This site is now 100% read-only, and retired.

Archive for 2004

The simple mechanism Debian has for performing package upgrades, apt-get, is often touted as a good thing and indeed it is. But sometimes you will have a package installed that you absolutely do not want to be upgraded.

xterm is the default terminal emulator, or shell program, that people use when running the X11 Window System. Despite its apparent simplicity it's very customizable, allowing you to change fonts, sizes, and colours with only a little effort.

mod-security is a simple intrusion detector and preventor for Apache, allowing you to wrap an additional layer of protection around your webserver.

In the course of running this site, and working with MySQL generally I've had to lookup miscellaneous documentation. Hopefully these tips will prove useful to others too.

Many systems aren't supposed to run as real mail servers, instead they should merely forward mail to a real server. In a home setting this might mean forwarding mail to your ISP. In a work setting you might have a single mailserver which is allowed by your firewall to make outgoing SMTP connections, whilst all other machines are denied this, so you want to have all your linux/unix servers relay mail via your main server. Here we'll look at how different mail servers can be setup to forward mail for you.

There are a lot of times when it's convenient to work with images without having to wait for big graphics editors to startup. Simple operations which are common for image galleries such as rotating, resizing and adding comments to images can all be performed from the command line.

If you're new to Debian, wish to use stable/Woody for your server, want the server to run as many services as possible - it may seem like an impossible task for you. I was in the same position, and it took me quite a while to accomplish it.

The Debian Administration website has undergone a facelift since yesterday, changing to a more maintainable CSS based layout and adding additional new features.

Many times system compromises occur because a password has been guessed, or brute-forced, because it is too simple. Even if you have a well-defined password policy for your users you typically have no idea what kind of passwords they are choosing.

Of all the networking tools I'm familiar with I use four more than any other; ping, traceroute, nmap, and netcat. The first two utilities are standard on many operating systems. nmap is a port scanner which makes it simple to identify the services running on a machine. Netcat? That's a general purpose tool described by its author as a TCP/IP swiss army knife.

Many simple exploits that are used against machines, (via vulnerable PHP applications or local users, etc), rely upon being able to execute commands in /tmp. If this is a seperate partition or file system you can gain some protection by marking it non-executable. The common problem with this is that apt-get fails to work with such a setup.

Many pieces of system administration can be automated via perl scripts, or shell scripts which run at regular intervals. For example you might have a script to check that your disk isn't full which runs once an hour - informing you if there are problems. The most common mechanism for scheduling commands on Unix systems is via the cron package. This allows users to schedule arbitary commands to run at arbitary times with regular frequency.

I was wondering what needs to be backed-up on a Debian system, without backing up too much, considering packages can be re-downloaded.

When you have a large number of machines to look after it can be hard to keep track of changes in the network services you are running upon them. This brief article introduces a few tools and scripts which might make tracking changes easier.

When Debian stable releases are made there are many more packages than will fit upon a single CD-ROM. This means there has to be a bit of juggling arranging packages upon multiple disks. Apart from the base and required packages which always have to go on the first disk the distribution of the other packages are arranged by package popularity. If you'd like your system to be used in the voting read on.

If you are using a recent keyboard under X you likely have a bunch of strange multimedia keys which are going to waste.

I have been running my own website for about 4 months. When I set the server up (apache, dhcp, firehol, etc), registered a domain name, and found a free dns server, I realized that I didn't know as much about IP addresses as I thought I did. So here are a few questions I have.

The majority of people who use Debian upon the desktop launch straight into the X11 Window system, usually via one of the choosers xdm, gdm, or kdm. Once you've entered your username and password you get your Window Manager running and are ready to start work. But what if you want a program or two to start as soon as you login?

If you're running a stable server and are worried about an intruder modifying your system binaries to install new corrupted versions you should be using a filesystem integrity checker.

Thanks to the existance of the user-mode-linux project it is possible to run a complete copy of the GNU/Linux operating system on top of your existing system. These virtual servers are ideal for testing software installations, or setting up mass hosting for customers.

When you run a multi-user system it's possible for a single user to unduly hog the system, by filling their home directory with a lot of files, and filling a disk so that other users have no space of their own. Quotas are a system of preventing this. It's possible to setup limits on the amount of space a single user, or a single group, can use.

If you want to install Debian upon a Sun machine, such as a Netra, you'll need to get familiar with accessing a system over a serial console. It's also something you'll need to do if you wish to interface with a Cisco router, or other piece of hardware that doesn't have networking enabled properly yet.

This article has been removed from the site.

When running Debian's Unstable distribution most users tend to upgrade daily, or weekly. Sometimes things break and can take a day or two to be fixed, if this happens at an inconvient time you're in trouble. Here we describe two tools to help prevent this.

If you're running the Debian Unstable distribution you will probably want to keep it fairly current, so that you have the latest and greatest packages available to use. Running automated upgrades could be dangerous, but there is a simple way to keep your machine ready for updating at all times.

Jabber is an XML based cross platform chat and messenging server which is freely available. It runs on Linux, Solaris, and many other Unix variants. For a small office or a collection of offices it's a great way to allow people to chat without resorting to outside services such as MSN.

Open relays allow people to use your mail server to deliver spam and mail to people whilst using your resources.

There are many legitimate reasons for a Debian GNU/Linux user to wish to run Microsoft Windows applications. One approach involves using the wine program to run a single Windows executable in a fake Windows environment. An alternative is to run an entire Windows operating system within a Debian host. Qemu is a procesor emulator and virtualization program which allows you to do just that.

Despite lacking a lot of features MySQL is one of the most popular database servers available for GNU/Linux platforms. Part of the attraction is that it's much simpler to setup for a shared hosting system. This small HOWTO shows how to add new users to a MySQL system and keep their databases seperate from each other.

There are many situations where you might want to send traffic over a secure link, and this is exactly what SSH allows you to do. Any form of TCP/IP connection can be sent across a tunnel providing you have access to a remote SSH server at the 'far side'.

So in a moment of weakness I promised I'd write a simple how-to for setting up IPsec in Debian. That ought to be easy; I've set up two separate computer systems (that's systems, with many computers in each system) each using IPsec extensively, I've used both FreeS/WAN and IPsec-tools, by themselves and interoperating, and I've used both PSKs (Pre-Shared Keys) and X.509 certificates. Well, we'll see.

NIS is a system which is designed to allow people to use the same username and password on a group of machines. (In NIS terms this group of machines is called a domain). This small introduction will guide you through setting up a central NIS server to centralise your logins, and a client to use it.

Small companies and homes are setup to use a dedicated Linux machine to act as a gateway, their bridge to the internet outside. Having a computer do the routing allows a lot more flexability than using a dedicated hardware router - for example the ability to join the network to another companies, or allow remote workers via a VPN solution.

GNU Screen is an often overlooked application which allows you to run programs in a console section, detach from them and then later resume them. They even keep running when you logout.

Many times on a multi-user system it would be nice to allow particular users to do things that require root privileges without having to give them the root password. There are several tools which will solve this problem, the most well known tool for this purpose is called sudo.

As a new feature, designed to make it easier to keep track of activity, replies to articles will be mailed to their authors.

When it comes to setting up a secure webserver you have two choices apache-ssl, or mod-ssl. This simple introduction walks you through setting up and using the latter.

OpenSSH can be used for many things, from connecting to remote hosts to transferring files securely. Thanks to a new kernel module shfs it is possible use it to mount remote filesystems securely.

There are several mail servers available for use with Debian stable; sendmail, postfix and exim to name just three. The default mail server installed is exim3 which is a flexible mail server which will support accepting and sending mail for multiple domains. The setup must be done by hand as the Debian configuration script doesn't handle setting this up. This piece explains how we do just that.

Debian uses a Sys-V like init system for executing commands when the system runlevel changes - for example at bootup and shutdown time.

OpenSSH is a well known program which allows you to login to a host remotely, and run commands etc. It also comes with a simple file transfer system which can be used to transfer files securely.

A few writeups here have covered using specific Debian packages for accomplishing tasks, but they haven't explained how you discover the name of a package to solve a particular problem. This piece redresses the balance.

If you have a system which is doing something important such as handling mail, or running as firewall, it's essential that you keep the correct date and time. This allows your logs to have the correct timestamps upon them.

Most administrators will be familiar with syslog. It is a standard Unix program which is in charge of handling different log or notice messages and sending them to a file where they may be examined.

Many people want to use a dedicated Debian machine as a gateway for a LAN, this has many benefits compared to using a dedicated hardware firewall. For a start it's a lot more flexible, but in addition to this it allows you to offer a lot of extra services to your machines.

I have a problem with my keyboard set up and wondered how to fix it.

For some reason on some of the machines I look after there are wildly different mouse setups. On some machines moving the mouse will result in a painfully small, slow, movement of the pointer. On others there will be a blur of activity as the mouse streaks across the screen!

Most people are happy with the binary packages which Debian provides, as they tend to be setup to cover the common uses. But what happens if you are looking to rebuild an existing package with different options? Well you can rebuild a package from source very easily.

Debian software is typically installed from binary packages, (which means that you dont need to use a compiler to build them yourself), which are downloaded from the Debian package archives.

Apache is probably the most popular webserver for the Linux platform, and despite being very powerful and extensible it is very well documented. In spite of this documentation many people seem to struggle with hosting multiple sites with Apache.

This article is a test of the HTML filtering system which has just been put in place. Now that it is confirmed as working the site is due to go live.

Viruses are a fact of life nowadays, be they real viruses or worms which require manual intervention on the half of a user to propogate. Unix systems tend to be immune from the viruses themselves, but they still have mail queues full of viral messages. Read on to learn how to remove them safely.

This is a demo site, it's not final or live yet. If you wish to create a new story then feel free.

Generating good passwords is hard, but a necessary evil. It's a good practise to use different passwords for different machines, websites, and accounts.

I've never used the GNOME desktop environment before, although I've certainly heard a lot about it over the past couple of years (along with it's competitor KDE).

Please don't worry if you think that the articles here aren't very long, or very interesting. They have been inserted mostly to see how well the system is working.

How do I setup drivers for my new NVidia FX 5200 under Debian?

Once upon a time Debian was unique for many reasons, but now there are a growing number of popular Linux distributions, so why choose Debian?

All serious users know that it's a good thing to have your Linux machines turned on for long periods of time, none of that daily rebooting for us!

Debian Wins!

Debian wins!

Here's a small list of Debian help related sites:

When you look after a group of machines it becomes increasingly difficult to watch the logfiles to see if anything suspicious is happening.

Traditionally telnet was used to connect to different hosts, for performing remote administration and other tasks.

Adding new users is something that you will need to do if you want to allow other users to use your machine.

When you're working against a deadline chances are this is the time diasaster will strike.

Previous Archives