######################################## # INSTALLATION (i.e. clean slate): # If you need a CDROM, see http://www.debian.org/CD/http-ftp/#stable and # get the "powerpc" .iso and burn that to disk; this article is using # v5 or Lenny (where "stable" in the future would be something else) # NOTE: this Mac is using SCSI drives, so much like master and slave jumper # settings for IDE (which you could always use instead of SCSI if you can't # find a spare 9.1GB SCSI drive), you'll need to worry about SCSI ID number # (i.e. when replacing, note the ID jumper physically on the drives) # # Linux is a specific operating system, that has a lot of standard commands # but also some unique quarks. I stuck to Debian because it is minimal, # good for servers (but also desktops), and seems to favor unix standards # # If you don't understand some of this or assume something might be a typo # (which it very well may be), try "man command" or a web search ######################################## Boot to the Debian CDROM (i.e. put the disk in the drive and boot up the machine holding the "c" key); and, at the "boot: " prompt, just hit Enter (i.e. "install" is the default, no need to type it in). Hit Enter, Enter, Enter (you know, English, United States, American English). Hit Enter, Enter, Enter... (you know, keep DHCP info and eastern time zone). NOTE: this machine is registered with hostmaster@pitt.edu; therefor, it gets an IP address (etc.) automatically; otherwise, you'll have to "configure network manually" (i.e. you'll get a "network autoconfiguration failed" message). Arrow down to "manual" (as opposed to one of the guided partitioning options) and Enter. You will then find yourself in one of two situations: 1) FIRST TIME ONLY (i.e. if using a pair of new/different drives; and note: if IDE, drives will start with "hd" and not "sd"): Arrow down to the "(sda) - 9.1 GB" partition (or whatever size your new sda happens to be) and hit Enter and arrow left to yes and Enter (to create a new partition on the whole disk, that all partitions will be lost), then (back at the screen with the list of all the drives) arrow down to the "FREE SPACE" under the 9.1GB drive we just selected, and hit Enter; then, Enter (to "Create a new partition"), then edit the text to make it "1.0 MB" (not "9.1 GB" or whatever the size of the disk is) and Enter, and Enter (to keep "beginning"), arrow down to "Use as:" and Enter, arrow down to "NewWorld boot partition" and Enter, arrow down to "Done setting up the partition" and Enter. Arrow down to "FREE SPACE" again and Enter, Enter (to "Create a new partition") and erase and type "8.1 GB" (or whatever the size of the drive is minus the amount of RAM you have; i.e. we have 9.1GB hdd and 1GB RAM) and Enter, Enter (to keep default of "Beginning"), arrow up to "Use as:" and Enter, arrow down to "physical volume for RAID" and Enter, arrow down to "Done setting up the partition" and Enter. Arrow down to "FREE SPACE" (for the last time) and hit Enter and Enter (to keep 1.0 GB), arrow up to "Use as" and Enter, then arrow up to "swap area" and Enter, then arrow down to "Done setting…" and Enter. Then REPEAT the above steps for "(sdb) - 9.1 GB". Now that both drives are setup the same, arrow up to "Configure software RAID" and Enter, then arrow left to "yes" and Enter (to write changes to the disks before setting up RAID, which we did above (make changes), or will always ask because of the swap space). Hit Enter (to "Create MD device"), arrow down to "RAID1" and Enter, hit Enter (to keep the number of devices to "2"), hit Enter (to keep the number of spares to "0"; but note, if you have a third SCSCI or IDE drive, you could set this to "1"), hit the space bar to add an asterisk next to "/dev/sda3", then arrow down to "/dev/sdb3" and hit space bar again (to add an asterisk inside its brackets) and Enter, Arrow down to "Finish" and Enter. Then arrow down to "#1" under "RAID1" and Enter, arrow up to "Use as:" and Enter, Enter ("Ext3 journaling file system" already selected), arrow down to "Mount point:" and Enter, Enter ("/ - the root file system" already selected), arrow down to "Done setting up the partition" and Enter, then arrow down to "Finish partitioning and write changes to disk" and Enter, arrow left to "yes" and Enter. Then at the warning (kernel may be unable to read the partition table on /dev/md0 until after a reboot), don't hit Enter (to "Continue"), just turn off the machine and reboot, and get back to this partitioning section and select "Finish partitioning…" and Enter (then skip over the next paragraph). 