is found in the /etc/hosts.deny file it's denied. Matching stops. Checked 2nd. # If a match is not found in either then access is allowed. # Format is daemon_name : clients_ip_or_hostnames # Use "ALL" keyword for allowing any service or client # Use "." to specify any host with a certain domain name like .blah.org # Examples of formating to allow or deny hosts to services in the hosts.allow or .deny files # Restrict sshd to 192.168.0.0 subnet sshd : 192.168.0.1/255.255.255.0 # Everything from .blah.org ALL : .blah.org # Everything from 192.168. except 172.168 block for services telnet and ssh sshd,in.telnetd : 192.168. EXCEPT 172.168. # To make a white list type connection for your services in your /etc/hosts.deny file # put ALL:ALL on the last line. Put the connections and services you want to allow # above that line. Don't put in a /etc/hosts.allow file at all. This will deny all # connections to those services except for what you listed. ########### ### KVM ### ########### # A 64bit CPU is required for KVM host machine in RedHat. # Install virtualization packages yum groupinstall Virtualization* # Installed individually if you like yum install qemu-kvm qemu-img virt-manager libvirt libvirt-python python-virtinst libvirt-client # Load kernel module for KVM if it's not already running modprobe kvm # Check for module if need be. You'll see kvm and kvm_intel or kvm_amd lsmod |grep kvm # Start libvirtd so we can use virt-manager service libvirtd start # Restart networking so the VM's can use the network bridge (virbr0) to get out through the host service network restart # Virtual Machine Manager is part of the virt-manager package. # Start it in a GUI by clicking Applications | System Tools | Virtual Machine Manager. # or start it by typing "virt-manager" in a terminal window in Gnome. # 2 hypervisors, also known as virtual machine monitors, are # shown on the localhost system. These hypervisors work with QEMU as processor # emulators within the virtual machines. # Create a Second Virtual Network # 1. Right-click the standard localhost (QEMU) hypervisor, select Details. # 2. In the details wiindow select Virtual Networks tab. # 3. Click the plus sign in the lower-left corner of the Virtual Networks tab to open the Create A New Virtual Network Wizard. # 4. Click Forward to continue. # 5. Assign a name for the new virtual network. Enter the name foo. Click Forward to continue. # 6. If not already input, type in the 192.168.101.0/24 network address in the # network text box. Click Forward to continue unil you get to the end. # Default filesystem directory for KVM images is /var/lib/libvirt/images. # If you change it the do the following mkdir /opt/KVM su - chcon -R --reference /var/lib/libvirt/images /opt/KVM rmdir /var/lib/libvirt/images ln -s /opt/KVM /var/lib/libvirt/images ### Virtualization Packages ### # qemu-kvm - The main KVM package # python-virtinst - Command line tools and libraries for creating VMs # virt-manager - GUI VM administration tool # virt-top - Command for VM statistics # virt-viewer - GUI connection to configured VMs # libvirt - C language toolkit with the libvirtd service # libvirt-client - C language toolkit for VM clients ### Creating a KVM VM with GUI ### # 1. Open virt-manager from the menu or run "virt-manager" from the GUI term prog. # 2. Right-click the localhost (QEMU) hypervisor and click "Connect" in the pop-up menu that appears # 3. In the pop-up menu that appears, click New. # 4. Type in a name for the new VM. Select install method. Click Forward. # 5. Select install media and OS type and version. Click forward. # 6. Choose RAM and CPU. Click forward. # 7. Check the editable storage box and choose a size for you disk image. Select allocate entire disk is selected. Click forward. # 8. Click advanced options and make sure networks looks ok. Click finish. # 9. It will create the VM. It should be listed in the Virtual Machine Manager now. # 10. You can highlight the new VM and and click Open. You can now do the OS install. # # After installing a KVM guest you need to change the boot device. # Click Applications | System Tools | Virtual Machine # Manager. Enter the root administrative password if prompted, and double-click on # the desired VM. Then change the boot device with the following steps: # 1. In the window associated with the VM, click View | Details. # 2. In the window that appears, click Boot Options. # 3. Change boot order by clicking hard disk and move it up with the arrow button. Click apply. # 4. Click View | Console and then Virtual Machine | Run. The system will boot normally. # Creating a KVM VM with install questions on the cmd line virt-install --prompt # Installing VM in one line using virt-install. Assumes kickstart file and packages on ftp server. # Also assumes disk image was made ahead of time. virt-install -n hostname.domain.lan -r 1024 --disk \ path=/var/lib/libvirt/images/hostname.domain.lan.img \ -l ftp://192.168.0.1/pub/inst \ -x �ks=ftp://192.168.1.1/pub/ks1.cfg� # This line creates the disk (5Gig) and uses a kickstart file and repo from an http server # Just copy over the RH DVD #1 to the root of an http server. Put the kickstart file there also. virt-install -n testmachine2.domain.lan -r 1000 \ --disk path=/var/lib/libvirt/images/testmachine2.domain.lan.img,size=5 \ -l http://192.168.0.245/ --vcpus=1 -x "ks=http://192.168.0.245/ks.cfg" # Virsh