Larry’s Things .net

Here’s what I did in order to install Windows 7 on an OQO O2 that also has Win XP and Linux - with LILO handling the MBR.1 - make sure Vista OS is updated to SP1 - note - the windows update did not seem to install sp1 properly. I had to manually download and install the SP1 package.2 - use whatever means you feel comfortable to backup the MBR, i.e. DD in linux. use google to search for “backup MBR” . Make sure it is saved onto removable media that is accessible from either windows or linux.3 - install the windows 7 from the DVD . Factor around over 2 hours for the install to complete.4 - At this point the original LILO mbr has been wiped out. A huge caveat for those people using dual boot on an oqo with linux. The windows 7 upgrade will trash the LILO/grub boot sector! Make sure you back up your mbr/boot sector before upgrading to windows 7! Luckily, I’ve made a backup of it… It’s just a matter of restoring the mbr and things should be back to normal. What I’ll do before restoring, is to also make a backup of the current windows 7 installation and mbr before doing the restore, just in case things go horribly wrong. Boot using Knoppix or Backtrack Linux, and use the dd if=mbrbackup of=/dev/hdc bs=512 count=1 .After installation, the atheros wifi driver did not work. At first, the wifi needed to be manually started (enabled), which is strange. It seemed to connect to the wifi base station and also retrieved the dhcp address, however pinging the gateway did not work. The ethernet was working though, so I used that to connect to windows update and updated the atheros driver that was available from there. Once installed, the driver needed to be “enabled” , and it connected to the internet with no problems after that. So far, windows 7 on a standard issue oqo o2 seems to be a huge improvement over vista. Much faster response and usability speeds.Problems with Windows 7 on OQO O2Some issues I’ve found so far:- the Atheros AR500 wifi driver needs to be manually enabled after every reboot- the brightness controls work - however the original OQO brightness bar that used to show up is now gone- how windows 7 handles connections to wifi is maddeningly confusingUpdate:  Jan 5, 2009I waited until now before trying to install the OQO Manager software.   Some notes:   The trackstick stops working after installing the OQO Manager software…   the problem is that the manager software defaults the trackstick to “less” sensitivity.  The solution is to go to control panel –> OQO settings –> Trackstick , and move the slider bar to more sensitivity.    You’ll need to connect a usb mouse previously in order to do this though.

copied from LinuxJournal.com

by A. Naro

Method #1: Manually split the command line arguments into smaller bunches.

Example 1

[user@localhost directory]$ mv [a-l]* ../directory2

[user@localhost directory]$ mv [m-z]* ../directory2

Method #2: Use the find command.

Example 2

[user@localhost directory]$ find $directory -type f -name '*' -exec mv
{} $directory2/. ;

Method #3: Create a function. *

Example 3a

function large_mv ()
{       while read line1; do
                mv directory/$line1 ../directory2
        done
}
ls -1 directory/ | large_mv

Example 3b

function larger_mv ()
{       while read line1; do
                md5sum directory/$line1 >>  ~/md5sums
                ls -l directory/$line1 >> ~/backup_list
                mv directory/$line1 ../directory2
        done
}
ls -1 directory/ | larger_mv

Example 3b demonstrates how you easily can get an md5sum and a backup listing of each file before moving it.

Method #4: Recompile the Linux kernel. **This last method requires a word of caution, as it is by far the most aggressive solution to the problem. It is presented here for the sake of thoroughness, since it is a valid method of getting around the problem. However, please be advised that due to the advanced nature of the solution, only experienced Linux users should attempt this hack. In addition, make sure to thoroughly test the final result in your environment before implementing it permanently.

One of the advantages of using an open-source kernel is that you are able to examine exactly what it is configured to do and modify its parameters to suit the individual needs of your system. Method #4 involves manually increasing the number of pages that are allocated within the kernel for command-line arguments. If you look at the include/linux/binfmts.h file, you will find the following near the top:

/*
 * MAX_ARG_PAGES defines the number of pages allocated for   arguments
 * and envelope for the new program. 32 should suffice, this gives
 * a maximum env+arg of 128kB w/4KB pages!
 */
#define MAX_ARG_PAGES 32

In order to increase the amount of memory dedicated to the command-line arguments, you simply need to provide the MAX_ARG_PAGES value with a higher number. Once this edit is saved, simply recompile, install and reboot into the new kernel as you would do normally.

On my own test system I managed to solve all my problems by raising this value to 64. After extensive testing, I have not experienced a single problem since the switch. This is entirely expected since even with MAX_ARG_PAGES set to 64, the longest possible command line I could produce would only occupy 256KB of system memory–not very much by today’s system hardware standards.

The advantages of Method #4 are clear. You are now able to simply run the command as you would normally, and it completes successfully. The disadvantages are equally clear. If you raise the amount of memory available to the command line beyond the amount of available system memory, you can create a D.O.S. attack on your own system and cause it to crash. On multiuser systems in particular, even a small increase can have a significant impact because every user is then allocated the additional memory. Therefore always test extensively in your own environment, as this is the safest way to determine if Method #4 is a viable option for you.

- I suspect that the clamav connection problem was due to an incorrect DNS setting in both /etc/resolv.conf and in assp.cfg .

More pam_mount craziness - using pam_mount v 0.18 on Fedora 7

Situation:  Everything is ok in joining with the ADS, and authenticating with ADS works perfectly.    However, I have it so that depending on the user, it will mount to a different physical server, so my pam_mount.conf file looks something like this:

volume @groupa cifs serverdata8.ad.servergroup.com groupa /home/&/serverdata8 uid=& - -
volume @groupb cifs serverdata4.ad.servergroup.com groupb /home/&/serverdata4 uid=& - -
volume @groupc cifs serverdata1.ad.servergroup.com groupc /home/&/serverdata1 uid=& - -

So a user logging in and belonging to groupb will skip the first line , execute the second, and skip the third line.

This worked fine on my other linux machines of the same configuration.  However, on this one, I can log on fine, but it never matches the user to the correct groupX and ends up skipping everything.  Checking and double checking, recompiling pam_mount, was to no avail.   Removing the @groupa to a * so that it looks like this:

volume * cifs serverdata8.ad.servergroup.com groupa /home/&/serverdata8 uid=& - -

Works fine.

Finally, the solution was that the user I had already existed in /etc/passwd …  so when you log in to an ADS account that also matches exactly with an account in /etc/passwd , it will end up skipping any conditionals you defined for the @groupX . 

sigh…

[unfinished - work in progress] 

 Preparing a fedora 7 linux computer for stereo molecular modelling.

1) install all linux updates

• yum update

2) Disable selinux

3) Get Livna rpm for fedora 7 - this will allow yum to automatically connect to the livna repositories

• rpm -iv http://rpm.livna.org/livna-release-7.rpm

4) Install livna nvidia drivers - Assuming the installed hardware has a stereo capable nvidia card

• yum install kmod-nvidia

5) set up xorg.conf files - can use nvidia-xconfig command for more userfriendly autoconfig.

Livna display configuration - disable all (gdm etc)

If using sbgrid, copy /programs from a donor computer.

6) In the file /etc/csh.cshrc , add this line to the end of the file:

source /programs/labcshrc

This will allow for the sbgrid programs to be called upon from anywhere.

Test with coot

command to find any changed or added files

find / -type f -mtime 1 | more

There are numerous apps to do that kind of stuff. ‘chkrootkit’ for one, to check for rootkits. ‘afick’ is a file integrity checker that runs as a cron job, or ‘check-packages’ which is an older, simple script

Install Ossec (just run the script) and the ossec wui (copy to web document root, chmod 665 and then in /etc/group add httpd to the ossec group. Just google ossec

it will give you rootkit hunting, integrity checking, it will look through log files also for things such as brute force attacks and so on and can also use active response for active blocking. A wonderful tool and a great way to search through logs as you can search for all events related to multiple authentication failures and so on or by the alert level. A very nice tool.
 

- as with all things linux - documentation is sparse and scattered all over the place.  And don’t give me this “oh, linux is open source and there’s documentation covering everything” crap.   Yeah, that’s when things are working properly, and you’re using a common distro, with older builds of subcomponents.   Once you get something new into the mix, something breaks or you get into the dependency spiral of death.    Anyways, my most recent attempt at self flagellation with linux has been to use the newest version of pam_mount with Fedora 9.   I have to admit that this time, the rpms for pam_mount actually worked and connecting to the AD server was not too bad.   The hell part came when I logged in via gdm with an AD user, and the gnome desktop controls were missing , along with all the gconf permission denied errors.   Logging in via text shell was ok, and mounting to the home directory on a samba server worked ok….   Only thing was the stupid gnome gdm login.   Spent hours looking at various combinations of pam_mount.conf.xml and the smb.conf files, until I finally looked in /tmp .   In /tmp, there were all these gconf* , orbit* , pulse*, virtual* files , and I just needed to delete them in order to log into gnome properly.   yeesh….

Procedure is based on CentOS 4.6, and if noted , Fedora 7. 

First - download pam_mount from sourceforge. - use source whenever possible!!!  must match kernel!  My attempts to use pre-made rpms resulted in much frustration - you have been warned.  

However, I’ve found the Fedora 7 pam_mount rpms, and it seems to work well.    Wrong, stupid rpms don’t automount properly.   Use version 0.18 sources!   Later versions use xml for the configuration files, which I don’t have time to figure out at the moment.   I tried to get the new version to work with Fedora 7 with little success.   Try at your own risk.

- Get kernel headers update

- Kernel-headers-2.6.18-8.1.3.el5.i386.rpm

Make install

- important note, Pmvarrun is in the wrong location.   Should be in /usr/sbin/ not /usr/local/sbin/

- mv /usr/local/bin/pmvarrun /usr/sbin/

- the fedora 7 rpm does not have this pmvarrun location problem.    

 -otherwise passwords do not get passed to other modules properly , i.e. does not auto mount properly

-activate winbind authentication 

to join to domain

Also use:

net ads status

net ads info

to check if it joined properly.

-must sometimes reboot in  order to see if changes worked

- restarting winbind/smb service does not work all the time

-  make backups of all .conf and pam.d files- backup /etc

In PAM_MOUNT.CONF

- disable debug mode in /etc/security/pam_mount.conf

Comment out options_allow nosuid,nodev ………. In volumes section:

Or group specific:

Volume @adsgroup1 cifs servername adsgroupsharename /home/&/labdata8 uid=& - -

Change cifsmount /bin/mount to /sbin/mount.cifs

/etc/pam.d/gdm

#%PAM-1.0

auth required pam_stack.so service=system-auth

auth required pam_nologin.so

auth sufficient pam_timestamp.so

auth optional pam_mount.so use_first_pass

account required pam_stack.so service=system-auth

password required pam_stack.so service=system-auth

session required pam_stack.so service=system-auth

session required pam_loginuid.so

session optional pam_timestamp.so

# session optional pam_selinux.so

session optional pam_console.so

session optional pam_mount.so 

———————————————————————————————-

/etc/pam.d/login

#%PAM-1.0auth required pam_securetty.soauth required pam_stack.so service=system-auth

# session required pam_selinux.so close

session required pam_stack.so service=system-auth

session required pam_loginuid.so

session optional pam_console.so

# pam_selinux.so open should be the last session rule

#session required pam_selinux.so open session optional pam_mount.so

#============================ Share Definitions ==============================/etc/samba/smb.conf

Edit /etc//pam.d/system-auth last!!

In /etc/samba/smb.conf

Must add this in “Share Definitions” section

template homedir = /home/%U

SMB.CONF   (internal note - make changes or copy from another preconfigured computer)