Linux Admin: Difference between revisions

From miki
Jump to navigation Jump to search
(Managing Alternatives)
Line 62: Line 62:
sudo update-alternatives --config x-cursor-theme
sudo update-alternatives --config x-cursor-theme
</source>
</source>

== Wireless Network ==
=== Import Windows Settings for Enterprise Wireless Network (Dynamic WEP, TLS) ===
This chapter explains how to import the network configuration settings from Windows for an enterprise wireless network using ''Dynamic WEP (802.1x)'', with ''TLS'' authentication.

<ol>
<li>In Windows, '''export the client Authentication certificate and private key from Windows Certificate Store''':</li>
* In ''Control Panel'' &rarr; ''Internet Options'' &rarr; ''Content'' tab, click '''Certificates'''.
* In the ''Personal'' tab, select the certificate used for ''client authentication'', and click '''Export'''.
* In the new window, click ''Next'', then select '''Yes, export the private key''' and click ''Next''.<br/>(If this option is grayed out, and you also have the message "<tt>The associated private key is marked as not exportable. Only the certificate can be exported</tt>", you can use the tool [https://www.isecpartners.com/jailbreak.html Jailbreak])
* Select format ''Personal information interchange - PKCS #12 (.PFX)'', and select ''Include all the certificates in the certificate path if possible'' and ''Enable strong protection''.
* Select a password, and save the file (say <tt>mywindowscert.pfx</tt>).
<li>In Ubuntu, '''split the exported certificate''' in the components '''CA / Cert / Private key''' (see [http://wiki.yobi.be/wiki/CAcert]):</li>
<source lang="bash">
openssl -in mywindowscert.pfx -nocerts -out mycert.key.p12
openssl -in mywindowscert.pfx -clcerts -nokeys -out mycert.crt.pem
openssl -in mywindowscert.pfx -cacerts -nokeys -out mycert.ca.pem
</source>
<li>Now create a new wireless network connection in Ubuntu:</li>
* Security: '''Dynamic WEP (802.1x)'''
* Authentication: '''TLS'''
* Identity: the account name (this is not necessarily the same as the name whom the certificate was issued to)
* User Certificate: '''<tt>mycert.crt.pem</tt>'''
* CA certificate: '''<tt>mycert.ca.pem</tt>'''
* Private key: '''<tt>mycert.key.p12</tt>'''
* Private key password: as required
</ol>

Revision as of 11:38, 26 July 2010

/etc/sudoers

The man page gives a complete but unclear description of the file specification. Here a simplified but complete version:

First the description of possible entries in the file:

# Alias
'User_Alias'  NAME '=' User...         (':' NAME '=' User...        )*  |
'Runas_Alias' NAME '=' Runas_Member... (':' NAME '=' Runas_Member...)*  |
'Host_Alias'  NAME '=' Host...         (':' NAME '=' Host...        )*  |
'Cmnd_Alias'  NAME '=' Cmnd...         (':' NAME '=' Cmnd...        )*

#Default_Entry
'Defaults' ('@' Host... | ':' User... | '!' Cmnd... | '>' Runas_Member...)? Parameter...

#User_Spec
User... Host... '=' Cmnd_Spec...       (':' Host... '=' Cmnd_Spec...)*

Now the description of the syntactical elements:

identifier... ::= identifier (',' identifier)*

NAME          ::= [A-Z]([a-z][A-Z][0-9]_)*

User /
Runas_Member  ::= '!'* ( username | '#'uid | '%'group | '+'netgroup | Alias | 'ALL' )

Host          ::= '!'* ( hostname | ip_addr | network(/netmask)? | '+'netgroup | Alias| 'ALL' )

Cmnd          ::= '!'* ( command filename (args | '""')? | directory | "sudoedit" | Alias | 'ALL' )

Parameter     ::= Parameter '=' Value | Parameter '+=' Value | Parameter '-=' Value | '!'* Parameter

Cmnd_Spec     ::= ('(' Runas_Member...? (':' ...? ')')? ('NOPASSWD:'|'PASSWD:'|'NOEXEC:'|'EXEC:'|'SETENV:'|'NOSETENV:')* Cmnd

File Systems

Reiserfs

  • For better performance, use mount switch noatime,notail (see [1])

udev & devfs

Reference: [2]

This chapter is about the devices in /dev. Since kernel 2.6, the content of this directory is generated by udev rules.

These rules are located at:

  • /lib/udev/rules.d
  • /etc/udev/rules.d (these can be customized)

Use udevadm to get information on a given device:

udevadm info -q path -n /dev/sda2                                     # To get the path to the device /dev/sda2
udevadm info -q -n /dev/sda2                                          # To get all the attributes of device /dev/sda2
udevadm info -a -p $(udevadm info -q path -n /dev/sda2)               # Same as above
udevadm test $(udevadm info -q path -n /dev/sda2) 2>&1 | grep OWNER   # Test the effect of a new rule on device /dev/sda2

Managing Alternatives

For instance, to define the default cursor-theme, use update-alternatives:

sudo update-alternatives --config x-cursor-theme

Wireless Network

Import Windows Settings for Enterprise Wireless Network (Dynamic WEP, TLS)

This chapter explains how to import the network configuration settings from Windows for an enterprise wireless network using Dynamic WEP (802.1x), with TLS authentication.

  1. In Windows, export the client Authentication certificate and private key from Windows Certificate Store:
    • In Control PanelInternet OptionsContent tab, click Certificates.
    • In the Personal tab, select the certificate used for client authentication, and click Export.
    • In the new window, click Next, then select Yes, export the private key and click Next.
      (If this option is grayed out, and you also have the message "The associated private key is marked as not exportable. Only the certificate can be exported", you can use the tool Jailbreak)
    • Select format Personal information interchange - PKCS #12 (.PFX), and select Include all the certificates in the certificate path if possible and Enable strong protection.
    • Select a password, and save the file (say mywindowscert.pfx).
  2. In Ubuntu, split the exported certificate in the components CA / Cert / Private key (see [3]):
  3. openssl -in mywindowscert.pfx -nocerts -out mycert.key.p12
    openssl -in mywindowscert.pfx -clcerts -nokeys -out mycert.crt.pem
    openssl -in mywindowscert.pfx -cacerts -nokeys -out mycert.ca.pem
    
  4. Now create a new wireless network connection in Ubuntu:
    • Security: Dynamic WEP (802.1x)
    • Authentication: TLS
    • Identity: the account name (this is not necessarily the same as the name whom the certificate was issued to)
    • User Certificate: mycert.crt.pem
    • CA certificate: mycert.ca.pem
    • Private key: mycert.key.p12
    • Private key password: as required