Linux Admin: Difference between revisions
Line 700: | Line 700: | ||
|<tt>debug</tt>||rsyslog||Messages with ''debug'' priority, but excluding facilities ''auth'', ''mail'' and ''news'' |
|<tt>debug</tt>||rsyslog||Messages with ''debug'' priority, but excluding facilities ''auth'', ''mail'' and ''news'' |
||
|- |
|- |
||
|'''<tt>dmesg</tt>'''||'''kernel'''||'''Boot time hardware detection and driver setup (i.e. kernel messages before syslog daemon is launched).'''<br/> |
|'''<tt>dmesg</tt>'''||'''kernel'''||'''Boot time hardware detection and driver setup (i.e. kernel messages before syslog daemon is launched).'''<br/>This is *not* the same as <code>dmesg</code> output (see <tt>kern.log</tt>)! |
||
|- |
|- |
||
|<tt>dpkg.log</tt>|| || |
|<tt>dpkg.log</tt>|| || |
Revision as of 18:55, 20 May 2014
Documentation / Getting Help
- yelp
- Default Gnome help system. Contains basic documentation, manpages, and guides (which can even install applications if clicked on)
- doc-base
- The doc-base package implements a flexible mechanism for handling and presenting documentation. See doc-base on debian.org.
- dwww
- dwww is the web base documentation reader. When installed, you can browse the documentation available on your machine by opening your browser at http://localhost/dwww/. dwww has also command-line support.
General SysAdmin command
Source [1]:
- System
top
— process activity commandvmstat
— system activity, hardware and system informationw
— find out who is logged on and what they are doinguptime
— tell how long the system has been runningps
— displays the processesfree
— memory usageiostat
— average cpu load, disk activitysar
— collect and report system activitympstat
— multiprocessor usagepmap
— process memory usagenetstat
andss
— network statisticsiptraf
— real-time network statisticstcpdump
— detailed network traffic analysisstrace
— system calls- /proc file system — various kernel statistics
cat /proc/cpuinfo
cat /proc/meminfo
cat /proc/zoneinfo
cat /proc/mounts
- Nagios Server And Network Monitoring
- Cacti - Web-based Monitoring Tool
- KDE System Guard - Real-time Systems Reporting and Graphing
- Gnome System Monitor - Real-time Systems Reporting and Graphing
Some more tools:
nmap
lsof
ntop
Conky
GKrellM
vnstat
htop
mtr
dstat
(combines vmstat, iostat, ifstat, netstat information and more)munin
Kernel
Architecture (32/64-bit)
32-bit executables can still run on 64-bit architecture (amd-64). Check package ia32-libs.
Note that 32-bit libraries are located in /usr/lib32 and not in /usr/lib
OOM Score (Out of Memory)
Kernel has an advanced algorithm to detect which process to kill when an Out of Memory occures (from [2]):
[...] But, actually, Linux doesn't just pick the process with the failed allocation to kill. Instead, when a process makes a memory request which cannot be fulfilled, the OS runs a quick calculation of the memory usage "badness" of all processes. The base of the badness score is the processes resident memory, plus the resident memory of child processes. Processes that have been "nice'd" get a score boost (on the theory they're likely to be less important), but long-running processes get a score decrease (on the theory they're likely to be more important). Superuser processes have their score decreased. Finally, processes have their scores decreased by a user-settable value in /proc//oom_adj (default is no adjustment). Also, if /proc//oom_adj is set to the constant OOM_DISABLE, then the process is not killable.
When memory runs out, Linux kills the process with the highest score. If a single ordinary user process, especially a short-lived desktop process, has consumed nearly all of the system RAM, and no one has messed with oom_adj for that process, then it WILL be the one that dies. [...]
The OOM score of each process can be obtained with:
find /proc -maxdepth 2 -name oom_score | while read i; do echo -n "$i "; cat $i; done | sort -n -k2
/etc/sudoers
The man page gives a complete but unclear description of the file specification. Here a simplified but complete version:
First the description of possible entries in the file:
# Alias
'User_Alias' NAME '=' User... (':' NAME '=' User... )*
'Runas_Alias' NAME '=' Runas_Member... (':' NAME '=' Runas_Member...)*
'Host_Alias' NAME '=' Host... (':' NAME '=' Host... )*
'Cmnd_Alias' NAME '=' Cmnd... (':' NAME '=' Cmnd... )*
#Default_Entry
'Defaults' ('@' Host... | ':' User... | '!' Cmnd... | '>' Runas_Member...)? Parameter...
#User_Spec
User... Host... '=' Cmnd_Spec... (':' Host... '=' Cmnd_Spec...)*
Now the description of the syntactical elements (note the description of ...
, which is simply a comma-separated list):
identifier... ::= identifier (',' identifier)*
NAME ::= [A-Z]([a-z][A-Z][0-9]_)*
User /
Runas_Member ::= '!'* ( username | '#'uid | '%'group | '+'netgroup | Alias | 'ALL' )
Host ::= '!'* ( hostname | ip_addr | network(/netmask)? | '+'netgroup | Alias| 'ALL' )
Cmnd ::= '!'* ( command filename (args | '""')? | directory | "sudoedit" | Alias | 'ALL' )
Parameter ::= Parameter '=' Value | Parameter '+=' Value | Parameter '-=' Value | '!'* Parameter
Cmnd_Spec ::= ('(' Runas_Member...? (':' ...? ')')? ('NOPASSWD:'|'PASSWD:'|'NOEXEC:'|'EXEC:'|'SETENV:'|'NOSETENV:')* Cmnd
- HTTP Proxy — When using a HTTP proxy defined through the variable
http_proxy
, you have to add/change the following lines to /etc/sudoers:
Defaults env_reset, env_keep=http_proxy
File Systems & Backup
See page Linux Disk Management.
System
IO Usage Accounting
To view IO usage of a specific process, check /proc/self/io, /proc/...pid.../io:
cat /proc/1234/io # View usage of process pid 1234
cat /proc/$(pgrep '^dd$')/io # View usage of process(es) named 'dd'
cat /proc/self/io # View udage of current process
# rchar: 2012
# wchar: 0
# syscr: 7
# syscw: 0
# read_bytes: 36864
# write_bytes: 0
# cancelled_write_bytes: 0
Hardware
Commands
Interesting commands:
- lshw, list hardware
lshw -C network
lshw -C display # See video controller
lshw -C display | grep driver # ... see driver in use
- lspci, listing all PCI devices
lspci
lspci | grep -i wireless # Write down sloce id of device
lspvi | grep -i vga # See video controller
sudo lspci -vv -nn -s 0c: # Slot id 0c:...
- inxi, Command line system information script for console and IRC
inxi -Gx # as current X desktop user, no sudo
- lsmod, Show the status of modules in the Linux Kernel
lsmod | sort
- modprobe, add and remove modules from the Linux kernel
- modinfo, show information about a kernel module (incl. available parameters)
modinfo iwlagn
uname -rm
- lsusb, list USB devices
lsusb
# Bus 008 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
# Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
# Bus 006 Device 008: ID 056e:0056 Elecom Co., Ltd
# Bus 006 Device 006: ID 1131:1004 Integrated System Solution Corp. Bluetooth Device
lsusb -t
# /: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=ohci_hcd/8p, 12M
# |__ Port 1: Dev 2, If 0, Class=HID, Driver=usbhid, 12M
# /: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=ehci_hcd/8p, 480M
- USB devices are located at /dev/bus/usb, according to their bus and device id (for instance /dev/bus/usb/001/002 for bus 001, dev 002)
- usb-ctrl, control USB power (compiled from hub-ctrl.c, see USB)
usb-ctrl -v # Get list of devices and status
usb-ctrl -b 1 -d 1 -P 1 # Shut down port 1 on bus 1, dev 1
- usb-devices, list USB devices
usb-devices
# T: Bus=01 Lev=02 Prnt=02 Port=03 Cnt=02 Dev#= 4 Spd=12 MxCh= 0
# D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
# P: Vendor=413c ProdID=8197 Rev=01.12
# S: Manufacturer=Dell Computer Corp
# S: Product=DW380 Bluetooth Module
# S: SerialNumber=2016D895569F
# C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=0mA
# I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
# I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
# I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
# I: If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none)
- Debug information
dmesg | egrep -i "wlan|iwl"
- To test availability of OpenGL:
glxinfo | grep -i direct
# The result should be:
# direct rendering: Yes
- Input devices in /proc (some not listed by commands above — e.g. synaptic touchpad):
cat /proc/bus/input/devices # List input devices
- udevadm — Query udev database
udevadm info -q all -n /dev/bus/usb/002/001 # Can query using the device name
udevadm info -q all -p /sys/bus/usb/devices/usb2 # Or using udev device paths (or symlink)
udevadm info -a -n /dev/bus/usb/002/040 # Walk up the chain of parent device, and for each, show attributes
- Wireless
- iwconfig, configure a wireless network interface
iwconfig wlan0
- iwlist, get more detailed wireless information from a wireless interface
sudo iwlist scan
- rfkill, show state of RF SW/HW kill switch (WiFi / BT / ...)
rfkill list all
Wireless firmware
Locate your wireless card:
lspci | grep -i network
# 0c:00.0 Network controller: Intel Corporation PRO/Wireless 5300 AGN [Shiloh] Network Connection
# =======
lspci -s 0c: -v
#0c:00.0 Network controller: Intel Corporation PRO/Wireless 5300 AGN [Shiloh] Network Connection
#...
# Kernel modules: iwlagn
# ======
To get driver version:
sudo lshw -C network
# configuration: broadcast=yes driver=iwlagn driverversion=2.6.32-32-generic-pae firmware=8.24.2.12 latency=0 link=yes multicast=yes wireless=IEEE 802.11abgn
# ==================
Print module information, the loaded firmware is located at the very beginning:
modinfo iwlagn
# filename: /lib/modules/2.6.32-32-generic-pae/updates/compat-wireless-2.6.37/iwlagn.ko
# ====================== ----------------> interesting
# description: Intelsl(R) Wireless WiFi Link AGN driver for Linux
# ...
# firmware: iwlwifi-4965-2.ucode \
# firmware: iwlwifi-5150-2.ucode |
# firmware: iwlwifi-5000-2.ucode |
# firmware: iwlwifi-130-5.ucode |
# firmware: iwlwifi-6000g2b-5.ucode |
# firmware: iwlwifi-6000g2a-5.ucode |___ The firmwares used by this driver
# firmware: iwlwifi-6050-5.ucode |
# firmware: iwlwifi-6000-4.ucode |
# firmware: iwlwifi-100-5.ucode |
# firmware: iwlwifi-1000-3.ucode /
For INTEL cards:
- The original drivers (microcode) are available on IntelLinuxWireless.org (downloads).
These are the iwlwifi*.ucode file. But as of kernel 2.6.24, these cannot be used as is. - Instead use the code from the compat-wireless project, in particular the one from linux 2.6.all stable compat-wireless releases.
See nxl65002ux for example on how to upgrade the wireless driver
Other links:
- Intel WiFi Link 5100/5300 WLAN controller on ThinkWiki.org, with detailed instructions on how to install iwlagn + ucode firmware — not so clear after all...
System information
- lshw is available by default,
- or use sysinfo (sudo apt-get install sysinfo),
- or use hardinfo (sudo apt-get install hardinfo),
udev & devfs
Reference: [3]
This chapter is about the devices in /dev. Since kernel 2.6, the content of this directory is generated by udev rules.
These rules are located at:
- /lib/udev/rules.d
- /etc/udev/rules.d (these can be customized)
Use udevadm to get information on a given device:
udevadm info -q path -n /dev/sda2 # To get the path to the device /dev/sda2
udevadm info -q -n /dev/sda2 # To get all the attributes of device /dev/sda2
udevadm info -a -p $(udevadm info -q path -n /dev/sda2) # Same as above
udevadm test $(udevadm info -q path -n /dev/sda2) 2>&1 | grep OWNER # Test the effect of a new rule on device /dev/sda2
USB Serial (FTDI, Prolific)
The usbserial module (usbserial.ko) provides a generic serial interface (aka virtual COM port in windows) for USB devices. They are basically two (low cost) chip providers on the market: FTDI and Prolific. For FTDI chips, drivers are included in kernel since 2.6.31. Module is called ftdi_sio, and exposes FTDI devices as generic usbserial device.