commands to check and control VM's # List all configured VM's status virsh list --all # Start VM virsh start hostname.domain.lan # Gracefully shutdown a VM (may not work) virsh shutdown hostname.domain.lan # Hard stop a VM (like pulling the power on it) use if shutdown does not work. virsh destroy hostname.domain.lan # Reboot a guest virsh reboot hostname.domain.lan # Make sure VM starts on host reboot virsh autostart hostname.domain.lan # Keep Vm from starting on boot (or rm sym link from /etc/libvirt/qemu/autostart dir) virsh autostart --disable hostname.domain.lan # Take disk snapshot with VM off (not part of RHCSA but interesting). Can't do live snapshot in RH6. virsh snapshot-create-as hostname.domain.lan snapshot1 --disk-only --atomic # List snapshots for VM (not part of RHCSA) virsh snapshot-list hostname.domain.lan # List snapshot info (not part of RHCSA) virsh snapshot-info --current hostname.domain.lan # Clone a VM with install questions on the command line # Make sure vm is stopped virsh destroy hostname.domain.lan # Start clone virt-clone --prompt # When booting the clone start it in run level 1 and change network IP,MAC,Hostname, etc. # Re-creating a VM with the same name or deleting a VM for good # Stop the VM virsh destroy tester1.example.com # Delete associated XML file. rm /etc/libvirt/qemu/hostname.blah.xml # Delete VM disk image by name from images dir. /var/lib/libvirt/images/hostname.blah.img # Restart the VM daemon for changes to take effect /etc/init.d/libvirtd restart ### Add virtual HD's to a KVM VM (Not on test) ### # Make a bunch of virtual HD's to practice LVM 1. Open virt-manager 2. Select regular localhost (QEMU) hypervisor, right click and select connect. 3. Right click a vm and then open. View | Details click Add Hardware. 4. Follow install wizard. On next boot partition the drive with fdisk or parted. ### Notes on getting VM Networking going (not on test)### # On a KVM-based virtual host, you may notice additional firewall rules # the following additional rule,accepts traffic over a physical bridged network device. # /etc/sysconfig/iptables: -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT # to make this work in /etc/sysctl.conf file set net.ipv4.ip_forward=1 # To activate this run "sysctl -p" # More great info on getting NAT working with libvert http://wiki.libvirt.org/page/Networking ################# ### Kickstart ### ################# # All machines have a kickstart file called /root/anaconda-ks.cfg with the options they were installed. # You can put ks file on things like HD's or USB media and access it during install. During # initial install screen hit tab to get Grub boot line. Then at the end of the line put # ks=hd:sdb1:/ks.cfg for accessing a file on the second device's root partition #1. # For CDROM ks=cdrom:/ks.cfg. For FTP ks=ftp://192.168.0.1/pub/ks.cfg. For HTTP # and NFS ks=nfs:192.168.9.1/ks.cfg ks=http://192.168.9.1/ks.cfg # To help modify a kickstart file install and use the RH system kickstart program # Install yum install system-config-kickstart # Start program use systems ks file as example system-config-kickstart /root/anaconda-ks.cfg # Here is a kickstart file I used during testing. Make sure you open up iptables ports for on your kvm host that # your guests can use. If things won't work drop iptables to see if that is it. service iptables stop # Webserver 192.168.0.245 with RH DVD files were on local apache server along with kickstart the file. firewall --enabled --service=ssh install url --url="http://192.168.0.245/" repo --name="CentOS" --baseurl=http://192.168.0.245 --cost=100 rootpw --iscrypted $1$Kiv/ikw81H@#JEjejowwudj333 auth --useshadow --passalgo=sha512 graphical firstboot --disable keyboard us lang en_US selinux --enforcing logging --level=info timezone America/New_York network --bootproto=dhcp --device=eth0 --onboot=on bootloader --append="crashkernel=auto rhgb" --location=mbr --driveorder="sda" zerombr clearpart --all --initlabel part / --fstype="ext4" --size=4600 part swap --grow --size=200 %packages @base @console-internet @core @debugging @directory-client @hardware-monitoring @java-platform @network-file-system-client @perl-runtime @print-client @server-platform @server-policy certmonger device-mapper-persistent-data ftp genisoimage krb5-workstation mtools oddjob pam_krb5 pax perl-DBD-SQLite samba-winbind sgpio wodim %end ####################### ### Logical Volumes ### ####################### ### Description of pieces ### # Physical volume (PV) A PV is a partition, configured (initialized) to the LVM partition type. # Physical extent (PE) A PE is a small uniform segment of disk space. PVs are split into PEs. # Logical extent (LE) Every LE is associated with a PE and can be combined into a volume group. # Volume group (VG) A VG is a bunch of LEs, grouped together. # Logical volume (LV) An LV is a part of a VG, which can be formatted and # then mounted on the directory of your choice. ### The Process ### # Partition needs to be made on the disk. # The partition needs to be labeled as a logical volume. # The labeled partition can then be initialized as a physical volume. # One or more physical volumes can be combined as a volume group. # A volume group can be subdivided into logical volumes. # A logical volume can then be formatted to a Linux file system or as swap space. # The formatted