Page 2 of 2 FirstFirst 12
Results 16 to 30 of 30

Thread: Linux Guide

  1. #16
    Old, Cranky and Perverted Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,687
    CONTINUED

    A list of commonly used commands

    There are a lot of commands and programs in the shell, but chances are you'll never use many of them. Beyond that, each command has a number of switches and options that can be used to change its functionality. To find out what they are and how to use the command, follow the command with a -help or -? or precede the command with man. So if you wanted to find out what all of the options are for the command cdrecord you would type one of the following:

    man cdrecord

    cdrecord -help

    cdrecord -?

    Some programs and commands precede the help and ? switches with two dashes instead of one, so try both. If you're using the KDE desktop environment, you can also use the manual in the KDE Help section, which can be found in the K menu. Below is only a listing of the most commonly used CLI commands and what they do. Refer to this partial list only when you're looking for the right command for the right job - do not indiscriminately execute commands in this list, as you can easily harm the operating system by doing so. If you only know the first few letters of a command or directory, press the Tab key to complete their names for you.

    cd (changes directory)

    chgrp (changes the group permissions of file/folder)

    chroot (changes the root directory)

    chmod (changes file permissions)

    chown (changes the ownership of the file from one user to another)

    configure (makes configuration file for compiling from source)

    cp (command for copying files from one place to another)

    dmesg (displays kernel messages from startup)

    emacs (GNU text editor, installed by default on many distros)

    exit (exits Super User mode, can also close the terminal)

    free (current state of memory resources)

    fsck (file system checker; repair tool)

    grep (searches files for a given string)

    kill (changes running processes; default action closes processes)

    ls (lists all files in dir)

    less (types a text file on the screen)

    mount (mounts a disk or CD and associates it with a directory)

    netstat (displays network status)

    depmod (rebuilds kernel module tables)

    kerneld (manage kernel modules)

    rm (deletes files)

    df (list disk free space)

    fromdos (convert DOS files to Linux files)

    fdisk (partition utility)

    fsck (file system check)

    halt (alternative shutdown now command)

    hdparm (hard drive adjustment utility)

    insmod (install module)

    lsmod (list modules)

    lprm (removes print job from the print spool)

    ldconfig (reloads the system path)

    make (compiles a program using the configure settings)

    make install (installs necessary components into proper dirs)

    make mrproper (clears all kernel settings and configurations)

    make menuconfig (graphical menu for kernel configuration)

    mke2fs (EXT2 filesystem format)

    mke2fs -j (EXT3 filesystem format)

    mkreiserfs (ReiserFS filesystem format)

    mkisofs (creates an ISO image)

    mkxfs (XFS filesystem format)

    | more (when typed after a command, pauses terminal output after each screen)

    mkdosfs (make a FAT16 file system)

    modprobe (query module)

    mount (connects filesystems to current filesystem structure)

    mv (move)

    mkdir (make directory)

    nano (a simple text editor that some distros install by default)

    pico (text editor much like nano, installed by default on some distros)

    ps -aux (shows all processes)

    reboot (reboots the computer)

    rm (removes a file)

    rmdir (removes an empty directory)

    rmmod (removes module)

    swapon (sets swap partition)

    ssh (secure shell protocol; encrypted communication suite)

    shutdown (shuts down the computer)

    strace (trace system calls)

    su (superuser/root/admin mode)

    startx (launches X window system)

    telnet (unencrypted communication protocol)

    top (command line system monitor)

    xload (display system load info)

    xkill (ends a process)

    vi (a complex text editor that most distros have)

    whereis (finds files)

    who and rwho and fwhois (lists information for current users)

    A list of common configuration files and their uses

    Here's a list of the most common configuration files that you'll be working with in GNU/Linux. Their locations may vary slightly between distributions:

    /etc/fstab (defines file systems and mount points for drives)

    /etc/X11/xorg.conf (the X server configuration file)

    /etc/lilo.conf (if you use the LILO boot loader, this is your configuration file)

    /boot/grub/grub.conf (if you use the GRUB boot loader, this is your config file)

    /etc/make.conf (specifies switches and flags for compiling programs)

    /etc/inetd (configures things like finger, telnet, ftp, etc.)

    /etc/resolv.conf (configures the local domain name and your DNS server IPs for your ISP)

    /etc/hosts (sets the domain name and local host address for your system)

    /etc/syslog.conf (configures the system event logger)

    /etc/wvdial.conf (dialup ISP settings if you use dialup Internet access and if you are using wvdial to connect)

    ~/.bashrc (hidden file in home directory that lists conditions for each user's shell)

    Shell scripting

    A shell script is a text file with a list of CLI commands to be performed in order. If you're familiar with DOS, this is much like a batch file. Creating a shell script is easy; simply open a text editor and type in the commands that you want the script to execute, then save and exit the editor. Next, give it executable permissions by typing this in:

    chmod +x yourscriptname

    where yourscriptname is the name of your script. Alternately you can use this command (both do the same thing):

    chmod 755 yourscriptname

    There is, of course, much more to it than this, but shell scripting is not something that you have to learn. It is, however, something that you should be aware of because it's possible that you'll have to edit a shell script at some point in your GNU/Linux adventures.

  2. #17
    Old, Cranky and Perverted Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,687
    CONTINUED

    X.org: the gateway to the graphical interface

    The command line interface is very powerful in terms of what you can do through it, but most desktop users prefer a more graphical interface. To use a desktop environment or window manager like we mentioned above, you will first need to run an X Window System server. The one that was included with most GNU/Linux distributions is called X.org. This is a program that acts as a graphical shell that works on top of the command line interface.

