WTF *Nix

However many times I have been asked how the Linux boots, well as it turns out, there isn’t much to the boot process, see the following six steps it takes:

1. A boot loader finds the kernel image on the disk, loads it into memory, and starts it.
2. The kernel initializes the devices and its drivers.
3. The kernel mounts the root filesystem.
4. The kernel starts a program called init.
5. init sets the rest of the processes in motion.
6. The last processes that init starts as part of the boot sequence allow you to log in.

Identifying each stage of the boot process is invaluable in fixing boot problems and understanding the system as a whole. To start, zero in on the boot loader, which is the initial screen or prompt you get after the computer does its power-on self-test, asking which operating system to run. After you make a choice, the boot loader runs the Linux kernel, handing control of the system to the kernel.

This writing covers the kernel initialization stage, the stage when the kernel prints a bunch of messages about the hardware present on the system. The kernel starts init just after it displays a message proclaiming that the kernel has mounted the root filesystem:

VFS: Mounted root (ext2 filesystem) readonly.

Soon after, you will see a message about init starting, followed by system service startup messages, and finally you get a login prompt of some sort.

NOTE On Red Hat Linux, the init note is especially obvious, because it “welcomes” you to “Red Hat Linux.” All messages thereafter show success or EPIC failure in brackets at the right-hand side of the screen.

Most of this chit chat deals with init, because it is the part of the boot sequence where you have the most control.

init

There is nothing special about init. It is a program just like any other on the Linux system, and you’ll find it in /sbin along with other system binaries. The main purpose of init is to start and stop other programs in a particular sequence. All you have to know is how this sequence works.

There are a few different variations, but most Linux distributions use the System V style discussed here. Some distributions use a simpler version that resembles the BSD init, but you are unlikely to encounter this.

Runlevels

At any given time on a Linux system, a certain base set of processes is running. This state of the machine is called its runlevel, and it is denoted with a number from 0 through 6. The system spends most of its time in a single runlevel. However, when you shut the machine down, init switches to a different runlevel in order to terminate the system services in an orderly fashion and to tell the kernel to stop. Yet another runlevel is for single-user mode, discussed later.

The easiest way to get a handle on runlevels is to examine the init configuration file, /etc/inittab. Look for a line like the following:

id:5:initdefault:

This line means that the default runlevel on the system is 5. All lines in the inittab file take this form, with four fields separated by colons occurring in the following order:

# A unique identifier (a short string, such as id in the preceding example)

# The applicable runlevel number(s)

# The action that init should take (in the preceding example, the action is to set the default runlevel to 5)

# A command to execute (optional)

There is no command to execute in the preceding initdefault example because a command doesn’t make sense in the context of setting the default runlevel. Look a little further down in inittab, until you see a line like this:

l5:5:wait:/etc/rc.d/rc 5

This line triggers most of the system configuration and services through the rc*.d and init.d directories. You can see that init is set to execute a command called /etc/rc.d/rc 5 when in runlevel 5. The wait action tells when and how init runs the command: run rc 5 once when entering runlevel 5, and then wait for this command to finish before doing anything else.

There are several different actions in addition to initdefault and wait, especially pertaining to power management, and the inittab(5) manual page tells you all about them. The ones that you’re most likely to encounter are explained in the following sections.

respawn

The respawn action causes init to run the command that follows, and if the command finishes executing, to run it again. You’re likely to see something similar to this line in your inittab file:

1:2345:respawn:/sbin/mingetty tty1

The getty programs provide login prompts. The preceding line is for the first virtual console (/dev/tty1), the one you see when you press ALT-F1 or CONTROL-ALT-F1. The respawn action brings the login prompt back after you log out.

ctrlaltdel

The ctrlaltdel action controls what the system does when you press CONTROL-ALT-DELETE on a virtual console. On most systems, this is some sort of reboot command using the shutdown command.

sysinit

The sysinit action is the very first thing that init should run when it starts up, before entering any runlevels.

