Created
November 13, 2013 10:25
-
-
Save nk23x/7446839 to your computer and use it in GitHub Desktop.
Notes on LPIC ADM2 Training (11/2013)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
= LPIC ADM2 = | |
<toc> | |
== # rsyslogd == | |
=== # links === | |
* http://blog.gerhards.net/2012/10/rate-limiting-in-rsyslog-732.html | |
* http://www.rsyslog.com/doc/manual.html | |
* http://www.rsyslog.com/using-the-syslog-receiver-module/ | |
* http://www.rsyslog.com/using-the-text-file-input-module/ | |
* http://www.rsyslog.com/tls-secured-syslog-via-relp/ | |
* http://www.rsyslog.com/actions-with-directives/ | |
* http://www.rsyslog.com/writing-specific-messages-to-a-file-and-discarding-them/ | |
* http://www.rsyslog.com/discarding-unwanted-messages/ | |
* http://www.rsyslog.com/how-to-write-to-a-local-socket/ | |
* http://www.rsyslog.com/storing-and-forwarding-remote-messages/ | |
* http://www.rsyslog.com/sending-messages-to-a-remote-syslog-server/ | |
* http://www.rsyslog.com/storing-messages-from-a-remote-system-into-a-specific-file/ | |
* http://www.rsyslog.com/receiving-messages-from-a-remote-system/ | |
* http://www.rsyslog.com/faq/ | |
* http://wiki.rsyslog.com/index.php/Configuration_Samples | |
=== # rsyslog.conf === | |
Debian Pakete: rsyslog, rsyslog-doc | |
<pre> | |
### /etc/rsyslog.conf | |
$ModLoad imuxsock # provides support for local system logging | |
$ModLoad imklog # provides kernel logging support | |
# $ModLoad immark # provides --MARK-- message capability | |
$ModLoad imudp | |
$UDPServerRun 514 | |
$ModLoad imtcp | |
$InputTCPServerRun 514 | |
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat | |
$FileOwner root | |
$FileGroup adm | |
$FileCreateMode 0640 | |
$DirCreateMode 0755 | |
$Umask 0022 | |
$WorkDirectory /var/spool/rsyslog | |
$IncludeConfig /etc/rsyslog.d/*.conf | |
## REMOTE LOGGING | |
## ... via tcp | |
*.* @@172.16.11.155:514 | |
## ... via udp | |
# *.* @other-server.example.net:10514 | |
## LOG REMOTE MESSAGES | |
## ... using Template | |
# $template PerHostLog,"/var/log/%HOSTNAME%.log" | |
$template PerHostLog,"/var/log/%fromhost-ip%.log" | |
## ... but log all local5.* to /var/log/messages | |
# local5.* /var/log/messages | |
## ... and all remote to ?PerHostLog | |
if $fromhost-ip startswith '172.16.11.' then -?PerHostLog | |
& ~ | |
*.*;auth;cron.*;daemon.*;\ | |
kern.*;user.*;\ | |
authpriv.*;authpriv.none -/var/log/messages | |
mail.info -/var/log/mail.info | |
mail.warn -/var/log/mail.warn | |
mail.err /var/log/mail.err | |
*.=debug;\ | |
auth,authpriv.none;\ | |
news.none;mail.none -/var/log/messages | |
*.=info;*.=notice;*.=warn;\ | |
auth,authpriv.none;\ | |
cron,daemon.none;\ | |
mail,news.none -/var/log/messages | |
*.emerg :omusrmsg:* | |
</pre> | |
== # dmesg == | |
<pre> | |
dmesg -T, --ctime show human readable timestamp | |
dmesgt -l [3-6] | |
root@dell-990-318:/home/sts/download# dmesg -l 3 -T | |
[Di Nov 5 08:27:46 2013] pnp 00:0a: can't evaluate _CRS: 12311 | |
[Di Nov 5 08:27:51 2013] Error: Driver 'pcspkr' is already registered, aborting... | |
[Di Nov 5 08:27:51 2013] [drm:radeon_pci_probe] *ERROR* radeon kernel modesetting for R600 or later requires firmware-linux-nonfree. | |
</pre> | |
== # ssh == | |
... | |
== # tcp/ip == | |
s. Fastlane Handbuch 2.3 | |
* aufbau ip pakete | |
* protokolle (udp, tcp) | |
=== # Ergänzung zu adm2/0300-netconfig.html#%2812%29 === | |
To enable temporary addresses and make them preferred for outgoing connections: | |
sysctl net.ipv6.conf.all.use_tempaddr=2 | |
To enable temporary address generation, but keep the old (Autoconf) address as preferred: | |
sysctl net.ipv6.conf.all.use_tempaddr=1 | |
The all part can be replaced with a specific interface name; e.g. net.ipv6.conf.eth0.use_tempaddr. | |
I used ip link set eth0 down && ip link set eth0 up to force an address assignment, but you can | |
just wait a minute for the next periodic Router Advertisement. | |
siehe auch http://netaddict.de/howtos:ipv6 | |
== # xinetd mit vsftpd == | |
<pre> | |
useradd ftpsecure -g users | |
mkdir /srv/ftp/data | |
mkdir /srv/ftp/data/alle | |
mkdir /srv/ftp/data/sta | |
chown -R :users /srv/ftp/data/alle | |
chmod g+w /srv/ftp/data/alle | |
chown -R sts:users /srv/ftp/data/sts | |
/srv/ftp | |
└── [drwxr-xr-x root users ] /srv/ftp/data | |
├── [drwxr-xr-x sts users ] /srv/ftp/data/sts | |
└── [drwxrwxr-x root users ] /srv/ftp/data/alle | |
### /etc/xinetd.d/ftp | |
service ftp | |
{ | |
socket_type = stream | |
wait = no | |
user = root | |
server = /usr/sbin/vsftpd | |
log_on_success += HOST DURATION | |
log_on_failure += HOST | |
disable = no | |
} | |
### /etc/vsftpd.conf | |
listen=NO | |
listen_ipv6=NO | |
anonymous_enable=NO | |
local_enable=YES | |
write_enable=YES | |
local_umask=022 | |
dirmessage_enable=YES | |
use_localtime=YES | |
xferlog_enable=YES | |
connect_from_port_20=YES | |
xferlog_file=/var/log/vsftpd.log | |
xferlog_std_format=YES | |
idle_session_timeout=600 | |
data_connection_timeout=120 | |
chroot_local_user=YES | |
ls_recurse_enable=YES | |
local_root=/srv/ftp/data | |
secure_chroot_dir=/var/run/vsftpd/empty | |
pam_service_name=vsftpd | |
rsa_cert_file=/etc/ssl/private/vsftpd.pem | |
</pre> | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment