Allowing Peer News Feeds For A Local Usenet Server
A small, home-based site is unlikely to have a peer-to-peer news-feed server relationship with an ISP. Although news servers used to be fairly accessible to the general Internet, few open news servers are available anymore because of SPAM and server load issues. If your site is large enough or rich enough to host a general Usenet server, you have to get your news feed from somewhere. The next two rules allow your local news server to receive its news feed from a remote server. The local server...
iptables Targets
When a TCP IP packet is analyzed, a decision is made about what to do if that packet matches a rule. If the packet matches a rule, it is sent to a netfilter target, most likely ACCEPT, DROP, or REJECT. We'll use an incoming SSH connection to a firewall as an example. It will be a TCP connection on port 22 on the INPUT rule at a bare minimum. If you have a rule that describes this packet, you need to tell the netfilter system to ACCEPT this packet into the TCP IP stack for further processing by...
Objective Create a Certification Authority CA and Issue Certificates with YaST
As you learned in the previous objective, openssl is all you need to run your own CA. However, due to the numerous parameters and switches, the commands are somewhat cumbersome. If you are looking for an alternative, you might want to try the YaST CA management module. It acts as a frontend to openssl and keeps track of your certificates. The basic steps to create a certificate are the same as with the command line interface. You have to Create a Certificate Signed by the CA with YaST To revoke...
Mutex Attributes 1
int pthread_mutexattr_init pthread_mutexattr_t mutex_attr Initializes a mutex attributes object with default values. Errors ENOMEM - insufficient memory for attribute object int pthread_mutexattr_destroy pthread_mutexattr_t mutex_attr Destroys a mutex attribute object. Errors EINVAL - mutex_attr is not a mutex attribute object int pthread_mutexattr_getkind_np const pthread_mutexattr_t mutex_attr, int kind int pthread_mutexattr_setkind_np pthread_mutexattr_t mutex_attr, int kind Gets or sets the...
Analog Inputs
A typical analog-to-digital system generally consists of the following circuit elements analog-to-digital converter ADC The interconnection of these components is shown in Figure 10.1. The inputs to the system are the physical parameters to measure pressure, temperature, flow, position, etc. . Figure 10.1 Analog-to-digital conversion. Figure 10.1 Analog-to-digital conversion. The physical parameter is first converted into an electrical signal by a transducer. Transducers are available to...
Managing Volumes in Automated Libraries
Tivoli Storage Manager tracks the scratch and private volumes available in an automated library through a library volume inventory. Tivoli Storage Manager maintains an inventory for each automated library. The library volume inventory is separate from the inventory of volumes for each storage pool. To add a volume to a library's volume inventory, you check in a volume to that Tivoli Storage Manager library. For details on the check-in procedure, see Checking New Volumes into a Library on page...
Emulating push instructions
Three macros are provided for writing 8-bit, 16-bit, and 32-bit values to memory and adjusting a pointer. Each is passed three parameters. The first parameter is base, the second is offset. This conforms to 8086 base offset addressing mode. The third is the value to be written. These macros emulate the pusH instruction. The inline assembler code that pushes a byte onto the stack is shown in Figure 24.16, from arch i386 kernel vm86.c. The supplied value is written to the location before that...
Extended Paging
Starting with the Pentium model, 80 x 86 microprocessors introduce extended paging, which allows page frames to be 4 MB instead of 4 KB in size see Figure 2-7 . As mentioned in the previous section, extended paging is enabled by setting the Page Size flag of a Page Directory entry. In this case, the paging unit divides the 32 bits of a linear address into two fields Page Directory entries for extended paging are the same as for normal paging, except that The Page Size flag must be set. Only the...
Accessing Nss Volumes
At their fundamental level, NSS volumes are simply formatted filesystems. However, clients can potentially access these filesystems through several different methods. These access methods are typically specific to the OES component involved, like NetDrive or iFolder, but there is one access method that was specifically designed with NSS volumes in mindNCP. The Novell NetWare Core Protocol NCP has been an important client server networking protocol in Novell networks for years. Once based on...
extfs File System Format
The ext2 file system format is, in many ways, identical to traditional UNIX file system formats. The concepts of inodes, blocks, and directories are the same. When a file system is created the equivalent of formatting in other operating systems , the maximum number of files that can be created is specified. The inode density together with the capacity of the partition determines how many inodes can be created. Remember that it is not possible to generate additional inodes later. You can only...
Starting X Automatically on Login
If you don't set up xdm, you'll need to type in startx after you login to get X and all these applications in your .xinitrc file started. If you don't like to enter startx every time you login, and you're sure that you want to run X every time you login, you can put the startx command in your .login or .profile file depending on the shell you use, csh or ksh . If you do, be sure that you're running from the console only. Otherwise, the .login or .profile file will error out if they get run from...
Bootup and Shutdown
Clicking bootup and shutdown brings you to a page of bootup options. In the case of a Red Hat system, it provides access to all of the init scripts found in etc rc.d init.d. Sim ilarly, on a Solaris system the scripts are located in etc init.d. Clicking on any of the script names will provide the ability to edit, start, stop, and delete the init script. Usually, each init script provides functions to start, stop, and restart system services such as Sendmail, named, and Apache, as well as...
Viewing Network Traffic between Hosts Using EtherApe
EtherApe is a graphical network traffic-monitoring tool. Unlike Ethereal, EtherApe displays networking activity graphically by identifying hosts and the links that exist between the hosts.The links are color coded and change constantly as the host connections change. It displays real -time traffic, as well as traffic saved to a file.Visit the EtherApe home page at http etherape.sourceforge.net, shown in Figure 5.23. As you can see, EtherApe supports Ethernet, Fiber Distributed Data Interface...
iptables Syntax
As presented earlier, iptables uses the concept of separate rule tables for different packet processing functionality. Nondefault tables are specified by a command-line option. Three tables are available filter The filter table is the default table. It contains the actual firewall filtering rules. The built-in chains include these nat The nat table contains the rules for Source and Destination Address and Port Translation. These rules are functionally distinct from the firewall filter rules....
How Many Backup Versions to Retain and For How Long
Multiple versions of files are useful when users continually update files and sometimes need to restore the original file from which they started. The most current backup version of a file is called the active version. All other versions are called inactive versions. You can specify the number of versions to keep by Directly specifying the number of versions You specify the number of backup versions with two parameters - Versions Data Exists number of versions to keep when the data still exists...
The Role of ClusterAware File Systems
Apart from the issue of the shared storage device, a cluster-aware file system might also be necessary. Whether you need such a solution depends on the kind of cluster you are using an active-active or active-passive cluster solution. In an active-active cluster, different nodes in the cluster provide redundancy to each other for a given service, where the given service is already active on those servers. For instance, this is a common situation for web servers hosting several virtual servers....
Getting Started
Like many Linux and Unix packages, ISPConfig is provided as a set of files combined with the tar utility, the result of which is often called a tarball. When you click on the Download link at it will lead you to one of the SourceForge site's mirrors. A typical site containing ISPConfig is http You can just click the Download link to download the file, but because the file is quite large, you may find it useful to copy the URL and paste it into a wget command in your terminal window. The...
Acronym Abbreviation and Mnemonic Dictionary
Naming functions and variables might seem trivial but good function and variable names are a sign of superior programs. When creating names for variables and functions identifiers , it is often the practice to use acronyms e.g., OS, ISR, TCB , abbreviations buf, doc, etc. , and mnemonics clr, cmp, etc. . The use of acronyms, abbreviations, and mnemonics allows an identifier to be descriptive while requiring fewer characters. Unfortunately, if acronyms, abbreviations, and mnemonics are not used...
Understanding the ldd Command
The nm command lists the symbols defined in an object file, but unless you know what library defines which functions, ldd is much more useful. ldd lists the shared libraries that a program requires in order to run. Its syntax is ldd prints the names of the shared libraries required by file. For example, on my system, the mail client mutt requires five shared libraries, as illustrated below libnsl.so.1 gt lib libnsl.so.1 0x40019000 libslang.so.1 gt usr lib libslang.so.1 0x4002e000 libm.so.6 gt...
Ipsmd Printer Deleted
The iPrint Manager can also be shut down and moved to another server using the Manage Print Manager link within iManager. After locating and opening the iPrint Manager object, select the Manager Control page and select Shutdown to unload the store. To move the manager to another server, select the Move option. After successful configuration, the Print Manager will control all printer agents that you install on your OES Linux server. This task is accomplished with the help of an iPrint database....
Multimedia System Selector
GStreamer can be configured to use different input and output sound and video drivers and servers. You can make these selections using the GStreamer properties tool. To open this tool from the Desktop menu, first select Preferences, then More Preferences, and then the Multimedia Systems Selector entry. You can also enter gstreamer-properties in a terminal window. The properties window displays two tabbed panels, one for sound and the other for video. The output drivers and servers are labeled...
Using Generic TCP Port Forwarding
X is the only service for which port forwarding is hard-coded in the SSH software. For everything else, you need to do it by hand, using the -L or the -R option. Refer to the example in Figure 18-2. The example network shown in Figure 18-2 has three nodes. Node AMS is the node where the administrator is working. ATL is the node in the middle. AMS has a direct connection to ATL but not to SLC, which is behind a firewall. ATL, however, does have a direct connection, not hindered by any firewall,...
File Operations Structure
This structure, shown in Listing 25.14, has pointers to all of the top half functions we have previously defined. We could have also defined some other functions but we will leave them set to NULL and the kernel will use a default handler. It might make sense to implement a stepper_fsync function so we can call fflush which calls fsync in our user program to keep the user program from getting too far ahead of the driver we would then sleep until the write_buffer was empty and the stepper motors...
Listing Output of ldapsearch for the Entire LDAP Database
bible etc openldap schema ldapsearch -x -b o Acme,c UK base lt o Acme,c UK gt with scope sub objectClass top objectClass organization dn ou Sales,o Acme,c UK ou Sales objectClass top objectClass organizationalUnit dn ou Marketing,o Acme,c UK ou Marketing objectClass top objectClass organizationalUnit objectClass top objectClass organizationalUnit objectClass top objectClass organizationalUnit dn ou Services,o Acme,c UK ou Services objectClass top objectClass organizationalUnit dn ou Helpdesk,ou...
Using Flow Control
Up to now, you haven't read much about how you can make the execution of commands conditional so a command is executed only if a certain condition has been met. The technique to enable this in shell scripts is known as flow control. Bash offers many options to use flow control in scripts if Use if to execute commands only if certain conditions are met. To tune how if works, you can use else to indicate what should happen if the condition isn't met. case Use case to work with options. This...
Kernel Configuration Options
Before customizing a kernel, you should examine some of the main kernel configuration options. Each of the aforementioned kernel configuration tools make config, make menuconfig, make xconfig includes help menus for most options. It's easier to follow along as these options are described with either the ncurses or GUI tool installed earlier in this chapter. To open the ncurses tool shown in Figure 19-2, run the following commands cd usr src linux sudo make menuconfig Ncurses submenus are shown...
Displaying Information about Backup Set Volumes
A client's backup set can reside on more than one volume. The server records the information about the volumes used for the backup set in the volume history file. Volume history includes information such as the date and time the backup set was generated, the device class to which the backup set was written, and the command used to generate the backup set. If a backup set spans several volumes, the server displays the command used to generate the backup set only with the first volume. You can...
Configuring Apache Paths Note
If you've installed Apache from a package from your OS vendor or if your vendor does not provide a package and it has been installed in the default location selected by the program, you can probably skip this section and proceed to the next section covering initial module selection. For any supported OS, Webmin has a configuration file that includes sensible default paths for the programs that it administers. These configurations assume an installation in the default location for your operating...
wvdialconf etcwvdialconfnew
The wvdialconf command builds a configuration file in this example, the etc wvdial.conf .new file that is used by the dialer command wvdial . You need this file only if you use wvdial to do your dial-up. Its first action, however, is to scan the serial ports on your computer and report where it finds modems. If it tells you that no modem was detected, it's likely that either your modem isn't connected properly or no driver is available to support the modem. If the modem wasn't detected, you...
systemconfigdisplay
If you want to change your display settings, or if you are having trouble with your X Window System configuration, you can use system-config-display to change your configuration. You can run system-config-display by selecting Display on the System Administration menu. The system-config-display tool opens a Display Settings window with three panels Settings, Hardware, and Dual Head shown in Figure 4-7 . The system-config-display Display Settings window The system-config-display Display Settings...
Defining a Virtual Host
VirtualHost for www.wiley-bible.com lt VirtualHost gt ServerName www.wiley-bible.com DocumentRoot srv www vhosts wiley-bible ErrorLog var log apache2 wiley-bible-error_log CustomLog var log apache2 wiley-bible-access_log combined lt Directory Order allow.deny Allow from all lt Directory gt lt VirtualHost gt This virtual host operates on the same IP address as the default server. It depends on the fact that DNS gives the same IP address for the host www.wiley-bible.com as it does for the name...
Stephane Lo Presti
St phane is a research scientist who has explored the various facets of trust in computer science for the past several years. He is currently working at The City University, London, on service-oriented architectures and trust. His past jobs include the European project, Open Trusted Computing http www.opentc.net at Royal Holloway, University of London, and the Trusted Software Agents and Services T-SAS project at the University of Southampton, UK. He enjoys applying his requirement-analysis and...
Using the GNOME Network Tools
Another useful system component to analyze what's happening on your server is the GNOME Network Tools. You can start this utility from the GNOME Application Selector gt System section, which offers virtually all that has been discussed so far, but it is not as good as most of the individual tools. For example, a port scanner looks for open ports on a target host, but it has no options to specify how exactly the scan should be performed. It is a useful tool if you want to be able to tune and...
Login manager
This set of dialogs in the System Administration menu is certainly easier to use than editing the configuration file by hand. To select this configuration option, select the Control Center from SUSE's Start menu and then select the System Administrator option in the left pane, followed by the Login Manager option. You will need to run this in administrator mode by clicking the Administrator Mode button and entering the root password to do anything very useful. A particularly nice feature is...
Running Jobs in the Background
You execute a command in the background by placing an ampersand amp on the command line at the end of the command. When you place a job in the background, a user job number and a system process number are displayed. The user job number, placed in brackets, is the number by which the user references the job. The system process number is the number by which the system identifies the job. In the next example, the command to print the file mydata is placed in the background You can place more than...
Setting Up Source and Target Servers for Virtual Volumes
In the source target relationship, the source server is defined as a client node of the target server. To set up this relationship, a number of steps must be performed at the two servers. In the following example illustrated in Figure 93 on page 604 , the source server is named DELHI and the target server is named TOKYO. - TOKYO has a TCP IP address of 9.115.3.221 1845 - Assigns to TOKYO the password CALCITE. - Assigns DELHI as the node name by which the source server DELHI will be known at the...
Kernel Versions
The version number for a Linux kernel consists of four segments the major, minor, revision, and security bug fix numbers. The major number increments with major changes in the kernel. This is rarely changed. The minor number indicates a major revision of the kernel. The revision number is used for supporting new features. The security bug number is used for security and bug fixes. New development versions will first appear as release candidates, which will have an rc in the name. As bugs are...
Socket Buffers Fragmentation and Segmentation
The shared info structure, skb_shared_info, is used to support IP fragmentation and TCP segmentation. A discussion of the socket buffers is not complete without discussing this structure. The shared info structure, also known as skb_shinfo, is defined in the file include linux skbuff.h. This field contains the reference count for this skb. It is incremented each time the buffer is cloned. Nr_frags is the number of fragments in this packet. This field is used by TCP segmentation. The next two...
Beginning with Freeciv
Check out the Freeciv window. Here are things you should know when you are starting. You can find more help at the Freeciv site www.freeciv.org. Click the Help button for topical information on many different subjects that will be useful to you as you play. The world by default is 80 x 50 squares, with 11 x 8 squares visible at a time. The active square contains an icon of the active unit flashing alternatively with the square's terrain . Some squares contain special resources. Press and hold...
Symmetric cryptography
Symmetric cryptography, also called private-key cryptography, uses a single key to both encrypt and decrypt a message. This method is generally inappropriate for securing data that is expected to be utilized by a third party, due to the complexity of secure key exchange. Symmetric cryptography is generally useful for encrypting data for one's own purposes. A classic use of symmetric cryptography is for a personal password vault. Anyone who has been using the Internet for any amount of time has...
Using Environment Variables
Small chunks of information that are useful to your shell environment are stored in what are referred to as environment variables. By convention, environment variable names are all uppercase although that convention is not enforced . If you use the bash shell, some environment variables are set for you from various bash start scripts etc profile, etc profile.d .sh, etc bashrc, and .bash_profile. To display all of the environment variables, in alphabetical order, that are already set for your...
Using Environment Variables
Small chunks of information that are useful to your shell environment are stored in what are referred to as environment variables. By convention, environment variable names are all uppercase although that convention is not enforced . If you use the bash shell, some environment variables are set for you from various bash start scripts, described previously in the section Using the Shell. To display all of the environment variables, in alphabetical order, that are already set for your shell, type...
Installing Service Scripts
The RPM-packaged version for a service includes a service script. For example, an Internet server package includes the service script for that server. Installing the RPM package installs the script in the etc rc.d init.d directory and creates its appropriate links in the runlevel directories, such as etc rc.h rc3.d. If you decide, instead, to create the server using its source code files, you can then manually install the service script. If no service script exists, you first make a copy of the...
Building A Filter To Capture An Http Conversation
HTTP is the language of the Web. Usually HTTP rides over TCP, which in turn rides on IP. I'm choosing HTTP as the first real-world capture only because people are generally familiar with browsing a web page, even though they may not be familiar with the underlying protocol. Recall that IP is a connectionless protocol whereas TCP is a connection-oriented protocol. TCP uses a three-way handshake to begin a conversation. HTTP takes advantage of the connection-oriented nature of TCP and in fact...
Analysis Console for Intrusion Databases
Analysis Console for Intrusion Databases ACID is a more sophisticated version of SnortSnarf. It connects your PostgreSQL or MySQL database to your Web server, which allows you to conduct searches right from your Web browser.You can download ACID from the following sites Figure 4.12 Viewing SnortSnarf Output Figure 4.12 Viewing SnortSnarf Output ACID requires the following items, in addition to Snort Apache Server www.apache.org The Snort database plug-in www.incident.org For more information,...
Acquiring screen captures
Several screen capture tools are available with Linux systems. Using The GIMP program just described, you can take a screen shot by selecting File C Acquire C Screenshot. On GNOME desktops, select Applications C Accessories C Take Screenshot. From most KDE desktops, select Graphics C KSnapshot. Using the example of the GNOME Take Screenshot tool, a dialog box appears that lets you choose to grab the whole desktop or grab the current window. You can set a delay of several seconds, if you need to...
Berdeen Stirling 1
Dual Quad-Core Intel Xeon Processors E5462 2.8GHz 1600FSB 12MB 2GB ECC DDR2 800MHz FBDIMM 2 x 1GB up to 64GB 4TB Storage 4 x Hitachi A7K1000 1TB SATA Hard Drives Areca ARC-1210 PCI Express SATA RAID Controller Supports 2 x Full-Height and 1 x Low Profile Expansion Cards 650W High-Efficiency Redundant Power Supply Dual Quad-Core Intel Xeon Processor X5482 3.2GHz 1600FSB 12MB 4GB ECC DDR2 800MHz FBDIMM 4 x 1GB up to 128GB 8 x SATA SAS Hot Swap Hard Drive Bays 584GB Storage 4 x Seagate Cheetah...
cron Jobs
Shell scripts are often used to glue programs together. A common example in Linux is the definition of cron jobs. cron is the standard Linux job scheduler. If you want something to happen the third Tuesday of every month at the uncivilized hour of 01 23, you can get cron to do it for you without any of the negative feedback that you would get from a person. The cron daemon checks every minute to see whether it's time to do something, or if any cron job specifications have changed. You specify...
Special Files
Special files represent Linux kernel routines that provide access to an operating system feature. FIFO first in, first out special files allow unrelated programs to exchange information. Sockets allow unrelated processes on the same or different computers to exchange information. One type of socket, the UNIX domain socket, is a special file. Symbolic links are another type of special file. Device files, which include both block and character special files, represent device drivers that let you...
Using the ODBC Driver
IBM Tivoli Storage Manager provides an ODBC driver for Windows. The driver supports the ODBC Version 2.5 application programming interface API . Because Tivoli Storage Manager supports only the SQL SELECT statement query , the driver does not conform to any ODBC API or SQL grammar conformance level. After you install this driver, you can use a spreadsheet or database application that complies with ODBC to access the database for information. The ODBC driver set-up is included in the client...