On January 20th Jack Wallen shared his expertise on Linux basic essentials. If you couldn’t join us then, enjoy the transcript and we hope to see you on our next live Guild Meeting. You can find a schedule of Guild Meetings in your weekly TechProGuild Notes TechMail, or on the Guild Meeting calendar.
On January 20, Jack Wallen shared his expertise on Linux basic essentials. If you couldn’t join us then, enjoy the transcript and we hope to see you on our next live Guild Meeting. You can find a schedule of Guild Meetings in your weekly TechProGuild Notes TechMail, or on the Guild Meeting calendar.
Note: TechProGuild edits Guild Meeting transcripts for clarity.
Welcome to the meeting
JACK WALLEN: Welcome, everyone, to tonight’s Guild Meeting! Tonight we will be chatting about basic Linux! I hope to answer your questions regarding installation, customization, configuration, basic security, and any other question we can possibly answer! And don't forget we'll be giving away prizes to the most constructive participant which includes: a copy of VMware, Quake III (for Linux, of course), an IDG book, a chance to win an Athlon machine from buypogo.com. First, I'd like to thank our gracious sponsors: www.buypogo.com, Loki games, and Vmware. So, let me introduce our speaker for tonight. Tonight’s speaker comes all the way from Guam. No, wait. Sorry. It's me tonight!
SECTOR: Guess you're moving to Guam.
JACK WALLEN: Tonight our speaker is me, Jack Wallen, Jr. I'm the editor in chief of Linux and Alternate OSs at TechRepublic. So, let us begin, and I would like to begin with questions from the audience. You in the back with the Welcome Back Kotter lunch box.
TUAZEN: I was wondering what a good distribution would be to download and install. I am a beginning Linux user. This is my first day at it actually.
JACK WALLEN: Well, let's take a look at this question in different stages. First, what do you want to use Linux for?
Time for the first question
OHLALA: Hello, everyone. I have been using Windows for sometime and know I want to learn this new.
TSTEELE: Caldera is really easy. It even lets you play Tetris while you're installing ;)
TUAZEN: I was thinking possibly the PhatLinux since I would not need to partition.
OHLALA: And exciting OS. Linux. What or where could I find a good source of info for a beginner?
TUAZEN: I am an administrator on the NT side and am looking into Linux as an alternative.
JACK WALLEN: Okay, we have some suggestions already. Caldera has been rated very highly. I’ve used it and I have a few opinions on it.
JACK WALLEN: Let's say you want to use Linux as your desktop.
JACK WALLEN: You have three real viable choices.
SECTOR: If you look at the TrinityOS link from there, it tells a bit about some of the different distributions.
TSTEELE: I'm kind of fond of Red Hat. Guess just cuz I've been using it the longest.
JACK WALLEN: You have to choose your desktop environment. Does anyone want to take a stab at describing what a desktop environment is?
SECTOR: What you see?
JACK WALLEN: I guess you could say that Windows is a DE.
I guess you could say
ANDY_DAVIS: Shell, gui, apps.
SECTOR: The environment you'll be working with. How you will interact with the system?
JACK WALLEN: Exactly, it's an environment. Let me tell you a little bit about the Linux GUI.
TSTEELE: Just don't let it happen again.
JACK WALLEN: I’m not going to get too deep into technical terms so we can all understand where I’m coming from. The first level of the Linux GUI—anyone?
TSTEELE: X server?
JACK WALLEN: We're going to stick with X Windows System as the first level, or X as some call it. X basically allows the windowing environments to communicate to the hardware—basically.
SECTOR: Or X11.
JACK WALLEN: On top of X, you have what is called the Window manager.
JOSH: AfterStep, GNOME, etc.
JACK WALLEN: There are a ton of different Window managers. My fav is AfterStep (because it is incredibly configurable).
I second that
ANDY_DAVIS: I second the motion for AfterStep.
JACK WALLEN: GNOME is actually the next level in the GUI—the Desktop Environment. The DE level basically consists of either GNOME or KDE. Both of these are incredible GUIs. But they are rather different in philosophy and in makeup.
SECTOR: Desktop Environment.
JACK WALLEN: KDE is, for all intents and purposes, the Linux taking on Windows—except that it works. ;-) KDE is very stable, very sleek, very efficient, and very well supported and developed.
TSTEELE: Has cool themes, too.
JACK WALLEN: GNOME is newer, more configurable, developed more quickly and, unlike KDE, is completely open source. Any questions so far?
JOSH: So, AfterStep and GNOME are different?
JACK WALLEN: Yes, AS and GNOME are different.
TSTEELE: AfterStep runs on top of GNOME, I believe.
