Tag Archives: Linux

source: http://blog.sudonetworks.com/2010/03/configuring-wpawpa2-on-linux-clients.html

Configuring WPA/WPA2 for WiFi access on Linux Clients

Configuring a Linux WiFi client is not always as easy as with Windows or MAC OS X. In this first post I will show you how to configure your Linux client to associate with an access point. For this example, I use Ubuntu version 8.x. This procedure may vary from one Linux variant to another. The SSID I want to connect to is APN and my WiFi interface is wlan1. Here are the steps for WPA/WPA2 PSK (commands are in boldface):

1. Generate your WPA/WPA2 passphrase

~# wpa_passphrase [APN]
# reading passphrase from stdin
[enter yoursecretkey]
network={
ssid="APN"
#psk="yoursecretkey"
psk=9ae7a5f631ecc688db8dcc6bbf317b4a551b39e9ee9c20effb5393e342bd954b
}

2. Copy your wpa_passphrase

output to /etc/wpa_supplicant/wpa_supplicant.conf from the above step, it starts with “Network={” and ends with a closing curly brace “}”.
You may want delete the comment “#psk=yoursecretkey”

~# wpa_passphrase [APN] > /etc/wpa_supplicant/wpa_supplicant.conf
[enter yoursecretkey]
~# vi /etc/wpa_supplicant/wpa_supplicant.conf

3. Enable your wireless interface

~# ifconfig wlan1 up

4. Scan for existing WLANs or SSIDs

~# iwlist wlan1 scanning | grep -i essid

ESSID:”BELL078″
ESSID:”APN”
ESSID:”2mix”

You now have a confirmation your target SSID APN is detected.

5. Configure your wireless interface for your specific SSID

~# iwconfig wlan1 essid APN

6. Start WPA/WPA2 authentication

~# wpa_supplicant -i wlan1 -c /etc/wpa_supplicant/wpa_supplicant.conf
ioctl[SIOCGIWSCAN]: Resource temporarily unavailable
CTRL-EVENT-SCAN-RESULTS
Trying to associate with 00:25:4b:0a:a3:f5 (SSID='APNSmallBang' freq=2437 MHz)
CTRL-EVENT-SCAN-RESULTS
Associated with 00:25:4b:0a:a3:f5
WPA: Key negotiation completed with 00:25:4b:0a:a3:f5 [PTK=CCMP GTK=CCMP]
CTRL-EVENT-CONNECTED - Connection to 00:25:4b:0a:a3:f5 completed (auth) [id=0 id_str=]

7. Assign IP address via DHCP

Open a new shell to type the following command:

~# dhclient wlan1
Internet Systems Consortium DHCP Client V3.1.1
Copyright 2004-2008 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/

Listening on LPF/wlan1/00:c0:ca:2f:94:0d
Sending on   LPF/wlan1/00:c0:ca:2f:94:0d
Sending on   Socket/fallback
DHCPDISCOVER on wlan1 to 255.255.255.255 port 67 interval 3
DHCPOFFER of 172.16.22.5 from 172.16.22.1
DHCPREQUEST of 172.16.22.5 on wlan1 to 255.255.255.255 port 67
DHCPACK of 172.16.22.5 from 172.16.22.1
bound to 172.16.22.5 -- renewal in 33064 seconds.

8. Check if IP address assigned correctly

ifconfig wlan1

wlan1     Link encap:Ethernet  HWaddr 00:c0:ca:2f:94:0d
inet addr:172.16.22.5  Bcast:172.16.22.255  Mask:255.255.255.0
inet6 addr: fe80::2c0:caff:fe2f:940d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1092 (1.0 KB)  TX bytes:1580 (1.5 KB)

At this point, you should be connected to your AP

Title: Custom kernel compilation fedora
Desc: Easy kernel compiling
URL: http://www.howtoforge.com/kernel_compilation_fedora, http://www.linuxquestions.org/linux/answers/Applications_GUI_Multimedia/Custom_kernel_compilaton_on_RedHat_Fedora_Systems
OS: linux

Linuxquestions.org – Custom kernel compilation
* Pre requisites
* Getting the Kernel
* Configuring the kernel
* Compiling the kernel
* RPM kernels
* 2.6.x kernel notes

-=-
If you have installed the pre requisites and downloaded the kernel quickest way is by configuring the kernel and
after that compile/create rpm package.