    Usually you will not have to deal with X server configuration unless you use one of the more advanced distributions like Gentoo or Slackware. The rest of this section assumes that you're installing X.org from a package and need help to get it running, or to properly configure it for a new video card.

    Configuring X.org

    Before you can use the X server, you will have to properly configure X.org for your system. There are a few different methods for configuring X, but the most reliable method is by using a program called xorgconfig. Running this program is simple; as root, simply type in:

    xorgconfig

    This program is text-based and will ask you multiple-choice questions about your hardware, such as the type of mouse and keyboard you use.

    If you don't know what device node your mouse is on, just use the default for now.

    Choosing your monitor's refresh rate can be somewhat confusing, since most of us don't know exactly what the settings should be. On many modern monitors you can hit a setup button (usually on the front of the monitor) and it will tell you some or all of the refresh rates that you need to know. Your monitor's manual or the manufacturer's Web site may also reveal the refresh rates. If in doubt, choose 31.5-48.5 for the horizontal refresh and 50-70 for the vertical refresh and you should be safe.

    The video driver is tricky; the only ones included with X.org are generic drivers that don't allow for hardware acceleration. This isn't a problem if you aren't doing 3D rendering or don't need OpenGL for anything, but if you do then you'll need to get a different driver. For now just select a generic driver that fits your video card's description (nv for Nvidia cards, radeon for ATI Radeon cards, etc.). After the program is complete, try to start X as outlined below.

    Another way of configuring the X server is to let it guess the proper settings. These days it's usually pretty good at detecting your settings, so you may want to try this option before running xorgconfig, just to see if this method will work for you.

    The command is:

    Xorg -configure

    When it's done it will copy the new configuration file to /root/xorg.conf.new. You must copy this file to /etc/X11/xorg.conf in order for X.org to start properly.

    The X.org configuration file

    The settings that you just saved by running the xorgconfig program are stored in the xorg.conf file, which can be found in the /etc/X11/ directory. Remember: file names and directories are case-sensitive, so make sure you capitalize the right letters.

    If you need to see the log file, which contains startup information and errors that X.org encounters when it is launched, you can find it in /var/log/Xorg.0.log.

    The xorg.conf file is very easy to navigate and understand. If you can't start X, you can try changing some of the settings in this file or you can simply re-run the xorgconfig utility and choose different options than before. If your mouse does not work in X, or if it behaves erratically, you've specified the wrong device node for the mouse. If you're using a PS/2 mouse connected to the PS/2 port, try using this device node:

    /dev/mouse

    And if you're using a USB mouse, use this node:

    /dev/input/mice

    So, in your /etc/X11/xorg.conf file you'll want the Core Pointer section to look something like this:

    # *******************************************************************

    # Core Pointer's InputDevice section

    # *******************************************************************

    Section ``InputDevice''

    # Identifier and driver

    Identifier ``Mouse1''

    Driver ``mouse''

    Option ``Protocol'' ``ps/2''

    Option ``Device'' ``/dev/mouse''

    If you change the Device setting to /dev/input/mice and your USB mouse still doesn't work, you may have to change other settings. For more information on configuring a USB mouse, visit this address.

    If your mouse wheel does not work, there are two simple lines that you'll have to manually add to the /etc/X11/xorg.conf file in the Core Pointer section as outlined above:

    Option ``Buttons'' ``5''

    Option ``ZAxisMapping'' ``4 5''

    This sets the mouse's fourth and fifth buttons to scroll up and down (the mouse treats each wheel direction as a button). If you have a mouse with more buttons than usual, you may have to change the numbers:

    Option ``Buttons'' ``7''

    Option ``ZAxisMapping'' ``6 7''

    You can insert these lines anywhere after the Device line in the Core Pointer section. Please note lines that start with ``#'' are called commented lines, which means they won't be run by the program. So if the lines above are already in your xorg.conf file, you can uncomment them by removing the # and X.org will read them the next time it starts. You can also disable lines in the config file by putting a # before them.

    Starting X.org

    There are many ways to start the X Window System. The basic startup scripts that come standard with X are startx and xdm. All you need to do is type one of those commands in and press enter and the X server will start with the default window manager. If you have other window managers installed (such as Fluxbox or Blackbox), you'll want to run xinit instead. This script will start the X Window System without running the default window manager. It gives you a prompt where you'll type in the name of the window manager you want to run; so if you want to run Fluxbox for instance, you'd type in:

    xinit

    and then at the prompt, type:

    fluxbox

    If you're using KDE you can use a much nicer startup script by running the kdm command. GNOME has a similar script called gdm. Please refer to the help files in KDE or GNOME if you wish to customize these startup scripts.

    If X refuses to start, the usual suspects are the video and mouse settings.
    Last edited by rik; December 2nd, 2005 at 16:04 PM.

  3. #18
    Old, Cranky and Perverted Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,687
    CONTINUED

    Common 3D Cards

    If you need 3D hardware acceleration and have a video card capable of using the OpenGL rendering framework (any AGP card should be able to do OpenGL), you'll probably need special drivers. You need two: a Linux kernel driver and an X.org driver.

    Nvidia provides Linux drivers for their cards, and ATI provides Linux drivers. XGI also provides a Linux driver.

    If you're not using an ATI, Nvidia, or XGI card, you'll have to use the Direct Rendering Infrastructure (DRI). For instructions on DRI, visit their site at this address.

