= Robbery = machine = year old = month =
October 4, 2004
Download the entire website with wget
Wget -r -p -np -k http://202.38.75.11/~jbhuang/blog/
Kingpaul @
06:40 PM published
Linux |
Edit |
Message (0) |
TRACKBACK (0)
September 23, 2004
Configuring DHCP Server under Linux
http://www.codesky.com/info/5144.htm
Configure DHCP
RedHat provides DHCP services using the DHCPD process, and the DHCPD is automatically read when the DHCPD is automatically read. DHCPD Saves the customer's lease information in the /var/lib/dhcp/dhcpd.Leases file, which is constantly updated, and you can find the IP address assignment from this.
DHCPD To provide services to a subnet, DHCPD needs to know the network address and network mask of the subnet, and also know the range of address assignments, and give a simple DHCPD.conf file:
Subnet 192.168.100.0 Netmask 255.255.255.0 {
Range 192.168.100.10 192.168.100.253;
}
In this case, DHCPD will assign the IP address of 192.168.100.10 to 192.168.100.253 to 192.168.100.0 networks.
Rental time can be from 0 seconds to infinity, and can be scheduled as needed. The default rental period is one day, ie 86400 seconds. You can define two lease lengths for the host:
Default-Lease-Time default rental time;
Max-Lease-Time users can get the maximum tenure time.
The following configuration sets the default tenation time to 10 minutes, the maximum rental time is 1 hour:
Subnet 192.168.100.0 Netmask 255.255.255.0 {
Range 192.168.100.10 192.168.100.253;
Default-Lease-Time 600;
Max-Lease-Time 3600;
}
DHCP can also provide more parameters to customers, these parameters can be specified with option, for example:
Subnet 192.168.100.0 Netmask 255.255.255.0 {
Range 192.168.100.10 192.168.100.253;
Default-Lease-Time 600;
Max-Lease-Time 3600;
Option Subnet-Mask 255.255.255.0;
Option Routers 192.168.100.254; Default route
Option Domain-name-Servers 202.102.134.68; DNS server
}
Now everyone should have a understanding of the DHCP configuration. In fact, the process is so simple, and there is a window paper in the middle.
Actual drill
Next, give you an example, configure my RedHat9.0 into a DHCP server.
Vi /etc/dhcpd.conf
After the configuration, the content of the file in my machine is as follows (the part of the comment has been deleted, as for the original text, everyone can control / usr / share / doc /
DHCP-3.0PL1 / DHCPD.CONF.SAMPLE file):
[root @ rh9 test] # more /etc/dhcpd.conf
DDNS-UPDATE-STYLE INTERIM;
Ignore client-updates;
Subnet 192.168.0.0 Netmask 255.255.255.0 {
Option routers 192.168.0.1; Option Subnet-Mask 255.255.255.0;
Option Broadcast-Address 192.168.0.255;
Option Domain-name-Servers
202.96.199.133, 202.96.133.134;
Range Dynamic-bootp 192.168.0.1 192.168.0.255;
DEFAULT-Lease-Time 21600;
Max-Lease-Time 43200;
}
I explained this, first, the SUBNET defines the address of the network, then Option Routers defines the gateway address; SUBNet-Mask defines the subnet mask; Broadcast-address defines the broadcast address; Domain-name-servers defines the address of DNS Nameserver; Dynamic-bootp is the address assigned to the client, defined 192.168.0.1 - 192.168.0.0.0.1- 192.168.0.055 The entire network segment address; the last 2 line is the default rental time of the assigned address is set to 10 minutes, the longest rent Time is 1 hour. In this way, a DHCP server is configured.
We can test the results: on another redhat Linux7.2, set the IP to the IP address of the DHCP host, configure it through the NetConfig command.
Check configuration:
[root @ rh72 root] # more / etc / sysconfig / network-scripts / ifcfg-eth0
Device = eth0
Onboot = YES
Bootproto = DHCP
[root @ rh72 root] #
Determine the network card is already DHCP.
[root @ rh72 root] # ifconfig
Eth0 Link Encap: Ethernet Hwaddr 00:0c: 29: A3: C6: 71
inet addr: 192.168.0.254 Bcast: 192.168.0.255 Mask: 255.255.255.0
View the address, found that ETH0 has allocated a 254 address, indicating that the DHCP server is successful.
summary
At this point, we have completed the installation and configuration of a Linux DHCP server. During the actual use, the above operation steps should meet the needs of general applications, but we also need to study specific command parameters, so that the DHCP server can better serve us.
Kingpaul @
05:13 PM published
Linux |
Edit |
Message (0) |
TRACKBACK (0)
September 16, 2004
VNC
VNC (Virtual Network Computing, Virtual Network Calculation) is a lightweight remote control program for displaying the entire desktop of the remote computer. 1. Download: http://www.uk.research.att.com/vnc2. How to use: 1) Server: # vncserver $ vncserver Notes each user can start your own VNCServer, each user can start more VNCServer, with display port numbers: 1,: 2,: 3, etc. 2) Client: a) Under Linux, run the vncviewer command, the writing of the server address, such as 192.168.3.119: 1B) Under Windows, running the Windows version of VncViewer, usage is similar to Linux. c) Use a browser (platform-independent), as a Java Applet, to start with http://192.168.3.119:5801 3) Password modification: First starting vncserver will prompt the password, then modify If you are running: # vncpassword4) Stop VNC Server: # vncser -kill: 2 Note that vncserver can only be shut down by the user who starts its user, instant to ROOT can not close the VNCServer on other users, unless used Kill Commands violent kills the process. 5) Specify the display port number Start VNC Server: #vncserver: 3 $ VNCSERVER: 66) Set VNC Server Resolution: #VNCServer -Geometry 800x600 # vncser -gemetry 640x4807) Set the color depth of VNCServer: 8 bits are 256 colors, 16 bits Stability settings for 64k # vncserver -depth 8 # vncserver -depth 168) Stability Settings: VNCServer When multiple clients are connected to the display port of the same VNCServer, the VNCServer port is old, and the new connection service can be rejected through -Dontdisconnect The new connection request keeps the old connection. 9) Set the same display port of VNCServer to connect multiple clients #vncserver -alwaysshared10) VNC reverse connection
In most cases, VNCServer is in a listening state, and the VNC Client actively issues a request to establish a connection. However, in some special occasions, it is necessary to let the VNC client in listening state, and the vncsrever actively issues a connection request to the client, which means the reverse connection of the VNC. The main steps:
a) Start the VNC Client to make VncViewer in listening status
#vncviewer -listen
b) Start VNCServer
#VNCServer
c) Execute the vncconnect command in the VNCServer side, initiate a Server to Client request
#Vncconnect -display: 1 192.168.3.69
Kingpaul @
02:00 PM Posted
Linux |
Edit |
Message (0) |
TRACKBACK (0)
Samba configuration in Linux system (transfer)
http://www.ccw.com.cn/htm/app/salon/01_8_8_2.asp
Foreword: In order to achieve resource sharing between Windows and Linux and other operating systems, software companies launched two solutions for NFS and Samba. Due to the lack of client tools like PC-NFS, Linux and Windows resource sharing becomes complicated. The emergence of Samba solves this problem, which is more interested in more and more people with its simple, practical, flexible configuration. Windows uses the SMB protocol to implement files and printer sharing between operating systems, while Samba itself has an SMB protocol, which implements resource sharing in the LAN and Windows Series Computer. This article focuses on the configuration of Samba under the Linux system, discussing the resource sharing of Windows and Linux within the LAN. I. Samba introduction 1. SMB protocol SMB (Server Message Block, Service Information Block) protocol is a protocol for shared file / printers on the LAN, which can provide file systems, print services for other Windows and Linux machines inside the network. . The SMB's working principle is to let NetBIOS and SMBs run over TCP / IP and use NAMSERVER using NetBIOS to let Linux machines can be viewed in Windows network neighbors. 2, Samba Samba is a software used to implement SMB, developed by Australia Andew Tridgell, is a free software running in a Linux environment. It can do the following features: file services and print services, implement Windows and Linux resource sharing. The login server can be used as a server of the LAN. As the main domain controller. WINS server. Support SSL. Supports SWAT. Second, Samba Services 1, the core process Samba has two daemons: SMBD and NMBD, which are the core process of Samba. The NMBD process browsing other computers, and the SMBD process processes them when the SMB service request arrives, and coordinates for resources used or shared. 2, start the service Samba has two startup methods: daemon form and inetd form. (1) DAEMON Form Set the startup script: rc.samba smbd -d -d1 nmbd -d -d1 -d indicates that in the form of daemon; -D1 indicates the unligrated recording level execution script file rc.samba (2) inetd form setting file : / ETC / Services Netbios -ssn 139 / TCP NetBIOS -S 137 / UDP Setup file: /etc/inetd.conf netbios -ssn stream TCP NOTBIOS-USR / SBIN / SMBD SMBD NetBIOS-NS DGRAM UDP WAIT ROOT / USR / SBIN / NMBD NMBD restart inetd daemon # kill -hup 1 3, the client tool SMBCLIENT SMBCLIENT command is used to access resources on the remote Samba server. Its command form is similar to FTP. Command syntax is: #smbclient [password] [option] (1) Explanation: ServiceName is the resource name to connect, the form of the resource name is as follows: // Server / Service Server is the NetBIOS name of the remote server, for the Windows server, It is the name of the online neighbor. Service is the name of the resources provided by each Server. PSSword is a variety of command options you need to access the resource, where -l is used to list all resource -i specified IP addresses provided by the remote server. At this point, the NetBIOS name part in ServicesName will be ignored.
(2) A variety of SMBCLIENT commands: After executing the smbclient command, enter the SMBClient environment, the prompt: SMB: /> There are many commands and FTP commands, such as CD, LCD, GET, MEGT, PUT, MPUT, and the like. Through these commands, we can access the shared resources of the remote host. 4. Samba System Loading and Uninstall (1) Loading other hosts We can use the SMBMount command provided by Samba to load resource for other hosts. SMBMount command syntax: # SMBMOUNT where ServiceName is the resource name, Mount-Point is the installation point. For example: # SMBMount "// server / tmp" -c 'mount / mnt' Indicates: load the content "TMP" of the shared resource "TMP" on a computer name "Server" to the local / mnt directory. (2) Uninstalling resources Uninstall a loaded SMB file system, use the SMBUnmount command, and specify the loading point to which you want to uninstall. For example: # SMBUNMOUNT / MNT 3, Samba Configure the configuration file of the Samba component is /etc/smb.conf, which contains all configuration information required for Samba system program runtime. 1. Several important sections in the configuration option configuration file: [Gloabal], [Homes], [Printers], the following gives the description. (1) [GLOABAL] In the global parameter, the settings of the parameters directly affect the Samba system. NetBIOS Name: Sets the host name Workgroup: The NT domain name or workgroup name to specify the network located on the network where the host is located. The format is Workgroup = NT Domain-name or Workgroup-name server string: Used to set this unit, the default is Samba Server Host Allow: It allows which areas allowed to access its Samba server load printers: Allow automatic loading printer List, without having to set up each printer separately. Interface: Configure Samba using multiple web interfaces. Domain Controller: Use this option only when there is a network in the network to be installed as the primary domain controller. Security: Set the security parameters to define security mode. Samba's security model has four Share, User, Server, Domain Encrypt Passwords, SMB Passwd File: Used to apply to encryption passwords.
The following are some examples of configuration parameters: [global] smb passwd file = / etc / smbpasswd remote announce = 172.18.158.234 172.18.153.55 172.18.153.255 dns proxy = no security = user encrypt passwords = yes server string = Ftp Server workgroup = turing socket options = TCP_NODELAY SO_RCVBUF = 8192 SO_SNDBUF = 8192 log file = /var/log/samba/log.%m load printers = yes guest account = dscan remote browse sync = 172.18.158.234 172.18.153.55 172.18.153.255 printcap name = / etc / PrintCap Max log size = 50 hosts allow = 172.18.158. 172.18.153. 127. ... ... ... ...] 节 节 的 目 When any customer accesses the Samba server, in network resources You can have your own home directory sharing. It is configured as follows: [Homes] comment = hnnw directories browseable = no write = yes (3) User shared directory is used to specify a specific user group or a directory configuration with access to access, the following parameter configuration is only the HNNW group Visit Directory / HOME / Samba. [public] comment = public hnnw path = / home / samba public = yes write = yes printable = no write list = @hnnw 2, user mapping global parameter "username map" is used to control user mapping, which allows administrators to specify a mapping File, this file contains information on user mapping between clients and servers. Such as: username map = / etc / smbuser user mapping is often done between Windows and Linux hosts. The two systems have different user accounts, and the purpose of the user mapping is to make different user mappings into a user, which is easy to share files. Below is an example of a mapping file: # Map Windows Admin To Root Root = Admin Administrator; map The Member of Developer To Studio Studio = @Developer 等 左 单 单 单 l 号 单 单 单 单 单 单 单 单 单 单 单The server is analyzed by line by line. If the information provided and the account in the right list matches the account, it is replaced with the account left. 3. Use the new version of Windows 95 and Windows 98, Winnt (SP3 orientation) to pass only the encryption password as user authentication is transmitted in the network transmission. This type of client and the Samba server that do not support the encryption pass and the Samba server running in the User security level will fail. For normal communication, the Samba server uses an encrypted password. Here is how to use encrypted passwords in Samba.
(1) Password file / etc / smbpasswd In order to use the encryption password, Samba requires a password file (/ etc / smbpasswd), and the file should be synchronized with Linux password file (/ etc / passwd). Here is the generated file command: # cat / etc / password | mksmbpasswd> / etc / smbpasswd smbpasswd is a required password file, whose permissions are 0600, the owner is the record corresponding to the root smbpasswd file, the password is different. The password has two components, each part is 32 "X", the front part is used to communicate with the LANMAN communication, the back part, and Windows NT. Root users can use the smbpasswd command to set Samba passwords for each user. (2) Modify the configuration file /etc/smb.conf To make Samba use the encrypted password, you need to add the following parameters in the configuration file SMB.conf. Encrypt Passwords = YES SMB Passwd File = / etc / smbpasswd The first line notifies Samba Use the encrypted password to give the second line to the location of the port file. (3) Restart Samba services. After modifying the configuration file, you need to restart the Samba service, you can use the following command: # / usr / sbin / samba restart 4, the clear password in the Windows system uses the clear password in the Samba system as the default setting of the connection SMB. When the SMB server responds to the negotiation protocol, the response information contains a bit to illustrate whether the server supports inquiry or responding. With the release of Win95's network redirection update, Microsoft modifies the default value so that Windows customers will not send a clear password to unsupported servers. In this case, there are two solutions: (1) Setting the Samba server Use the encryption password (2) to make Windows customers use the coded password here to select the second solution to implement it by modifying the registry. The following will be given to the WIN95 / WIN98, WINNT users. (1) WIN98 / WIN95 system users add the following registration words in the registry, and restart the machine: [HKLM / System / CurrentCntrolSet / Services / VXD / VNETSUP] "EnablePlainTextPassword" = dword: 00000001 (2) Winnt system user modification registration Table, add the following registry key, and restart the machine: [HKLM / System / CurrentCntrolset / Services / RDR / parameters] "EnablePlainTextPassword" = dword: 00000001 4, Samba Application 1, Windows Resource Sharing and Use (1) Windows Resources Sharing a. Use the TCP / IP protocol as the network default communication protocol B. Modify the network configuration, set files, and printer sharing. c. Set the computer name and the working group D. Shared System Resources (2) Use Linux shared resource a. Log in to Windows Network B. Log in to Windows Network B. View the shared resources via online neighbors.
c. Command line tool Use the shared resource using the Net.txt tool in the command line to view, using the shared resource: NET USE command syntax: c:> net use x: // Servername / Sharename here, x: is shared The drive letter, // servername / sharename is the network path to the shared UNC. For example: c: /> net use h: // hey / myfile means: mapping the MyFile shared resource on the HEY machine into a local H disk 2, Linux resource sharing and use (1) Configuring Linux resources by editing Samba configuration Document adds Linux resources that need to share. At the same time, you can set the user base and its access rights to this resource. Below is an example, share this / public / data directory, all people have read and write permissions. [data] comment = public data path = / public / data public = yes Writable = yes printable = no (2) Using shared resources in Linux can use the SMBCLIENT command to access all Samba resources. See the foregoing details. V. Samba Application SMBClient: Access all shared resource SMBSTATUS: List all current Samba connection status SMBPasswd: Modify Samba user passwords to increase Samba users. NMBLOOKUP: Used to query the host's NetBIOS name, and map it to the IP address TestParam: The parameter setting in the configuration file is set to correct the Samba configuration in the correct Linux system Kingpaul @
11:25 am published in
Linux |
Edit |
Message (0) |
TRACKBACK (0)
Several commands for operating discs under Linux
1. Making an ISO file from the CD: #CP / dev / cdrom ISO file name The same can be used to change the above / dev / cdrom to / dev / fd0, / dev / sda1, etc., the device file name, etc. U disk ISO image file 2. Make ISO files using the directory file #MKisofs -r -o ISO file name path Name 3. Burn discure to detect CD recorder parameters: #CDRecord -scanbus ... Scsibus0: 0, 0, 0 0) 'Samsung' 'CDRW / DVD DATA-348B' 'T501' Removable CDROM ... then burn: #cdrecord -v speted = burning speed dev = burner device number ISO file name is: #cdrecord -v speted = 8 DEV = 0,0 /Home/share/data.iso
Kingpaul @
10:44 am published in
Linux |
Edit |
Message (0) |
TRACKBACK (0)
September 14, 2004
About NFS
1. Install the package for Portmap and NFS-Utils2. Profiles / etc / exports, format: / home / share * (SYNC, RO) 192.168.3.69 (SYNC, RW) / Home / FTP 192.168.1.0/24(Sync , RO) / home / public * .test.com (SYNC, RW) 3. NFS boot: #service portmap start # service nfs start: showmount: Showmount: Display connection to the specified NFS server ShowMount -E [NFS Server Host Address]: Displays the output directory list showmount -d -d [NFS server address] indicating the NFS server: Display all output directory ShowMount -a [NFS server host addresses]: Show specified NFS All client hosts of the server and their connections 5. exportfs command: Exportfs -rv: Re-read the settings in the exports file without restarting the NFS server Exportfs -auv: Stop the NFS server in the current host All directory output exportfs -av: Output all shared directories of the NFS server in the current host 5. Hang / Uninstall the shared directory in the NFS server #Showmount -E 192.168.3.69 [root @ jbhuang rh root] # Showmount-E 192.168.3.119Export List For 192.168.3.119:/writable ns.infonet.org [root @ jbhuang rh root] # mount 192.168.3.119:/Writable / MNT / NFS [root @ jbhuang rh root] # ls / mnt / nfsqterm qterm-0.3.6.tar. GZ [root @ jbhuangrh root] # umount / mnt / nfskingpaul @
08:27 PM published
Linux |
Edit |
Message (0) |
TRACKBACK (0)
September 09, 2004
Apache Named Configuring Virtual Host System: Mandrake10.0, RH9's named NAMED has been inseparable, and then look at it in the afternoon.
1. Apache installation and configuration:
Download a httpd-2.0.50.tar.gz on the official homepage of 64.123 or apache.
#TAR XVZF httpd-2.0.50.tar.gz
#. / configure --prefix = / www / apache; make; make install
Edit / WWW/apache/conf/httpd.conf, after doing other basic configurations, to the section3 of the file, modify the following, add two virtual hosts:
#
# Use name-based virtual hosting.
#
NamevirtualHost *: 80
## VirtualHost example: # Almost any Apache directive may go into a VirtualHost container # The first VirtualHost section is used for requests without a known # server name #..
Save exit, then add different homepage files in / www / apache / sunshinedocs, and finally: # / www / apache / bin / apachectl start Start httpd2. Named installation configuration My Linux is FTP installation Therefore, as long as you use the following command to put Named, it is very simple. #urpmi name Edit /etc/named.conf, add: Forward first; forwarders {202.38.64.1;}; Add the following statement: zone "infonet.org" {type master; file "name2ip.db"; allow --UPDATE {localhost;};
Save exit. Then add a file Name2ip.db in / var / named / to: $ TTL 86400 @ in SOA Kingpaul.infonet.org. Root.kingpaul.infonet.org. (20011116012880014400360000086400)
In ns kingpaul.infonet.Netin A 192.168.3.153
Kingpaul in A 192.168.3.153sunshine in A 192.168.3.153jbhuang in A 192.168.3.61Localhost A 127.0.0.1
Then, edit /etc/resolv.conf, add field search infonet.orgservername 192.168.3.153 Last: #serice named restart boot NAMED
3. On another machine, set the DNS server to 192.168.3.153, nslookup kingpaul.infonet.org and nslookup sunshine.infonet.org found that the addresses are the same, open IE, address Kingpaul.infonet.org and Sunshine.infonet.org, you can open different homepages, and the virtual host settings are successful.
Kingpaul @
02:09 PM Posted in Linux |
Edit |
Message (1) |
TRACKBACK (0)
August 31, 2004
PROFTPD installation and configuration
XINETD mode: http://www.17la.com/mc_631.htmlstandalone mode: http://www.fanqiang.com/a6/b2/20011020/0905001485.html A ProftPD configuration example: http: //blog.9cbs. Net / Swordzjj / Archive / 2004/06/30 / 30490.ASPX
Kingpaul @
10:09 am published in
Linux |
Edit |
Message (0) |
TRACKBACK (0)
August 30, 2004
Dongdong related to OpenSSH
First, Install and Configure OpenSSH Server: 1 Install the package (omitted). 2 OpenSSH server configuration file: / etc / ssh / sshd_config3 Penssh server status: #service sshd status4 boot / stop / restart ENSSH Server: #service sshd start / stop / restart5 Setting OpenSSH Server default start: #CHKConfig --level 35 sshd on #LS /etc/rc3.d/|grep sshd 2, SCP: Copy file from the remote host to this machine #SCP root@192.168.3.119: / etc / passwd. 3, sftp: Using the SSH protocol FTP
Kingpaul @
03:23 PM Posted
Linux |
Edit |
Message (0) |
TRACKBACK (0)
(Notes) Linux Configure Telnet Server
1. Install the Telnet-Server package. () 2. Setting Telnet-Server Start Telnet Server does not run as a stand-alone server program, but is controlled by the XINETD program, start the configuration file to /etc/xinetd.d/telnet, the default xinetd program does not start Service, you can see Telnet in ChkConfig --List, which is closed, / etc / xinetd.d / telnet, DISABLE = YES can start Telnet Server: 1) CHKCONFIG TELNET ON / / This command modifies / etc / XINETD.D / TELNET configuration, setting disable = no 2) Service Xinetd Restart CHKCONFIG --List Seeing Telnet Server has started.
Kingpaul @
11:19 am published in
Linux |
Edit |
Message (0) |
TRACKBACK (0)
August 27, 2004
GRUB Getting Started
LILO needs to know the actual location of your kernel on the drive, but grub does not need, but it can also read the file system to identify kernel images, but it also supports the latest 2.4.1 kernel's REISER log file system. This means you don't have to reinstall the GRUB after updating the kernel or changing the configuration file. If BIOS supports LBA, there is no problem with 1024 cylinders. There is also a network boot and diskless client.
However, maybe we are too familiar with LILO, or maybe Grub still need to improve? In short, it is not a very easy thing to install GRUB. Below we will introduce GRUB installation and configuration.
installation
Unlocate the file under the / tmp directory:
# TAR ZXVF GRUB-0.5.96.1.tar.gz
Enter the "GRUB-0.5.96.1" directory, compiler:
#./configure # make # make install
Configuration:
Like many of the multi-start management programs we usually see, GRUB provides a menu interface (Lilo is not a menu interface). GRUB's default installation location is / boot / grub, and the configuration file is also placed in this directory. The default configuration file name is menu.lst. The functionality of this file is just like lilo.conf, defines multiple boot options and disk images.
Let's look at a demonstration example of a menu.lst file:
Timeout 5 Color Black / Yellow Yellow / Black Default 0 Password FreeOS
Title My Mandrakekernel (HD0, 1) / VMLinuz root = / dev / hda3 IDebus = 66
Title My Red Hatkernel (HD0, 6) / Boot / VMLinuz Root = / dev / hda7 IDebus = 66
Title W2k Proroot (HD0, 0) MakeActive ChainLoader 1
Let us analyze the meaning of each option in detail:
Timeout - Display Delay Time (Second) Color - Menu The color combination of menus, the first set of colors is the foreground and the background color, and the second group is a combination of highlights. Default - Defines the default startup port, where 0 is the first entry using the definition. Password - Defines the password required when entering the GRUB advanced feature. GRUB uses it to read the characteristics of the file system, providing very powerful features. For example, the user can lose 'CAT / etc / shadow' at GRUB to read files that contain encrypted passwords without entering your system! So, set a password for your system.
The following analysis starts the entry, each entry should start with a 'title' keyword, followed by keeping the description of the startup entry. Next is the 'Kernel' entry,
KERNEL (HD0, 1) / VMLinuz root = / dev / hda3 HDC = IDE-SCSI
According to GRUB's naming rules for the device, we can easily understand the meaning of the above line: the hard drive device is named FDX, the hard disk is HDX, which needs to be remembered from 0, so the first hard disk is HD0 rather than HD1. The equipment name is enclosed in parentheses, and the partition on the hard disk is connected with a comma. For example, (HD0, 1) represents the second partition on the first hard disk, and (HD1, 5) represents the first logical partition on the second hard disk.
GRUB can read most file systems, the top line specifies that GRUB looks for / vmlinuz files on the second basic partition on the first hard disk, you also need to specify 'root = / dev / hda3' (assuming your root file system Located / dev / hda3), otherwise the kernel cannot hook the top file system, which is the other parameters you want to join. These parameters are the same as the parameters of the kernel when the LILO is started, or the same parameters behind the append in lilo.conf.
Another more special entry is the entrance to starting Windows 2000. The root entry points to the installation location (C: /) of Windows 2000, the next entry sets the partition activation flag, the last entry tells the GRUB to search the first sector of the partition To launch the operating system there.
The above is an analysis of a typical multi-start setting for GRUB. Before formal start installing GRUB, it is recommended that you have a Lilo boot disk or an emergency start disk to prevent it. Log in with root, entered the "GRUB" command, you will see the following screen:
GRUB VERSION 0.5.96.1 (640K Lower / 3072K Upper Memory)
[Minimal bash-like line editing is supported. For the first word, Tab Lists Possible Command completions. Anywhere Else Tab Lists the Possible Completions of a device / filename.]
GRUB>
The above is the GRUB prompt, we have to install GRUB in this prompt.
GRUB> Install (HD0, 1) / Boot / GRUB / Stage1 D (HD0) (HD0, 1) / Boot / Grub / Stage2 P (HD0, 1) /BOOT /GRUB / MeNU.lst
GRUB is divided into two main steps, stage1 and stage2. Stage1 is a mini code embedded in MBR. Stage2 is the main part, and after the Stage1 passes the control to it, it will take over everything.
After install, specify the location of Stage1, we not only illustrate its partition location: (HD0, 1), because GRUB can read the file system, so also explain the directory location on the partition: / boot / grub / stage1, and D parameter indicates that stage1 will Look for the disk where Stage2 is located. Then the installation location of GRUB: (HD0), here is the installation in MBR. The following parameters specify the position of the Stage2: (HD0, 1), and the definition of Stage1. The P parameter specifies the location of the menu.lst file.
For / boot as an example of a separate partition, you need to use the following command line:
GRUB> Install (HD0, 1) / GRUB / STAGE1 D (HD0) (HD0, 1) / Boot / GRUB / Stage2 P (HD0, 1) /grub/menu.lst
The above example assumes that / boot is located (HD0, 1) (which is HDA2), and / located in (HD0, 2) (that is, HDA3), we can't use '(HD0, 2) / boot / grub / stage1', because GRUB I don't know (HD0, 1) is / boot, so I must first point to the partition mounted as / boot, and point the directory to it.
After restarting the system, you can see the GRUB menu. It seems that it seems very cumbersome, so long ordered, yes! For those who can use LILO, maybe there is no need to play this dangerous game. However, for those who want to use GRUB enhancements, try GRUBs may not intentionally. My friend told me that he can't identify 1G memory with lilo, I hope GRUB can help. This article is designed to throw bricks, and GRUB has a lot of functions to be developed.
If you have trouble in configuration and installation, why don't I use INFO GRUB or Man GRUB to seek help? Or simply on the official website of GRUB
http://www.gnu.org/software/grub/
Looking for FAQ and other documents?
GRUB Download Location: ftp://alpha.gnu.org: / GNU / GRUB / Up to the date of writing is: 0.5.96.1kingpaul @
08:16 PM published
Linux |
Edit |
Message (0) |
TRACKBACK (0)
August 23, 2004
Literacy - / etc / fstab
Reprinted, incomplete version: http://www.mhdn.net/o/2002-01-19/4337.html
1 FSTAB file role file / etc / fstab stores file system information in the system. When the file is set correctly, you can load a file system through the "Mount / DirectoryName" command, each file system corresponds to a separate row, and the fields in each row have spaces or TAB keys. At the same time, FSCK, MOUNT, UMOUNT uses the program.
2. FSTAB File Format The following is a routine of the / etc / fatab file: fs_spec fs_file fs_type fs_options fs_dump FS_Pass / DEV / HDA1 / EXT2 Defaults 1 1
FS_SPEC - This field defines the device or remote file system where you want to load, for a general local block device: IDE device is generally described as / dev / hdaxn, x is the IDE equipment channel (A, B, OR c), N represents partition number; SCSI device is described as / dev / sdaxn. For NFS situations, formats are generally:, for example: `knut.aeb.nl: / '. For ProCFS, use `proc 'to define.
FS_FILE - This field describes the desired file system loaded directory points, for the SWAP device, which is none; for the load directory name contains space, use 40 to represent spaces.
FS_TYPE - Defines the file system on the device, which is generally common file type EXT2 (common file type of Linux device), Vfat (FAT32 format of Windows system), NTFS, ISO9600, etc. FS_OPTIONS - Specifies the file system that loads the device is a specific parameter option that needs to be used, and multiple parameters are separated by commas. For most systems use "defaults" to meet the needs. Other common options include: Option Meaning RO Loads this file system SYNC to buffer the write operation of the device, which prevents the file system in the case of abnormal shutdown, but reduces the computer speed USER allowed Ordinary users load this file system Quota to force disk quota on this file system to load the file system without using mount -a commands (such as system startup)
fs_dump - This option is used by the "dump" command to check that a file system should be dump with multiple fast frequencies. If you do not need to dump, set this field to 0
FS_PASS - This field is used by the fsck command to determine the order in which the file system that needs to be scanned at startup, the root file system "/" to the value of the field should be 1, and the other file system should be 2. If the file system does not need to scan at startup, set this field 0
3. Sample file # / etc / fstab / dev / hda9 swap swap defaults 0 0 / dev / hda1 / ext2 defaults 1 1 / dev / hda5 / home extra2 defaults 1 1 / dev / hda6 / usr ext2 Defaults 1 1 / dev / HDA7 / USR / LOCAL EXT2 DEFAULTS 1 1 / dev / hda8 / var ext2 defaults 1 1 1 / dev / hdb / cdrom iso9660 Noauto, user 0 0 none / proc proc defaults 0 0 none / dev / pts devpts gid = 5, MODE = 620 0 0kingpaul @
10:22 PM published
Linux |
Edit |
Message (0) |
TRACKBACK (0)
August 07, 2004
Some Links About UNIX / Linux
What is UNIX: http://www.mhdn.net/O/2002-01-20/4345.html What is Linux: http://www.kingsoft.com/c/2004/06/09/116860.shtmlhttp : //www.kingsoft.com/c/2004/06/09/116861. The important event in the history of SHTML open source: http://www.kingsoft.com/c/2004/06/09/116850.shtmlhttp: //www.kingsoft.com/c/2004/06/09/116851.shtml
Kingpaul @
04:29 PM published
Linux |
Edit |
Message (1) |
TRACKBACK (0)
July 11, 2004
(Popular) What is GNU
Both banners in this picture contain a GNU, one of which read "What's GNU?", And another read as "GNU's Not Unix!". In the middle, it is a expression like a GNU avatar that is proud of being surpassing others.
We thank Etienne Suvasa to draw this What's GNU art.
Used to describe the GNU on this website includes:
GNU plan GNU statement (31K)
This picture has the following formats to get:
JPEG 8K, 21K PNG 2K, 5K
Other artworks in the GNU gallery.
Due to the patent problem, there is no GIF format.
Return to the GNU Home.
Please send the query & problem of the Free Software Foundation (FSF) & GNU to gnu@gnu.org. You can also contact the Free Software Foundation (FSF) through other contact methods.
Please send the recommendations on the webpage to WebMaster@www.gnu.org, and other questions are sent to GNU@gnu.org.
Copyright (C) 1996, 1997, 1998 Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA
The full text can be reproduced in any media under the premise of ensuring integrity - this label must be retained.
Chinese translator: Ma Xueping. Verify readers: Liu Zhaohong. This article is translated from English: $ 20 Mar 2000 Tower $ Final Modification Date: May 09, 2002.