When connecting the device, the following can be seen in /var/log/messages
dmesg
usb 7-1: new full speed USB device using uhci_hcd and address 18
usb 7-1: configuration #1 chosen from 1 choice
ftdi_sio 7-1:1.0: FTDI USB Serial Device converter detected
usb 7-1: Detected FT232RL
usb 7-1: Number of endpoints 2
usb 7-1: Endpoint 1 MaxPacketSize 64
usb 7-1: Endpoint 2 MaxPacketSize 64
usb 7-1: Setting MaxPacketSize 64
usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0
usb 7-1: USB disconnect, address 18
Now, the device is available as /dev/ttyUSB0
- Problems, Issues, Workaround
- If you see a disconnect message, and no /dev/ttyUSB0 showing up:
ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
ftdi_sio 7-1:1.0: device disconnected
- The most probable cause is that you have package brltty installed. This package automatically identifies device with an FTDI chip as a braille device. The work-around is simply to uninstall the package.
- VirtualBox might also interfere with the usb device. User can give a list of USB devices that a virtual machine should immediately connect to when the device is plugged in. If the FTDI device is listed, VirtualBox will grab the device and it will not be available to the host. Simply unlist the device to get it back available on the host.
- Other potential conflicts around libusb, usbfs, libftdi
- Unsufficient access rights (typically user must be member of group dialout)
ls -l /dev/ttyUSB*
# crw-rw---- 1 root dialout 188, 0 2011-09-22 17:26 /dev/ttyUSB0
sudo gpasswd -a $USER dialout
id
# uid=6659(beq06659) gid=6659(beq06659) groups=4(adm),20(dialout),...
- Links
- Arduino board install guide
- USB-to-serial adapter for the Armadeus board
- libFTDI, a linux library to talk to FTDI chips (and using libusb).
- FTDI
- The Linux USB sub-system (apparently pre-udev)
- Advanced Kung-fu (Create a symlink with udev when attaching a device)
find /sys -name ttyUSB*
#Look up the attributes of the directory that should (hopefully) be listed (following is guestimate).
udevinfo -a -p /sys/class/tty/ttyUSB0
# pick a unique attribute to copy.
sudo gedit /etc/udev/rules.d/60-symlinks.rules
# Add lines:
# # Create /dev/bstamp symlink for FTDI Device
# KERNEL=="ttyUSB*", ATTRS{product}=="FT232RL", \
# SYMLINK+="bstamp"
#
# ATTRS{attr} will be the information taken from the undevinfo command.
sudo /etc/init.d/udev restart
- USB Serial on cygwin
Some interesting links:
- This explains that after setting up manually the COM: port number in windows (say COM16), one can access that port in cygwin by using /dev/ttyS15 or /dev/com16. However there might be a limitation that cygwin only allow up to 16 serial ports (from /dev/com1 up to /dev/com16), but maybe this limitation is not there anymore.
- Some answer in the post saying that cygwin support more than 16 ports (it mentions /dev/ttyS26). However it mentions also another issue that the input blocking until a CR is received.
- Some post from Corinna Vinschen, warning not to use windows names \\.\COMx or COMx in cygwin, or will not get any POSIX Serial I/O support from Cygwin.
NVidia
Check nvidia website for detailed information on nvidia drivers for linux:
Some tips:
- Use xdpyinfo to show the current extensions. For OpenGL, it should show extension "glx" and "nv-glx".
- Check dmesg for error messages related to nvidia
- Force reload of module with
modprobe nvidia
- Prevent Nouveau from being loaded. Create a file /etc/modprobe.d/disable-nouveau.conf:
blacklist nouveau
options nouveau modeset=0
- Note that this will not prevent the X server to load Nouveau. If loaded, this can be unloaded with
modprobe -r nouveau
, as long as Nouveau has been prevented from doing a kernel modeset.
My /etc/X11/xorg.conf on Maverick:
Section "Screen"
Identifier "Default Screen"
DefaultDepth 24
EndSection
Section "Module"
Load "glx"
EndSection
Section "Device"
Identifier "Default Device"
Driver "nvidia"
Option "NoLogo" "True"
EndSection
BlueTooth
- Install BlueTooth Manager to solve bluetooth connection issue (package blueman)
Udisks
The [udisks daemon serves as an interface to system block devices. It is responsible to mount automatically inserted DVDs.
- Troubleshooting - Fix broken permissions on UDF
- Some DVD recorder do not set correctly the directory permissions on DVDs (UDF file system) (missing 'x' flags)
- There is a fix in udisk that force directory permissions to 0500, but only if DVD is read-only (bug 635499, see fix [6])
- The fix does not work for DVD-RW that are not finalized yet. These discs are then not readable on Linux.