2) CLEAN SLATE (i.e. if upgrading to a new stable release): Arrow down to "#1" under "RAID1" and Enter, then arrow up to "Use As:" and Enter, then Enter (defaulted to "Ext3 jounaling file system"), then arrow down to "Format the partition:" and Enter (to switch it to "Yes, format it"), arrow down to "Mount point:" and Enter, Enter (to keep "/ - the root file system"), arrow down to "Done setting up the partition" and Enter, then arrow down to "Finish partitioning and write changes to disk" and Enter, arrow left to "Yes" and Enter (to write changes to disk). When prompted, type in the root password and Enter (and again), then type in your full name and Enter, username and Enter, and password and Enter (twice). When prompted to scan more cdrom images, just hit Enter (default to "no"); and again, arrow over to "no" when prompted to use a network mirror, and Enter (albeit the default and recommended is "yes"); we will add this manually later. Hit Enter when prompted about feedback (a.k.a. popularity contest), defaulted to "no". When prompted for what software to install, arrow down to "Standard system" and hit spacebar (to remove the asterisk inside the bracket) and Enter (i.e. we only want the core or base system). Hit Enter (default "/dev/sda2") to install Yaboot, and wait; then when you get "Installation complete", hit Enter (for "Continue" and don't remove the CDROM); AND, when powering up, be sure to type "c" to boot to cdrom again. At the boot menu, type "rescue" and enter and follow along as you did in the beginning; but, then after you setup the time zone, in the "Enter rescue mode" step, arrow down to "/dev/md0" and enter, then arrow up to "Execute a shell in /dev/md0" and Enter, then Enter again (waring about having to manually mount file systems). then type "vi /etc/yaboot.conf" and Enter type "j" 9 times (to move cursor to the "partition=0" line) type "l" 10 times (elle, not one, so as to highlight the "0") type "*r3" (to replace "0" with "3") type "j" 10 more times (to get to the "initrd=" line) type "*O" (capital o, not zero, to insert a line) type " " (space) 8 times (so as to indent the following:) type "append="md=0,/dev/sda3,/dev/sdb3"" (actually type the inside quotes) and Enter type " " (space) 8 times (so as to indent the following:) type "device=/pci@80000000/pci-bridge@d/ADPT,2940U2B@4/@0:" and Esc (note: the above two lines will look like it's typing over the initrd line, but really inserting a new line: screen doesn't refresh, don't worry) type ":x" and Enter (to exit and save; and note: if you think you botched anything, just type ":q!" and Enter, to quit without saving, and re-run the "vi" line above) type "cp /etc/yaboot.conf /etc/yaboot.sda.conf" and Enter type "cp /etc/yaboot.conf /etc/yaboot.sdb.conf" and Enter type "vi /etc/yaboot.sdb.conf" and Enter type "j" 8 times (to get to the "boot=" line) type "l" (elle, not one) 10 times (to move cursor to "s") type "dw" (to delete "sda2") type "a" (to append after the highlighted "/") type "sdb2" and Esc type "j" 11 times (to get to the "device=" line) type "l" until the cursor is on the last zero (second to last character) type "dw" (to delete the zero) type "i1" and Esc (to insert one; i.e. now ends with "@4/@1:") type ":x" type "ybin -C /etc/yaboot.sdb.conf" and Enter type "ybin -C /etc/yaboot.sda.conf" and Enter type "exit" and Enter Arrow down to "Reboot the system" and Enter (and sorry, this last bit of confusing text editing is necessary because of Linux on Mac nuances (; and, note: if using IDE drives, you can use generic "hd" reference, as