    Programs and software

    GNU/Linux is free software - free as in rights, not price. Most of the software you will encounter in the GNU/Linux world is also free software, or at least open source. There are, however, several proprietary or otherwise restricted software programs, plug-ins and components available for GNU/Linux. Whether you should use them or not is up to you. If you would like to understand more about the issue of software rights, the Free Software Foundation has

    There are two main websites that act as repositories for most of the world's Free Software projects. They are SourceForge and Freshmeat. If you're looking for new programs that were not included with your distribution, or if you just want to browse the software database, pay these sites a visit.

    Desktop Environments

    There are two primary desktop environments in the GNU/Linux world: the K Desktop Environment (KDE) and the GNU Network Object Model Environment (GNOME). Most people agree that KDE is somewhat like Microsoft Windows and GNOME is somewhat like Mac OS in terms of interface design and layout. Both environments support large numbers of excellent programs and contain essential graphical toolkits that lend their look and feel to desktop applications. These libraries are called Qt (in KDE), and GTK (for GNOME). Chances are, you'll need at least one of these graphics toolkits to install a program in the GNU/Linux world.

    Desktop environments are designed to be very easy to use. They include a menu system and a desktop space for storing icons and files, and generally have programs that can modify or adjust your hardware configuration. A desktop environment is a jack-of-all-trades, including most everything you'll need to operate your computer. If you're in an office or other production environment or if you're just starting out with GNU/Linux, we recommend using KDE or GNOME at first. There are other desktop managers such as CDE and Xfce that you may want to experiment with later. For a complete listing, check out this site.

    Window Mangers (wm)

    A window manager is a graphical skin for the X Window System that allows you to easily run and manage programs. For example, KDE is built on the Kwin (kwm) window manager while GNOME uses the Metacity window manager. With a window manager, you'll generally start programs from a command line window or from a basic built-in menu system - or both. Window managers do not intrinsically have a desktop to store icons or files on or a control panel or other configuration utility to modify your hardware options.

    So what are the advantages to a window manager? It's thinner (takes up less hard drive space), uses less resources, is more customizable and starts more quickly. On the other hand they are much more difficult to configure and not quite as intuitive as a desktop environment. Some popular window managers are Fluxbox, Blackbox, Enlightenment, WindowMaker, and IceWM.

    Window managers are generally more useful to experienced or advanced users, so it's probably a good idea to start with GNOME or KDE first, then once you become more accustomed to GNU/Linux, explore some window managers.

    ALSA and Sound Configuration

    ALSA stands for Advanced Linux Sound Architecture and it is the software that allows your sound card to communicate with your operating system. The 2.6 Linux kernel has integrated ALSA support for pretty much every kind of consumer-grade sound card and onboard sound chip on the market. You shouldn't have to go looking for a driver for your sound card. Rather than trying to install a new driver as a kernel module, it would be better to update your kernel. A newer Linux kernel should have the sound support that you need for a newer device.

    Some distributions install with the sound muted by default. This is easily solved by using a mixer utility to unmute the output channels. The mixer can be accessed in KDE and GNOME by clicking on the speaker icon in the lower right or upper right portion of your desktop.

    There's another sound driver called OSS, and it stands for Open Sound System. Despite its name, it is a company that makes proprietary sound drivers for Unix, GNU/Linux, BSD, and other such operating systems. Some of the more obscure OSS drivers are offered for free in the Linux kernel, but most of what OSS offers is neither free as in rights, nor free of charge. For special or unique sound devices like professional audio cards, OSS may be your only option.

    In addition to the sound driver, you also need a sound server to schedule and buffer sound output. In KDE you'll probably be using the Analog Real-Time Synthesizer (aRts). Other desktop environments use the Esound Daemon (ESD or EsounD). Sound servers are usually set up for you with a desktop environment.
    Last edited by rik; December 2nd, 2005 at 16:02 PM.

  4. #19
    Old, Cranky and Perverted Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,687
    CONTINUED

    Gzip and Tar

    There are many ways to compress and package a file or group of files. The most common method of packaging files in GNU/Linux is by using the tar utility. Tarred files (also referred to as tarballs) have a .tar extension and can be unpackaged with the following command:

    tar xvf filename.tar

    where filename.tar is the name of the tar file.

    Sometimes tarballs are also compressed. Usually the Gzip program is used to compress them, but sometimes it's Bzip or Bzip2. The commands for decompression are the same for all three compression utilities:

    gzip -d filename.gz

    bzip -d filename.bz

    bzip2 -d filename.bz2

    Gzip files have an extension of .gz, Bzip and Bzip2 are .bz and .bz2 respectively. So if you have a file called filename.tar.gz, you can unpack the files from this archive by typing the following commands in sequence:

    gzip -d filename.tar.gz

    tar xvf filename.tar

    When you uncompress a Gzipped file it will not leave the compressed file behind, so uncompressing filename.tar.gz leaves you only with filename.tar, not that plus the old filename.tar.gz. Tar, on the other hand, does not delete the .tar file when it unpacks files from it.

