nk23x
11/13/2013 - 10:25 AM

Notes on LPIC ADM2 Training (11/2013)

Notes on LPIC ADM2 Training (11/2013)

 = LPIC ADM2 =

<toc>

== # rsyslogd ==

=== # links ===
* http://blog.gerhards.net/2012/10/rate-limiting-in-rsyslog-732.html
* http://www.rsyslog.com/doc/manual.html
* http://www.rsyslog.com/using-the-syslog-receiver-module/
* http://www.rsyslog.com/using-the-text-file-input-module/
* http://www.rsyslog.com/tls-secured-syslog-via-relp/
* http://www.rsyslog.com/actions-with-directives/
* http://www.rsyslog.com/writing-specific-messages-to-a-file-and-discarding-them/
* http://www.rsyslog.com/discarding-unwanted-messages/
* http://www.rsyslog.com/how-to-write-to-a-local-socket/
* http://www.rsyslog.com/storing-and-forwarding-remote-messages/
* http://www.rsyslog.com/sending-messages-to-a-remote-syslog-server/
* http://www.rsyslog.com/storing-messages-from-a-remote-system-into-a-specific-file/
* http://www.rsyslog.com/receiving-messages-from-a-remote-system/
* http://www.rsyslog.com/faq/
* http://wiki.rsyslog.com/index.php/Configuration_Samples

=== # rsyslog.conf ===
Debian Pakete: rsyslog, rsyslog-doc

<pre>
### /etc/rsyslog.conf

$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog   # provides kernel logging support
# $ModLoad immark  # provides --MARK-- message capability

$ModLoad imudp
$UDPServerRun 514

$ModLoad imtcp
$InputTCPServerRun 514

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022

$WorkDirectory /var/spool/rsyslog

$IncludeConfig /etc/rsyslog.d/*.conf

## REMOTE LOGGING
## ... via tcp
*.*   @@172.16.11.155:514
## ... via udp
# *.*  @other-server.example.net:10514

## LOG REMOTE MESSAGES
## ... using Template
# $template PerHostLog,"/var/log/%HOSTNAME%.log"
$template PerHostLog,"/var/log/%fromhost-ip%.log"
## ... but log all local5.* to /var/log/messages
# local5.*  /var/log/messages
## ... and all remote to ?PerHostLog
if $fromhost-ip startswith '172.16.11.' then -?PerHostLog
& ~

*.*;auth;cron.*;daemon.*;\
    kern.*;user.*;\
    authpriv.*;authpriv.none            -/var/log/messages

mail.info                       -/var/log/mail.info
mail.warn                       -/var/log/mail.warn
mail.err                        /var/log/mail.err

*.=debug;\
        auth,authpriv.none;\
        news.none;mail.none     -/var/log/messages
*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none          -/var/log/messages

*.emerg                         :omusrmsg:*
</pre>


== # dmesg ==
<pre>
dmesg -T, --ctime  show human readable timestamp
dmesgt -l [3-6]

root@dell-990-318:/home/sts/download# dmesg  -l 3 -T
[Di Nov  5 08:27:46 2013] pnp 00:0a: can't evaluate _CRS: 12311
[Di Nov  5 08:27:51 2013] Error: Driver 'pcspkr' is already registered, aborting...
[Di Nov  5 08:27:51 2013] [drm:radeon_pci_probe] *ERROR* radeon kernel modesetting for R600 or later requires firmware-linux-nonfree.
</pre>

== # ssh ==
...

== # tcp/ip ==
s. Fastlane Handbuch 2.3
* aufbau ip pakete
* protokolle (udp, tcp)

=== # Ergänzung zu adm2/0300-netconfig.html#%2812%29 ===

To enable temporary addresses and make them preferred for outgoing connections:

  sysctl net.ipv6.conf.all.use_tempaddr=2

To enable temporary address generation, but keep the old (Autoconf) address as preferred:

  sysctl net.ipv6.conf.all.use_tempaddr=1

The all part can be replaced with a specific interface name; e.g. net.ipv6.conf.eth0.use_tempaddr.
I used ip link set eth0 down && ip link set eth0 up to force an address assignment, but you can
just wait a minute for the next periodic Router Advertisement.

siehe auch http://netaddict.de/howtos:ipv6

== # xinetd mit vsftpd ==
<pre>

useradd ftpsecure -g users

mkdir /srv/ftp/data
mkdir /srv/ftp/data/alle
mkdir /srv/ftp/data/sta

chown -R :users /srv/ftp/data/alle
chmod g+w /srv/ftp/data/alle
chown -R sts:users /srv/ftp/data/sts

/srv/ftp
└── [drwxr-xr-x root     users   ]  /srv/ftp/data
    ├── [drwxr-xr-x sts      users   ]  /srv/ftp/data/sts
    └── [drwxrwxr-x root     users   ]  /srv/ftp/data/alle



### /etc/xinetd.d/ftp
service ftp
{
   socket_type = stream
   wait = no
   user = root
   server = /usr/sbin/vsftpd
   log_on_success += HOST DURATION
   log_on_failure += HOST
   disable = no
}

### /etc/vsftpd.conf
listen=NO
listen_ipv6=NO
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
idle_session_timeout=600
data_connection_timeout=120
chroot_local_user=YES
ls_recurse_enable=YES
local_root=/srv/ftp/data
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem

</pre>