* About This Document
* Ubuntu Server Guide
o Introduction
o Installation
o Package Management
o Networking
o Remote Administration
o Network Authentication
o Domain Name Service (DNS)
o Security
o Web Servers
o Databases
o LAMP Applications
o File Servers
o Email Services
o Version Control System
o Windows Networking
o Backups
o Virtualization
+ libvirt
+ JeOS and vmbuilder
+ Eucalyptus
+ OpenNebula
o Clustering
o Other Useful Applications
libvirt
* Ubuntu Server Guide
* Virtualization
The libvirt library is used to interface with different
virtualization technologies.
Before getting started with libvirt it is best to make sure your hardware supports the necessary
virtualization extensions for KVM. Enter the following from a terminal prompt:
egrep '(vmx|svm)' /proc/cpuinfo
If nothing is printed, it means that your cpu does not support hardware virtualization.
On most computer whose processor supports virtualization, it is
necessary to activate an option in the bios to enable it. The method
described above does not show the status of it's activation.
* 17.1.1. Virtual Networking
* 17.1.2. Installation
* 17.1.3. virt-install
* 17.1.4. virt-clone
* 17.1.5. Virtual Machine Management
* 17.1.6. Virtual Machine Viewer
* 17.1.7. Resources
17.1.1. Virtual Networking
There are a few different ways to allow a virtual machine access to the external network. The default virtual network configuration is
usermode networking, which uses the SLIRP protocol and traffic is NATed through the host interface to the outside network.
To enable external hosts to directly access services on virtual machines a bridge needs to be configured. This allows
the virtual interfaces to connect to the outside network through the physical interface, making them appear as normal hosts to the rest
of the network. For information on setting up a bridge see Section 4.1.4 ― Bridging.
17.1.2. Installation
To install the necessary packages, from a terminal prompt enter:
sudo apt-get install kvm libvirt-bin
After installing libvirt-bin, the user used to manage virtual machines will need to be added to
the libvirtd group. Doing so will grant the user access to the advanced networking options.
In a terminal enter:
sudo adduser $USER libvirtd
If the user chosen is the current user, you will need to log out and back in for the new group membership to take effect.
You are now ready to install a Guest operating system. Installing a virtual machine follows the same
process as installing the operating system directly on the hardware. You either need a way to automate the installation, or
a keyboard and monitor will need to be attached to the physical machine.
In the case of virtual machines a Graphical User Interface (GUI) is analogous to using a physical keyboard and mouse. Instead of installing
a GUI the virt-viewer application can be used to connect to a virtual machine's console using VNC.
See Section 17.1.6 ― Virtual Machine Viewer for more information.
There are several ways to automate the Ubuntu installation process, for example using
preseeds, kickstart, etc. Refer to the Ubuntu Installation Guide for details.
Yet another way to install an Ubuntu virtual machine is to use ubuntu-vm-builder. ubuntu-vm-builder
allows you to setup advanced partitions, execute custom post-install scripts, etc. For details see Section 17.2 ― JeOS and vmbuilder
17.1.3. virt-install
virt-install is part of the python-virtinst package. To install it, from a terminal prompt enter:
sudo apt-get install python-virtinst
There are several options available when using virt-install. For example:
sudo virt-install -n web_devel -r 256 -f web_devel.img \
-s 4 -c jeos.iso –accelerate \
–connect=qemu:///system –vnc \
–noautoconsole -v
*
-n web_devel: the name of the new virtual machine will be web_devel in this example.
*
-r 256: specifies the amount of memory the virtual machine will use.
*
-f web_devel.img: indicates the path to the virtual disk which can be a file, partition, or logical volume.
In this example a file named web_devel.img.
*
-s 4: the size of the virtual disk.
*
-c jeos.iso: file to be used as a virtual CDROM. The file can be either an ISO file or the path to the
host's CDROM device.
*
–accelerate: enables the kernel's acceleration technologies.
*
–vnc: exports the guest's virtual console using VNC.
*
–noautoconsole: will not automatically connect to the virtual machine's console.
*
-v: creates a fully virtualized guest.
After launching virt-install you can connect to the virtual machine's console either locally
using a GUI or with the virt-viewer utility.
17.1.4. virt-clone
The virt-clone application can be used to copy one virtual machine to another. For example:
sudo virt-clone -o web_devel -n database_devel -f /path/to/database_devel.img –connect=qemu:///system
*
-o: original virtual machine.