Kingpaul @
09:55 PM published
Linux |
Edit |
Message (0) |
TRACKBACK (0)
(Popular) Linux?
http://202.38.75.1/~jbhuang/blog/archives/linux.htm
Kingpaul @
08:48 PM published
Linux |
Edit |
Message (0) |
TRACKBACK (0)
(Literacy) RPM command parameter list
1. Install a package # rpm -ivh 2. Upgrade a package # rpm -uvh 3. Remove a package # rpm -e 4. Installation parameters - forced the file even if the file that belongs to other packages is forced to install - Nodeps if The installation of the RPM package relies on other packages, even if other packages are not installed, it is also forced to install. 5. Query if a package is installed # rpm -q
RPM Command Manual This article comes from: http: //www.chinaunix.net [Linux] version Author: wind521 (2002-05-20 06:02:01) First, install
Command format:
RPM -I (or --Install) Options file1.rpm ... filen.rpm
parameter:
File1.rpm ... file name of the RPM package to be installed by Filen.rpm
Detailed options:
-H (or --hash) outputs the Hash mark (`` # '') --Test only tests the installation and is not actually installed. --Percent outputs the scheduled progress in the form of a percentage. --ExCludedocs Do not install document files in the package - Remnocs to reinstall the installed package - Replacing files belonging to other packages - AllCeFiles Replace the Conflict for other packages - AllCE ignore packages and files --Noscripts Do not run pre-installation and post-installation scripts --Prefix
Install the package to by
Specified path
- IgnoreArch does not check the structure of the package
--ignoreos does not check the operating system running in the package
--Nodeps does not check dependency relationship
- FTPPROXY
use
As an FTP agent
- FTPPORT
Specifies the port number of FTP
General option
-v Display additional information -VV display debugging information - ROOT
Let RPM will
The specified path is "root directory", so pre-installer and post-safety
The installer will be installed in this directory.
--rcfile
Set the RPMRC file
--Dbpath
Set the path where the RPM data inventory is
Second, delete
Command format:
RPM-E (or --rase) Options Pkg1 ... PKGN
parameter
Pkg1 ... PKGN: Package to delete
Detailed option
--Test only executes the deleted test - Noscripts Does not run the pre-installation and post-installation script program - Nodeps does not check dependency
General option
-VV display debugging information - ROOT
Let RPM will
The specified path is "root directory", so pre-installer and post-installation
The program will be installed in this directory
--rcfile
Set the RPMRC file
--Dbpath
Set the path where the RPM data inventory is
Third, upgrade
Command format
RPM -U (or --upgrade) Options file1.rpm ... filen.rpm
parameter
File1.rpm ... filen.rpm package name
Detailed option
-H (or --hash) Output Hash marks (`` # '') --OldPackage Allows "Upgrade" to an old version - Test only upgrade test --ExCludedocs Do not install document files in the package - -inCludedocs Installing Document - ReplacingPKGS Forced Reset Installed Package - ReplanationFiles Replace files belonging to other packages - the conflict of theforce ignore the package and files --Percent outputs the installation in the percentage form. --Noscripts Do not run pre-installation and post-installation scripts --Prefix
Install the package to by
Specified path
- IgnoreArch does not check the structure of the package
--ignoreos does not check the operating system running in the package
--Nodeps does not check dependency relationship
- FTPPROXY
use
As an FTP agent
- FTPPORT
Specifies the port number of FTP
General option
-v Display additional information -VV display debugging information - ROOT
Let RPM will
The specified path is "root directory", so the pre-installer and the post installer are installed in this directory.
--rcfile
Set the RPMRC file
--Dbpath
Set the path where the RPM data inventory is
Fourth, inquiry
Command format:
RPM -Q (or --query) Options
parameter:
Pkg1 ... PKGN: Query the installed package
Detailed option
-p
(or `` - '') querying the package of the package
-f
Inquire
Which package belongs to
-a query all installed packages
--WhatProvides
The query is provided.
Functional package
-g
Query belongs to
Set of packages
--WhatRequires
Query all needs
Functional package
Information option
Display all identifies for packages
-i display package profile
-l Display a list of files in the package
-c display list list
-d display a list of document files
-s Displays the list of files in the package and display the status of each file
--Scripts Show installation, uninstall, check script
--queryformat displays query information by user-specified way
-dump Displays all verified information for each file
--Provides Display features provided by packages
--Requires (OR -R) Displays the features required for the package
General option
-v Display additional information -VV display debugging information - ROOT
Let RPM will
The specified path is "root directory", so the pre-installer and the post installer are installed in this directory.
--rcfile
Set the RPMRC file
--Dbpath
Set the path where the RPM data inventory is
5. Check the installed package
Command format:
RPM -V (or --verify, or -y) Options
parameter
Pkg1 ... PKGN will be verified by the software package name
Package option
-p
Verify Against Package File
-f
check
Software package
-A Verify verify all packages
-g
Verify all groups
Software package
Detailed option
--Noscripts Do not run check script - Nodeps does not check dependency - NOFILES does not check file properties Universal options
-v Display additional information -VV display debugging information - ROOT
Let RPM will
The specified path is "root directory", so the pre-installer and the post installer are installed in this directory.
--rcfile
Set the RPMRC file
--Dbpath
Set the path where the RPM data inventory is
6. Documents in the check package
grammar:
RPM -K (or --checksig) Options file1.rpm ... filen.rpm
parameter:
File1.rpm ... file name of filen.rpm package
Checksig - Detailed options
--NOPGP does not check PGP signature
General option
-v Display Additional Information -VV Display Debug Information --Rcfile
Set the RPMRC file
Seven, other RPM options
--Rebuilddb Rebuilding RPM Database - Initdb Create a new RPM Database - QUIET as much as possible to reduce the output - HELP Display Help file - Version Displays the current version of RPM (http://www.fanqiang.com)
Kingpaul @
02:47 PM Posted
Linux |
Edit |
Message (0) |
TRACKBACK (0)
(Literacy) Chsh
Name Chsh - Replace the shell used when you log in
Syntax Chsh [-s shell] [-l] [-u] [-v] [username]
Description Chsh used to replace the shell used when you log in. Did not specify the shell in the command column. Chsh will prompt you.
Effective shell
CHSH can specify any of the executable files with a full name of the specified path. However, if this shell is not recorded on the / etc / shells file, CHSH will warn the message.
Options - SHELL Change Your login shell. -L, --List-shells lists the shell of / etc / shells. -u, --Help uses a short message. -v, --Version version information
Related files Login (1), Passwd (5), Shells (5)
Author Salvatore Valente (BP 1.0)
Kingpaul @
02:21 PM published
Linux |
Edit |
Message (0) |
TRACKBACK (0)
July 10, 2004
Introduce a website for Linux basic operations
http://www.cngnu.org/technology/c496e65787.html
Kingpaul @
07:09 pm published
Linux |
Edit |
Message (0) |
TRACKBACK (0)
Linux shutdown command details
Some commonly used shutdown / restart commands under Linux have Shutdown, Halt, Reboot, and INIT, which can achieve the purpose of restarting the system, but the internal work process of each command is different.
Zhutdown
The shutdown command securely shuts down the system. Some users will use them directly to turn off the power to shut down Linux, which is very dangerous. Because Linux is different from Windows, there are many processes in the background, so that the mandatory shutdown may cause the process of data loss, so that the system is in an unstable state, and even in some systems will damage the hardware device.
And use the shutdown command before the system shutdown, the system administrator will notify all logged in user systems will be turned off. And the login directive will be frozen, that is, the new user can no longer log in. It is possible to shut down directly or delay a certain time. It may also be restarted. This is determined by all the processes [process] will receive the signal sent by the system [Signal]. This allows programs such as VI to store documents currently editing, and procedure like processing mail [Mail] and news [news] can leave normally, etc.. Shutdown executes its work is to send the signal [signal] to the init program, requiring it to change Runlevel. Runlevel 0 is used to stop [HALT], Runlevel 6 is used to reactivate the [reboot] system, and Runlevel 1 is used to allow the system to enter management work; this is preset, assume no -H There is no -r parameter to shutdown. To understand which movements do in the process of stopping [HALT] or replaying [reboot], you can see these Runlevels related information in this file / etc / inittab.
Shutdown Parameter Description: [-t] Tell Init to shut down after changing to other Runlevel. [-R] Restart the calculator. [-K] does not really shut down, just send a warning signal to each login [Login]. [-H] Turn off the power after shutting down. [-N] Do not use init, but it is turned off. This option is not encouraged, and the consequences of this option often not always be expected. [-C] CANCEL CURRENT Process Cancel the shutdown program currently executing. So this option has no time parameters, but you can enter a message used to interpret, and this information will be sent to each user. [-F] ignores FSCK when restarting the calculator [Reboot]. [-F] Forcing FSCK when restarting the calculator [Reboot]. [-Time] Set the time before shutdown [shutdown].
2.Halt ---- The easiest shutdown command actually hald is calling shutdown -h. When HALT is executed, kill the application process, perform the SYNC system call, and the file system will stop the kernel after the write operation is completed. Parameter Description: [-n] Prevents the SYNC system call, which is used to block the buckle with the older version of the hyper block (SuperBlock) after the FSCK is used to block the older version of the hyper block. [-W] is not a real restart or shutdown, just writing WTMP [/ var / log / wtmp] record. [-D] Does not write the WTMP record [already included in the option [-n]]. [-F] No shutdown or restart is forced to call ShutDown. [-I] Turn off all network interfaces before shutting down [or restart]. [-P] This option is the default option. That is to call PowerOff when turning off. 3. The work process of Rebootreboot is almost the same as HALT, but it is triggering the host restart, and HALT is a shutdown. Its parameters are similar to HALT.
4. InitInit is the ancestor of all processes, its process number is always 1, so sending the TERM signal to init will terminate all user processes, daemons, etc. Shutdown is using this mechanism. INIT defines 8 run levels (Runlevel), init 0 is shutdown, init 1 is restarted. About INIT can be a long story, here is no longer described. There is also a Telinit command to change the run level of the init, for example, Telinit -IS enable the system to enter the single user mode, and do not receive the information and waiting time when using Shutdown.
Kingpaul @
06:17 PM published
Linux |
Edit |
Message (0) |
TRACKBACK (0)
June 29, 2004
Some basic applications for Linux servers
Http://www.ebcom.cn/news/main/home/ns_detail.php?id=277&nowMenuid=6&cpath=0048:&catid=48
*********************************************************** ************* some basic applications of Linux servers: Xchen [cdcxx@etang.com] 2002.8 ******************** *************************************************
There is also a period of time in playing Linux. As a beginner, there is a lot of trouble. Fortunately, this is a network era. With the help of many good old brothers, I just got off, and it was a sweet and bitterness. Pay tribute to this world, the world, it is, it is for us to have such excellent operating systems. This thing is mainly for friends who have just contacted Linux and eager to match a server. Because the level of monks are limited, the mistakes are inevitable, welcome everyone to indicate. Now use the company's network architecture as an example, for the configuration of the Linux server. Let's talk about the functions you want to achieve before formal configuration:
1. Data sharing 2. Print sharing 3. Simulated NT domain 4. ADSL share 5. Internal DNS service 6. DHCP service 7. FTP service 8. WWW service 9. OpenSsh10. Disk quota 11. Dynamic domain name
The network architecture is as follows: [as shown below]
Www.linuxsir.org/photo/xchen.gif
Network: 10.10.0.0 Server IP: 10.10.1.1 Server Subnet-Mask: 255.255.0.0.0.1.100Client Subnet-Mask: 255.255.0.0Client Getway: 10.10.1.1Client DNS: 10.10.1.2, 202.96.134.133
First, ready to work:
1. Redhat Linux 7.2 CD Set 2. Ether ADSL Downout and Your ADSL Access Account 3. Two NICs, it is best to plug and play, please check IRQ and IO. 4. Of course, other machines other than this machine
Second, Redhat Linux 7.2 installation:
1. Beginner recommends using a graphical interface, please use custom installation.
2 System partitions are as follows (10g): SWAP: 500m /: 2g / var: 1g / home: 2g / Tools: 500m / data: 4G partition rationalization Please refer to the related article.
3. If you are using the NIC, the system can detect, please set the IP address, subnet mask, etc., please set to 10.10.1.1 and 10.10.1.2, Subnet-Mask is 255.255.0.0; if it is a jumper network card , Then wait for the system to set it back.
4. Social package selection, there is no relationship to all, as long as you have space, if there is a limited space, you may customize the package, below is my choice, for reference only: Printing Support Network SupportDialup Supportsmb: Windows File Serverww: Web ServerDns: DNS Name Serversoftware Developments
5. Ok, now I will install it all the way, don't forget to make a label.
Third, Linux network environment configuration
1] After restarting the machine into the system, remove some unnecessary services, keep them slowly, and not safe, the following is some of the services that I have just reserved after I have just installed: GPM / Iptables / Netfs / Network / NFS / NFSLOCK / PortMap / Syslog / XFS / XINETD to other services, wait for us to configure it. 2] Install LinuxConf to configure the network. Put into CD 1MUNT / DEV / CDROM / MNT / CDROMCD / MNT / CDROM / RedHat / RPMSRPM -IVH LinuxConf-1.25R7-3.i386.rpm Please use Setup / System Services or ChkConfig -levler 3 LinuxConf ON to set LinuxConf to System self-start service. NetConf Select Host Name and IP Network Devices for hostname and network settings: Host Name Domain: cxserver ------ First NIC ---------- Config Mode: ManualPrimary Name Domain: Abcip Address: 10.10.1.0.0Mask: 255.255.0.0Net Device: Eth0kernel Module: Nei / O Port: 0x300irq: 3 ------ Second NIC ---------- Config Mode: ManualPrimary Name Domain: cxserverip address: 255.255.0.0Net Device: Eth0kernel module: nei / o port: 0x320irq: 5 Select Accept to exit, restart will see the ETH0 and ETH1 two network cards start successfully, enter the system after IFConfig Command View status, test their connectivity with ping command, such as ping a Windows machine.
Fourth, DNS server configuration
In order to allow the LAN's internal users to access the server, configure a DNS server is very necessary. After all, a name is better than a string of numbers. Below I will match the server 10.CX.com, ftp.cx .com, good, start actions: files need to be configured: /etc/named.conf /etc/resolv.conf/var/named/named.hosts/var/named/named.local/var/named/named.10.10
1] Configure the /etc/named.conf file. This file is a DNS boot file, and the NAMED process reads it when starting. Vi /etc/named.conf// generated by named-bootconf.pl Options {directory "/ var / named"; // query-source address * port 53;
"in {type hint; file" named.ca ";}; // ---------------------- Handmade Added two quarters --- --------------------------- Zone "cx.com" in {type master; file "named.hosts";
Zone "10.10.in-addr.arpa" in {Type Master; file "named.10.10";}; // ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ -------------------------------------------------- ---- Zone "0.0.127.in-addr.Arpa" in {Type Master; file "named.local";}; // incrude "/etc/rndc.key";
The following three files are DNS database files, and the specific parameters are not detailed. Please refer to the relevant information.
2] vi /var/named/named.local
$ TTL 86400 @ in SOA ns.cx.com. Root.ns.cx.com. (1997022700; Serial28800; Refresh14400; Retry3600000; Expire86400); minimum ns ns.cx.com.
1 in ptr localhost.
3] vi /var/named/named.hosts@ in SOA ns.cx.com. Root.ns.cx.com. (2002042302; Serial28800; Refresh14400; Retry3600000; EXPIRE86400; minimu) in ns ns.cx.com.cx IN A 10.10.1.1cx1 in a 10.10.1.223www in cname ns.cx.com.ftp in CNAME CX
4] vi /var/named/named.10.10 @ in SOA ns.cx.com. Root.ns.cx.com. (2002042302; Serial28800; Refresh14400; Retry3600000; EXPIRE86400; minimu) in ns ns.cx.com.1 In ptr ns.cx.com.2 in ptr ns1.cx.com.
5] Edit /etc/resolv.conf file vi /etc/resolv.confdomain cx.comnameserver 10.10.1.1
Ok, let's start the service: /etc/rc.d/init.d/named startchkconfig -LEVEL 3 Named ON # Set the DNS service into system service, boot self-start test: ping cx.cx.comping www.cx .Comping ftp.cx.com or use nslookup, please refer to NSlookup -help.
V. DHCP server configuration
1] Install DHCP. Put it in an optical disk 1 or CD 2MUNT / DEV / CDROM / MNT / CDROMCD / MNT / CDROM / RedHat / RPMSRPM-IVH DHCP-2.0P15-8.i386.rpm Please use setup / system services or Chkconfig -levlel 3 Linuxconf on Set LinuxConf to the system self-start service.
2] Configure the dhcpd.conf file. Vi /etc/dhcpd.confsubnet 10.10.0.0 Netmask 255.255.0.0 {Range Dynamic-bootp 10.10.2.0 10.10.2.100; #ip address allocation range option routers 10.10.1.1; # default gateway option subnet-mask 255.255.0.0; # default Subnet mask OPTION Domain-name "cx.com"; # default domain name Option Domain-name-serve 10.10.1.1, 202.96.134.133;} # Last line: DNS server settings, the reason why 10.10.1.1 is placed in front Want to give the client when the internal DNS server is preferred during the domain name, if the domain name cannot be resolved, use the next DNS server to resolve, 202.96.134.133 is the main DNS server of the Shenzhen ADSL Internet User main DNS server. Parked by the next DNS server, 202.96 . 134.133 is the Shenzhen region ADSL Internet user main DNS server. 3] Startup service: /etc/rc.d/init.d/dhcpd start
4] Use: No matter how Win9X or 2K is used, you can use it without setting.
6. ADSL and firewall configuration
1] Download Software: http://www.roaringpenguin.com/pppoe/rp-pppoe-3.5.tar.gz
2] Installing software: TAR ZXVF RP-PPPOE-3.5.tar.gzcd rp-pppoe-3.5./go # Start installing software
3] After the software is installed, the setup program ADSL-SETUP will be run.
User name >>> Enter your pppoe user name (xxx): ________ # 此 此 a 用户 户 account
Interface (Default Eth0): _____ # Ether Interface, Eth0 or Eth1
>>> Enter the demand value (default no): # can not fill
DNS >>> Enter the DNS Information Here: 202.96.134.133 # Local Telecom provides the main domain server >>> Enter the secondary dns server address here: #Timedi Telecom provides auxiliary domain server
Password >>> Please enter your pppoe password: >>> please re-enter your pppoe password: # password
FIREWALLING0 - NONE:. This script will not set any firewall rules You are responsiblefor ensuring the security of your machine You are STRONGLYrecommended to use some kind of firewall rules.1 - STANDALONE:. Appropriate for a basic stand-alone web-surfing workstation2 - Masquerade: Appropriate for a Machine Acting AS An Internet GatewayFor A LAN >>> CHOOSE A TYPE OF FIREWALL (0-2): 0 Firewall Settings, Select 2 Make the host to set the Internet gateway to the local area network, put the client network to this Machine IP, DNS is set to the DNS server IP provided by telecommunications, which is implemented by IPchains IP camouflage, and IPchains in RH7.2 has no IP_masq_ftp module, so the client cannot use FTP services, so we There is no firewall here, choose 0. There is already iptables in RH72, which is an alternative to ipchains, and the function is also more powerful, and we will write a script and use it to implement ADSL share. >>> ACCEPT THESE SETTINGS AND Adjust Configuration Files (Y / N)? Y # Save Settings
4] Next, we write a script /etc/rc.d/firewallvi /etc/rc.d/firewall# !/bin/Shecho "Start iptables rules ..." / etc / rc.d / init.d / iptables stopecho 1> / proc / sys / net / ipv4 / ip_forwardmodprobe ip_tablessmodprobe ip_nat_ftpmodprobe ip_conntrackmodprobe ip_conntrack_ftp
iptables -t nat -a postrouting -o ppp0 -j masquerade
iptables -n mineiptables -a mine -m state --state established, Related -j acceptiptables -a mine -m state --state new -i! ppp0 -j account // allows external access to my WWW server iptables -a mine - P TCP - DPORT 80 -I PPP0 -J Accept // Allows the external OpenSSSH service, OpenSSH is equivalent to Telnet, but its data transfer is encrypted, // is safer and strongly recommended. iptables -a mine -p tcp --dport 22 -i PPP0 -J Accept // Allow external access to my FTP server iptables -a mine -p tcp --dport ftp -i ppp0 -j acceptiptables -a mine -p tcp - -dport ftp-data -i ppp0 -j account // Do IPTABLES -A MINE -P ICMP --ICMP-TYPE ECHO-Request -i PPP0 -J Drop // iptables -a mine -i PPP0 -M Limit -j log --log-prefix "Bad Packet from PPP0:" iptables -a mine -i! PPP0 -M Limit -j log --log-prefix "Bad Packet NOT from PPP0:" iptables -a mine -j dropipiptables - A INPUT -J Mineiptables -a forward -j mine
// iptables feature is very powerful, not explained here, please refer to the relevant information.
5] Add this feet to /etc/rc.d/rc.local to automatically run when it is turned on. Chmod 700 /etc/rc.d/firewall # Set FireWall to Executable Echo FireWall >> /etc/rc.d/rc.local, of course, you can also edit /etc/rc.d/rc.local files, Add a line of Firewall on the tail.
6] CHKCONFIG -LEVEL 3 iptables ON # Start iptables when boot
7] Good, restart, use the root login system to connect to the network with the ADSL-START command, after a few seconds, it has been connected, good! Let's test: Prerequisites: The front-written firewall script has been running, the internal local area network has already Connect, the DHCP service has been run, set the client TCP / IP to automatically obtain the IP address, the other do not fill, restart the login, try WWW / FTP / QQ and other services, the speed is fast, cool you, Haha.
8] Existence: Ping takes the domain name server before we set up, ping [urlwww.cx.com [/ url], you will find ping not pass, why? You should still remember that when we installed the installation of ADSL, fill in the local telecom DNS server address, Ha, it is the disaster. When we run ADSL-STAR, we call the ADSL-Connect script, and it will overwritten /etc/resolv.conf file: original: cat /etc/resolv.confdomain cx.comNameserver 10.10.1.0 Now: CAT / Etc / resolv.confnameserver 202.96.134.133 In this case, if it is running, then it is very unhealthy, huh, huh. Workaround: Modify /etc/resolv.conf file: vi /etc/resolv.confdomain cx.comNameserver 10.10.1.11nameserver 202.96.134.133 Modify / USR / SBIN / ADSL-Connect script file: vi / usr / sbin / adsl-connect Find the following line and comment out: ------------------------------------- -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- , Dude ... rm -f /etc/resolv.confln -s /etc/ppp/resolv.conf /etc/resolv.confelif test "$ DNSTYPE" = "specify"; then # Sorry, Dude ... RM - F /etc/resolv.confecho "Nameserver $ DNS1"> /etc/resolv.confif test -n "$ dns2"; Thenecho "Nameserver $ DNS2" >> /etc/resolv.confifi ---------- -------------------------------------------------- ------------------ 9] Restart, the ADSL connection is successful, the DNS server is normal, OK, continue to advance!
Seven, file (print) server, analog NT domain implementation.
1] Edit /etc/samba/smb.conf file vi /etc/samba/smb.conf[global]stergroup = CX # Take it as NT login domain server String = Samba ServernetBios Name = CXSERVER # server NetBIOS name Hostbios NETS Allow = 10.10.1. 10.10.2. 127. # Only 10.10.1.0, 10.10.2.0 network segment Access PrintCap Name = / etc / printCapload printers = yesprinting = lprnglog file = / vir/log/samba/%M.Logmax log size = 0security = user # security level user level, access to resources that require authentication encrypt passwords = yes smb passwd file = / etc / samba / smbpasswdsocket options = TCP_NODELAY SO_RCVBUF = 8192 SO_SNDBUF = 8192domain master = yespreferred master = yesdomain logons = yes # You can log in to DNS Proxy = no [homes] # After logging in, you can see the user home directory comment = home directoriesbrowseable = noritable = yesvalid users =% screate mode = 0664directory mode = 0775
[Printers] # If there is a printer, you can see the printer in // mineServer, right-click, online = all printerspath = / var / spool / sambabrowseable = NOGUEST OK = NOWRITABLE = NOPRINTABLE = YES
[public] # Share / MNT / DATA / PUBLIC folder, shared named public, Admin Group has written permissions comment = SoftwarePath = / mnt / data / publicpublic = YESWIRTE LIST = @admin
2] Whether the syntax in the TestParm test /etc/samba/smb.conf file is correct
3] /etc/rc.d/init.d/smb start Launch Service, and use the SMBCLIENT -L localhost test server is normal, if prompted to enter the password, then see the server information after the carriage return, the server is normal.
4] Add User and Group UserAdd TestGroupAdd AdmingPasswd -a Test Admin
5] Set SMB User Password SMBPASSWD -A Test Enter the password and verify
6] Configure a local printer with Setup, please refer to the relevant information here, but more details.
7] Test: Please set the network properties of the Windows machine, log in to the network user, log in to the NT domain directly, the NT field is CX, then use the Test account added by the previous Test account, password to be set to smbpasswd -a test. , "User and Password" after the system after the system can modify the login password. Open an online neighbor to see if you can browse to CxServer, or you can use // CxServer to access. Last setting: chkconfig -level 3 SMB ON # Let SMB turn on automatically run eight, disk quota
In front of us, there is a shared resource for homes, such as the AA login, there is an AA folder in // cxserver, AA user reads and write permission on this file fixture,
If we don't limit AA, he may hold the hard disk, and any administrator does not want to see this matter. Here we use quota to implement restrictions on the user's disk space.
1] First understand a concept, quota is targeted, so we separate a / home area when we install Linux in front.
2] And all user owned directorys are under / home, start building two files in the home directory: cd / homeouch quota.usertouch quota.groupchmod 600 quota.user // only allow root to write to these two files CHMOD 600 quota.group
3] In the tail of the /etc/rc.d/rc.local file, add the quota boot script: if [-x / sbin / quotacheck] the. "Checking quotas. This may take some time ..." / sbin / quotacheck -avugecho " Done "FIIF [-x / sbin / quotaon] Thenecho" Turning on Quota "/ Sbin / Quotaon -avugecho" OK "Fi
4] Modify the / etc / fstab file to define the / home partition in the line: Original: / dev / hda3 / home ext3 defaults 1 2 new content: / dev / hda3 / home ext3 defaults, usrquota, Grpquota 1 2 can be seen Just add USRQUOTA, GRPQUOTA after DEFAULTS. Note, is USRQUOTA instead of userquota, if it is wrong, it is difficult to expect.
5] Restart, error during the startup process, mainly because quota can't do two files in / home directory, there is no relationship, let's enter the system to slow down.
6] Log in with root, then we generate two files for Aquota.user and Aquota.group: Convertquota -u / Homeconvertquota -g / Home If the above steps are not wrong, we will use LS / Home -al to see Aquota.user Aquota.group two files
7] Restart, pay attention to observation, will not go wrong again. After entering the system, you can limit the user home directory. For example, now there is a TEST user, we restrict him: edquota -u test # This command will enter a VI edit mode, the content is as follows: FileSystem Blocks Soft Hard Inodes Soft HARD / DEV / HDA3 0 0 0 0 0 0 Note Identification Abcdef two ways to talk about limitations before explaining each parameter: Soft, Hardsoft: It is also known as soft limit. When the user arrives in this limit, the system will give a warning, but still written. Hard: Also known as hard restrictions, reaching this limit, completely ban any writing. ABC is a restriction setting of disk space, and DEF is a limit of total files. C: User space usage restrictions, for hard limits, need to be set. D: There is a total number of files, no settings. E: The total number of files is limited, for soft restrictions, need to be set. F: The total number of files is limited, which is hard restrictions. We must limit TEST users to use space of 100m, up to 120m, total file total 2000, up to more than 2,500, set as follows: FileSystem Blocks Soft Hard Inodes Soft HARD HARD HARD HARD HARD HARD HARD HARD HARD HARD HARD HARD HARD HARD HARD HARD HARD HARD HARD SOFT HARD / DEV / HDA3 0 102400 122880 0 2000 2500 Note: Space Limit It is in k.
8] Test: Enter your own home directory, then copy the file, if it exceeds 120m, it is not allowed to write.
9] Use of other commands: Copy the same adjustment to other users: edquota -p test -u username1 username2 username3 username4 ... Show a user current disk usage: quota -v username Show all user current disk usage: Repquota - A other items, please refer to the relevant information.
Nine, FTP server:
RH72 comes with WU_FTP, but because there is a lot of problems, we don't have to use it, we use performance and security performance instead of it.
1] Download Software: ftp://ftp.proftpd.org/distrib/sourc...pd-1.2.5.tar.gz
2] Installation: TAR ZXVF proFTPD-1.2.5.Tar.gzcd proFTPD 1.2.5./configure -prefix = / usr / local / proFTPD // Specify Makemake Installcp Contrib / Dist in / usr / local / proFTPD /rpm/proftpd.init.d /etc/rc.d/init.d/proftpdchmod 700 /etc/rc.d/init.d/proftpdchkconfig -level 3 proFTPD ON // Set to System Self-started service CP / USR / Local / proFTPD / SBIN / PrOFTPD / USR / SBIN / / Copy ProftPD to / usr / sbin directory, so that the system can automatically search, so you can also add another search path.
3] /usr/local/proftpd/etc/proftpd.conf configuration file: vi /usr/local/proftpd.confServerName "Xchen FTP server" // server login prompt ServerType standaloneDefaultServer onPort 21Umask 022MaxInstances 30User nobodyGroup nobody // original is nogroup, Please change to NobodyRequirevalidshell off // Manually add this name, Important // Limited Test Group Users can only access their own home directory, not to browse DEFAULTROOT ~ TEST / / Limit TEST group users can only access their own / home / ftp directory You cannot browse the default ~ / ftp test // definite MUSIC group users can only access the / home / music directory, and browse the default / home / ftp music // in addition to the Music group to access the / home / music directory. You cannot browse the default / home / ftp music,! Bb // The above group needs you to build yourself: GroupAdd Test, gpasswd -a username testserverident off // When logging version information AllowoverWrite on
// / home / ftp login to the anonymous user
User FTP
Group FTP
Useralias anonymous ftp
MaxClients 10
DisplayLogin Welcome.msg
DisplayFirstchdir .Message
Denyall
4] Startup service: /etc/rc.d/init.d/proftpd start
5] Test, access ftp.cx.com in the client with FTP software or command line FTP program.
6] Proftpd skills only, there are still many advanced applications, please refer to the relevant information, this will not be described here.
Ten, WWW service
WWW services are implemented in Apache, and the steps are extremely simple, of course, here is primary applications. Because we have to implement a simple WWW service, just change the following parameters:
1] vi /etc/httpd/conf/httpd.confservername www.cx.comdocumentroot "/ var / www"
2] copy web file to / var / www directory
3] Start service: /etc/rc.d/init.d/httpd Start Set httpd to system self-start service: chkconfig -Level 3 httpd on
4] Test: Test it in IE with http://www.cx.com.
Why do WWW services is so simple, mainly because this single type of web file service is used, and most of them use CGI, ASP, PHP, and a database, etc., regarding this area, please refer to Relevant information, not explained here.
XI, the dynamic domain name service dynamic domain name is not much proper, should be called dynamic IP for domain name. We have implemented it until now, FTP and WWW services can be implemented in the LAN, but we have used the ADSL to connect Internet, how do we access our FTP, WWW server, always Each all informs the IP of the server, so it is necessary to use the dynamic domain name service. The general principle is the domain name corresponding to the external DNS server database each time the ADSL cleaning, so we have access to this domain name. You can discuss the implementation of the dynamic services provided by www.3322.org here. 1] Log in to the www.3322.org website, register a user, and apply for a dynamic domain name xxxx.3322.org. 2] Download Linux Client Software: http://www.3322.org/Dyndnspage/ez-i...-linux-i386.tgz3] Installing Software: TAR ZXVF EZ-iPUpdate-3.0.10-Linux-i386. TGZMV EZ-IPUPDATE-3.0.10-Linux-i386 / usr / local / ezip4] Edit /usr/local/ezip/qdns.conf file: vi /usr/local/qdns.confService-type=qdnsuser=Username: quassword / / Username and password, separated by colon Host = xxxx.3322.org // The domain name of your application interface = PPP0 // interface is ppp0max-interval = 2073600cache-file = / tmp / ez-ipupdate.cache5] Current IP Now new to our application: CD / usr / local / ezipez-ipupdate -c qdns.conf system will prompt data update success, good, let's come to ping XXX.3322.org, ha, really is PPP0 IP, then Try it with http://xxx.3322.org, everything is OK, cool.
6] The problem is coming again. Do we have a manual update every time you start ADSL? You may think of crontab updated every few minutes, suggestion, but CROND service seems to be a bit small matter , My method, modify / usr / sbin / adsl-start script: VI / USR / SBIN / ADSL-Start finds a reciprocal 25 line "TTY -S && $ Echo" Connected! ", Increasing the line: / usr / Local / ezip / ez-ipupdate -c /usr/local/ezip/qdns.conf storage exit, OK, we let the ADSL cleaning is automatically updated, cool!
7] Test: Adsl-Start. Connected! EZ-iPUpdate Version 3.0.10copyright (c) 1999-2000 Angus Mackay.connected To Members.3322.org (202.108.36.139) On Port 80.Request SuccessFulok, data update success.
Ok, now you can use xxxx.3322.org to access your service anytime, anywhere, right.
Twelve, OpenSSH settings If you control your server or else, you may think of Telnet, it is ok, but because Telnet is used by the bright transmission, it is easy for those who are unrestricted. The machine, so we use OpenSSH to replace Telnet. 1] Uninstall the original 2.9X version, 2.9X version has bugs, unsafe: rpm -e openssh
2] The latest package download:
ftp://ftp.openbsd.org/pub/openbsd/o...sh-3.4p1.tar.gz
3] Installing software: TAR ZXVF openssh-3.4p1.tar.gz cd openssh-3.41 ./configure --prefix = / usr / local / ssh / --sysconfdir = / etc / ssh / --with-tcp-wrappers / --with-ipv4-default / --with-md5-passwords make make install Note: After the installation is complete, the host key will be automatically generated, and the SSHD user account will be prompted to use Useradd to add an SSHD user. Install /contrib/redhat/sshd.pam /etc/pam.d/sshd cp control / redhat / sshd.init /etc/rc.d/init.d/sshd chkconfig --level 3 sshd on; configured to system service
4] Configuration of openssh / etc / ssh / ssh_config file vi / etc / ssh / ssh_config Host * ForwardAgent no ForwardX11 no RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication yes PasswordAuthentication yes BatchMode no CheckHostIP yes StrictHostKeyChecking ask IdentityFile ~ / .ssh / identity Port 22 Cipher 3des Escapechar ~
5] openssh configuration of / etc / ssh / sshd_config file vi / etc / ssh / sshd_config Port 22 ListenAddress 0.0.0.0 ListenAddress :: HostKey / etc / ssh / ssh_host_key HostKey / etc / ssh / ssh_host_rsa_key HostKey / etc / ssh / ssh_host_dsa_key KeyRegenerationInterval 3600 ServerKeybits 768 Syslogfacility Auth loglevel Info LogingRacetime 600 #PermitrootLogin YES # still don't let root login directly! StrictModes yes RSAAuthentication yes PubkeyAuthentication yes RhostsAuthentication no IgnoreRhosts yes RhostsRSAAuthentication no HostbasedAuthentication no IgnoreUserKnownHosts no PasswordAuthentication yes PermitEmptyPasswords no Subsystem sftp / usr / local / ssh / libexec / sftp-server
6] Configuring the user's encryption key UserAdd test passwd test su test ssh-keygen -d appears prompt, please enter and enter the passwd, enter the passwd again. Note: This password is used when the system encryption is used, and the original password is used when logging in. 7] Start service /etc/rc.d/init.d/sshd start
8] Tests with the TEST account.
The mess has written a big one, but also the end, the frozen three feet is not cold, and it is necessary to practice more and more to write, move forward, friends!
2002.8/sz/cxcdcxx@etang.com
Kingpaul @
04:12 PM published
Linux |
Edit |
Message (0) |
TRACKBACK (0)
LINUX classic problem foundation
http://www.ebcom.cn/news/main/home/ns_detail.php?id=236&nowMenuid=6&cpath=0048:&catid=48 It seems that I have turned here as I have turned here.
0001 Modify hostname VI / ETC / SYSCONFIG / NETWORK, modify Hostname first behavior hostname = host name, can also take effect after restart
0002 RET HAT Linux boot to the text interface (not starting xwindow) will / etc / inittab id: 5: INITDEFAULT: 5 in the one-line 5 changed to 3
0003 Redhat's automatic upgrade update problem (hutueworm) is found at www.redhat.com/corp/support/errata/ found a patch, and later version has a tool Up2date, which can determine which RPM package needs to be upgraded, then automatically from Redhat Site downloads and complete the installation. Upgrade RPM: Up2date -u upgrade outside Kernel: Up2date -u -f
0004 WINDOWS Under the software of Linux partition paragon.ext2fs.Anywhere.2.5.rar and Explore2FS-1.00-pre4.zip
0005 mount usage (Sakulagi) partition mount -o codepage = 936, IOCHARSET = CP936 / DEV / HDA7 / MNT / CDROM NTFS partition mount -o iocharset = CP936 / DEV / HDA7 / MNT / CDROM ISO file Mount -o Loop /ABC.ISO / MNT / CDROM floppy disk Mount / DEV / FD0 / MNT / FLOPPY USB flash memory mount / dev / sda1 / mnt / cdrom All / etc / fstab content mount -a can specify "-t format", format For VFAT, EXT2, EXT3, etc.
0006 Sharing local FAT partitions in the FAT partition of the local hard drive in VMware's Linux, and then uses SMBFS hung in VMware. You can put the following line to / etc / fstab: // Win_IP / D $ / MNT / D SMBFS DEFAULTS, AUTO, UserName = Win_Name, Password = Win_Pass, CodePage = 936, IOCHAREST = GB2312 0 0 where Win_IP is yours Windows IP address; D $ is the shared name of the D disk shared in your Windows; / MNT / D is the directory of the partition mount to Linux; Win_Name and Win_Pass are users in your Windows to read the partition For example, your administrator name and password. If you run /etc/rc.d/init.d/netfs, you will automatically mount this partition when starting. 0007.A Delete the file RM named -A-A-A-A-A -A--A tells RM This is the last option. See getopt ls -i listing inum, then use Find. -INUM inum_of_thisfile -exec rm {} / ;
0007.B Delete file RM // a named / A
0007.C Deleting Name Belts / and '/ 0 files These characters are characters that are not allowed by the normal file system, but may be generated in the file name, such as the NFS file system under UNIX uses 1. Solution to the MAC system To delete files with special file names under the system where the NFS file system is hung by a filter / character. 2. Also, remove the other file of the error file name, LS -ID displays the inum, umount file system, CLRI containing the file directory, clear the directory of Inum, Fsck, Mount, Check Your Lost Found, Rename THE File in it. It is best to remove any file names with the Windows FTP!
0007.D Delete the file name with invisible characters lists the file name and dumps to the file: ls -l> AAA then edit the contents of the file to join the RM command to make its content into the format of the above file: VI AAA [RM -R *******] Plus the file plus the execution permission CHMOD X AAA to perform $ AAA
0007.e Delete file size for zero file RM -I `Find ./ -Size 0` Find ./ -Size 0 -EXEC RM {} /; find ./-size | xargs RM -F & Very Valid for File in * # Ourselves to define the file type DO if [! -S $ {file}] THEN
RM $ {file} echo "RM $ File Success!" Fi Done
0008 RedHat Set the roller mouse (MC1011) After entering X, select the configuration of the mouse, select Wheel Mouse (PS / 2), if the mouse is exception, restart the computer.
0009 Mack XWindow Start with Linux CD, select Upgrade, then select the package, install it
0010 Delete the Linux partition to make a boot floppy disk of a Partition Magic, delete it after startup. Or start with the Win2000 boot CD, then delete.
0011 How to exit Man Q
0012 Do not compile the kernel, Mount NTFS partition original RH8, not upgraded or compiled kernel 1. Google.com Search and download Kernel-NTFS-2.4.18-14.i686.rpm 2. RPM-IVH KERNEL-NTFS-2.4.18 -14.i686.rpm 3. MKDIR / MNT / C 4. Mount -t NTFS / DEV / HDA1 / MNT / C0013 Redhat 8.0 Using XMMS to listen to MP3 download www.gurulabs.com/files/xmms-mp3-1.2.7 -13.p.i386.rpm rpm -UVH XMMS-MP3-1.2.7-13.p.i386.rpm
0014 Retrieves the forgotten root password (LILO / GRUB) three ways: 1. In the system enters the single user status, use Passwd root to change 2. Use the installation CD boot system to perform the Linux Rescue state, will hang the original / partition Connected up, the practice is as follows: CD / MNT MKDIR HD mount -t auto / dev / hdax (the partition number of the original / partition) HD CD HD chroot ./ passwd root can get it 3. Put the hard disk of this unit, hang To other Linux systems, the approach is used in the same way as the second same RH8. LILO 1. Type Linux Single when the LILO: Tips
Screen display LILO: Linux Single 2. Enter can enter the Linux command line 3. #vi / etc / shadow will be the first line, that is, ROOT: after ROOT: Take the next: Before the content delete, the first The row will be similar to root :: ... Save 4. #Reboot restart, the root password is empty. GRUB 1. When the GRUB screen appears, use the upper and lower keys to select the one you usually start Linux (Don't choose DOS 哟), then press E-key 2. Use the top button to select the one you usually start (similar to kernel /boot/vmlinuz-2.4.18-14 ROOT = Label = /), then press E-key 3 Modify the command line you see now, join the SINGLE, the result is as follows: kernel /boot/vmlinuz-2.4.18-14 Single Ro root = label = / 4. Enter back, then press B to start, you can enter Linux command line 5. #vi / etc / shadow will first line, ie ROOT: and next: Before and next: The first line will be similar to root :: ...... Save 6. #Reboot restart, the root password is empty
0015
Note the Ctrl Alt Del Failure VI / etc / inittab will comment on Ca :: ctrlattdel: / sbin / shutdown -t3 -r now, you can
0016 how to see the version of the redhat is 7 or 8 (hutueworm) cat / proc / version or cat / etc / redhat-release or cat / etc / iessue
The 0017 file is in which RPM (unparalleled) on www.rpmfind.net, or the rpm -qf file name is obtained
0018 Saves the information of Man or INFO to text files TECSH as an example: man tcsh | col -b> tcsh.txt info tcsh -o tcsh.txt -s
0019 uses the existing two files to generate a new file 1. Remove the two files (repeated rows of rows) 2. Remove the intersection of two files (only in both files only in both files File) 3. Delete the intersection, leave other rows 1. Cat file1 file2 | sort | UNIQ 2. Cat file1 file2 | sort | uniq -d 3. Cat file1 file2 | sort | uniq-u0020 Sets COM1 port, let the super terminal Log in to confirm with / sbin / agtty, editing / etc / inittab, Add 7: 2345: Respawn: / sbin / agharge / dev / ttys0 9600 9600bps is because the lack of router is generally this rate, or Set of 19200, 38400, 57600, 115200
Modify / etc / securetty, add a line: TTYS0, make sure the root user can log in to restart the machine, you can unplug the mouse keyboard display (it is best to look at the output information when starting)
0021 Delete Directory All files include subdirectory RM -RF directory name
0022 View System Information CAT / Proc / CPUINFO - CPU (IE Vendor, MHz, Flags Like MMX) CAT / Proc / Interrupts - Interrupt Cat / Proc / Ioports - Device IO Port CAT / Proc / Meminfo - Memory Information (IE Mem Used, Free, Swap size) CAT / Proc / Partitions - All partitions of all devices CAT / Proc / PCI - PCI device information CAT / proc / swaps - All SWAP partition information CAT / proc / version - Linux version number is equivalent to Uname -r uname -a - see information such as system kernel
0023 Remove the extra carriage return SED S / ^ m // Test.sh> back.sh, pay attention to ^ m is the ctrl_v ctrl-m or DOS2UNIX FILENAME
0024 Switching X Desktop (LNX3000) SwitchDesk KDE or SwitchDesk Gnome
0025 Universal Sound Card Driver (LNX3000) OS www.opensound.com/ Alsa www.alsa-project.org/
0026 Change the system language / character set (BEMING / MC1011) to modify the / etc / sysconfig / i18n file, such as lang = "en_us", XWindow displays the English interface, lang = "zh_cn.gb18030", xWindow will display the Chinese interface. There is also a method CP / etc / sysconfig / i18n $ home / .i18n modifies $ home / .i18n file, such as lang = "en_us", XWindow will display the English interface, lang = "zh_cn.gb18030", XWindow displays the Chinese interface . This will change the individual's interface language without affecting other users.
0027 Set the screen to 90 columns STTY COLS 90
0028 Using MD5SUM files MD5SUM ISOFILE> Hashfile, the MD5SUM file is compared with the Hashfile file content, verify that the mixture is consistent MD5SUM-C Hashfile
0029 Decompressing multiple ZIP files unzip "*" at a time, pay attention to quotation marks less
0030 Look at the PDF file Use XPDF or install Acrobat Reader for Linux
0031 Find the file Find. -Type f / (-perm -04000 -perm -02000 /) -EXEC ls -lg {} /; 0032 loading the Chinese input method as the redhat8 as an example, XWindow and its terminal Don't say it, it is installed by default, exhaled with Ctrl-Space. Now discuss pure console, please download zhcon.gnuchina.org/download/src/zhcon-0.2.1.tar.gz, in either directory, TAR XVFZ ENCON-0.2.1.tar.gz, CD ENCON-0.2. 1, ./configure, make, make install. End of installation, want to use, run zhcon, want to exit, run the exit.
0033 Receive the pop-up disc (beike) #eject -t
0034 CD CD made of ISO file (mentally wisdom) cp / dev / cdrom xxxx.iso
0035 Quick Watch Boot Hardware Detection (Music) Dmesg | More
0036 Viewing the use of the hard disk DF -K Displays DF -H in K, M, G, T..
0037 View the size of the directory
DU -SH DIRNAME -S only shows that the total-h is in units of K, M, G, and improve the readability of information. KB, MB, GB is a converter unit at 1024, and -H is converted at 1000.
0038 Find or delete the process (WWWZC) FUSER FUSER FUSER FUSER -K FileName in use
0039 Installing Software RPM-IAA.RPM TAR XVFZ AAA.TAR.GZ; CD AAA ;./configure; Make; Make Install
0040 Character Mode Setting / Delete Environment Variable Bash Set: Export Variable Name = Variable Value Delete: Unset Variable Name CSH Set: STenv Variable Name Valerical Delete: UNSETENV Variable Name
0041 LS How to see. The beginning of the file ls -a
0042 file installation in the RPM where to go
RPM -QPL AAA.RPM
0043 use src.rpm rpmbuild --rebuild * .src.rpm
0044 VIM display color or does not display color vi ~ / .vimrc; if there is Syntax ON, the color, Syntax Off, no color is displayed
0045 Linux is a real-time or time-time operating system
0046 Make Bzimage -J's J is in what is mainly used when your system hardware resources are relatively large, use this to speed up the speed of compilation, such as -J 3
0047 Source Pack How can I don't install the source code, you can see your source code on your CD rpm -i * kernel * source * .rpm. You can see your source code.
0048 Modify System Time Date -S "2003-04-14 CST", CST Jem District, Time Setting Date -S 18:10
0049 Boot on the partition under Windows automatically hooks the Windows D disk to / mnt / d, open / etc / fstab with VI, add the following line / dev / hda5 / mnt / d vfat defaults, codepage = 936, ocharset = CP936 0 0 Note, first serve in a / mnt / d directory
0050 Linux How to use so many memory in order to improve system performance and non-waste memory, Linux makes multiple memory Cache to increase IO speed
0051 FSTAB last configuration items in what the last two numbers are the first called FS_FREQ, used to determine which file system needs to execute DUMP operation, 0 is not required; the second called FS_Passno, is the system restart FSCK program Detection Disk 1 is the root file system, 2 is another file system. FSCK Detects Disk by Sequence Number, 0 Indicates that the file system is not detected by the file system of DUMP execution EXT2 FSCK detection and repair file system 0052 Linux to make the user's password must have a certain length, and comply with complexity (EAPASS) VI /etc/login.defs, change Pass_min_len
0053 Translation Software in Linux Star Intercity King XDict
0054 Do not let the display sleep setterm -blank 0 setterm -blank n (n is waiting time)
0055 Query Yesterday's Date --Date = Yesterday with Dat Query Date --Date = Yesterday
0056 Xwindow How to Screen Shuttle Ksnapshot or GIMP
0057 Unziping Small TAR XVFJ EXAMPLE.TAR.BZ2 TAR XVFZ EXAMPLE.TAR.GZ TAR XVFZ EXAMPLE.TGZ TAR XVF EXAMPLE.TAR UNZIP EXAMPLE.ZIP
0058 Finding a file in a multi-level directory (Qinghai Lake) Find / Dir -Name FileName.ext du -a | grep filename.ext locate filename.ext
0059 does not allow ordinary users to change the password (Myxfc) [root @ xin_fc etc] # chmod 511 / usr / bin / passwd also wants ordinary users to change password [root @ xin_fc etc] # chmod 4511 / usr / bin / passwd
0060 graphics card is really unable to do (win_bigboy) Go to http://www.redflag-linux.com/, the XFree86 4.3 is installed.
0061 Super Deleting Formatting Tools (Moutention) is safe than pqmagic, establishing deleting formatted gadgets: sfdisk.exe for msdos http://www.wushuang.net/soft/sfdisk.zip
0062 How to make the XMMS playlist display the correct Chinese (MYXFC) - * - * - * - * - * - ISO8859-1, -MISC-SIMSUN-Medium-R-NORMAL - 12 - * - * - * - * - * - GBK-0, * - R - completely copy this thing into your font: Right-click anywhere in the XMMS play tool to see a "option", then select "Select" Select " "and then copy the above font to" playlist "and" User X FONT)
0063 Linux Listening to MP3 (Hehhb) Redhat CD The original XMMS cannot play MP3 (silent), to download and install an RPM package: XMMS-MP3-1.2.7-13.p.i386.rpm installation can be installed. Open XMMS, CTL-P, first tick in the upper half of the small frame, and then select "Fixed (MISC) GBK-0 13" font to display the Chinese song name. Select "Open Audio System Driver 1.2.7 [LiOsS.so] to play the MP3 file normally in the audio output plugin.
0064 Installing Chinese Fonts (Hehhb) first download http://freshair.netchina.com.cn/~george/sm.sh (Reference: http://www.linuxeden.com/edu/docText.php?docid=2679 SIMSUN18030.TTC can be downloaded in Microsoft website, http://www.microsoft.com/china/windows2000/downloads/18 030.asp It is an MSI file, installed in Mswindows, installed under the Windows directory You can find it in the Fonts directory. Copy SIMSUN.TTTC, SIMSUN18030.TTC, Tahoma.ttf, TahomAbd.ttf to / usr / local / temp, then download the shell file in this directory, then open the terminal CD / USR / local / Temp Chmod 755 SM .sh ./sm.sh0065 Loading a Windows partition FAT32, FAT16 file system (HEHHB) enters KDE as root, click on the "Starting point" icon on the desktop, establish the following folders in / mnt directory: C, D, E, f, g, usb. It is used as partitions and USB flash drives under Windows. Use the text editor to open the / etc / fstab file. Add below: / dev / hda1 / mnt / c vfat ocharset = GB2312, umask = 0, codepage = 936 0 0 / dev / hda5 / mnt / d vfat ocharset = GB2312, umask = 0, CODEPAGE = 936 0 0 / dev / hda6 / mnt / e vfat ocharset = GB2312, umask = 0, CODEPAGE = 936 0 0 / dev / hda7 / mnt / f vfat ocharset = GB2312, umask = 0, codepage = 936 0 0 / dev / hda8 / mnt / g vfat ocharset = GB2312, umask = 0, codepage = 936 0 0 / dev / cdrom / mnt / cdrom udf, ISO9660 NOAUTO, IOCHARSET = GB2312, Owner, Kudzu, RO 0 0 / DEV / SDA1 / MNT / USB VFAT IOCHARSET = GB2312, UMASK = 0, CODEPAGE = 936 0 0 store exits. After restarting, you can access the FAT32 or FAT16 format partition, solve the problem of garbled with the Windows partition and the disc Chinese file name. A total of six columns, each column is used for a Tab key. Note that this method can only mount on the FAT partition format. SDA1 is a flash drive.
0066 uses five pens and pinyin in X, the location input method (HMKART) is installed from http://www.fcitx.org/ uploading the FcitX RPM package installation
0067 How to extract the RAR file (hmkart) http://www.linuxeden.com/download/softdeta@php://www.linuxeden.com/download/softdeta@php?softid=883 Download Rar for Linux 3.2.0, decompression open Make can then use unrar e youFilename.rar extracts the RAR file
0068 How to add / remove the RPM package after installation (Sakulagi) redhat-config-packages --ioDir =
Can specify the directory where the ISO file is located
0069 Character Control Volume (GRUB007) AUMIX
0070 Make ISO (GRUB007) DD if = / dev / cdrom of = / tmp / aaa.iso
0071 Delete all things before a few days (including files in the directory name and directory) (SHALLY 5) Find. -Ctime 3-EXEC RM -RF {} /; or find./ -mtime 3 -print | xargs RM -F -r0072 User's crontab where (Hutueworm) / var / spool / cron / next file named by username
0073 Run the program in different users SU - username -c "/ path / to / command" sometimes need to run a special identity, you can make Su to do
0074 How to empty a file ()> filename
0075 Why can't I display Chinese under OpenOffice (Allen1970) Change font settings Tools-> Options-> Font Replacement Andale Sans Ui -> SIMSUN
0076 How to back up the Linux system (PURGE) Symantec Ghost 7.5 supports EXT3 NATIVE replication
0077 PARTITION MAGIC (WWWWZC) Linux on Linux Next Useful partition tool: parted can modify the partition size, delete / create partitions in real time.
0078 / Proc / Sys / SEM, what is the meaning of each representative? (Sakulagi) / proc / sys / SEM contents below 250 32000 32 128 These 4 parameters are SEMMSL (each user has the maximum number of semaphors), SEMMNS The maximum number of semapses), Semopm (the number of SemoP system calls operated), SemMni (the maximum number of system signals)
0079 What does BIGMEM SMP UP mean in the GRUB boot menu? (LNX3000) SMP: (Symmetric Multiple Processor) Symmetrical Multi-processor Mode Bigmem: Supports 1G Optimized Core Up: (UNI Processor) Mode of Single Processor
0080 ORACLE installer Why is it garbled? (lnx3000) Now Oracle's installer has problems with Chinese support, you can only use the English interface to install, before performing RunInstaller, execute: export lang = c; export lc_all = c
0081 LINUX color represents what is represented by the file (Sakulagi, a mentally mini) blue representation; green represents executable file; red represents a compressed file; light blue represents a link file; gray represents other files; red flash indicates the link file. The problem; yellow is the device file, including Block, Char, and FIFO. Use Dircolors -P to see the default color settings, including various colors and "bold", underscore, flashing, etc.
0082 mysql's data inventory Where is the place 1. If you use the RPM package installation, you should be in the / var / lib / mysql directory, named Database named 2. If the source code is installed in / usr / local / mysql, should be available / Usr / local / mysql / var, named database name
0083 How to add a hard disk (good gentleted), shut down, physical connection hard disk if it is the IDE hard disk, pay attention to the main, slave the plate settings; if it is a SCSI hard drive, pay attention to selecting an ID number that is not used. Second, boot, check the hard disk has been detected by Linux DMESG | GREP HD * (IDE hard disk) Dmesg | GREP SD * (SCSI hard disk) or Less / var / log / dmesg If you don't detect your new hard drive, restart, Check the connection and see if the BIOS has recognized it. Third, the partition you can use FDISK, SFDisk, or Partition Magic (Partition Magic under Linux), format MKFS 5, modify how to see the partition under the partition under the FSTAB VI / ETC / FSTAB0084 Linux (Q1208C) E2Label / DEV / HDXN, WHERE X = A, B, C, D ....; n = 1, 2, 3 ...
0085 RH8, 9 How to add a new language package after installation (good gentleman) 1.8.0 1. Add the first CD 2.cd / mnt / cdrom / redhat / rpms 3.rpm -ivh TTFONTS-EN_CN-2.11 -29.Noarch.rpm (Simplified Chinese, you can use the Tab key to make up the part of the back, so as not to enter incorrectly) 4.RPM-IVH TTFONTS-ZH_TW-2.11-15.NOARCH.RPM (Traditional Chinese) If you still I want to install Japanese, Korean, try the TTFONTS * .RPM on the second CD. II. 9.0 9.0 is not on the first plate, on the third disk. RPM package name is: TTFONTS-ZH_CN-2.12- 1.Noarch.rpm (Simplified Chinese) TTFONTS-ZH_TW-2.11-19.NOARCH.RPM (Traditional Chinese)
Kingpaul @
04:10 PM published
Linux |
Edit |
Message (0) |
TRACKBACK (0)
Linux classic problem network articles
Http://www.ebcom.cn/news/main/home/ns_detail.php?id=237&nowMenuid=6 &cpath=0048:&catid=48
0001 Let Apache's default character set to Chinese if it is 1. *, Vi httpd.conf found AddDefaultCharset ISO8859-1, changed to AddDefaultCharset GB2312 If it is 2. *, you need to change a place, vi httpd.conf adddefaultcharset iso- 8859-1 Change to AddDefaultCharset Off
0002 Permanently change IP ifconfig eth0 new IP then edit / etc / sysconfig / network-scripts / ifcfg-eth0, modify IP
0003 Remote from Linux Display Windows Desktop (LNX3000) Install RDESKTOP Package
0004 Manually add the default gateway with root users, execute: Route Add Default GW Gateway IP wants to change the gateway
1 vi / etc / sysconfig / network-scripts / ifcfg-eth0 Change Gateway 2 /etc/init.d/network restart
0005 Redhat 8.0 MSN and QQ Download Gaim 0.58: www.linuxsir.orgaim/gaim-0.58-2.i386.rpm Download QQ plug-in for GCC2.9: www.linuxsir.org /gaim/libqq-0.0. 3-ft-0.58-gcc296.so.gz puts the downloaded file in the / temp directory, then delete the GAIM existing in the system, that is, type commands in the terminal emulator: RPM-E Gaim. Start installing the open terminal emulator, continue to perform the following command to install the GAIM version 0.58, namely: CD / TEMP (enter the temp directory) RPM -IVH GAIM-0.58-2.i386.rpm (installation software) When the installation is successful, you can Establish a GAIM icon on the GNOME or KDE desktop. Continue to install QQ plug-in, type command: gunzip libqq-0.0.3-ft-0.58-gcc296.so.gz (decompress file) CP libqq-0.0.3-ft-0.58-gcc296.so / usr / lib / gaim (Copy plug-in to the GAIM library directory) The Software Settings When the GAIM version 0.85 is first launched, the login interface will appear. First select "Plug-in", click "Load" in the Plugin dialog box, load libmsn.so and libqq-0.0.3-ft-0.58-gcc296.so file, and turn it off after confirmation. Then select "All Accounts", continue to click "Add" in the account editor that appears, when you appear, we can enter your QQ or MSN number, login name fill in the QQ number or MSN mailbox. The password fills in the corresponding QQ or MSN password, Alias fill in its own nickname, the protocol selects the corresponding QQ or MSN, and other settings can be default. You can log in when all settings are complete. 0006 Isors 22 port now run what program LSOF -I: 22
0007 View this machine's IP, Gateway, DNS IP: Log in with root, executes ifconfig. Where ETH0 is the first network card, LO is the default device Gateway: Log in to the root user, execute netstat -rn, the Gateway, which is starting with 0.0.0.0, is the default gateway, you can also view the / etc / sysconfig / network file, inside Have a specified address! DNS: more /etc/reslov.conf, the content is specified as follows: Nameserver 202.96.69.38 Nameserver 202.96.64.38
0008 RH8.0 Command Loosing Ping Easy to change the TTL value (cgWeb) #sysctl -w net.ipv4.ip_default_ttl = n (n = 0 ~ 255), if n> 255, TTL = 0
0009 RH8.0 Command Line Easily change the system configuration default (houaq) editing /etc/sysctl.conf, for example, change net.ipv4.ip_forward = 0 to NET.IPV4.IP_FORWARD = 1 After restart, take effect, use sysctl - a View you know
0010 Mount LAN Other Windows Machine Shared Directory Mount -t SmBfs -o UserName = Guest, Password = guest // Machine / Path / MNT / CDROM
0011 Allow | Ban root to modify SSHD_CONFIG: PermitRootLogin No | YES0012 to log in to edit /etc/pam.d/login, remove Auth Required /Lib/security/pam_securetty.so
0013 In Linux ADSL device requires a normal Linux at least one network card broadband device has been applied, and there are some ADSL devices on the market, and they have some subtle differences. It is the process of completing the Internet through virtual dialing, that is, using the PPPoE device to perform virtual dial-up calls, it is an automatic dial-up work after power-on, then left to our interface is RJ45. The gateway that is generally left to our Dalian area is 10.0.0.2. This device is most likely to deal with. Finally, it is directly assigned to a fixed IP, which is relatively easy to deal with it. 1. The first need is dialing: Several devices communicate with the computer via the ETH interface, so the connection of the hardware device is first, especially the broadband cat, must confirm the correctness (otherwise, don't go anything in a while, don't just count, you don't think about me) and start the system, Confirm that the software is installed on the system (to find the user via rpm -qa | grep pppoe), if the user is not installed, in the disc or go online to Down, after installing, perform ADSL with root users Setup, this enters the setting status of ADSL data, requires input to apply for broadband usernames and other information, confirm that there is no problem, accept until the end (inside is E text, but can understand, simple, I usually don't have to use a firewall setting, I can choose 0, everyone can consider). After the configuration is complete, the ADSL-START is executed with root users, which will make ADSL's dial-up work, will be online, if there is any specific problem, look at the log (/ var / log / messages) tells you what. Stop ADSL, execute ADSL-STOP (very simple) 2. The other two are easier to deal with: full-to-day cat: Just set your network card to an IP of a 10 network segment, then the gateway refers to the whole gateway On IP (10.0.0.2) to the cat (10.0.0.2), it is basically not too big to fix IP: like a network card that is configured, it will be fixed by the IP, gateway, and DNS.
0014 Let Linux Auto Synchronization Time (SHUNZ)
Vi / etc / crontab plus a sentence: 00 0 1 * * root rdate -s time.nist.gov
0015 Linux online resources What foreign http://lwn.net/ http://www.yolinux.com/ (FLYING-DANCE BIG BIG PIG) http: // www. Justlinux.com/ http://www.linuxtoday.com/ http://www.linuxquestions.org/ http://www.fokus.gmd.de/linux/ http://www.linux-tutorial.info/ Http://public.www.planetmirror.com/ http://www.freebsdforumus.org/mums/ http://www.netfilter.org/documentation/ http://www - 106.ibm.com/developerWorks/ Linux / domestic http://www.fanqiang.com/ http://www.linuxsir.com/ http://www.chinaunix.net/ http://www.linuxfans.org/(deadcat) http: // Www.linuxeden.com/ http://www.linuxforum.net/ http://www.linuxaid.com.cn/ http://freesoft.online.sh.cn/ http://www-900.ibm. COM / Weightworks / CN / L ... NUX / INDEX.SHTML http://www.neweasier.com/software.html http://www.blueidea.com/bbs/archivecontent...?id=635906 (SQH )
0016 Beijing training point http://www.milkyway.com.cn/
0017 Change Telnet port / etc / service this file you can modify the desired port number. Restart the daemon
0018 Terminal mode has problems (Sakulagi) Export Term = VT100
0019 Imitation Super Terminal, What Program in Linux Connects to Routers and Switches (Alstone) MINICOM
0020 SSH can not automatically disconnect (wind521) That is the Timetou setting, modify the TMOUT variable value
0021 What tools use to make intrusion detection Snort
0022 Tool CChecker or Efernce (Efernce) under Linux
0023 How to monitor all data TCPDUMP IPTRAF
0024 Why is the root performing a lot of commands, and you must be telnet to D, then SU is root, change your su command format, should be Su - root
0025 Close User's POP3 Permissions (TIANSGX) can turn the port of POP3. Find this line POP-3 110 / TCP in File / etc / services to add this line to a #, you can comment out.
0026 Linux Play Flash Animation (MYXFC) LINUX Play Flash Animation With this thing, it will not cause the browser to close (other plugin is not easy to use) first download flash play animation at Linux plugin http://www.collaborium. ORG / OONUX.TAR.GZ TAR ZXVF FLASH_LINUX.TAR.GZ After opening the package, you will see the Linux folder in the Linux file, there are two files LibflashPlayer.so and Shockwaveflash.class, put this Two files copied into the plugin in your browser (the browser is different, the position of the plugin may be different) /usr/lib/mozilla-1.0.1/plugins, you can
0027 Locking WU-FTP User Directory (WANGLA) Editing FTPACCESS Files RESTRICTED-UID * This sentence is important, limiting FTP users in their own directory. 0028 How does the server do not allow Telnet (Know Qiuyi) Server must start the Telnet service && server's firewall priority should be set low
0029 Prevent anyone from using the su order to become root (xiaohu0) 1.vi /etc/pam.d/su auth sufficient /lib/security/pam_rootok.so debug auth request /lib/security/pam_wheel.so group = Wheel 2. The WHEEL group is defined in the / ETC / PAM. D / SU configuration file.
0030 How to make lynx browser to browse Chinese website (Ghost_Vale) browse Simplified Chinese website modification of the following settings Save options to disk: [X] Display and Character Set Display character set: (!) [Chinese________________________] Assumed document character set: [ ISO-8859-1 ______] CJK Mode (!): [ON_] Then move to the bottom ACCEPT CHANGES Press Enter to save, you can, of course your system is to support Simplified Chinese.
The 0031 network card is activated, but it can't be connected. What should I do? (Slock) TRACE, see that it is blinded in that piece. 1.PING ourselves 2.ping DNS 4.trace DNS IF All = Ok The nslookup www.sina.com.cn Ping Sinas Address TRA SINA Address can basically know the results
0032 Using Samba in RedHat9, Win2000 can be accessed, Win98 is not accessible? (Squall2003) If it is a Wind98 necessary to modify the registry: hkey_local_machine / system / correntcontrolset / services / vxd / vnetsUp built a D value: EnablePlainTextPasswd, key value 1
0033 How to get the MAC address of the NIC ARP -A | AWK {Print $ 4}
0034 How to get the IP address of the NIC (MB) ifconfig eth0 | awk / inet addr / {split ($ 2, x, ":"); Print X [2]}
Kingpaul @
04:06 PM published
Linux |
Edit |
Message (0) |
TRACKBACK (0)
Linux Remote Management SSH Guide
Http://www.ebcom.cn/news/main/home/ns_detail.php?id=235&nowMenuid=6 &cpath=0048:0048:00
Openssh
OpenSSH is a free open source implementation of the SSH (Secure Shell) protocol. It replaces Telnet, FTP, Rlogin, RSH and RCP tools with a safe, encrypted network connection tool. OpenSSH supports version 1.3, 1.5, and 2 of the SSH protocol. Since OpenSSH version 2.9, the default protocol is version 2. The protocol uses the RSA key by default.
1. Why use SSH? Using the OpenSSH tool will enhance your system security. All communication using the OpenSSH tool, including passwords, will be encrypted. Telnet and FTP use plain text password and is sent in clear text. This information may be intercepted, the password may be retrieved, and the unauthorized person may use the intercepted password to log in into your system and harm your system. You should use OpenSSH tool collection as much as possible to avoid these security issues. Another reason for using OpenSSH is that it automatically forwards the Display variable to the client machine. In other words, if you run the X window system on your local machine, log in to the remote machine using the ssh command, when you perform a program that requires X on your remote machine, it will be displayed on your local machine. If you prefer graphical system management tools, it is not able to access the server in person, which will make your work open. 2. Configure the OpenSSH server to run the OpenSSH server, you must first determine that you have the correct RPM package. The OpenSSSH-Server package is essential, and it relies on whether the installation of the OpenSSH package. The OpenSSH daemon uses the / etc / ssh / sshd_config configuration file. Red Hat Linux 9 installed default configuration files should be competent in most cases. If you want to configure a daemon with the default sshd_config file, read the SSHD Manual (MAN) page to get the list of keywords that can be defined in the configuration file. To launch the OpenSSH service, use the / sbin / service sshd start command. To stop the OpenSSH server, use the / sbin / service sshd stop command. If you want the daemon to start automatically when booting, see related information to get information about how to manage services. If you reinstall the Red Hat Linux system, any customer who connects to this system before it is re-installed to this system will see the following message after it is reloaded:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@! @@@@@@@@@@ @@@ it is Possible That Someone is doing sometying Nasty! Someone Could Be Eavesdropping on You Right Now (Man-in -The-middle attack! It is also possible what the RSA Host Key Has Just Been Changed. The reloaded system creates a set of new identity identifier keys for yourself; so the customer will see a warning of the RSA host key change. If you want to save the original host key, back up the / etc / ssh / ssh_host * key * file, then restore it after the system is reloaded. This process will retain the identity of the system. When the client is trying to connect to it after the system reloads, they will not see the above warning information. (There is also a solution to see: http://chinaUnix.net/forum/viewtopic.php? T = 109562 & start = 0)
3. Configuring OpenSSH Customers To connect from the client to the OpenSSH server, you must have OpenSSH-Clients and OpenSSH packages on the client machine.
3.1. Use the ssh command SSH command to be the security replacement of the Rlogin, RSH, and Telnet commands. It allows you to log in to the remote machine and execute the command. Use SSH to log in to the remote machine and use Telnet. To log in to a remote machine called penguin.example.net, type the following command under the Shell Tip: SSH penguin.example.net first uses SSH to log in on the remote machine, you will see the news that the following : The Authenticity of Host Penguin.example.Net Cant Be Established. DSA Key Fingerprint IS 94: 68: 3A: 3A: BC: F3: 9A: 9B: 01: 5D: B3: 07: 38: E2: 11: 0c. Are you have you want to contact Continue Connecting (YES / NO) Type Yes to continue. This will add the server to your list of known hosts, as shown in the following message: Warning: permanently added penguin.example.net (RSA) to the list of knosts. Next, you will see You ask the reminder of the remote host password. After entering the password, you will be on the shell prompt of the remote host. If you don't specify a username, you will be delivered to the remote machine on your local client. If you want to specify a different username, use the following command: ssh username@penguin.example.net You can also use SSH -L UserName Penguin.example.net. The SSH command can be used to execute the command without the shell prompt on the remote machine. Its syntax format is: ssh hostname command. For example, if you want to execute the ls / usr / share / doc command on the remote host penguin.example.net, type the following command under the Shell: ssh penguin.example.net ls / usr / share / doc is entered Once the correct password, the content in / usr / share / doc This will be displayed, and then you will be returned to your local shell prompt.
3.2. Using the SCP command SCP command can be used to transfer files between machines through security, encrypted connections. It is similar to RCP. The general grammar transmitted to the remote system to the remote system is: scp localfile username @ tohostname: / newFileName LocalFile Specify the source file, username @ tohostname: / newFileName Specifies the target file. To transfer local file shadowman to your account on penguin.example, type (replace Username with your username): SCP Shadowman Username@penguin.example.net: / home / username The local file shadowman will transfer the / home / username / shadowman file on the penguin.example.net. Transferring remote files to the local system The general grammar is: SCP username @ tohostname: / remotefile / newlocalfile RemoteFile Specify the source file, newLocalFile specifies the target file. Source files can be composed of multiple files. For example, to transfer the contents of the directory / Downloads to the current UPLOADS directory on the remote machine penguin.example.net, click the following command down: SCP / Downloads / * username@penguin.example.net: /uploads/3.3. Using the SFTP command SFTP tool can be used to open a secure interaction FTP session. It is similar to FTP, but it is safe, encrypted. Its general grammar is: sftp username@hostname.com. Once verified, you can use a group and a similar command using the FTP. See the SFTP's Description Page (MAN) to get the list of these commands. To read the instructions page, execute the Man SFTP command under the Shell Tip. The SFTP tool is only available above the OpenSSH version 2.5.0p1.
3.4. Generating the key to connect the passing machine if you don't want to enter the password each time you use SSH, SCP, or SFTP, you can generate a pair of authorization keys. The key must be generated for each user. To generate a key for a user, use the user identity to connect to the remote machine to follow the steps below. If you complete the following steps with root users, only root users can use this pair. Starting from OpenSSH version 3.0, ~ / .ssh / authorized_keys2, ~ / .ssh / knower_hosts2 and / etc / ssh_known_hosts2 will be outdated. SSH protocols 1 and 2 shared ~ / .ssh / authorized_keys, ~ / .ssh / knower_hosts and / etc / ssh / ssh_known_hosts file. Red Hat Linux 9 defaults the SSH protocol 2 and the RSA key. Tips If you reload Red Hat Linux, you want to keep existing keys, back up your .ssh directory in your home directory. After reinstall, copy the directory back to the owner. This process can be performed for all users on the system, including root users.
3.4.1. Generate the RSA key for version 2 to generate RSA key pairs to the SSH protocol version 2. Starting from OpenSSH 2.9, it has become default settings. 1. To generate the RSA key to cooperate with the version 2 of the protocol, click the following command down under the Shell: ssh-keygen -t t is accepts the default location of ~ / .ssh / id_rsa. Enter a password sentence different from your account password, then confirm it. The public key is written to ~ / .ssh / id_rsa.pub. The key is written to ~ / .ssh / id_rsa. Never give the key to anyone. 2. Use the CHMOD 755 ~ / .ssh command to change your .sssh directory license. 3. Copy the contents of ~ / .ssh / id_rsa.pub to the ~ / .ssh / authorized_keys file you want to connect. If ~ / .ssh / authorized_keys does not exist, you can copy ~ / .ssh / id_rsa.pub file to the ~ / .ssh / authorized_keys file on that machine. 4. If you run GNOME, jump to Section 3.4.4. If you are not running the X window system, jump to section 3.4.5. 3.4.2. Generate the DSA key to the version 2 to generate a DSA key pair for the SSH protocol to the SSH protocol. 1. To generate the DSA key pair of version 2 for the protocol, type the following command under the Shell Tip: SSH-KEYGEN -T DSA accepts the default location of ~ / .ssh / id_dsa. Enter a password sentence different from your account password, then confirm it. The tips inword sentence is used to verify a string of vocabulary and characters. The difference between the password and the general password is that you can use spaces or tabs in the password sentence. The port sentence is usually longer than the general password, because they usually use phrases without just one word. The public key is written to ~ / .ssh / id_dsa.pub. The key is written to ~ / .ssh / id_dsa. Needless to present the key to anyone, this is important. 2. Use the CHMOD 755 ~ / .ssh command to change your .sssh directory license. 3. Copy the contents of ~ / .ssh / id_dsa.pub to the ~ / .ssh / authorized_keys file you want to connect. If the file ~ / .ssh / authorized_keys does not exist, you can copy ~ / .ssh / id_dsa.pub file to the ~ / .ssh / authorized_keys file on that machine. 4. If you run GNOME, jump to Section 3.4.4. If you are not running the X window system, jump to section 3.4.5.
3.4.3. Generate the DSA key to version 1.3 and 1.5 to generate the RSA key pair for SSH protocol version 1 for the following steps. If you are only connected between systems using DSA, you don't need RSA version 1.3 or RSA version 1.5 key pairs. 1. To generate an RSA (version 1.3 and 1.5 protocol) key pair, click the following command down under the shell: SSH-KEYGEN -T RSA1 accepts the default location (~ / .ssh / identity). Enter a password sentence with your account password. Enter it once to confirm. The public key is written to ~ / .ssh / Identity.pub. The key is written ~ / .ssh / identity. Don't present your key to anyone. 2. Use the CHMOD 755 ~ / .SSH and CHMOD 644 ~ / .ssh / identity.pub command to change your .ssh directory and key license. 3. Copy the contents of ~ / .ssh / identity.pub to the ~ / .ssh / authorized_keys file you want to connect. If the file ~ / .ssh / authorized_keys does not exist, you can copy ~ / .ssh / identity.pub file to the ~ / .ssh / authorized_keys file on the remote machine. 4. If you run GNOME, jump to Section 3.4.4. If you are not running Gnome, jump to Section 3.4.5. 3.4.4. Configure the SSH-Agent SSH-Agent tool in GNOME to save your password, so you don't have to enter the password each time the SSH or SCP connection is triggered. If you are using gnome, the openssh-askpass-gnome tool can be used to prompt you to enter a password when you log in to GNOME, and keep it until you promise from Gnome. You don't have to enter any ssh or SCP connection to any SSH or SCP connection in this GNOME session. If you don't plan to use GNOME, see Section 3.4.5. To save the password in the GNOME session, follow these steps: 1. You need to install the openssh-askpass-gnome package; you can use the rpm -q openssh-askpass-gnome command to determine if the package has been installed. If it is not installed, the Red Hat FTP mirror site, or use the Red Hat network to install it from your Red Hat Linux disc. 2. Click on "Main Menu" (on the panel) => "Preference" => "More Preferences" => "Session". Then click on the "Startup" tab. Click "Add" to enter / usr / bin / ssh-add in the "Start Command" text field. Set its priority to a number that is high than any existing command to make sure it is finally implemented. The priority number of SSH-ADD is preferably 70 or higher. The higher the priority number, the lower the priority. If you list other programs, the priority of the program should be the lowest. Click "Close" to exit the program. 3. After logging out, log in to GNOME; in other words, restart the X server. After gnome is started, a dialog prompting you to enter a box will appear. Enter the required password sentence. If you configure both DSA and RSA, you will be prompted to enter. From now on, you will not be prompted by the SSH, SCP or SFTP prompts.
3.4.5. Configuring SSH-Agent SSH-Agent can be used to store your password, so you don't have to enter it every time you use SSH or SCP connections. If you are not running the X window system, follow these steps in the shell prompt. If you are running gnome, do not configure it to prompt you when you log in (see Section 3.4.4), this process can be performed in a terminal window similar to XTERM. If you are running X but not gnome, this process can be done in the terminal. However, your password can only be remembered in the terminal window, it is not global settings. 1. Under the Shell Tip, type the following command: Exec / usr / bin / ssh-agent $ shell 2. You type the following command: SSH-ADD then enter your password. If you have more than one key pair, you will be prompted to enter each password. 3. When you log out, the wordword will be forgotten. You must perform these two commands every time you log in to a virtual console or open a terminal window. 4. Other information The OpenSSH and OpenSSL projects are constantly developing, so the latest information about their usual is usually located in their official website. The OpenSSH and OpenSSL tools (MAN) are also a good place for obtaining details.
4.1. Installed Documents * SSH, SCP, SFTP, SSHD, and SSH-KEYGEN's Manual (MAN) page - About the specification page including how to use these commands, and all parameters that can be used with them.
4.2. Useful Website * http://www.openssh.com - OpenSSH FAQ page, error report, mailing list, engineering purpose, and more technical explanation on security functions. * http://www.openssl.org - OpenSSL FAQ page, mailing list, and descriptions for engineering purpose. * http://www.freeessh.org - SSH client software for other platforms.
Kingpaul @
04:02 PM published
Linux |
Edit |
Message (0) |
TRACKBACK (0)
Linux instruction
Http://www.ebcom.cn/news/main/home/ns_detail.php?id=232&nowMenuid=6 &cpath=0048:&catid=48
Name: CAT Use Permissions: All users use mode: cat [-abeensttuv] [--help] [--Version] filename Description: Connect the file to the basic output (screen or plus> filename to another) Parameters: -N or --Number is similar to the number of rows numbers -b or -number-nonblank and -n of all outputs, but it is encountered for blank lines - s or - Squeeze-blank On two consecutive rows of blank lines, it is changed to the blank line of the line -V or -Show-nonprinting
Example: cat -n textfile1> textfile2 Plus TextFile1 files After adding the line number, enter the textfile2. Cat -b textfile1 textfile2 >> TextFile3 adds the file content of TextFile1 and TextFile2 to add the line number (blank line does not add) TEXTFILE3
Name: CD Usage Permissions: All users
How to use: CD [DIRNAME]
Description: Transform work catalog to Dirname. The DiRName representation can be an absolute path or relative path. If the directory name is omitted, transform to the user's Home Directory (that is, the directory where Login is located). In addition, "~" is also expressed as HOME DIRECTORY, "." Means the current directory, ".." indicates the current directory of the current directory location.
Example: Jump to / usr / bin /: cd / usr / bin
Jump to your own home directory: CD ~
Jump to the upper two layers of the current directory: cd ../ ..
Directive Name: CHMOD Usage Permissions: All users
How to use: chmod [-cfvr] [--help] [--version] mode file ...
Description: Linux / UNIX file access rights are divided into three levels: file owners, groups, others. Using CHMOD how to control the file is accessed by others.
Tie count:
Mode: Permissions Set strings, formats are as follows: [Ugoa ...] [[ - =] [RWXX] ...] [, ...], where u indicates the owner of the file, G represents The owner of the file belongs to the same group (group), o represents the other people, and a means that these are all. Represents increased permissions, indicates cancellation, = indicates unique setting permissions. R indicates that readable, W represents written, x represents executable, X represents only when the file is a subdirectory or the file has been set to be executed. -c: If this file authority does have changed, it is displayed in the change action -f: If this file authority cannot be changed, do not display the error message-V: Display permission change - R: All files in current directory Permissions change with the subdirectory (that is, changed by one by one) - HELP: Display Auxiliary Description --Version: Display version
Example: Set the file file1.txt to all people can read: chmod ugo r file1.txt
Setting the file file1.txt to be read: chmod a r file1.txt
Set the file file1.txt and file2.txt to this file owner, with its own same group of groups, but other people cannot write: Chmod Ug W, O-W File1.txt file2.txt
Set an ex1.py to only the file owner can be executed: chmod u x ex1.py
Set all the files and subdirectories in the current directory to anyone read: chmod -r a r *
In addition, CHMOD can also use numbers to indicate rights such as CHMOD 777 File syntax: chmod abc file
Where A, B, C are each number, which represents USER, Group, and Other permissions.
R = 4, w = 2, x = 1 To RWX attribute 4 2 1 = 7; to RW-attribute 4 2 = 6; if the R-X property is 4 1 = 7.
Example: chmod a = rwx file
CHMOD 777 File
Effects the same chmod ug = rwx, o = x file
CHMOD 771 FILE
Effect
If you use CHMOD 4755 FileName, this program has root permissions
Directive Name: Chown Use Permissions: root
How to use: chmod [-cfhvr] [--help] [--version] user [: group] file ...
Description: Linux / UNIX is multi-person multi-work industry, all of which have owners. Use Chown to change the owners of the file. In general, this instruction only is used by the system administrator (root), and the general user has no permissions to change someone else's file owner, and there is no permission to change the owner of its own files to others. Only the system administrator (root) has such permissions. Tie count:
User: New Archive owner's user IDGroup: New Archive owner's User Group (Group) -c: If the file owner does have changed, the change action is displayed - F: If the owner cannot Do not display the error message - H: only for links (LINK), not the LINK, true pointing file -V: Display owner change - R: All files and subdirectories in current directory Perform the same owner change (ie, changed one by one by way) - Help: Display Auxiliary Description --Version: Display version
Example: Set the owner of the file file1.txt to the User Group User Jessie: Chown Jessie: Users File1.txt
Use all files in the current directory with the owner of the subdirectory to users of users Lamport: chmod -r Lamport: Users *
Name: CP Use Permissions: All users
Use mode:
CP [options] Source Dest CP [Options] Source ... Directory
Description: Copy a file to another, or copy several files to another directory.
Put on
-a will copy the file status, permissions and other materials as much as possible. -r If the Source contains a directory name, the files in the directory are also copied to the destination. -f If the destination already has the same file, it is deleted before the replication is removed. Example: Copy the file aaa (already existing) and name BBB: CP AAA BBB
Copy all C language to the finished subdirectory: cp * .c finished
Name: CUT
Use permission: All users
Usage: cut-cnum1-num2 filename
Description: Shows the text that counts Num1 to Num2 from the beginning.
example:
Shell >> Cat Example Test2 this is test1 shell >> Cut -c0-6 example ## print counts the first 6 words TEST2 THIS i
Name: Find usage: Find instructions:
List of files that comply with Expression in the archive system. You can refer to a combination of different information such as the name, category, time, size, permissions, etc., only fully matched.
Find determines the Path and Expression on the following rules, first on the command - (), the previous part is PATH, after which is Expression. If PATH is a empty string, use the current path, if expression is the empty string, use -print as the preset expression
There are more than two or thirty options that can be used in Expression, which only introduces the most commonly used part.
-mount, -XDEV: Only check and specify files under the same archive system, avoid listing files in other file systems - Amin N: Reads in the past N - Annewer File: More than file file Night-read file -Atime N: Files read in the past N: CMIN N: Changed in the past N: -cnewer file: file updated than file file - CTIME N: in the past N Sky-modified file -empty: empty file-gid n or -group name: gid is n or group name is name -ipath p, -path p: path name complies with P's file, IPath ignores case-write- Name name, -iname name: The file name is compliant with the file. INAME ignores uppercase-size N: The file size is n unit, b represents the block of 512-bit yuan group, c represents the number of words, and K means kilo bytes, W is two bit groups. -type C: The file type is C file. D: Directory C: Dictionarized Device Archive B: Block Device Archive P: Total Site F: General Archive L: Symbol Connection S: Socket -Pid N: Process ID This file You can use () Separate the arithmetic And use the following operations. Exp1 -and Exp2! EXPR-NOT EXP1 -OR EXP2 EXP1, EXP2 Example: List of all extended files in the current directory and its subdirectory is C. # Find. -name "* .c"
List all the general files in its underlying directory therefrom # find. -Ftype f
List of all files updated in the current directory and its subdirectory # Find. -Ctime -20
Name: Less
Use permission: All users
Use mode:
Less [option] FileName
Description: The role of Less is very similar to more, can be used to browse the text file, the difference is that the LESS allows the user to scroll back to browse the already seen part, and because the Less does not read at the beginning The entire file, so when you encounter a large file, it will be fast than the general instrument editor (such as VI).
example:
Directive Name: LN Use Permissions: All users
How to use: ln [options] Source Dist, where Option is:
[-BDFINSVF] [-S backup-suffix] [-v {numbered, existing, simple}] [--help] [--version] [-] Description: Linux / UNIX file system, so-called linking ( LINK, we can treat it as an alias of the file, and the link can be divided into two types: hard links and soft links, hard links means that a file can have multiple names, and The soft connection method is to generate a special file, and the content of the file is to point to another file. Hard links are in the same archive system, while soft links can span different archive systems. The LN Source Dist is a link (dist) to SOURCE, as for the use of the hard link or soft link, is determined by the parameter.
Whether it is a hard link or soft link, it will not copy a copy of the original file, and will only take a very small amount of disk space.
-f: The file will first delete the file with the DIST: Allow the system administrator hard link to your directory -i: When deleting the file with the DIST, I'm inquiry -N: In progress When the soft link, the Dist is treated as a general file-S: Symbolic link -V: The file name is displayed before the connection - B: Backup of files that will overwrite or deleted during the link - S Suffix: Plus the backup files - VMETHOD: Specify the way backup - HELP: Display Auxiliary Description --Version: Display version: Zs YY generates a Symbolic link: zz ln -s yy ZZ generates a Hard Link: ZZ LN YY XX in the file yy
Name: Locate Usage Permissions: All users use mode: locate [-q] [-d] [--Database =] locate [-r] [--Regexp =] locate [-qv] [-o] [- Output =] locate [-e] [-f] <[- l] [-c] <[- u] [-u]> locate [-VH] [--Version] [--help] Description: Locate let Users can quickly search for the specified file in the archive system. Its method is to build a database including all file names and paths in the system, and then only query this database when looking for, without having to go deep into the archive system.
In a general distribution, the establishment of the database is placed automatically in the contab. General users use as long as used
# locate your_file_name
The model is OK. Parameters: -u -u
Establish a database, -U will start by the root directory, and -U can specify the starting position.
-e
Will exclude the range of findings.
-l if it is 1. Start safe mode. In safe mode, the user will not see the file that is not available. This will slow down because Locate must obtain the permission information of the file in the actual archive system.
-f Examples of specific archives systems, for example, we have not to put the files in the proc archive system in the database.
-q quiet mode does not display any error messages.
-N is displayed to display an output.
-r Use a regular arithmetic condition for the condition.
-o Specifies the name of the stock.
-d
Specify the path to the database
-h display auxiliary message
-v Show more messages
-V display version of the version of the message:
LOCATE chDRV: Looking for all files called ChDRV locate -n 100 a.out: Look for all files called A.out, but only 100 locate -u: Establish a database
Name: LS Use Permissions: All users
How to use: ls [-ALRTAFR] [name ...]
Description: Displays the contents of the specified working directory (list the files and subdirectories included in the current working directory).
-A Displays all files and directories (LS instead of starting the archive name or directory name "." is considered hidden file, not listed) -L In addition to the file name, file type, permissions, owner, The size of the file is detailed -R -R to display the file in the opposite order (original alphabetical order) -t list -A -A-A, but not listed "." (Current) Directory) and ".." (parent directory) -f plus a symbol after listed; for example, the executable is added "*", the directory is added "/" if there is a file in the directory, then the following The archives are also listed sequentially
Example: List all the names in the current working directory, the beginning of the beginning, the getting upset behind: ls -ltr s *
List all directories and file details below / bin directory: ls -lr / bin
List all files and directories in the current work directory; directory is then added "/", and the file can be executed after the name is added "*": ls -af
Name: More Use Permissions: All users use methods: more [-dlfpcsu] [-num] [ / pattern] [ LINENUM] [filenames ..] Description: Similar to CAT, it will be convenient in one page The user is reading page by page, and the most basic instruction is to press the blank key (Space) to display the next page, press the B button to come back (back) one page, and there is also the function of searching strings (with VI Similarly, in use, press H. Parameters: -Num The number of rows -D prompt users, display [Press Space to Continue, Q to Quit.] Below the screen, if the user presses the wrong button, [Press H for instructions.] Instead of Beep-L cancels the number of function -f calculating rows when the special font ^ L (paper feed character) is met, the number of rows after the actual line, not the number of rows after the automatic wrap (some single line words It will be extended to two rows or more. Old Data-S When there is a blank line with two consecutive lines, the blank line-U does not display the lower quotation marks (depending on the TERMINAL specified by the environment variable TERM) / in each file display Search for the string (Pattern), then start displaying from the string NUM Start displaying filenames from the NUM row to display files to display the contents of the content, can be used as a number of quotable examples: more -s testfile Displays the file content of Testfile If there are two consecutive lines of blank lines display in a row of blank lines. More 20 Testfile starts the contents of Testfile from the 20th line.
Name: MV Use Permissions: All users
Use mode:
MV [Options] Source Dest MV [Options] Source ... Directory Description: Move a file to another file or move several files to another directory. Parameters: -i If the destination already has the same name file, first ask if the old file is overwritten.
example:
Rename the file AAA to BBB: MV AAA BBB
Move all C language to the finished subdirectory: mv -i * .c
Name: RM Use Permissions: All users
How to use: rm [options] name ...
Description: Delete files and directories.
Put on
-i before the deletion, please ask for confirmation one by one. -f even if the original file property is set to read, it is also directly deleted without one by one. -r Detects the directory and below. Example: Delete all C language program files; ask for a one before deleting confirmation: rm -i * .c
Remove all files in the Finished subdirectory and subdirectory: RM -R Finished
Name: RMDIR Use Permissions: All users with appropriate permissions in current directory
How to use: rmdir [-p] DIRNAME
Description: Delete empty directories. Parameters: -P is that when the subdirector is deleted, it will also be deleted by the way.
example:
Remove the subdirectory named AAA in the working directory: RMDIR AAA
In the BBB directory in the working directory, delete the subdirectory called TEST. If the Test is deleted, the BBB directory is empty, then BBB is also deleted. RMDIR -P BBB / TEST
Name: SPLIT Use Permissions: All users
How to use: split [option] [INPUT [prefix]]
Description:
Split a file into several files. From the INPUT division output into a fixed size file, its file name is prefixaa, prefixab ...; prefix preset value is **** x. If there is no input file or **** -, you will be read from the standard input.
匡 兜
-b, --Bytes = Size
The size value is the size of each output file, and the unit is BYTE. -C, --Line-bytes = size
In each output, the maximum number of BYTEs in a single line. -L, --Lines = Number
The Number value is the size of the column size of each output. -Number
The same as -l Number. --Verbose
Print the detection information to standard error output before each output file is opened. --help
Display auxiliary information and then leave. --Version
Listed by this information and then leave. Size can join the unit: b represents 512, K represents 1k, M represents 1 meg.
example:
Postgressql Large Data Library Backup and Recycling:
Because Postgres allows the form to have a largest capacity of your system file, it is possible to have problems with table dump to a single file, and Split is used to divide.
% PG_Dump DBNAME | SPLIT -B 1M - FileName.dump.
Reload
% createDb dbname% cat filename.dump. * | PGSQL DBNAME
Name: Touch Use Permissions: All users
How to use: Touch [-ACFM] [-r reference-file] [-file = reference-file] [-t mmddhhmm [[cc] yy] [-d time] [--DATE = Time ] [- Time = {Atime, Access, Use, Mtime, Modify}] [--NO-CREATE] [--HELP] [--Version] file1 [file2 ...]
Description: Touch instruction changes the time record of the file. LS -L can display the time record of the file.
Parameters: a Changing the read time record of the file. m change the modification time record of the file. C If the purpose file does not exist, it will not establish a new file. Like -No-Create. F is not used, is to retain to compatibility with other UNIX systems. r Use the reference file time record, like the effect of thefile. D Setting time and date, you can use a variety of different formats. T Time Record of the file is set, the format is the same as the DATE instruction. --NO-CREATE does not establish a new file. --Help lists the instruction format. --Version lists this message.
example:
The simplest way of use, change the file when you record the time. If the file does not exist, a new file will be established.
Touch File Touch file1 file2
Change the time record of File to 18:3:39 on May 6, 2,000 years. Time format can refer to the Date directive, at least you need to enter MMDDHHMM, which is the time of months and minutes. Touch-C -T 05061803 File Touch-C -T 050618032000 File
Change the File time record into ReferenceFile.
Touch -R ReferenceFile File
The time record of File is changed to 18:3:36 on May 6, two thousand years old. Time can be used in AM, PM or 24-hour format, and other formats can be used in other formats such as 6 May 2000.
Touch -d "6:03 PM" File Touch -d "05/06/2000" File Touch -D "6:03 PM 05/06/2000" File Name: AT Usage Permissions: All users
How to use: At -V [-q queue] [-f file] [-mldbv] Time
Description: AT allows the user to specify a certain number or instruction in Time, TIME's format is HH: mm, the HH of HH is hour, MM is minutes, or you can specify AM, PM, Midnight, Noon, Teatime (is 4 pm).
If you want to specify the time in more than a day, you can use mmddyy or mm / dd / yy format, where mm is minute, DD is the day, yy refers to the year. In addition, the user can even use a NOW time interval to elastic designation time, where the interval can be Minutes, Hours, Days, Weeks
In addition, the user can also specify Today or Tomorrow to represent today or tomorrow. When the time is specified and press Enter, the AT will enter the conversation mode and ask for input instructions or programs. When you press CTRL D, press Ctrl D to complete all the actions, as for the result of the execution, will be sent back to your account .
Tie count:
-V: Print Publish No. -Q: Use the specified 伫 伫 (Queue) to store, the data of the AT is stored in the so-called queue, and the user can use multiple queue at the same time, and the number of Queue is A, B, C ... Z and A, B, ... Z Total 52 - M: Even if the program / instruction is executed, there is no output result, but also send a letter to the user -f file: read the pre-write command files. Users do not have to use the conversation mode to enter, first write all the specified first to the file once again read -L: List all the specified (the user can also use ATQ directly without AT -L) -D : Delete the specified (the user can use ATRM directly without AT -D) -V: list all completed but not yet deleted specified
Example: 5 pm after three days of execution / bin / ls: AT 5PM 3 days / bin / ls
5 pm after three weeks, execution / bin / ls: AT 5PM 2 Weeks / Bin / LS
Tomorrow's 17:20 execution / bin / date: at 17:20 Tomorrow / BIN / DATE
The last day of 1999 printing the end of world! At 23:59 12/31/1999 echo the end of world!
Name: CAL
Use permission: All users
How to use: CAL [-MJY] [MONTH [YEAR]]
Description:
Display calendar. If there is only one parameter, it represents the year (1-9999), showing the annual calendar. The year must be written: ******** Cal 89 will not be the annual calendar showing 1989. Use two parameters, indicating the month and year. If there is no parameter, this month's calendar is displayed. September 3rd on September 1752, the Western calendar, because most countries used a new calendar, 10 days of removal, so the monthly calendar of the month is somewhat different. It was before this.匡 兜
-M: Displayed on weekdays for weekly first day. -J: Displayed by Kaisa, that is, the number of days from January 1 is displayed. -y: Show this year calendar.
example:
CAL: Shows the monthly calendar of this month.
[root @ mylinux / root] # Date Tue aug 15 08:00:18 CST 2000 [root @ mylinux / root] # Cal August 2000 Su Mo Tu We TH fr Sa 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 25 26 27 28 29 30 31
[root @ MYLINUX / root] #
CAL 2001: Shows the annual calendar of AD.
[root @ mylinux / root] # CAL 2001 2001
January February March Su Mo Tu We TH fr Su Mo Tu We TH fr Sa 1 2 3 4 5 6 1 2 3 1 2 3 7 8 9 10 11 12 13 4 5 6 7 8 9 10 4 5 6 7 8 9 10 14 12 13 14 15 16 17 21 22 23 24 25 25 26 27 18 19 20 21 22 23 24 18 19 20 21 22 23 24 28 29 30 31 25 26 27 28 25 26 27 28 29 30 31
April May June Su Mo Tu We TH fr SU Mo Tu We TH fr Sa 1 2 3 4 5 6 7 1 2 3 4 5 1 2 8 9 10 11 12 13 14 6 7 8 9 10 11 12 3 4 5 6 7 8 9 15 16 17 18 19 19 19 19 10 11 12 13 14 15 16 22 23 24 25 25 262722222222 23 24 25 25 26 17 18 19 20 21 22 23 29 30 27 28 29 30 31 24 25 25 26 27 28 29 30
July August September Su Mo Tu We TH fr SU Mo Tu We TH fr Sa 1 2 3 4 5 6 7 1 2 3 4 1 8 9 10 11 12 13 14 5 6 7 8 9 10 11 2 3 4 5 6 7 8 15 16 17 18 19 20 21 12 13 14 15 16 17 18 9 10 11 12 13 14 15 222 23 24 25 26 27 28 19 20 21 22 23 24 25 25 16 17 18 19 20 21 22 29 30 31 26 2728 29 272324 25 26 27 28 29 30 October November December Su Mo Tu We TH fr SU Mo Tu We TH fr sa su mo tu we th Fr Sa 1 2 3 4 5 6 1 2 3 1 7 8 9 10 11 12 13 4 5 6 7 8 9 10 2 3 4 5 6 7 8 14 15 16 17 18 19 20 11 12 13 14 15 16 17 9 10 11 12 13 14 15 21 22 23 24 25 25 26 27 18 19 20 21 22 23 24 22 28 29 30 31 25 26 27 28 29 30 23 24 25 26 27 28 29 30 31 [Root @ mylinux / root] #
CAL 5 2001: Shows AD in May 2001.
[root @ mylinux / root] # CAL 5 2001 May 2001 Su Mo Tu We TH fr Sa 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
[root @ MYLINUX / root] #
Cal -m: The first day of week is the week, showing this month.
[root @ mylinux / root] # Cal -m August 2000 Mo Tu We TH fr SU 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
[root @ MYLINUX / root] #
Cal -jy: Displays the number of days from January 1st.
[root @ mylinux / root] # Cal -jy 2000
January February Sun Mon Tue Wed Thu Fri Sat 1 32 33 34 35 36 2 3 4 5 6 7 8 37 38 39 40 41 42 43 9 10 11 12 13 14 15 44 45 46 47 48 49 50 16 17 18 19 20 21 22 55 57 23 24 25 26 27 28 29 58 59 60 30 31 March April Sun Mon Tue Wed Thu Fri Sat Sun Mon Tue Wed Thu Fri Sat 61 62 63 64 92 65 66 67 68 69 70 71 93 94 95 96 97 98 99 72 73 74 75 76 77 78 100 101 102 103 104 105 106 79 80 81 82 83 84 85 107 108 109 110 111 112 113 86 87 88 89 90 91 114 115 116 117 118 119 120 121 May June Sun Mon Tue Wed Thu Fri Sat 122 123 124 125 128 129 130 131 132 133 134 156 157 158 159 160 161 162 135 136 137 138 139 140 141 163 164 165 166 167 144 145 146 147 148 174 171 172 173 174 175 176 149 150 151 152 177 178 179 180 181 182july August Sun Mon Tue Wed Thu Fri Sat Sun Mon Tue Wed Thu Fri Sat 183 214 215 216 217 218 184 185 186 187 188 189 190 219 220 221 222 223 224 225 191 192 193 194 195 196 197 226 227 228 298 29 200202020220220220220220 209 202 211 240 241 242 243 244 212 213 September October Sun Mon Tue Wed Thu Fri Sat Sun Mon Tue Wed Thu Fri SAT 245 246 275 279 277 278 279 280 282 251 252 253 282 287 288 254 255 256 297 258 259 260 289 290 291 292 293 294 295 261 262 263 264 265 266 267 296 297 298 299 300 301 302 268 269 270 271 272 273 274 303 304 305
November December Sun Mon Tue Wed Thu Fri Sat 303 333 314 315 316 338 339 344 341 342 343 344 317 318 319 320 321 322 323 345 346 347 348 349 350 351 324 325 326 327 328 329 330 352 353 358 335 332 333 334 335 359 360 361 362 363 364 365 366 [root @ mylinux / root] #
Name: crontab Use Permissions: All users
Use mode:
Crontab [-U user] filecrontab [-u user] {-l | -r | -e} Description: crontab is used to make users in fixed time or fixed interval executable, in other words, similar to use Time history. -u user refers to the schedule that sets the specified user. This premise is that you have to have its permissions (such as root) to specify the schedule of others. If you don't use -u user, it means to set your own schedule.
Number of meals:
-e: Perform a text editor to set a time program, the contents of the text editor is VI. If you want to use the other text editor, please set the Visual environment variable to specify the use of that text editor (for example STENV Visual Joe) -r: Delete the current Turkey -L: List the current schedule
The format of the schedule is as follows: F1 F2 F3 F4 F5 Program
Where F1 is a minute, F2 represents hours, and F3 represents the first few days in one month, and F4 represents the month, F5 represents the first few days in the week. Program represents the program to be executed. When F1 is *, the Program is executed every minute, and the F2 is * indicates that the program is executed per hour, and the remaining classes have been applied to the first time to be AB, which is executed from the first minutes to the third time, F2 is When AB is executed from paragraphs A to B, the remaining classes are pushed to * / n when the f1 is * / N, indicating that each time interval is executed once, and F2 is * / n to execute each time time interval, the remaining classes When F1 is A, B, C, ... is shown in paragraph A, B, C, ... minutes to perform, F2 is A, B, C, ... indicated first, b, c ... Hourly to be executed, the rest
Users can also store all settings first in the file file, and set the time schedule in the way in the CRONTAB FILE. Example:
Perform once a day per hour per hour / bin / ls: 0 7 * * * / bin / ls
In December, 6:00 pm every day, per 20 minutes per 20 minutes / usr / bin / backup: 0 6-12 / 3 * 12 * / usr / bin / backup
On Monday to Friday, send a letter to Alex@domain.name: 0 17 * * 1-5 mail -s "hi" alex@domain.name
Every month, daily midnight 0:20, 2:20, 4:20 .... Executive Echo "Haha" 20 0-23 / 2 * * * echo "Haha"
Note:
After executing the time you specified, the system will send you a letter to you, show the program executed, if you don't want to receive such a letter, please add> / dev after each line of empty / NULL 2> & 1. Name: Date Use Permissions: All users
Use mode:
Date [-u] [-d datestr] [-s datestr] [--UTC] [--Universal] [--date = datestr] [--SET = DATESTR] [--help] [--version] [ FORMAT] [MMDDHMM [[CC] YY] [. Ss]]
Description:
Date can be used to display or set the date and time of the system. In the display, the user can set the format that wants to display, the format is set to a plurality of plus numbers, where the available tag list is as follows:
Time:
%: Print% N: Next VII T: Jumping% H: Hours (00..23)% i: Hours (01..12)% K: Hours (0..23)% l: hour ( 1..12)% M: Minutes (00..59)% P: Display local AM or PM% R: Direct display time (12 hours, format HH: MMS [AP] M)% s: from 1970 January 1 00:00:00 UTC to the second few% S: Second (00..61)% T: Direct display time (24 hours)% x: equivalent to% h:% m:% s % Z: Show time zone
Date:% A: Sun..SAT)% A: Sunday..saturday% B: Month (JAN..DEC)% B: January..DecEmber)% C: Direct display Date and time% D: Japan (01..31)% d: Direct display date (mm / dd / yy)% h: same% b% J: The first few days in the year (001..366)% M : Month (01..12)% u: the first day of the year (@53) (in the first day of Sunday)% W: The first day of the week (0..6 )% W: The first day of the year (00..53) (the first day of Monday)% x: Direct display (mm / dd / yy)% Y: The last two of the year Digital (00.99)% Y: Complete Year (0000..999)
If it does not start with the plus sign, it means to set the time, and the time format is MMDDHHMM [[CC] yy] [. SS], where mm is month, DD is the day, HH is hour, MM is minutes, CC is The first two digits, YY is two digits after year, and SS is the number of seconds:
-d DateStr: Displays the time (non-system time) set in DateStr - Help: Display Auxiliary Message - S DateStr: Set the time to date in DateStr to display the current Greenwich Time --Version: Display version number
Example: During the display time, the current date is displayed: Date % T% N% D
Display month and day: DATE % B% D
Display date and set time (12:34:56): Date --Date 12:34:56
Note:
When you don't want to have meaningless 0 (for example, 1999/03/07), you can insert - symbols in the mark, such as Date % - H:% - M:% - S will not be in seconds The meaning of the meaning is removed, like the original 08:09:04 will be changed to 8: 9: 4. In addition, only the permissions (such as ROOT) can set the system time.
When you change the system time with the root identity, please write the system time in CMOS in CLOCK -W so that the system time will continue to hold the latest correct value when it is rebooted next time. Name: SLEEP Use Permissions: All users
How to use: Sleep [--help] [--version] Number [SMHD]
Description: Sleep can be used to delay the current action for a while
Parameter Description :
--help: Display auxiliary message --Version: Display version number Number: Time length, back can be connected to S, M, H or D in seconds, m is minutes, H is hour, D is the number of days
Example: Show current time after delay in 1 minute, then display time again: Date; Sleep 1M; Date
Name: Time Use Permissions: All users
How to use: Time [Options] Command [arguments]
Description: The use of the Time command is information such as time and system resources that measure the time and system resources required for specific instructions. For example, CPU time, memory, input and the like, and the like. Special attention is required is that some information can not be displayed on Linux. This is because the allocation of some resources on Linux is not the same as the TIME instruction, so that the TIME instruction cannot be obtained.
Put on
-o or --output = file setting result Output file. This option writes the output of the Time to the specified file. If the file already exists, the system will override its content. -A or --Append cooperation -o use, will write the result to the end of the file without overwriting the original content. -f format or - format = format Sets the display mode with the Format string. When this option is not set, you will use the system preset format. However, you can use the environment variable time to set this format, so you don't have to set it once every login system. In general setting, you can use t to indicate the jumping column, or use n to refer to the wrap. Each material uses% as a preamble. If you want to use a percentage symbol in the string, use it. (People who learn C language will feel very familiar) Time instructions can display four major items, respectively:
Time Resources Memory Resources Io Resources Command Info
The detailed content is as follows:
Time Resources E Execute the time spent in the instruction, the format is: [Hour]: minuteecond. Note that this number does not represent the actual CPU time. e Execute the time spending the instruction, the unit is second. Note that this number does not represent the actual CPU time. The time spent on the core mode during the execution of the S command is seconds. U The time spent in the user mode during execution, the unit is second. P Execute the occupation ratio of the CPU when the command is executed. In fact, this number is the core mode plus the CPU time of the user mode divided by total time.
The maximum value of the entity memory occupied by Memory Resources m. The unit is the average value of the entity memory occupied by KB T execution, and the unit is the total amount of memory occupied by the KB K executive program (STACK DATA TEXT), and the unit is self-information of the KB D execution program. The average size of the unshared data isa, the unit is the average size of the unshared stack of the KB P executable, and the unit is the average of the shared text. The unit is a KB Z system. The size of the memory page is byte. This is the number of major memory pages of this program for the same system. The so-called main memory page error is that a memory page has been replaced into the SWAP file and has been assigned to other programs. At this point, the content of this page must be read again from the replacement. R The number of times the secondary memory page of this program is incorrect. The so-called secondary memory page error is that although the memory page has been replaced into the replacement file, it is not allocated to other programs. At this point, the content of this page is not broken, and it is not necessary to read it from the replacement. W This program is forced to interrupt (like allocated CPU time depletion). Voluntary interruption (like a number of files entered by the number of I / O execution, like a disk reading, etc.), the number of files outputted by this program R R RO of this program R This program has received Socket Message S Signal (Signal) received by this program
Command INFO C is executed with the end code of the command name X command (Exit Status)
-p or --Portability This option will automatically set the display format as: Real% e user% u sys% s The purpose is to be compatible with POSIX specifications. -v or --verbose This option lists the resources used in all programs, not only in general English statements, but also instructions. People who don't want to spend time to set or just start to contact this instruction is quite useful.
Example: Use the following instructions TIME -V PS -AUX
We can get the results of PS -AUX and the system resources taken. As listed below: User PID% CPU% MEM VSZ RSS TTY Stat Start Time Command Root 1 0.0 0.4 1096 472? S APR19 0:04 Init Root 2 0.0 0.0 0 0? SW APR19 0:00 [KFlushd] root 3 0.0 0.0 0 0? SW APR19 0:00 [KPIOD] ... root 24269 0.0 1.0 2692 996 PTS / 3 R 12:16 0:00 ps -aux
Command being timed: "ps -aux" User Time (Seconds): 0.05 System Time (Seconds): 0.06 Percent of CPU this Job Got: 68% ELAPSED (H: MMS or MS): 0: 00.16 Average shared text size (kbytes): 0 Average unshared data size (kbytes): 0 Average stack size (kbytes): 0 Average total size (kbytes): 0 Maximum resident set size (kbytes): 0 Average resident set size (kbytes): 0 Major (requiring I / O) page faults: 238 Minor (reclaiming a frame) page faults: 46 Voluntary context switches: 0 Involuntary context switches: 0 Swaps: 0 File system inputs: 0 File system outputs: 0 Socket messages sent: 0 Socket Messages Received: 0 page size (bytes): 4096 Exit status: 0 Name: uPtime Usage Permissions: All users User use: uptime [-v] Description: Uptime provides the following information, no other parameter:
The current time system is running to the current time connected to the number of users recently, five minutes and fifteen - system load parameters: -v Displays the version information. Example: Uptime The result is: 10:41 AM UP 5 Days, 10 min, 1 Users, Load average: 0.00, 0.00, 1.99
Name: CHFN
Use permission: All users
Usage: shell >> CHFN
Description: Provide users to change individual information for Finger and Mail UserName
example:
Shell >> CHFN Changing Finger Information for User Password: [DEL] Name []: Johnney Huang ### provides information when providing finger office []: nccu office phone []: [del] home phone []: [DEL]
Name: chsh
Use permission: All users
Usage: shell >> Chsh
Description: Change the user shell setting
example:
Shell >> Chsh Chang1 Password: [DEL] New shell [/ bin / tcsh]: ### [is currently used shell] [DEL]
Shell >> Chsh -l ### 展 / / etc / shells file content / bin / bash / bin / sh / bin / ash / bin / bsh / bin / tcsh / bin / csh
"Finger" Name: Finger Use Permissions: All users
How to use: finger [Options] user [@address]
Note: Finger allows the user to query some other user's information. The information will be listed is: login name user name home directory shell login status mail status .flan.project .forward
Where. PLAN, .Project and .Forward are the data in the file in his Home Directory. ProWard, etc. If there is no. The Finger directive is not limited to queries on the same server, or you can find users on a remote server. Just give an address like an e-mail address. Put on
-l multi-line display.
-s single line display. This option only displays the login name, real name, terminal name, idle time, login time, office number, and phone number. This option is invalid if the user is the user of the remote server.
Example: The following instructions can check the information of this machine administrator: Finger root
The results are as follows: login: root name: root directory: / root shell: / bin / bash never logged in. No mail. No plan.
Name: Last
Use permission: All users
How to use: shell >> Last [Options]
Explanation: The display system has been a message from the beginning of the month.
Put on
-R 省 Hostname's field -Num show before NUM UserName display username login message TTY Login message Contains Terminal code
example:
SHELL >> Last -R -2 Johnney PTS / 1 MON AUG 14 20:42 Still Logged in Johnney PTS / 0 MON AUG 14 19:59 Still Logged in
WTMP Begins Tue Aug 1 09:01:10 2000 ### / var / log / wtmp
SHELL >> Last-2 Minery Minery PTS / 0 140.119.217.115 Mon Aug 14 18:37 - 18:40 (00:03) Minery PTS / 0 140.119.217.115 Mon Aug 14 17:22 - 17:24 (00:02 )
WTMP Begins Tue Aug 1 09:01:10 2000
Name: login
This order will not be done! Oh, I am not here, I have a push ink to delay everyone's beautiful youth ^ _ ^
Name: Passwd
Use permission: All users
How to use: Passwd [-k] [-l] [-u [-f]] [-d] [-s] [username]
Description: Used to change the password of the user
Parameters: -k
-L
-u
-f
-d Close the user's password authentication function, the user will not be able to enter a password when logging in, and only the user who has root privileges can be used.
-S Displays the specified user's password authentication species, only the user who has root privileges can be used.
[username] Specifies the account name.
Name: WHO use power line: all users can use
How to use: WHO - [husfv] [user]
Note: There are those users in the display system being on, and the data displayed contains the user ID, the terminal used, connected from there, online time, lag time, CPU usage, action, etc.
Tie count:
-H: Do not display the title column -u: Do not display the user's action / work-S: Use the short format to display -f: Do not display the user's online location -V: display program version name: / etc / aliases use Permissions: System Manager Usage: Please use the newaliase update database Description: Sendmail uses an action that converts the user name transition in / etc / aliases. When sendmail receives a letter to XXX, it will be given to another by the content of the AliaSS file. This feature creates a user who is only valid in the letters system. For example, Mailing List uses this feature. In MailingList, we may create a mailingList called Redlinux@link.ecpi.edu, but actually doesn't have a user named RedLinux. The actual AliaSS file is to receive the Mailing List processing of the Mailing List processing. / etc / aliases is a file file, Sendmail requires a binary format /etc/aliases.db. NEWALIASES's functional is to convert / etc / aliases into a repository that SENDMAIL can understand. Example: # newaliases
The following command will do the same thing, # sendmail -bi
Related Commands: Mail, Mailq, Newaliases, Sendmail
"Mail [Back] Name: Mail
Use permission: All users
How to use: mail [-iinv] [-S Subject] [-c cc-addr] [-b bcc-addr] user1 [user 2 ...]
Note: Mail is not only an instruction, but Mail is also an email program, but people who use Mail to read the letter should be very few! For system managers, Mail is useful, because managers can write to Script with Mail, regularly send some memorandum of reminder systems.
Parameters: I ignore the interrupt signal of TTY. (Interrupt) I forced to set up interactive mode. (Interactive) V lists the message, such as the location, state, etc. of the send letter, etc. (Verbose) N Do not read the mail.rc setting file. S Mail title. C CC mail address. B BCC email address.
example:
Get the letter to one or more email addresses, because no other options are added, the user must enter the contents of the title and the letter. User2 does not have a host position, it will be given to the user2 user of the mail server.
Mail User1@email.address mail user1@email.address user2
Sending the content of mail.txt to user2 simultaneously CC to USER1. If you set this line instruction to cronjob, you can send a memo to the system user.
Mail -s Title - C User1 USER2 Directive: MESG Use Permissions: All users How to use: MESG [y | n] Explanation: Decide if other people are allowed to pass on their own terminal Put on Y: Allow messages to the terminal interface. n: Do not allow messages to the terminal interface. If there is no setting, the message delivery is fixed by the terminal interface. Example: Changing the current message setting, changed to the end mesh: MESG N Directives related to MESG are: Talk, Write, Wall. Name: / etc / aliases Use Permissions: System Manager Usage: NewaliaSs Description: Sendmail uses an action that converts the user name transition in / etc / aliases. When sendmail receives a letter to XXX, it will be given to another by the content of the AliaSS file. This feature creates a user who is only valid in the letters system. For example, Mailing List uses this feature. In MailingList, we may create a mailingList called Redlinux@link.ecpi.edu, but actually doesn't have a user named RedLinux. The actual AliaSS file is to receive the Mailing List processing of the Mailing List processing. / etc / aliases is a file file, Sendmail requires a binary format /etc/aliases.db. NEWALIASES's functional is to convert / etc / aliases into a repository that SENDMAIL can understand. Parameters: No parameters. Example: # newaliases The following command will do the same thing, # sendmail -bi Related Commands: Mail, Mailq, Newaliases, Sendmail Name: Talk Use Permissions: All users Use mode: Talk Person [TTYNAME] Description: Talk to other users Tie count: Person: Prepare the user account, if the user can enter Person@machine.name ttyname on other machines: If the user has more than two TTY connectors, you can choose the right TTY message. Example. 1: Talking to the user Rolland on the machine now, then Rollaend has only one connection: Talk Rolland The next step is to respond, if rollaend accepts, rollaend input **** talk jzlee **** can start talking, press CTRL C Example. 2: Talk to the user Rolland on Linuxfab.cx, use PTS / 2 to talk: Talk RollaEnd@linuxfab.cx PTS / 2 The next step is to respond, if rollaend accepts, rollaend input **** talk jzlee@jzlee.home *** can start talking, please press CTRL C Note: If the word of the screen will appear abnormal characters, try to update the screen picture in Ctrl L. Name: WALL Use Permissions: All users Use mode: Wall [Message] Instructions: Wall transmits the message to each MESG to set it to YES. When using the terminal interface as standard, add EOF (usually using Ctrl D) Example: Communication "hi" gives each user: Wall Hi Name: WRITE Use Permissions: All users Use mode: Write user [TTYNAME] Description: Communication to other users Tie count: User: User account TTYNAME: If the user has more than two TTY connectors, you can choose the right TTY message. Example. 1: The news is given to ROLLAEND, and Rolland has only one connection: Write Rolland The next is to hit the message, please press CTRL C. Example .2: Communication to Rolland, Rolland's connection has PTS / 2, PTS / 3: Write RollaEnd PTS / 2 Next, hit the message, please press CTRL C Note: If the other party sets MESG N, the interpretation will not pass to the other party. Name: Kill Use Permissions: All users Use mode: Kill [-s signal | -p] [-a] pid ... kill -l [signal] Description: KILL sends a specific signal (Signal) to the stroke ID as a specific action based on this signal, If there is no designation, the preset is to send a signal to terminate (TERM). -S (Signal): Among them, the signals are HUP (1), KILL (9), TERM (15), which represents heavy run, cut off, end; detailed signals can be printed with the PID Do not send the signal -L (Signal): list all available signal names: Cut the PID 323 (KILL): Kill -9 323 Running the PID of 456 (Restart): Kill-Hup 456 Name: NICE Use Permissions: All users How to use: nice [-n adjustment] [-adjustment] [--adjustment = adjustment] [--help] [--version] [Command [arg ...]] Description: Execute the program with a changed priority, if not specified, print the current scheduled priority, the internal Adjustment is 10, the range is -20 (highest priority) to 19 (minimum priority) Put on -n adjustment, -adjustment, --adjustment = Adjustment is the addition of the original priority Adjustment --Help Display Self-Help Display Release Information Example: Put the priority of the LS 1 and execute: nice -n 1 ls Add 10 priority sequences and execute: Nice LS adds the priority of the LS 10 and execute Note: Priority is used for the job system to determine the parameters assigned by the CPU. Linux uses the "Round-Robin" to do the CPU schedule, the higher the priority, the cpu time that may be obtained more. Name: PS Usage Permissions: All users use mode: PS [options] [--help] Description: Show the dynamic parameters of the moment: PS [Options] Dynamic parameters: PS is very large, only a few common parameters are listed here and Ondering Introduction Meaning-A List All Tour-W Display Widening You can display more information -au Display more detailed information -Aux Display all strokes that contain other users Au (x) output format: User PID% CPU% MEM VSZ RSS TTY Stat Start Time Command User: PID% PID: PID% CPU: User CPU Usage% MEM: Occupied Memory Usage VSZ: Used Virtual Memory Size RSS: Used Memory Size TTY: The secondary device number of the terminal Stat: The state of this stroke: D: Uninterrupted stationary (通 □ □ b performs I / O action) R: is being executed : Static status T: Pause to execute Z: No to exist but temporarily unable to eliminate W: Not enough memory paging assigns <: high priority stroke N: low priority stroke L: There is a memory paging assignment and lock in memory In vivo (instant system or AI / O) START: Time Time Time: Performed Time Command: The instructions executed: Ps Pid Tty Time CMD 2791 TTYP0 00:00:00 TCSH 3092 TTYP0 00:00:00 PS% PS -A PID TTY TIME CMD 1? 00:00:03 INIT 2? 00:00 KFlushd 3? 00:00 : 00 Kpiod 4? 00:00:00 kswapd 5? 00:00:00 mdrecoveryd .......% PS -AUX User PID% CPU% MEM VSZ RSS TTY Stat Start Time Command Root 1 0.0 0.7 1096 472? S Sep10 0:03 init [3] root 2 0.0 0.0 0 0? SW SEP10 0:00 [KFLUSHD] root 3 0.0 0.0 0 0? SW SEP10 0:00 [KPIOD] root 4 0.0 0.0 0 0? SW SEP10 0: 00 [kswapd] ........ Name: PStree Use Permissions: All users use methods: pstree [-a] [-c] [-h | -hpid] [-l] [-n] [-p] [-u] [-g | -u ] [PID | User] PStree -V Description: Display all the strokes in a tree map, the tree map will be the root (root) in PID (if there is specified) or in init, if there is a specified user ID, the tree map only shows the stroke parameters owned by the user: -a Displays the full instructions and parameters of the stroke, if it is replaced by the memory body, it will add bracket -c if there is a rebound The trip name is listed separately (the preset value will be added in front] * Example: PStree INIT - - AMD | -APMD | -ATD | -HTTPD --- 10 * [httpd]% PSTree -P init (1) - - AMD (447) | -APMD (105) | -ATD (339)% PStree-CIT - - AMD | -APMD | -ATD | -HTTPD - - httpd | | - httpd | | -httpd .... Name: RENICE Use Permissions: All users How to use: renice priority [[-p] pid ...] [[-g] pgrp ...] [[-U] user ...] Explanation: Refaten a priority of one or more strokes (one or more will depend on the above parameters) Put on -p PID re-specifies the ID of the ID of the stroke to the priority of the stroke of the PID -G PGRP re-specifies the id of the stroke group (one or more) of the PGRP (one or more) priority -u user re-specifies the stroke owner Example of priority for User Tour: Tour of the stroke ID of 987 and 32 is Daemon and root priority number plus 1: renice 1 987 -u daemon root -p 32 Note: Each trip ( Process has a unique ID Name: TOP Usage Permissions: All users How to use: TOP [-] [D DELAY] [q] [c] [s] [s] [i] [n] [b] Explanation: Display Process dynamics instantly Put on D: Change the displayed update speed, or press SQ: No delay display speed, if the user has the permission of Superuser, TOP will perform C: Switching the display mode, there are two modes, one is only the name of the execution file, the other is to display the full path and the name S: cumulative mode, the CPU Time of the DEAD CHILD Process, which will complete or disappear. Cumulative S: Safety mode, cancel the conversation instruction, avoid potential crisis i: No idle (IDLE) or useless (Zombie) stroke N: update number, will exit TOP B: Batch file after completion Mode, with "N" parameters, can be used to output TOP's results to the file Example: Show out after ten times to display; top -n 10 Users will not use the conversation instruction to the stroke command: top -s Enter the update display twice into the file name to top.log: TOP-N 2 -B Name: Skill Use permission: All users How to use: skill [signal to send] [options] Select the rules of the program Description: Send a signal to the executable program, the preset message is Term (interrupt), the more often used information is HUP, INT, KILL, STOP, CONT, and 0 The message has three ways: -9, -sigkill, -kill, can use -l or -l already listed the available messages. General parameters: -f fast mode / has not been completed -i interactive mode / each action will be confirmed -V Detailed output / list of selected programs -w Intelligent warning message / has not been completed -n no action / display program code Parameters: The rules of the selection can be that the terminal code, the user name, the program code, the command name. -T Terminal Code (TTY or PTY) -u user name -P program code (PID) -c Command Name You can use the signal: The known signal name, signal code, and function will be listed below. Name (code) function / description ALRM 14 leaves HUP 1 leave INT 2 leave Kill 9 leaves / forced close PIPE 13 leaves Poll leaves PROF leave Term 15 leaves USR1 leaves USR2 leaves VTALRM leaves STKFLT leaves / only for I386, M68K, ARM, and PPC hardware Unused leaves / only for I386, M68K, ARM, and PPC hardware TSTP stop / generate behavior related to content TTIN stop / generate behavior related to content Ttou stop / generate behavior related to content STOP stop / forced shutdown CONT From the new start / if the stop state is started, otherwise ignore PWR ignores / leave Winch ignore in some systems CHLD ignores ABRT 6 core FPE 8 core Ill 4 core Quit 3 core SEGV 11 core TRAP 5 core SYS core / perhaps no actual EMT core / perhaps no actual BUS core / core failure XCPU core / core failure XFSZ core / core failure example: Stop all program skill -kill -v pts / * on the PTY device Stop three users USER1, User2, user3 skill -stop user1 user2 user3 Other related commands: kill Name: EXPR Use permission: All users ### string length Shell >> EXPR Length "this is a test" 14 ### Digital Commercial Number Shell >> EXPR 14% 9 5 ### From the location Shell >> EXPR SUBSTR "this is a test" 3 5 IS IS ### Digital Skewers Only The First Character Shell >> Expr Index "Testforthegame" E 2 ### String truly reproduced Shell >> EXPR Quote Thisisatestfor Mela ThisisateStFormela Name: TR ### 1. Compare to the part to change all uppercase files in the directory to lowercase files? There seems to be many ways, "TR" is one of them: #! / bin / sh DIR = "/ tmp / testdir"; files = **** Find $ dir -type f ****; for i in $ files do dir_name = **** DIRNAME $ i ****; ori_filename = ** ** BaseName $ I **** New_FILENAME = **** Echo $ Ori_FileName | TR [: Upper:] [: Lower:] ****> / dev / null; #echo $ new_filename; mv $ dir_name / $ Ori_FileName $ DIR_NAME / $ New_FILENAME DONE ### 2. ourselves ... LowerCase to Uppercase Tr Abcdef ... [DEL] ABCDE ... [DEL] TR A-Z A-Z TR [: Lower:] [: Upper:] Shell >> Echo "this is a test" | TR A-Z A-Z> WWW shell >> Cat WWW this is a test ### 3. Remove the string of unwanted Shell >> Tr -d this ### Remove the T.E.T this Man MAN Test E ### 4. Replace strings Shell >> Tr - "this" "Test" this test th te TE Directive: CLEAR Utue: Clear the screen. How to use: Enter clear on Console. Name: Reset, Tset How to Use: Tset [-iqqrs] [-] [-e ch] [-i ch] [-k ch] [-m mapping] [Terminal] Instructions for use: Reset actually and tset is a command that is the purpose of setting the terminal. In general, this command will automatically determine the current terminal of the current terminal from the environment variable, command column, or other configuration. If the specified type is?, This program will ask the user to enter the terms of the terminal. Since this program sets back the terminal back to the original state, in addition to the use of login, when the system terminal enters some strange states because the program is not properly executed, you can also use it to reset the terminal O, for example Be careful to enter the binary file with the CAT directive to the terminal, often there is a terminal that does not respond to the keyboard input, or responds to some strange characters. You can reply to the original state with RESET. Option Description: -p Displays the terminal category on the screen, but does not make the set action. This command can be used to achieve the category of the current terminal. -e ch Associates the ERASE unit into a CH -I CH to set the interrupt character into ch -K CH will delete the character of the row to set a CH -I to do the set action. If there is no option -Q, ERASE , The current value of the interrupt and deletion of the character will still be sent to the screen. -Q Do not display ERASE, interrupt, and delete the value of the character to the screen. -r Prints the terminal machine class on the screen. -s Send the typed string of the command to the TERM to the terminal, usually in .login or .profile example: Let the user enter a terminal model and set the terminal to the type. Preset status. # RESET? Set the ERASE character set Control-h # reset -e ^ b Display the string of setting on the screen # reset -S Erase IS Control-B (^ b). Kill IS Control-U (^ U). Interrupt IS Control-C (^ c). Term = xterm; Name: Compress Use permission: All users How to use: Compress [-dfvcv] [-B Maxbits] [file ...] Note: Compress is a fairly ancient UNIX file compression instruction. The compressed file will add a .z extended file name to distinguish an uncompressed file, and the compressed file can be decompressed in uncompress. To press the plurality of files into a compressed file, you must first turn the archive Tar and then compress. Since Gzip can generate more ideal compression ratios, the general people have changed more Gzip to archive compression tools. Parameters: c Output Results to standard output devices (General referred to screen) F Forced writing files, if the destination already exists, it will be overwritten (force) the message executed by the program on the screen (Verbose) B The upper limit of the number of common strings is set, and the value can be set to 9 to 16 BITS with bit yuan. Due to the larger value, the more common strings that can be used, the larger the compression ratio, so the preset value 16 bits (bits) D will use the compressed file unzipped the V listing message. example: Complicate Source.dat into source.dat.z, if Source.dat.z already exists, the content is overwritten by the compressed file. Compress -f Source.dat Complicate Source.dat into source.dat.z and prints the compression ratio. -v and -f can be used together Compress -VF Source.dat When the compressed data is output, import Target.dat.z can change the compressed file name. Compress -c Source.dat> Target.dat.z The larger the value of -b, the larger the compression ratio, the range is 9-16, and the preset value is 16. Compress -b 12 Source.dat Unfolding Source.dat.z into Source.dat. If the file already exists, the user presses Y to determine the coverage file, and the file will be automatically covered if the -df program is used. Since the system will automatically join .Z is an extended file name, Source.dat will automatically be treated as Source.dat.z. Compress -d source.dat compress -d source.dat.z Name: LPD Use permission: All users How to use: LPD [-l] [#port] LPD is a resident printing machine management, which manages local or distal printers based on / etc / printcap content. Each printer defined in / etc / printcap must have a corresponding directory in / var / lpd. In the directory, a copy of the CF starts in a directory indicates a printing work waiting to be sent to the appropriate device. This file is usually generated by the LPR. LPR and LPD constitute a system that can work offline. When you use LPR, the printing machine does not need to be available immediately, and no existence. LPD automatically monitors the status of the printing machine. When the press is online, the file will be sent immediately. This has to wait for the previous work to complete the previous job. parameter: -l: Display some of the unlocked messages on the standard output. #port: In general, LPD uses GetServByName to get the appropriate TCP / IP Port, you can use this parameter to force LPD to use the specified port. Example: This program is usually performed at the beginning of the system from the program in /etc/rc.d. Name LPQ - Displays unfinished work usage in the listing machine LPQ [L] [P] [User] Note that LPQ displays items that are not completed in the list of lists managed by the LPD. Example Example 1. Display all work in the LP list machine # lpq -pljPrank Owner Job Files Total Size1st Root 238 (Standard Input) 1428646 Bytes Related functions LPR, LPC, LPD Name: LPR Use permission: All users Using the way: lpr [-pprinter] sent files or distributed by standard input to the printing machine, the printing machine management program LPD will give this file to the appropriate program or device. deal with. The LPR can be used to process the material to be sent to the local or distal host. parameter: -pprinter: Send the data to the specified printer Printer, the preset value is LP. Example: Send www.c and kkk.c to the printer LP. lpr-plp www.c kkk.c Name: LPRM - Remove a job by the printing machine / usr / bin / lprm [p] [file ...] NUMTRISTERS Work is placed in the printing machine, this command can be used to cancel the work of the printing machine. Since each printer has a separate storage, you can use the -P command to set the printed machine you want to function. If there is no setting, the system preset press will be used. This command checks if the user has enough permissions to delete the specified file. In general, only the owner of the file or the system administrator has this permission. Example removal of No. 1123 in the printing machine HPPrinter Lprm -Phpprinter 1123 Working No. 1011 is removed from the preset printing machine LPRM 1011 Name: fdformat Use permission: All users How to use: fdformat [-n] Device Instructions for use: Low-order formatting for the specified soft disc device. When using this instruction to format the floppy disk, it is best to specify the following device: / DEV / FD0D360 disk machine A:, magnetic 360KB disk / dev / fd0h1440 disk machine A:, magnetic disk is 1.4MB disk / DEV / FD1H1200 disk machine B:, magnetic disk is 1.2MB disk If you use a device like / dev / fd0, if the disk inside is not a standard capacity, formatting may fail. In this case, the user can specify the necessary parameters first with the setFDPRM instruction. parameter: -N Close the confirmation function. This option closes the formatted confirmation step. example: FDFORMAT-N / DEV / FD0H1440 Format the magnetic disk of the disk machine A into a 1.4MB magnetic sheet. And the confirmation step is omitted. Name: MFormat Use permission: All users Use mode: MFORMAT [-T cylinders] [-h heads] [-l volume_label] [-f] [-i fsver-sion] [-S SIZECODE] [-2 Sectors_ON_TRACK_0] [-M Software_sector_size] [-A ] [-X] [-C] [-H hidden_sectors] [-r root_sector] [-b boot_sector] [-0 rate_on_track_0] [-A rate_on_other_tracks] [-1] [-k] Drive: The DOS archive system is established on a magnetic sheet that has been made in low-order formatting. If you open the parameters of the USE_2M when compiling MTools, the partial parameters associated with the 2M format will work. Otherwise these parameters (like S, 2, 1, m) do not act. parameter: -T Magnetic Column-H Head (HEAD) -S-S-DL Label -f -F Label -f The magnetic disc is formatted into FAT32 format, but this parameter is still in the experiment. -I Sets the version number in the FAT32. This is of course still in the experiment. -S magnetic area size code, calculated the number of magnetic regions of the sector = 2 ^ (size code 7) -C magnetne (Cluster). If the given number causes the number of magnets that exceed the FAT table, MFORMAT will automatically amplify the number of magnetic regions. -s -M mouncing magnetic area size. This number is the magnetic area size returned by the system. Usually the same as the actual size. -A If this parameter is added, MFormat generates a set of ATARI systems to this soft disc. -X Format the flop to XDF format. Before use, you must use the XDFCOPY instruction to make a low-order formatting action. -C Generates a disk image file (Disk Image) that can be installed with MS-DOS archive system. Of course, this parameter is meaningless to an entity disk machine. -H hidden the number of magnetic regions. This is usually suitable for the split area of the formatting the hard drive because there is a segmentation table in front of a divided area. This parameter is not tested, it can not be used. -n disk serial number -R root directory size, unit is the number of magnetic regions. This parameter is only valid for FAT12 and FAT16. -B uses the specified file or the power-on magnetic area of the device as the boot magnetic area of this flap or division area. Of course, the hardware parameters are faded. -k Try to maintain the original boot magnetic area. -0 Data transfer rate of data transmission rate -A 0555200 Format is not used using 2M format-1 Example: MFORMAT A: This will use the preset value to format the disk in A: (already / DEV / FD0). Name: MKDOSFS Use permission: All users How to use: MKDOSFS [-C | -L filename] [-f number_of_fats] [-f fat_size] [-i volume_id] [-M message_file] [-R root_dir_entry] [-ss sector_per_cluster] [-V ] Device [block_count] Description: Establish a DOS archive system. Device means that you want to establish a device code for a DOS archive system. Like / dev / hda1, etc. Block_count is the number of blocks you want to configure. If block_count is not specified, the system automatically calculates the number of blocks that meet the size of the device. parameter: -c Create a file system before checking there is a bad track. -l reads bad track records from the determined file. -f Specifies the number of FAT, File Allocation Table. The preset value is 2. At present, Linux's FAT archive system does not support more than 2 FAT tables. Usually this doesn't need to be changed. -F Specifies the size of the FAT table, usually 12 or 16 positions. The 12-bit group is usually used for the disks, and the 16-bit component group is used for the general hard disk division area, that is, the so-called FAT16 format. This value typically systematically selects the appropriate value itself. Using FAT16 on the disk usually does not take effect, it is also possible to use FAT12 on the hard disk. -i Specifies the Volume ID. Generally, a number of four-bit tuples, like 2E203A47. If you don't give your system you will be generated. -m When the user tries to boot with this magnetic or divided zone, the system will give the user a warning message to the user when there is no working system. This parameter is used to change this message. You can use the file to edit it, then specify this parameter, or use -m - so the system will ask you to enter this text directly. It is important to note that the strings in the file should not exceed 418 words, including the expanded jumper symbol (Tab) and the wrap symbol (the wrap symbol counts two characters under DOS!) -Not Specifies the Volume Name, Disk label. Like the Format directive under the DOS, you will not give it. There is no preset value. -r Specifies the maximum number of files under the root directory. The so-called number of files here includes the directory. The preset value is 112 or 224 on the floppy disc, 512 on the hard disk. Nothing, don't change this number. -S Magnetic area of each magnetic busner. Must be two times. But unless you know what you are doing, this value should not be gave. -v provides additional messages Example: MKDOSFS-N TESTER / DEV / FD0 Format the disk in the A slot into a DOS format, and set the label to Tester Kingpaul @ 03:55 PM published Linux | Edit | Message (0) | TRACKBACK (0) June 16, 2004 Linux 2.4 Packet Filtering HOWTO Simplified Chinese version Rusty Russell, Mailing List Netfilter@lisms.samba.org owe $Revision: 1.3 $ date: 2002/06/05 13:21:56 $ 简体 中文: Ocean Ghost · Netsnake Thanks Netmanforever@yahoo.com Traditional reference This document describes how to filter incorrectly in the Linux2.4 kernel (Translator: packet in many professional books, which is still translated as package according to most people's habits) 1. Introduction 2. Official Site and Mail List 3. So, what is packet filter? 3.1 Why do I need packet filter? 3.2 How to make a package under Linux? 3.2.1 iptables3.2.2 Creating a permanent rule 4. Do you make a few, how do you get my kernel? 5. Rusty's true package filtering fast guide 6. How to pass through the filter 7. Using iptables7.1 When the computer is started, you will see 7.2 Operation 7.3 Filter Specification 7.3.1 Specified Source and Destination IP Address 7.3.2 Reverse Designation 7.3.3 Protocol Designation 7.3.4 Interface Specify 7.3.5 Split Specify 7.3.6 Iptables Extensions: New Match 7.3.6.1 TCP Extensions 7.3.6.1.1 Interpretation of TCP Signs 7.3. 6.2 UDP Extensions 7.3.6.3 ICMP Extensions 7.3.6.4 Other Match Extensions 7.3.6.5 Status Matching 7.4 Target Specifications 7.4.1 User Defined Chains 7.4.2 Iptables Extensions: New Target 7.4.3 Special Built Out of Built 7.5 Pair of Whole Chains Operation 7.5.1 Creating a new chain 7.5.2 Deleting Chain 7.5.3 Clearing a chain 7.5.4 List 7.5.5 Reset (Clear) Counter 7.5.6 Settings (Default Rules) 8. Use Ipchains and IPFWADM9 NAT and package filtration mix use 10. IPTables and IPChains Differences 11. Suggestions for the development of package filters 1. Introduction, dear readers. This article assumes that you know about IP addresses, network addresses, network masks, selection and DNS. If you don't know, I suggest you read the HOWTO (Network Concepts Howto) of the Network Concept. This HOWTO is not a brief introduction (you will make you fever, hair, no security), and is not a complete original disclosure (the most hard-working person will be stunned, but it will definitely won something). Your network is not safe. The problem is that the fast, concise communication must be obtained, but it must be limited to good, no malicious behavior, just in the noisy big theater, you can talk about it, but you can't shout: I am full of fire! . This HOWTO cannot solve this problem. (Translator: All security is just relative, otherwise it will not generate this kind of thing) therefore, you can only decide which aspect of compromise. I want to help you use some available tools and some vulnerabilities that usually need to pay, I hope you use them in a good side, not for malicious purposes - another equally important issue. (C) 2000 Paul `Rusty 'Russell. Licenced Under The GNU GPL.2, Official Sites and Mail List There are three official sites here: o THANKS to FileWatcher http: //netfilter.filewatcher.org.o Thanks To The Samba Team And SGI http: //netfilter.samba.org.o Thanks to Harald Welte http://netfilter.gnumonks.org. You can access all relevant sites through the following sites. Http://www.netfilter.org and http://www.iptables.org The following is the NetFilter official mailing list http://www.netfilter.org/contact.html#list. 3. So, what is a pack filter? The package filter is such a software: it checks the head of each package passed, and then determines how to dispose of them. It can be treated like this: Discard (that is, if this package has never been accepted, then discard it), pass (that is, let the package pass), or more complex (operation). Under Linux, the built-in built-in built into the kernel (kernel module, or built), and we have some techniques for processing packages, but the general principles of the head and handling package are still here. 3.1 Why do I have a package filter? Control, safety, and warning. Control: When you use your Linux server to connect your internal network and another network (that is, the Internet Bar), you can decide which communication is allowed, which is not allowed. For example, the header contains the target address of the package, you can block several external networks determined by the package (you), another example, I connect to Dilbert Archives with Netscape. There is an ad from DoubleClick.net, then Netscape wasts my time to download them. Tell the package filter to prohibit any packages from or sent to the DoubleClick.net address, the problem is solved. (Of course, there is a better way, see Junkbuster). Safety: When the Linux server is a chaotic Internet and your good, ordered networks, you can best know what you can enter your door. For example, you can allow all (package) from your network, but you might be anxious for famous "ping of death" from the outside. Another example, you don't want outsiders telnet to your Linux server, although all accounts have passwords. Perhaps you just want (like the vast majority) becomes the bystander of the Internet, not its server (or maybe it). Simply not allow anyone to access, set the package filter to reject all entered packets (good way). Alert: Sometimes, the machine on the local network may spray a large number of packages externally. It is best to let the package filter tell you when any abnormal phenomenon occurs (in the network). This, you may be able to do something, or you are very curious. 3.2 How to make a package under Linux? The Linux kernel has a package filtering function in its 1.1 series. The first generation, was transplanted with the IPFW of BSD from Alan Cox in 1994. This is strengthened by JOS VOS and others in Linux 2.0; user space tool 'ipfwadm' can be used to control kernel filtering rules. In 1998, with the help of Michael Neuling, I rewritten for Linux 2.2 and launched the user space tool 'ipchains'. Finally, in 1999, based on the fourth-generation tool of Linux 2.4, 'iptables', and other kernel rewritments were officially launched. This is the location of this iptables's HOWTO document. Translator: UserSpace According to the Taiwan compatriots, users are used to distinguish the scope of application in system memory, divided into core space and user space, do not have to be refreshed), you need to include the core of the Netfilter architecture. Netfilter is a universal framework in Linux, or inserts other contents (such as the iptables module). That is to say that you need 2.3.15 and later, and answer 'y' for the config_netfilter when configuring the kernel. IPTables This tool is used to interact with the kernel and tell it which packages should filter. Unless you are a programmer or especially curious, this is what you use to control the package filter. 3.2.1. Insert and delete rules in the package filter table of the iptablesiptables tool. This means that there is no matter how settings, the information will be lost, please see "Making Rules Permanent" to determine how to ensure that these rules will be restored next time. iptables are alternatives to IPFWADM and IPChains. If you are their users, please see "Using Ipchains and IPFWADM", how to easily use iptables. 3.2.2 Creating a Permanent Rule Your current firewall setting is saved in the kernel, so it will be lost after restarting. You can try to save them with iptables-save and iptables-restore scripts and recover by a file. 4. Do you make a few a few, how do you play my kernel? I am Rusty Russell. The maintainer of the Linux IP firewall is also an appropriate place to appear in the appropriate place. I wrote Ipchains (see "How to pack filtering under Linux?" Take a look at which people are actually completed), and hope to learn enough things to fix this package filter. Watchguard, a very good firewall company, in summary, omitted a thousand words ... here, I want to clarify a misunderstanding: I am not a kernel expert, I understand it, because my core work makes me contact. They: David S. Miller, Alexey Kuznetsov, Andi Kleen, Alan Cox. In any case, they have done the deepest work, and they are very safe and easy. 5. Rusty's true package filter fast guide Most people only have a PPP to connect to the Internet, and do not want someone to enter their network or firewall: # Insert the connection-tracking module (such as domestic built in the kernel. ) # InSMOD ip_conntrack # insmod ip_conntrack_ftp # Create a chain to create a large number of new connections unless these connections come from the inside. # iptables -n block # iptables -a block -m state --state established, Related -j accept # iptables -a block -m state --state new -i! ppp0 -j account # iptables -a block -j drop # iptables -a block -j drop # iptables The chain is jumped by Input and Forward link (just created). # iptables -a input -j block # iptables -a forward -j block6. The package is starting through the filter of the filter by the following three rules in the 'filter' table. These are called firewall chains or call chains. These three chains are INPUT, OUTPUT and FORWARD, respectively. For ASCII artists, the chain is like this: (Note: This is very different from the 2.0 and 2.2 kernels) translator: ASCII art, here is the use of pure ASCII text mapping _____ Incoming / / Outgoing -> [Routing] ---> | Forward | -------> [Decision] / _____ / ^ | | | v ____ ___ / / / / | OUTPUT | | Infut | / ____ / / / ___ / ^ | | | ----> Local process ---- Three circles represent three chains said above. When the package arrives in a circle in the figure, the chain checks and determines the fate of the package. If the chain determines the DROP package, the package is killed there. But if the chain decides to make the package accept, the package continues to advance in the figure. A chain is a list of rules. Each rule will say: 'If the header looks like this, then do this. If the rules and packets do not match, the next rules in the chain are processed. Finally, if there is no rule to be processed, the kernel determines how to do it according to the principle of the chain (policy, sometimes called the default rule). In a secure system, the principle is usually discarded by the kernel. 1. When a package enters (that is, the Ethernet card), the kernel first checks the destination of the package. This is called "selection". 2. If it is to enter the unit, the package will move below the figure to reach the Input chain. If it is here, any process waiting for this package will receive it. 3. Otherwise, if the kernel is not permitted, or if you don't know how to forward this package, it will be discarded. If the forwarding is allowed, and the destination of the package is another network interface (if you have another one), then you go to the right side of our chart to reach the Forward chain. If it is allowed to pass (accept), it is sent out. 4. Finally, programs running on the server can send a network package. These packages immediately pass the Output chain. If it is allowed (Accept), the package continues to send to network interfaces that can reach its destination. 7. Use iptablesiptables with a very detailed manual, and if you need an option to introduce more detailed. Take a look at "IPTables and IPChains" may be very useful to you. You can do a lot of differences using iptables. The starting built-in three chains INPUT, OUTPUT and FORWARD are not deleted. Let's take a look at the management of the entire chain. 1. Create a new chain (-N). 2. Delete an empty chain (-x). 3. Modify the principles of the internal chain (-P). 4. The rules in the chain (Table) (- L) are displayed. 5. Clear a chain (-f). 6. Clear zero (-z) all rules in the chain (-Z). There are several ways to operate the rules in the chain: 1. Add a new rule (-a) to the chain. 2. Insert a new rule (-i) in a certain location in the chain. 3. Replace the rules (-R) of a location. 4. Delete the rules for a location in the chain, or the first matched. (-D). 7.1. When the computer starts, the PTables you will see can be used as a module, called 'iptables_filter.o, which can be automatically loaded when IPTABLES is first run. It is also possible to permanently edit the kernel. Before all iptables commands are executed ("Whey: Some release will run iptables in the initialization script), there is no rules in all built-in chains ('Input', 'Forward' and 'Output'), all chain principles It is accept. You can provide the 'Forward = 0' option to modify the default principles of Forward when loading the IPTable_filter module. 7.2. Operation for a single rule This is the basic package filter: management rules, add (-A) and delete (-D) commands may be most common. Other (-i insertion and -r replacement) is just a simple extension. Each rule has a set of conditions to match the package, and if it matches what it does. For example, you might want to discard all ICMP packages from 127.0.0.1. So our condition is that the agreement must be ICMP, and the source address must be 127.0.0.1, and our goal is to discard (DROP). 127.0.0.1 is a return interface, even if you don't have a real network connection, it will exist. You can generate such packages with a ping program (it simply sends ICMP Type 8 (Echo Request), all hosts that are willing to respond with ICMP Type 0 (echo reply). This is very useful for testing. # ping -c 1 127.0.0.1Ping 127.0.0.1 (127.0.0.1): 56 Data bytes64 bytes from 127.0.0.1: ICMP_SEQ = 0 TTL = 64 TIME = 0.2 MS --- 127.0.0.1 Ping Statistics --- 1 Packets Transmitted, 1 Packets Received, 0% Packet Lossround-Trip Min / AVG / MAX = 0.2 / 0.2 / 0.2 MS # iptables -a input -s 127.0.0.1 -p icmp -j drop # ping -c 1 127.0.0.1ping 127.0 .0.1 (127.0.0.1): 56 Data Bytes --- 127.0.0.1 Ping Statistics --- 1 Packets Transmitted, 0 Packets Received, 100% Packet LOSS, the first ping is successful ('-C 1' tells Ping only sends a package) and then we can add (-A) a rule to the 'Input' chain to develop the ICMP protocol from 127.0.0.1 ('- s 127.0.0.1') ('-P ICMP') package Discard ('-J DROP'). Then we test our rules and use the second ping. Before the program waits, you will be suspended before the response is never possible. We can use any of two ways to delete rules. First of all, because this is the unique rule in the input chain, we use the number to delete: # iptables -d input 1 Delete the number of rules in the INPUT chain is the second method of -A command, but use -D replacement -A. This is very useful when the rules in your chain are complicated, and you don't want to calculate their numbers. In this case, we can use: # iptables -d input -s 127.0.0.1 -p ICMP -J DROP-D The syntax must be as accurate as -A (or -i or -r). If there are multiple identical rules in the chain, only the first one will be deleted. 7.3 Filtering Specifications We have already seen, use '-p' to specify the protocol, specify the source address with '-s', but there are other options we can use to specify the feature of the package. Here is a detailed manual. 7.3.1 Specify the source and destination IP address source ('-s', '- source' or '--src') and purpose ('-d', '- destination' or '--dst') IP address You can specify four ways. The most common method is to use full name, just like 'localhost' or 'www.linuxhq.com'. The second way is to specify an IP address, such as '127.0.0.1'. Third and fourth methods allow the designation of a set of IP addresses, just like '199.95.207.0/24' or '199.95.07.0/255.255.255.0'. This specifies all IP addresses from 199.95.207.0 to 199.95.207.255. The number behind '/' indicates which part of the IP address is valid. '32' or '255.255.255.255' is the default (matching the entire IP address). Use '/ 0' to specify any IP address, like this: # '-s 0/0' here is excess # iptables -a input -s 0/0 -j drop This is rarely used, this is above The result is exactly the result of '-s'. 7.3.2 Reversely specifying a lot of tags, including '-s' (or' - Source ') and' -d '(' - destination ') tag can add'! 'Flag (read "not' ) To match all and give the address of the NOT. For example, '-s! Localhost' matches all packets from this unit. 7.3.3 The protocol specifies the specified protocol with '-p' (or '--Protocol'). The protocol can be a number (if you know the value of the IP's protocol value) or the name like 'TCP', 'UDP' or 'ICMP'. In case, it doesn't matter, so 'TCP' and 'TCP' are the same. You can add '!' Before the agreement name, explain it in reverse, for example '-P! Tcp' will match all packets that are not TCP. 7.3.4 Interface Specify '-i' (or '--in-interface') and '-o' (or '--out-interface') option specifies the matching interface name. The interface can be an entry ('-i') or a physical device that is sent ('-o'). You can use the ifconfig command to list the current 'UP' interface. (That is to say, it is working). The package through the INPUT chain does not have the interface, so '-o' in this chain never matches. Similarly, the package through the OUTPUT chain has not entered the interface, and '-i' in this chain will not match. Only two interfaces are sent and sent out with the package through the Forward chain. You can specify an interface that is currently not present. Before this interface is available, the rules cannot match anything. This is very useful for dialing PPP connections (usually PPP0 interfaces). A special case, the interface name is a ' ', which will match all the interfaces starting with this string (regardless of whether it is present). For example, specify a rule that matches all PPP interfaces to use the -i PPP option. Interface names can also be inserted in front of '!' To match all packages different from the specified interface, such as -i! Ppp . 7.3.5 Split Specify Translator: To help you understand, attach the format of IP datagrams here, taken from "Internetworking with TCP / IP" 04816192431 version number header length Service Type Total length Sign Sign Split Offset Life Agreement Thermal Test and Source IP Address Destination IP Address IP Option Plip Data ...... Sometimes a bag is too big, it is impossible to suit all the lines. In this case, the package will be divided into pieces, and then it is sent as a plurality of packages. Finally recombine these fragments to rebuild the entire package. The problem of fragmentation is that the initial sheet checked contains the entire head field (IP TCP, UDP, and ICMP), but the subsequent package only has a header (IP without additional protocol fields), so check the back of the slice The head (like TCP, UDP, and ICMP) is impossible. If you are doing NAT or connection tracking, all slices are merged before packaging code processing, so you don't need to worry for shards. Also note that the package to the INPUT chain (or any table hooked by the NF_IP_LOCAL_IN hook program) in the Filter table is reached after the core IP stack is reorganized. Otherwise, it is very important to understand how the fragmentation is handled by filtering rules. Any filtering rule requires us nothing, will be considered mismatch. This means that the first piece of (fragment) is processed as a normal package. The second and back sheets will not. Therefore, the rule -P tcp --sport www will never match a fragment (package) (except for the first piece), the opposite rule -P tcp --sport! Www meeting. In any case, you can specify a rule that dedicates the second and subsequent fragmentation with the '-f' (or '--fragment') tag. Of course, you can also specify a rule that makes it unable to match the second and subsequent fragmentation, add '!' Before '-f'. Typically, the second and subsequent fractions are considered to be secure, because if the filtration processes the first piece, then the restructuring is made on the target host. However, known bugs may be easily crashing by sending a slice. I look at it yourself. Network masters Note: When this type of check is performed, the deformed package (the ICMP code and the type of TCP, UDP and ICMP packages read) will be discarded. Therefore, the TCP fragment starts from position 8. (Translator: What does it mean? Probably refer to the header location in the IP package) For example, the following rules will discard any fragmentation to 192.168.1.1. # iptables -a output -f -d 192.168.1.1 -j drop 7.3.6 iptables Extensions: New Match iptables is scalable, that is, including kernel and iptables tools to expand new features. The following sections are standard, and others are derived. Others can make extended and released them to the right. The kernel extension is typically located in the kernel module subdirectory, such as /lib/modules/2.4.0-test10/kernel/net/ipv4/netfilter. If you use config_kmod settings to compile the kernel, they require being loaded, so you don't need manual insertion. The iptables program extension is usually a shared library in / usr / local / lib / iptables / under / lib / iptables or / usr / lib / iptables, specific to different distributions. There are two types of expansion: new goals, new match (we will talk about new goals right away). Some protocols automatically give new tests: As shown below, existing include TCP, UDP, and ICMP. In this way, you can specify a new test after the '-p' option in the command line, you can load the extension (module). When you are allowed to be extended, you can use the '-M' option to load the extension. Behind the option ('-P', '- j' or '-m') adds '-h' or '--help' to get the help of the extension. # iptables -p tcp --help7.3.6.1. TCP Extensions If '-P TCP' is specified, the TCP extension will be loaded automatically and provides the following options (mismatch). --TCP-FLAGS can add a '!'. There are two flag strings to be filtered through TCP tags. The first logo string is Mask: You want the test list. The second point indicates which will be set. For example: # iptables -a input --Protocol TCP --TCP-Flags All Syn, Ack -j DrOP Means All flags will be tested ('all' and 'SYN, ACK, FIN, RST, URG, PSH' Righteous), but only SYN and ACK are set. Of course, you can also use 'none'. - Syn! 'is optional, is' --TCP-Flags Syn, RST, ACK, SYN' Abbreviation - Source-port can be followed by one '!', can be a single TCP port, or A port. Can be port names or numbers in / etc / services. The port range format is a low-end name: a high-end name, or (specifying a port greater than or equal to the given port) is a port name :, or (specifying less than or equal to the given port) is: port name. --sport is '--source-port'. --Destination-port - DPORT is similar to the above, but it is specified to match the destination port (range). --TCP-Option can follow one '!' and a number, matching the TCP options and numbers. If you try to match a package with this TCP option to match a package without a complete TCP, then this package will be discarded. 7.3.6.1.1. Interpretation of the TCP logo sometimes only allows a one-way TCP connection to be useful. For example, you might allow access to an external WWW server, but will not allow connections from that server. The simplest move may be to block packages from that server, but unfortunately, TCP connections require packet two-way transmission (to work properly). The solution is that only the packages used to request the connection. These packages are SYN packs (OK, from technology, their SYN flags are set, without setting RST and ACK logo, but we are simple, called SYN packages). By blocking only this package, we can prevent connection attempt from those places. The '--syn' flag is used in this way: only valid for rules that specify the TCP protocol. For example, specify a connection request from 192.168.1.1. -p TCP -S 192.168.1.1 - Syn is of course also plus '!', meaning all packets that are not an initial connection. 7.3.6.2 UDP Extensions These extensions are automatically loaded when specifying '-p UDP'. Can provide '--Source-port', ',', '- destination-port' and '--dport', and TCP similar options. 7.3.6.3 ICMP Extended These extensions are automatically loaded when specifying '-P ICMP'. Just provide a new option: - ICMP-TYPE can be with '!', ICMP type name (such as 'Host-unreachable') or value (such as '3'), or numeric type / code (such as '3/3') ). Use '-P ICMP --HELP' to list the available ICMP type names. 7.3.6.4 Other Matching Extended These NetFilter packages are still in the presentation phase, (if installed) can be enabled with '-m'. Mac - Mac-Source can follow one '!', behind is the Ethernet address, with a colonally separated 16 clutch, such as `--MAC-Source 00: 60: 08: 91: CC: B7 '. LIMIT This module must specify '-M Limit' or '--match Limit'. The rate used to limit the match. Just like suppressing record information. Will only match a given number / per second (default is 3 match per hour, and 5 triggers). There are two parameters: - Limit followed by numbers: Specify the maximum average of the match per second per second. This number can specify a clear unit, use '/ second', `/ minute ',` / hour' or `/ day ', or only part of the part (such as' 5 / second' and the '5 / s'). --Limit-Burst follows a number, indicating the maximum trigger value before the LIMIT is role. This match (item) is usually used to use the log target to record the rate limit. To understand how it works, let's take a look at the rules below, it uses the default limit parameter record package. # iptables -a forward -m limit -j log When this rule is first enabled, the package begins to be recorded. In fact, because the default trigger is 5, the top five packs will be recorded. Then, a package is recorded every 20 minutes, regardless of how many packages arrive during this period. Moreover, a trigger (value) will be restored in each 20 minute interval of each mating package. If there is no package to reach this rule for 100 minutes, all triggers will be restored and return to the starting point. Tip: You don't currently create this rule at greater than 59 hours, so if you set a average rate for one day, then your trip rate must be less than 3. You can also use this module to avoid all kinds of denial of service attacks (DOS, Denial of Server) using the fast response rate. (Translator: The following is a more famous attack) SYN-FLOOD protection: # iptables -a forward -p tcp --syn -m limited --LIMIT 1 / S -J Accept Furtive Port Scanner: # iptables -a forward -p TCP - TCP-FLAGS SYN, ACK, FIN, RST RST -M LIMIT --LIMIT 1 / S -J ACCEPT PING OF DETH: # iptables -a forward -p icmp --ICMP-TYPE Echo-Request -m Limit - -limit 1 / s -j accept This module works similar to "throttle valve", the following is illustrated. Rate (pkt / s) ^ .---. | / DOS / | / / Edge of dos - | .....: ......... / ..................... DOS border = = (limited * | /: / Limit-burst | /: / .-. | /: / / / | /: / / / End of dos - | /....../.............:/......./..../. DOS end = limited |: : `- '` -' ------------- --- ----------------------------- ---> Time (s) Logic => match | DIDN'T MATCH | MATCH We match a package that triggered by five packages, but the fourth package per second begins to enter (this rule), for three seconds, then restart. <- flood 1 -> <--- flood 2 ---> Total ^ line __-- ynnn Packets | Rate__-- YNNN | MUM __ - YNNN 10 | MAXI __ - Y | __ - Y | __ - Y | __ - YNNN | - YNNN 5 | Y | Y Key: Y -> matched rule | Y n -> Didn't match rule | Y | Y 0 -------------------------------------------- -> Time (Seconds) 0 1 2 3 4 5 6 7 8 9 10 11 12 You can see that the top five packs are allowed to exceed a package / second (this rate), then start restrictions. If there is a pause, then another trigger is also allowed, but it cannot exceed the maximum rate of rule settings. Owner - Uid-Owner UserId Matches the creation process of the package based on the valid (value) user ID given. --Gid-owner GroupID matches the creation process of the package according to the valid (numeric) group ID given. --PID-OWNER ProcessID Matches the creation process of the package based on the process ID given. - Sid-Owner sessionID The creation process of the package will match the session group. Unclean This is a test module that must be explicitly specified to '-M unclean' or '-Match Unclean'. It performs various random judgments for the package. This module has not been reviewed, so don't be used on security facilities. (It may cause worse results, it may have bugs yourself). No options are available. 7.3.6.5 Status Match The most useful matching criterion is 'State' extension. It is responsible for explaining the connection-tracking analysis of the 'IP_CONNTRACK' module. This is recommended for use (good stuff). Match the status list ('!' Flag indicating that the status list ('! "Indicating that the status ('!" Indicating that the status ("status) is not conforming to those status (status)). NEW is created by the newly connected package Established belongs to the existing connections (that is, the packet) Related and an existing connection are related, but it is not part of its part. Such as ICMP errors, or (loaded FTP module) a package that establishes an FTP data connection. INVALID cannot be recognized by the following reasons: including internal memory and an ICMP error that is currently anywhere. Usually these packages will be discarded. An example of this powerful matching extension: # iptables -a forward -i ppp0 -m state! --State New -j DROP7.4 Target Specifications Now, we know how to test packages, but we also need to tell those matching How to do it. This is called the target of the rule. There are two very simple built-in objectives: DROP and Accept. We have seen it. If the package matches the rules, its goal is one of the two, then more rules are no longer considered: The fate of the package has decided. There are two goals other than this: extended and user-defined chains. 7.4.1 User-defined chain iptables A powerful feature is that IPChains is inherited to let users create new chains, attached to three built-in chains (INPUT, Forward, and Output). Follow the convention, the user-defined chain uses lowercase to distinguish them. (We will describe how to create a new user definition chain in "Operations On An entire Chains"). When the goal of the package matched the chain is a user-defined chain, the package is transferred to the rule in the user-defined chain. If there is no decision, the movement in the package is over (user-defined chain), and returns to the next rule of the current chain. Just engage in ASCII art. Consider two (idiot) chains: INPUT and TEST (user-defined). `Input '` Test' ------------------------------------------------ -------- Rule1: -p Icmp -j drop | | rule1: -s 192.168.1.1 | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----- | Rule2: -p tcp -j test | | rule2: -d 192.168.1.1 | | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -------- | Rule3: -p UDP -J Drop | ---------------------------- Consider a TCP package from 192.168.1.1 to 1.2.3.4. It enters the Input chain, checked by Rule1 - mismatch. Rule2 matches, then its goal is TEST, so the next check starts by Test. The first rule rule1 in TEST is matched, but there is no specified target, so it is checked by the second rule rule2. The result is mismatched, and we reach the tail of the chain. So returned to the INPUT chain because it was just checked by Rule2, so it is now checked by Rule3 and still does not match. So the route of this package is: V _________________________ `input '| /` Test' V ------------------------------------------------------------------------------------------------------------------------------------------------------ - | ---- | Rule1 | / | | rule1 | | | ----------------------- | / - | | --------------------- - | --- | | Rule2 / | | rule2 | | | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -v ---- | Rule3 / - __________________________ / ---------------------------- v The user-defined chain can jump to another user-defined chain (but can not loop: if the loop is found, the package will be discarded). 7.4.2 iptables Extensions: The extension of other types of new targets is the target. The target extension consists of a kernel module, and an optional extension of iptables provides a new command line option. There are several extensions to be included in the default NetFilter release. LOG - LOG-Level follows a level name or number. The appropriate name is (ignore the case) 'debug', 'info', 'notice', 'Warning', 'Err', 'crit', 'Alert' and 'EMERG', equivalent to numbers 7 to 0. Please refer to the manual of Syslog.conf to get these levels of instructions. The default is 'Warning'. --Log-prefix is a string of up to 29 characters, which is written to the beginning of LOG information, which can be distinguished. The most useful thing this module is to follow the Limit Match so that you will not be overwhelmed by your log. REJECT This module is the same as the 'Drop', in addition to the ICMP error message of 'Port Unreachable'. Note If it belongs to the following, the ICMP error message will not send: the O-Pack is an ICMP error message, or an unknown ICMP type. The O package is filtered as a headless fragment. o We have sent too much ICMP error packet there (see / proc / sys / net / ipv4 / icmp rate). 7.4.3 Special built-in objectives have two special built-in objectives: Return and Queue. Return is like reaching the tail of this chain: if it is a built-in chain rule, then the default rule of this chain will be executed. If it is a user-defined chain, when this rule is jumped to this rule (containing returnium), it returns to the front chain to continue to match. Queue is a special goal that will queue this package for the user space process. To use it, it takes two parts: O A "Queue Handler" to process the mechanism between the user space and the kernel. O and a user space used to receive applications, which may be an operation, and a decision for packets. IPv4 iptables standard Queue Handler is an IP_QUEUE module that follows the kernel publishing and marked as experiment. Here is a quick example of how to use iptables for user space process queue packages: # modprobe iptable_filter # modprobe ip_queue # iptables -a output -p icmp -j queue In this example, local generated ICMP packets (eg, generated by ping) Arrive at the IP_QUEUE module, then the package is tried to be sent to the user's space application. If there is no user space application waiting (there) waiting, the package is discarded. To write a user space application, you need a libIPQ API. Published together with iptables. Related examples can be found in CVS TestSuite Tools (such as redirect.c). You can check the status of IP_QUEUE here: / proc / net / ip_queue queue maximum length (that is, the number of delivery to the user space package without the return package) can be controlled here: / proc / sys / net / ipv4 / ip_queue_maxlen default The queue length is 1024. Once this length is reached, the new package will be discarded until the queue length is less than this value. For a good agreement, such as TCP, it will make a crowded explanation on the discarded package, and it will be ideal after the queue is full. In any case, if the default is too small, it is best to have a multi-experiment to determine the maximum length of the queue. 7.5 Operation of the entire chain iptables A very useful feature is a group that can be associated with a rule in the chain. You can give the chain name, but I recommend using lowercase letters to avoid conflicts with built-in chains and goals. The name of the chain is up to 31 letters. 7.5.1 Creating a new chain allows us to create a new chain. Because I am an imaginative guy, I call it Test. Use '-n' or '--new-chain' options: # iptables -n test so simple, now you can put the rules like it is above. 7.5.2 Deleting Chains Delete a chain is equally simple, using '-X' or '--delete-chain' option. Why is '-X'? Well, because all suitable letters have been used. # iptables -x test There are several delete links: they must be empty (see "Flush a chain" below and they can't be the goal of any rules. You can't delete any built-in chain. If you don't specify a chain name, all user-defined chains that can be deleted will be deleted. 7.5.3 Clearing a chain This is a simple way to clear all rules in a chain, using the '-f' or '-flush' command. # iptables -f forward If you do not specify a chain, all chains will be emptied. 7.5.4 With the list of chain to use '-l' or '--list' command, you can list all rules in a chain. The 'refcnt' in the user-defined chain is how many chains of the chain point to it. This value must be 0 before you can delete this chain. If the chain name is ignored, all chains will be listed, even if it is empty. '-L' can have three options. '-n' (numbers) options are very useful for blocking iptables trying to find an IP address, because if you use DNS like most people) If your DNS setting is not suitable, you may cause long pauses, or You filter out the DNS request. It also allows TCP or UDP ports to be displayed in digital. The '-V' option displays details of all rules, including saturation byte counters, TOS comparisons, and interfaces. Otherwise these values are ignored. Note that the report and byte counters can be used to replace 1000, 1,000,000 and 1,000,000,000, respectively. Use the '-X' (extended number) flag to print the entire value, no matter how much it is. 7.5.5 Reset (Clear) Counters can be used to reset counters. Can be done with '-z' or '--Zero'. Consider the following: # iptables -l forward # iptables -z forwards In the above example, some packages are passed between the '-l' and '-z' commands. Therefore, you can use the '-l' and '-z' together, and the counter is emptied when reading it. 7.5.6 Setting Principles (Default Rules) We have explained what happens when the package arrives at the end of the bucks in the previous discussion package. At this time, the principle of the chain determines the fate of the package. Only the built-in chain (INPUT, OUTPUT, and Forward) are principled because if the package reaches the tail of the user-defined chain returns to the front chain. The principle can be accept or DROP, for example: # iptables -p forward drop 8. Use Ipchains and IpfwadMnetflter published in Ipchains.o and IPFWADM.O modules. Load one of them into your kernel (note: they are not compatible with IP_TABLES.O). Then you can use ipchains and ipfwadm as used before. This is still supported for a while. I think reasonable calculation methods are 2 * (replacement - initial stability versions), which exceeds this time, and should use alternative stable versions. This means that supports them in Linux 2.6 or 2.8 are likely to be abandoned. 9. NAT and package filtration mix Use it to do network address transformation (see NAT HOWTO) and package filtering. The good news is that they can be mixed and work very well. You can completely ignore your NAT to define your packing filter. The sources and goals of the package seen by the package filter are "real" source and goals. For example, if you put any packs DNAT to 10.1.1.1 to 10.1.1.1 to 10.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1. The packing filter is seen by the 8080 port (real destination) of 10.1.1.1, not the 80-port of 1.2.3.4. Similarly, you can ignore the camouflage: See the real external IP address of the package (such as 10.1.1.1), and the response returns there. You can use 'State' matching extensions to make the package filter don't need any additional work, because, in any case, NAT will ask for connection to track. Extending the simple camouflage example in Nat Howto to prohibit any new connections from the PPP0 interface, you can do this: # # 至 至 0 0 0 i i i i ketles -t nat -a postrouting -o ppp0 -j masquerade # is disabled by PPP0 Enter new or unsuitable bag iptables -a input -i ppp0 -m state --state new, invalid -j dropipiptables -a forward -i ppp0 -m state --state new, invalid -j drop # turn on IP forwarding Echo 1> / PROC / SYS / NET / IPV4 / IP_FORWARD10. The difference between iptables and ipchains, first, the name of the built-in chain is changed from lowercase, because the current Input and Output chains only get to local and local buildings Pack. They are used to check all the packages that enter and send. o '-i' flags now indicate the meaning of the interface and is only available for the Input and Forword chains. The rules in the Forword or Output chain should change '-i' to '-o'. o TCP and UDP ports must now be spelled with - Source-Port or - Sport (or --Destination-port / - dport), and must be placed after '-p TCP' or '-P UDP' option, because TCP or UDP extensions are loaded separately. o TCP -Y flag is now - Syn, and must be after '-p TCP'. o Deny target is now Drop.O to a single chain, which can be cleared at the same time. o Clear the inner construction chain while clearing the principles counter. o List the chain gives a miniature snapshot of a counter. o REJECT and LOG are now extension targets, meaning they are independent kernel modules. The name of the O chain can be 31 characters. o Masq is now Masquerade and uses a different syntax. Redrirect, when retaining the same name, also experiencing a change in grammar. See NAT-HOWTO for more information to configure them. The O -O option is no longer used to pass the package to the user space device (see -i above). Now passed through the Queue target to the user space. o It is likely to have some I have forgotten. 11. Suggestions on the development of package filters In the field of computer security, the most sensible way is to block all things and then open them on it. This is often referred to as "all prohibits that are not clearly allowed". I suggest this if security is your most concerned. Don't run any services you don't need, even if you think you have hindered your access. If you create a dedicated firewall, do not run anything at the beginning, and block all packages, then add the service and make the needed package. I emphasize security: combine TCP-Wrappers (for the package filter itself), the agent (connected through the package filter), routing verification and packing filter. Routing verification is that if the package comes from unspecised interfaces, it will be deleted: For example, if your internal network address is 10.1.1.0/24, a package source address is your external interface, then it will be discarded. For an interface such as PPP0, you can do this: # echo 1> / proc / sys / net / ipv4 / conf / ppp0 / rp_filter or all existing or will have interfaces: # for f in / proc / sys / net / IPv4 / conf / * / rp_filter; do # echo 1> $ F # donedebian is set to default in a possible range. If you use asymmetric routes (such as you expect to pack from one other direction), you may need to disable this filter on these interfaces. Record is very useful for setting the firewall when operating abnormally, but in a firewall as a product, it should always match the 'limit' to prevent someone from being filled with your record. I highly recommend using connection tracking for security systems: it will cause burden because all connections are tracked. But it is very useful for access to your network. If your kernel is not loaded automatically and is not built, you need to load the 'IP_ConNTrack.o' module. If you want to accurately track complex protocols, you need to load the appropriate related modules (such as 'ip_conntrack_ftp.o'). # iptables -n no-connS-from-PPP0 # iptables -a no-connS-from-PPP0 -M State --State Established, Related -j Accept # iptables -a no-connS-from-PPP0 -M State - State new -i! PPP0 -J ACCEPT # iptables -a no-connS-from-PPP0 -I PPP0 -M Limit -j log --log-prefix "Bad Packet from PPP0:" # iptables -a no-connS-from -ppp0 -i! PPP0 -M Limit -j log --log-prefix "Bad packet not from PPP0:" # iptables -a no-connS-from-ppp0 -j drop # iptables -a input -j no-conn From-ppp0 # iptables -a forward -j no-connS-flom-PPP0 built a good firewall beyond the scope of this HOWTO, but my suggestion is "everything from strict". See Security Howto gets more information to test and explore your server. ALL PAGES Ended Here. Kingpaul @ 09:50 am published in Linux | Edit | Message (0) | TRACKBACK (0) April 22, 2004 Linux a word wonderful question and answer 海星 云 - Linux Essence Article Reading Sender: Noclouds (Jing Tian Yunfei), letter area: Linux Title: Linux a word Wonderful Q & A - 2004/03/16 Update News Station: 海星 云 (2004 March 21 07:45:16 Sunday) The station's letter editor shall press: In view of the current situation of China Linux, more than 90% of the problems can be answered in a sentence, this is the original intention of this article. Welcome everyone to add your own "one sentence", and then indicate the original provider. For more detailed documentation, please visit the essence of this edition or http://www.douzhe.com/linux/ (Note: Please contact the GNU / Linux version of yourself, because some answers do not support all versions) ------------------------- - Network has no articles -------------------------- 0001 Modify host name (bjchenxi) VI / etc / sysconfig / network, modify Hostname one behavior "Hostname = Host Name" (didn't this line? Then add this line), then run the "Hostname Host Name". No matter whether you restart, the host name is successful. 0002 Ret Hat Linux Boot to Text Interface (Do Not Start XWindow) (Bjchenxu) VI / etc / INITTAB ID: X: INITDEFAULT: X = 3: Text Way X = 5: Graphics Mode 0003 Linux automatic upgrade update issues (HUTUWORM, NETDC) For Redhat, find patch at www.redhat.com/corp/support/rrata/, 6.1 After the version comes with a tool Up2date, it can measure which RPM packets need to be upgraded, Then automatically download and complete the installation from the site of the RedHat. Upgrade RPM: Up2date -u upgrade outside Kernel: Up2date -u -f Debian is still very different from other distributions, using Debian to do server maintenance is more convenient; the upgrade of the Red Hat is actually troublesome, of course, if you pay the red hat, the service will not be the same. Debian Upgrade Software: APT-GET Update Apt-Get Upgrade Premise: Configure network and /etc/apt/sources.list, or you can also use the APT-SETUP settings. 0004 WINDOWS Software (BJCHENXU) PARAGON.EXT2FS.Anywhere.2.5.rar and Explore2FS-1.00-PRE4.ZIP 0005 mount usage (Sakulagi) partition mount -o codepage = 936, IOCHARSET = CP936 / DEV / HDA7 / MNT / CDROM NTFS partition mount -o iocharset = CP936 / DEV / HDA7 / MNT / CDROM ISO file Mount -o Loop /ABC.ISO / MNT / CDROM floppy disk Mount / DEV / FD0 / MNT / FLOPPY USB flash memory mount / dev / sda1 / mnt / cdrom All / etc / fstab content mount -a can specify "-t format", format For VFAT, EXT2, EXT3, etc. 0006 Share local FAT partitions in VMware's LINUX (BJCHENXU) is shared, and then SMBFS is hung in VMware. You can put the following line to / etc / fstab: // Win_IP / D $ / MNT / D SMBFS DEFAULTS, AUTO, UserName = Win_Name, Password = Win_Pass, CodePage = 936, IOCHAREST = GB2312 0 0 where Win_IP is yours Windows IP address; D $ is the shared name of the D disk shared in your Windows; / MNT / D is the directory of the partition mount to Linux; Win_Name and Win_Pass are users in your Windows to read the partition For example, your administrator name and password. If you run /etc/rc.d/init.d/netfs, you will automatically mount this partition when starting. 0007.A Delete files (BJCHENXU) RM ./-a rm - -a tells RM This is the last option, see getopt ls -i listing inum, then use Find. -Inum inum_of_thisfile -exec rm '{}' /; 0007.B Delete files name / a file (BJCHENXU) RM // a 0007.c Delete Name Belt / and '/ 0' Files (BJCHENXU) These characters are characters that are not allowed by the normal file system, but may be generated in the file name, such as the NFS file system under UNIX 1 is used on the Mac system 1 Solve the method, put the NFS file system to remove files with special file names under the system where you don't filter the '/' character. 2. You can also remove the other files of the error file name, LS -ID displays the Inum, Umount file system, CLRI containing the file directory, clear the directory of Inum, FSCK, Mount, Check your Lost Found, Rename The File IN it. It is best to remove any file names with the Windows FTP! 0007.D Delete the name with an invisible character (BJCHENXU) lists the file name and dumps to the file: ls -l> AAA then edit the contents of the file to join the RM command to make its content into the format of the above file: VI AAA [ RM -R *******] Add files to execute permissions CHMOD X AAA to perform $ AAA 0007.e Delete file size for zero file (bjchenxi) RM -I `Find ./ -Size 0` Find ./ -Size 0 -EXEC RM {} /; or find ./ -size 0 | Xargs RM -F & Or for file in * # ourselves define the file type DO if [! -S $ {file}] THEN RM $ {file} Echo "RM $ File Success!" Fi Done 0008 RedHat Set the roller mouse (MC1011) After entering X, select the configuration of the mouse, select Wheel Mouse (PS / 2), if the mouse is exception, restart the computer. (Or SU, VI / ETC / X11 / XF86Config, modified PS / 2 to IMPS / 2) 0009 Plus XWindow (bjchenxu) Start with Linux CD, select Upgrade, then select the package separately, install it. 0010 Delete the Linux partition (BJCHENXU) to make a PARTITION MAGIC boot floppy disk, start after starting. Or start with the Win2000 boot CD, then delete. 0011 How to exit the MAN (BJCHENXU) Q0012 does not compile the kernel, the Mount NTFS partition (bjchenxu, hutueworm) original RH8, not upgraded or compiled kernel 1. Google.com Search and download kernel-ntfs-2.4.18-14.i686.rpm 2. rpm -ivh kernel-NTFS-2.4.18-14.i686.rpm 3. MKDIR / MNT / C 4. Mount -T NTFS / DEV / HDA1 / MNT / C or READ Ionnly: http: // linux-ntfs . SourceForge.Net / Read / Write: http://www.jankratochvil.net/project/captive/ 0013 TAR Split Compression and Merger (Wongmokin) Takes a TAR Split Compression of 500M per volume: TAR CVZPF - MyTARFile.Tar.gz | Split -D -B 500M TAR Multi-volume merge: Cat x *> mytarfile.tar.gz 0014 Finding three ways to retrieve the ROOT password (BJCHENXU) when using LILO / GRUB: 1. Change the system to change the single user status, use passwd root to change 2. Install the disc boot system, carry out the Linux Rescue status, will / Partition hooks, as follows: CD / MNT MKDIR HD mount -t auto / dev / hdax (the partition number where the original / partition is located) HD CD HD chroot ./ passwd root can get it 3. Put the hard disk of this unit Down, hang it to other Linux systems, the method used to use the second identical RH8. LILO 1. Type the Linux Single screen when LILO: Tips Show lilo: Linux Single 2. Enter can enter the Linux command line directly 3. #vi / etc / shadow will be the first line, that is, ROOT: and next: The first line will be similar to root :: ... Save 4. #reboot restart, the root password is empty. GRUB 1. When the GRUB screen appears, use the top button to select the one you usually start "Don't choose DOS 哟), then press E-key 2. Use the up and down button again to select you That item that usually launches Linux (similar to kernel /boot/vmlinuz-2.4.18-14 ROOT = Label = /), then press E-key 3. Modify the command line you are now, join Single, the result is as follows: Keernel /Boot/vmlinuz-2.4.18-14 Single Ro root = label = / 4. Enter back, then press B to start, you can go directly to the Linux command line 5. #vi / etc / shadow will first line, That is, ROOT: and next: The first line will be similar to root :: ... save 6. #Reboot restart, the root password is empty 0015 Make Ctrl Alt Del Failure (BJCHENXU) VI / ETC / INITTAB Totors Ca :: Ctrlattdel: / sbin / shutdown -t3 -r Now, you can 0016 how to see the version of the redhat is 7 or 8 (hutueworm) cat / proc / version or cat / etc / redhat-release or cat / etc / iessue The 0017 file is in which RPM (unparalleled) on www.rpmfind.net, or the rpm -qf file name is obtained 0018 Saves the information of Man or INFO to a text file (bjchenxu) TECSH as an example: man tcsh | col -b> tcsh.txt info tcsh -o tcsh.txt -s0019 utilizes two files to generate a new file ( bjchenxu 1. Remove the two files (repeated rows of rows) 2. Take out the intersection of two files (only files that exist in both files) 3. Delete intersections, leave other Row 1. Cat File1 File2 | Sort | UNIQ 2. Cat File1 File2 | Sort | UNIQ -D 3. Cat File1 File2 | Sort | Uniq -u 0020 Sets the COM1 mouth, let the super terminal login via COM1 port (bjchenxu) confirmed that there are / sbin / agharge, editing / etc / inittab, add 7: 2345: Respawn: / sbin / agsty / dev / TTYS0 9600 9600bps is because of the linkager The default is generally this rate, or it can be set to 19200, 38400, 57600, 115200 Modify / etc / securetty, add a line: TTYS0, make sure the root user can log in to restart the machine, you can unplug the mouse keyboard display (the most Ok, still have to look at the output information) 0021 Delete Directory All files include subdirectory (BJCHENXU) RM -RF directory name 0022 View System Information (BJCHENXU) CAT / Proc / CPUINFO - CPU (IE Vendor, MHz, Flags Like MMX) CAT / Proc / Interrupts - Interrupt Cat / Proc / Ioports - Device IO Port CAT / Proc / Meminfo - Memory Information (IE MEM Used, Free, SWAP Size Cat / Proc / Partitions - All partitions of all devices CAT / Proc / PCI - PCI device information CAT / Proc / Swaps - All SWAP partition information CAT / Proc / Version - Linux version number Equivalent to uname -r uname -a - see information such as system kernel 0023 Remove the extra carriage return (BJCHENXU) SED 'S / ^ m //' Test.sh> back.sh, pay attention to ^ m is a knocking Ctrl_v Ctrl-M or Dos2Unix FileName 0024 Switching X Desktop (LNX3000) If you log in to Linux in a graphic login, click Session on the login interface to select GNOME and KDE. If you are logged in with a text, then execute SwitchDesk Gnome or SwitchDesk KDE, then startX to enter GNOME or KDE. (Or vi ~ / .xinitrc, add or modify to exec gnome-session or exec startkde, then start X) with StartX 0025 Universal Sound Card Driver (LNX3000) OS www.opensound.com/ Alsa www.alsa-project.org/ 0026 Change the system language / character set (BEMING / MC1011) to modify the / etc / sysconfig / i18n file, such as lang = "en_us", XWindow displays the English interface, lang = "zh_cn.gb18030", xWindow will display the Chinese interface. There is also a method CP / etc / sysconfig / i18n $ home / .i18n modifies $ home / .i18n file, such as lang = "en_us", XWindow will display the English interface, lang = "zh_cn.gb18030", XWindow displays the Chinese interface . This will change the individual's interface language without affecting other users (Debian does not support GB18030 (RH's Zysong Font is copyrighted) Now there is no free GBK and GB18030 Fonts vi .bashrc export lang = zh_cn.gb2312 export lc_all = zh_cn.gb2312) 0027 Set the screen to 90 columns (BJCHENXU) stty cols 90 0028 Using the MD5SUM file (BJCHENXU) MD5SUM ISOFILE> Hashfile, the MD5SUM file is compared with the Hashfile file content, verify that the mixture value is consistent MD5SUM-C Hashfile 0029 Decomposing multiple ZIP files (BJCHENXU) unzip "*", pay attention to quotation marks can not be less 0030 Look at the PDF file (bjchenxu) Using XPDF or installs Acrobat Reader for Linux 0031 Find the file (bjchenxi) Find. -Type f / (-perm -04000-perm -02000 /) -exec ls -lg {} /; 0032 BJCHENXU) Take RedHat8 as an example, XWindow and its terminal do not have to say it, the default is installed, exhaled with Ctrl-Space. Now discuss pure console, please download zhcon.gnuchina.org/download/src/zhcon-0.2.1.tar.gz, in either directory, TAR XVFZ ENCON-0.2.1.tar.gz, CD ENCON-0.2. 1, ./configure, make, make install. End of installation, want to use, run zhcon, want to exit, run the exit. 0033 Receive the pop-up disc (beike) #eject -t 0034 CD CD made of ISO file (mentally wisdom) cp / dev / cdrom xxxx.iso 0035 Quick Watch Boot Hardware Detection (Music) Dmesg | More 0036 Viewing the use of a hard disk (BJCHENXU) DF -K display DF -H in K, M, G, T .. 0037 View DCHENXU DU -SH DIRNAME -S Displays only the total-h in K, M, G, enhances the readability of information. KB, MB, GB is a converter unit at 1024, and -H is converted at 1000. 0038 Find or delete the process (WWWZC) FUSER FUSER FUSER FUSER -K FileName in use 0039 Installing Software (BJCHENXU) rpm -ivh aaa.rpm tar xvfz aaa.tar.gz; cd aaa ;/configure; make; make install 0040 Character Mode Setting / Delete Environment Variables Under Setting: Export Variable Name = Variable Value Delete: Unset Variable Name CSH Set: STenv Variable Name Variable Value Delete: Unstenv Variable Name 0041 LS How to see hidden files (ie LS -A L in. (Suitable for redhat) 0042 files in RPM installation where to go (BJCHENXU) rpm -qpl aaa.rpm 0043 use src.rpm (bjchenxu) rpmbuild --rebuild * .src.rpm 0044 VIM Display Color or Not Display Color (BJCHENXU) First Make sure the Vim-Enhanced package is installed, then Vi ~ / .vimrc; if there is Syntax ON, display color, Syntax Off, no color is displayed 0045 Linux is a real-time or time-time operating system (BJCHENXU) 0046 Make Bzimage -J's J is in what is mainly used when your system hardware resources are relatively large, use this to speed up the speed of compilation, such as -J 3 0047 Source Pack No (BJCHENXU) You don't install source code, you can see your source code on your CD rpm -i * kernel * source * .rpm. 0048 Modify System Time (BJCHENXU, LAIXI781211, HUTOWORM) DATE -S "2003-04-14 CST", CST referring time zone, time setting with DATE -S 18:10 modified after modification, execute clock -w Write to CMOS HWCLOCK --SYSTOHC Set The Hardware Clock to The Current System Time 0049 Boot on the partition under Windows (BJCHENXU) to automatically hang the Windows D disk to / mnt / d, open / etc / fstab with VI, add the following line / dev / hda5 / mnt / d vfat defaults, codepage = 936, IOCHARSET = CP936 0 0 Note, first serve in a / mnt / d directory 0050 Linux How to use so many memory (bjchenxu) In order to improve system performance and non-waste memory, Linux makes multiple memory Cache to increase IO speed. 0051 FSTAB last configuration items in what the last two numbers are the first called FS_FREQ, used to determine which file system needs to execute DUMP operation, 0 is not required; the second called FS_Passno, is the system restart FSCK program Detection Disk 1 is the root file system, 2 is another file system. FSCK Detects Disks in Sequence Number, 0 Indicates that the file system is not detected by the file system of the DUMP to perform EXT2 FSCK detection and repair file system 0052 Linux allows the user's password must have a certain length, and comply with complexity (EAPASS) vi /etc/login.defs, change Pass_min_len 0053 Translation Software in Linux Star InterCair XDict Console There is a DICT tool, through the DICT protocol to Dict.org, check 11 this dictionary, for example: Dict RTFM 0054 Do not let the display sleep (bjchenxi) setterm -blank 0 setterm -blank n (n is waiting time) 0055 Query Yesterday (gadfly) Date --Date = 'YesterDay' with DAT 0056 XWINDOW Under the screen capture (BJCHENXU) KSNAPSHOT or GIMP0057 Decompression Small (BJCHENXU, NOCLOUDS) TAR-I or Bunzip2 command can decompress .bz2 file tar xvfj example.tar.bz2 tar xvfz example.tar.gz tar xvfz Example.tgz TAR XVF EXAMPLE.TAR UNZIP EXAMPLE.ZIP TAR -JVXF Some.bz is the software file-roller that the TAR's ZVXF is changed to JVXF ZIP / TAR RH8. Soft-Roller can do this. You can also unnounce the ZIP file with unzip * .rar, unrar * .rar unlined the RAR file, but UnRar is generally unreliable, to download online. # rpm2cpio example.rpm │ CPIO -DIV # Ar p example.de.deb data.tar.gz | TAR ZXF - Alien offers mutual conversion between .tgz, .rpm, .slp, and .deb and other compressed formats: http: / /sourceforge.net/projects/aliensEx provides almost all visible compression format decompression interfaces: http://sourceforge.net/projects/sex 0058 Finding a file in a multi-level directory (Qinghai Lake) Find / Dir -Name FileName.ext du -a | grep filename.ext locate filename.ext 0059 does not allow ordinary users to change the password (Myxfc) [root @ xin_fc etc] # chmod 511 / usr / bin / passwd also wants ordinary users to change password [root @ xin_fc etc] # chmod 4511 / usr / bin / passwd 0060 graphics card is really unable to do (win_bigboy) Go to http://www.redflag-linux.com/, the XFree86 4.3 is installed. 0061 Super Deleting Formatting Tools (Moutention) is safe than pqmagic, establishing deleting formatted gadgets: sfdisk.exe for msdos http://www.wushuang.net/soft/sfdisk.zip 0062 How to make the XMMS playlist display the correct Chinese (MYXFC) - * - * - * - * - * - ISO8859-1, -MISC-SIMSUN-Medium-R-NORMAL - 12 - * - * - * - * - * - GBK-0, * - R - completely copy this thing into your font: Right-click anywhere in the XMMS play tool to see a "option", then select "Select" Select " "and then copy the above font to" playlist "and" User X FONT) 0063 Redhat Linux Plays the original XMMS of the MP3 file (Hehhb) cannot play MP3 (silent), to install an RPM package: RPM -IVH XMMS-MP3-1.2.7-13.p.i386.rpm. Open XMMS, CTL-P, first tick in the upper half of the small box, then select "Fixed (MISC) GBK-0 13" font to display Chinese song song name. Select "Open Audio System Driver 1.2.7 [Lioss.so] in the audio output plugin to play the MP3 file normally. 0064 Installing Chinese Fonts (Hehhb) first download http://freshair.netchina.com.cn/~george/sm.sh (Reference: http://www.linuxeden.com/edu/docText.php?docid=2679 SIMSUN18030.TTC can be downloaded in Microsoft website, http://www.microsoft.com/china/windows2000/downloads/18 030.asp It is an MSI file, installed in Mswindows, installed under the Windows directory You can find it in the Fonts directory. Copy SIMSUN.TTTC, SIMSUN18030.TTC, Tahoma.ttf, TahomAbd.ttf to / usr / local / temp, then download the shell file in this directory, then open the terminal CD / USR / local / Temp Chmod 755 SM .sh ./sm.sh 0065 Loading the FAT32 of the Windows Partition, FAT16 File System (Hehhb) Enters KDE as root, click the "Start Point" icon on the desktop, established the following folders: C, D, E, F, G, USB in / mnt directory. It is used as partitions and USB flash drives under Windows. Use the text editor to open the / etc / fstab file. Add below: / dev / hda1 / mnt / c vfat ocharset = GB2312, umask = 0, codepage = 936 0 0 / dev / hda5 / mnt / d vfat ocharset = GB2312, umask = 0, CODEPAGE = 936 0 0 / dev / hda6 / mnt / e vfat ocharset = GB2312, umask = 0, CODEPAGE = 936 0 0 / dev / hda7 / mnt / f vfat ocharset = GB2312, umask = 0, codepage = 936 0 0 / dev / hda8 / mnt / g vfat ocharset = GB2312, umask = 0, codepage = 936 0 0 / dev / cdrom / mnt / cdrom udf, ISO9660 NOAUTO, IOCHARSET = GB2312, Owner, Kudzu, RO 0 0 / DEV / SDA1 / MNT / USB VFAT IOCHARSET = GB2312, UMASK = 0, CODEPAGE = 936 0 0 store exits. After restarting, you can access the FAT32 or FAT16 format partition, solve the problem of garbled with the Windows partition and the disc Chinese file name. A total of six columns, each column is used for a Tab key. Note that this method can only mount on the FAT partition format. SDA1 is a flash drive. 0066 uses five pens and pinyin in X, the location input method (HMKART) is installed from http://www.fcitx.org/ uploading the FcitX RPM package installation 0067 How to extract the RAR file under Linux http://www.linuxeden.com/download/softdetail.php?softid=883 Download Rar for Linux 3.2.0, decompress the Open MAKE can then use unrar e youfilename.rar Unzip RAR file 0068 How to add / remove the RPM package after installation (Sakulagi) redhat-config-packages --ioDir = Can specify the directory where the ISO file is located 0069 Character Control Volume (GRUB007) AUMIX 0070 Make ISO (GRUB007) DD if = / dev / cdrom of = / tmp / aaa.iso 0071 Delete all things before a few days (including files in the directory name and directory) (SHALLY 5) Find. -Ctime 3-EXEC RM -RF {} /; or find./ -mtime 3 -print | xargs RM -F -r0072 User's crontab where (Hutueworm) / var / spool / cron / next file named by username 0073 Operation of the program (BJCHENXU) SU - username -c "/ path / to / command" is sometimes running a special identity program, you can make Su to do 0074 How to empty a file (BJCHENXU)> FileName 0075 Why can't I display Chinese under OpenOffice (Allen1970) Change font settings Tools-> Options-> Font Replacement Andale Sans Ui -> SIMSUN 0076 How to back up the Linux system (PURGE) Symantec Ghost 7.5 supports EXT3 NATIVE replication 0077 PARTITION MAGIC (WWWWZC) Linux on Linux Next Useful partition tool: parted can modify the partition size, delete / create partitions in real time. 0078 / Proc / Sys / SEM, what is the meaning of each representative? (Sakulagi) / proc / sys / SEM contents below 250 32000 32 128 These 4 parameters are SEMMSL (each user has the maximum number of semaphors), SEMMNS The maximum number of semapses), Semopm (the number of SemoP system calls operated), SemMni (the maximum number of system signals) 0079 What does BIGMEM SMP UP mean in the GRUB boot menu? (LNX3000) SMP: (Symmetric Multiple Processor) Symmetrical Multi-processor Mode Bigmem: Supports 1G Optimized Core Up: (UNI Processor) Mode of Single Processor 0080 ORACLE installer Why is it garbled? (lnx3000) Now Oracle's installer has problems with Chinese support, you can only use the English interface to install, before performing RunInstaller, execute: export lang = c; export lc_all = c 0081 LINUX color represents what is represented by the file (Sakulagi, a mentally mini) blue representation; green represents executable file; red represents a compressed file; light blue represents a link file; gray represents other files; red flash indicates the link file. The problem; yellow is the device file, including Block, Char, and FIFO. Use Dircolors -P to see the default color settings, including various colors and "bold", underscore, flashing, etc. 0082 View how many activities httpd scripts (bjchenxi) #! / Bin / sh while (true) do pstree | grep "* / [httpd /] $" | sed 's /.*-/ ([0-9] [ 0-9] * /) / * / [httpd /] $ // 1 / 'Sleep 3 DONE 0083 How to add a hard disk (good gentleted), shut down, physical connection hard disk if it is the IDE hard disk, pay attention to the main, slave the plate settings; if it is a SCSI hard drive, pay attention to selecting an ID number that is not used. Second, boot, check the hard disk has been detected by Linux DMESG | GREP HD * (IDE hard disk) Dmesg | GREP SD * (SCSI hard disk) or Less / var / log / dmesg If you don't detect your new hard drive, restart, Check the connection and see if the BIOS has recognized it. Third, the partition you can use FDISK, SFDisk, or Partition Magic (Partition Magic under Linux), format MKFS 5, modify how to see the partition under the partition under the FSTAB VI / ETC / FSTAB0084 Linux (Q1208C) E2Label / DEV / HDXN, WHERE X = A, B, C, D ....; n = 1, 2, 3 ... 0085 RH8, 9 How to add a new language package after installation (good gentleman) 1.8.0 1. Add the first CD 2.cd / mnt / cdrom / redhat / rpms 3.rpm -ivh TTFONTS-EN_CN-2.11 -29.Noarch.rpm (Simplified Chinese, you can use the Tab key to make up the part of the back, so as not to enter incorrectly) 4.RPM-IVH TTFONTS-ZH_TW-2.11-15.NOARCH.RPM (Traditional Chinese) If you still I want to install Japanese, Korean, try the TTFONTS * .RPM on the second CD. II. 9.0 9.0 is not on the first plate, on the third disk. RPM package name is: TTFONTS-ZH_CN-2.12- 1.Noarch.rpm (Simplified Chinese) TTFONTS-ZH_TW-2.11-19.NOARCH.RPM (Traditional Chinese) 0086 Terminal Catch (TSGX) CAT / DEV / VCSX> Screenshot where x indicates that the X terminal can also run Script Screen.log, and record the screen information to Screen.log. I will record your exit for a while. This is also a good way to grip. This is seen on the Cookbook on Debian. Can be used on RH9. There is no test on other systems. 0087 Let a program continue to run after exiting landing (NETDC) #nohup program name & 0088 MAN Command is not in the path, how to view non-standard MAN files (bjchenxi) nroff -man /usr/man/man1/cscope.1 | more 0089 Run the program (BJCHENXU) SU - username -c "/ path / to / file" in different users, sometimes you need to run a special identity ... you can make Su to do ... 0090 Editing / etc / inittab Direct Effect (BJCHENXU) #init q 0091 Let Linux execute several commands continuously, stop (bjchenxu) Command1 && Command2 && Command3 0092 How to install GRUB to MBR (Bjchenxu, Netdc) GRUB> Root (HD0, 0) GRUB> Setup (HD0) can also be installed with # grub-install / dev / hda to install GRUB. 0093 Write GRUB (LILO) to the Linux partition guide or the main boot sector (MBR) (BJCHENXU) If you want your computer to start, you will directly enter the operating system startup menu, write grub (lilo) on the MBR. If you are written to the Linux partition, you have to boot with the boot disk. It is recommended to write MBR, convenient point, as to write to MBR is not safe, what explains? Each time Win98, MBR will be modified once, do you think is it unsafe? 0094 How to make multi-system coexistence (BJCHENXU) 98 system, use LILO (GRUB) boot, 2K / NT uses OSLoader boot multi-system 0095 how to switch back and forth between graphical interface and console (character interface) a. Graphics Interface to the console: CTR Alt Fn (n = 1, 2, 3, 4, 5, 6). b. Switch between each console: Alt Fn (n = 1, 2, 3, 4, 5, 6). c. Console to graphics: Alt F7 0096 Redhat Linux Common Command (BJCHENXU) <1> LS: Column Directory. Usage: LS or LS DIRNAME, parameter: -a Displays all files, -l lists files. <2> MKDIR: Build a directory. Usage: MKDir Dirname, parameter :-P build multi-level directory, such as: MKDIR A / B / C / D / E / F -P <3> Mount: Mount partition or mirror file (.IMG) file. Usage: a. Disk Partition: Mount DeviceName MountPoint -O Options, where DeviceName is a device name of disk partition, such as / dev / hda1, / dev / cdrom, / dev / fd0, mountPoint is a mount point, it is a directory, Options is the parameter, if the partition is Linux partition, generally not -O Options, if it is the Windows partition, the options can be IoCharset = CP936, so that the Chinese file name in the Windows partition can be displayed. Use: such as / dev / hda5 is a Linux partition, I want to hang it on the directory A (if you have no directory A, first mkdir a), mount / dev / hda5 a, this directory A is the partition hda5 Things, such as HDA1 is a Windows partition, hung it on B, mount / dev / hda1 b -o iocharset = cp936. b. mirror file: mount filename mountpoint -o loop, filename is the mirror file name (* .Iso, *. img), other don't say, the same is true. Use: If I have an A.iso CD image file, Mount A.iso A -O Loop, so you can browse A.iso's content, *. IMG file. <4> Find: Find files. Usage: Find Indir -Name FileName, Indir is which directory you want to find, filename is the file name you're looking for (you can use wildcard), when using wildcard, FileName is best to use single quotes, otherwise sometimes error, use case: Find. -name test *, find files starting with TEST in the current directory. <5> grep: Find the specified string in the file. Usage: GREP STRING FileName, find String in FileName (available in wildcard) (it is best to use double quotes). Parameters: -r Find in FileName in all subdirectory. Use: grep hello * .c -r Find Hello in all .c files in the current directory (including subdirectory). <5> VI: Editor. Usage: vi filename. FileName is the text file you want to edit. After using the execution vi filename, you may find that you can't edit the text content, don't worry, this is because VI has not entered the editing state, press A or I to enter the editing state, enter the editing state, you can edit the text . To exit the edit status, press the ESC button. The following operations should be in a non-editing state. Find text: Enter / and you want to find text and enter. Exit: Enter: and Q and Enter, if you modify the text, then you want to use: Q! Enter to you. Save: Enter: W Enter, if it is read-only file, use: w !. Save Exit: Enter: WQ Enter, if you are read-only: wq! Enter. Cancel: Press U. You can cancel one step by one, you can cancel multiple steps multiple times. Copy and paste a line of line: move the cursor anywhere on the line you want to copy, press yy (just twice Y), move the cursor to the previous line to paste, press P, just now, the text will be The next line inserted into the row where the cursor is located, and the original cursor is in the row of all the rows. Copy paste multi-line text: Almost the same line, just yy change to the number of rows to copy to copy, followed by yy, followed. Move the cursor to the specified line: Enter: and the line number and enter, such as moving to 123 lines: 123 Enter, move to the end: $ Enter. 0097 Linux text interface How to turn off the PC speaker (labrun) before the / etc / input Bell-Style None, or Echo "Set Bell-Style None" ~ / .bashrc 0098 Repairing Windows leads to a solution that Linux can't boot (good gentle) If there is no restrict, take the Linux boot disk (or the first installation disc) boot to enter the rescue mode. First find where the original / partition mount is. Redhat is usually / mnt / sysimage. Perform "Chroot / MNT / Sysimage". If it is grub, enter grub-install / dev / hd * (depending on the actual situation); if it is LILO, enter LILO -V, then restart. If the partition changes, the corresponding modification /etc/lilo.conf and /boot/grub/grub.conf will then perform the above command. 0099 Why did the Win2K is very slow (LNX3000, good gentleman), you can't see Linux logical disk in 2000, but can not access? In disk management, select this disk, right-click -> Change "Drive Name and Path" -> "Delete" is ok, beware that this disk! 0100 Brake the Linux release version of the ISO file to the CD method (bjchenxu) Borrow the NERO software in Windows, select the image file burning, select the ISO file, burn it! 0101 Linux Braided ISO Method 1: Using XcDroast, choose Cake, select ISO file, burn! See http://www.xcdroast.org/xcdr098/faq-a15.html ල Method 2: Logger recorder Command: cdrecord --scanbus output result is: 0, 0, 0) 'ATAPI' 'CD-R / RW 8x4x32' 5.EZ 'Removable CD-ROM burned command: cdrecord -v speed = 8 dev = 0,0,0 hutuworm.iso 0102 How to do (double eyelid pig) When you can't Cat, you are not a text file, then you can press two "Enter" keys, then knock " ", then the screen will return to normal .... 0103 How to uninstall the package when you know the specific package name (Diablocom) knows that the command to delete the package is rpm -e xxx, but when we don't know how to spell this XXX, you can query all installed with rpm -q -a. Software package or RPM -QA | GREP XXXX queries 0104 Add / TMP folder under Linux in Linux (Yulc) Add a line in / etc / fstab: NONE / TMP TMPFS DEFAULT 0 0 or Add mount TMPFS / TMP -T TMPFS -O Size in /etc/rc.local = 128M Note: size = 128M indicates that the maximum can use 128m regardless of the way, as long as Linux restarts, the file under / TMP disappears 0105 lists only lists (Yulc) LS -LF | GREP ^ D LS -LF | GREP / $ LS -F | GREP / $ LS -F | 0106 List the native IP address in the command line, not to get the NIC information (Yulc) ifconfig | GREP "inet" | CUT-C 0-36 | SED -E 'S / [A-ZA-Z:] // g 'Hostname -i 0107 Modify / etc / profile or $ home / .profile file How to take effect (peter333) #Source / etc / profile (or Source .profile) 0108 BG and FG Use (BJCHENXU) Enter Ctrl Z, the current task will be suspended, and the process number is returned on the screen. At this time, use the "BG% process number", it will put this process in the background, And "FG% process number" can make this process to the front desk. In addition, the Job command is used to see the current BG process. 0109 Ctrl S and Ctrl Q (bjchenxi) Ctrl-S is used to suspend data to the terminal, the screen is like death, can be recovered by ctrl-q 0110 Directory Statistics Script (BJCHENXU) Save into Total.sh, then use Total.sh absolute path to statistical the size of the directory of the directory: #! / Bin / sh du $ 1 --MAX-Depth = 1 | sort - N | awk '{printf "% 7.2FM ---->% S / N", $ 1/1024, $ 2}' | SED 'S: /. ([^ /] / {1, /} / $: / 1: g ' 0111 GREP does not display itself process (bjchenxi) #ps -aux | grep httpd | grep -v grep grep -v grep can cancel the process of the grep itself you execute, the -v parameter is not displayed 0112 Deleting Files in Directory (WongMokin) Find / MNT / EBOOK / -TYPE F -EXEC GREP "Enter keyword" {} /; -Print -exec rm {} /; 0113 Let's do not feed back information, this example 5 minutes check one email (Wongmokin) 0-59 / 5 * * * * / usr / local / bin / fetchmail> / dev / null 2> & 1 0114 Decompression RPM file in the current directory (BJCHENXU) CAT kernel-ntfs-2.4.20-8.i686.rpm | rpm2cpio | Pax -R 0115 combined two PostScript or PDF file (noclouds) $ gs -q -dnopause -dbatch -sdevice = pswrite / -SoutputFile = bar.ps -f foo1.ps foo2.ps $ gs -q -dnopause -dbatch -sdevice = pdfwrite / -soutputfile = bar.pdf -f foo1.pdf foo2.pdf 0116 Remove all of the manual directory of Apache (bjchenxu) to the Manual directory code: find ./ -regx. * /. En | awk -f. '{Printf "MV% s.% S.% s.% s% s.% s.% s / n ", $ 1, $ 2,. $ 3,4,, worth $ 2, $ 3} '| SH 0117 How to get multiple X (Noclouds) StartX defaults to DISPLAY: 0.0 first X, pass the parameters to XServer can be used to get a plurality of x: # startx -: 1.0 # startx -: 2.0 ... then use Ctrl -Alt-f7 / f8 ... switching. 0118 Let a program continue to run after logging in (NOCLOUDS, BJCHENXU) # # DISOWN or it could be Nohup Command & 0119 Look at the display information of the screen when Linux starts (BJCHENXU) After the startup, use the command dmesg to view 0120 Lets VI unwanted ECHO "SET VB T_VB =" >> ~ / .vimrc --------------------------------------------- ------- 0001 Let Apache's default character set to Chinese (BJCHENXU) if it is 1. *, Vi httpd.conf finds AddDefaultCharset ISO8859-1, changed to AddDefaultCharset GB2312 If it is 2. *, you need to change One place, vi httpd.conf adddefaultcharset ISO-8859-1 is changed to AddDefaultCharset Off 0002 Permanently change IP (bjchenxi) ifconfig eth0 new IP then edits / etc / sysconfig / network-scripts / ifcfg-eth0, modify IP0003 remotely displaying Windows desktop remotely (LNX3000) on Linux (LNX3000) Install RDESKTOP package 0004 Manually adding the default gateway (BJCHENXU) to perform: Route Add Default GW Gateway IP want to change the gateway 1 vi / etc / sysconfig / network-scripts / ifcfg-eth0 Change Gateway 2 /etc/init.d/network restart 0005 Redhat 8.0 MSN and QQ (BJCHENXU) Download Gaim 0.58 version: GAIM-0.58-2.i386.rpm Download QQ plug-in for GCC2.9 version: libqqq-0.0.3-FT-0.58-gcc296.so.gz will download The file is placed in the / temp directory, then deletes the already GAIM in the system, ie, type commands in the terminal emulator: rpm -e gaim. Start installing the open terminal emulator, continue to perform the following command to install the GAIM version 0.58, namely: CD / TEMP (enter the temp directory) RPM -IVH GAIM-0.58-2.i386.rpm (installation software) When the installation is successful, you can Establish a GAIM icon on the GNOME or KDE desktop. Continue to install QQ plug-in, type command: gunzip libqq-0.0.3-ft-0.58-gcc296.so.gz (decompress file) CP libqq-0.0.3-ft-0.58-gcc296.so / usr / lib / gaim (Copy plug-in to the GAIM library directory) The Software Settings When the GAIM version 0.85 is first launched, the login interface will appear. First select "Plug-in", click "Load" in the Plugin dialog box, load libmsn.so and libqq-0.0.3-ft-0.58-gcc296.so file, and turn it off after confirmation. Then select "All Accounts", continue to click "Add" in the account editor that appears, when you appear, we can enter your QQ or MSN number, login name fill in the QQ number or MSN mailbox. The password fills in the corresponding QQ or MSN password, Alias fill in its own nickname, the protocol selects the corresponding QQ or MSN, and other settings can be default. You can log in when all settings are complete. Since MS is often upgraded to MSN's protocol, the GAIM and MSN plugins on Linux must be upgraded, and there is no resolution of 10,000, please forgive me. 0006 Isolated 22 port now run what program (BJCHENXU) LSOF -I: 22 0007 View this machine's IP, Gateway, DNS (BJCHENXU) IP: Log in with root, executes ifconfig. Where ETH0 is the first network card, LO is the default device Gateway: Log in to the root user, execute netstat -rn, the Gateway, which is starting with 0.0.0.0, is the default gateway, you can also view the / etc / sysconfig / network file, inside Have a specified address! DNS: more /etc/resolv.conf, the content is specified as follows: Nameserver 202.96.69.38 Nameserver 202.96.64.38 0008 RH8.0 Command Loosing the TTL value (cgWeb) #sysctl -w net.ipv4.ip_default_ttl = n (n = 0 ~ 255), if n> 255, then the TTL = 00009 rh8.0 command line Easy to change the system configuration default value (houaq) Edit /etc/sysctl.conf, for example, change net.ipv4.ip_forward = 0 to NET.IPV4.IP_FORWARD = 1 After the restart, take effect, use sysctl -a to seek 0010 Mount LAN Other Windows Machine Shared Directory (BJCHENXU) MOUNT -T SMBFS -O UserName = Guest, Password = Guest // Machine / Path / MNT / CDROM 0011 Allow | Prohibiting root to modify SSHD_CONFIG: PermitRootlogin No | YES via SSH Login (FUN-FreeBSD) 0012 Let root directly log in (BJCHENXU) edit /etc/pam.d/login, remove Auth Required /Lib/security/pam_securetty.so this sentence 0013 In Linux, ADSL device (Wind521) requires a normal Linux at least one network card broadband device has been applied, and has been opened. At present, there are a few ADSL equipment on the market, and their way to work has some subtle differences. It is the process of completing the Internet through virtual dialing, that is, using the PPPoE device to perform virtual dial-up calls, it is an automatic dial-up work after power-on, then left to our interface is RJ45. The gateway that is generally left to our Dalian area is 10.0.0.2. This device is most likely to deal with. Finally, it is directly assigned to a fixed IP, which is relatively easy to deal with it. 1. The first need is dialing: Several devices communicate with the computer via the ETH interface, so the connection of the hardware device is first, especially the broadband cat, must confirm the correctness (otherwise, don't go anything in a while, don't just count, you don't think about me) and start the system, Confirm that the software is installed on the system (to find the user via rpm -qa | grep pppoe), if the user is not installed, in the disc or go online to Down, after installing, perform ADSL with root users Setup, this enters the setting status of ADSL data, requires input to apply for broadband usernames and other information, confirm that there is no problem, accept until the end (inside is E text, but can understand, simple, I usually don't have to use a firewall setting, I can choose 0, everyone can consider). After the configuration is complete, the ADSL-START is executed with root users, which will make ADSL's dial-up work, will be online, if there is any specific problem, look at the log (/ var / log / messages) tells you what. Stop ADSL, execute ADSL-STOP (very simple) 2. The other two are easier to deal with: full-to-day cat: Just set your network card to an IP of a 10 network segment, then the gateway refers to the whole gateway To the IP of the cat, on (10.0.0.2), basically no big problem fixed IP: like a network card configured by the local, the IP, gateway, and DNS can be done according to the application. 0014 Let Linux Auto Synchronization Time (SHUNZ) VI / ETC / CRONTAB plus: 00 0 1 * * root rdate -s time.nist.gov 0015 Linux online resources What are available (BJCHENXU) foreign http://lwn.neet/http://www.tldp.org/http://www.yolinux.com/ (FLYING-Dancebig big pig) http: // Www.justlinux.com/http://www.linuxtoday.com/http://www.linuxquestions.org/http://www.fokus.gmd.de/linux/http://www.linux-tutorial. Info / http://public.www.planetmirror.com/http://www.freebsdforums.org/rums/http://www.netfilter.org/documentation/http: //www 106.ibm.com/ DeveloperWorks / Linux / Domestic http://www.fanqiang.com/http://www.linuxsir.com/http://www.chinaunix.net/http://www.linuxfans.org/(deadcat )http://www. Linuxeden.com/http://www.linuxforum.neet/http://www.linuxaid.com.cn/http://freesoft.online.sh.cn/http://www-900.ibm.com/ DeveloperWorks / CN / Linux / Index.shtmlhttp: //www.neweasier.com/software.htmlhttp: //www.blueidea.com/bbs/archivecontent.asp? id = 635906 (SQH) http: //westlinux.ywzc. Net / (onesun) 0016 Changing SSHD port (BJCHENXU) Add a line in / etc / ssh / sshd_config: port 2222, / etc / init.d / sshd restart restarts the daemon 0017 Changing Telnet port (bjchenxu) change the port number 21 corresponding to the / etc / service file to the value you want, / etc / init.d / xinetd restart restart the daemon 0018 Terminal mode has problems (Sakulagi) Export Term = VT100 0019 Imitation Super Terminal, What Program in Linux Connects to Routers and Switches (Alstone) MINICOM 0020 SSH can not automatically disconnect (wind521) That is the Timetou setting, modify the TMOUT variable value What tools use to do intrusion detection (BJCHENXU) SNORT 0022 Linux under the detection program memory leakage tool (BJCHENXU) cchecker or EFENCE library 0023 How to Monitor All Data Cards TCPDump IPTRAF in Linux 0024 Why is the root performing a lot of commands, you are telnet, then SU is root, change your su command format, should be Su - root 0025 Close User's POP3 Permissions (TIANSGX) can turn the port of POP3. Find this line POP-3 110 / TCP in the file / etc / services to add this line to the '#', you can comment out. 0026 Linux Play Flash Animation (MYXFC) LINUX Play Flash Animation With this thing, it will not cause the browser to close (other plugin is not easy to use) first download flash play animation at Linux plugin http://www.collaborium. ORG / ONSITE / JOS2000 / Related / Soft / Flash_Linux.tar.gztar ZXVF Flash_Linux.tar.gz After opening the package, you will see the Linux folder in the Linux file, there are two files LibflashPlayer.so and Shockwaveflash.class, put this Two files copy into the plugin in your browser (the browser is different, the location of the plugin may be different) /usr/lib/mozilla-1.0.1/plugins, you can lock the WU-FTP user directory (WANGLA) Editing FTPAccess file restricted-uid * This sentence is important to limit FTP users in their own directory. 0028 How does the server do not allow Telnet (Know Qiuyi) Server must start the Telnet service && server's firewall priority should be set low 0029 Prevent anyone from using the su order to become root (xiaohu0) 1.vi /etc/pam.d/su auth sufficient /lib/security/pam_rootok.so debug auth request /lib/security/pam_wheel.so group = Wheel 2. The WHEEL group is defined in the / ETC / PAM. D / SU configuration file. 0030 How to make lynx browser to browse Chinese website (Ghost_Vale) browse Simplified Chinese website modification of the following settings Save options to disk: [X] Display and Character Set Display character set: (!) [Chinese________________________] Assumed document character set: [ ISO-8859-1 ______] CJK Mode (!): [ON_] Then move to the bottom ACCEPT CHANGES Press Enter to save, you can, of course your system is to support Simplified Chinese. The 0031 network card is activated, but it can't be connected. What should I do? (Slock) TRACE, see that it is blinded in that piece. 1.PING own 2.ping Gateway 3.PING DNS 4.TRACE DNS IF All = Ok Ten Nslookup www.sina.com.cn ping sina's address TRA 'Address basically knows the result. 0032 Using Samba in RedHat9, Win2000 can be accessed, Win98 is not accessible? (Squall2003) If it is a Wind98 necessary to modify the registry: hkey_local_machine / system / correntcontrolset / services / vxd / vnetsUp built a D value: EnablePlainTextPasswd, key value 1 0033 How to get a NIC's MAC address (bjchenxu, hutueworm) arp -a | awk '{print $ 4}' ifconfig eth0 | Head -1 | awk '{print $ 5}' 0034 How to get a network card IP address (MB) ifconfig eth0 | awk '/ inet addr / {split ($ 2, x, ":"); Print X [2]}' 0035 How to modify the working group (hutueworm) vi /etc/samba/smba/smb.conf in the Linux machine, modify the Workgroup = one, write the group name behind. 0036 a piece of network card how to bind two IP (LinuxLoveu) #CD / etc / sysconfig / network-scripts #cp ifcfg-eth0 IFCFG-ETH0: 1 #VI ifcfg-eth0: 1 Modify IP and device name Debian Next network card binding Method (NETDC) modified / etc / network / interface inet static address 172.16.3.123 netmask 255.255.255.0 network 172.16.3.0 Broadcast 172.16.3.255 Gateway 172.16.3.1 Auto Eth0: 1 iFace Eth0: 1 inet static address 10.16.3.123 Netmask 255.255.0.0 Network 10.16.0.0 Broadcast 10.16.255.255 Modified / etc / network / ifstate LO = LO Eth0 = Eth0 Eth0: 1 = Eth0: 1 Then / ETC / INIT.D / NETWORKING Restart is OK. 0037 How IP Binds Two NICs (HUTUWORM) assumptions 192.168.0.88 is IP, 192.168.0.1 is gateway: / sbin / modprobe bonding miimon = 100 mod = 1 / sbin / ifdown eth0 / sbin / ifdown eth1 / sbin / ifconfig Bond0 192.168.0.88 / sbin / ifnslave Bond0 Eth0 Eth1 / Sbin / Route Add Default GW 192.168.0.1 0038 192.168.1.0/24 (double eyelids) It is equivalent to 192.168.1.0/255.255.255.0, but it means different ways ... 0039 LINUX Clear ARP Table Command (NETDC) #arp -d -a (for BSD) for Host In `ARP | SED '/ Address / D' | awk '{print $ 1}'`; do arp -d $ Host; Done 0040 Using NTP Protocol from Server Synchronization Time (NETDC) NTPDATE NTP-Server Example: NTPDATE 172.16.2.1 0041 Host Command Usage (BJCHENXU) Host can be used to query domain names, it can also get more information host -t mx example.com You can query the MX record of Example.com, and the name Host-L of Host Host Host-L EXAMPLE.com will return all domain name information of this host when you register all the domain names host -a example.com under Example.com. --------------------------------------------- ------- 0001 Linux Under debug Core file (bjchenxi) GDB : Error generates the executable of Core Dump. : Core Dump file name, the default is "core" 0002 GCC ABC.C gets A.out can't run (bjchenxu) ./a.out 0003 C compiles why error information says COUT does not define (bjchenxi) include header files will be added to use the namespace std; 0004 New Compilation GCC, the standard connection library used is under / usr / local / lib, but how the default connection path used is / usr / lib added? (In addition to increasing -L / usr / local / lib) (Sakulagi, Hutueworm) (Sakulagi, Hutueworm) (Sakulagi, Hutueworm) (Sakulagi, Hutueworm) (Sakulagy_path = $ LD_LIBRARY_PATH: / USR / local / lib Write ~ / .bash_profile inside. Add a simple way: add / usr / local / lib to /etc/ld.so.conf, then run LDConfig ----------------------- ----- Classic Book -------------------------- 0001 GNU / Linux Advanced Network Application Service Guide (BJCHENXU) Linuxaid website Machinery Industry Publishing House Advantages: Also, complete, all are the shortcomings of actual combat: lower version: redhat 6.2 0002 Linux Apache Web Server Administration (BJCHENXU) (US) Charles AULDS Translator: Ma Shuqi Jinyan Electronic Industry Press Advantage: At present, I haven't found a question about Apache, this book has not been told Disadvantages: For 1.3.x, the latest for 2.0. * Chinese version is waiting for the market price: ¥ 46.00 Terminal Member price: ¥ 34.50 (4-5 stars Member) ¥ 35.88 (1-3 stars) ¥ 36.80 (ordinary member ISBN: 7-5053-6563-0 Publish Date: 2001-03-01 0003 Linux Kernel Scenario Analysis (BJCHENXU) Zhejiang University Press Advantages: It's too bad, I can't understand the shortcomings: or the version problem, huh, the kernel update is too fast, but still read 0004 UNIX Environment Advanced Programming (BJCHENXU) Richard Stevens Machinery Press Advantages: Broad Sinens and Disadvantages: Beginners are difficult to understand, otherwise how to call "advanced programming"? 0005 Programming Essence - Microsoft Writing High Quality Unlike C Documents Secret (BJCHENXU) Steve MAGUIRE Electronic Industry Press Advantages: Do not say, the author is a Senior Engineer of Microsoft: It is difficult to find, 1994 0006 Understanding the Linux Kernel, 2nd Edition (hutuworm) Author: Daniel P. Bovet & Marco Cesati Publisher: O'Reilly after reading this book, you will understand the circumstances under which Linux has the best performance and how it In the face of challenges, process schedules, file access, and memory management are provided in various environments. By explaining its importance to introduce each topic and links kernel operations to UNIX programmers and user familiar system calls or utilities. 0007 UNIX operating system tutorial (English version) (mentally wisdom) by Syed Mansoor Sarwar ... Machinery Press: Machinery Press: Shallow Easy, focusing on UNIX basic concepts and overall understanding, BCKEA. In addition: Machinery Industry Press has published Chinese version, Name: UNIX Tutorial 0008 UNIX programming environment (mentally wisdom) by Brian W.kernighan, Rob Pike Chen Xiangqun and other translation machinery industry publishing homes: lighting This book is suitable for newcomers. Cons: There is no English version 0009 The Art of UNIX Programming (hutuworm) Author: Eric Steven Raymond URL: http://catb.org/~esr/writings/taoup/html/ advantages: Advantages ES Raymond classics would not have said Others: The book stops updating on September 19th, stabilized to version 1.0, and has been sent to the Adison-Wesley Press printer 0010 UNIX Network Programming - Volume 1 "Set of Access API and X / Open Transport Interface API" (SLG1972) Tsinghua W.Richard Stevens (Substant) Detailed explanation of Unix network programming non-door-level things 0010 and 0011 and The source code download address of the two books http://www.tomydan.net/downloads/ebooks/unp.rar or http://linux.syunicom.com/unp.tar.gz 0011 UNIX Network Programming - Volume 2 "Process Communication" (SLG1972) Tsinghua W.Richard Stevens (Soft) Detailed explanation of the process between UNIX, the relationship between threads, and various standard process programming Different. Non-door 0012 UNIX Network Programming - Volume 3 "Application" (SLG1972, Hutueworm) I have not bought it so far, it should be good. Nothing to buy is because the Richard Stevens master the ear of the ear, and it is no longer possible to complete the third volume in this plan. It is said that it has not been placed by Gary R. Wright, but he has been free from the master of the master. 0013 "Based on C CORBA Advanced Programming" (SLG1972) Qingda Michi Henning, Steve Vinoski is a must-have for the CORBA application. Non-door-level stuff. 0014 Unix Linux NMS, including this edition, please go to this Edition FTP server download evaluation: I have seen the most comprehensive, most practical CHM documentation on UNIX knowledge, equivalent to a small website, support inside Full text search, recommend all brothers and sisters who have not yet downloaded 0015 www.chinaoy.com (Aomin5555) is good, very complete, book download is good Website: Redhat Linux9.0 official entry guide · Redhat Linux9.0 official installation guide · Redhat Linux9.0 official custom setting manual · Redhat Linux Basic Tutorial · Linux Reference Daquan · Tsinghua Forum Linux Essence · Linux System Administrator Guide Chinese Manual · Linux Website Construction and Maintenance Raiders · Redhat Linux 8.0 Installation Manual · Linux Environment Database Administrator Guide 0016 Linux Advanced Routing & Traffic Control Specially talking about Linux iProute2, about 100 pages, www.lartc.org Chinese version at: http://www.lartc.org/LARTC-EN_CN.GB2312.PDF 0017 Debian User highly recommended book (NETDC) Debian Reference (Debian Reference Manual) http://qref.sourceForge.net/ Simplified Chinese version of the PDF document. Http://qref.sourceforge.net/debian/reference/reference.zh-cn.pdf --------------------------Mysql Related Articles ---------------------------------------------------- Under the VAR / lib / mysql directory, the name of the database is named 2. If the source code is installed in / usr / local / mysql, you should be in / usr / local / mysql / var, named Database named directory name --------------------------------------------------- --------------- Please don't be impetuous http://www.chinaunix.net/forum/viewtopic.php?t=93113 Welcome to this article, please indicate from WWW. CHINAUNIX.NET, the website of this article is as follows: a. LinuxSir website http://www.linuxsir.com/bbs/showthread.php?s=&threadid=46279b. Shuimu Tsinghua Linuxapp version http://proxy.smth.edu. CN: 8000 / bbscon.php? Board = Linuxapp & id = 12810 & ftype = 9c. 9cbs http://expert.9cbs htt/expert/faq/faq_index.asp?id=175651d. dev-club http://www.dev- Club.com/club/bbs/showannounce.asp?page=1&id=2175595e. Network Practitioner Forum http://net-worker.vicp.net/luntan/dispbbs.asp?boardid=10&id=58888=1 ฆ f. Linux Eden http://www.linuxeden.com/edu/doctext.php?docid=3020g. Rain Life Technology Network http://www.guomin.net/index.php?showtopic=220http://www.guomin. Net / index.php? showtopic = 219 http://www.guomin.net/index.php? Showtopic = 218h. 聚贤庄 http://www.ncn.cn/linux/2003001.htmi. Aya hut http : //hylinux.3322.org/showArticle.php? Action = ShowArticle & ID = 2794J. Net sail information exchange station http://www.cniis.cn/bbs/dispbs.asp?boardid=33&id=3696&page=1 Finally, the editor is BJCHENXU ON 2004-03-08 09:03, the total 39th editor - ※ Modification: · Galoisx on March 21, 11:22:09, this article · [From: 210.45.72.111] ※ Source : · 海星 云 bbs.ustc.edu.cn · [from: 202.38.91.53] [Back to previous page] [This discussion area] V Jbhuang @ 01:06 PM published Linux | Edit | Message (0) | TRACKBACK (0) April 02, 2004 Continue literacy - basic usage of several commands inlinux The prompt is # indicates that the root permissions are required, and $ represents general user rights. 1. Two Methods of Lower Line Finding Files under Linux 1) Find $ FIND Path - Name Terfer to Find files - PRINT -XDEV parameters limit query operations in the current file system: $ FIND / MNT / DOS -NAME * .SYS -PRINT -XDEV 2) Locate Updatedb: # Updatedb $ locate to look for files 2. Using whatis and apropos command to get a command profile # MakeWhatis // Update Whats Database $ What W // View the function of the command W $ APROPOS Search / / What commands have a Search feature? Jbhuang @ 10:23 am published in Linux | Edit | Message (0) | TRACKBACK (0) March 23, 2004 What does "RC" AT THE END OF FILES LIKE .NEWSRC mean? http://www.faqs.org/faqs/Usenet/faq/part1/section-6.html It is related to the phrase "run commands." It is used for anyfile that contains startup information for a command. The use of "rc" in startup files derives from the / etc / rc command file usedto start multi-user UNIX. Kingpaul @ 03:25 PM Posted Linux | Edit | Message (0) | TRACKBACK (0) September 28, 2003 Several Southone for GTK found online GTK Getting Started: http://www.linuxforum.net/chinese/doc/gtk/gtk_tut.htmlgtk-doc-1.0: http://www.mamiyami.com/doc/blfs/gnome/gtk-doc.htmllinux The lower GTK graphical interface programming: http://www.ahetc.gov.cn/cit/200010/11.htmgtk programming: http://263.aka.org.cn/lex/lectures/002/lecture-2.1.9/ LeCTure-2.1.9 / gtk-prog.htmlgtk 1.2 Guide: http://www.china-pub.com/computers/emook/doc/download/chenxusheji/gtk 1.2tutorial.htm Google's search for GTK can search, there is time, look at it, it seems very fun. Kingpaul @ 03:51 PM published Linux | Edit | Message (0) | TRACKBACK (0)
