This will create a hyperlink in table's cell or in any text box:
:
Monday, July 29, 2013
Wednesday, July 24, 2013
sudo basics
1) config is in /etc/sudoers
2) edit it with visudo command, which can check syntax
3) basic configuration line:
user ALL=(ALL) ALL
1st ALL means on any computer - hostname
2nd =(ALL) means as any user - sudo -u user
3rd ALL means any command
This should always be there, to allow root run everything:
root ALL=(ALL) ALL
Example:
adam earth=(xena) /bin/kill
adam can run /bin/kill command only on computer hostname "earth" and only if logged as xena:
adam runs: sudo -u xena /bin/kill
4) user groups
till now we had users
groups are:
%group_name ALL=(ALL) ALL
5) Aliases:
User_Alias ADMINS=adam, xena
Cmnd_Alias COMMAND1=/bin/kill
now let's use it
ADMINS ALL=(ALL) COMMAND1
6) no password:
%admins_group ALL=(ALL) NOPASSWD: ALL
7) negation - allow all commands apart some:
Cmnd_Alias PASSWD_ROOT=/sbin/passwd root
user1 ALL=(ALL) !PASSWD_ROOT
8) (default) logfile:
/var/log/sudo.log
2) edit it with visudo command, which can check syntax
3) basic configuration line:
user ALL=(ALL) ALL
1st ALL means on any computer - hostname
2nd =(ALL) means as any user - sudo -u user
3rd ALL means any command
This should always be there, to allow root run everything:
root ALL=(ALL) ALL
Example:
adam earth=(xena) /bin/kill
adam can run /bin/kill command only on computer hostname "earth" and only if logged as xena:
adam runs: sudo -u xena /bin/kill
4) user groups
till now we had users
groups are:
%group_name ALL=(ALL) ALL
5) Aliases:
User_Alias ADMINS=adam, xena
Cmnd_Alias COMMAND1=/bin/kill
now let's use it
ADMINS ALL=(ALL) COMMAND1
6) no password:
%admins_group ALL=(ALL) NOPASSWD: ALL
7) negation - allow all commands apart some:
Cmnd_Alias PASSWD_ROOT=/sbin/passwd root
user1 ALL=(ALL) !PASSWD_ROOT
8) (default) logfile:
/var/log/sudo.log
Thursday, July 4, 2013
Linux iptables - open some ports to allow some traffic
1) in RH/CentOS is good to run this command :
$ system-config-securitylevel
2) it creates basic iptables structure in /etc/sysconfig/iptables:
[root@CentOS log]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@CentOS log]#
3) and also creates new chain called RH-Firewall-1-INPUT which is inserted in INPUT and FORWARD existing chains:
[root@CentOS log]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
[root@CentOS log]#
4) Imagine that some connection is blocked by FW, for example remote syslog messages (=syslog events sent from other host (/etc/syslog.cong: user.* @IP) to this host which acts as syslog server (/etc/sysconfig/syslog.conf: -r))
To catch this traffic into log for analysis is good to insert following rule
after all ACCEPT rules
and
in front of first REJECT or DROP rule, so it will print all not ACCEPTED and not DROPPED or REJECTED packets into /var/log/messages from where we can easily setup new rule to allow this traffic:
[root@CentOS log]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -i eth0 --sport 67:68 --dport 67:68 -j DROP
-A RH-Firewall-1-INPUT -p udp -i eth0 --sport 67:68 --dport 67:68 -j DROP
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j LOG
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@CentOS log]#
(of course "service iptables restart" after each edit of config file)
5)lets send test syslog message from remote host:
[root@XENtest2 ~]# logger -i -t user "test"
6) And here is the taken traffic:
[root@CentOS log]# tail -f /var/log/messages
Jul 4 15:54:39 CentOS kernel: IN=eth0 OUT= MAC=00:0c:29:52:d2:58:00:16:3e:6f:99:86:08:00 SRC=192.168.0.128 DST=192.168.0.1 LEN=50 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=514 DPT=514 LEN=30
7) Lets setup iptable rule (more general - just based on protocol UDP and source and destination port 514)
[root@CentOS log]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -i eth0 --sport 67:68 --dport 67:68 -j DROP
-A RH-Firewall-1-INPUT -p udp -i eth0 --sport 67:68 --dport 67:68 -j DROP
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --sport 514 --dport 514 -j ACCEPT
-A RH-Firewall-1-INPUT -j LOG
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@CentOS log]#
8) and here it is, syslog message appears on syslog server:
[root@CentOS ~]# tail -f /var/log/messages
Jul 4 16:02:07 192.168.0.128 user[5369]: test
$ system-config-securitylevel
2) it creates basic iptables structure in /etc/sysconfig/iptables:
[root@CentOS log]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@CentOS log]#
3) and also creates new chain called RH-Firewall-1-INPUT which is inserted in INPUT and FORWARD existing chains:
[root@CentOS log]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
[root@CentOS log]#
4) Imagine that some connection is blocked by FW, for example remote syslog messages (=syslog events sent from other host (/etc/syslog.cong: user.* @IP) to this host which acts as syslog server (/etc/sysconfig/syslog.conf: -r))
To catch this traffic into log for analysis is good to insert following rule
after all ACCEPT rules
and
in front of first REJECT or DROP rule, so it will print all not ACCEPTED and not DROPPED or REJECTED packets into /var/log/messages from where we can easily setup new rule to allow this traffic:
[root@CentOS log]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -i eth0 --sport 67:68 --dport 67:68 -j DROP
-A RH-Firewall-1-INPUT -p udp -i eth0 --sport 67:68 --dport 67:68 -j DROP
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j LOG
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@CentOS log]#
(of course "service iptables restart" after each edit of config file)
5)lets send test syslog message from remote host:
[root@XENtest2 ~]# logger -i -t user "test"
6) And here is the taken traffic:
[root@CentOS log]# tail -f /var/log/messages
Jul 4 15:54:39 CentOS kernel: IN=eth0 OUT= MAC=00:0c:29:52:d2:58:00:16:3e:6f:99:86:08:00 SRC=192.168.0.128 DST=192.168.0.1 LEN=50 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=514 DPT=514 LEN=30
7) Lets setup iptable rule (more general - just based on protocol UDP and source and destination port 514)
[root@CentOS log]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -i eth0 --sport 67:68 --dport 67:68 -j DROP
-A RH-Firewall-1-INPUT -p udp -i eth0 --sport 67:68 --dport 67:68 -j DROP
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --sport 514 --dport 514 -j ACCEPT
-A RH-Firewall-1-INPUT -j LOG
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@CentOS log]#
8) and here it is, syslog message appears on syslog server:
[root@CentOS ~]# tail -f /var/log/messages
Jul 4 16:02:07 192.168.0.128 user[5369]: test
DHCP packets in Wireshark
Capture filter in Wireshark to grab DHCP packet:
and the result:
For tcpdump:
$ tcpdump -vv -s 0 -i eth0 udp port 67 || udp port 68
IPtables filter:
vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -i eth0 --sport 67:68 --dport 67:68 -j DROP
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
Wednesday, July 3, 2013
Bash "while" loop
1) Either:
while read line
do
...
done < my_file.txt
2) Or:
cat my_file.txt | while read LINE
do
...
done
http://www.tldp.org/LDP/abs/html/internal.html#READPIPEREF
while read line
do
...
done < my_file.txt
2) Or:
cat my_file.txt | while read LINE
do
...
done
http://www.tldp.org/LDP/abs/html/internal.html#READPIPEREF
Find domain controlers for domain
1) For DNS based on MSWin:
$ nslookup -type=srv _ldap._tcp.dc._msdcs.your_domain
#this should work in Win and Lin
#the same with dig:
$ dig -t any _ldap._tcp.dc._msdcs.your_domain
#doesn't work in all cases ;-(
2) For general DNS:
$ dig -t any domain
#or:
$ dig ALL domain
#or:
$ dig +short ALL domain
#these gives IP's of all domain controllers in domain, now get hostnames from IP:
$ dig -x IP | awk ' /PTR/ {print $NF}'
# -x is reverse nslookup, then grep for PTR regexp and then print last filed, which is hostname
#since not all PTR have hostname, grep -v them with awk \!/PTR/:
for NS in `dig +short ALL your_domain`
do
dig -x $NS | awk ' /PTR/ { print $NF } ' | awk \!/PTR/
done
#or:
$ nslookup IP
3) list of DNS record types:
http://en.wikipedia.org/wiki/List_of_DNS_record_types
$ nslookup -type=srv _ldap._tcp.dc._msdcs.your_domain
#this should work in Win and Lin
#the same with dig:
$ dig -t any _ldap._tcp.dc._msdcs.your_domain
#doesn't work in all cases ;-(
2) For general DNS:
$ dig -t any domain
#or:
$ dig ALL domain
#or:
$ dig +short ALL domain
#these gives IP's of all domain controllers in domain, now get hostnames from IP:
$ dig -x IP | awk ' /PTR/ {print $NF}'
# -x is reverse nslookup, then grep for PTR regexp and then print last filed, which is hostname
#since not all PTR have hostname, grep -v them with awk \!/PTR/:
for NS in `dig +short ALL your_domain`
do
dig -x $NS | awk ' /PTR/ { print $NF } ' | awk \!/PTR/
done
#or:
$ nslookup IP
3) list of DNS record types:
http://en.wikipedia.org/wiki/List_of_DNS_record_types
awk tips
1) Search for regular expression "test" in file "my_file" and print first and last field of matched line:
$ awk '/test/ { print $1, $NF }' my_file
2) Regular expression comparison is made by ~ or !~ which result is true or false:
3) Search for lines where first field contains "A" and print that line:
$ awk '$1 ~ /A/' my_file
#or
awk '{ if ($1 ~ /A/) print }' my_file
#where $1 ~ /A/ means "does first field contains A?"
#print is the same as print $0, thus print whole line = all fields
4) grep -v with awk:
awk \!/text/ my_file
5) filed delimiter different than default space:
gawk -F: '{ print $1 }' /etc/passwd
GNU AWK manual:
http://www.gnu.org/software/gawk/manual/gawk.html
Don't redirect Picasa to Google +
No redirect link which also adds cookie for future attempts:
https://picasaweb.google.com/lh/myphotos?noredirect=1
https://picasaweb.google.com/lh/myphotos?noredirect=1
Destroy Xen Domain (virtual host)
#list active domains:
xm list
#some domain can be in bad state - unable to start and unable to create another one with the same name, because configuration file with this name already exists
#to remove domain do these steps:
#terminate domain (remove it from xm list):
xm destroy domainID
#remove autostart link:
rm /etc/xen/auto/domainID*
#remove configuration file
rm /path/to/disk/file
#or remove physical disk or LogicalVolume
#list of all "xm" commands:
console Attach to <Domain>'s console.
create Create a domain based on <ConfigFile>.
destroy Terminate a domain immediately.
dump-core Dump core for a specific domain.
help Display this message.
list List information about all/some domains.
mem-set Set the current memory usage for a domain.
migrate Migrate a domain to another machine.
pause Pause execution of a domain.
reboot Reboot a domain.
restore Restore a domain from a saved state.
save Save a domain state to restore later.
shutdown Shutdown a domain.
trigger Send a trigger to a domain.
top Monitor a host and the domains in real time.
unpause Unpause a paused domain.
uptime Print uptime for a domain.
vcpu-set Set the number of active VCPUs for allowed forthe domain.
xm list
#some domain can be in bad state - unable to start and unable to create another one with the same name, because configuration file with this name already exists
#to remove domain do these steps:
#terminate domain (remove it from xm list):
xm destroy domainID
#remove autostart link:
rm /etc/xen/auto/domainID*
#remove configuration file
rm /path/to/disk/file
#or remove physical disk or LogicalVolume
#list of all "xm" commands:
console Attach to <Domain>'s console.
create Create a domain based on <ConfigFile>.
destroy Terminate a domain immediately.
dump-core Dump core for a specific domain.
help Display this message.
list List information about all/some domains.
mem-set Set the current memory usage for a domain.
migrate Migrate a domain to another machine.
pause Pause execution of a domain.
reboot Reboot a domain.
restore Restore a domain from a saved state.
save Save a domain state to restore later.
shutdown Shutdown a domain.
trigger Send a trigger to a domain.
top Monitor a host and the domains in real time.
unpause Unpause a paused domain.
uptime Print uptime for a domain.
vcpu-set Set the number of active VCPUs for allowed forthe domain.
Tuesday, July 2, 2013
Add watermark in batch with ImageMagic
This adds 2 colored text slightly moved side by side. Size 70 is appropriate for resolution ~2000pixels:
for i in `ls -1 IMG*.jpg`; do echo $i; convert $i -pointsize 70 -draw "gravity southeast fill black text 0,12 'Copyright' fill white text 1,11 'Copyright' " ../new/edit-$i; done
Thanks to:
http://www.imagemagick.org/Usage/annotating/#wmark_image
for i in `ls -1 IMG*.jpg`; do echo $i; convert $i -pointsize 70 -draw "gravity southeast fill black text 0,12 'Copyright' fill white text 1,11 'Copyright' " ../new/edit-$i; done
Thanks to:
http://www.imagemagick.org/Usage/annotating/#wmark_image
Monday, July 1, 2013
Change hostname to permanent on RedHat like Linux server
edit
[root@localhost ~]# grep HOSTNAME /etc/sysconfig/network
HOSTNAME=localhost.localdomain
[root@localhost ~]#
and then run:
[root@localhost ~]# hostname your_hostname
Create (install) new Xen Virtual Machine in text mode
Either you can use graphical tool virt-manger
or this text tool:
[root@localhost ~]# virt-install --prompt
What is the name of your virtual machine? test2
How much RAM should be allocated (in megabytes)? 500
What would you like to use as the disk (file path)? /home/tomas/test2
How large would you like the disk (/home/tomas/test2) to be (in gigabytes)? 4
What is the install URL? http://merlin.fit.vutbr.cz/mirrors/centos/5.9/os/i386
Starting install...
Retrieving file .treeinfo... | 413 B 00:00
Retrieving file vmlinuz... | 2.2 MB 00:01
Retrieving file initrd.img... | 11 MB 00:08
Creating storage file... | 4.0 GB 00:00
Creating domain... | 0 B 00:02
Connected to domain test2
...
also you can continue in text installation or you can start VNC server:
Welcome to CentOS
+-----------+ VNC Configuration +------------+
| |
| A password will prevent unauthorized |
| listeners connecting and monitoring your |
| installation progress. Please enter a |
| password to be used for the installation |
| |
| Password: ********________ |
| Password (confirm): ********________ |
| |
| |
| +----+ +-------------+ +------+ |
| | OK | | No password | | Back | |
| +----+ +-------------+ +------+ |
| |
| |
+--------------------------------------------+
Probing for video card: Unable to probe
No video hardware found, assuming headless
Starting VNC...
The VNC server is now running.
Please connect to 172.16.79.130:1 to begin the install...
Press <enter> for a shell
Starting graphical installation...
XKB extension not present on :1
and continue in graphical mode with "vncviewer" command.
Subscribe to:
Posts (Atom)