logical volume can be mounted on a directory or as swap space. # Make your partitions with fdisk and mark them with the LVM fs type # Assuming we have 2 hd's sda and sdb. We will use VG001 as the VG name. # Initialize the physical volumes pvcreate /dev/sda1 /dev/sda2 /dev/sdb1 /dev/sdb2 # Create the volume group from the PV's vgcreate VG001 /dev/sda1 /dev/sda2 # Add more PV's. We could have added all PV's above but wanted to show extending vgextend VG001 /dev/sdb1 /dev/sdb2 # Create logical vols with size of 100Meg with the name disk1 lvcreate -L 100M VG001 -n disk1 # The device /dev/VG001/disk1 gets created and can be formatted and mounted. mkfs.ext4 /dev/VG001/disk1 mkdir /disk1 mount /dev/VG001/disk1 /disk1 # You should put this in the /etc/fstab so it is mounted on boot /dev/mapper/VG001-disk1 /disk1 ext4 defaults 1 2 # Resize Logical Vol to make it bigger by adding a new disk partition (/dev/sdc1) # Unmount dir associated with lv Ex. /home umount /home # Extend the vg (vg001) with new partitions Ex. sdc1 vgextend vg001 /dev/sdc1 # Make sure it's added vgdisplay vg001 # Extend the lv to 5G lvextend -L 5000M /dev/vg001/lv00 # Expand the filesystem to use the new space resize2fs /dev/vg001/lv00 # GUI for managing LVM is system-config-lvm # Useful LVM commands # pvdisplay - Displays currently configured PVs. # pvchk - Checks the integrity of a physical volume. # pvs - Lists configured PVs and the associated VGs. # pvmove - Moves PVs in a VG from the specified partition to free locations on other partitions; prerequisite is to disable the PE. # vgcfgbackup - Backs up and restores the configuration files associated with LVM # vgchange - Similar to pvchange, allows you to activate or deactivate a VG. For # vgck - Checks the integrity of a volume group. # vgcreate - Creates a VG, from two or more configured PVs: for example, # vgdisplay - Displays characteristics of currently configured VGs. # vgextend - if you�ve create a new PV vgextend vg00 /dev/sda11 adds the space from /dev/sda11 to vg00. # vgrename - Allows renaming of LVs. # vgs - Displays basic information on configured VGs. # vgscan - Scans and displays basic information on configured VGs. # lvcreate - Creates a new LV in an existing VG. # lvdisplay - Displays currently configured LVs. # lvextend - Adds space to an LV: the lvextend -L6G /dev/volume01/lv01 command extends lv01 to 6GB, assuming space is available. # lvrename - Renames an LV. # lvresize - Resizes an LV; can be done by -L for size. For example, lvresize -L 6GB volume01/lvl01 changes the size of lvl01 to 6GB. # lvs - Lists all configured LVs. # Don't setup a LVM vol for the /boot dir. Linux can't read from it on boot. ############### ### SELINUX ### ############### # Install SELinux management tools yum install policycoreutils* (and other SE management tools) # Then start with system-config-selinux # SELinux assigns different contexts to each file, known as subjects, objects, and actions # A subject is a process, like a running command, or an app like a running web server. # An object is a file. # An action is what may be done by the subject to the object. # Most SELinux settings are boolean. activitated or deactiviated by setting to 1 or 0. # Booleans are stored in the /selinux/booleans directory # Modify booleans with getsebool and setsebool set with -P to survice reboot. # To see all booleans use getsebool -a. Description on each use semanage boolean -l -rwxr-----. root root system_u:object_r:admin_home_t:s0 .bashrc | | | | | user role type MLS Level Filename # File to set selinux mode (enforcing, permissive, or disabled) /etc/sysconfig/selinux # To show what mode your in use commands: getenforce or sestatus # Change current mode. For enabling, the line SELINUX= has to be set to enforcing setenforce enforcing or setenforce permissive # To show selinux status of users. Yum install policycoreutils* to get semanage program. semanage login -l # Change user bob to staff_u user. This also adds bob's mapping between linux users and SELinux. semanage login -a -s staff_u bob # Delete user bob from staff_u list semanage login -d bob # Show SE file contexts ls -Z # Show process contexts ps -eZ # Default contexts are configured in /etc/selinux/targeted/contexts/files/file_contexts # Copy context from one dir to another recursively chcon -R --reference=/var/www/html/ /var/www/html/inst # Restore contexts back to default restorecon -F /var # Logs for SElinux (records and show problems) are in /var/log/audit/audit.log # Use ausearch to Search for things like sudo issues in the access vector cache ausearch -m avc -c sudo # Show all avc issues ausearch -m avc # A better tool to find SELinux issues is sealeart sealert -a /var/log/audit/audit.log # Show all SELinux booleans on the system getsebool -a # Set one to off. Ex. set user_ping to off. -P makes setting survive reboot setsebool -P user_ping off #################### ### Boot Process ### #################### # Press A at the GRUB boot menu to append an option to the boot line. # Enter a 1 - 5 at the end of this menu to boot to that run level. # Enter the word "single" at the end of the prompt to do # everything but run the scripts listed in the /etc/rc1.d/ dir. # Single mode is great way to recover a forgotten root password. Just boot into single and type passwd. # Enter init=/bin/sh at the end of the prompt. This does not load init-related files # but mounts only the top-level root directory (/) in read-only mode. To start boot sequence while in # this mode type "exec /sbin/init". Just /sbin/init will not work. # To change the current bootable run level edit /etc/inittab file and change the number # in the line id:5:initdefault: to the level you want. ### Grub ### # Change Grub boot menu items in file /boot/grub/grub.conf # Use grub-md5-crypt program to make a md5 password hash for the password --md5 line in # the /boot/grub/grub.conf # From the grub prompt find the grub.conf file (finding the boot dir) grub> find /grub/grub.conf or run grub> root # Look at grub conf file grub> cat (hd0,0)/grub/grub.conf # Check run level with the "runlevel" command. # Change runlevel with the "init" or "telinit" command. Changing to run level 2: init 2 or telinit 2 # Reboot the system with the reboot command reboot # Shutdown the system with the "shutdown" command. shutdown # Upstart config files/boot process files are kept in /etc/init/ and /etc/sysconfig/init # Show processes that start at different run levels chkconfg --list # Make sure postfix process starts at boot chkconfig postfix on ( or issue "off" so it does not start) # Turn off postfix at runlevel 4 chkconfig --level 4 postfix off # Ntsysv is a console gui to manage runlevels. Issue command with runlevels to manage ntsysv --level 2345 # Use gui to manage services system-config-services ################## ### Networking ### ################## # Interface network files are in /etc/sysconfig/network-scripts dir. # They look like ifcfg-eth0. This is the default network interface. # Config options speak for themselves for the most part. # Networking on/off and hostname is in /etc/sysconfig/network # bring up interface ifup ifcfg-eth0 or ifup eth0 # Shutdown interface ifdown ifcfg-eth0 or ifdown eth0 # Show interface info ifconfig eth0 # Show routing table netstat -nr or route # Add a default route to a box route add default gw 192.168.1.1 # Add a route to a different network through a different interface route add -net 192.168.2.0 netmask 255.255.255.0 dev eth1 # Show all network connections and listening services with PID's. netstat -punta # Show all arp entries arp # Delete arp entry arp -d hostname # Network console gui system-config-network-tui # GUI network editor. nm-connection-editor # Look in the upper right hand corner of the desktop for the Network Manager icon # Feel no shame using this during the test. System->Preferences->Network Connections. # Make a dhcp request with dhclient to configure eth0 for dynamic networking # This is done by default at boot if /etc/sysconfig/network-scripts says so. dhclient eth0 # See if an ip address is working/responding on the network with the ping command # You can also use the hostname of a system. It will re ping 127.0.0.1 # Check network status service network status # Restart networking service network restart # DNS info is in /etc/resolv.conf file. Set system hostname in /etc/hosts and /etc/sysconfig/network # Order of search for /etc/hosts and DNS is in /etc/nsswitch file. The line is: hosts: files dns # NTP settings are in /etc/ntp.conf multiple server lines can be put in like so server 0.rhel.pool.ntp.org server 1.rhel.pool.ntp.org # Make sure NTPD starts on boot: chkconfig ntpd on ################### ### File Systems ### ################### ### fdisk (to make partitions) ### # If you need more than 4 partitions make the first 3 as primart and the 4th as extended. # Extended partition should always be the biggest as the rest parts have to fit in it. # point fdisk to a hard drive (real or virtual fdisk /dev/sda or fdisk /dev/vda # fdisk commands: (m)-for help, (n)-new part, primary-(p) or logical-(l) (e)-extended partition, # (a)-make partition bootable, (w)-write config to disk, (d)-delete part # Select the type of partition after making it with (t)- type . # Types: 82-Linux swap, 83-Linux partition, 8e-Linux LVM partition used as a physical vol ### Parted (to make partitions) ### # Start parted on /dev/sda parted /dev/sda # Make a disk label if need be mklabel (type: msdos) # Make a partiiton (follow the prompts) mkpart # Show changes and check it p # del partition #1 rm 1 # Exit quit # To set flag for lvm or raid (parted) set Partition number? 1 Flag to Invert? lvm or raid New state? [on]/off on # If you make a swap partition, create it and active it with mkswap /dev/sda2;swapon /dev/sda2 # Check a file system for problems by unmouting it and running the fsck command umount /disk1 fsck -t ext4 /dev/sda7 mount /dev/sda7 /disk1 # Convert sda1 from ext3 to ext4 (can't go back after upgrading) tune2fs -O extent,uninit_bg,dir_index /dev/sda1 # check if it worked dumpe2fs /dev/sda1 | grep �Filesystem features� # Format any file systems with ext4. Ex. with /dev/sdb1 mkfs.ext4 /dev/sdb1 ### LUKS ### # LUKS is an encrypted filesystem mounted on a specific directory. # Install needed packages. yum install cryptsetup-luks # Look for kernel modules for LUKS. Might not be loaded by default. lsmod | grep dm_crypt # If not loaded load them modprobe dm_crypt # Make a partition you want to be encrypted with fdisk or parted. Ex. /dev/sda1 # Prepare (initialize) the partition for LUKS. Type your passphrase when asked. cryptsetup luksFormat /dev/sda1 # Get UUID of device (optional) cryptsetup luksUUID /dev/sda1 # Map the device to /dev/mapper. Use your own name here (ev) or use th UUID. cryptsetup luksOpen /dev/sda1 ev # Now format the device in the /dev/mapper dir mkfs.ext4 /dev/mapper/ev # Find UUID of drive (if you don't have it.) dumpe2fs /dev/mapper/ev | grep UUID # Make dir to mount vol to mkdir /ev # Put a line in /etc/crypttab so it will be activated on boot. # This will automatically load the dm_crypt module. # Replace ev with UUID if you choose to use that ev /dev/sda1 none # Put mount line in /etc/fstab either by UUID or the name you have chosen. /dev/mapper/ev /ev ext4 defaults 1 2 or UUID=uuidNumber /ev ext4 defaults 1 2 # Mount disk mount -a # On boot you will have to type a password to mount this LUKS partition # To get device uuid's dumpe2fs /dev/vda1 | grep UUID or dumpe2fs /dev/mapper/7* | grep UUID # You can also use the program blkid blkid /dev/sda1 # Example of mounting NFS mount -t nfs hostname.example.com:/pubic /share # Example mounting with CIFS //server/pubic /share cifs rw,username=user,password=pass, 0 0 ### Automounter ### # Uses autofs service to mount things dynamically. Make sure it's running and starts on boot. # Relevant configuration files are auto.master, auto.misc, auto.net, and auto.smb, in the /etc dir # The misc net smb after the auto. name show what dir things will be mounted to from / # Make sure the /smb /misc /net and others your using for autofs don't exist. They will be auto created. # For example auto.smb would mount to the /smb dir and net mouts to /net (used for NFS mounts) # Automounter settings are in /etc/sysconfig/autofs # In the auto.master the first field is the mount point.The second field is the location of the map file, # The third field can contain information such as a timeout value # Example NFS mount in the /etc/auto.net file. auto.master has to have line /net -hosts project -rw,soft,intr,rsize=8192,wsize=8192 blah.example.net:/proj | | | | localdir mount options remote host remote mount point # Example of a CD mounted to misc. Put this line in auto.misc cd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom # Setting up automounted NFS home dir's. You have to remove your /home dir for this to work. # In auto.master put the line "/home /etc/auto.home" # In /etc/sysconfig/autofs uncomment the lines to DEFAULT_MAP_OBJECT_CLASS=�automountMap� DEFAULT_ENTRY_OBJECT_CLASS=�automount� DEFAULT_MAP_ATTRIBUTE=�automountMapName� DEFAULT_ENTRY_ATTRIBUTE=�automountKey� DEFAULT_VALUE_ATTRIBUTE=�automountInformation� # Make the file /etc/auto.home and put in * -fstype=nfs,rw,soft,intr,rsize=8192,wsize=8192,nosuid,tcp server.example.com:/home/& # restart autofs service autofs restart ########################## ### Package Management ### ########################## # RPM packages can be installed with "rpm -ivh package.rpm" or rpm -ivh ftp://ftp.com/package.rpm # RPM packages can be Upgraded/installed with "rpm -Uvh package.rpm". -U replaces package if it's there, if not it just installs it. # RPM packages can be removed with "rpm -evh package.rpm" # See if package is installed with rpm -q package.rpm. See all install packages rpm -qa # List all file from package rpm -ql # Verify all files within packge against downloaded rpm. rpm --verify -p package.rpm # Install GPG key rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release # Important Yum file /etc/yum.conf and dir's /etc/yum.repos.d & /etc/yum # Get the full list of yum configuration directives and values run: yum-config-manager # Install package with yum yum install packagename # Info about package yum info packagename # Remove package yum erase packagename # Update all packages on system yum update # Search for file in a package yum whatprovides */*filename # Clean up downloaed packages, flush cache headers yum clean all # Look at all package groups available yum grouplist # Find info on a package group. Anything listed in "Optional Packages" will not be installed yum groupinfo "Virtualization" # Install group package yum groupinstall "Virtualization" # Remove group package yum groupremove packagename # GUI package management can be done by running "gpk-application" or # click System | Administration | Add/Remove Software. # Make a simple Yum repo in /etc/yum.repos.d. Example in "man yum.conf" cd /etc/yum.repos.d vi myrepo.repo the file will look like: [myrepo] name=foo baseurl=http://192.168.1.1/inst # Then run yum clean all yum update ####################### ### User Management ### ####################### # /etc/passwd contains basic user info. Column Field Description --------------------------------------------------------------------- 1 Username The users login name. Usernames can include hyphens (-) or underscores (_). They should not start with a number or include uppercase letters. 2 Password The password. You should see either an x, an asterisk (*), or a random group of letters and numbers. An x points to /etc/shadow with the actual password. An asterisk means the account is disabled. A random group of letters and numbers represents the encrypted password. 3 User ID The unique numeric user ID (UID) for that user. By default, Red Hat starts user IDs at 500. 4 User Info You can enter any information of wamt in this field. For example the user�s full name, telephone number, e-mail address, or physical location. You can leave this blank if you like. 5 Home Directory By default, RHEL puts new home directories in /home/username 6 Login Shell By default, RHEL assigns users to the bash shell. Change this to any other shell you have installed on the system. # /etc/group groups users are assigned to. Column Field Description --------------------------------------------------------------------- 1 Groupname Each user gets their own group, with the same name as theirr username. You can also create unique group names. 2 Password The password. You should see either an x or a random group of letters and numbers. An x points to /etc/ gshadow for the actual password. A random group of letters and numbers represents the encrypted password. 3 Group ID The numeric group ID (GID) associated with that user. By default, RHEL creates a new group for every new user. If you want to create a special group such as clowns, you should assign a GID number outside the standard range, otherwise, Red Hat GIDs and UIDs would probably get out of sequence. 4 Group members Lists of usernames that are members of the group. If it�s blank, and there is a username that is identical to the group name, that user is the only member of that group. # /etc/shadow supplent to /etc/passwd file. Consists of Column Field Description --------------------------------------------------------------------- 1 Username Username 2 Password Encrypted password; requires an x in the second column of /etc/passwd 3 Password history Date of the last password change, in number of days after January 1, 1970 4 mindays Minimum number of days that a user must keep a password 5 maxdays Maximum number of days after which a password must be changed 6 warndays # of days before password expiration when a warning is given 7 inactive # of days after password expiration when an account is made inactive 8 disabled Number of days after password expiration when an account is disabled # /etc/login.defs file gives a baseline for a number of parameters in the shadow password suite # MAIL_DIR - locally delivered e-mail, listed by username # PASS_MAX_DAYS - After this number of days, the password must be changed. # PASS_MIN_DAYS - Passwords must be kept for at least this number of days. # PASS_MIN_LEN - A warning is given when a user tries to use a password shorter than this length. # PASS_WARN_AGE - Users are warned this number of days before PASS_MAX_DAYS. # UID_MIN,UID_MAX,GID_MIN, GID_MAX - Mins and maxes of userids and group id's. # ENCRYPT_METHOD - hash type used for passwords on the system. # Their a a bunch more. Look in the file for the rest. # If editing password and group files by hand use the vipw or vigr programs. # Use -s with vipw vigr to edit shadow versions of those files # User "useradd" to add users to the system. Below adds user1 to system. # -c adds comment, -d overrides default homedir, -e expiration date for account # -f # of days after expiration acct expires, -G add user to these groups, -s shell useradd user1 -c Mr.User1 -d /opt/home -e 2013-11-31 -f 1 -G grp1,grp2 -s /usr/bin/chsh # Give user1 a password passwd user1 # Delete user with "userdel". By default user homedir is not removed. -r deletes home dir userdel -r user1 # Add group called clowns use id 1001. omit -g and it takes next available id groupadd -g 1001 clowns # Delete group clowns groupdel clowns # Set a group password with "gpasswd" program. gpasswd mygroup # Modify current users with usermod. -e change expiration, -G adds user to a group, # -L locks account, -U unlocks account, -s new shell, -aG append user to existing group # You can also open the /etc/passwd or /etc/group file by hand. Like changing the users shell. usermod -e 2013-11-30 -s /bin/bash -aG group2 user1 # Groupmod changes group id or groupname groupmod group1 group2 (changes group1 name to group2) # Using SGID bit to allow users who are part of the same group to share files # This assumes we used the commands above to create a group called group1 and # Put our users who want to share files into that group. SGID allows files created # in that directory automatically have their group ownership set to be the # same as the group owner of the directory. You can also set SGID with chmod g+s dirname mkdir /opt/shared chown user1:group1 chmod 2770 /opt/shared # Use gui system-config-users to administer users # Chage command manages password aging info. # -l lists account info, -d last change date for pass, -E assigns expiration for acct, # -I locks acct # days after expire, -m set min number of days to keep pass, -M sets # max # of days to keep pass (-1 to disable), -W days before pass must be changed # Remove virtual console ttys in /etc/securetty file to stop direct root logins. # Virtual consoles are started in /etc/init/start-ttys.conf # /etc/security/access.conf file regulates user access to ttys and remote systems # To only allow users in the wheel group to su to other users uncomment the following line # in the /etc/pam.d/su file auth required pam_wheel.so use_uid # To limit tty's to only the root user make a file called /etc/nologin # put any message you like in the file telling users only root has access. # To execute a command with a groups privs use the sg command. sg group1 -c 'cp /tmp/file1 /home/group1' (copy file1 to the group1 dir) # Change the /etc/sudoers file using visudo to change access users have to the sudo command # Give user1 full system access user1 ALL=(ALL) ALL # Give users in the wheel group full system access with no password wheel ALL=(ALL) NOPASSWD: ALL # /etc/skel dir contains default environment files for new accounts. # /etc/bashrc file is used for aliases and functions, on a system-wide basis # Change system wide umask here, defines the default prompt, # includes settings from *.sh in the /etc/profile.d/ dir # /etc/profile and /etc/profile.d is used for system-wide environments and startup files. # /etc/profile uses PATH, USER, LOGNAME, MAIL, HOSTNAME, HISTSIZE, and HISTCONTROL variables # and runs files in /etc/profile.d # /etc/profile.d directory is designed to contain scripts to be executed by the /etc/profile file ### Configuring an LDAP client ### # You can configure LDAP with the system-config-authentication GUI or authconfig-tui. # The GUI is the preferred method. Try not to do it by hand if at all possible. # Here is the "by hand" method # In the /etc/pam_ldap.conf file check/change the following lines host 127.0.0.1 (change IP to the LDAP server) base dc=example,dc=com (change to base distinguished name) ssl start_tls (Required if TLS support is used to encrypt passwords that are sent to the LDAP server.) pam_password encryption schemes for passwords; crypt, nds, ad uri ldap://127.0.0.1/ (change to ldap server use ldaps:// if using ssl ssl no (change to yes if using ldaps) tls_cacertdir /etc/openldap/cacerts (certs for ssl connection nss_init, groups_ignoreusers root, ldap (Assumes no supplemental groups in the LDAP directory server) pam_password md5 (password type if you want to use RH default change to: exop # In the /etc/openldap/ldap.conf file put the following changing for your enviornment URI ldap://127.0.0.1 HOST ldap1.example.com BASE dc=example,dc=com TLS_CACERTDIR /etc/openldap/cacerts # In the /etc/nsswitch.conf file add ldap to lookups passwd: files ldap shadow: files ldap group: files ldap ####################### ### Different GUI's ### ####################### system-config-lvm system-config-authentication system-config-network system-config-selinux system-config-services system-config-users system-config-firewall system-config-kickstart
If your going to put CentOS 5 on a machine with more than 4 gigs of ram you may need to use the PAE kernel. This is what I learned when moving from CentOS 4 to 5. I had a machine with dual Opteron 290's and 8 gig of ram (4 gig per processor). It was using CentOS 4 with the smp kernel from the CentOS plus repository. After upgrading it to CentOS 5 it put in a similar default kernel and the machine only saw 4 gig of ram.
I was trying to figured out why this was happening when I came across a note in the systems dmesg. Towards the top of the dmesg it said that it saw the 8 gig but was disabling the addressing of memory over 4 gig and to enable PAE. I have not heard of this PAE. So over to wikipedia I went.
I found this in the wikipedia entry:
Physical Address Extension (PAE) refers to a feature of x86 processors that allows for up to 64 Gigabytes (GB) of physical memory to be used in 32-bit systems, given appropriate operating system support. PAE is provided by Intel Pentium Pro and above CPUs (including all later Pentium-series processors except the 400 MHz bus versions on the Pentium M), as well as by some compatible processors such as those from AMD. The CPUID flag PAE is assigned for the purpose of identifying CPUs with this capability.
The processor hardware is augmented with additional address lines used to select the additional memory, and 36-bit page tables, but regular application software continues to use instructions with 32-bit addresses and a flat memory model limited to 4 gigabytes (GB). The operating system uses PAE to map this 32-bit address space onto the 64 gigabytes (GB) of total memory, and the map can be and usually is different for each process. In this way the extra memory is useful even though regular applications cannot access it all simultaneously.
For application software which needs access to more than 4 gigabytes (GB) of memory, some special mechanism may be provided by the operating system in addition to the regular PAE support. On Microsoft Windows this mechanism is called Address Windowing Extensions (AWE), while on Unix-like systems a variety of tricks are used, such as using mmap() to map regions of a file into and out of the address space as needed, none having been blessed as a standard.
So it looked like I needed PAE as my processors supported it (cat /proc/cpuinfo | grep pae) and I was using the 32bit version of CentOS. I remembered seeing a kernel with the PAE in it's name in the CentOS 5 plus repository. Sure enough the latest one was the kernel-PAE-2.6.18-8.1.15.el5.centos.plus.i686.rpm. After installing this kernel and rebooting the machine finally saw all 8 gig of memory.
This is a quick run through of my install of Kubuntu 7.10.
Let me start by saying install K/U/X/buntu 7.10 Gutsy without any network hooked up.
If you don't you may get what I got which was the "looking for mirrors" error at 82% of the install and have it hang. Curse who ever put a ridiculously high timeout (if there is one at all) on this part of the install. If you turn the network off it just warns you that it could not contact the mirrors and keeps going with the install. If your sitting at this error message then pull the plug on your network and it may time out. It did for me.
