.
Linux,
, -,
, .. - Slackware 1.0 1994
.
Slackware, RedHat
.
rpmbuild --rebuild bla-bla.src.rpm
rpm -ivh kernel-*.src.rpm
vi /usr/src/redhat/SPECS/kernel-2.6.spec
... [custom]
rpmbuild -ba /usr/src/redhat/SPECS/kernel-2.6.spec
RedHat 8-9, FC, Advanced server
lockkit --disable -q #
From: .
, . SoundBlaster .
From:
.
From:
, - ,
. firewall 4.2 ( ,
).
From:
1.) LILO (
RH-4.2) rc.sysinit
.
2.) resolv.conf
"search",
bootp. -
nameserver.
3.) 34-1 /updates
link asm - asm-i386
4.) Glint /updates
(/jpeg). , ,
1 . 4.2 - ,
. RH-4.2 5
, 5.0 5.1
, 5.2.
From:
RedHat 5.0 - ,
statnet, GhostView
"print"
...
cpio -ov RedHat 5.0 .
cpio -ovca - Linux!!!
"" cpio, "" 4.2
-H crc
: NFS - . "Permition denied"
: ftp? "execute",
ftp , ?
cd redhat ; chmod -R a+x .
: ? RedHat
, unix
ext2, FAT- .
: .
"" mount-point .
: CDROM-?
:
mkdir /a
mkdir /b
mkdir /cdrom
mkdir /dos
mkdir /dosd
/etc/fstab / :
/dev/fd0 /a msdos defaults,user,umask=000,noauto 0 0
/dev/fd1 /b msdos defaults,user,umask=000,noauto 0 0
/dev/cdrom /cdrom iso9660 defaults,user,ro,exec,dev,suid,noauto 0 0
/dev/hda1 /dos msdos defaults,user,umask=000 0 0
: X, startx
, sleeped .
:
/usr/bin/X11/startx
xinit $clientargs -- $serverargs
exec xinit $clientargs -- $serverargs &
: RedHat host
lpr .
: (- - security)
/etc/hosts.lpd ,
.
: PC NFS
.
:
, /etc/exports -
/ (rw)
, , . ,
RedHat pcnfsd !
pcnfsd ,
RedHat Contrib' Slackware,
rpc.pcnfsd nfsserver'
/etc/rc.d/rc3.d/S60nfs
daemon rpc.mountd
daemon rpc.nfsd
+ daemon rpc.pcnfsd
echo
: vi . less
. Bash
.
:
/etc/profile
LC_CTYPE=iso_8859_1 export LC_CTYPE # VI
LC_LOCALE=iso_8859_1 export LC_LOCALE # VI
LESS="-e -r -X" export LESS # less
/etc/inittab: RedHat Login:
: , login,
. , -
koi2alt
echo -e '\033(K'
:
/etc/inittab getty ( "--noclear")
1:12345:respawn:/sbin/mingetty --noclear tty1
. . .
: bash
, .
:
PS1. ,
,
.profile . ,
.
/etc/profile /etc/skel/.bashrc $HOME/.profile
/
PS1='\u@tty2:\w/\$ ' export PS1
/etc/bashrc .
(IMHO - )
/etc/profile
: PS1.
.profile
:
.bash_logout
.bash_profile
.bashrc
PS1='\u@tty2:\w/\$ ' export PS1
"" ,
/etc/skel
. :
()
: man
" ? Isn't it?"
: man less. less
"-X" - " .
LESS
.
LESS="-e -r -X" export LESS
: -
(, ?),
.
crontab root' RedHat -
/etc/crontab .
internet-
, , ,
10, -
.
: atrun
0,10,20,30,40,50 * * * * root /usr/sbin/atrun
# Trim log files
log- 16 256kb
uucp uucp- log-.
Redhat Linux updatedb,
locate.
.
: updatedb
/etc/cron.daily/updatedb.cron
--localpaths='' --netpaths='/'
--localpaths='/' --netpaths=''
RedHat Xsession .
/etc/X11/xdm/Xsession
:
################## moshkow #############################
sysprofile=/etc/profile
profile=$HOME/.profile
[ -f "$sysprofile" ] && . $sysprofile
[ -f "$profile" ] && . $profile
[ -f "$resources" ] || resources=$HOME/.Xdefaults
[ -f "$resources" ] || resources=$HOME/.Xresources
[ -f "$startup" ] || startup=$HOME/.xinitrc
[ -f "$startup" ] || startup=$HOME/.xsession
[ -f "$startup" ] || startup=/usr/lib/X11/xinit/xinitrc
if [ -f "$startup" ]; then
xrdb -load "$resources"
exec sh "$startup"
fi
################## moshkow #############################
,
. . iBCS
- -
2.0.13 2.0.18. iBCS
.
sendmail 8.7.5 security hole -
root .
sendmail 8.7.5 -
delivery
errors
- upgrade 8.8.5,
bug
RedHat 3.0 mount security hole -
root .
update ,
ftp://ftp.redhat.com/pub/redhat/redhat-3.0.3/i386/updates/RPMS/mount-2.5k-1.i386.rpm
setuid- mount/umount
# chmod u-s /bin/mount /bin/umount
http://www.corbina.net/~ppinpro/alx/gen-rule.html
3-5 -
. security
holes .
,
.
chmod 400 /vmlinuz.
/etc/lilo.conf ego .
/etc/inetd.conf.
, .
- ,
ALL : ALL /etc/hosts.deny
/etc/hosts.allow
sendmail,
. .
wu-ftp . ,
security holes.
/etc/inetd.conf .
,
.
