Homepage of Lars E. Pettersson

Linux, tips and tricks

Why Linux

I am one of those that skipped the Microsoft Windows train. I started out using MS-DOS in 1984, UNIX in 1987, and Linux around 1995. I have never liked Windows, everything seem to be hidden away in odd places, not to mention the problems with viruses etc. that have created huge problems during the years. For me the ultimate operating system is Linux. It is fast, you do not need the fastest and latest computer around, safe, it is based on the UNIX model with different users and security between these users, free, you can just download it without being afraid that the police will show up at your doorstep for having illegal copies of software, and open source, you may freely change, or edit the code, this also makes it easy to create safe and sound code as the code will be audited by a huge number of people.

Why use Microsoft Windows when Linux is around?

Mini-howtos, notes, etc.

This is a small collection of different kinds of notes etc. I have written while setting up my computers. It is put here mainly for my own use, to have all information in one place, but may be of some use for others. Please feel free to comment my writings.

By the way, I take no responsibility whatsoever for you hosing your system using the information on this web page. What I have written worked for me, but may not do so for you. If you encounter problems though, and find a solution, please let me know, and I will update this page.

As of July 17, 2015 I have started time tagging the tips below. This will make it easier to find old stale information.

A4 paper size

A4 paper size


Print a certain field (in this case number 11) delimited by white space

awk '{ print $11 }'

cacti (http://cacti.net/)

If you only want to ping a certain host, i.e. not use SNMP at all, set "Host Template" to "None" and make sure that "SNMP Community" is blank. Set up the "Unix - Ping Latency" graph template as usual.


To copy a CD/DVD (this works for both data and unencrypted

dd if=/dev/dvd of=dvdcopy.iso cdrecord dev=/dev/dvd dvdcopy.iso

To burn backups on DVD do, for a folder do

growisofs -Z /dev/dvd -R -J /path/to/folder

and for an iso file do

growisofs -dvd-compat -Z /dev/dvd=image.iso

Create ISO files with

mkisofs -v -l -r -J -R -max-iso9660-filenames -no-bak -o updates.iso /path/to/files

Some more information is available in the evolution tip.


Converts file names from one encoding to another. Quite handy converting file names to/from UTF8 etc.


CVS server


As mentioned in the man-page "diction - print wordy and commonly misused phrases in sentences".

To check the text in the file textfile.txt, do

diction -bs textfile.txt

This will make diction complain about mistakes typically made by beginners, and suggest better wording, if any. Quite handy for someone who do not have English as first language.


To create a dovecot cert, first configure and then remove the old certificates then run mkcert.sh.

emacs /etc/pki/dovecot/dovecot-openssl.cnf
rm /etc/pki/dovecot/*/dovecot.pem
ll /etc/pki/dovecot/certs/ /etc/pki/dovecot/private/






Find all files in or below current directory, ., modified in the last day, -mtime -1, that are not directories, \! -type d, and execute the list function on them, ls -l

find . -mtime -1 \! -type d -exec ls -l {} \;

Find all pdf's, no matter what case, in or below current directory and feed them to acroread. -print 0 and xargs -0 takes care of directories and/or files containing space etc.

find . -iname '*.pdf' -type f -print0 | xargs -0 acroread

Find all files of size zero, and delete them.

find ${dir} -type f -empty -delete

Should perhaps use this first to see what files will be deleted.

find ${dir} -type f -empty -print


To be able to handle mailto: URL:s go to about:config and change network.protocol-handler.external.mailto to true, then add the network.protocol-handler.app.mailto preference name (right click in the about:config window, chose new->string and follow the instructions, for value write the path and name of your e-mail application, /usr/bin/thunderbird in my case.)


To split a mailbox into separate text files, do

formail -ds sh -c 'cat > msg.$FILENO' < $MAIL


Setup git before first use

git config --global user.name "Lars E Pettersson"
git config --global user.email lars@some.org

Using git locally (also shows some steps to initially create autotools)

git init hello  # creates a dirctory named hello under git version control
cd hello
git add configure.ac
git add hello.c
git add Makefile.am
git add $list
git commit -a -m "First version"

git server [2015-07-17 Fri]

First create a git user

[root@example ~]# adduser git

Save ssh keys for the users

[root@example ~]# su - git
[git@example ~]$ mkdir .ssh
[git@example ~]$ chmod 700 .ssh
[git@example ~]$ cat id_rsa_lars.pub > .ssh/authorized_keys
[git@example ~]$ chmod 600 .ssh/authorized_keys

Create a repository, and add an empty example project

[root@example ~]# mkdir /usr/local/git
[root@example ~]# mkdir /usr/local/git/example.git
[root@example ~]# chown -R git: /usr/local/git
[root@example ~]# sudo su - git
[git@example ~]$ cd /usr/local/git/example.git/
[git@example example.git]$ git init --bare
Initialized empty Git repository in /usr/local/git/example.git/

On a users computer do the following to fill the repository with data

$ cd example
$ git init
$ git add .
$ git commit -m 'initial commit'
$ git remote add origin git@example.server.xyz:/usr/local/git/example.git
$ git push origin master

Others (after being added to .ssh/authorized_keys) can then use this repository as

$ git clone git@example.server.xyz:/usr/local/git/example.git
$ cd example
$ vim README
$ git commit -am 'fix for the README file'
$ git push origin master # should perhaps use -u here?

To secure the installation you could (should) use a non-login shell named git-shell. First check if git-shell is present in /etc/shells, if not, add it. As root do

# cat /etc/shells
# which git-shell
# echo "/bin/git-shell" >> /etc/shells

Now change the shell for git

# chsh git
Changing shell for git.
New shell [/bin/bash]: /bin/git-shell
Shell changed.

(This text is based on https://git-scm.com/book/it/v2/Git-on-the-Server-Setting-Up-the-Server as of 2015-07-16 Thu)

If you get the following while trying tp pull data

$ git pull
There is no tracking information for the current branch.
Please specify which branch you want to merge with.
See git-pull(1) for details

    git pull <remote> <branch>

If you wish to set tracking information for this branch you can do so with:

    git branch --set-upstream-to=origin/<branch> master

use the following command

$ git branch --set-upstream-to=origin/master master

to setup the tracking information (you may also use -u when pushing the data for the first time, as explained above).

Also look at http://zarino.co.uk/post/git-set-upstream about updating the [alias] section of the ~/.gitconfig to automatically set upstream branch.

Gnome terminal

When using mc (Midnight Commander) in the gnome terminal you will notice that F10 brings up the gnome terminal menu, instead of being sent to mc. To fix this, in the gnome terminal chose the "edit" menu, then "keyboard shortcuts", and in the new window check "Disable menu shortcut key (F10 by default)".




To update grub.cfg

grub2-mkconfig -o /boot/grub2/grub.cfg

To remove rhgb and quiet from the commandline

# First makes a copy with the extension .orig, and then
# remove rhgb and quiet
sed -i.orig -e s/rhgb//g -e s/quiet//g /etc/default/grub
# Update grub.cfg
grub2-mkconfig -o /boot/grub2/grub.cfg

To force output to a tty

# in the grub menu, press 'e' on the boot line you want to edit
# remove 'rhgb quiet'
# and add
rd.debug systemd.log_level=debug systemd.log_target=console console=ttyS0,38400
# press return, and then 'b' to boot


To be able to access the serial port you have to issue the command

usermod -a -G dialout,lock

to add the user to the dialout and lock groups.


To see the contents of an initrd-file

gunzip --to-stdout /boot/initrd-2.6.17-1.2145_FC5.img | cpio -t
gunzip --to-stdout /boot/initramfs-3.12.5-200.fc19.x86_64.img | cpio -t

To extract

mkdir /tmp/initrd
cd /tmp/initrd
gunzip --to-stdout /boot/initrd-2.6.17-1.2145_FC5.img | cpio -i

To create a new one

dracut --regenerate-all

Upgrading Fedora using USB stick

NOTE: Any data on the USB stick will be destroyed. Also make sure that you use the correct device.

Your flash drive must have a single partition with a vfat file system. To determine how it is formatted, find the name of this partition and the device itself by running dmesg shortly after connecting the drive. The device name (similar to /dev/sdc) and the partition name (similar to /dev/sdc1) both appear in several lines towards the end of the output.

Use the partition name to ensure that the file system type of the USB flash drive is vfat.

# blkid partition

You should now see a message similar to:

LABEL="LIVE" UUID="6676-27D3" TYPE="vfat"

If TYPE is anything other than vfat (for example, TYPE="iso9660"), clear the first blocks of the USB flash drive:

# dd if=/dev/zero of=partition bs=1M count=100

Use the dd command to transfer the boot ISO image to the USB device:

# dd if=path/image_name.iso of=device

where path/image_name.iso is the boot ISO image file that you downloaded and device is the device name for the USB flash drive. Ensure you specify the device name, not the partition name. For example:

# dd if=~/Download/Fedora-17-x86_64-DVD.iso of=/dev/sdc

New hard-drive

First copy the contents of the old hard-drive to the new one (mounted as /mnt/disk) (note; zeros i.e. 0, not big o's, i.e. O):

find / -xdev -print0 | cpio -pa0V /mnt/disk

(make sure that all partitions are copied, if you have more than one) then halt the computer. Remove the old hard-drive, and install the new one in its place. Start with a live system on a USB-stick, or a DVD. When the live system has started, mount the new hard-drive as /mnt/disk, then mount the following:

mount -t proc none /mnt/disk/proc
mount -o bind /dev /mnt/disk/dev

Make sure that the disk UUID:s are correct in /mnt/disk/etc/fstab and /mnt/disk/boot/grub/menu.lst, correct if wrong (you can get the UUID of your new disk by issuing the cammand "blkid").

Now you can install the boot loader (grub) into the MBR by issuing the following command:

chroot /mnt/disk
grub2-install --recheck /dev/sda

Cross your fingers, and restart.


Stop SSH scans with

iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m conntrack \\
--ctstate NEW -m recent --set --name sshscans --rsource

iptables -A INPUT -m recent --rcheck --seconds 60 --hitcount 10 \\
--name sshscans --rsource -j DROP


# Then setup the ssh reject trap.
$IPTABLES -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set
$IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \\
--rcheck --seconds 120 --hitcount 3 -j LOG --log-prefix 'SSH REJECT: '
$IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \\
--rcheck --seconds 120 --hitcount 3 -j REJECT --reject-with tcp-reset

With the values present a given site gets three tries within a 120 second interval. Once that is exceeded it is locked out until the retry count drops below 3 in 2 minutes. This means ALL attacks get blocked. It also means that if you screw up your password three times you can still get in if you wait a little bit.


To keep the two latest kernels, including the running one, do

yum install yum-utils
package-cleanup --oldkernels

A guide describing how to rebuild kernels can be found at http://home.swbell.net/kwgow/kernel/steps.html




To find out what ports are open

/usr/sbin/lsof -i

or, for a certain port

/usr/sbin/lsof -i :22


To create a certificate for apache, do

openssl genrsa -out httpd.key 1024
openssl rsa -in httpd.key -pubout
openssl req -new -key httpd.key -out httpd.csr
openssl x509 -req -days 365 -in httpd.csr -signkey httpd.key -out httpd.crt
openssl x509 -text -in httpd.crt
mv httpd.crt /etc/httpd/conf/ssl.crt/
mv httpd.key /etc/httpd/conf/ssl.key/



My mailserver

First mailserver setup Postfix


NIS (this is really old information, please let me know if you find anything wrong)


Raid1 setup


To rename multiple files (*.cpp into *.c)

rename .cpp .c *.cpp

or try

for file in *.cpp; do mv ${file} ${file%cpp}c; done

or, to remove starting dor

for file in .thumb_IMG_38*; do mv -i ${file} ${file/.thumb/thumb};




To convert some rrd databses between different systems (i.e. 32 to 64 bit etc.) do the following two steps. Step one on the 32-bit, and step two on the 64-bit.

for i in `find -name "*.rrd"`; do rrdtool dump $i > $i.xml; done
for i in `find -name "*.xml"`; do rrdtool restore $i `echo $i |sed s/.xml//g`; done


Copy a local file or directory to a remote machine using rsync and ssh

rsync -avP -e ssh local_source user@new_server:remote_destination/

For regular backups do the following

# do not use -z, it only slows down traffic on fast networks
# --inplace update destination files in-place (not using inplace makes the harddrive thrash alot
#           (it uses a temp file before creating the final))
# -W disables delta/diff comparisons. When the file time/sizes differ, rsync copies the whole file.
/bin/nice -n 19 /usr/bin/rsync -aW --inplace --safe-links --one-file-system \
-e ssh lars@remote.machine.org:/data /home/backup/data/

smartctl and smartd

To make smartd check SATA discs, add the following to /etc/smartd.conf

/dev/sda -d ata -H -m root@localhost.localdomain
/dev/sdb -d ata -H -m root@localhost.localdomain

And to check status, do

smartctl -a /dev/sda




To get the file modification date (well, not exactly, but the commit time of the file) for checkout, update, switch, and revert, add the following to the ~/.subversion/config file

### Set use-commit-times to make checkout/update/switch/revert
### put last-committed timestamps on every file touched.
use-commit-times = yes

To create a subversion repository, in this case named myprog, and filling it with data from the directory local_copy, and finally taking a look at the repository, do

svnadmin create /usr/local/svn/myprog
svn import local_copy file:///usr/local/svn/myprog -m "First Import"
svn list --verbose file:///usr/local/svn/myprog

vncviewer [2015-08-03 Mon]

Connect to the server side via ssh and start the vnc server using the following command

x11vnc -xkb -safer -localhost -nopw -once -display :0

This will start a vnc server that should end when you close the connection.

On the client side, connect to this server using the following command

vncviewer -via username@ localhost:0
Author: Lars E. Pettersson - Created 2015-08-21 Fri 19:00 - Using: Emacs 24.5.1 (Org mode 8.3beta).