    Commonly Used GNU/Linux Programs

    Below is a partial listing of commonly used free and open source software along with a short description of each program's purpose:

    Abiword (relatively simple GTK-based word processor)

    OpenOffice.org (suite of office programs comparable to Microsoft Office)

    Novell Evolution (email and PIM much like Microsoft Outlook)

    XMMS (WinAmp clone, used for MP3s and other multimedia)

    Ogle (command line DVD player, also has a GUI add-on)

    cdrecord (part of the cdrtools package, cdrecord writes CDs from the command line; many different GUI clients are available for this utility)

    Mozilla (Web suite, including a browser, address book, IRC and email clients, and a Web page creation tool)

    Firefox (lightweight Web browser based on Mozilla code)

    Thunderbird (lightweight email client based on Mozilla Mail)

    The GIMP (an image manipulation and drawing program)

    gFTP (graphical FTP client)

    Bluefish (Web page editor, supports HTML, CSS, PHP and more)

    Nvu (Dreamweaver-like WYSIWYG Web site creation tool)

    NetSaint (system monitor)

    GAIM (instant messaging utility supporting many networks such as AOL's Instant Messenger)

    K3B (graphical CD/DVD burning utility)

    G-rip (CD ripping utility)

    Xine (media player)

    GNU Cash (accounting software similar to Intuit Quicken)

    Gnumeric (spreadsheet application)

    Wolfenstein: Enemy Territory (first-person shooter game)

    TuxRacer (racing game)

    Frozen Bubble (puzzle game)

    FreeCiv (strategy game)

    Dopewars (hilarious, offensive, and fun economic simulator)

    ZSNES (Super Nintendo emulator)

    SNES9X (Super Nintendo emulator)

    In addition to these, KDE and GNOME both come with a plethora of software such as Koffice, Kmail, Kmix and many others. Both desktop environments come with various card and puzzle games, office and desktop tools, and various applets and add-ons to enhance your productivity.

    How to Find New Software

    As mentioned above, SourceForge and Freshmeat are the two best sources for Free Software. Proprietary software can be found with a standard web search; simply include the word ``Linux'' in the search terms. For instance if you wanted to find alternative word processors for GNU/Linux, you might try typing this into Google:

    Linux word processors

    Or you can ask members of the community through message forums and email lists. For optimal results, don't ask what the ``best'' program is; ask what other people are actually using, why they like it, and if they'd suggest it for what you want to use it for.
    Last edited by rik; December 2nd, 2005 at 15:59 PM.

  5. #20
    Old, Cranky and Perverted Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,687
    CONTINUED

    Installing Software

    The method for installing new software depends on the distribution you're using and how it manages software packages. We've already listed the two main package management systems: DEB and RPM. Now we're going to talk about how to use them.

    Every desktop distribution has a package manager. Some will give you an interface to install new software from the Internet, others will only show you the software that you already have installed on the system and give you the option to remove some of it.

    When you need to update your software, some distributions will handle this function through the package manager. Others have a separate utility to retrieve and install software updates. You should make an effort to find out how to keep your system up to date.

    Installing Software from Source Code

    Regardless of which distro or package management system you're using, you can always add a program by downloading the source code and compiling it manually.

    Some in the Linux community feel that programs built from source code, as opposed to being installed from a pre-compiled package, may provide a little extra performance on top of the greater customizability. However, compiling a program from source can take a long time - hours or days, depending on the speed of your system - it's hard to keep track of installed programs, and there is no automatic feature for downloading the program's dependencies. In other words, you should avoid doing this unless there is no alternative.

    To install a program from source:

    1. Log in as root or use the su command to change to superuser mode.
    2. Download the files. Usually they are Gzipped tarballs (.tar.gz).
    3. Extract the tarball and untar the package as explained above.
    4. Change to the directory that the tarball created when you untarred it.
    5. Type ./configure and hit enter (this step will fail if you're missing a dependency).
    6. Type make depend and press enter (some programs do not require this step).
    7. Type make and press enter.
    8. Type make install clean and press enter.
    9. You're done! If there were no errors or missing dependencies, the program is now installed.

    You may have to restart the computer in order to use the program outside of its installed directory. You can delete the directory that the tarball created - you don't need it anymore. If you ran into a dependency problem, you'll have to download the dependent program or library and install it before you can continue.

    Some programs have install scripts. Generally they end with a .sh extension, and you would run them by typing ./ and the name plus the extension. The ./ tells the operating system that you're running a command from the directory you're currently in; if you don't tell it where you're running the command from, it will search the system's default paths for the command you typed. So if the install script is called install.sh, you would type this:

    ./install.sh

    If you get an error saying ``permission denied'' and you're logged in as root, you may have to change the permissions of the script to allow you to execute it. To do that, type this:

    chmod +x install.sh

    and then run the install.sh command as shown above.

    Text editors

    GNU/Linux distributions come with a variety of text editors, both graphical and command line-based. Eventually you will find yourself in a situation where you will need to use a text editor from the command line, so here are some common editors along with a quick primer on using them.

    All text editors share two common qualities: they will open a file if you type its path and name in after the program name, and they will reserve changing the file until you tell it to. Let's use your /etc/shells configuration file as an example of how to open a file from the command line using the Nano editor:

    nano /etc/shells

    or if you're already in the /etc directory, you can forgo the path:

    nano ./shells

    Once in the editor, none of your changes will be applied until you save the file. If you try to quit before you've saved the file, the editor will usually ask you if you want to save it first.

    In GNU/Linux, you can sometimes find simple command line text editors like Pico and its GNU brother Nano.

    Pico is an acronym for the PIne COmposer - Pine being a command-line email client that is sometimes installed by default in GNU/Linux distributions. If you have Pine, you have Pico. Pico and Nano share most of their commands, and are pretty easy to use:

    * To save a file, press Ctrl-o
    * To quit, press Ctrl-x
    * To perform a simple search, press Ctrl-w and type in the search string

    You do not have to do anything to start editing text once the program is open - just start typing as you would in a word processor. If a line is too long for your terminal window, it will have a $ at the end of the line and you'll have to use the arrow keys to scroll over to the latter portion of the line. You can also move down to the line below the extended line and hit the left arrow, which will bring you to the last character in the previous line.

    You'll probably notice that the most important commands are listed in a bar at the bottom of the terminal screen, so if you forget what command does what, you can glance down and find out.

    FreeBSD has a simple editor called ee in the base system, and it's extremely easy to use. Just press the Escape key and a menu will pop up offering you various file functions. To get rid of the menu, hit the Esc key again. As with Nano and Pico, you just start typing once the program is open.

    To start Nano, Pico, or ee, just type its name in lowercase letters at the command line and press Enter.

    The vi editor is practically universal, especially in the Unix and BSD worlds. Many operating systems package either vi or an enhanced edition of vi - usually Vim - with their base system. vi is much more difficult to learn and use than Pico, Nano, or ee, but it is able to do more. Many people use vi as a tool for writing and editing programs and Web pages and composing email as well as everyday editing.

    Unlike the easier editors, vi won't let you start typing right away. Here are the commands you need to know to use vi and Vim for quick editing jobs:

    * Press i to enter "insert mode," which allows you to type and erase text
    * Press Escape to exit "insert mode"
    * Press colon and then type w and press Enter to save a file, as in:

    :w

    * Press the d key twice to delete a line
    * Press the / key and then enter a search string to perform a search
    * Press the o key to skip to the next line, insert a line break, and enter "insert mode"
    * Type in :q and press enter to quit
    * To save and then quit, type :wq and press Enter
    * To quit without saving, type :q! and press Enter

    Remember to exit insert mode before you try to execute other commands.

    Emacs is a similarly archaic editor, but its command execution structure is totally different. Instead of typing letters or prefacing a command with a colon, Emacs works with key combinations. Once you open a file you can just start typing and editing, so it's a little bit easier to use if you're not used to complex text editors. Here are the pertinent commands:

    * Press Ctrl-x and then Ctrl-s to save a file
    * Press Ctrl-x and then Ctrl-c to quit
    * Press Ctrl-s and then type in a search string to perform a search

    Vim, vi, and Emacs are all started from the command line by typing their name in lowercase letters and pressing Enter. If lines are too long for the screen, Emacs will put a \ at the end of the line and continue it below the line. vi will not mark the end of the too-long line, but will continue it below that line.
    Last edited by rik; December 2nd, 2005 at 15:55 PM.

  6. #21
    Old, Cranky and Perverted Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,687
    CONTINUED

    Useful Websites

    Aside from the many sites already mentioned in this document, there are a few more that you may find helpful:

    Linux.com (a news source for Linux-related subjects)

    RPMFind.net (very helpful in finding RPM packages)

    Kernel.org (a source of information on GNU/Linux)

    LinuxHardware.org (a good source of GNU/Linux-oriented hardware reviews)


    Appendix A: Working with Linux File Permissions

    One reason why GNU/Linux is more secure than Windows is the concept of file permissions. File permissions allow GNU/Linux systems to operate as truly multiuser with security considerations for each and every user. The structure for the basic levels of file permissions segregate a file or folder's access by the following tiers:

    * USER (u) the user that owns the file or directory
    * GROUP (g) the public or private group the file or directory belongs to
    * OTHERS (o) users not included in the first two levels

    Each of these levels can in turn be given three permissions:

    * READ (r) allowed to be viewed
    * WRITE (w) allowed to be modified
    * EXECUTE (x) allowed to be run if file is a binary or executable

    So how do all of these labels come together? Linux and most Unix-like operating systems use a fairly ingenious and relatively intuitive system of file permissions that bring all these ideas into a cohesive security policy. Each and every file in a Linux system has file attributes that can be seen using most file managers and file listing commands. To show file permissions from the command line, use the -l (lowercase L) switch with the ls command:

    ls -l

    For example, say root (superuser) wants to keep a file unreadable and unwritable by all other users. Let us call this file something fairly ubiquitous such as ``secrets'' and we'll put it in the /etc directory.

    /etc/secrets

    Often, the attributes for a file like this may start out as:

    -rwxr-r-

    Let us spread the above collection of letters and dashes so as to be easier to discuss: - , r , w , x , r , - , - , r , - , -

    These ten digits (including the dashes) actually give quite a bit of useful information. The first digit can quickly tell you whether the object in question is a file (-) or a directory (d). The next three digits define user/owner read, write, and executable status, in that order. The the next three define group read, write, and executable status and the last three digits to the same for defining others. So, for the above example the object /etc/secrets is a file, not a directory. The user has read, write, and executable permission over the file. The group and others levels only have the ability to read the file but can neither write nor execute it. If root wanted to be the only one to be able to read the /etc/secrets file, then root would have to find a way to disable the read permissions currently given to group and others. This can be done using the chmod command. This command uses letters and + and - signs as switches. In the following example we will disable reads for both group and others:

    chmod g-r secrets

    chmod o-r secrets

    Instead of letters, you can also use numbers. A read permission is 4, a write permission is 2, and an execute permission is 1. A three digit number can define what permissions a file or directory has. A 777 indicates full permissions for user, group, and others. A 666 allows user, group, and others read and write permissions but not the ability to execute. So the same changes to group and others for the /etc/secrets file can be done in one quick step:

    chmod 700 secrets

    For maximum security, it is advisable to maintain conservative file permissions when in doubt.
    Last edited by rik; December 2nd, 2005 at 15:53 PM.