- There is no way apparently to override the default mount options in udisks [7], [8]). So our only hope is to patch the udisks package directly.
- The following is a patch on udisk=1.0.4-5ubuntu2.1 to force dmode=0500 for all optical discs with UDF file systems (to rebuild a package, see this page):
diff --git a/src/device.c b/src/device.c
index a7f8880..3174628 100644
--- a/src/device.c
+++ b/src/device.c
@@ -6204,10 +6204,8 @@ struct Job
/* dynamic default options */
/* some broken DVDs come with 0400 directory permissions, making them
- * unreadable; overwrite readonly UDF media with a 0500 dmode. */
- if (g_strcmp0 (device->priv->id_type, "udf") == 0 && device->priv->device_is_optical_disc &&
- device->priv->drive_media != NULL &&
- strstr(device->priv->drive_media, "_rw") == NULL && strstr(device->priv->drive_media, "_ram") == NULL)
+ * unreadable; overwrite all UDF media with a 0500 dmode. */
+ if (g_strcmp0 (device->priv->id_type, "udf") == 0 && device->priv->device_is_optical_disc)
{
g_ptr_array_add (options, g_strdup("dmode=0500"));
}
- Install the fixed package, and check that mount has the new dmode=0500 flag:
/dev/sr0 on /media/DVD VR type udf (ro,nosuid,nodev,uid=6659,gid=6659,iocharset=utf8,umask=0077,dmode=0500,uhelper=udisks)
- Alternate patch. This force flag dmode=0500 for all UDF file system, similar to iso9660:
diff --git a/src/device.c b/src/device.c
index 2d7621b..a7f8880 100644
--- a/src/device.c
+++ b/src/device.c
@@ -5926,7 +5926,7 @@ struct Job
/* ---------------------- udf -------------------- */
-static const char *udf_defaults[] = { "uid=", "gid=", "iocharset=utf8", "umask=0077", "dmode=0500", NULL };
+static const char *udf_defaults[] = { "uid=", "gid=", "iocharset=utf8", "umask=0077", NULL };
static const char *udf_allow[] = { "iocharset=", "umask=", "mode=", "dmode=", NULL };
static const char *udf_allow_uid_self[] = { "uid=", NULL };
static const char *udf_allow_gid_self[] = { "gid=", NULL };
@@ -6203,6 +6203,15 @@ struct Job
/* dynamic default options */
+ /* some broken DVDs come with 0400 directory permissions, making them
+ * unreadable; overwrite readonly UDF media with a 0500 dmode. */
+ if (g_strcmp0 (device->priv->id_type, "udf") == 0 && device->priv->device_is_optical_disc &&
+ device->priv->drive_media != NULL &&
+ strstr(device->priv->drive_media, "_rw") == NULL && strstr(device->priv->drive_media, "_ram") == NULL)
+ {
+ g_ptr_array_add (options, g_strdup("dmode=0500"));
+ }
+
/* user supplied options */
for (n = 0; given_options[n] != NULL; n++)
{
Software
Packages
See page Package Management.
Libraries
See the Library HOWTO.
Static Libraries
See Library HOWTO - Static Libraries
See Library HOWTO - Shared Libraries
Path conventions according to the info:standards#Directory_Variables GNU Standards (used by developers):
- /usr/local/lib: for all libraries when distributing source code (executables go to /usr/local/bin).
Path conventions according to the Filesystem Hierarchy Standard) (used by distributors through package management)
- /usr/lib: for most libraries (executables go to /usr/bin, executables that users should not call directly go to /usr/libexec/).
- /lib: for libraries needed at boot time.
- /usr/local/lib: for libraries that are not part of the system (/usr/local/bin for executables, and /usr/local/libexec for library executable)
- soname — real name — linker name
- /usr/lib/libreadline.so.3 is a fully-qualified soname (symlinked to realname below by ldconfig)
- /usr/lib/libreadline.so.3.0 is the realname
- /usr/lib/libreadline.so is the linker name (symlinked to soname /usr/lib/libreadline.so.3)
- Environment variables
- LD_LIBRARY_PATH temporarily overrides the usual library path for a given executable (should only be used for debugging)
- LD_DEBUG triggers debugging in C loader (e.g.
LD_DEBUG=files /bin/ls
)
- Utilities
ldconfig -n directory_with_shared_libraries #Creates soname links to realname when installing new libraries
ldd /bin/ls #List shared libraries needed by a given executable
Dynamically Loaded (DL) Libraries
See Library HOWTO - Dynamically Loaded Libraries.
Managing Alternatives
For instance, to define the default cursor-theme, use update-alternatives
:
sudo update-alternatives --config x-cursor-theme
Network
Commands
Linux Access Point
You can turn your laptop into a WiFi access point, provided of course that your WiFi card supports that feature:
sudo service network-manager stop
sudo iwconfig wlan0 mode master
If you get the following error then most probably it is not supported:
Error for wireless request "Set Mode" (8B06) :
SET failed on device wlan0 ; Invalid argument.
Turn NetworkManager back on:
sudo service network-manager start
Some links:
ZeroConfig
ZeroConfig refers to all utilities that help setting up network without any additional configuration. More information on wikipedia. See also zeroconf (open standard issued by Apple).
- Address resolution
- Name resolution
- In Apple ZeroConf, you can access a given host with name hostname.local without need of a local DNS server.
- Apple ZeroConf relies on mDNS (multicast DNS) protocol. mDNS client makes a request to a well-known multicast address (224.0.0.251 for IPv4 and ff02::fb for IPv6 link-local addressing).
- On Linux, avahi package implements the Apple Zeroconf specification.
- Service discovery
Network Manager - Search Path
See NetworkManager Ubuntu documentation for how to add a static local domain to resolv.conf search path.
Basically:
- In the NM applet, changed the network from DHCP (auto) to DHCP (address only)
- Edit the network configuration file in /etc/NetworkManager/system-connections to appear as follows:
- Select the network in the wired network
[ipv4] method=auto dns-search=domain1.com;domain2.org;domain3.edu; ignore-auto-routes=false ignore-auto-dns=false # !!! Set this line back to FALSE !!!
Import Windows Settings for Enterprise Wireless Network (Dynamic WEP or WPA & WPA2 Enterprise, TLS)
This chapter explains how to import the network configuration settings from Windows for an enterprise wireless network using Dynamic WEP (802.1x), with TLS authentication.
- In Windows, export the client Authentication certificate and private key from Windows Certificate Store:
- In Control Panel → Internet Options → Content tab, click Certificates, or
alternatively, type Win-R, certmgr.msc. - In the Personal tab, select the certificate used for client authentication, and click Export.
- In the new window, click Next, then select Yes, export the private key and click Next.
(If this option is grayed out, and you also have the message "The associated private key is marked as not exportable. Only the certificate can be exported", you can use the tool Jailbreak. For NXP, see the NXP page) - Select format Personal information interchange - PKCS #12 (.PFX), and select Include all the certificates in the certificate path if possible and Enable strong protection.
- Select a password, and save the file (say mywindowscert.pfx).
- In Ubuntu, split the exported certificate in the components CA / Cert / Private key (see [9]):
- Now create a new wireless network connection in Ubuntu:
- Security: Dynamic WEP (802.1x) or WPA & WPA2 Enterprise
- Authentication: TLS
- Identity: the account name (this is not necessarily the same as the name whom the certificate was issued to)
- User Certificate: mycert.crt.pem
- CA certificate: mycert.ca.pem
- Private key: mycert.key.p12
- Private key password: as required
openssl pkcs12 -in mywindowscert.pfx -nocerts -out mycert.key.p12
openssl pkcs12 -in mywindowscert.pfx -clcerts -nokeys -out mycert.crt.pem
openssl pkcs12 -in mywindowscert.pfx -cacerts -nokeys -out mycert.ca.pem
Firewall
To troubleshoot firewall connection issues:
- See firewall log (ufw.log for UFW)
- Use
netstat
:
#For instance, troubleshooting Samba server firewall issues:
service smb stop
netstat -ln > netstat-ln-smb.before
service smb start
netstat -ln > netstat-ln-smb.after
diff -u netstat-ln-smb.*
Network Time Protocol (ntp)
ntp is delivered with package ntp.
- Edit /etc/ntp.conf to add a server. For instance:
server wbi.nxp.com iburst
- Query ntp status:
ntpq -p # Print active servers and status
# st - stratum
# when - number of seconds since last poll
# offset - offset in ms between our time and server time
Reference:
Printing
CUPS
- Current print server on Ubuntu is CUPS
- Web Interface — CUPS server is accessed via at http://localhost:631 (see CUPS-Print Server)
- Reset CUPS printer
- Go to http://localhost:631 to reset CUPS printer
- More troubleshooting
- See [10]
- Setup backend error handler
- See [11], [12]
- beh is already installed on Ubuntu 12.04+.
- Another solution is to edit the policy ([13]).
- Default policy is retry-job, but I still get error message file is rejected. I tried then abort-job.
Rescue
Some tips to rescue a broken linux installation.
Using GRUB
See Grub#Rescue on how to fix a broken GRUB installation or on how to use GRUB to fix a broken linux installation.
Kernel line
To boot a minimal bash shell, edit the kernel line as follows:
- Change ro → rw to allow read-write access to file system
- Add init=/bin/bash to run Bash shell
After that, one can uses eg. nano to edit text configuration files.
To get boot messages:
- Remove quiet splash
- Add --verbose
Alt-SysRq-REISUB
Using the Magic SysRq key, one can usually reboot its system nicely (better than holding the power button for 5sec).
Press and hold Alt-SysRq, then press the following keys in sequence, waiting 1 second between each press: R, E, I,S, U, B.
On laptop, you often have to press and hold Alt, then Fn-SysRq, then release Fn while holding Alt-SysRq, and finally R E I S U B.
unRaw (take control of keyboard back from X), tErminate (send SIGTERM to all processes, allowing them to terminate gracefully), kIll (send SIGKILL to all processes, forcing them to terminate immediately), Sync (flush data to disk), Unmount (remount all filesystems read-only), reBoot.
A mnemonic "Reboot Even If System Utterly Broken", or BUSIER when read backwards
/var/log
Some external links:
- Quick HOWTO - Troubleshooting Linux with syslog
- System Log Viewer (package gnome-utils), is an handy tool to view log files under Gnome, with entries sorted by date, and new entries highlighted in bold.
syslog is an utility to log all system messages, from information messages to critical errors. Log files are stored in /var/log. On Ubuntu, the default logging system is rsyslog, with configuration files /etc/rsyslog.conf and in /etc/rsyslog.conf.d/.
Logs generated by rsyslog (see /etc/rsyslog.d/50-default.conf):
file | source | description |
---|---|---|
aptitude | ||
auth.log | rsyslog | Messages to facilities auth and authpriv |
boot | ||
boot.log | ||
btmp | ||
daemon.log | rsyslog | Messages to facility daemon |
debug | rsyslog | Messages with debug priority, but excluding facilities auth, mail and news |
dmesg | kernel | Boot time hardware detection and driver setup (i.e. kernel messages before syslog daemon is launched). This is *not* the same as dmesg output (see kern.log)!
|
dpkg.log | ||
faillog | ||
fontconfig.log | ||
jockey.log | ||
kern.log | rsyslog | Messages to facility kern (apparently dmesg will display the last 16392 octets of /var/log/kern.log since last boot [14])
|
lastlog | lastlog | last login of each user ([15]). It looks big, but it's a sparse file (du -h lastlog ) !!!
|
lpr.log | rsyslog | Messages to facility lpr |
mail.info | rsyslog | Messages to facility mail, priority ≥ info |
mail.err | rsyslog | Messages to facility mail, priority ≥ err |
mail.log | rsyslog | Messages to facility mail |
mail.warn | rsyslog | Messages to facility mail, priority ≥ warn |
messages | rsyslog | Messages with info,notice and warn priority, but excluding facilities auth, daemon, mail and news |
MountManager.log | ||
mysql.err | ||
mysql.log | ||
pm-powersave.log | ||
pm-suspend.log | ||
pycentral.log | ||
syslog.log | rsyslog | All messages except those in auth.log (i.e. facilities auth and authpriv) |
udev | ||
ufw.log | rsyslog | All messages from UFW firewall |
user.log | rsyslog | All messages targeting facility user |
vbox-install.log | ||
wtmp | ||
Xorg.0.log | ||
Xorg.failsafe.log |