:
/etc/hosts.deny
ALL : ALL
195.0.1.0
/etc/hosts.allow
ALL : \
127.0.0.1
ALL : \
195.0.1.0/255.255.255.0
Date: 10 97
CERT Sendmail 8.8.5.
.
Apach-httpd cgi-
/home/httpd/cgi-bin/phf
nobody
:
> * Drop source routes pakets [Y]
Drop packets that have a source route flag set. This stops simpliest
redirection attacks and should be always set to yes.
> * always defragment [Y]
Reassemble packet from fragments first and only after that apply firewalling
rulesets. Unless you have a really good reason not to do this ( and I am yet
to hear one ), it should be set t yes.
0.
1. Booting to single-user mode
LILO: linux single
Debian /etc/initab, RedHat -
# What to do in single-user mode.
~~:S:wait:/sbin/sulogin
2. init
LILO: linux init=/bin/bash
3. root-partition
LILO: linux root=/dev/hda1
, .
, , /tmp
. UMS
DOS .
BIOS-setting
.
LILO-prompt
A workaround can be achieved by using PASSWORD and
RESTRICT options in /etc/lilo.conf.
: /etc/lilo.conf root.root 600,
.
kerneld and ifconfig kernel-
/sbin/ifconfig module-name
__
/lib/modules kerneld.
:
. kerneld
, ,
.
:
( standalone
)
:
/etc/rc.d/rc3.d
"" :
mv S45pcmcia s45pcmcia
. . .
/etc/sysconfig/network-scripts/ :
"control-panel -- Network" - .
:
route add -net network.address gw your-host
/etc/rc.d/rc.local
/etc/sysconfig/network-scripts/ifup-routes
grep "$1 " /etc/sysconfig/static-routes | while read device args; do
route add -$args $device
done
grep "$1 " /etc/sysconfig/static-routes | while read device args; do
route add -$args # $device
##########
done
/etc/sysconfig/network-scripts/ :
From: Roman (mrv@fia.volga.ru)
: PPP .
. -
Default gateway,
default
: -
PPPD, Default gateway,
.
/etc/sysconfig/network-scripts/ifup-ppp
:
if [ "${DEFROUTE}" = yes ] ; then
opts = "$opts defaultroute"
fi
:
if [ "${DEFROUTE}" = yes ] ; then
opts = "$opts defaultroute"
else
opts = "$opts -defaultroute"
fi
: Alias
Static-route
: eth0 , eth0:0
/etc/sysconfig/static-routes
eth0:0
.
: ,
/etc/sysconfig/static-routes
""
2: - .
GUI-control-panel
' /etc/rc.d/rc.local
: .
/boot/vmlinuz /etc/lilo.conf
, , make zlilo
/vmlinuz
:
/etc/lilo.conf , lilo
:
cannot fork try again, no more filedescriptors, no more pty...
: .
( xterm',
...)
/usr/src/linux/include/linux/tty.h
#define NR_PTYS 256 /* */
mknod pty
/usr/src/linux/include/linux/tasks.h
#define NR_TASKS 4090 /* On x86 Max 4092, or 4090 w/APM configured */
#define MAX_TASKS_PER_USER (NR_TASKS/2)
#define MIN_TASKS_LEFT_FOR_ROOT 16
.
/usr/src/linux/include/fs.h
#define NR_FILE 4096
#define NR_INODE 3072
Update RedHat 3.0.3 --> 4.0
RedHat CD NFS.
...
#$%^#$&&^)#%$@$&^*%%^
/etc/hosts, /etc/httpd/conf/*,
/etc/sendmail.cf, /etc/lilo.conf
, - . ?
Update RedHat 4.0 --> 4.1
1. : "Keep current
network setting" "No", re
boot, .
"Keep"
2. update
klog-daemon: ws unknown action
: syslog.conf .
news.=crit /var/log/news/ne
ws.crit ^^^
3. sendmail 8.8.5 uucp-
delivering. Smart-relay-host,
DNS-resolving.
, FEATURE(nodns) .
uucp_without_dns sendmail.cf - slackware 2.0
: xdm, uucp, startx-win95...
//
. moshkow@ipsun.ras.ru
http://www.scyld.com/network/rtl8139.html
http://www.scyld.com/expert/modules.html
:
gcc -DMODULE -D__KERNEL__ -O6 -c driver.c
/lib/modules/kernel-version/net/driver.o
install -m 644 driver.o /lib/modules/`uname -r`/net/
/etc/modules.conf:
###########################
alias eth0 driver
options driver full_duplex=1,0,1 debug=0
# full-duplex 1 3-
###########################
time_wait
netstat -na -f inet | grep ^tcp4 | awk '{print $(NF)}'|sort |uniq -c
echo 1600 >/proc/sys/net/ipv4/tcp_keepalive_time
echo 20 >/proc/sys/net/ipv4/tcp_fin_timeout
echo 1 > /proc/sys/net/ipv4/tcp_keepalive_probes
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo 393213 > /proc/sys/net/core/rmem_max
echo 393213 > /proc/sys/net/core/rmem_default
echo 393213 > /proc/sys/net/core/wmem_max
echo 393213 > /proc/sys/net/core/wmem_default
# mke2fs /dev/fd0
# mount /dev/fd0 /mnt/fd
# mkdir /mnt/fd/boot
# mkdir /mnt/fd/boot/grub
# cp /boot/grub/stage1 /mnt/fd/boot/grub/stage1
# cp /boot/grub/stage2 /mnt/fd/boot/grub/stage2
# cp /boot/grub/menu.lst /mnt/fd/boot/grub/menu.lst
# umount /mnt/fd
# /sbin/grub --batch --device-map=/dev/null <
Last-modified: Fri, 28 Apr 2006 08:23:52 GMT