  7. #22
    Old, Cranky and Perverted Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,687
    CONTINUED

    Appendix B: changing the Linux kernel

    Most users will never have to mess with their kernel configuration. If you're curious about the Linux kernel and want to learn more about it, or if you need to make custom changes to the kernel for some reason, there are a few basic things you need to know.

    First of all, your kernel source code is usually located in the /usr/src directory, although some distributions don't install the kernel source by default. If that's the case, you'll have to visit the distribution's Web site to get the kernel source. Alternatively you can visit kernel.org to get the source code for the Vanilla kernel. Some distributions depend on their own custom kernel modifications, so it's best to try to get the source code from your distribution's Web site rather than use the Vanilla kernel. Having the source code on your computer allows you to make the changes you want in the kernel and then rebuild it (compile it) into your operating system.

    Editing and Compiling the Kernel

    Once you've obtained kernel source code, unzip and untar the directory into /usr/src. The directory that is untarred should have a name like linux-2.6.11-r6 or something similar. Next, create a symbolic link from that directory to /usr/src/linux as in this example:

    ln -sf /usr/src/linux-2.6.11-r6 /usr/src/linux

    You can cd to /usr/src/linux or to the longer directory name. Either way, you'll end up in the same place - the symlink automatically brings you to the directory it is linked with.

    Having already entered the /linux directory, to enter the kernel configuration menu, type in the following command and press enter:

    make menuconfig

    A graphical menu will come up with all of the options for the kernel. Use the arrow keys, space bar, and esc key to navigate it. Most commercial distributions have fairly large kernels with most (or all) of the options already selected and installed (or built as external kernel modules which are loaded when needed). This is good because it can accommodate almost any hardware you throw at it; on the other hand, more kernel options means a longer boot time and a larger kernel. If a fast boot time isn't terribly important to you, then you should leave everything alone. If you know what hardware you have and are going to use, you can experiment with disabling some of the kernel options. If you're going to be installing a new kernel from scratch, you have to take an extra step before you go into the kernel menu:

    make mrproper

    This command will reset your kernel options to their defaults and clean out old files from important directories. Now type in the menuconfig command as listed above, and you'll go into the kernel menu.

    If you want to switch from the older 2.4 kernel to the 2.6 kernel series, there are many more steps to take. There is an excellent resource for performing this migration at this address.

    There are two ways of installing an option in the kernel: you can build it as a module (denoted by an [M] to the left of the option) or build it directly into the kernel (denoted by a[*] to the left of the option). There are some options that must be built into the kernel, like support for some kinds of file systems, but for the most part you have a choice as to how you would like to build the kernel. Some experts recommend installing most things as modules because it's easier to update or remove them if necessary. If you build something into the kernel, you cannot remove it without rebuilding the kernel and rebooting the system. We recommend building everything into the kernel at first; the possible exceptions are your video and sound drivers, which you may have to obtain patches or modules for anyway. Once you become more experienced with using the Linux kernel you might find that building most options as external modules will be better suited for your situation. When you're done configuring the kernel it might be a good idea to save the configuration in case you need to build the kernel again in the future. The last option in the kernel menu is the option to save the configuration to a file. Type in a location and a name like /usr/src/backup and hit enter. This saves the configuration as a file called ``backup'' in the /usr/src/ directory. Exit the kernel menu (you'll be asked if you want to save the kernel configuration before you exit; the answer is yes) and usually you'll be told what to type in from there. The command is:

    make all && make install && make modules_install

    The ``&SPMamp;'' allows you to stack commands in one line. After the first command is executed, the second will immediately follow, and so on down the line. If you prefer, you can run the above commands separately rather than having them execute automatically.

    By running these commands, the kernel will be built and all of the modules (if there are any) will be installed to the proper directories. Depending on the speed of your computer and how large you've made the kernel, the compile time can be anywhere from a few minutes to more than an hour.

    The kernel image is automatically copied to your /boot directory upon successful compilation. If you're using the GRUB boot loader, you may have to add a menu entry for the new kernel in your /boot/grub/grub.conf configuration file, but this depends on how you have GRUB configured. If you have it configured to boot /boot/bzImage or /boot/vmlinuz or /boot/vmlinux, you won't have to change anything. If you have it set to boot specific versions of the kernel, you'll have to add your own line to grub.conf.

    If you're using LILO for your boot loader, you'll need to run this command:

    /sbin/lilo

    This re-initializes LILO for the new kernel.

    When your boot loader is reconfigured, go ahead and restart the system. To safely reboot from the command line, type this in and press enter:

    reboot -n

    When the system boots up again, you'll be using your new kernel.
    Last edited by rik; December 2nd, 2005 at 15:52 PM.

  8. #23
    Old, Cranky and Perverted Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,687
    CONTINUED

    Finding Modules for Your Hardware

    This section can be somewhat intimidating because it deals with special-case situations in which you'll have to go chasing down a driver. This process isn't that much different than it is in Windows, and in most cases the kernel will already have the drivers you need and you won't have to deal with this.

    Sometimes it's not as simple as just selecting a kernel option; sometimes you need a module for hardware that isn't listed. All is not lost; you simply must find the proper module and install it.

    First you'll have to identify your hardware. Who makes it? What model is it? In most cases this information is fairly easy to obtain, especially with PCI or AGP cards. If you can't determine the make and model of your peripheral cards by looking through the manuals and documentation that came with your computer, or by looking on the computer manufacturer's Web site, then run this command:

    lspci -v

    A list of peripheral devices attached to your computer will be printed out. Look for a line that begins with ``VGA compatible display controller.'' In that group of information you'll find the name of the graphics chip manufacturer. Once you know who it is, search Google for that manufacturer's Web address and see if they have Linux drivers. These days most desktop hardware manufacturers have a Linux driver available.

    Installing Modules

    Once you have downloaded your driver or drivers, you have to install them. There are three basic commands that you need to know in order to deal with kernel modules: lsmod, insmod, and modprobe. lsmod lists all of the currently installed modules; insmod will install a module; and modprobe, which is like insmod only more powerful. In all likelihood the only command you'll need to use is modprobe. When you've downloaded and unzipped the driver module, simply switch to the directory you unzipped it to and type in:

    modprobe modulename

    In this example, modulename is the name of the module I want to install. You may also have to provide a path before the module name. Here's a real-world example of the command you would need to install the Nvidia driver after it has been downloaded and compiled:

    modprobe nvidia

    Once you have verified that the module works as expected, the next step is to get the system to load the module at startup. While it's possible to modprobe the module every time you boot the system, it's easier to add the name of the module to the /etc/modules.autoload configuration file. The name and location of this config file can vary somewhat between distributions, but it will always be in the /etc directory or a subdirectory therein.

    To modify it, use the su command to get root permissions, then use a text editor to edit the /etc/modules.autoload file. Simply type in the name of the module on a blank line. There is no limit to the number of modules you can put in, but they must all be on separate lines.


    The Linux Learner's Guide

    Copyright 2003-2005, Jem Matzan, Jawad Niazi, Michelle West

    Last edited: May 1, 2005 by Jem Matzan


    *Published with the Authors permission*

  9. #24
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,961

    10 Things You Should Do To Prepare A New Linux Installation:

    No matter which Linux distribution you choose, there are at least 10 things you do to properly prepare the operating system for day-to-day operation.

    Editor's note: As part of a recent IT Soapboxblog post I asked Linux users and evangelists in the TechRepublic community to step up to the plate and take a crack at producing some informative articles and downloads on the Linux operating system. This document is just one of the submissions inspired by that challenge. Just click the Linux challenge tag to track other published submissions stemming from this grass roots project.
    1. Install latest patches

    There are over 200 different Linux distributions and you will need the patches that are specific to your distribution. Search for needed patches on the web site of your distribution maintainer (example: Debian; Redhat; Lindows, etc.). Other sources for updated software are Freshmeat; Ibiblio; and Linuxberg. Some systems use package managers, such as rpm (Red Hat Package Manager) or deb (Debian Package Manager), while others will require a little more effort. These links should provide access to updated software as well as pretty clear instructions for installation. Be sure to read the documentation since there may be dependencies that will need to be satisfied to ensure a smooth update.
    2. Create and configure user accounts

    Even if you are the sole user of your system, you still need to create a user account for normal usage. The Root, or super user, account should only be used when absolutely necessary. This improves system security and reduces the possibility of accidentally corrupting portions of the system that would render it unstable.

    Most Linux distributions come with an Admin tool that can be used to create and configure user accounts. This is the best way to proceed since it will lower the possibility of typographical or other errors that could cause problems. If you will have multiple users, creation can be simplified by first configuring the Default User.

    You should require that all users have secure passwords, at least eight characters long, with multiple types of characters. Do not use words as part of the password since this just makes it easier for potential hackers. Enable shadow passwords so the passwords will not be stored on the system in clear text. Any daemon or service account that does not require shell access should be modified by using the chsh command to change its shell assignment to /bin/false. This will prevent hackers from using default system accounts to login to the machine.

    You should also ensure that no accounts other than Root have a user ID of zero and you should prevent remote login access without passwords by not allowing .rhost or /etc/host.equiv files.
    3. Secure Root access

    Securing Root, also known as Super User, is the single most important action you must take to secure your system. After ensuring you have another user account you can use to login to the system, it is good to disable Root login capability. Thus, you would login with standard user access and, when you needed the administrative capability of Root it would be accessed temporarily with the su command. Direct login by Root can be prevented in most distributions by editing the file /etc/security so there is a hash (#) at the beginning of each line. As part of this step you should:

    * Ensure the telnet server package is not installed so telnet access is unavailable.
    * Prevent SSH login by editing the file /etc/ssh/sshd_config. For example, in Red Hat you would change the DenyUsers line to read DenyUsers root.
    * Limit Root's search path to only those directories needed for administrative tasks. Check Root’s .cshrc, .login, and .profile files to ensure the current directory (.) is not part of the search path.
    * Ensure protection for files created by Root. Set Root’s umask to 077 (read, write, and execute permissions only for Root) or 022 (other users can read and execute but not change).

    4. Secure physical access

    Go into Setup, set a BIOS password and configure your system to boot from the hard drive only. This will prevent an attacker with physical access from simply loading a bootable disk, recycling power on the system, and gaining root access quite easily. Of course they could still accomplish the same thing by clearing the CMOS, but this does make it less likely.
    5. Remove and/or disable unnecessary system services

    The command ls –l /etc/rc.d/rc3.d/S* or ls –l /etc/rc.d/rc5.d/S* for graphics mode will show startup scripts. You can then verify only necessary services are running and use chkconfig to stop a service from loading at startup. An example command would be:
    /sbin/chkconfig –levels 2345 <service_name> off

    Where <service_name> is the service which should not run and 2345 refers to the run-levels where the command will apply.

