OpenSUSE Linux Rants

Good old Steven J. Vaughn-Nichols. Excellent article, man. Linux is taking the recordbooks by storm according to his latest article.

He says,”Once upon a time, supercomputers used special vector model processors to achieve their remarkable speeds. Then, at the dawn of the 21st century, people began working out how to achieve record-breaking computer speed by linking hundreds or thousands of commercial microprocessors running Linux and connected with high-speed networking in MPP (massively parallel processor) arrays. The supercomputing world has never been the same. Today, Linux rules supercomputing.

The latest ‘Top 500 supercomputer’ list of the fastest computers on the planet makes that abundantly clear. Broken down by operating system, this latest ranking has 469 of the top 500 running one kind of Linux or another.

To be exact, 391 are running their own house brand of Linux. Sixty-two are running some version of Novell’s SUSE Linux, including such variants as UNICOS/lc and CNL (Compute Node Linux). Red Hat and its relatives, including CentOS, come in second with 16 supercomputers.”

Read Linux powers the fastest computers on the planet

When you start up Linux on your box, generally you are taken to a graphical login screen (unless, of course, you have configured things differently). This graphical login screen is called the display manager.

Would you like to check out some different display managers in Linux? There are about 4 that I have been playing around with: xdm, gdm, kdm, wdm

To take a look at the differences, and see which one you like, install them with your package manager. With OpenSUSE, this is yast or zypper.

The commandline way to do this is simple:

For OpenSUSE 11.2

[1004][root@dev:/home/scott]$ zypper in gdm kdm wdm xdm

To see which one you like, edit the /etc/sysconfig/displaymanager file. Look for this section:

## Type:        string(kdm,kdm3,kdm4,xdm,gdm,wdm,console)
## Default:     ""
#
# Here you can set the default Display manager (kdm/xdm/gdm/wdm/console).
# all changes in this file require a restart of the displaymanager
#
DISPLAYMANAGER="kdm4"

You’ll notice that the first couple of lines tell you what to put in for the display manager you want to use (kdm,kdm3,kdm4,xdm,gdm,wdm,console). Put in different ones and see what floats your boat. When you get it how you like it, stop.

For OpenSUSE 11.1

[1004][root@dev:/home/scott]$ zypper in gdm kde4-kdm wdm

I didn’t see xdm available on 11.1, but I could be up in the night.

To see which one you like, edit the /etc/sysconfig/displaymanager file. Look for this section:

## Type:        string(kdm,kdm3,kdm4,xdm,gdm,wdm,console)
## Default:     ""
#
# Here you can set the default Display manager (kdm/xdm/gdm/wdm/console).
# all changes in this file require a restart of the displaymanager
#
DISPLAYMANAGER="kdm4"

You’ll notice that it tells you what to put in for the display manager you want to use (kdm,kdm3,kdm4,xdm,gdm,wdm,console). Take a look at them, see which one suits your fancy, and use the one that makes your heart tingle.

G’day.

Job Code: SN-0930
Title: Sr. Unix (Linux) System Administrator
Location: Jersey City, NJ
Employment Type: Contract to Permanent
Start Date: 11/1/2009
# of openings: 1
Years of Experience: 5+
Education Required: BSCS or Related
Pay range: $90-100k + bonus (appr 25-30%)
Travel Required: No
Background Check: Yes
Drug Testing: Yes

General Description
• Responsible for the installation, maintenance, and tuning of UNIX hardware and software systems.
• Perform system-debugging tasks.
• Provide application support on the UNIX systems.
• Work individually or in a team on various system projects related to UNIX, Storage, and Application support.
• Work first, second, third shift in rotation.
• Supervises and provides technical guidance to the Staff in the operation, systems administration and control of the GIS systems environment
• Directs and checks other SA and Operator’s work and assists with scheduling and administration

Specific Responsibilities
• Prepares installs, and implement UNIX (SuSE Linux) and AIX operating software and associated components.
• Develops test plans for implementing new software or new releases of software.
• Thoroughly test hardware and software upgrades and if necessary works off shift hours to accomplish the testing.
• Debugs and corrects installed UNIX operating system software as required.
• Applies maintenance to system software as required.
• Debugs and applies corrective maintenance to system software as required.
• Documents and notifies Developers and Business Analysts of software and hardware upgrades.
• Tunes system software for peak performance and availability.
• Assists Developers with high level problem program debugging and correction.
• Provides end user and Developers support via Customer Support.
• Provides off shift on call support for production system support.
• Makes system hardware and software recommendations as required.
• Assist in evaluating new applications software.
• Provides technical training for Information Technology personnel as needed.
• Configure and document backup and restore procedures.
• Maintains UNIX Disaster Recovery Plan and actively participate in Technology and Business Recovery activities.
• Provides support for 3rd Party Customers to support ongoing service hosting objectives.
• Stays abreast with technical and operational tools and knowledge required to perform assigned duties.

Qualifications Required
• Bachelors Degree in Computer Science or a related discipline and at least five (5) or more years experience in systems administration and computer operations, with increasing administrative and leadership responsibilities or an equivalent in education and work experience.

• Requires extensive knowledge and experience in all facets of computer operations, systems administration, decision-making, strong judgment, management skills and a considerable aptitude in human relations.

Summary of Skills Required
• 5+ years of Linux experience (Suse Linux).
• 2+ years of AIX experience.
• 3+ years of shell scripting experience.

Jack H. Karamanoukian
VP of Professional Services
Quorum Technical Services, Inc.
600 Sylvan Avenue
Englewood Cliffs, NJ 07632
p. 201.569.3050 ext 103
f. 201.569.8040
efax. 201.586.0336
w. http://www.quorumhq.com

You know Microsoft would only say something like this if there was absolutely no other alternative. They are marketing experts, not software experts. And apparently, the software experts that contribute to Linux have created an OS superior enough that, with little to no marketing/advertising, it enjoys a quickly-expanding install base.

Excerpt:

“While Linux on servers is a well-established market among business customers, Linux as a viable alternative to Windows on PCs has never taken off. However, the emergence of the netbook as a low-cost, smaller form factor to the traditional notebook PC has certainly changed that, so much so that Microsoft lately has been pushing a lightweight notebook as an alternative to netbooks, Helm said.”

Read Microsoft acknowledges Linux threat

Celebratory wallpaper:

Click for full-sized wallpaper.

When you have the level of paranoia that I do, being able to generate ultra-secure passwords is a very nice thing.

My bash prompt is also something I take great pride in. Not only that, I really like it.

Well guess what, folks… you can do both with the same file. This would be your .bashrc file. Here’s a basic look at my prompt:

[1850][scott@laptop:~]$

It shows me the time, the account with which I am logged in, the hostname of the local machine, and the present working directory. All handy things to know.

Now, for the password generation thing, check this out:

[1855][scott@laptop:~]$ genpasswd 64
(#b-p>yi>ojSw@oS6PN,uo_A`;.}DuyfG{levk[Q$UgfrmAkE^t|&)dZb!Nry;
[1855][scott@laptop:~]$

You can make rainbow tables ’til the end of time, and let John the Ripper go on the /etc/shadow file with that password in it, and you ain’t gonna be cracking that password.

If this is interesting to you, or you have other suggestions of a similar nature, please, let’s have ‘em.

That all said, here’s the .bashrc file that makes this prompt and password generator possible:

# /etc/skel/.bashrc:
# This file is sourced by all *interactive* bash shells on startup.  This
# file *should generate no output* or it will break the scp and rcp commands.

# colors for ls, etc.
eval `dircolors -b /etc/DIR_COLORS`
alias d="ls --color"
alias ls="ls --color=auto"
alias ll="ls -al --color"

# Change the window title of X terminals
case $TERM in
        xterm*|rxvt|Eterm|eterm)
                PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/$HOME/~}\007"'
                ;;
        screen)
                PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/$HOME/~}\033\\"'
                ;;
esac

##uncomment the following to activate bash-completion:
#[ -f /etc/profile.d/bash-completion ] && source /etc/profile.d/bash-completion

function proml {
local       BLUE="\[\033[0;34m\]"
local        RED="\[\033[0;31m\]"
local  LIGHT_RED="\[\033[1;31m\]"
local      WHITE="\[\033[1;37m\]"
local LIGHT_GRAY="\[\033[0;37m\]"
case $TERM in
    xterm*)
        TITLEBAR='\[\033]0;\u@\h:\w\007\]'
        ;;
    *)
        TITLEBAR=""
        ;;
esac

