/[cvs]/jonen/notes/notes_2003-02.twingle

Diff of /jonen/notes/notes_2003-02.twingle

Parent Directory | Revision Log | View Patch Patch

-revision 1.1 by jonen,
Sun Mar  9 16:36:37 2003 UTC
+revision 1.8 by jonen,
Sat Apr  5 21:24:28 2003 UTC
 Line 1
- <h3>jonen's notes - 2003-02</h3>
  <hr/>
    - Unix-Systems
-Line 12
+Line 11
        o read more about BSD package systems (pkg, cvsup)
          x for simple package installation/de-installation use pkg
            x install downloaded package:
-               :# pkg_add <package>-<version>.tgz
+               :# pkg_add {package}-{version}.tgz
            x install package via remote server(only if package is available as *latest*):
-                 pkg_add -r <package>.tgz
+                 pkg_add -r {package}.tgz
          x using cvsup
-           x newbies could use cvsupit (not what it really does..)
+           x read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html
+           x newbies could use cvsupit:
                :# pkg_add -r cvsupit.tgz
              - cvsupit will proberly ask you for the default values it
                place at /etc/cvsupfile, which is used by cvsup
 Line 24
            x if /etc/cvsupfile already exists and you know what you do,
               this command will update your system (maybe run it via cron...):
                :# /usr/local/bin/cvsup -g -L 2 /etc/cvsupfile
+              where '-g' tells cvsup not to use a GUI, '-L 2' sets default output level to 2
+           x for available cvs tags, look at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvs-tags.html
        o whats about daemon start-stop scripts (like at linux: /etc/init.d/) ?
+        x some daemons (only installed ports?) start-stop-scripts are placed at '/usr/local/etc/rc.d/'
+        o how at '/etc/rc.conf' toogled start-up scripts can be run manually(e.g. /etc/rc.firewall)?
        x configure and compile custom kernel:
          x read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-building.html
          x create custom kernel conf-file
-Line 41
+Line 45
        x use packet fiters (firewall):
          x read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html
          x some options at the kernel have to be enabled:
-         <pre style="font-size:10px">
+           - options IPFIREWALL
-           options IPFIREWALL                       #Compiles into the kernel the code for packet filtering.
+            Compiles into the kernel the code for packet filtering.
-           options IPFIREWALL_VERBOSE    #Enables code to allow logging of packets through syslogd.
+           - options IPFIREWALL_VERBOSE
-                                                                   # Without this option, even if you specify that packets should be logged in the filter rules,
+            Enables code to allow logging of packets through syslogd.
-                                                                   #  nothing will happen.
+            Without this option, even if you specify that packets should be logged in the filter rules,
-           options IPFIREWALL_VERBOSE_LIMIT=10      #Limits the number of packets logged through syslogd on a per entry basis.
+            nothing will happen.
-                                                                                     # You may wish to use this option in hostile environments in which you want to log firewall activity,
+           - options IPFIREWALL_VERBOSE_LIMIT=10
-                                                                                     # but do not want to be open to a denial of service attack via syslog flooding.
+            Limits the number of packets logged through syslogd on a per entry basis.
-                                                                                     # When a chain entry reaches the packet limit specified, logging is turned off for that particular entry.
+            You may wish to use this option in hostile environments in which you want to log firewall activity,
-                                                                                     # To resume logging, you will need to reset the associated counter using the ipfw(8) utility:
+            but do not want to be open to a denial of service attack via syslog flooding.
-                                                                                     #        ipfw zero 4500
+            When a chain entry reaches the packet limit specified, logging is turned off for that particular entry.
-                                                                                     #    Where 4500 is the chain entry you wish to continue logging.
+            To resume logging, you will need to reset the associated counter using the ipfw(8) utility:
-           options IPFIREWALL_DEFAULT_TO_ACCEPT     #This changes the default rule action from ``deny'' to ``allow''.
+                   :# ipfw zero 4500
-                                                                                         # This avoids the possibility of locking yourself out if you happen to boot a kernel with IPFIREWALL support but have not configured your firewall yet.
+            Where 4500 is the chain entry you wish to continue logging.
-                                                                                         # It is also very useful if you often use ipfw(8) as a filter for specific problems as they arise.
+           - options IPFIREWALL_DEFAULT_TO_ACCEPT
-                                                                                         # Use with care though, as this opens up the firewall and changes the way it works.
+            This changes the default rule action from ``deny'' to ``allow''.
-          </pre>
+            This avoids the possibility of locking yourself out if you happen to boot a kernel with IPFIREWALL support but have not configured your firewall yet.
+            It is also very useful if you often use ipfw(8) as a filter for specific problems as they arise.
+            Use with care though, as this opens up the firewall and changes the way it works.
          x firewall is enabled at /etc/rc.conf (or /etc/rc.conf.local)
               firewall_enabled = "YES"
-              firewall_type = "<firewall_type>"
+              firewall_type = "{firewall_type}"
-           x <firewall_type> is either a case at /etc/rc.firewall (/etc/rc.firewall6 for ipv6)
+           x where {firewall_type} is either a case at /etc/rc.firewall (/etc/rc.firewall6 for ipv6)
               or some custom file to read rules from.
            x  Use firewall_type = "OPEN" for default policy 'OPEN' (allow all)
+   - Linux & Wireless Lan:
+     x install modules:
+       x prims2 chipset based:
+         - if debian kernel-image is used
+            :#apt-get install linux-wlan-ng-modules-{your_arch}
+         - if not, cd to some temp dir and
+            :#apt-get source linux-wlan-ng   or wget sources manually if other dist is used
+            :#cd linux-wlan-ng-{version}
+            :#./Configure
+            :#make all install
+     x configure at debian:
+       x add SSID to dev at /etc/wlan/wlan.conf e.g.:
+          SSID_wlan0="WGATEWAY"
+          ENABLE_wlan0=y
+       x create and edit cutom config related to SSID
+         :#cp /etc/wlan/wlancfg-DEFAULT /etc/wlan/wlancfg-WGATEWAY
+         :#nano /etc/wlan/wlancfg-WGATEWAY
+     x notes!:
+        - prism2-based USB devices mostly needs hardware reset to get changes work!
+          this is caused of the firmware and could only be solved by a firmware-upgrade
+          of the vendor responsible for these devices.
+     o get WEP really work at heterogen enviroments(eg. between Win and Linux)
+     o WEP is unsecure! (see http://wepcrack.sourceforge.net/)
+       o use IPSEC
+       o or some other ideas?
+   - Linux & Bluetooth
+     With some tweaking bluetooth works as expected.
+     You will need the above mentioned patch patch-2.4.20-mh6 to have full functionality with 2.4.20. Then add
+       deb http://bluez.sourceforge.net/download/debian/woody/ ./
+       deb-src http://bluez.sourceforge.net/download/debian/woody/ ./
+     to your /etc/apt/sources.list for woody and install at least the packages "bluez-bluefw"
+     for loading the firmware into the usb bluetooth device. You will need "bluez-utils" for hci and rfcomm communications.
+     You need to add this line
+       bluefw 0x0003 0x044e 0x3001 0x0000 0x0000 0x00 0x00 0x00 0x00 0x00 0x00 0x00000000
+     to your /etc/hotplug/usb/bluefw.usermap to let the bluefw automatically load the appropriate firmware
+     into your dongle once it shows up.
+     I am using bluetooth with a Siemens S55, but e.g. Nokia 6310i goeas the same way.
+     For an initial pairing you will need a pin in /etc/bluetooth/pin which at least needs to have 5 digits which is documented near nowhere.
+     Once you do the pairing (Entered pin on the X requester popping up and on the cellphone) you can set your phone to not "Ask on connection".
+     Afterwards i put the rfcomm config into the /etc/bluetooth/rfcomm.conf
+     rfcomm0 {
+             device 00:02:EE:B8:50:C5;
+             channel 1;
+             comment "S55 Dialup connection";
+     }
+     rfcomm1 {
+             device 00:02:EE:B8:50:C5;
+             channel 9;
+             comment "S55 OBEX";
+     }
+     For dialing out via ppp you now can use /dev/rfcomm0 which should lead to your phone asking you to accept the connection.
+     For debugging you can use these commands:
+     :~$ sudo hcitool scan
+     Scanning ...
+:02:EE:B8:50:C5       6310i.rfc822
+     :~$ sudo hcitool info 00:02:EE:B8:50:C5
+     Requesting information ...
+         BD Address:  00:02:EE:B8:50:C5
+         Device Name: 6310i.rfc822
+         LMP Version: 1.1 (0x1) LMP Subversion: 0x22c
+         Manufacturer: Nokia Mobile Phones (1)
+         Features: 0xbf 0x28 0x21 0x00
+                 <3-slot packets> <5-slot packets> <encryption> <slot offset>
+                 <timing accuracy> <role switch> <sniff mode> <SCO link>
+                 <HV3 packets> <CVSD>
+     :~$ sudo sdptool browse
+     Inquiring ...
+     Browsing 00:02:EE:B8:50:C5 ...
+     Service Name: Fax
+     Service RecHandle: 0x10000
+     Service Class ID List:
+       "Fax" (0x1111)
+       "Generic Telephony" (0x1204)
+     Protocol Descriptor List:
+       "L2CAP" (0x0100)
+       "RFCOMM" (0x0003)
+         Channel: 2
+     Language Base Attr List:
+       code_ISO639: 0x656e
+       encoding:    0x6a
+       base_offset: 0x100
+     Profile Descriptor List:
+       "Fax" (0x1111)
+         Version: 0x0100
+ Service Name: OBEX Object Push
+ Service RecHandle: 0x10001
+ Service Class ID List:
+   "OBEX Object Push" (0x1105)
+ Protocol Descriptor List:
+   "L2CAP" (0x0100)
+   "RFCOMM" (0x0003)
+     Channel: 9
+   "OBEX" (0x0008)
+ Language Base Attr List:
+   code_ISO639: 0x656e
+   encoding:    0x6a
+   base_offset: 0x100
+ Profile Descriptor List:
+   "OBEX Object Push" (0x1105)
+     Version: 0x0100
+ Service Name: Audio Gateway
+ Service RecHandle: 0x10002
+ Service Class ID List:
+   "Headset Audio Gateway" (0x1112)
+   "Generic Audio" (0x1203)
+ Protocol Descriptor List:
+   "L2CAP" (0x0100)
+   "RFCOMM" (0x0003)
+     Channel: 12
+ Language Base Attr List:
+   code_ISO639: 0x656e
+   encoding:    0x6a
+   base_offset: 0x100
+ Profile Descriptor List:
+   "Headset" (0x1108)
+     Version: 0x0100
+ Service Name: COM 1
+ Service RecHandle: 0x10003
+ Service Class ID List:
+   "Serial Port" (0x1101)
+ Protocol Descriptor List:
+   "L2CAP" (0x0100)
+   "RFCOMM" (0x0003)
+     Channel: 3
+ Language Base Attr List:
+   code_ISO639: 0x656e
+   encoding:    0x6a
+   base_offset: 0x100
+ Service Name: Voice Gateway
+ Service RecHandle: 0x10004
+ Service Class ID List:
+   "" (0x111f)
+   "Generic Audio" (0x1203)
+ Protocol Descriptor List:
+   "L2CAP" (0x0100)
+   "RFCOMM" (0x0003)
+     Channel: 13
+ Language Base Attr List:
+   code_ISO639: 0x656e
+   encoding:    0x6a
+   base_offset: 0x100
+ Profile Descriptor List:
+   "" (0x111e)
+     Version: 0x0100
+ Service Name: Dial-up networking
+ Service RecHandle: 0x10009
+ Service Class ID List:
+   "Dialup Networking" (0x1103)
+   "Generic Networking" (0x1201)
+ Protocol Descriptor List:
+   "L2CAP" (0x0100)
+   "RFCOMM" (0x0003)
+     Channel: 1
+ Language Base Attr List:
+   code_ISO639: 0x656e
+   encoding:    0x6a
+   base_offset: 0x100
+ Profile Descriptor List:
+   "Dialup Networking" (0x1103)
+     Version: 0x0100
+     - Hardware Notes:
+       x Broadcom 2033 chipset (tested with an ALLNET 7031 Class1 USB Adapter)
+         - Make sure you have bluefw and hotplug installed, then everything works fine right out of the box.
+          x on debian using default or for newer packages above sources:
+            :#apt-get install bluez-bluefw
+         - DO NOT enable the bluetooth.o module to avoid it being loaded by hotplug!!
+          x this can be done by adding  'bluetooth' to '/etc/hotplug/blacklist'
+            The Bluetooth device in this laptop is a USB Bluetooth device.
+            By default, Linux provides two different device drivers for USB Bluetooth devices: bluetooth.o and hci_usb.o.
+            The hci_usb.o is the correct driver for this device. Both drivers are loaded when the Bluetooth button is pushed
+            but unfortunately bluetooth.o obtains the device first, not allowing hci_usb.o to use the device.
+            In order for the Bluetooth device to be function, the bluetooth.o driver must not load.
+            One way to stop the bluetooth.o driver from loading is to remove the driver from the system. This is accomplished by doing:
+            :#rm /lib/modules/2.4.18-14/kernel/drivers/usb/bluetooth.o
+            :#depmod -a
+            Now, if inserting th usb device only the hci_usb.o should be loaded.
+   - ACPI
+     x get suspend work
+       - compile kernel with 'Software Suspend Support'
+       - some interesting post:
+        from http://lists.debian.org/debian-laptop/2002/debian-laptop-200208/msg00349.html
+       #------- begin post -----------------------
+       From: "Bem Ajani Jones-Bey" <ajani@OCF.Berkeley.EDU>
+       > On Fri, Aug 23, 2002 at 01:14:06PM +0200, Erich Schubert wrote:
+       > > Well, S1 is sleep mode, so your BIOS claims to not support sleep mode!
+       > > Try getting a bios update, that might help.
+       > > S5 is poweroff... S3 or S4 are suspend levels i think... one might be
+       > > power-off, maybe that was S3...
+       S4 is suspend-to-disk, S3 is suspend-to-RAM.
+       > So, last I checked, Linux ACPI didn't support suspend to memory or
+       > suspend to disk; the software suspend patch is the only way to get an
+       > ACPI laptop to do anything resembling sleeping. I was also under the
+       > impression that this wasn't going to work for awhile; at least until
+       > 2.6. I admit I haven't looked at ACPI in a couple months, but last time
+       > I looked, they were projecting that suspend./sleep wouldn't happen any
+       > time soon.
+       Last I checked, ACPI does suspend to memory or disk, using swsusp.  It's
+       even all integrated into the 2.5 kernels (though the CONFIG_SWSUSP option is
+       buried in the kernel hacking section rather than ACPI). If you don't want to
+       run an experimental kernel, then you can patch 2.4.x from the acpi.sf.net site.
+       #-------- end post -------------------------------
+   - Backup:
+     x bacula (http://www.bacula.org)
+        Bacula is a set of computer programs that permit you (or the system administrator) to manage backup,
+        recovery, and verification of computer data across a network of computers of different kinds.
+        In technical terms, it is a network client/server based backup program.
+        Bacula is relatively easy to use and efficient, while offering many advanced storage management features
+        that make it easy to find and recover lost or damaged files.
+        Bacula source code has been released under the GPL version 2 license.
+       x created debian package, cause we can't found any other
+         x wrote some notes about how to build an debian binary package
+             http://www.netfrag.org/~jonen/computing/docs/build_bacula_deb.html
+         o create 'postinst' and 'prerm' scripts for saving configs on update, etc.
+       x tested network backup with Director, Storage Daemon and File Daemon(Client)
+          at different hosts, works great!
+       x tested backup to FileStorage, instead of using tapes drives
+          (if someone would like to sponsor some tape drive, you're more than welcome!)
+        notes:
+         x remember to use different 'LabelFormat' filename at each pool !
+         x use compression at 'FileSet' definition, where GZIP is equal to GZIP6, means compression-level 6 (1-9)
+          example:
+            # ====== snip FileSet ============
+            FileSet {
+              Name = "Full Set"
+              Include = signature=MD5 compression=GZIP {
+              /home
+              }
+             Exclude = { *.o }
+           }
+            # ====== snip FileSet ============
    - QoS (Quality of Services)
      o check it out !
-Line 89
+Line 349
         x integrated new FormProcessing classes from phphtmllib (released one day after interface to binaryclouds Formbuilder was written ;)
           x refactored DataItem to use now phphtmllib form processing instead of interface to binarycload
             o review code and move to phphtmllib
       o XOOPS (http://xoops.org)
           XOOPS is a dynamic OO (Object Oriented) based open source portal script written in PHP.
           It is the ideal tool for developing small to large dynamic community websites, intra company portals,
-Line 120
+Line 379
           - ldap will check your ticket pricipial against its acl's !
        o 'libpam-ldap' from Turbo is bad, don't use it !! (remember at 'apt-get upgrade' !!)
        o write this down in some (existing e.g. sendmail?) howto
      - Sendmail
        o research some about sendmail-cluster, 2 mx records, howto to set up second mx/cluster?
         x backup mx:
-Line 150
+Line 409
         - Create Database
           :# mysqladmin create <database>
         - Set Privileges on databases(creates user too, if not exists...):
-            mysql>grant all on <database>.* to <user> identified by "<pass>";
+            mysql>grant all on {database}.* to {user} identified by "{pass}";
-            mysql>grant all on <database>.* to <user>@<domain> identified by "<pass>";
+            mysql>grant all on {database}.* to {user}@{domain} identified by "{pass}";
    - Document saving:
-Line 164
+Line 423
        o convert all howto's to LaTex format ( look at 'nfo/doc/computing/sysadmin/linux/example_latex_howto.lyx' )
+   - news.netfrag.org:
+     o create remote functions to implement e.g.:
+       o a mozilla button for creating new newsgroups
  future:

 Legend:



Removed from v.1.1
 


changed lines


 
Added in v.1.8
 Legend:



Removed from v.1.1
 


changed lines


 
Added in v.1.8
-Removed from v.1.1
+Added in v.1.8

MailToCvsAdmin">MailToCvsAdmin	ViewVC Help
Powered by ViewVC 1.1.26