But were afraid to ask... Well, this may be more true for folks who heed the advice to RTFM (Read The Fine Manual).
Debian is a GNU/Linux distribution of Free Software. Since there is such an overwhelming volume of documentation on Debian (both old and new), it can be bewildering to know where to start. This guide tries to highlight those concepts which are actually key to getting things working, and which can be picked up later as you go along and get more familiar with the structure of the system. It's best of course if you can also have a chat with a friendly Debian user.A lot of these Debian hints are thanks to the explanations by Rick Moen (rick@linuxmafia.com). Rick has much more Debian info in his Debian Knowledge Base.
If you would like to run a system which you can upgrade over time without needing to reinstall it whenever there is a "release" from the distribution vendor, then the Debian distribution is a very attractive choice. The Debian distribution provides binaries for a great variety of architectures, so not a lot of time need be spent by your local system to get it installed. Using the latest Debian "netinst" (see below), you can get a system up and running using only a single, small CD-ROM image.
The reason "releases" have so little relevance when running Debian, is due to Debian's policy, as well as its concept of "tracks". These tracks have the names Stable, Testing and Unstable (Unstable is also known as "sid", after the neighbor kid who was a menace to all the toys in the movie "Toy Story"). These tracks are like symbolic links. A better analogy might be to think of train tracks: in Debian there are three trains (the releases) running along three different development tracks. When a release occurs (for example when the "sarge" train recently reached the end of the Testing track and was shunted onto the Stable track), the Debian maintainers simply change the symlinks to point Stable to what used to be Testing (effectively putting this new and improved train into wider service, now that it has been proven stable), and Debian continues development. Of course, the analogy to train tracks isn't perfect, because the Unstable track would have to be infinitely long. Releases in Debian are not such a major event, the way they tend to be with other distributions. Folks running on the Stable track will just see an unusually large volume of updates the next time they update their systems.
The concept of a distribution policy is a tricky one to explain, and until you've experienced using
a distribution with a policy for a while, you really don't know what you're missing.
Having a policy is the reason Debian is so smoothly upgradable and maintainable, as compared to
those other distributions which don't have a clear policy.
Initially I had thought that the reason Debian was so upgradable had something to do with the packaging format
(debian uses deb packages, whereas many other distributions use RPM packages), but Conectiva uses RPM
and it too has a policy which allows it to be upgradable. I'll try and update this section with a better
explanation of the whole "policy" concept than these vague ramblings.
Let's start our Debian exploration on "Stable". If you are familiar
with RPM-based linux distributions, up until recently when sarge was
released, running on the Stable track felt a bit like a trip back in
time. The Stable track is the one on which you can be sure to always get
the security updates automatically. To see the names of the current
release on each of the tracks, consult the file debian/dists/README here. At the beginning of 2005, the Stable track pointed to the release with the name "woody". Now it points to "sarge".
Debian GNU/Linux 3.1 r0a_Sarge_When originally installed from CD-ROM, the file
/etc/apt/sources.list contains only references to the CD-ROM set the distribution was installed from, so to allow you to update the distribution
and install new packages from the network, it would need to be modified to include references to
a "Debian Mirror" as explained in the next section.
To update a Debian installation done from CD-ROM on the Stable track
to the latest versions of the packages available on the Stable track,
you'll need to replace the contents of /etc/apt/sources.list with the following:
deb http://security.debian.org stable/updates main non-free contrib deb http://http.us.debian.org/debian/ stable main non-free contrib deb-src http://http.us.debian.org/debian/ stable main non-free contrib deb http://non-us.debian.org/debian-non-US stable/non-US main non-free contribIf you're behind a proxy server, set the following in your environment, so that
apt-get knows how to find its way to the Debian mirror servers, by telling it about
your proxy server. This can be done by setting the http_proxy environment variable:
export http_proxy="http://your-proxy.your-domain:80"To update the package catalogues and then update all of the installed packages to the latest revisions available, run the command:
apt-get update apt-get dist-upgradeIf you prefer, you can download the packages first (as this takes a long time) and then install them when you are ready, using the
--download-only flag, e.g. as follows. There's even a tool
called cron-apt to automate
this procedure for you.
apt-get update && apt-get --download-only dist-upgradeAfter this, you will be up to date on the Stable track. Now that sarge is released (3.1r0 was released Monday, June 6th, 2005), the stable track now has all of the goodies and I hope it's not too much of a stretch to say that even developers will be happy with the recent versions of tools and libraries.
There's a lot less of a need to do this now that Sarge is released as stable, but if you need to follow development closely then to change your distro from the Stable track to the Testing track, the file:
/etc/apt/sources.listshould be changed to the following:
deb http://security.debian.org stable/updates main contrib non-free deb http://security.debian.org testing/updates main contrib non-free deb http://http.us.debian.org/debian/ testing main non-free contrib deb http://non-us.debian.org/debian-non-US testing/non-US main contrib non-freeNote that the security deb source should still be selected from the Stable track, as well as the Testing track, because usually security updates are made available on the Stable track first.
This step may be unnecessary nowadays because when you do
apt-get update && apt-get dist-upgradethe Debian package manager will successfully upgrade everything from stable to testing. It will even ask:
Do you want to upgrade the system?meaning do you want to upgrade your libc6 and so on. I'll leave the description of this step in here for now, as it's still useful to know the names of the core packages. The step is as follows: update the core packages of the system first, before embarking on the full distro upgrade, since these packages are the main ones that will be used to do the upgrade work:
apt-get update apt-get install perl libc6 dpkg apt apt-utils debconf
Run the distro upgrade step again:
apt-get update apt-get dist-upgradeAfter this, you will be up to date on the Testing track.
The catalogue listing all the details about all the packages available worldwide (from
sources you have listed in your /etc/apt/sources.list configuration file) is located in:
/var/lib/apt/lists
The filenames in this directory are rather long. The files ending in _Release contain the header information
for the catalogue archive. Using this, you can tell which Track a given archive corresponds to, what component it
refers to, who (or what) the origin (or publisher) of the catalogue is, what the label is, and the Architecture the
catalogue is for.
The files ending in _Packages contain complete lists in ASCII of all the packages.
To update these catalogues, use the command:
apt-get update
This will refresh the catalogues, according to whatever sources you have
specified in your /etc/apt/sources.list. It also merges all available
packages into /var/lib/dpkg/available. The status of all packages is
listed in file /var/lib/dpkg/status.
The Debian package management tools are organised in a hierarchy, according
to their capabilities, level of abstraction, and the user interface they provide.
At the top level are the tools dselect, adept and aptitude. If you have a somewhat older (slower) system,
you may prefer to only download the packages, but install them later. You can use the -d flag with aptitude to only download the packages.
There's also debfoster, useful for finding and removing
packages you no longer want around to help with security, or just to
cleanup and save disk space.
The next level down is apt-get (apt is the "Advanced Packaging Tool", which is the most commonly used tool from the command line),
and finally the lowest-level tool is dpkg (which although it is supposedly the least
user-friendly, dpkg is sometimes the simplest tool to use to get the job done -- you may
find yourself resorting to using dpkg when you don't happen to have very good network connectivity).
If you want to update your system from a new set of CDs, you'll first need
to add the catalogues from the new CD-ROM source. To do this, use apt=cdrom.
After that, just update the system as usual using apt-get dist-upgrade.
Use the utility apt-cache to search the catalogue for packages you'd like
to install, or to get information about packages before installing them:
apt-cache search nasm apt-cache showpkg intel2gas
The Debian website also maintains the Search package directories tool, which for example is great for getting package details for other architectures.
Kernel packages for Debian can be found in /var/lib/apt/lists by searching for
the string kernel-image, e.g. for the PowerPC architecture, one of the Stable
kernel packages had the name:
kernel-image-2.4.22-powerpc
To clean the cache of Debian's packages in /var/cache/apt/archives the following commands can be used:
apt-get clean apt-get autocleanSometimes, an operation like
apt-get dist-upgrade might get interrupted due to running out of space in /var. In that case, after using the above apt-get clean command to free up some space, you can resume using:
sudo dpkg --configure -a
Sometimes you might need to "force" things to get them to update, due to dependency issues. It's best to check carefully before doing this sort of thing, though:
dpkg -i --force-overwrite knoqueror apt-get -f dist-upgrade
To list all of the Debian packages already installed on your system:
dpkg -l dlocate -l
To use grep to narrow the list of packages to those with names that contain a specific string, remember to add the environment setting for COLUMNS like in the following example, as otherwise the default narrow name field may truncate the name you're searching for:
COLUMNS=200 dpkg -l|grep whatever COLUMNS=200 dlocate -l whateverTo show the installation status of a package (and its description, once it's installed), use
dlocate -s:
dlocate -s tuxpaintYou can also use wildcards in the search string provided to
dpkg -l, as in the following example:
COLUMNS=200 dpkg -l '*whatever*'The reason the
dpkg command needs COLUMNS to
be set is because it recognises when its output isn't a
terminal, and truncates the package name column so that it fits in a
narrower width. Another method for searching for packages is thanks to
Adam D. Barratt:
dpkg-query --show --showformat='${Package;-50}${Version}\n' 'libgnomevfs*'
To list the contents of a specific Debian package already installed on your system:
dpkg -L libgtk2.0-dev
To figure out which package a given file on your system belongs to:
dpkg --search /usr/lib/libgtk-x11-2.0.a
dpkg --get-selections > $HOME/systemA_packagesIt's also a good idea to take a copy of the
/etc/apt/sources.list from systemA.
Then, to apply the package selections of systemA to another system (which must be
running on the same track, otherwise the package names may be different), copy over
the file $HOME/systemA_packages to the new "clone" system and use:
cat $HOME/systemA_packages | dpkg --set-selectionsThe above command will not actually install or remove anything. It just sets the selection state on the packages according to the list you provided from the original system. You then need to run
dselect to actually download and install the packages.
Before running dselect, remember to take a look at the /etc/apt/sources.list file from
the systemA machine, to see if any of its sources need to be added to the sources.list of the
clone machine, and run apt-get update before continuing, because dselect will only
be able to download from sources that are configured.
dselectThe
dselect tool will bring up a menu, and here you choose the "Install" option.
To "reconfigure" any given package (i.e. make the Debian package manager re-ask you all the package configuration questions):
dpkg-reconfigure packagename
To reconfigure all packages manually all over again:
dpkg --configure -a
There's also a tool called "debconf" for package reconfiguration.
aptitude aptitude package manager takes somewhat more time to learn. To install it along with its documentation, use:
apt-get install aptitude apt-get install aptitude-doc-en dpkg -L aptitude-doc-en|grep index.htmlThen you can just open and read the manual from your local machine by pointing your browser to file:///usr/share/doc/aptitude/html/en/index.html
Some packages have a long history of alternative implementations, and you may feel most at home using a specific one of these all the time, rather than being unexpectedly exposed to a disconcerting "new features" (for example when your fingers wander accidentally to a key you didn't intend to press, and which previously had no effect).
For example, to choose which implementations of vi editor to use, run the following commands. The X cursor can also be changed using this method.sudo /usr/sbin/update-alternatives --list vi sudo /usr/sbin/update-alternatives --config vi sudo /usr/sbin/update-alternatives --list view sudo /usr/sbin/update-alternatives --config view sudo /usr/sbin/update-alternatives --list x-cursor-theme sudo /usr/sbin/update-alternatives --config x-cursor-theme
In Debian, the default display manager is chosen by writing either /usr/bin/kdm
or /usr/bin/gdm in the file:
/etc/X11/default-display-manager
Knoppix is a convenient single-CD bootable distribution, based on Debian. To install Debian from a Knoppix CD, boot as usual from the Knoppix CD, then run the command:
/usr/sbin/knoppix-installThis will bring up an easy-to-use installer, to guide you. After the install is completed, and Debian is installed on your hard drive, to update the resulting Debian installation to the latest available packages, do the following:
apt-get update apt-get dist-upgradeIf you're behind a proxy server, first set the following in your environment, so that "apt" knows how to find its way to the Debian servers:
export http_proxy="http://your-proxy.your-domain:80"
Now that sarge is released (3.1r0 was released Monday, June 6th, 2005), the Debian Network install page gives links to the official images. If you previously did an install of sarge by following
the instructions from this page, please remember to edit your /etc/apt/sources.list file to
replace the word testing with the word stable, because sarge is now stable and "etch" is the
name for the development version on the testing track.
Download the Debian Sarge Netinst and burn it to a CD. Boot from the Debian Sarge Netinst CD. The default setting is to install a 2.4 series kernel, which I'd recommend if you're installing Debian on a SparcStation 20 machine, but if you want to run your system with a 2.6 series kernel, then at the boot menu type:
linux26
Do the usual base Debian install from the CD, after which the system will reboot
into the new (minimal) Debian. You can then continue the installation using an
http source. It will ask you to select a country and a mirror. Let's select
USA, and mirrors.kernel.org, and then it will ask if a proxy server is needed.
If you have another linux machine handy, instead of simply giving the address of your internet access proxy server (if you are using one), give the address of this handy machine, which you will intrepidly configure to serve as your very own Squid cache. This friendly Squid server will happily cache all of the packages you download from the debian mirror, so that if you need to install a second machine with Debian the install will run much more quickly, and place less load on the bandwidth of the mirror server. If you use the default Squid configuration, Squid runs on port 3128. So set the "proxy" server the Debian installer asks for to the following address, for example: http://your-machine.your-domain:3128 If you haven't set up a Squid server before, a quick guide to a suitable configuration (for this purpose of caching Debian packages) is described here: ExampleSquidConfiguration
In the Sarge installer, let's select a "Workstation" configuration, and let it install that. All of the packages it downloads (around 450MB of them) will be cached on your Squid server.
Note that the Sarge installer doesn't allow you to specify an IP address for your machine until after this step is complete. It depends on being able to get a dhcp leased IP address, so you'll need to set up your Squid server to allow access to the new leased IP while this phase of the install is running.
After getting the Workstation configuration installed, it's time to check if
any updates have occurred in the meantime, since the installer might be old by
the time you get this far, and fixes might already be available. To get the latest package summaries, run the command:
apt-get update apt-get dist-upgrade
In my case, this also resulted in an update to the kernel package being installed,
which fixed a bug (the aic7xxx SCSI host bus adapter driver wasn't recognising the aic7890
controller, and only the aic7880 controller was being seen). So after rebooting to the updated kernel,
the aic7890 controller was recognised and the additional hard drive that was connected to it showed up.
This was a bit of a messy situation, as you can imagine: all of the drive names got moved up by one letter.
I corrected the /boot/grub/menu.lst and /etc/fstab to get things booting correctly again.
The fixed kernel also has support for reiserfs, although you still needed to install the reiserfsprogs
to create such filesystems:
apt-get install reiserfsprogs
Note that the kernel installed by default by the Sarge installer is for the lowest common
denominator of the intel family, the "i386". This kernel has the package name kernel-image-2.6.8-1-386.
If your system is a Pentium III with multiple processors, then you'll need to manually install the kernel kernel-image-2.6.8-1-686-smp and update the /boot/grub/menu.lst file to boot this kernel. It's probably
a good idea to also install the non-smp kernel, in case you need to remove
a CPU at some time for whatever reason, although it seems that the Debian smp
kernel is still be able to boot on a uniprocessor machine. Install the sources
also, they're usually required for building modules and stuff. See the following guide to installing the kernel source for Debian.
Using make-kpkg is a convenient way of compiling your kernels for Debian.
The Debian package kernel-package takes all the required steps for compiling
a kernel so that the user need not remember the actual sub-steps involved.
The Debian way allows you to keep multiple versions of kernel images on the same
machine with little effort. Even multiple flavors of the same kernel version
can easily be accommodated.
Other kernel module packages are also hooked into the Debian way of dealing with
kernels so that you can simply compile them as part of the kernel compile
process. This includes the Debian packages pcmcia-source and alsa-source.
Such modules generally rely on the particular kernel version.
Debian also has the nice feature of keeping the configuration file for each
kernel image in /boot, with a name such as /boot/config-2.6.8-1-686, for example.
To get alsa sound working, use /usr/sbin/alsaconf. For example, on a
Dell Precision 410 system, tell it to probe for ISA sound cards,
and select only the cs4236 from the list presented (use spacebar to remove
the selection from all of the other cards listed). Continue, and alsaconf will
then prompt you on whether it should add the sound card module aliases and parameters to the
file /etc/modprobe.d/sound. Give it the OK, and the result should look like the following:
options snd device_mode=0660 alias snd-card-0 snd-cs4236 alias sound-slot-0 snd-cs4236 options snd-cs4236 port=0x530 cport=0x538 isapnp=0 dma1=1 dma2=0 irq=5 install snd-cs4236 /sbin/modprobe --ignore-install snd-cs4236 && /usr/lib/alsa/modprobe-post-install snd-cs4236
It may also be necessary to add your user to the audio group, which owns /dev/dsp, either using vigr or as follows:
/usr/sbin/usermod -G audio username
Then use alsamixer to set the master volume control to 60% and the PCM
volume control to 100%, and you'll hear sounds play when you open a new
terminal window, for example. For fullscreen video playback, we need Xvideo support.
To check if the support is enabled, use xvinfo.
Debian kino package "suggests" mjpegtools, but there doesn't
appear to be such a Debian package. It appears that the license precludes mjpegtools
from being included.
mjpegtools yourself. It seems to be simplest to build mjpegtools from the tarball rather than from the mjpeg CVS.
acroread in Debian? What, you can't live with xpdf, you want to use a buggy non-Free Software (proprietary) product
that leaks information?
Well, this section is for you. According to Mimos Berhad's Knoppix User's Guide, quite a few convenient tools are available as Debian packages in Marillat's repository, and acroread is one of them.
dpkg directly to install acroread as follows:
wget ftp://ftp.nerim.net/debian-marillat/dists/stable/main/binary-i386/acroread-debian-files_0.0.8_all.deb wget ftp://ftp.nerim.net/debian-marillat/dists/testing/main/binary-i386/acroread_5.10-sarge0.1_i386.deb dpkg -i acroread-debian-files_0.0.8_all.deb acroread_5.10-sarge0.1_i386.debTo annotate PDF files, give Johannes Hofmann's
flpsed a try.
The Debian Stable track has a convenient media player in the package vlc.
Install it preferably by installing the wxvlc package, which provides the
frontend. VLC is the VideoLAN project's media player. It plays back MPEG,
MPEG2, MPEG4, xvid, DivX, MOV, WMV, QuickTime, mp3, Ogg/Vorbis files, DVDs,
VCDs, and multimedia streams from various network sources.
apt-get install wxvlcIf your system is somewhat older and slower,
mplayer will squeeze the last drop of performance
from your system. Install mplayer-nogui from Marillat's repository to get mplayer.
The package libdvdread3 "suggests" libdvdcss2, but the DMCA precludes it from
being provided as a binary Debian package. You may of course build libdvdcss from the
libdvdcss 1.2.8 sources, but there is
also a convenient Deb package
provided, along with a Deb dev package, which can be installed using:
wget http://download.videolan.org/pub/libdvdcss/1.2.8/deb/libdvdcss2_1.2.8-1_i386.deb wget http://download.videolan.org/pub/libdvdcss/1.2.8/deb/libdvdcss2-dev_1.2.8-1_i386.deb dpkg -i libdvdcss2_1.2.8-1_i386.deb dpkg -i libdvdcss2-dev_1.2.8-1_i386.debThe
libdvdcss library is loaded dynamically by libdvdread, when libdvdread
encounters a DVD mastered using the content scrambling system (CSS).
For more info, see the homepage of libdvdcss.
Debian disables X11 forwarding over ssh session by default, probably because it's not really all that secure.
If you've become addicted to using X11 forwarding (from having it turned on in many RPM-based
distributions), you can edit the file /etc/ssh/sshd_config
and change the setting for X11Forwarding to yes as follows:
X11Forwarding yesThen, restart the ssh daemon using:
invoke-rc.d ssh restartThereafter, you'll be able to use the
-X flag when you login over ssh, so that
when you invoke X11 applications, they'll be displayed on your local server.
If you have configured CUPS in the past, you may be a little leery of any guide purporting to explain how to do it in less than a page. You would be right. Even though CUPS can be tricky to set up, it is worth the effort. Hopefully you will be encouraged to hear that setting up CUPS seems to be somewhat easier on Debian than on many RPM-based distributions. Anyway, let us enter the fray, intrepidly installing the CUPS system, the CUPS client and the ESP GhostScript packages using:
apt-get install cupsys apt-get install cupsys-client apt-get install gs-espIf you would also like CUPS's BSD lpr interface to work, for the benefit of applications that expect to print only to such an interface, then you'll need to install the package
cupsys-bsd, which is the lpr-emulation front-end to CUPS:
apt-get install cupsys-bsdThe
cupsys-bsd default setup is such that it expects to read lpr-style printer info
from /etc/printcap, whereas the default Printcap entry in /etc/cups/cups.conf causes
the CUPS administration routines to write lpr printer info to /var/run/cups/printcap.
Let's edit the CUPS configuration file /etc/cups/cupsd.conf and change the setting for Printcap from:
Printcap /var/run/cups/printcapto
Printcap /etc/printcapTo access the CUPS web aministration interface, add your user to the
lpadmin group, either using vigr or as follows:
/usr/sbin/usermod -G lpadmin usernameThen go to the CUPS web administration interface at port 631:
http://localhost:631/If you need to add an entry to
/etc/cups/passwd.md5, proceed as follows:
touch /etc/cups/passwd.md5 lppasswd -a usernameThe
passwd.md5 will only be used by CUPS for authentication if the /etc/cups/cupsd.conf
configuration file has the following settings. The default Debian CUPS configuration file
uses AuthType Basic and AuthClass User, thus allowing access to any user who is a
member of the lpadmin group.
AuthType BasicDigest AuthClass Group AuthGroupName lpadminTo add (for example) a HP LaserJet 8100 printer, navigate the interface as follows:
Administration -> Add Printer -> AppSocket/HP DirectJet
Enter the following:
Device URI: socket://printer_hostname:9100
Make: HP
Model: HP LaserJet Series CUPS v1.1
Save the printer. Now you still need to configure the printer in the CUPS interface.
Click on Printers, and this will bring up a page with an icon for your
printer. Click on the Configure Printer button, and in the General settings,
make the following choices:
Double-Sided Printing: Long Edge (standard)
Media Size: US Letter
Media Source: Tray 3
The reason for choosing the Media Size as US Letter is that if you use
the default of A4, this will result in the printer attempting to print
from the manual feed tray (Tray 1). This is because all of the supplies inside
the printer are usually of size US Letter (this may be different if your printer
is not in the USA).
In addition, for printing from xpdf, you'll need to configure the page size as letter instead
of "a4" by editing /etc/papersize to make the change:
sudo echo "letter" > /etc/papersizeAlso, before saving with
Double-Sided Printing setting, you need to enable
Duplex Printing in the configuration slightly lower down on the page.
For configuring Mozilla to use CUPS rather than lpr,
select File -> Print from the menu,
then press the Properties... button and replace:
lpr ${MOZ_PRINTER_NAME:+'-P'}${MOZ_PRINTER_NAME}
with:
KDE window manager: kprinter -stdin
Gnome window manager (thanks to Chris Davis for this hint): gtklp -S localhost
lpr in the xpdf print dialog.
Remember before printing from xpdf, to edit /etc/papersize to change the a4 to letter.
First of all, test whether network access to the printer is indeed working. For
this, you can use telnet printer_hostname 9100 and just type in some text and
close the telnet session. This should print out the text. Some printers even
run a small web server, which you can connect to by pointing your browser to
http://printer_hostname:80Using CUPS, if you print a test page to the printer but nothing comes out, it may be because you didn't install the ESP GhostScript package
gs-esp.
If this is the case, you may see an error message in the CUPS log
file /var/log/cups/error_log as follows:
Unable to convert file 0 to printable format for job 1!If you see this message, install ESP GhostScript package and restart CUPS using:
apt-get install gs-esp invoke-rc.d cupsys restart
/etc/cups/cupsd.conf as follows:
LogLevel debugAfter doing this, restart the cupsd process using:
invoke-rc.d cupsys restartThe following file will contain a detailed log of everything that is reported by the scheduler and print filters:
/var/log/cups/error_log
/etc/network/interfacesTo use dhcp on an interface, the file should contain:
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet dhcpTo use static addresses on two different interfaces, use for example:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 198.156.123.11
netmask 255.255.255.0
network 198.156.123.0
broadcast 198.156.123.255
gateway 198.156.123.1
auto eth1
iface eth1 inet static
address 192.168.1.1
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
If you work in an environment where you frequently make use of a lot of NFS servers,
you may prefer to use the automounter from the autofs package. To configure it so that it
automatically mounts a filesystem (for example, shire) which has been exported to you
from a remote server machine (for example, frodo) when you type cd /net/frodo/shire,
you'll need to uncomment the following line from the file /etc/auto.master
/net /etc/auto.netThen get the automounter to re-read its configuration file, as follows:
invoke-rc.d autofs reloadThe above command will cause the automounter to check the current
/etc/auto.master
map against its running daemons, then kill those daemons whose entries have changed,
as well as start daemons for new or changed entries (which is what we have done here,
by adding a new entry to the /etc/auto.master map).
apt-get install ntpdate apt-get install ntp apt-get install ntp-doc apt-get install ntp-simpleIf you have direct access to the internet, then this will be sufficent, but you may prefer to access a local NTP server rather than fetching time from the internet. To do this, you'll need to edit the file
/etc/default/ntpdate to modify the setting
for NTPSERVERS, and also edit the file /etc/ntp.conf to replace server pool.ntp.org
with an entry containing the IP address of your local NTP server. At some sites,
you may find that each of the subnet routers is configured as an NTP server.
To set the new system date and time, and start the NTP daemon process to keep it
in sync from then on, do:
invoke-rc.d ntpdate restart invoke-rc.d ntp-server restartIf you ever find yourself in an unexpected and unfamiliar timezone, you can use the
tzconfig program to set the timezone correctly (unless of course you are
physically in the wrong place, in which case tzconfig will only add to your
disorientation).
corkscrew maintained by Pat Padgett is a tool for tunneling OpenSSH through HTTP proxies.
The concepts are tricky to describe in the abstract, so an example is in order. First install the package:
apt-get install corkscrewLet's say there's a machine tty.freeshell.org that you would like to connect to over OpenSSH on port
22, and your HTTP proxy is called your-proxy.your-domain and
is listening on port 80. Adding the following two lines to your $HOME/.ssh/config file should be
sufficient to get things going:
Host sdf
ProxyCommand /usr/bin/corkscrew your-proxy.your-domain 80 tty.freeshell.org 22
After that, you'll be able to establish an OpenSSH session using:
ssh username@sdf
WARNING: This device is not safe for journaled file systems like ext3 or Reiserfs. Please use the Device Mapper crypto module instead, which can be configured to be on-disk compatible with the cryptoloop device.So how do we use the Device Mapper as the warning suggests? The place to start is Christophe Saout's dm-crypt page. The wikipedia page for dm-crypt is also a good reference. For Debian, this guide or this guide go into a lot of detail. When using disk encryption, remember that your DRAM is not as volatile as you might have thought. Essentially, the
cryptsetup utility hides all of the details of needing to understand the
Device Mapper's dm-crypt syntax, although it's good to know you can always carry out the
steps manually if necessary, using only the dmsetup utility.
I'll only quickly show the commands to create an encrypted filesystem within a plain file:
apt-get install cryptsetup modprobe dm_mod modprobe loop max_loop=32 dd if=/dev/urandom of=$HOME/cryptfile2 bs=1M count=100 losetup /dev/loop2 $HOME/cryptfile2 cryptsetup -y -c aes -h ripemd160 -s 256 create volume2 /dev/loop2 mke2fs /dev/mapper/volume2 mount -t ext2 /dev/mapper/volume2 /mnt/machine/volume2To unmount the filesystem, proceed as follows:
umount /mnt/machine/volume2 && \ cryptsetup remove volume2 && \ losetup -d /dev/loop2To mount the filesystem again, use:
modprobe dm_mod modprobe loop max_loop=32 losetup /dev/loop2 $HOME/cryptfile2 cryptsetup -y -c aes -h ripemd160 -s 256 create volume2 /dev/loop2 mount -t ext2 /dev/mapper/volume2 /mnt/machine/volume2Note: File-backed loop devices can't be used with journaling file systems. Only device-backed loops guarantee that writes will reach the disk platters in the order required by a journaling file system (write caching must be disabled on the disk drive, also). With file-backed loop devices, the correct write ordering may extend only to the page cache (which resides in RAM) of the underlying file system. The linux VM can then write such pages to disk in any order it wishes, potentially breaking the write order expectations of the journaling file system. Another problem is that file-backed loops may deadlock under some kernel and file system combinations. So, if you can choose between device-backed and file-backed, choose device backed even if it means that you have to re-partition your disks. If you need to move your data from a system which doesn't have
cryptsetup, but does have Device Mapper,
you can build cryptsetup from the CVS as described on the dm-crypt wiki using:
# In the following, you can remove ";proxy=your-proxy;proxyport=80" if you're connecting directly to the internet. cvs -d ':pserver;proxy=your-proxy;proxyport=80:cvs@cvs.saout.de:/cvsroot/saout' login # Password is: cvs cvs -z3 -d ':pserver;proxy=your-proxy;proxyport=80:cvs@cvs.saout.de:/cvsroot/saout' co cryptsetup cd cryptsetup ./autogen.sh make su -c "make install"For the future, loop-AES gives better performance than
dm-crypt. For Debian, this guide and this guide are a good start.
Once you get more familiar with Debian, have a look into the following resources. Happy trails.
This guide is thanks to the patient explanations from:
Rick Moen (rick@linuxmafia.com), Daniel Gimpelevich and Calvin Wong.