opposed to the output from a "ofpath /dev/sda" or "ofpath /dev/sdb" from the shell prompt--that "/pci" long number that you think may have come from nowhere, but is very specific to each machine). Once rebooted (to your new system, yeah!), log in as yourself. ***ATTENTION: To check on the status of the raid set, run "sudo mdadm --detail /dev/md0" (assuming you've installed sudoers, see below). If you see "degraded", you will have to swap out the bad drive. Look in the results to identify on of the /dev/sda3 or /dev/sdb3 (assuming you are using scsi drives, if not, look for /dev/hda3 and /dev/hdb3) and see which one is labeled "faulty spare". You can also look at boot up or run "dmesg | grep raid" and look for "raid1: Disk failure on sdx3, disabling device." Then run "sudo mdadm --remove /dev/md0 /dev/sdy3" where y is a or b, whichever the failed device is above. Then, replace said drive (note: sda belongs to the scsi drive that has the lowest scsi id, and hda (ide drives) would belong to the primary jumpered or cable select jumpered and last on the ribbon cable), boot up and then run "sudo sfdisk -d /dev/sdx | sfdisk /dev/sdy" where y again is a or b but represents that old BAD drive (which should be now a good new drive), and x is a or b, whichever drive was the original or GOOD drive that you are now booted to. Next, run "sudo mdadm --add /dev/md0 /dev/sdy3" (and run "sudo mdadm --detail /dev/md0" later to verify all is well), and finally, run "ybin -C /etc/yaboot.sdy.conf", again, where y is a or b, which is the new drive (or old BAD drive). ######################################## # CONTINUE INSTALLATION (i.e. install applications): # # NOTE (from here on): # each line is command, something that you will type at the prompt and hit # Enter to execute. Lines that start with a pound sign are comments or # some bit of text to be added to files (e.g. after "pico"). Also, when # prompted "…continue [Y/n]?", just hit Enter (i.e. yes) and when prompted # to insert the Debian CD, just hit Enter (obviously insert it if not # already) ; and, USERNAME = your (or whomever's) username # # note for firewall: # "tail -f /var/log/messages" to view the last few entries and the current # system warnings being added to the log (i.e. to see blocked traffic), and # then Ctrl and "c" to cancel viewing (i.e. as opposed to seeing only a # static copy of the log using "cat /var/log/messages"); and note, this # works because we asked iptables in the second to last rule (below) to log # everything that didn't match a previous rule to the warning log (level # 4); i.e. log dropped packets. ALSO NOTE: all ports had to be allowed # (or a firewall exception had to be created) on Pitt's hardware firewall # (via email to helpdesk@pitt.edu); i.e. have to allow on the hardware # router AND software of this machine. # Also, not using /etc/host.allow or host.deny ######################################## su # type in the root password apt-get install sudo pico /etc/sudoers # add (to the bottom), just like any text editor: # User_Alias ADMINS = USERNAME # ADMINS ALL=(ALL) ALL # note for later, you can optionally add ", USERNAME2, USERNAME3" and so on # to that first line we are adding, then hold Ctrl and type "x" (to exit), # type "y" (to save), and Enter (to keep the same name). exit sudo apt-get update sudo apt-get autoremove sudo apt-get upgrade sudo apt-get install openssh-server # from here, you can use another machine, just open a terminal on whatever # remote machine and "ssh db2.neurobio.pitt.edu"; i.e. then you can copy # and paste all the following commands (note: if you copy multiple lines, # it will also copy the Enter after each line, so you can paste, which # essentially runs multiple commands! sudo iptables -A INPUT -i lo -j ACCEPT sudo iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT sudo iptables -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT sudo iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j ACCEPT sudo iptables -A INPUT -p tcp --syn -j LOG --log-prefix "SYN FLOOD DROP:" sudo iptables -A INPUT -p tcp --syn -j DROP