How processes in runlevels start

You are now ready to learn how init starts the system services, just before it lets you log in. Recall this inittab line from earlier:

l5:5:wait:/etc/rc.d/rc 5

This small line triggers many other programs. rc stands for run commands, and you will hear people refer to the commands as scripts, programs, or services. So, where are these commands, anyway?

For runlevel 5, in this example, the commands are probably either in /etc/rc.d/rc5.d or /etc/rc5.d. Runlevel 1 uses rc1.d, runlevel 2 uses rc2.d, and so on. You might find the following items in the rc5.d directory:

S10sysklogd S20ppp S99gpm

S12kerneld S25netstd_nfs S99httpd

S15netstd_init S30netstd_misc S99rmnologin

S18netbase S45pcmcia S99sshd

S20acct S89atd

S20logoutd S89cron

The rc 5 command starts programs in this runlevel directory by running the following commands:

S10sysklogd start

S12kerneld start

S15netstd_init start

S18netbase start

S99sshd start

Notice the start argument in each command. The S in a command name means that the command should run in start mode, and the number (00 through 99) determines where in the sequence rc starts the command.

The rc*.d commands are usually shell scripts that start programs in /sbin or /usr/sbin. Normally, you can figure out what one of the commands actually does by looking at the script with less or another pager program.

You can start one of these services by hand. For example, if you want to start the httpd Web server program manually, run S99httpd start. Similarly, if you ever need to kill one of the services when the machine is on, you can run the command in the rc*.d directory with the stop argument (S99httpd stop, for instance).

Some rc*.d directories contain commands that start with K (for “kill,” or stop mode). In this case, rc runs the command with the stop argument instead of start. You are most likely to encounter K commands in runlevels that shut the system down.

Adding and removing services

If you want to add, delete, or modify services in the rc*.d directories, you need to take a closer look at the files inside. A long listing reveals a structure like this:

lrwxrwxrwx . . . S10sysklogd -> ../init.d/sysklogd

lrwxrwxrwx . . . S12kerneld -> ../init.d/kerneld

lrwxrwxrwx . . . S15netstd_init -> ../init.d/netstd_init

lrwxrwxrwx . . . S18netbase -> ../init.d/netbase

The commands in an rc*.d directory are actually symbolic links to files in an init.d directory, usually in /etc or /etc/rc.d. Linux distributions contain these links so that they can use the same startup scripts for all runlevels. This convention is by no means a requirement, but it often makes organization a little easier.

To prevent one of the commands in the init.d directory from running in a particular runlevel, you might think of removing the symbolic link in the appropriate rc*.d directory. This does work, but if you make a mistake and ever need to put the link back in place, you might have trouble remembering the exact name of the link. Therefore, you shouldn’t remove links in the rc*.d directories, but rather, add an underscore (_) to the beginning of the link name like this:

mv S99httpd _S99httpd

At boot time, rc ignores _S99httpd because it doesn’t start with S or K. Furthermore, the original name is still obvious, and you have quick access to the command if you’re in a pinch and need to start it by hand.

To add a service, you must create a script like the others in the init.d directory and then make a symbolic link in the correct rc*.d directory. The easiest way to write a script is to examine the scripts already in init.d, make a copy of one that you understand, and modify the copy.

When adding a service, make sure that you choose an appropriate place in the boot sequence to start the service. If the service starts too soon, it may not work, due to a dependency on some other service. For non-essential services, most systems administrators prefer numbers in the 90s, after most of the services that came with the system.

Linux distributions usually come with a command to enable and disable services in the rc*.d directories. For example, in Debian, the command is update-rc.d, and in Red Hat Linux, the command is chkconfig. Graphical user interfaces are also available. Using these programs helps keep the startup directories consistent and helps with upgrades.

HINT: One of the most common Linux installation problems is an improperly configured XFree86 server that flicks on and off, making the system unusable on console. To stop this behavior, boot into single-user mode and alter your runlevel or runlevel services. Look for something containing xdm, gdm, or kdm in your rc*.d directories, or your /etc/inittab .

Controlling init

Occasionally, you need to give init a little kick in the ass to tell it to switch runlevels, to re-read the inittab file, or just to shut down the system. Because init is always the first process on a system, its process ID is always 1.

You can control init with telinit. For example, if you want to switch to runlevel 3, use this command:

telinit 3

When switching runlevels, init tries to kill off any processes that aren’t in the inittab file for the new runlevel. Therefore, you should be careful about changing runlevels.

When you need to add or remove respawning jobs or make any other change to the inittab file, you must tell init about the change and cause it to re-read the file. Some people use kill -HUP 1 to tell init to do this. This traditional method works on most versions of Unix, as long as you type it correctly. However, you can also run this telinit command:

telinit q

You can also use telinit s to switch to single-user mode.

Shutting down

init also controls how the system shuts down and reboots. The proper way to shut down a Linux machine is to use the shutdown command.

There are two basic ways to use shutdown. If you halt the system, it shuts the machine down and keeps it down. To make the machine halt immediately, use this command:

shutdown -h now

On most modern machines with reasonably recent versions of Linux, a halt cuts the power to the machine. You can also reboot the machine. For a reboot, use -r instead of -h.

The shutdown process takes several seconds. You should never reset or power off a machine during this stage.

In the preceding example, now is the time to shut down. This argument is mandatory, but there are many ways of specifying it. If you want the machine to go down sometime in the future, one way is to use +n, where n is the number of minutes shutdown should wait before doing its work. For other options, look at the shutdown(8) manual page. Are you bored so far of how the Linux boots? Well here on wtfnix.com you shouldn’t be too bored, because it’s fun to learn all about Linux on wtfnix.com

To make the system reboot in 10 minutes, run this command:

shutdown -r +10

On Linux, shutdown notifies anyone logged on that the machine is going down, but it does little real work. If you specify a time other than now, shutdown creates a file called /etc/nologin. When this file is present, the system prohibits logins by anyone except the superuser.

When system shutdown time finally arrives, shutdown tells init to switch to runlevel 0 for a halt and runlevel 6 for a reboot. When init enters runlevel 0 or 6, all of the following takes place, which you can verify by looking at the scripts inside rc0.d and rc6.d:

1. init kills every process that it can (as it would when switching to any other runlevel).

# The initial rc0.d/rc6.d commands run, locking system files into place and making other preparations for shutdown.

# The next rc0.d/rc6.d commands unmount all filesystems other than the root.

# Further rc0.d/rc6.d commands remount the root filesystem read-only.

# Still more rc0.d/rc6.d commands write all buffered data out to the filesystem with the sync program.

# The final rc0.d/rc6.d commands tell the kernel to reboot or stop with the reboot, halt, or poweroff program.

The reboot and halt programs behave differently for each runlevel, potentially causing confusion. By default, these programs call shutdown with the -r or -h options, but if the system is already at the halt or reboot runlevel, the programs tell the kernel to shut itself off immediately. If you really want to shut your machine down in a hurry disregarding any possible damage from a disorderly shutdown, use the -f option.

So get to it, this is just a crack in the Linux Boot, you have a boat load more to learn!

So… WTF Get’r done!

Going to break these down into parts for each of you to understand if you are new in this area… I know for a fact there are some gurus out there that may read this and say something along the lines… “What a waste of time…” Well this this isn’t for you ole Mighty Gurus

So lets start with…

Web and FTP Servers

Every network that has an internet connection is at risk of being compromised. While there are several steps that you can take to secure your LAN, the only real solution is to close your LAN to incoming traffic, and restrict outgoing traffic.

However some services such as web or FTP servers require incoming connections. If you require these services you will need to consider whether it is essential that these servers are part of the LAN, or whether they can be placed in a physically separate network known as a DMZ (demilitarized zone). Ideally all servers in the DMZ will be stand alone servers, with unique logons and passwords for each server. If you require a backup server for machines within the DMZ then you should acquire a dedicated machine and golden rule is to keep the backup solution separate from the LAN backup solution.