So I did the normal boot the cd an click the install icon on the desktop. Went through the prompts. Since I was upgrading I had my partitions already setup. I choose the advanced setup and set my / partition to format. I had my /home dir as it's own partition so I did not have to format it. All my configs and backups where in the /home dir so I was all good in formating the root partition. It finished all that and I rebooted.
On first start I had to change my network settings to a static ip. I went to System Settings -> Network Settings. Put in my ip and gateway info. Then clicked apply. The network said it was restarting but the window just sat there and after a min or two I killed it. So I had to restart networking by hand.
sudo /etc/init.d/networking restart
That restarted the network fine and it came right up. Now to modify my apt-sources file and put in extra repositories. During the install when the installer can not find the mirrors it comments out all of the repositories except for the cdrom. So I had to go back in and enable them after I got the network up and running. The line will look like the following.
# Line commented out by installer because it failed to verify:
Below that line is the deb line it commented out. So opened my /etc/apt/sources.list file with an text editor and uncommented the lines that where commented out. Then at the end of each line that had the word restricted put the words "universe multiverse". See the example below for what some of the lines should look like when your done. Just do the same for each section you want turned on (security updates, bug fixes, etc).
# Line commented out by installer because it failed to verify: deb http://us.archive.ubuntu.com/ubuntu/ gutsy main restricted universe multiverse # Line commented out by installer because it failed to verify: deb-src http://us.archive.ubuntu.com/ubuntu/ gutsy main restricted universe multiverse ## Major bug fix updates produced after the final release of the ## distribution. # Line commented out by installer because it failed to verify: deb http://us.archive.ubuntu.com/ubuntu/ gutsy-updates main restricted universe multiverse # Line commented out by installer because it failed to verify: deb-src http://us.archive.ubuntu.com/ubuntu/ gutsy-updates main restricted universe multiverse
I then saved that file and ran the following from a shell to update the sources I just changed
sudo apt-get update
It hung at
Ign cdrom://Kubuntu 7.10 _Gutsy Gibbon_ - Release i386 (20071016.1) gutsy/main Translation-en_US Ign cdrom://Kubuntu 7.10 _Gutsy Gibbon_ - Release i386 (20071016.1) gutsy/restricted Translation-en_US 35% [Waiting for headers]
I hit Ctrl-C to kill it. Then ran the update command again and it went right through.
Now it was time to install my restricted binary only nvidia driver (blob). I saw the icon come up in the taskbar about installed the restricted drivers. I clicked on it and then canceled it. At the time I did not know how to get it back so I just decided to do it with apt because I have always done it that way. So I installed the nvidia driver with the following command.
apt-get install linux-restricted-modules-`uname -r` nvidia-glx
After that I copied over my backed up xorg.conf file to /etc/X11/. I have a 3 monitor setup with Xinearama so it's a special config. If your intrested you can see this config in my section on X from the pantz.org menu. The entry is entitled "X.org config file for 3 monitors". So, Kubuntu saw two of the monitors but not the third. The third monitor was just a screen of colored blocks nothing setup correct at all. Good try kubuntu. Better luck next time. Anyway, I inserted the nvidia module.
sudo modprobe nvidia
Logged out. Then hit Ctrl-Alt-Backspace keys to restart X. All 3 montiors came up so I logged back in.
Then it was time to update some packages I use. I installed them with the following command.
sudo apt-get install ssh procmail mutt postfix lynx fetchmail kicker-applets openntpd binutils gcc make libc6-dev qiv xmms xmms-volnorm mplayer xpdf ispell conky thttpd xterm sox
After doing that I get this message.
Media change: please insert the disc labeled 'Kubuntu 7.10 _Gutsy Gibbon_ - Release i386 (20071016.1)' in the drive '/cdrom/' and press enter
I put the cdrom back in. Opened another shell and gave the command
sudo mount /cdrom
Pressed enter and it started the install. I got this message because I forgot the line
deb cdrom:[Kubuntu 7.10 _Gutsy Gibbon_ - Release i386 (20071016.1)]/ gutsy main restricted
Was at the top of the /etc/apt/sources.list file. I commented the line out for the future and issued a "apt-get update" after commenting it out.
After all the software installed I copied over all my configs I saved for postfix, openntpd, and thttpd.
sudo cp postfix/main.cf /etc/postfix/ sudo cp thttpd/thttpd.conf /etc/thttpd/ sudo cp openntpd/ntpd.conf /etc/openntpd/ sudo /etc/init.d/openntpd restart sudo /etc/init.d/thttpd restart sudo /etc/init.d/postfix restart
Soon after that I tried to start the binary version of firefox 2.0.7 and got this error.
firefox-bin: error while loading shared libraries: libstdc++.so.5: cannot open shared object file: No such file or directory
I fixed this by installing the standard libc++ 5 library.
sudo apt-get install libstdc++5
That was about it. Everything else just worked.