Dependencies needed:
Kernel module (version 2.6.9+):
Device Drivers > Multi-device support (RAID and LVM) > Device Mapper Support (CONFIG_BLK_DEV_DM)
Associated kernel module:
dm_mod
Package:
lvm2 - lvm tools
libdevmapper
Show LVM version:
lvm version
Create the physical disks:
pvcreate /dev/hda
pvcreate /dev/hdb
pvcreate /dev/hdc1
pvcreate /dev/hdc2
Show allocated Physical volumes:
pvscan
pvdisplay
lvm pvs
Setup a volume group:
vgcreate vg_name /dev/hda /dev/hdb /dev/hdc1 /dev/hdc2
Display a volume group:
vgdisplay
lvm vgs
Display a logical volume:
lvdisplay
lvm lvs
Create Logical Volume:
Sets the size to 1GB
lvcreate -L1G -n lv_name vg_name
Activate/deactivate a volume group:
vgchange -a y vg_name #Activates: needed after each reboot!!
# This makes it show up as an entry in /dev/
vgchange -a n vg_name #Deactivates
Create the file system (choose one):
mk2fs /dev/vg_name/lv_name # create ext2 fs
mkfs.ext3 /dev/VolGroupBAK/lv_BAK # create ext2 fs
mkfs.ext3 /dev/VolGroupBAK/lv_BAK # create ext3 fs
mkreiserfs /dev/VolGroupBAK/lv_BAK # create reiserfs (reiserfs utils needed)
mkfs.xfs /dev/VolGroupBAK/lv_BAK # create xfs (xfsprogs package needed)
jfs_mkfs /dev/VolGroupBAK/lv_BAK # create jfs (jfsutils package needed)
Mount the File System:
mount /dev/vg_name/lv_name /mnt/point
Add disks to volume groups:
Create the new physical volumes
pvcreate /dev/hdd1
pvcreate /dev/hdd2
Add physical volumes to volume group
vgextend vg_name /dev/hdd1
vgextend vg_name /dev/hdd2
Unmount logical volume to extend
unmount /dev/vg_name/lv_name
Grow lv by 1GB
lvextend -L+1G /dev/vg_name/lv_name
Resize the underlying filesystem to fit (choose one)
resize2fs /dev/vg_name/lv_name # grow ext2/3 to match
resize_reiserfs -f /dev/vg_name/lv_name # grow reiserfs online
resize_reiserfs /dev/vg_name/lv_name # grow reiserfs offline
xfs_growfs /mount_pt # grow xfs online (must be mounted to resize)
mount -o remount,resize /home # grow jfs online (must be mounted)
Remount logical volume
mount /dev/vg_name/lv_name # remount if unmounted
Remove a Logical Volume:
unmount /dev/vg_name/lv_name # unmount any mounted lv
lvremove /dev/vg_name/lv_name # remove any lv
Remove a volume Group:
All logical volumes in group must be removed first.
vgchange -a n vg_name # deactivate vg
vgremove vg_name # removes vg
http://tldp.org/HOWTO/LVM-HOWTO/index.html
http://sources.redhat.com/lvm2/
http://www.die.net/doc/linux/man/man8/jfs_mkfs.8.html
http://www.die.net/doc/linux/man/man8/mkfs.xfs.8.html
http://www.howtoforge.com/linux_lvm_p2
Sunday, December 31, 2006
httpd.conf Activate User Webspace
Load the User Directory module:
LoadModule userdir_module modules/mod_userdir.so
Add the following lines to activate user dirs:
<IfModule mod_userdir.c>
UserDir public_html #typical dir convention is public_html
</IfModule>
Set directory specific options (optional):
<Directory /export/home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny, allow
Deny from all
</LimitExcept>
</Directory>
Several Available Options:
All: all options except multiviews (default)
ExecCGI: Execution of CGI scripts is permitted
Indexes: if no DirectoryIndex (index.html) present in dir, display formated list
SymLinksIfOwnerMatch: follow sym links only if source and target owner match
Several Available AllowOverride directive settings:
This directive allows the use of .htaccess files to override
All: all options are allowed in .htaccess
AuthConfig: allow use of AuthName, AuthType, AuthUserFile, AuthGroupFile, Require, etc.
Indexes: allow use of DirectoryIndex and more
Limit: allow use of Allow, Deny and Order
Options: allow use of specific option settings (above)
http://httpd.apache.org/docs/1.3/mod/core.html#allowoverride
LoadModule userdir_module modules/mod_userdir.so
Add the following lines to activate user dirs:
<IfModule mod_userdir.c>
UserDir public_html #typical dir convention is public_html
</IfModule>
Set directory specific options (optional):
<Directory /export/home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny, allow
Deny from all
</LimitExcept>
</Directory>
Several Available Options:
All: all options except multiviews (default)
ExecCGI: Execution of CGI scripts is permitted
Indexes: if no DirectoryIndex (index.html) present in dir, display formated list
SymLinksIfOwnerMatch: follow sym links only if source and target owner match
Several Available AllowOverride directive settings:
This directive allows the use of .htaccess files to override
All: all options are allowed in .htaccess
AuthConfig: allow use of AuthName, AuthType, AuthUserFile, AuthGroupFile, Require, etc.
Indexes: allow use of DirectoryIndex and more
Limit: allow use of Allow, Deny and Order
Options: allow use of specific option settings (above)
http://httpd.apache.org/docs/1.3/mod/core.html#allowoverride
httpd.conf Basic Authentication.
Add these lines to a given directory section or .htaccess file:
AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /etc/httpd/passwords
Require user admin1 admin2
Execute these commands to create / add users:
htpasswd -c /etc/httpd/passwords admin1 #create
htpasswd /etc/httpd/passwords rbowen admin2 #add
Or Create to stdout:
htpasswd -nbs user pass
To use a .htaccess file, the following is needed in a directory section:
AccessFileName .htaccess # ID .htaccess as override file (default)
AllowOverride AuthConfig # allows .htaccess to override authorization
http://httpd.apache.org/docs/1.3/howto/auth.html
http://httpd.apache.org/docs/1.3/mod/core.html#authname
AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /etc/httpd/passwords
Require user admin1 admin2
Execute these commands to create / add users:
htpasswd -c /etc/httpd/passwords admin1 #create
htpasswd /etc/httpd/passwords rbowen admin2 #add
Or Create to stdout:
htpasswd -nbs user pass
To use a .htaccess file, the following is needed in a directory section:
AccessFileName .htaccess # ID .htaccess as override file (default)
AllowOverride AuthConfig # allows .htaccess to override authorization
http://httpd.apache.org/docs/1.3/howto/auth.html
http://httpd.apache.org/docs/1.3/mod/core.html#authname
Thursday, December 28, 2006
Job Control
View the currently running jobs:
jobs
Place running foreground process into background:
ctl-z #puts the job to sleep
bg %1
Bring a background job into the foreground:
fg %1
Kill a job:
kill %1
kill %1 -9
Find the PID of all jobs
jobs -p
jobs -pl
Bring a nohuped process to the foreground
# note: I think you can only do this from the same terminal session.
# It doesn't look like it is possible to nohup a process, close a terminal
# and then bring the process back to the foreground again. Use screen instead.
# If you do not close your terminal session and if you do something like
nohup sleep 100 &
# and want to bring this to the foreground
# find the process ID using
jobs -p
or
ps -ef
# then supply the PID as the argument to the fg command
fg 14389420
http://www.gnu.org/software/bash/manual/html_node/Job-Control-Basics.html#Job-Control-Basics
http://www.uwyo.edu/askit/displaydoc.asp?askitdocid=262&parentid=1
http://linuxhelp.blogspot.com/2005/05/job-control-in-linux.html#axzz0gU42IqoP
jobs
Place running foreground process into background:
ctl-z #puts the job to sleep
bg %1
Bring a background job into the foreground:
fg %1
Kill a job:
kill %1
kill %1 -9
Find the PID of all jobs
jobs -p
jobs -pl
Bring a nohuped process to the foreground
# note: I think you can only do this from the same terminal session.
# It doesn't look like it is possible to nohup a process, close a terminal
# and then bring the process back to the foreground again. Use screen instead.
# If you do not close your terminal session and if you do something like
nohup sleep 100 &
# and want to bring this to the foreground
# find the process ID using
jobs -p
or
ps -ef
# then supply the PID as the argument to the fg command
fg 14389420
http://www.gnu.org/software/bash/manual/html_node/Job-Control-Basics.html#Job-Control-Basics
http://www.uwyo.edu/askit/displaydoc.asp?askitdocid=262&parentid=1
http://linuxhelp.blogspot.com/2005/05/job-control-in-linux.html#axzz0gU42IqoP
Wednesday, December 27, 2006
Mencoder Usage
Listing available codecs:
mencoder -ovc help
mencoder -oac help
Basic encode syntax:
mencoder movie.wmv -o movie.avi -ovc lavc -oac lavc (mpeg4 default)
# -o = output file
# -ovc = output video codec
# -oac = output audio codec
One-pass FFmpeg (lavc) encoding:
mencoder file.avi -ovc lavc -oac lavc --ffourcc DX50 -o output.avi
mencoder file.avi -ovc lavc -oac lavc -lavaopts acodec=mp3 -o movie.avi
http://gentoo-wiki.com/HOWTO_Mencoder_Introduction_Guide
mencoder -ovc help
mencoder -oac help
Basic encode syntax:
mencoder movie.wmv -o movie.avi -ovc lavc -oac lavc (mpeg4 default)
# -o = output file
# -ovc = output video codec
# -oac = output audio codec
One-pass FFmpeg (lavc) encoding:
mencoder file.avi -ovc lavc -oac lavc --ffourcc DX50 -o output.avi
mencoder file.avi -ovc lavc -oac lavc -lavaopts acodec=mp3 -o movie.avi
http://gentoo-wiki.com/HOWTO_Mencoder_Introduction_Guide
Tuesday, December 26, 2006
OpenSSL Usage
List available Ciphers:
openssl ciphers -v
openssl ciphers -v tls1 #only TLS 1 ciphers
openssl ciphers -v tls1.2 #only TLS 1.2 ciphers
openssl list-cypher-commands
openssl ciphers -v 'HIGH' #only good ciphers
Test OpenSSL Speed:
openssl speed
openssl speed rsa #test only rsa
Generate self-signed cert:
openssl req \
-x509 -nodes -days 365 \
-newkey rsa:1024 -keyout mycert.pem -out mycert.pem
OR
openssl req \
-x509 -nodes -days 365 \
-subj '/C=US/ST=Oregon/L=Portland/CN=www.madboa.com' \
-newkey rsa:1024 -keyout mycert.pem -out mycert.pem
MD5 or SHA1 digest of file:
openssl dgst -md5 filename
openssl dgst -sha1 filename
Base64 encode / decode a file:
openssl enc -base64 -in infile.txt #encode to stdout
openssl enc -base64 -in infile.txt -out outfile.txt #encode to a file
echo "encode me" | openssl enc -base64 #encode through a pipe
echo "Zw5jb2RlIGllCg==" | openssl enc -base64 -d #decode through a pipe
Encrypt a file using 256-bit AES in CBC mode
openssl enc -aes-256-cbc -salt -in file.txt -out file.enc
openssl enc -aes-256-cbc -salt -in file.txt \
-out file.enc -pass pass:password
openssl enc -aes-256-cbc -salt -in file.txt \
-out file.enc -pass file:/path/to/passwd.txt
openssl enc -aes-256-cbc -a -salt -in file.txt -out file.enc #base64 for email
Decrypt binary / base64 AES CBC file
openssl enc -d -aes-256-cbc -in file.enc
openssl enc -d -aes-256-cbc -a -in file.enc # decode with base64
Encrypt a file using Triple DES with base64 "ASCII Armor"
openssl enc -e -a -salt -des3 -in file.txt -out file.des3
Decrypt a file encoded with Triple DES and base64 encoded
openssl enc -d -a -in file.des3 -out file.txt
Encrypt a file using Blowfish and base64 encode
openssl enc -e -a -salt -bf -in file.txt -out file.blowfish
Decrypt a file encoded with Blowfish and base64 encoded
openssl enc -d -a -bf -in file.blowfish -out file.txt
Generate an RSA key:
openssl genrsa
openssl genrsa -out mykep.pem 1024
openssl genrsa -des3 -out mykey.pem 1024
Generate a public RSA key:
openssl rsa -in mykey.pem -pubout
Generate a DES key:
openssl dsaparam -noout -out dsakey.pem -genkey 1024
Generate a shadow-style password hash:
openssl passwd -1 MySecret
openssl passwd -1 -salt sXiKzkus MySecret #specific salt
Test for prime number:
openssl prime 11905475924560753
Generate random number:
openssl rand -base64 128 #128 random base64 bits
openssl rand -out random_data.bin 1024 #1024 random binary bits
head -c 32 /dev/urandom | openssl enc -base64 #better entropy
Create an SSL certificate:
openssl genrsa -des3 -out server.key 1024 # create keys
openssl req -new -key server.key -out server.csr # create cert request
cp server.key server.key.org # remove passphrase
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt # create cert
Decode an SSL Cert:
openssl x509 -in certificate.crt -text -noout
http://www.sslshopper.com/certificate-decoder.html
Encrypt from STDIN to STDOUT with a simple AES password
echo "Plain Text" | openssl enc -aes-256-cbc -a
Decrypt from STDIN to STDOUT with a simple AES password
echo "Cyphertext from above" | openssl enc -aes-256-cbc -d -a
http://www.akadia.com/services/ssh_test_certificate.html
http://www.yatblog.com/2007/02/27/how-to-create-a-ssl-certificate/
http://www.vanemery.com/Linux/Apache/openSSL.html
http://www.madboa.com/geek/openssl/
openssl ciphers -v
openssl ciphers -v tls1 #only TLS 1 ciphers
openssl ciphers -v tls1.2 #only TLS 1.2 ciphers
openssl list-cypher-commands
openssl ciphers -v 'HIGH' #only good ciphers
Test OpenSSL Speed:
openssl speed
openssl speed rsa #test only rsa
Generate self-signed cert:
openssl req \
-x509 -nodes -days 365 \
-newkey rsa:1024 -keyout mycert.pem -out mycert.pem
OR
openssl req \
-x509 -nodes -days 365 \
-subj '/C=US/ST=Oregon/L=Portland/CN=www.madboa.com' \
-newkey rsa:1024 -keyout mycert.pem -out mycert.pem
MD5 or SHA1 digest of file:
openssl dgst -md5 filename
openssl dgst -sha1 filename
Base64 encode / decode a file:
openssl enc -base64 -in infile.txt #encode to stdout
openssl enc -base64 -in infile.txt -out outfile.txt #encode to a file
echo "encode me" | openssl enc -base64 #encode through a pipe
echo "Zw5jb2RlIGllCg==" | openssl enc -base64 -d #decode through a pipe
Encrypt a file using 256-bit AES in CBC mode
openssl enc -aes-256-cbc -salt -in file.txt -out file.enc
openssl enc -aes-256-cbc -salt -in file.txt \
-out file.enc -pass pass:password
openssl enc -aes-256-cbc -salt -in file.txt \
-out file.enc -pass file:/path/to/passwd.txt
openssl enc -aes-256-cbc -a -salt -in file.txt -out file.enc #base64 for email
Decrypt binary / base64 AES CBC file
openssl enc -d -aes-256-cbc -in file.enc
openssl enc -d -aes-256-cbc -a -in file.enc # decode with base64
Encrypt a file using Triple DES with base64 "ASCII Armor"
openssl enc -e -a -salt -des3 -in file.txt -out file.des3
Decrypt a file encoded with Triple DES and base64 encoded
openssl enc -d -a -in file.des3 -out file.txt
Encrypt a file using Blowfish and base64 encode
openssl enc -e -a -salt -bf -in file.txt -out file.blowfish
Decrypt a file encoded with Blowfish and base64 encoded
openssl enc -d -a -bf -in file.blowfish -out file.txt
Generate an RSA key:
openssl genrsa
openssl genrsa -out mykep.pem 1024
openssl genrsa -des3 -out mykey.pem 1024
Generate a public RSA key:
openssl rsa -in mykey.pem -pubout
Generate a DES key:
openssl dsaparam -noout -out dsakey.pem -genkey 1024
Generate a shadow-style password hash:
openssl passwd -1 MySecret
openssl passwd -1 -salt sXiKzkus MySecret #specific salt
Test for prime number:
openssl prime 11905475924560753
Generate random number:
openssl rand -base64 128 #128 random base64 bits
openssl rand -out random_data.bin 1024 #1024 random binary bits
head -c 32 /dev/urandom | openssl enc -base64 #better entropy
Create an SSL certificate:
openssl genrsa -des3 -out server.key 1024 # create keys
openssl req -new -key server.key -out server.csr # create cert request
cp server.key server.key.org # remove passphrase
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt # create cert
Decode an SSL Cert:
openssl x509 -in certificate.crt -text -noout
http://www.sslshopper.com/certificate-decoder.html
Encrypt from STDIN to STDOUT with a simple AES password
echo "Plain Text" | openssl enc -aes-256-cbc -a
Decrypt from STDIN to STDOUT with a simple AES password
echo "Cyphertext from above" | openssl enc -aes-256-cbc -d -a
http://www.akadia.com/services/ssh_test_certificate.html
http://www.yatblog.com/2007/02/27/how-to-create-a-ssl-certificate/
http://www.vanemery.com/Linux/Apache/openSSL.html
http://www.madboa.com/geek/openssl/
SSH PKI
To create ssh keys:
ssh-keygen -t dsa -d 2048
Optionally leave the passphrase blank
This will create a ~/.ssh/id_dsa and ~/.ssh/id_dsa.pub file.
Check for validity:
ssh-keygen -l -f ~/.ssh/id_dsa.pub
Copy the key to the remote server:
cat ~/.ssh/id_dsa ssh remote_host 'sh -c "cat - >>~/.ssh/authorized_keys"'
Convert commercial (SECSH) ssh private / public key to OpenSSH
ssh-keygen -i -f id_dsa.pub > id_dsa_openssh.pub # public key
ssh-keygen -i -f id_dsa > id_dsa_openssh # private key
Generate public key from private key
ssh-keygen -y -f id_dsa > id_dsa_openssh.pub
Convert OpenSSH private / public to commercial (SECSH) ssh
ssh-keygen -e -f id_dsa_openssh.pub > id_dsa.pub # public key
ssh-keygen -e -f id_dsa_openssh > id_dsa # private key
Changes the passphrase
ssh-keygen -p -N password -f id_dsa_openssh.prv > id_dsa
http://pkeck.myweb.uga.edu/ssh/
http://uaahosting.uaa.alaska.edu/axjww/sshkey/
ssh-keygen -t dsa -d 2048
Optionally leave the passphrase blank
This will create a ~/.ssh/id_dsa and ~/.ssh/id_dsa.pub file.
Check for validity:
ssh-keygen -l -f ~/.ssh/id_dsa.pub
Copy the key to the remote server:
cat ~/.ssh/id_dsa ssh remote_host 'sh -c "cat - >>~/.ssh/authorized_keys"'
Convert commercial (SECSH) ssh private / public key to OpenSSH
ssh-keygen -i -f id_dsa.pub > id_dsa_openssh.pub # public key
ssh-keygen -i -f id_dsa > id_dsa_openssh # private key
Generate public key from private key
ssh-keygen -y -f id_dsa > id_dsa_openssh.pub
Convert OpenSSH private / public to commercial (SECSH) ssh
ssh-keygen -e -f id_dsa_openssh.pub > id_dsa.pub # public key
ssh-keygen -e -f id_dsa_openssh > id_dsa # private key
Changes the passphrase
ssh-keygen -p -N password -f id_dsa_openssh.prv > id_dsa
http://pkeck.myweb.uga.edu/ssh/
http://uaahosting.uaa.alaska.edu/axjww/sshkey/
Friday, December 22, 2006
GPG Management Commands
Generates key pair:
gpg --gen-key
Lists public and private current keys:
gpg --list-keys
gpg --list-secret-keys
Exports public key / private key:
gpg --armor --export jaz@example.com
gpg --export-secret-key --armor "jaz@example.com" > private.key
Imports a public key / private key:
gpg --import joe.ca
gpg --allow-secret-key-import --import private.key
Delete public / private key:
gpg --delete-key "jaz@example.com"
gpg --delete-secret-key "jaz@example.com"
Encrypt a document with someone's public key:
gpg --output out.gpg --encrypt --recipient jaz@example.com doc
gpg -o out.gpg -e -r jaz@example.com doc
Decrypt an encrypted file:
gpg --output doc --decrypt doc.pgp
gpg -o doc --decrypt doc.pgp
Symmetric encryption:
gpg --output doc.gpg --symmetric doc
gpg -o doc.gpg -c doc
gpg --gen-key
Lists public and private current keys:
gpg --list-keys
gpg --list-secret-keys
Exports public key / private key:
gpg --armor --export jaz@example.com
gpg --export-secret-key --armor "jaz@example.com" > private.key
Imports a public key / private key:
gpg --import joe.ca
gpg --allow-secret-key-import --import private.key
Delete public / private key:
gpg --delete-key "jaz@example.com"
gpg --delete-secret-key "jaz@example.com"
Encrypt a document with someone's public key:
gpg --output out.gpg --encrypt --recipient jaz@example.com doc
gpg -o out.gpg -e -r jaz@example.com doc
Decrypt an encrypted file:
gpg --output doc --decrypt doc.pgp
gpg -o doc --decrypt doc.pgp
Symmetric encryption:
gpg --output doc.gpg --symmetric doc
gpg -o doc.gpg -c doc
Copy File Trees With Tar Pipes
Copy files on a local filesystem:
(cd /foo; tar -cf - . ) | (cd /bar; tar -xpf - )
Copy files on a remote filesystem:
(cd /src; tar -cvf - foo) | (ssh other.machine 'cd /dst; tar -xf -')
http://www.cs.hmc.edu/qref/targzip.html
(cd /foo; tar -cf - . ) | (cd /bar; tar -xpf - )
Copy files on a remote filesystem:
(cd /src; tar -cvf - foo) | (ssh other.machine 'cd /dst; tar -xf -')
http://www.cs.hmc.edu/qref/targzip.html
Subscribe to:
Posts (Atom)