– Configuring
# make oldconfig
will attempt to configure the current kernel using the parameters fed from an old configuration file .config.old or .config,
since the file we copied has not this name making oldconfig will result on a series of text based questions, equivalent to make config

# make menuconfig
will result in a text based GUI which lets you load up an already existing configuration file (if you have a .config) or
an alternate configuration file (like our config-2.4.20-20.9 file).
This menu depends on ncurses, so you will have to see if these libraries are installed correctly on your system.

# make xconfig
is yet another GUI X based configuration tool which makes it easier and clearer to configure the kernel,
this option also allows us to load an alternate configuration file (such as config-2.4.20-20.9).
This GUI relys on the TCL-TK library (found in the kernel development section of redhat-config-packages).
This GUI has gone a major change in 2.5/2.6 it requires KDE-devel packages.

# make gconfig
The GTK front end of the Kernel configuration GUI for kernel 2.6.x, it is structured almost identical to that of the new xconfig.
Aimed for the GNOME 2.x Desktop Environment. Requires some GTK development packages.

– Compiling / create rpm
# make rpm
After creation the rpm should be in”~/rpmbuild/RPMS/i386/”
install the kernel with # rpm -ihv kernel-2.6.34.1.i386.rpm
create the ramdisk for booting initrd # mkinitrd /boot/initramfs-2.6.34.1.img 2.6.34.1
check the bootloader for pointing to the correct files  # vi /etc/grub.conf

source: http://articles.techrepublic.com.com/5100-10878_11-1052474.html

Takeaway: Learn how to use the Logrotate program to administer, back up, and monitor log files on Linux.

Log files are the most valuable tools available for Linux system security. The logrotate program is used to provide the administrator with an up-to-date record of events taking place on the system. The logrotate utility may also be used to back up log files, so copies may be used to establish patterns for system use. In this Daily Drill Down, I’ll cover the following topics:

• The logrotate configuration
• Setting defaults for logrotate
• Using the include option to read other configuration files
• Setting rotation parameters for specific files
• Using the include option to override defaults

The logrotate program
The logrotate program is a log file manager. It is used to regularly cycle (or rotate) log files by removing the oldest ones from your system and creating new log files. It may be used to rotate based on the age of the file or the file’s size, and usually runs automatically through the cron utility. The logrotate program may also be used to compress log files and to configure e-mail to users when they are rotated.

The logrotate configuration
The logrotate program is configured by entering options in the /etc/logrotate.conf file. This is a text file, which may contain any of the configuration options listed in the table below. The options entered in /etc/logrotate.conf may be used to set configuration parameters for any log file on the system. These options may also be used to allow logrotate to read configuration parameters from other log files, by using the include parameter.

The /etc/logrotate.conf file
The /etc/logrotate.conf file is the default configuration file for logrotate. The default /etc/logrotate.conf file installed with Red Hat Linux is shown below:
# see “man logrotate” for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# send errors to root
errors root
# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress
1
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own lastlog or wtmp –we’ll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}

/var/log/lastlog {
monthly
rotate 1
}

# system-specific logs may be configured here

Setting defaults for logrotate
Default configuration settings are normally placed close to the beginning of the logrotate.conf file. These settings are usually in effect system-wide. The default settings for logrotate on this system are established in the first 12 lines of the file.

The third line
weekly

specifies that all log files will be rotated weekly.

The fifth line
rotate 4

specifies that four copies of old log files are retained before the files are cycled. Cycling refers to removing the oldest log files and replacing them with new copies.

The seventh line
errors root

sends all logrotate error messages to root.

The ninth line
create

configures logrotate to automatically create new log files. The new log files will have the same permissions, owner, and group as the file being rotated.

The eleventh line
#compress

prevents logrotate from compressing log files when they are rotated. Compression is enabled by removing the comment (#) from this line.

Using the include option
The include option allows the administrator to take log file rotation information, which may be installed in several files, and use it in the main configuration file. When logrotate finds the include option on a line in logrotate.conf, the information in the file specified is read as if it appeared in /etc/logrotate.conf.

Line 13 in /etc/logrotate.conf
include /etc/logrotate.d

tells logrotate to be read in the log rotation parameters, which are stored in the files contained in the /etc/logrotate.d directory. The include option is very useful when RPM packages are installed on a system. RPM packages’ log rotation parameters will typically install in the /etc/logrotate.d directory.

The include option is important. Some of the applications that install their log rotation parameters to /etc/logrotate.d by default are apache, linuxconf, samba, cron, and syslog. The include option allows the parameters from each of these files to be read into logrotate.conf.

Using the include option in /etc/logrotate.conf allows the administrator to configure a rotation policy for these packages through a single configuration file.

Using include to override defaults
When a file is read by /etc/logrotate.conf, the rotation parameters specified in the include will override the parameters specified in the logrotate file. An example of /etc/logrotate.conf being overridden is shown below:
#Log rotation parameters for linuxconf
/var/log/htmlaccess.log
{ errors jim
notifempty
nocompress
weekly
prerotate
/usr/bin/chattr -a /var/log/htmlaccess.log
endscript
postrotate
/usr/bin/chattr +a /var/log/htmlaccess.log
endscript
}
/var/log/netconf.log
{ nocompress
monthly
}

In this example, when the /etc/logrotate.d/linuxconf file is read by /etc/logrotate.conf, the following options will override the defaults specified in /etc/logrotate.conf:
Notifempty
errors jim

The nocompress and weekly options do not override any options contained in /etc/logrotate.conf.

Setting parameters for a specific file
Configuration parameters for a specific file are often required. A common example would be to include a section in the /etc/logrotate.conf file to rotate the /var/log/wtmp file once per month and keep only one copy of the log. When configuration is required for a specific file, the following format is used:
#comments
/full/path/to/file
{
option(s)
}

The following entry would cause the /var/log/wtmp file to be rotated once a month, with one backup copy retained:
#Use logrotate to rotate wtmp
/var/log/wtmp
{
monthly
rotate 1
}
Although the opening bracket may appear on a line with other text or commands, the closing bracket must be on a line by itself.
Using the prerotate and postrotate options
The section of code below shows a typical script in /etc/logrotate.d/syslog. This section applies only to /var/log/messages. On a production server, /etc/logrotate.d/syslog would probably contain similar entries.
/var/log/messages
{
prerotate
/usr/bin/chattr -a /var/log/messages
endscript
postrotate
/usr/bin/kill -HUP syslogd
/usr/bin/chattr +a /var/log/messages
endscript
}

The format for this script uses the following methods:

• The first line, /var/logmessages, declares the file for which this script will be used.
• The curly braces,{ }, are used to enclose the entire script. All commands contained within these braces will be run on the /var/log/messages file.
• The prerotate command specifies actions to be taken prior to the file being rotated by logrotate.
• The command /usr/bin/chattr -a is run to remove the append-only attribute from /var/log/messages.
• The endscript command marks the end of the prerotate portion of this script.
• The next line, postrotate, specifies the following commands are to be run on /var/log/messages after the file has been rotated by logrotate.
• The command /usr/bin/killall -HUPsyslogd is run to reinitiate the system logging daemon, syslogd.
• The next command, /usr/bin/chattr +a /var/log/messages, reassigns the append-only attribute to the /var/log/messages file. This means the file may only be seen in append mode. This prevents the file from being overridden by any other program or user.
• The endscript command appears on a line by itself and marks the end of the postrotate portion of this script.
• The last curly brace,}, marks the end of commands to be applied to the /var/log/messages file.

Running logrotate
There are three steps involved in running logrotate:

1. Identify the log files on your system.
2. Create rotation schedules and parameters for the log files.
3. Run logrotate through the cron daemon.

The code below shows the default cronjob shipped with Red Hat Linux to allow logrotate to run daily:
#/etc/cron.daily/logrotate
#! /bin/sh

/usr/sbin/logrotate /etc/logrotate.conf

This cronjob allows logrotate to run daily with the rotation parameter specified in /etc/logrotate.conf.

Conclusion
Log rotation is the first step in log file management. The logrotate utility provides the Linux administrator with the ability to maintain a log file rotation policy and to retain copies of log files to assist in establishing patterns related to system usage. In this Daily Drill Down, we looked at the installation and configuration of logrotate, used the include option to read configuration files related to RPM packages, and ran logrotate as a cronjob. We also discussed the proper methods for restarting logrotate after the log rotation procedure is completed.
The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.