    Some distributions will need to have services removed from/etc/xinetdor /etc/xinetd.conf. The service listed in /etc/xinetd.confcan be disabled simply by placing a hash mark (#) at the beginning of the line that loads it.
    6. Control network access

    Most distributions automatically include TCP wrappers which may be used to control services based on IP addresses and host names. Edit /etc/hosts.allow to read ALL: LOCAL to permit local logins and edit /etc/hosts.deny to read ALL: ALL to deny remote connections. Specific ports may be listed if you need to allow some remote connections.

    IPTABLES regulate the ports from which packets will be allowed to access your system. Some distributions, including RedHat, automatically configure this based on which system services are specified as required during system installation. Please consult the documentation for your particular distribution to ensure this important "firewall" is enabled.

    If you must have FTP enabled, make sure it’s as secure as possible. Reference CERT Tech Tips for instructions on FTP configuration.
    7. Configure auditing and system logs

    Log files can be your most important tool in resolving any difficulties that arise. Syslog is the daemon that controls the Linux log files and its configuration is controlled by /etc/syslog.conf. All log files should be owned by Root.

    There is a new generation logging daemon that allows greater sorting capability, thereby making management easier. Review its capabilities at FreshmeatSyslog-ng

    Logwatch or Swatch are well-known, tested and tried utilities for automatically monitoring log files and alerting you to possible problems.
    8. Configure file security

    Only Root should have access to CRON. Otherwise, anyone gaining access to the system could schedule a damaging process to run at any time. Root should be the owner and group for /etc/fstab, /etc/passwd, /etc/group, /etc/shadow. Verify the permissions for these files are 644, except for /etc/shadow, which should be 400.
    9. Prepare for disaster recovery

    Create a boot disk for your newly configured system. Most distributions include the utility Mkbootdisk which makes this a simple endeavor.

    You should plan to backup important data on a regular basis. To create a tarball of a specific list of directories, issue the command:
    tar -cvf archive-name.tar dir1 dir2 dir3...

    Where archive_name.tar is the name of the tarball you are creating and dir1, dir2, etc. are the directories being copied to it.

    Suggestions for more comprehensive backups may be found at this "HowTo" and serious fault tolerance can be provided by creating a system image of your ideal load.
    10. Plan for system maintenance

    Get yourself added to some mailing lists that will notify you of updates for your Linux distribution. Distribution maintainers usually have a mailing list for notifying users when a new stable distribution or important patches have been released.
    The Tech Republic

  10. #25
    Old, Cranky and Perverted Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,687

    The Linux Documentation Project HOWTO-INDEX

    Good info here...

    This document contains an index to the Linux HOWTOs as well as other information about the HOWTO project.

    http://howtos.linux.com/howtos/HOWTO-INDEX/index.shtml

    http://www.tldp.org/

  11. #26
    Member Devil's Avatar
    Join Date
    Oct 2005
    Location
    Arecibo, Puerto Rico
    Posts
    55
    Wow great, already bookmarked it!

  12. #27
    Bronze Member carloc's Avatar
    Join Date
    Sep 2004
    Location
    Italy
    Posts
    166

    Shell TIP: the "alias" command

    For shell lovers only

    With the keyword "alias", a shell built-in command, you can create a new (shorter) name for executing another (long) command.

    alias NEW_SHORT_NAME OLD_LONG_COMMAND

    Example:
    Code:
    alias rar "/usr/local/rar/rar"
    alias jfig2 "java -jar /usr/local/JavaApp/jfig2.jar"
    You can store your preferred alias in an hiddend file, named .alias that should be stored in you home directory ~

    Here below some useful alias command:
    Code:
    alias cp "cp -i"
    alias mv "mv -i"
    alias rm "rm -i"
    alias ll "ls -lgaF"
    alias lt "ls -lgaFt"
    alias l  "ls -lFGhX"
    alias jj "ps auxwwww | grep "
    alias h  "history"
    alias pack "tar xvzf"
    alias unpack "tar cfvz"
    #run X in 8 bit mode
    alias startx8bit "startx -- -depth 8"
    #run another X session
    alias startxGhost "startx -- :1"
    NOTE: I usually work with tcsh instead of the bash, which is the default linux shell, so if you use bash you may find some minor differences.

  13. #28
    Bronze Member carloc's Avatar
    Join Date
    Sep 2004
    Location
    Italy
    Posts
    166

    Shell TIP: configuration

    In your ~ home path you can find a file named .cshrc (for csh or tcsh) or .bashrc (for bash) which stores your personal settings.

    For tcsh I usually use these settings:
    Code:
    umask 022
    set autolist
    limit coredumpsize 0
    source ~/.alias # load my alias (see previous topic)
    set prompt = "\n[%h] %T %U%n@%m%u ($OSTYPE) %~/  \n$ "

  14. #29
    Bronze Member bionicblond's Avatar
    Join Date
    Mar 2006
    Location
    South Texas
    Posts
    155
    wow, this is a lot of information and yet I'm sure that I have seen some of it before.....oh well, practice makes perfect. Thank you and all that compiled the information here as it is in layman's terms.
    Knowledge indeed is power;
    Wisdom is knowing whether or not to act on Knowledge.

    Speech is
    silver,but silence is golden.....
    Blondie

  15. #30
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,415
    If you run windows and would like to try Ubuntu the easiest way probably is using wubi
    http://wubi-installer.org/
    Wubi even downloads Ubuntu automatically. It does not need to partition the harddrive, instead it created a virtual disc file where Ubuntu will run from, and this makes it really ideal for dual boot. It certainly can make the move to linux a lot easier.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •