Sunday, December 31, 2006

LVM Basics

Dependencies needed:
Kernel module (version 2.6.9+):
Device Drivers > Multi-device support (RAID and LVM) > Device Mapper Support (CONFIG_BLK_DEV_DM)
Associated kernel module:


lvm2 - lvm tools

Show LVM version:
lvm version

Create the physical disks:

pvcreate /dev/hda
pvcreate /dev/hdb
pvcreate /dev/hdc1
pvcreate /dev/hdc2

Show allocated Physical volumes:
lvm pvs

Setup a volume group:
vgcreate vg_name /dev/hda /dev/hdb /dev/hdc1 /dev/hdc2

Display a volume group:
lvm vgs

Display a logical volume:
lvm lvs

Create Logical Volume:
Sets the size to 1GB
lvcreate -L1G -n lv_name vg_name

Activate/deactivate a volume group:
vgchange -a y vg_name #Activates: needed after each reboot!!
# This makes it show up as an entry in /dev/
vgchange -a n vg_name #Deactivates

Create the file system (choose one):
mk2fs /dev/vg_name/lv_name # create ext2 fs
mkfs.ext3 /dev/VolGroupBAK/lv_BAK # create ext2 fs
mkfs.ext3 /dev/VolGroupBAK/lv_BAK # create ext3 fs
mkreiserfs /dev/VolGroupBAK/lv_BAK # create reiserfs (reiserfs utils needed)
mkfs.xfs /dev/VolGroupBAK/lv_BAK # create xfs (xfsprogs package needed)
jfs_mkfs /dev/VolGroupBAK/lv_BAK # create jfs (jfsutils package needed)

Mount the File System:
mount /dev/vg_name/lv_name /mnt/point

Add disks to volume groups:
Create the new physical volumes
pvcreate /dev/hdd1
pvcreate /dev/hdd2

Add physical volumes to volume group
vgextend vg_name /dev/hdd1
vgextend vg_name /dev/hdd2

Unmount logical volume to extend
unmount /dev/vg_name/lv_name

Grow lv by 1GB
lvextend -L+1G /dev/vg_name/lv_name

Resize the underlying filesystem to fit (choose one)
resize2fs /dev/vg_name/lv_name # grow ext2/3 to match
resize_reiserfs -f /dev/vg_name/lv_name # grow reiserfs online
resize_reiserfs /dev/vg_name/lv_name # grow reiserfs offline

xfs_growfs /mount_pt # grow xfs online (must be mounted to resize)
mount -o remount,resize /home # grow jfs online (must be mounted)

Remount logical volume
mount /dev/vg_name/lv_name # remount if unmounted

Remove a Logical Volume:
unmount /dev/vg_name/lv_name # unmount any mounted lv
lvremove /dev/vg_name/lv_name # remove any lv

Remove a volume Group:
All logical volumes in group must be removed first.
vgchange -a n vg_name # deactivate vg
vgremove vg_name # removes vg

httpd.conf Activate User Webspace

Load the User Directory module:
LoadModule userdir_module modules/

Add the following lines to activate user dirs:
<IfModule mod_userdir.c>
UserDir public_html #typical dir convention is public_html

Set directory specific options (optional):
<Directory /export/home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Order allow,deny
Allow from all
Order deny, allow
Deny from all

Several Available Options:
All: all options except multiviews (default)
ExecCGI: Execution of CGI scripts is permitted
Indexes: if no DirectoryIndex (index.html) present in dir, display formated list
SymLinksIfOwnerMatch: follow sym links only if source and target owner match

Several Available AllowOverride directive settings:
This directive allows the use of .htaccess files to override
All: all options are allowed in .htaccess
AuthConfig: allow use of AuthName, AuthType, AuthUserFile, AuthGroupFile, Require, etc.
Indexes: allow use of DirectoryIndex and more
Limit: allow use of Allow, Deny and Order
Options: allow use of specific option settings (above)

httpd.conf Basic Authentication.

Add these lines to a given directory section or .htaccess file:
AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /etc/httpd/passwords
Require user admin1 admin2

Execute these commands to create / add users:
htpasswd -c /etc/httpd/passwords admin1 #create
htpasswd /etc/httpd/passwords rbowen admin2 #add

To use a .htaccess file, the following is needed in a directory section:
AccessFileName .htaccess # ID .htaccess as override file (default)
AllowOverride AuthConfig # allows .htaccess to override authorization

Thursday, December 28, 2006

Job Control

View the currently running jobs:

Place running foreground process into background:

ctl-z #puts the job to sleep
bg %1

Bring a background job into the foreground:
fg %1

Kill a job:
kill %1
kill %1 -9

Find the PID of all jobs
jobs -p
jobs -pl

Bring a nohuped process to the foreground
# note: I think you can only do this from the same terminal session.
# It doesn't look like it is possible to nohup a process, close a terminal
# and then bring the process back to the foreground again. Use screen instead.

# If you do not close your terminal session and if you do something like
nohup sleep 100 &
# and want to bring this to the foreground
# find the process ID using
jobs -p
ps -ef
# then supply the PID as the argument to the fg command
fg 14389420

Wednesday, December 27, 2006

Mencoder Usage

Listing available codecs:
mencoder -ovc help
mencoder -oac help

Basic encode syntax:
mencoder movie.wmv -o movie.avi -ovc lavc -oac lavc (mpeg4 default)
# -o = output file
# -ovc = output video codec
# -oac = output audio codec

One-pass FFmpeg (lavc) encoding:
mencoder file.avi -ovc lavc -oac lavc --ffourcc DX50 -o output.avi
mencoder file.avi -ovc lavc -oac lavc -lavaopts acodec=mp3 -o movie.avi

Tuesday, December 26, 2006

OpenSSL Usage

List available Ciphers:
openssl ciphers -v
openssl ciphers -v tls1 #only TLS 1 ciphers
openssl ciphers -v tls1.2 #only TLS 1.2 ciphers
openssl list-cypher-commands
openssl ciphers -v 'HIGH' #only good ciphers

Test OpenSSL Speed:
openssl speed
openssl speed rsa #test only rsa

Generate self-signed cert:
openssl req \
-x509 -nodes -days 365 \
-newkey rsa:1024 -keyout mycert.pem -out mycert.pem
openssl req \
-x509 -nodes -days 365 \
-subj '/C=US/ST=Oregon/L=Portland/' \
-newkey rsa:1024 -keyout mycert.pem -out mycert.pem

MD5 or SHA1 digest of file:
openssl dgst -md5 filename
openssl dgst -sha1 filename

Base64 encode / decode a file:
openssl enc -base64 -in infile.txt #encode to stdout
openssl enc -base64 -in infile.txt -out outfile.txt #encode to a file
echo "encode me" | openssl enc -base64 #encode through a pipe
echo "Zw5jb2RlIGllCg==" | openssl enc -base64 -d #decode through a pipe

Encrypt a file using 256-bit AES in CBC mode
openssl enc -aes-256-cbc -salt -in file.txt -out file.enc
openssl enc -aes-256-cbc -salt -in file.txt \
-out file.enc -pass pass:password
openssl enc -aes-256-cbc -salt -in file.txt \
-out file.enc -pass file:/path/to/passwd.txt
openssl enc -aes-256-cbc -a -salt -in file.txt -out file.enc #base64 for email

Decrypt binary / base64 AES CBC file
openssl enc -d -aes-256-cbc -in file.enc
openssl enc -d -aes-256-cbc -a -in file.enc  # decode with base64

Encrypt a file using Triple DES with base64 "ASCII Armor"
openssl enc -e -a -salt -des3 -in file.txt -out file.des3

Decrypt a file encoded with Triple DES and base64 encoded
openssl enc -d -a -in file.des3 -out file.txt

Encrypt a file using Blowfish and base64 encode
openssl enc -e -a -salt -bf -in file.txt -out file.blowfish

Decrypt a file encoded with Blowfish and base64 encoded
openssl enc -d -a -bf -in file.blowfish -out file.txt

Generate an RSA key:
openssl genrsa
openssl genrsa -out mykep.pem 1024
openssl genrsa -des3 -out mykey.pem 1024

Generate a public RSA key:
openssl rsa -in mykey.pem -pubout

Generate a DES key:
openssl dsaparam -noout -out dsakey.pem -genkey 1024

Generate a shadow-style password hash:
openssl passwd -1 MySecret
openssl passwd -1 -salt sXiKzkus MySecret #specific salt

Test for prime number:
openssl prime 11905475924560753

Generate random number:
openssl rand -base64 128 #128 random base64 bits
openssl rand -out random_data.bin 1024 #1024 random binary bits
head -c 32 /dev/urandom | openssl enc -base64 #better entropy

Create an SSL certificate:
openssl genrsa -des3 -out server.key 1024            # create keys
openssl req -new -key server.key -out server.csr   # create cert request

cp server.key                                  # remove passphrase
openssl rsa -in -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt  # create cert

Decode an SSL Cert:
openssl x509 -in certificate.crt -text -noout

Encrypt from STDIN to STDOUT with a simple AES password
echo "Plain Text" | openssl enc -aes-256-cbc -a

Decrypt from STDIN to STDOUT with a simple AES password 
echo "Cyphertext from above" | openssl enc -aes-256-cbc -d -a


To create ssh keys:
ssh-keygen -t dsa -d 2048
Optionally leave the passphrase blank
This will create a ~/.ssh/id_dsa and ~/.ssh/ file.

Check for validity
ssh-keygen -l -f ~/.ssh/

Copy the key to the remote server:
cat ~/.ssh/id_dsa ssh remote_host 'sh -c "cat - >>~/.ssh/authorized_keys"'

Convert commercial (SECSH) ssh private / public key to OpenSSH
ssh-keygen -i -f > # public key
ssh-keygen -i -f id_dsa > id_dsa_openssh # private key

Generate public key from private key
ssh-keygen -y -f id_dsa >

Convert OpenSSH private / public to commercial (SECSH) ssh
ssh-keygen -e -f > # public key
ssh-keygen -e -f id_dsa_openssh > id_dsa # private key

Changes the passphrase
ssh-keygen -p -N password -f id_dsa_openssh.prv > id_dsa

Friday, December 22, 2006

GPG Management Commands

Generates key pair:
gpg --gen-key

Lists public and private current keys:
gpg --list-keys
gpg --list-secret-keys

Exports public key / private key:
gpg --armor --export
gpg --export-secret-key --armor "" > private.key

Imports a public key / private key:
gpg --import
gpg --allow-secret-key-import --import private.key

Delete public / private key:
gpg --delete-key ""
gpg --delete-secret-key ""

Encrypt a document with someone's public key:
gpg --output out.gpg --encrypt --recipient doc
gpg -o out.gpg -e -r doc

Decrypt an encrypted file:
gpg --output doc --decrypt doc.pgp
gpg -o doc --decrypt doc.pgp

Symmetric encryption:
gpg --output doc.gpg --symmetric doc
gpg -o doc.gpg -c doc

Copy File Trees With Tar Pipes

Copy files on a local filesystem:
(cd /foo; tar -cf - . ) | (cd /bar; tar -xpf - )

Copy files on a remote filesystem:
(cd /src; tar -cvf - foo) | (ssh other.machine 'cd /dst; tar -xf -')

Sunday, November 26, 2006

Tar gzip and Bzip2 usage

Tar and bzip2 in one command:
tar -cf - /etc/ | bzip2 > etc.tar.bz2
tar -cjvf etc.tar.bz2 /etc/

Tar and gzip in one command:
tar -cvzf file.tar.gz files (GNU tar)
tar -cvf - files | gzip > file.tar.gz

List contents of gzip file:

gzcat file.tgz | tar -tvf -
gunzip < file.tgz | tar -tvf -

To Extract gzip (.tar.gz /.tgz) files:
gunzip < file.tgz | tar -xvf -
gzcat file.tgz | tar -xvf -
tar -zxvf file.tgz

List contents of bzip2 file:
bzcat jazwww.tar.bz2 | tar -tvf -
bzip2 -cd jazwww.tar.bz2 | tar -tvf -

To Extract bzip2 files:
bzcat jazwww.tar.bz2 | tar -xvf -
bzip2 -cd jazwww.tar.bz2 | tar -xvf -

To List or Extract a subset of files from a tar:
tar -tvf jazwww.tar usr/bin/
tar -xvf jazwww.tar usr/bin/
bzip2 -cd jazwww.tar.bz2 | tar -tvf - usr/bin/

# -p option preserves original permissions upon extract

loopback mount

Enable loopback support in the kernel
Device Drivers > Block Devices > Loopback device support

Mount file / ISO
mount -o loop -t iso9660 filename.iso /mnt/iso


Create an ISO Filesystem
mkisofs -o backup.iso -x /home/joeuser/junk/ -J -R -A -V -v /home/joeuser/
-o Specifies an output file name of the ISO image.
-J Generates Joliet naming records; for Windows environments.
-R Generates Rock Ridge (RR) naming records
-A Sets an Application ID
-V Sets a Volume ID
-v Sets verbose execution
-x Excludes any directory

Check for scsi device
  cdrecord -scanbus
Burn disk
  cdrecord -v -eject speed=4 dev=0,3,0 backup.iso
Blank CD-RW
  cdrecord --dev=0,3,0 --blank=fast

EncFS Usage

To install
./configure; make; make install

To test:
mkdir /tmp/crypt-raw
mkdir /tmp/crypt
encfs /tmp/crypt-raw /tmp/crypt
Asks you for various options like password
cd /tmp/crypt

To unmount
fusermount -u /tmp/crypt


Kernel options needed:
Device Drivers > Block Devices > Loopback device support cryptoloop support
Cryptographic Options > (select cyphers.. ex. aes, twofish)

Update user space tools if needed

Fill a file or partition with random data:
dd if=/dev/urandom of=/dev/hda1 bs=1M
dd if=/dev/urandom of=/somefile.aes bs=1M count=10

Check what encryption methods are available
Note: the method will not show up if the method was compiled as a module and the module was not yet loaded.
cat /proc/crypto

Associate loop device with created file or partition
losetup -e aes-256 /dev/loop0 /dev/hda1
losetup -e aes-256 /dev/loop0 /somefile.aes
losetup -e twofish-256 /dev/loop0 /somefile.aes
You are asked to create a password

Format the new filesystem
mkfs.ext3 /dev/loop0

Mount the new filesystem
mkdir /mnt/crypto
mount -t ext3 /dev/loop0 /mnt/crypto

To unmount:
unmount /mnt/crypto
losetup -d /dev/loop0

Monday, November 20, 2006


View settings
hdparm /dev/hda

Test performance
hdparm -tT /dev/hda

Set Settings
hdparm -X66 -d1 -u1 -m16 -c3 /dev/hda

Saturday, April 01, 2006

Syslog reports to virtual terminals

Add the following to the /etc/syslog.conf:
mail.* /dev/tty9
auth.* /dev/tty8