sudo iptables -A INPUT -p icmp --icmp-type 8 -m limit --limit 1/s --limit-burst 3 -j ACCEPT sudo iptables -A INPUT -p icmp --icmp-type 8 -j LOG --log-prefix "ICMP DOS DROP:" sudo iptables -A INPUT -p icmp --icmp-type 8 -j DROP sudo iptables -A INPUT -p udp --sport 5060 -j DROP sudo iptables -A INPUT -p udp -s 136.142.57.10 --sport 53 -j ACCEPT sudo iptables -A INPUT -p tcp -s 136.142.57.10 --sport 53 -j ACCEPT sudo iptables -A INPUT -p udp -s 136.142.188.76 --sport 53 -j ACCEPT sudo iptables -A INPUT -p tcp -s 136.142.188.76 --sport 53 -j ACCEPT sudo iptables -A INPUT -p udp -s 136.142.188.73 --sport 53 -j ACCEPT sudo iptables -A INPUT -p tcp -s 136.142.188.73 --sport 53 -j ACCEPT sudo iptables -A INPUT -p tcp -s 136.142.188.121 --sport 53 -j ACCEPT sudo iptables -A INPUT -p tcp -s 136.142.15.13 --sport 53 -j ACCEPT sudo iptables -A INPUT -p tcp -s 130.49.127.11 --sport 53 -j ACCEPT sudo iptables -A INPUT -p udp -s 136.142.188.46 --sport 67 -j ACCEPT sudo iptables -A INPUT -p udp -s 136.142.57.225 --sport 137 -j ACCEPT sudo iptables -A INPUT -p udp -s 136.142.140.17 --sport 137 -j ACCEPT sudo iptables -A INPUT -p udp -s 136.142.185.225 --sport 137 -j ACCEPT sudo iptables -A INPUT -p icmp -s 136.142.3.21 --icmp-type 8 -j ACCEPT sudo iptables -A INPUT -p udp -s 130.49.237.32/27 -m multiport --sports 137,138,68 -j ACCEPT sudo iptables -A INPUT -p tcp -s 130.49.236.12 --sport 22 -j ACCEPT sudo iptables -A INPUT -p tcp -s 130.49.236.12 --dport 22 -j ACCEPT sudo iptables -A INPUT -p udp -d 130.49.236.255 -j DROP sudo iptables -A INPUT -p udp -d 255.255.255.255 -j DROP sudo iptables -A INPUT -p tcp -j LOG --log-prefix "TCP DROP:" sudo iptables -A INPUT -p udp -j LOG --log-prefix "UDP DROP:" sudo iptables -A INPUT -p icmp -j LOG --log-prefix "ICMP DROP:" sudo iptables -A INPUT -p tcp -j DROP sudo iptables -A INPUT -p udp -j DROP sudo iptables -A INPUT -p icmp -j DROP su iptables-save > /etc/iptables exit sudo pico /etc/network/if-pre-up.d/iptables # then add "#!/bin/sh", "iptables-restore < /etc/iptables", and # "exit 0" (each on its own line), and Ctrl + "x", "y", and Enter sudo chmod 755 /etc/network/if-pre-up.d/iptables sudo pico /etc/apt/sources.list # and type in your password; but note: only have to the first time running # a "sudo" command (unless you wait too long; i.e. the rest of the sudo # commands won't prompt. Add the following to the bottom (of sources.list): # "deb http://ftp.us.debian.org/debian lenny main", Ctrl x, y, Enter sudo apt-get update sudo apt-get install clamav sudo apt-get install xfce4 sudo mkdir /usr/local/etc/gamin sudo pico /usr/local/etc/gamin/gaminrc # type "fsset ufs poll 10", hold Ctrl and "x", "y", Enter sudo apt-get install iceweasel sudo apt-get install xpdf sudo apt-get install icedtea-gcjwebplugin sudo apt-get install openoffice.org #sudo apt-get install swfdec # for flash, but not sure from which source sudo pico /etc/sysctl.conf # add "vm.overcommit_memory=2" (aka strict) and "vm.swappiness=40" (less # likely to use swap than default 60), Ctrl "x", "y", Enter (note: "sudo # cat /proc/sys/vm/swappiness" or "sudo cat /proc/sys/vm/overcommit_memory" sudo apt-get install vnc4server vnc4server # type a password twice, which doesn't have to be the same as your login # (but 8 character max) and if you ever need to change it, run "vnc4passwd" pico ~/.vnc/xstartup # uncomment (i.e. remove the "#") both "unset SESSION_MANAGER" and # "exec /etc/X11/xinit/xinitrc", then comment everything (i.e. "#" each # line); but, make sure if a line wraps (e.g. "x-terminal…", that you # backspace it back into place (i.e. back onto one line), then add to the # end: "exec /usr/bin/xfce4-session &", Ctrl x, y, Enter sudo chmod 755 /etc/X11/xinit/xinitrc sudo mkdir /usr/X11R6/lib sudo mkdir /usr/X11R6/lib/X11 sudo ln -s /usr/share/fonts/X11 /usr/X11R6/lib/X11/fonts sudo pico /etc/init.d/vnc4server # type the following (including the "#" symbols), or simply copy and paste # if you "ssh db2.neurobio.pitt.edu" from your own computer; and note, the # username2 example, which is commented out, is for demonstration purposes; # i.e. uncomment those lines and change the USERNAME if you want a second # person to be able to VNC into this box: #! /bin/sh # http://wiki.debian.org/LSBInitScripts ### BEGIN INIT INFO # provides: vnc4server # required-start: $network $remote_fs $syslog # required-stop: $network $remote_fs $syslog # default-start: 2 3 4 5 # default-stop: 0 1 6 ### END INIT INFO test -f /usr/bin/vnc4server || exit 0 username1=hunter3 # username2=USERNAME case "$1" in start) echo "Starting vnc4server." su $username1 -c "/usr/bin/vnc4server" # su $username2 -c "/usr/bin/vnc4server" ;; stop) echo "Stopping vnc4server." /usr/bin/vnc4server -kill :1 # /usr/bin/vnc4server -kill :2 ;; restart|force-reload) echo "Restarting vnc4server." $0 stop && $0 start ;; status) if [ ! -f /home/$username1/.vnc/db1:1.pid ] then echo "Status: vnc4server is NOT running for $username1." else echo "Status: vnc4server is running for $username1." fi # if [ ! -f /home/$username2/.vnc/db1:2.pid ] # then # echo "Status: vnc4server is NOT running for $username2." # else # echo "Status: vnc4server is running for $username2." # fi ;; *) echo "Usage: /etc/init.d/vnc4server {start|stop|restart|force-reload|status}" exit 1 ;; esac exit 0 # and then Ctrl and "x", "y" and Enter sudo chmod 755 /etc/init.d/vnc4server sudo update-rc.d vnc4server defaults # and to undo the references created above (i.e. not have the vncserver # startup automatically), just run "sudo update-rc.d -f vnc4server remove" history -c && rm -f ~/.bash_history ######################################## # MYSQL (optional; if db1 goes down): ######################################## sudo apt-get install mysql-server-5.0 # will be prompted for a MySQL root password, which doesn't have to be # the same as the OS root (but I made it the same). sudo usermod -a -G mysql USERNAME # note: to remove a user from all groups, run "sudo usermod -G username # username" or to re-define which groups, run with groups comma separated # i.e. "sudo usermod -G groupname,anothergroup username"; and, to see what # groups a person is in, run "groups username"; and, didn't have to create # the "mysql" group (i.e. no need to "sudo groupadd mysql") sudo mkdir /mysql sudo chmod 775 /mysql sudo chgrp mysql /mysql mysql -u root -p # type in the root password, then at the "mysql> " prompt, run: create database cnup; grant all on cnup.* to USERNAME@localhost; grant all on cnup.* to cnupWrite@cnup.neurobio.pitt.edu; grant select on cnup.* to cnupRead@cnup.neurobio.pitt.edu; set password for USERNAME@localhost = password('PASSWORDHERE'); set password for cnupWrite@cnup.neurobio.pitt.edu = password('PASSWORDHERE'); set password for cnupRead@cnup.neurobio.pitt.edu = password('readm3!'); select user,host,db,select_priv,insert_priv from mysql.db; # IF above shows a blank user, run the following two commented commands: # use mysql; # delete from db where user = ' '; quit rm .mysql_history # note: any time you add a user, log in as root; and, anytime you want to # add a password (only necessary once per username), because you're typing # in their password, you will want to del the mysql prompt's history pico .my.cnf # add "[mysqldump]" and "password=PASSWORDHERE", Ctrl = "x", "y", Enter chmod 600 .my.conf sudo pico /etc/mysql/my.cnf # comment (i.e. add a "#" to the beginning of the line) out "bind-address" # which is currently set to 127.0.0.1 (i.e. only allow localhost access), # as we do want to use this as a backend server (i.e. connect to it from # Pitt's EWI servers), Ctrl + "x", "y", and Enter mysql use cnup source /mysql/cnup.sql quit sudo iptables -A INPUT -p tcp -s 10.195.8.0/26 --dport 3306 -j ACCEPT sudo iptables -A INPUT -p tcp -s 130.49.0.0/16 --dport 3306 -j ACCEPT sudo iptables -A INPUT -p tcp -s 136.142.0.0/16 --dport 3306 -j ACCEPT # allow Pittnet in general (easier to add these few rules on the fly) in # on the mysql port, which is already allowed on the physical router's # firewall rule set (via helpdesk@pitt.edu) # ATTENTION: would need to do two things not really simple commands: # 1) put a current copy of cnup.sql in /mysql # 2) adjust the ewi cnup website to point to this server and not db1 ######################################## # BACKUP AND RESTORE: # note: as long as the autoloader is connected and on when the computer # boots up, you can run "dmesg | grep -i scsi", to extrapolate the device # names (e.g. "scsi 1:0:6:0: Medium Changer OVERLAND LXB", "ch 1:0:6:0: # Attached scsi changer ch0", and "ch 1:0:6:0: Attached scsi generic sg3" # so "/dev/sg3" for the mtx commands below (but you can try "/dev/ch0" but # that just gave me an error; AND, "scsi 1:0:4:0: Sequential-Access QUANTUM # DLT7000", and "st 1:0:4:0: Attached scsi tape st0" which is why I used # "/dev/st0" for the tar commands (which worked; i.e. so didn't have to use # "/dev/sg2" from "st 1:0:4:0: Attached scsi generic sg2" reference ######################################## sudo apt-get install smbfs smbclient # backspace and type "NEUROBIOLOGY" and Enter (for workgroup/domain), then # arrow left to "Yes" and Enter (smb.conf to get DHCP provided WINS) sudo mkdir /mnt/arev sudo mkdir /mnt/argenzio sudo mkdir /mnt/bstwr sudo mkdir /mnt/bst3 sudo mkdir /mnt/clouder sudo mkdir /mnt/cnup sudo mkdir /mnt/hunter3 sudo mkdir /mnt/janhart sudo mkdir /mnt/kheinzel sudo mkdir /mnt/kjacoby sudo mkdir /mnt/mdujmic sudo mkdir /mnt/mlm0129 sudo mkdir /mnt/rlh19 sudo mkdir /mnt/schumann sudo mkdir /mnt/sfitz sudo mkdir /mnt/student sudo mkdir /mnt/temp # then you can perform the following two actions to connect and disconnect # to the office machines (to back them up), where MACHINE and SHARE would # be specific to any given machine (e.g. //sysanalyst-mac/hunter3) and # FOLDER would be one of the folders created above (e.g. hunter3): # sudo mount -t smbfs //MACHINE/SHARE /mnt/FOLDER -o username=USERNAME # sudo umount /mnt/FOLDER sudo apt-get install mtx # so as to give USERNAME rights to both /dev/sg3 (changer) and /dev/st0 # (drive), because both have root as owner and tape as group: sudo usermod -a -G tape USERNAME sudo mtx -f /dev/sg3 status # just to see ####### # BACKUP ####### pico MonthlyBackup.sh # then type the following: #!/bin/bash mount -t smbfs //130.49.237.41/staff$ /mnt/staff -o username=NEUROBIOLOGY\\santiago,password=PASSWORDHERE mount -t smbfs //130.49.237.41/AREV$ /mnt/arev -o username=NEUROBIOLOGY\\santiago,password=PASSWORDHERE mount -t smbfs //130.49.237.41/temp /mnt/temp -o username=NEUROBIOLOGY\\santiago,password=PASSWORDHERE case `date +%m` in 01|04|07|10) TAPE=1;; 02|05|08|11) TAPE=4;; 03|06|09|12) TAPE=7;; esac /usr/sbin/mtx -f /dev/sg3 unload /usr/sbin/mtx -f /dev/sg3 load 10 # slot 10/cleaning tape echo "mtx: clean..." > /home/hunter3/History$TAPE.log /usr/sbin/mtx -f /dev/sg3 unload echo $TAPE > CurrentTape.log /usr/sbin/mtx -f /dev/sg3 load $TAPE >> /home/hunter3/History$TAPE.log tar -cMf /dev/st0 -F /home/USERNAME/ChangeTape.sh --totals /mnt 2>> /home/hunter3/History$TAPE.log /usr/sbin/mtx -f /dev/sg3 unload echo $TAPE > CurrentTape.log /usr/sbin/mtx -f /dev/sg3 load $TAPE echo "tar: list..." >> /home/hunter3/History$TAPE.log tar -tMf /dev/st0 -F home/USERNAME/ChangeTape.sh > /home/hunter3/List$TAPE.log umount /mnt/staff umount /mnt/arev umount /mnt/temp echo "mdadm: `sudo mdadm --detail /dev/md0 | grep 'State :'`" >> /home/hunter3/History$TAPE.log exit # as always after pico command: Ctrl and "x", "y", and Enter; AND, if any # lines wrap (e.g. tar -c…), just go to the beginning of the wrapped line # and backspace it back onto the original line. # note: as always, PASSWORDHERE is an example; the real password is in the # actual file (on the server), and thus the next command is run to remove # the read rights for anyone (but also add executable rights): chmod 750 MonthlyBackup.sh pico ChangeTape.sh # type the following: #!/bin/bash case $MONTH in 01|04|07|10) TAPE=1;; 02|05|08|11) TAPE=4;; 03|06|09|12) TAPE=7;; esac declare -i NEXT=`cat CurrentTape.log` NEXT+=1 echo $NEXT > CurrentTape.log /usr/sbin/mtx -f /dev/sg3 unload /usr/sbin/mtx -f /dev/sg3 load $NEXT >> /home/hunter3/History$TAPE.log exit # Ctrl "x", "y", Enter chmod 755 ChangeTape.sh sudo crontab -e # then add the following: 33 03 1 * * /home/USERNAME/MonthlyBackup.sh # then Ctrl and "x", "y", and Enter # "sudo crontab -l" to list/verify and "sudo crontab -r" to remove/stop, # "sudo ./MonthlyBackup.sh &" to run it manually; and, to cancel running: # ps ax | grep p.sh | grep -v grep | awk '{print $1}' | xargs sudo kill -9 # also note (for when running manually): since using > and >> (as opposed # to "| tee" and "| tee -a"), output is to file and not to the screen ####### # RESTORE ####### # since we already listed the files on the tape (i.e. "tar -t") and put # that list in a file, TapeListn.log (where n is 1, 4, or 7), we can list # the contents much faster: cat TapeSet1.log # we can also search the file for a keyword (i.e. to see if a specific # file is in the list): cat TapeSet1.log | grep keyword\(s\)here # note that I used backslash in front of the parenthesis because it's a # special character, which also includes spaces and the backslash itself # (i.e. you would use "\ " or "\\" for those two); don't worry about what # is a special character--just run your search and if it has a problem with # any characters, just re-run the command with a backslash before said char # then restore a specific file or folder: tar -xMf /dev/st0 /ontapepath/filename.ext /destinationpath/. # restore all files from the tape in the drive: tar -xf /dev/st0 ####### # TAPE MAINTENANCE ####### # retension the tape in the drive (should "sudo mtx -f /dev/sg3 load n" where # n is the slot number); i.e. tighten up a well-used tape: mt -f /dev/st0 retension ######################################## # NIC TEAMING (i.e. so as to get 200Mbps): # this requires that you install another PCI ethernet card (i.e. turn off # the Mac, physically put a card in, then boot back up the system and # verify that the card is installed with "lspci" as a terminal command # ALSO, had to deal with the NOC here at Pitt (4-HELP) to get the right # router settings (i.e. both ports had to be set to allow dynamic link # aggregation, aka enable "802.3ad" mode), and either port could require # the router to be set to auto auto (not 100 full, which is Pitt's # default), in order for the card to negotiate to 100 full ######################################## sudo apt-get install ifenslave sudo pico /etc/modprobe.d/arch/i386 # add "alias bond0 bonding" and " options bond0 mode=0 miimon=100" # Ctrl and "x" to exit, "y" to save, and Enter to keep same name sudo pico /etc/network/interfaces # add the following (but no pound signs!): # auto eth0 # iface eth0 inet manual # auto eth1 # iface eth1 inet manual # auto bond0 # iface bond0 inet static # bond_mode 4 # bond_miimon 100 # bond_downdelay 200 # bond_updelay 200 # slaves eth0 eth1 # address 130.49.237.47 # netmask 255.255.255.224 # gateway 130.49.237.33 # comment out the original primary network interface (i.e. add "#" in front # of "allow-hotplug eth0" and "iface eth0 inet dhcp"), Ctrl x, y, Enter sudo pico /etc/resolv.conf # note that "nameserver 136.142.57.10" and others are listed (as we started # with dhcp, which populated this file), Ctrl and "x", "y", and Enter # also note: if you have trouble with resolving names (i.e. www.pitt.edu # doesn't work but http://130.49.228.207 does, you can also add a line to # /etc/network/interfaces: "dns-nameservers 136.142.57.10 136.142.188.73" sudo pico /etc/modprobe.d/aliases # add "alias net-pf-10 off" and "alias ipv6 off", Ctrl x, y. Enter sudo /etc/init.d/networking restart sudo ifconfig # note that "bond0" has the correct IP address information and is "MASTER" # and that "eth0" and "eth1" are both "SLAVE" sudo mii-tool # note that both eth0 and eth1 are "100baseTx-FD" ######################################## # MISC: ######################################## sudo apt-get autoremove sudo apt-get upgrade # the could be useful for DVD playback: # sudo apt-get install libdvdread4 # just not sure from which source # and supposedly there is an install script: # /usr/share/doc/libdvdread4/install-css.sh # and note sure if libxine1-ffmpeg is needed also pkill -kill TEXTHERE