SECTOR: Different levels, KDE and GNOME are also different. But two different things that have the same function.
JACK WALLEN: Correct, Tsteele. However, AfterStep can run without a DE! Exactly, Sector.
TSTEELE: Really cool.
ANDY_DAVIS: Recap: X talks to hardware, the Window manager to X, and the GUI sits on the Windows manager.
Now that we’re all confused
JOSH: OK, that’s why I got them confused, because you can run AfterStep without DE.
JACK WALLEN: The best thing about running AfterStep without the DE is that you don't have the resource loss that the DE takes up, and AS can be configged to do anything! Exactly, Andy!
TSTEELE: I love the ability to just destroy Windows whenever you feel like it ;).
JACK WALLEN: Right, Josh. In fact, you can run pretty much any of the Window managers without the DE. But the DEs have to have a Window manager in order to function.
TSTEELE: So no having to reboot just because a program locks up.
JACK WALLEN: No rebooting, of course. That is the beauty of Linux. In fact, here's a quiz for you. You’re running Linux and an app freezes up. What do you do?
TSTEELE: Kill it!!
JACK WALLEN: How do you kill it?
SECTOR: Kill -9 pid if needed.
JOSH: Then click the all to kill.
DREWHAPPLI: Open a shell window, and do a ps aux then kill (process #).
JACK WALLEN: Very good. Now what if X freezes up on you and your GUI is stuck?
JOSH: Err click the app to kill.
SECTOR: Ummm, that would be ps –aux.
TSTEELE: There's also a process manager in KDE that's pretty cool for GUI; [Ctrl][Alt]backspace to kill X.
SECTOR: Just pop open another console.
JACK WALLEN: Bingo! Both ways are correct.
DREWHAPPLI: Not necessarily. Under AIX and Solaris it is -aux, under Red Hat and Mandrake you can use the - but do not need to.
SECTOR: OK, but the - works in either case.
JACK WALLEN: With [Ctrl][Alt]F# you are basically starting a Virtual Desktop which is basically starting another Desktop.
JOSH: I know there are different ways, I just thought everyone else would say the normal way to do it.
JACK WALLEN: You can also do my favorite (when an app freezes X)—telnet (or secure shell) into your machine and then run killall -9 PID. Sorry killall -9 app_name.
SECTOR: I usually have a telnet open into it anyway and just use kill -9 PID after finding the PID with ps -ax myself.
JACK WALLEN: That's one of the greatest things about Linux! With Linux, there are always about 120 different ways to do something, where in Windows there are three abort retry fail!
TSTEELE: You forgot reboot :P.
JACK WALLEN: Got me there! Okay. Let's take a break for any questions.
TSTEELE: How do you install AF without the DE?
JOSH: Can you install Linux at the end of a 15-gig drive.
How about the installation?
JACK WALLEN: You mean installing AfterStep without the DE?
JOSH: AS comes default most of the time.
SECTOR: Linux, unlike some OSs, will install into either a primary or an extended partition.
JACK WALLEN: Okay, first. Installing AS without the DE is pretty simple. Even in console you can get the rpms (from www.afterstep.org), and then as root run rpm -ivh AfterStep*.
TSTEELE: Will that overwrite KDE or GNOME? Or do you have to uninstall those first?
JACK WALLEN: Once the rpm's are installed, you will want to exit out of root and create a file (in the users home directory /home/user_name) called '.xinitrc'. In this file, you will want to have the following: exec afterstep. I think with the newer releases you should be able to install at the end of a 15-gig drive. You will have to make sure that LILO is placed in the MBR, though.
JOSH: So if I install WinNT in the first 5 GB of a drive, I can install Linux on the next 5 GB?
JOSH: How about quad boot with WinNT and Linux and 98? Or should I just go with Win2K?
JACK WALLEN: I have AfterStep, KDE, and GNOME, and many other WMs existing peacefully on my machine. It's just a matter of calling up what you want.
DREWHAPPLI: Yea, but NT can only install to a 2-GB partition on install.
TSTEELE: You can do all of them, Josh.
DREWHAPPLI: Josh, you can do that, Install 98, then NT, then Linux.
JOSH: Which boot loader? LILO?
SECTOR: _ACTION has three OSs all selectable at boot, OS/2, Linux, PC-DOS.
DREWHAPPLI: Josh, there is a how-to on how to do that.
A how-to on how to
TSTEELE: If you go to www.winimage.com and get bootpart, you can stick Linux into your NT loader.
JACK WALLEN: Okay. With NT it's a bit different. You HAVE to let the NT boot loader reside on the MBR. I wrote a pretty good drill down on dual booting (it's on the TPG site somewhere ;-) and it explains the NT dual booting procedure.
DREWHAPPLI: Or you could look there.
TSTEELE: Bootpart works great. It’s really easy to set up. Does pretty much the same thing as the how-to does. In just one step.
JACK WALLEN: There are so many ways to dual boot. I personally like LILO. It's really configurable and easy to run boot manager.
TUAZEN: Where can you get LILO?
JACK WALLEN: LILO will come on any of the distributions you install.
TUAZEN: Is it better to buy a distro from the store or dload one from somewhere?
JACK WALLEN: Great question, Tuazen.
TSTEELE: If you buy it, you'll get support.
TUAZEN: Sorry, total Linux newbie here. :)
JACK WALLEN: In my opinion it is much better to buy the distro. You get installation books. You get support. You get extra apps.
That’s just my opinion
JOSH: No, Tuazen, that’s a good question.
JACK WALLEN: Annnnnd you don't have to worry about dealing ISO images from downloading.
SECTOR: All together, less trouble then downloading it.
TUAZEN: What ISO images?
JACK WALLEN: And the distros are so cheap these days.
TSTEELE: CD-ROM image you burn to CD.
DREWHAPPLI: Buying is nice because it helps support the developers, but you can get the ISO image, but it takes quite a while to download.
JOSH: An image you have to burn to a CD-ROM.
TUAZEN: Ah OK.
JACK WALLEN: When you dl an image from the net you typically have to burn it onto CD to install it. There are ways to do it otherwise but they are tricky (mounting an ISO image that is on a separate partition! whew!).
TSTEELE: If you are looking at it for corp deployment, you definitely want to buy because of the support.
TUAZEN: So, Caldera is the best.
JACK WALLEN: No, I wouldn’t say that Caldera is the best for a couple of reasons.
DREWHAPPLI: You can go to some of the Linux sites (LinuxMall, Cheapbytes, etc.) and get Distros for $2.00 + shipping.
What were you thinking?
JACK WALLEN: I think that Caldera is very good but they have a few configuration tools that are not really as "newbie friendly" as people would like to think.
TSTEELE: Caldera is good for desktop users, but if you want to run a server I prefer Red Hat.
JACK WALLEN: First off, Lisa (the Caldera configuration tool) is a bit awkward.
DREWHAPPLI: I've been hearing good things about Corel, and the new Mandrake is supposed to be really nice for the newbie and experienced user.
TUAZEN: My first box is going to be a dual boot with my home Win98 system to get used to it.
JACK WALLEN: And the COAS tool is equally awkward. Plus, to configure sound and networking you have to load and unload kernel modules. As far as I’m concerned, Red Hat is still the best distro for newbies. For one thing, the new installation program is incredible—totally GUI.
TSTEELE: I will say, though, that Caldera is trying a little too hard to be like Windows. It wants to do everything for you and screws it up sometimes.
SECTOR: I prefer configuring things manually myself.
JACK WALLEN: Second of all—the configuration tools are all very simple to use and very independent.
JOSH: I have to second that, Tsteele.
JACK WALLEN: Also, linuxconf (Red Hat's config tool) is amazing! Exactly, Tsteele.
SECTOR: Linuxconf has some problems.
TSTEELE: Yeah. Configing your sys through a Web browser rocks!!!
JOSH: Are you serious?
JACK WALLEN: One of my problems with Windows and Caldera is that it assumes the user knows nothing (regardless as to whether or not he/she does) and makes too many choices for you.
What’s your problem?
TSTEELE: Josh, yes, you can run linuxconf through browser.
JACK WALLEN: I've used linuxconf via Web browser. It's actually quite nice. BUT there are security issues.
DREWHAPPLI: Yup. linuxconf has a Web-based tool. It’s pretty cool. It can also be used command line, or in X.
JACK WALLEN: You can also configure Samba via Web browser. It's a tool called swat.
DREWHAPPLI: I prefer command line. X isn't bad. I've only used the Web browser once.
TSTEELE: I only use it from my desk, on a separate subnet alone with my servers :).
SECTOR: More then I've used X.
JACK WALLEN: Another bonus of Linux—everything can be configured by GUI, Web, or console (well, not everything can be configg'd via Web, but it sounded good). ;-) Here are my favorite config tools for Linux:
DREWHAPPLI: I keep meaning to set up Samba again.
JOSH: What distro would you recommend if I were trying to set up ipmasq stuff for a road runner config at home?
JACK WALLEN: Sound: sndconfig (Red Hat) Networking: netcfg, wvdial, netconf (Red Hat) Josh—Red Hat!
ANDY_DAVIS: Wait, you can do Linuxconf by Web? How?