PS1="${TITLEBAR}\
$BLUE[$RED\$(date +%H%M)$BLUE]\
$BLUE[$LIGHT_RED\u@\h:\w$BLUE]\
$WHITE\$$LIGHT_GRAY "
PS2='> '
PS4='+ '
}

proml

alias ifconfig="/sbin/ifconfig"

genpasswd() {
        local l=$1
        [ "$l" == "" ] && l=20
        tr -dc A-Za-z0-9\-_~\!@#$%^\&*\(\)\\\`\+\[\{\]\}\|\;:\",\<.\>/?\= < /dev/urandom | head -c ${l} | xargs
}

Hope that's as useful for you as it has been for me.

Linux has so many marvelous tools. The great part about this is that you can combine the tools to make new tools. As you may know, there have been previous postings about a tool called ‘sup’ which tells you some useful information about the linux box into which you are logged. Having so many terminal windows open, and screen sessions going, it’s easy to get lost in the labyrinth of connections and sessions. This tool clears all that up for you really quick.

Since the last version, the most significant change is the ability to determine which version of which Linux distribution you are using.

Here is some sample output:

<=== SYSTEM ===>
  Distro info:  Welcome to openSUSE 11.1 - Kernel \r (\l).
  Kernel:       Linux laptop 2.6.27.19-3.2-pae #1 SMP 2009-02-25 15:40:44 +0100 i686 i686 i386 GNU/Linux
  Uptime:        9:20am  up   0:47,  1 user,  load average: 0.64, 0.54, 0.38
  Memory:       Total: 1986Mb   Used: 730Mb     Free: 1256Mb
  Swap:         Total: 4180Mb   Used: 0Mb       Free: 4180Mb
  Architecture: i686
  Processor:    0 : Intel(R) Core(TM) Duo CPU T2250 @ 1.73GHz
  Processor:    1 : Intel(R) Core(TM) Duo CPU T2250 @ 1.73GHz
  Date:         Tue Jul 21 09:20:09 MDT 2009

<=== USER ===>
  User:         scott (uid:1000)
  Groups:       users www
  Working dir:  /home/scott
  Home dir:     /home/scott

<=== NETWORK ===>
  Hostname:     laptop
  IP (lo):      127.0.0.1/8
  IP (lo):      127.0.0.2/8
  IP (eth0):    10.245.106.6/24
  Gateway:      10.245.106.1
  Name Server:  10.45.106.10

I don’t like it when people try and hack my web servers. To make myself aware of people trying to access my ssh daemon, I wrote me a little script. Yup, I’m certainly aware of DenyHosts. Notwithstanding, in the hopes that this script may find use elsewhere, I post it here. Behold, enjoy, and chuckle a bit at how much better you could write it. Then, let me know how you’d improve it:

#!/bin/sh
LOGFILE=/root/hack_attempts
IFS=$'\n'
PATTERN="^"`date --date="1 minute ago" "+%b %e %H:%M:"`""
tail -n 1000 /var/log/messages | grep ""$PATTERN"" | grep sshd | grep -i "invalid user" | grep " from " > "$LOGFILE"
if [ $(stat -c%s "$LOGFILE") -gt 0 ] ; then
	echo "See the attached log for details" | mailx -a "$LOGFILE" -s "Possible hack attempt" YOUREMAIL@YOURDOMAIN.COM
fi
rm "$LOGFILE"

Copy it to your /root folder. Name it something cool like ‘ssh_foghorn’, and chmod +x it to make it executable. Put it in your /etc/crontab file to run once every minute. Make sure you set the system log to whatever your distro uses. And change the email address to your own. Doesn’t cure cancer, but for 8 lines of code, it does what it needs to.

Again, I’m sure there are better ways to do this, so let’s hear ‘em!

Once in awhile, it’s nice to block hostile machines on the kernel level. Specifically, this is done with iptables or ipchains. Iptables if you are living in this millenium.

If a specific host is known to be hostile, execute the ‘whois’ command on the ip address. This will give you the IP range of the organization assigned the ip block to which the offending ip belongs. If it is outside of the country and you only service clients inside your country, it doesn’t hurt to block the whole ip range. So, we’re going to block a hostile block from China. As root, run the following command:

iptables -I INPUT -s 125.71.214.0/24 -j DROP

Why not REJECT instead of drop? This adds a rule to the firewall that simply drops the packets. This is more annoying to the other end because they never get a response. If you explicitly reject the packets, they get a message to the effect instantaneously. You want them to have to wait. It slows them down, which is bad for them.

To list the rules in the INPUT chain:

iptables –line-numbers -L INPUT

To delete a rule from the INPUT chain:

iptables -D INPUT [line number]

ex. iptables -D INPUT 1

Would delete the first rule in the INPUT chain.

Cool subnet calculator at : http://www.subnet-calculator.com/

Helpful comments with more useful or better commands welcome.

Linux is continuing to grow with much momentum. One of the reasons that this is the case is because non-technical users who don’t want to learn Linux can use it without having to learn it. In other words, Linux has become much more intuitive and user-friendly. Especially distributions like Ubuntu and OpenSUSE. Plus, it’s just better than everything else. *wink*

Excerpt:

“47% of respondents said they would use or evaluate Linux in the coming year, with lower cost as the primary driver. But the largest percentage said they had no further plans to migrate from Unix to Linux, indicating that future Linux growth would be at the expense of other platforms. In response to a different question, 23% said that whenever possible they would migrate from Windows to Linux, and another 16% said that to avoid a Windows upgrade, they would migrate to Linux. Also expanding Linux use in the data center is a sharp projected upswing in use for its built-in virtualization. Although Red Hat and SUSE Xen-based virtualization tally only about 2.5% apiece of deployments currently, respondents’ projections for the technology climb steeply to 10% for Red Hat and 5% for SUSE over the next year.”

Take a look at “Is Linux growing at Windows’ or Unix’s expense?.”

“The most powerful physics project in the history of the known universe – The $10 Billion Large Hadron Collider (LHC)- shot its first light speed beam this morning around its 27 km circuit. Beyond the 20 years it took to build and half of all the world’s astrophysicists, it also takes another key ingredient to make LHC work — Linux.” How much better could you say it?

Not only that, we have a screenshot of their Linux usage. Apparently, they are using KDE, the best desktop environment there is:

Click for larger image

Read “Large Hadron Collider – powered by Linux.”

The London Stock Exchange completely crashed running Windows 2003 servers, MSSQL Server 2000, and custom .NET applications written by Microsoft and Accenture. The systems were down for nearly 7 hours. Yet another reason not to use M$ software in mission-critical situations, especially those that affect the economy of a country. I’m guessing they’ll start looking at something more stable, like Linux.

Excerpt:

“It should have been a great day on the London Stock Exchange. The U.S. government had announced on the Sunday before that it was coming to the rescue of Freddie Mac and Fannie Mae. Trading would have been extremely brisk, but then, at 9:15 AM GMT, the Exchange’s software failed due to “connectivity issues.” Six-hours and 45-minutes later, the London Exchange, along with the Johannesburg Stock Exchange, which uses the LSE’s trading platform TradElec, were finally back up.”

Read more about why the London Stock Exchange should switch to Linux

Dell is sure making moves in the right direction with Linux! They have a new machine that is essentially “instant-on” and gives you access to email and the Internet without booting the entire Linux operating system.

Excerpt from Tectonic:

“The really interesting news for Linux fans, however, was Dell’s new “Latitude ON” system which allows for almost instant-on booting when you want to check an email or something on the Internet without booting the entire operating system.”

Read more about these Linux machines from Tectonic

A CrunchGear article explains more:

“By using a secondary processor with its own Linux based OS, the primary CPU is bypassed for instant access to a variety of functions. Think BlackBerry style. Contacts, calendar, email – that kind of stuff – opened up directly on your laptop without firing up the whole system. The dedicated sub-system should also preserve battery life by avoiding the power drain of larger applications.”

Read more about the Linux-powered Dell Latitude E4200 and E4300 from Crunchgear