Quick guide to enabling DAG repos on a RHEL3 box
As root:
wget http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
rpm –import RPM-GPG-KEY.dag.txt
wget http://dag.wieers.com/packages/apt/apt-0.5.15lorg3-1.el3.rf.i386.rpm
rpm -ivh apt-0.5.15lorg3-1.el3.rf.i386.rpm
echo ‘rpm http://apt.sw.be redhat/el3/en/i386 dag’ > /etc/apt/sources.list.d/dag.list
apt-get update
Adding squashfs support into RedHat Enterprise Linux 3 U3
Squashfs must be patched and compiled into the kernel. There is no module available from RedHat or anywhere else on the web, at least not that I’ve been able to find.
Determine which kernel release your running with:
Uname –r
2.4.21-20.EL
Check to see if you have the kernel-sources package installed for your running kernel:
Rpm –q kernel-source
kernel-source-2.4.21-20.EL
Download the squashfs package from:
http://squashfs.sourceforge.net
untar the archive (/tmp is a great spot)
su to root and move into /usr/src/linux-2.4 (may be different on your machine)
The default kernel on RHEL3 WS U3 is 2.4.21. squashfs has not patch for this specific version, so you’ll need to use the 2.4.22 patch.
Patch the kernel with:
Patch –p1
Prepare the kernel source tree:
Make mrproper
Copy your kernel’s configuration from /boot to the kernel source:
Cp /boot/Config-version ./.config
Edit the top level Makefile and edit EXTRAVERSION to remove custom
Make oldconfig
Hit m to compile as module
Make dep
Make bzImage
Make modules
Make modules_install
Copy arch/i386/bzImage to /boot/vmlinux-version-squashfs
Mkinitrd /path/to/kernel 2.4.21-20.EL
Edit /boot/grub/grub.conf
Reboot
Building a cross-compiler on RedHat Enterpirse Linux 3 WS
First you’ll need to recompile the binutils package with the –target machines name.
For example: mips-linux, sparc-linux, etc.
The easiest way to do this is to download the source .RPM for the running version of binutils on the host system.
Rpm –q binutils (To see the current version)
Up2date –get-source binutils
Will place the .src.rpm in /var/spool/up2date
Extract the source with:
Rpm2cpio /var/spool/up2date/binutils-`version`.src.rpm | cpio –extract
Then extract the tarball with:
Tar jxvf binutils-`version` (replace j with t if your archive is a .gz)
I like to keep it clean and build outside the source, so I do:
Mkdir build-binutils && cd build-binutils
Export target=`your target here`, for example:
Export TARGET=mips-linux
Export PREFIX=/usr/local
../binutils`version`/configure –target=$TARGET –prefix=$PREFIX
If you specified an invalid target, configure will complain.
Make && make install
You should end up with some binaries prefixed with your target architecture in /usr/local/bin as well a /usr/local/`target`, with a bin and lib beneath that directory.
Next, you need glibc (or possibly uClibc).
Up2date -i
# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 180
PASS_MIN_DAYS 7
PASS_MIN_LEN 5
PASS_WARN_AGE 10
Strangely, PASS_MIN_LEN is not used, as it is overriden by what you set minlen= to for the cracklib PAM module.
These settings say:
passwords expire after 180 days
a password must be used for at least 7 days before it can be changed again
10 days before your password will expire, you will receive a notice. The notice will pop-up in a gdm window, or at the command prompt from a virtual terminal.
These settings apply to new user accounts created with adduser, and can be viewed by using the chage -l username command.
password required /lib/security/$ISA/pam_cracklib.so
retry=3 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 minlen=8
The retry means you get 3 chances to make a new password that complies to your rule until it gives up on you. Note also minlen=8 which sets the minimum password length to 8 characters.
Stuff that in your /etc/pam.d/system-auth. See my other post on how to expire a users password and make them comply to your new rule.
This example is from the system-auth file in /etc/pam.d on a RedHat Enterprise Linux machine:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
# Enables failed login counts (section 1 of 2)
auth required /lib/security/$ISA/pam_tally.so
onerr=fail no_magic_root
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
# Enables failed login counts (section 2 of 2)
account required /lib/security/$ISA/pam_tally.so
deny=5 reset no_magic_root
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow nis
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
Note in the example the module is referenced twice. Once in the auth part, and again in the account part. If you care about the details, read up on PAM. Otherwise just note it will lock out any user except root after 5 bad password attempts forever. If a user successfully logs in the counter is reset, e.g. 4 bad attempts and the 5th is successful, the tally counter is reset to 0. To view and unlock accounts, use the command pam_tally. By itself, pam_tally will show a username and the number of failed password attempts.
To unlock an account, do:
pam_tally –user username –reset
useradd username
passwd username
chage -d 0 username
Seems strange that several functions in passwd overlap with functions in chage, but expire was removed from passwd altogether.
Logged on user runs: screen
You connect and run: screen -x
Watch!
Get every new post delivered to your Inbox
Join other followers