JACK WALLEN: But you have to be careful cause pump (the DHCP client) doesn't work well. Get either dhcpcd or dhcp-client, or even better, run static.
Use extreme caution
TSTEELE: Andy, you have to add it to your /etc/services, then browse to your server port 88 or 99 I think. Something like that.
JOSH: OK. I will make note of that. What kind of system do I need to do that? 233mmx OK?
JACK WALLEN: In order to run Linuxconf via Web, you give it Access in Linuxconf—hold on. Let me check.
ANDY_DAVIS: So how do you run it static?
SECTOR: 233mmx should be fine.
TSTEELE: Josh, you could run it on a 386 with 2 megs of RAM.
DREWHAPPLI: Running static is nice if you are the Network Admin. If you’re a user, then you may be forced to use DHCP.
JACK WALLEN: To run static (like I do with @home), you simply configure it to be manual and enter your ip address and a few other bits of info in netconf.
JOSH: Well, this is for a home network.
JACK WALLEN: I was afraid I’d run into DCHP with @home but they were very gracious and gave me my IP.
JOSH: Jwallen, how do you have multiple machines set up at home? Static?
JACK WALLEN: For a home network, I’d just configure everything with private IP's 172.22.1.x.
TSTEELE: Josh, there's a thing called ip masquerading that allows you to have multiple machines on 1 IP.
JACK WALLEN: When I run a small home network, I set all the machines up statically with the 172.22.1.x ip address.
DREWHAPPLI: Josh, you have to have two network cards, one with the public address, one with your private address.
JACK WALLEN: Yes, you can run ipmasq (now called NAT) with Linux. That is very nice, having one connection and all your machines running through it.
JOSH: I am going to have @home (roadrunner) installed soon. What should I ask them about what I need?
TSTEELE: It takes a packet from your internal comp and rewrites it to look like it came from your external address. Pretty cool stuff.
SECTOR: That's part of the address range reserved for non-Internet use. If the IP manages to slip out to the Internet, most routers will ignore it.
JACK WALLEN: For @home, you need to make sure you get a PCI network card (they gave me the realtek clone—worked fine). And for the IP address you can do two things. You can either ask them if they will supply you with the number (the techy that installs) or you can have your machine dual booting. When Windows is up, you can run the ipconfig tool and get your IP address. Put it in Linux as static and there you go.
DREWHAPPLI: I have @home and had the machine all set up, so they gave me an extra ISA NIC.
JOSH: I have two 3com 3c905b's—that’s what’s going in the Linux box. Oh, yeah, and I am going to be running 98 on the machines I use all the time. Linux will be able to work with them?
TSTEELE: Yes. Easily.
Taking the easy route
SECTOR: Set up the Linux system as the default route.
TSTEELE: You can even set your Linux box to be a dhcp server like I have it, and your 98 machines will pick up everything automatically.
JACK WALLEN: Oh, and with Linux on a cable modem, you will want to do a number of things for security. Shall we talk about basic Linux networking security?
JOSH: Yea, please. Real quick first.
JACK WALLEN: OK, yes, josh?
JOSH: When you (Jwallen) say ask the tech for the number, you mean a static ip?
SECTOR: First off, don't put the cable modem on the hub, use a separate nic for it. Otherwise all the machines are gonna be seen from the Internet.
JACK WALLEN: Yes, I mean the static IP ;-). Sorry.
SECTOR: The IP that will be assigned to your machine.
JOSH: Yea, I got that. Thanks, sector.
ANDY_DAVIS: Si, senor.
TSTEELE: A lot of companies are starting to give you a paper now that lists all your info on it.
JOSH: That’s cool. Thanks, Jack.
TSTEELE: For cable modem I mean.
JACK WALLEN: Okay, two files to consider first for security: /etc/hosts.allow and /etc/hosts.deny.
JOSH: Deny all?
Something to consider
JACK WALLEN: For example, /etc/hosts.allow tells your system what machines can come in, and hosts.deny tells your machine what cannot.
TSTEELE: Hosts.deny ALL:ALL.
JACK WALLEN: Very good, Tsteele!
TSTEELE: That's all it has to say.
JACK WALLEN: With hosts.deny saying ALL:ALL you are telling your machine that all services are denied: to all IPs.
JOSH: Yea, I know that, but cause I am on the net, do I want to deny all on all ports?
SECTOR: Then add in your machines to the hosts.allow.
JACK WALLEN: Now, in conjunction with that, you add your /etc/hosts.allow and put in the IPs that you want to allow in.
TSTEELE: You only want to allow explicitly…so no one comes in without you knowing it.
SECTOR: Depends, do you want other systems to be able to access your system from outside your LAN?
JACK WALLEN: When a request comes in, your system first checks hosts.deny and then hosts.allow. Only that which is in allow will be allowed in.
JOSH: I guess not, but don’t some services need that? AIM? ICQ?
TSTEELE: No, that is all done in masquerading. You're not connecting to the firewall machine.
JACK WALLEN: I run IM and ICQ and all other services with a tightly locked down machine.
SECTOR: Those will not be accessing services on the Linux system and the hosts.deny wouldn't apply.
Just a suggestion
JACK WALLEN: Okay, on top of that, I highly suggest (especially with a cable modem) a program called PortSentry.
TSTEELE: Port scanner detector?
SECTOR: PortSentry allows you to block specific ports and dump those trying to scan those ports into your firewall.
JACK WALLEN: PortSentry is pretty amazing. What it does (and I won't even pretend to understand it completely) is when a portscan is detected, it uses tcp wrappers to not allow the "hacker" to get a solid lock on a port, and then (and this is the kicker) it dumps their IP into hosts.deny.
JOSH: So it not only denys, but logs as well?
SECTOR: Basic rule: Deny everything, and then allow only those you need.
JACK WALLEN: So when they try you again, they can't get in at all. And, yes, it logs everything! Very good advice here: Make a habit of checking the following: /var/log/messages and /var/log/secure. You have to be root (super user) to do this, and they offer you so much information.
JOSH: What do you mean they offer you so much info?
JACK WALLEN: Oh, one other nice thing (and this is not security), but running dmesg will allow you to see the entire boot message so you can see explicitly if there are any probs with boot!
TSTEELE: Just be careful what you set it to log or you'll eat up tons of disk space.
DREWHAPPLI: Cat and grep are your friends with /var/log/messages.
SECTOR: Look through the log files; you'll find lots of information in there. Tail comes in handy as well.
Fire up the log files
JACK WALLEN: Those log files tell you information on attempts to get into your machine, what IP they came from, what port they are trying to get into, and so on.
JOSH: Sorry for the slang tonight. I am at someone else's computer with a natural keyboard; it's killing me.
JACK WALLEN: Yes, cat and grep are good tools.
SECTOR: Not a problem.
DREWHAPPLI: Yea, it told me when some punk was trying to get into one of my servers via the logins warez, and MP3 through ftp.
JACK WALLEN: Okay, gang, we have to start wrapping this one up! My fingers are killing me! ;-) This has certainly been one of the best Guild Meetings I’ve attended! But before we all start heading out...
SECTOR: Six-minute warning.
JACK WALLEN: We have to make some announcements. ;-) Thanks, Sector ;-). You have a good memory.
TSTEELE: Great chat…actually talked about what the meeting was advertised as :).
JACK WALLEN: First off, I’d like to invite you all back for next week's Guild Meetings: Tuesday we have Bryan Pfaffenberger speaking about StarOffice!
JACK WALLEN: And then Thursday I’ll be back to talk about more Linux basics! Yes, StarOffice is a killer app (and applixware is even better).
JOSH: You're great, Jwallen. You have a lot of good info.
JACK WALLEN: Thank you, Josh.
TSTEELE: Are there going to be any real in-depth Linux security meetings coming up? Last Tuesday's was not exactly what I was expecting.
DREWHAPPLI: I have both an older version of Applixware and I have been using StarOffice in both Linux and Windows.
ANDY_DAVIS: Yeah, security is a great topic.
JACK WALLEN: Yes, actually. Next month we have Nate Russell coming in to chat about various Linux security apps.
JOSH: Yea, last Tuesday was kinda non-in-depth.
JACK WALLEN: In fact, Nate was the man that set me up with PortSentry! Nate knows his stuff!
JOSH: Cool. I will be here.
SECTOR: Tuesday was more of a general overview...
ANDY_DAVIS: Good deal!
DREWHAPPLI: But it was very interesting.
JACK WALLEN: He'll talk about a few other killer Linux apps as well.
Time is running out
ANDY_DAVIS: G'night, all...
JACK WALLEN: Thank you all for being so great! I hope you enjoyed and learned something!
Remember, Linux is your friend and Windows is not. ;-) Just kidding?
JOSH: There is some truth in that.
TSTEELE: If I have to live with Windows, I run it on top of Linux. So much easier that way.
JACK WALLEN: Anyway. Come back next week! Same time, same place, and, as always, grease for peace!
Our Guild Meetings feature top-flight professionals leading discussions on interesting and valuable IT issues. You can find a schedule of Guild Meetings in your weekly TechProGuild Notes TechMail, or on the Guild Meeting calendar.
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.