The DMZ will come directly off the firewall, which means that there are two routes in and out of the DMZ, traffic to and from the internet, and traffic to and from the LAN. Traffic between the DMZ and your LAN would be treated totally separately to traffic between your DMZ and the Internet. Incoming traffic from the internet would be routed directly to your DMZ.

Then if any hacker were to compromise a machine within the DMZ, then the only network they would have access to would be the DMZ. The hacker would have little or no access to the LAN. It would also be the case that any virus infection or other security compromise within the LAN would not be able to migrate to the DMZ.

In order for the DMZ to be effective, you will have to keep the traffic between the LAN and the DMZ to a minimum. In the majority of cases, the only traffic required between the LAN and the DMZ is FTP. If you do not have physical access to the servers, you will also need some sort of remote management protocol such as terminal services (SSH, RDC and etc..) or VNC.

Database servers

If your web servers require access to a database server, then you will need to consider where to place your database. The most secure place to locate a database server is to create yet another physically separate network called the “secure zone,” and to place the database server there!!! Not in the UNSECURED ZONE!

The “secure zone” is also a physically separate network connected directly to the firewall. The Secure zone is by definition the most secure place on the network. The only access to or from the secure zone would be the database connection from the DMZ (and LAN if required).

Exceptions to the rule

The dilemma faced by network engineers (monkeys) is where to put the email server. It requires SMTP connection to the internet, yet it also requires domain access from the LAN. If you where to place this server in the DMZ, the domain traffic would compromise the integrity of the DMZ, making it simply an extension of the LAN.  My opinion, the only place you can put an email server is on the LAN and allow SMTP traffic into this server. However I would recommend against allowing any form of HTTP access into this server. If your users require access to their mail from outside the network, it would be far more secure to look at some form of VPN solution. (a brief on why using the VPN solution, is to have the firewall handle the VPN connections. LAN based VPN servers allow the VPN traffic onto the network before it is authenticated, which is NEVER a good practice.)

I know this doesn’t cover EVERYTHING under the sun for security on web servers, however this is just a “brief” overview on why to secure and what to place where in my own experiences…  So get secured and if you have any questions, you know this blog is WIDE-OPEN for you to post up to seek help, and surely I don’t know EVERYTHING yet… I’ll damn sure try to find the answer for you regardless. =)

WTF get’r done!!!

Compiled a list of commands for the onlookers needing to learn or know the mIRC commands that are out there Enjoy!

/ Recalls the previous command entered in the current window.

/! Recalls the last command typed in any window.

/action {action text} Sends the specifed action to the active channel or query window.

/add [-apuce] {filename.ini} Loads aliases, popups, users, commands, and events.

/ame {action text} Sends the specifed action to all channels which you are currently on.

/amsg {text} Sends the specifed message to all channels which you are currently on.

/auser {level} {nick|address} Adds a user with the specified access level to the remote users

list.

/auto [on|off|nickname|address] Toggles auto-opping of a nick or address or sets it on or off

totally.

/away {away message} Sets you away leave a message explaining that you are not currently paying

attention to IRC.

/away Sets you being back.

/ban [#channel] {nickname} [type] Bans the specified nick from the curent or given channel.

/beep {number} {delay} Locally beeps ‘number’ times with ‘delay’ in between the beeps. /channel

Pops up the channel central window (only works in a channel).

/clear Clears the entire scrollback buffer of the current window.

/ctcp {nickname} {ping|finger|version|time|userinfo|clientinfo} Does the given ctcp request on

nickname.

/closemsg {nickname} Closes the query window you have open to the specified nick.

/creq [ask | auto | ignore] Sets your DCC ‘On Chat request’ settings in DCC/Options.

/dcc send {nickname} {file1} {file2} {file3} … {fileN} Sends the specified files to nick.

/dcc chat {nickname} Opens a dcc window and sends a dcc chat request to nickname.

/describe {#channel} {action text} Sends the specifed action to the specified channel window.

/dde [-r] {service} {topic} {item} [data] Allows DDE control between mIRC and other

applications.

/ddeserver [on [service name] | off] To turn on the DDE server mode, eventually with a given

service name.

/disable {#groupname} De-activates a group of commands or events.

/disconnect Forces a hard and immediate disconnect from your IRC server. Use it with care.

/dlevel {level} Changes the default user level in the remote section.

/dns {nickname | IP address | IP name} Uses your providers DNS to resolve an IP address.

/echo [nickname|#channel|status] {text} Displays the given text only to YOU on the given place

in color N.

/enable {#groupname} Activates a group of commands or events.

/events [on|off] Shows the remote events status or sets it to listening or not.

/exit Forces mIRC to closedown and exit.

/finger Does a finger on a users address.

/flood [{numberoflines} {seconds} {pausetime}] Sets a crude flood control method.

/fsend [on|off] Shows fsends status and allows you to turn dcc fast send on or off.

/fserve {nickname} {maxgets} {homedirectory} [welcome text file] Opens a fileserver.

/guser {level} {nick} [type] Adds the user to the user list with the specified level and

address type.

/help {keyword} Brings up the Basic IRC Commands section in the mIRC help file.

/ignore [on|off|nickname|address] Toggles ignoring of a nick or address or sets it on or off

totally.

/invite {nickname} {#channel} Invites another user to a channel.

/join {#channel} Makes you join the specified channel.

/kick {#channel} {nickname} Kicks nickname off a given channel.

/list [#string] [-min #] [-max #] Lists all currently available channels, evt. filtering for

parameters.

/log [on|off] Shows the logging status or sets it on or off for the current window.

/me {action text} Sends the specifed action to the active channel or query window.

/mode {#channel|nickname} [[+|-]modechars [parameters]] Sets channel or user modes.

/msg {nickname} {message} Send a private message to this user without opening a query window.

/names {#channel} Shows the nicks of all people on the given channel.

/nick {new nickname} Changes your nickname to whatever you like.

/notice {nick} {message} Send the specified notice message to the nick.

/notify [on|off|nickname] Toggles notifying you of a nick on IRC or sets it on or off totally.

/onotice [#channel] {message} Send the specified notice message to all channel ops.

/omsg [#channel] {message} Send the specified message to all ops on a channel.

/part {#channel} Makes you leave the specified channel.

/partall Makes you leave all channels you are on.

/ping {server address} Pings the given server. NOT a nickname.

/play [-c] {filename} [delay] Allows you to send text files to a window.

/pop {delay} [#channel] {nickname} Performs a randomly delayed +o on a not already opped nick.

/protect [on|off|nickname|address] Toggles protection of a nick or address or sets it on or off

totally.

/query {nickname} {message} Open a query window to this user and send them the private message.

/quit [reason] Disconnect you from IRC with the optional byebye message.

/raw {raw command} Sends any raw command you supply directly to the server. Use it with care!!

/remote [on|off] Shows the remote commands status or sets it to listening or not.

/rlevel {access level} Removes all users from the remote users list with the specified access

level.

/run {c:\path\program.exe} [parameters] Runs the specified program, evt. with parameters.

/ruser {nick[!]|address} [type] Removes the user from the remote users list.

/save {filename.ini} Saves remote sections into a specified INI file.

/say {text} Says whatever you want to the active window.

/server [server address [port] [password]] Reconnects to the previous server or a newly

specified one.

/sound [nickname|#channel] {filename.wav} {action text} Sends an action and a fitting sound.

/speak {text} Uses the external text to speech program Monologue to speak up the text.

/sreq [ask | auto | ignore] Sets your DCC ‘On Send request’ settings in DCC/Options.

/time Tells you the time on the server you use.

/timer[N] {repetitions} {interval in seconds} {command} [| {more commands}] Activates a timer.

/topic {#channel} {newtopic} Changes the topic for the specified channel.

/ulist [{|}]{level} Lists all users in the remote list with the specified access levels.

/url [-d] Opens the URL windows that allows you to surf the www parallel to IRC.

/uwho [nick] Pops up the user central with information about the specified user.

/who {#channel} Shows the nicks of all people on the given channel.

/who {*address.string*} Shows all people on IRC with a matching address.

/whois {nickname} Shows information about someone in the status window.

/whowas {nickname} Shows information about someone who -just- left IRC.

/wavplay {c:\path\sound.wav} Locally plays the specified wave file.

/write [-cidl] {filename} [text] To write the specified text to a .txt file.

It’s NTP Server Time!

So what is NTP you may ask? It’s what we call Network Time Protocol, which helps us all synchronize our *nix system’s clock with an accurate time source. There are a number of websites that allow the public to access and sync up with them. They are divided into two types Stratum 1 and Stratun 2

What are these so called Stratum’s you may ask?

Stratum 1 = NTP websites using an atomic clock for timing

Stratum 2 = NTP websites with slightly but accurately LESS time sources (NOT ACCURATE to the REAL ATOMIC CLOCKS)

You may get a list of available NTP Stratum type servers from: www.ntp.org

It is only a valid and good practice to keep at least one *nix server on your local network be tthe “local time server” for all of your other devices… This only makes and keeps the correlation of system events on different systems much easier to maintain a “central but local” time. It not only helps there but also helps in bandwidth usage, due to the NTP traffic and reduces the need to manage firewall rules for “EACH” of the NTP clients that you have running if you have more than one on your network…

Sometimes, (majority of the time) not all of your servers will have NET access which in such cases you’ll need a central “TIME SERVER” / “SERVER” that any and all can access off your local network. That being said you can have a “Gateway” server to do all this for you if configured properly and accordingly.

That’s all for now on the NTP servers, it’s time to head out and party in Seattle it’s 9:56:44PM PST per my NTP server, and I will be back later to discuss on how the ntp.conf file works But you need to get ntp yourself from a reliable source if you don’t have it installed on your server already… Use Google.com to find it for your *nix flavor.

Before I get into the instructions, let’s say I’m one pleased puppy on this new release…

This has to be the best Fedora Release yet! Normally I don’t reboot, but after seeing what happened to my last reboot here on my gateway server out of the house, it took literally 10-12 seconds till I was serving the web and my server was back online after rebooting fedora 2x after upgrading to F 11 Leonidas… This is what’s really going to be the winner for any *nix flavor Workstation that loves rebooting fast, read more of this here
20SecondStartup

Oh and Python 2.6 finally??? Oh well I built it already and had my own RPM laying here, I’m just not looking forward to Python 3.0 quite yet… I wished Python would slow down some! Even though my bud loves the Python 3.0 which he’s a robot builder for a large firm in Japan.

Just like any other upgrade that you do with Yum, this is the most easiest!

Keep up to date on their final release here:  Fedora’s Leonidas Final Release

This is for their Preview Release Core 11

yum update

yum clean all

yum clean all (Just to be sure)

yum update (Just to be sure)

yum clean all (Just to be sure)

i386:

rpm -Uvh http://mirrors.usc.edu/pub/linux/distributions/fedora/linux/releases/test/11-Preview/Fedora/i386/os/Packages/fedora-release-10.92-1.noarch.rpm http://mirrors.usc.edu/pub/linux/distributions/fedora/linux/releases/test/11-Preview/Fedora/i386/os/Packages/fedora-release-notes-10.93.0-1.fc11.noarch.rpm

x86_64:

rpm -Uvh http://mirrors.usc.edu/pub/linux/distributions/fedora/linux/releases/test/11-Preview/Fedora/x86_64/os/Packages/fedora-release-10.92-1.noarch.rpm http://mirrors.usc.edu/pub/linux/distributions/fedora/linux/releases/test/11-Preview/Fedora/x86_64/os/Packages/fedora-release-notes-10.93.0-1.fc11.noarch.rpm

yum -y update

You may need to do some housekeeping to remove some packages to work out a few dependency issues, however mine was swift as I only build gateways and lite boxes separately for one for HTTP, one for MySQL, one for Qmail.

So remember use GOOGLE to research your ERRs, or post them in here, don’t guarantee me to keep checking every hour, someone may come along like billy boy gates or steve balmer from M$ and they may know the answer

All the love to the *nix world keep awkin on!