original in nl Jeffry Degrande
nl to en Floris Lambrechts
This is the second part of this series. After the installation in Part I, the author now describes a couple of basic configuration tasks in his favorite distribution. He talks about the configuration of X, user management, compiling kernels, using LILO, and some basic system security.
It is an article for non-experienced Linux users who wish to learn more about their system.
I'll (try to) explain the following:
It's all information that you can find at many other places, but I'll try to explain it by using the tools that slackware provides.
I assume that you have installed the packages for a X system. We also assume that for example your mouse is working now. Minor problems can always occur and I can't describe them all because I don't know what they are and there simply are way too many (however, feel free to mail me about them.) Let's go on :) To configure X you can choose between two programs in slackware, XF86Setup and XF86Config. The main difference is, that the one runs in the console and the other one does it the graphical way. The choice is up to you :)
We will use XF86Setup (the graphical one, and the most convenient). First we configure the mouse. Usually, it is enough to just choose the right protocol and select /dev/mouse as the device. If you don't have 3 buttons on your rodent, I advise you to use the option "Emulate3buttons". (This makes clicking both mouse buttons at the same time equal to the missing middle mouse button).
In the next screen you choose your keyboard layout. I myself choose "Belgian" and of course specified the type I have. Naturally this is different for many of us. A click on "apply" and we go on...
Now we configure our video card. Click on "card list" and look for your card. Click on "detailed setup" and check if everything is ok. Most of the time, it is enough to set everything to "probed". Maybe you'll have to tweak it a bit. If everything is set up, we go to the next screen that deals with your monitor.
Here you have to define the maximum resolution that your monitor can handle. Consult monitor's manual, if in doubt. On the next screen you set your resolution and the amount of color that your video card can handle (Depends on the amount of video ram you have).
In the last screen, you can alter some generic settings. They are mostly self explanatory. Click on "done" to return to the console.
Now, the big moment. Type "startx" and let's hope your graphical environment starts up nicely.
You can change to another window manager by editing the file .xinitrc in your homedir. (to use KDE for example, you add "startkde".) This is different for every window manager, but you'll find everything you need in the documentation.
Notice: More information about configuring X is in the XFree86-HOWTO.
First, make sure you have the kernel sources installed. The sources of 2.2.13 can be found on the cd. You can install them with "installpkg packagex.tgz" (make sure you also install the include files, they are in the same directory). The sources will be in /usr/src/linux-2.2.13. You also have /usr/src/linux , this is only a link to linux-2.2.13 , but it's nice to have it (if you lost the link for some reason, you can make it with
ln -s /usr/src/linux-2.2.13 /usr/src/linuxTo configure the kernel, you go to /usr/src/linux. Now you have three options. You can use the X interface (make xconfig), you can do it on the console (make menuconfig) or you can do it the hard way and just type "make config". You have to do one of these three, so either "make xconfig", "make menuconfig" or "make config".
From now on, the configuration depends on you. My system is not the same as yours (e.g. maybe you have scsi, and I don't :-( .) It's impossible for me to tell you what you need and don't need. And of course there's always the help function that informs you on everything. I'm convinced that you know your system well enough so that this can't be a real problem :) .
When you're done, close everything nicely and on the prompt type the following:
make dep make clean <- I find this not necessary myself, but the books say you have to do it, you can do as you like of course make bzlilo <- Of course there are other options here, but I always do it like this, it gives you a compressed kernel that's installed by lilo right away. make modules <- If you have configured some stuff as modules make modules_install <- if you actually want to _use_ the modules :)If this is your first time, then it's best to do every step on it's own and check for error messages. If you're more confident then you can do
make dep bzlilo modules modules_installall at once and go for a cup of coffee ;)
Configuring and compiling your own kernel really isn't more than that.
If you use bzlilo two new files are generated: vmlinuz and System.map. If these files already exist then the old copies will be renamed to vmlinuz.old and System.old. You can use them as a backup like this:
(in /etc/lilo.conf) image = /boot/vmlinuz.old root=/dev/hda5 label = stableNotice: whatever configuration like this comes first in /etc/lilo.conf will determine the boot order (Don't put this one first...)
A problem that I've seen occur a couple of times, is that make bzlilo puts the vmlinuz and the System.map in / while lilo.conf points to /boot/vmlinuz (as you can see in the config: image=...) Now there are two possibilities; either you move /vmlinuz to /boot/vmlinuz or else you change lilo.conf. Either way, you'll have to run lilo after it (type lilo).
Next you reboot and now you are using your new kernel. (You can check this with uname -a )
Notice: More information in the Kernel-HOWTO.
Because Linux is a multi user system, and because constantly working as root is advised against by everyone, including me (a normal user has less chance to brake stuff because he simply hasn't the right to break it.), we are going to add normal users to our system. To do so, Slackware has provided a nice little script:
# adduser Login name for new user (8 characters or less) : <- Here you type a new login name User id for blaat [ defaults to next available]: <- Just hit enter Initial group for blaat [users]: <- The group of your new user Additional groups for blaat (separated with commas, no spaces) : <- Additional groups that the user is member of blaat's home directory [/home/blaat]: <- The homedir (usually /home/username) blaat's shell [/bin/bash]: <- His shell blaat's account expiry date (YYYY-MM-DD) : <- When the account expires (if you enter nothing, the account never expires)Then you get some summary info where you can choose to go on (ENTER) or to quit (CTRL-C).
Changing the user information for blaat Enter the new value, or press return for the default Full Name : <- His name Room Number : <- The office he is in Work Phone : <- Phone number Home Phone : <- Yeah, duh, do this ;)To finish, you have to give the new user a password so that he can log in.
Changing password for blaat Enter the new password (minimum of 5, maximum of 127 characters) Please use a combination of upper and lower case letters and numbers. New password: Re-enter new password: Password changed. Done... buffy login: blaat Password: Linux 2.2.14. No mail. I have seen the future and it is just like the present, only longer. -- Kehlog Albran buffy:~$ whoami blaatHeyhey, we now have a new user.
You can remove users with "userdel". The user has to be logged out for this!
buffy:/var/log# userdel blaat userdel: user blaat is currently logged in(Blaat is gone... let's say we helped him a bit ;)
buffy:/var/log# userdel blaat buffy:/var/log#And see, the account is gone!
This section is for those who still surf with a traditional
modem. Cable and ISDN is something I haven't had a chance to
configure to (~!@$# cable company! @#$%^ telephone company !)
Also, I assume you are using a modem that is compatible with Linux. (TIP: www.altavista.com "+type of modem +linux").
To setup your ppp-connection slackware has yet another script.
# pppsetupIn the first screen you have to enter the telephone number of your ISP, preceded by atdt or atpt (example is above).
Next you are asked what port your modem is connected to (the ms-dos name is listed next to it).
Then they ask for the speed of your modem. We scroll a bit, but in the end we still choose the most realistic value ;).
Now, you configure whether you use call back. Set this to NO because -to my knowledge- no (Belgian) provider does this. (I'd let them if the wanted to however ;).
If you want to set another initstring then you can do so in the next screen. After that, enter the domain name of your provider (e.g. uunet.be for uunet, planetinternet.be for planet ...)
Next the IP address of your provider's DNS server. You can find this somewhere, somehow (settings of windblows maybe?)
Next you choose the type of authentication (try PAP, most ISP's support it, and you really don't want to use SCRIPT unless you really need it).
Now set the username ...
... and the password.
Now you get an overview of what has happened and which files have changed.
You can start the connection with
# ppp-goDisconnect with
Besides of making your system work, it is also important to have some basic security. I can't really touch this issue thoroughly because it is too wide. I point you to the Security-HOWTO (a must-read!)
But I am going to tell you how to make sure that nobody can come in from the outside.
All services are run from a kind of "Superserver" , called inetd. With the following command you can check what services are running on your system:
# netstat -tua | grep LISTENThe inetd gets its settings in /etc/inetd.conf . Open this file with your favorite editor and you see lines like
#telnet stream tcp nowait root /usr/sbin/tcpd in.telnetdThe #hash# at the beginning of a line indicates whether a service is either open or closed. If the hash is there, then the service is closed. If it's not there, the service is running.
So the previous line (the telnet daemon) is closed. If it would have been
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetdThen telnet would be running. Try
# telnet localhost 23and see what happens.
So put a # at every line (if you're sure you need the service, then leave it open of course!).
Start inetd again like this:
# killall -HUP inetdDo again
# netstat -tua |grep LISTENto check if the changes are really executed.
Two files that you also should change are /etc/hosts.allow and /etc/hosts.deny .
Every time a connection is requested, hosts.allow is checked. If the connection is listed there, then hosts.deny is checked. If it's not in there, the connection gets accepted. This is of course not efficient.
It would be better like this: is it in hosts.allow? Yes? Ok, accept it. No? Sorry, but we don't accept it because it is listed in hosts.deny.
You can set this up by adding this line to /etc/hosts.allow :
ALL : 127.0.0.1 <- 127.0.0.1 is the loopback device, actually you (we're not going to block ourselves!)in /etc/hosts.deny we put
ALL : ALLNotice: the format of the file is like this:
<service type> : <address>ALL : ALL means as much as "all connections from outside this computer"
Now connections are not that easily accepted.
Of course, remember that this is very basic! You need to do a lot more to really secure your system. As I said at the start of this chapter you are advised to read the Security-HOWTO.