*
-n: name of the new virtual machine.
*
-f: path to the file, logical volume, or partition to be used by the new virtual machine.
*
–connect: specifies which hypervisor to connect to.
Also, use -d or –debug option to help troubleshoot problems with
virt-clone.
Replace web_devel and database_devel with appropriate virtual machine names.
17.1.5. Virtual Machine Management
* 17.1.5.1. virsh
* 17.1.5.2. Virtual Machine Manager
17.1.5.1. virsh
There are several utilities available to manage virtual machines and libvirt.
The virsh utility can be used from the command line. Some examples:
*
To list running virtual machines:
virsh -c qemu:///system list
*
To start a virtual machine:
virsh -c qemu:///system start web_devel
*
Similarly, to start a virtual machine at boot:
virsh -c qemu:///system autostart web_devel
*
Reboot a virtual machine with:
virsh -c qemu:///system reboot web_devel
*
The state of virtual machines can be saved to a file in order to be restored later. The
following will save the virtual machine state into a file named according to the date:
virsh -c qemu:///system save web_devel web_devel-022708.state
Once saved the virtual machine will no longer be running.
*
A saved virtual machine can be restored using:
virsh -c qemu:///system restore web_devel-022708.state
*
To shutdown a virtual machine do:
virsh -c qemu:///system shutdown web_devel
*
A CDROM device can be mounted in a virtual machine by entering:
virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom
In the above examples replace web_devel with the appropriate virtual machine name, and
web_devel-022708.state with a descriptive file name.
17.1.5.2. Virtual Machine Manager
The virt-manager package contains a graphical utility to manage local and remote virtual machines.
To install virt-manager enter:
sudo apt-get install virt-manager
Since virt-manager requires a Graphical User Interface (GUI) environment it is recommended to be
installed on a workstation or test machine instead of a production server. To connect to the local
libvirt service enter:
virt-manager -c qemu:///system
You can connect to the libvirt service running on another host by entering the following in a terminal prompt:
virt-manager -c qemu+ssh://virtnode1.mydomain.com/system
The above example assumes that SSH connectivity between the management system and virtnode1.mydomain.com
has already been configured, and uses SSH keys for authentication. SSH keys are needed because
libvirt sends the password prompt to another process. For details on configuring
SSH see Section 5.1 ― OpenSSH Server
17.1.6. Virtual Machine Viewer
The virt-viewer application allows you to connect to a virtual machine's console.
virt-viewer does require a Graphical User Interface (GUI) to interface with the virtual machine.
To install virt-viewer from a terminal enter:
sudo apt-get install virt-viewer
Once a virtual machine is installed and running you can connect to the virtual machine's console by using:
virt-viewer -c qemu:///system web_devel
Similar to virt-manager, virt-viewer can connect to a remote host using
SSH with key authentication, as well:
virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel
Be sure to replace web_devel with the appropriate virtual machine name.
If configured to use a bridged network interface you can also setup SSH access
to the virtual machine. See Section 5.1 ― OpenSSH Server and Section 4.1.4 ― Bridging for more details.
17.1.7. Resources
*
See the KVM home page for more details.
*
For more information on libvirt see the libvirt home page
*
The Virtual Machine Manager site has more information on
virt-manager development.
*
Also, stop by the #ubuntu-virt IRC channel on freenode to
discuss virtualization technology in Ubuntu.
libvirt JeOS and vmbuilder
Author: dq
Update Linux box
Q. I have latest version of Ubuntu Linux. How do I update Ubuntu Linux for security and application fix or upgrades?
A. Ubuntu Linux can be upgraded using GUI tools or using traditional command line tools.
Using apt-get command line tool
apt-get is the command-line tool for handling packages. You can use following command options:
=> apt-get update : Update is used to resynchronize the package index files from their sources via Internet.
=> apt-get upgrade : Upgrade is used to install the newest versions of all packages currently installed on the system
=> apt-get safe-upgrade : Safe-Upgrade is used to install the newest versions of all packages currently installed on the system that have been proven safe by the community
=> apt-get install package-name : install is followed by one or more packages desired for installation. If package is already installed it will try to update to latest version.a) Open terminal and type following two commands (Application > Accessories > Terminal):
b) Get update software list, enter:
$ sudo apt-get update
c) Update software(s) i.e. apply updates:
$ sudo apt-get upgrade
d) Please note that above two command will fetch files from Internet. The location of update pages is specified in /etc/apt/sources.list (repositories). You need NOT to make any changes to this file until and unless you need extra repositories for your setup.
e) To upgrade individual software called foo type command:
$ sudo apt-get install foo
HOWTO: Set up VNC server with resumable sessions
1) Logon to your Ubuntu, select "System->Administration->Login Windows" from Menu
2) Select "Remote" tab and "Same as Local" for style.
3) Click on the "Configure XDMCP…" button at the bottom right.
4) Uncheck "Honour indirect requests"
5) Close the Login Windows Administration windows.
6) Fire up your terminal and issue "sudo vi /etc/X11/gdm/gdm.conf" or use any editor you prefer.
7) check that in the section [xdmcp] has Enable=true:
[xdmcp]
# Distributions: Ship with this off. It is never a safe thing to leave out on
# the net. Setting up /etc/hosts.allow and /etc/hosts.deny to only allow local
# access is another alternative but not the safest. Firewalling port 177 is
# the safest if you wish to have xdmcp on. Read the manual for more notes on
# the security of XDMCP.
Enable=true
8) Check that RemoteGreeter is commented:
#RemoteGreeter=/usr/lib/gdm/gdmlogin
9) Install the vnc4server and xinetd packages using "sudo apt-get install vnc4server xinetd"
10) Create the password for your VNC login using "sudo vncpasswd /root/.vncpasswd"
11) Edit /etc/xinetd.d/Xvnc file (this should be created as a new file if you haven't previously do anything) using the commend "sudo vi /etc/xinetd.d/Xvnc" and ad in as:
service Xvnc
{
type = UNLISTED
disable = no
socket_type = stream
protocol = tcp
wait = yes
user = root
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -geometry 1024×768 -depth 16 -once -fp /usr/share/fonts/X11/misc -DisconnectClients=0 passwordFile=/root/.vncpasswd -extension XFIXES
port = 5900
}
P/S: You may want to change the resolution (1024×768) and color depth (-depth 16) according to your need.
12) Now is a good time to reboot your machine "sudo init 6"
13) When the Ubuntu machine is up and running, go to you Windows and use your favorite VNC client, and connect to your Ubuntu. You should be able to connect without problem.
14) Final word: As you might notice that in (7), enabling XDMCP is not something safe, you may want to configure your firewall to protect the machine properly.
=====================================================================
Going headless
Ubuntu does support VNC out of the box, but you need to have an active X-Windows (Gnome, KDE, etc…) session already running before you fire up the VNC server.
But this was going to be a headless box! So short of hauling a monitor and keyboard to the basement every time I needed to bounce the box, which is rare, I had no way to get an X session started.
VNC Server, to the rescue!
To enable full GUI remote login you need a VNC server instance running on the box, and you need to launch an x session – I’m a Gnome guy myself, so we’ll go that route.
- SSH into the box and install TightVNCServer
sudo apt-get install tightvncserver
- Set Gnome to start when your VNC session starts
vi ~/.vnc/xstartup-
#!/bin/shxrdb $HOME/.Xresourcesxsetroot -solid blackgnome-session &
- Start the VNC Server
vncserver –geometry widthxheight –depth 24- You will probably be prompted to enter a password that you'll use later to connect to this VNC session… so enter one!
- Start your VNC client on the remote machine, enter the password from step 3, and enjoy!
One side note. After logging into my VNC session I noticed that my keyboard mappings were all jacked-up. For example, typing asdf would result in abfh. After some searching, this appears to be an issue w/Gnome, but luckily I also found a workaround.
======================================================================
Warning!
This howto is old, unsupported, and relies on a broken package. This should be used as reference only.
So here's the complete list of steps that are required to set the VNC server that any user can login into and start a session. It is also persistent, meanning that even if you disconnect the VNC client your X session will not end (unless you explicitly log out) and you can reconnect to the same session again. The VNC server uses a separate display (:1) than your regular X server, which works with your physical display (:0). So two sessions can be active at the same time (one person sitting at the physical display and another remotely connecting using VNC).
1. Enable XDMCP
System->Administration->Login Screen Setup
Tab Security->Enable XDMCP
Tab XDMCP–> You can disable "Honor Indirect Requests"
Note: Before doing the next step, you need to make sure the extra repositories (e.g. universe) are enabled:
http://easylinux.info/wiki/Ubuntu#Ho…a_repositories
2. Install required packages (vncserver and xinetd)
This howto is old, unsupported, and relies on a broken package. This should be used as reference only.
So here's the complete list of steps that are required to set the VNC server that any user can login into and start a session. It is also persistent, meanning that even if you disconnect the VNC client your X session will not end (unless you explicitly log out) and you can reconnect to the same session again. The VNC server uses a separate display (:1) than your regular X server, which works with your physical display (:0). So two sessions can be active at the same time (one person sitting at the physical display and another remotely connecting using VNC).
1. Enable XDMCP
System->Administration->Login Screen Setup
Tab Security->Enable XDMCP
Tab XDMCP–> You can disable "Honor Indirect Requests"
Note: Before doing the next step, you need to make sure the extra repositories (e.g. universe) are enabled:
http://easylinux.info/wiki/Ubuntu#Ho…a_repositories
2. Install required packages (vncserver and xinetd)
Code:
sudo apt-get install vnc4server xinetd
Note to AMD64 users: The current version of vnc4server in the repositories has a bug, so you need to download and install the fixed vnc4 packages as shown below:
Code:
wget http://qt1.iq.usp.br/download/vnc4server_4.0-7.3_amd64.debwget http://qt1.iq.usp.br/download/xvnc4viewer_4.0-7.3_amd64.debsudo dpkg -i vnc4server_4.0-7.3_amd64.debsudo dpkg -i xvnc4viewer_4.0-7.3_amd64.deb
3. Set the VNC passwd
Code:
sudo vncpasswd /root/.vncpasswd
4. Add vnc service to xinetd:
Code:
sudo gedit /etc/xinetd.d/Xvnc
Enter this into the new file:
Code:
service Xvnc{ type = UNLISTED disable = no socket_type = stream protocol = tcp wait = yes user = root server = /usr/bin/Xvnc server_args = -inetd :1 -query localhost -geometry 1024x768 -depth 16 -once -fp /usr/share/X11/fonts/misc -DisconnectClients=0 -NeverShared passwordFile=/root/.vncpasswd port = 5901}
5. Restart xinetd (usually there is no need to reboot, but occasionally it might be required)
Code:
sudo /etc/init.d/xinetd stopsudo killall Xvncsudo /etc/init.d/xinetd start
6. That's it! To test that this is working first try to connect from the same machine (the machine we just set up the VNC server on):
Code:
vncviewer localhost:1
You should be prompted for the VNC password, and then see the GDM login screen where you can login and start a new X session. If that works, you can now go ahead and try to connect from remote machine using your favorite VNC client (remember to first close the local vncviewer we started above). Remember to use the VNC server machine's domain name or IP address, followed by :1 (e.g. 192.168.0.100:1). If connecting locally as shown above works, but connecting remotely fails, then this means you have a problem with a firewall which is blocking some ports. See the notes below about how to deal with that.
Note about ports: The VNC server set up as shown uses TCP port 5901. If you are using firewall software (e.g. firestarter) on that machine, you need to allow incoming connections on this port. If you are using a router which assigns your machine a private address (e.g. 192.168.0.100) which is not accessible from the internet, then you need to forward TCP port 5901 from the router to this machine.
Note about security: This setup allows any user to start an X-session remotely by logging in using his regular password (after starting the VNC connection using the VNC password), so if the user disconnects without logging out, any other user which knows the VNC password can connect afterwards and resume the same session that the first user started. So if you do not want to log out before disconnecting, it's advisable to at least lock your VNC X-session screen. Also note that while a remote user is connected thru VNC, no other connection will be accepted. An idle VNC client will be disconnected after one hour, but this can be changed by using the "-IdleTimeout" option in the server_args line in /etc/xinetd.d/Xvnc. For example, you can add "-IdleTimeout 300" to change it to 5 minutes.
Note about ports: The VNC server set up as shown uses TCP port 5901. If you are using firewall software (e.g. firestarter) on that machine, you need to allow incoming connections on this port. If you are using a router which assigns your machine a private address (e.g. 192.168.0.100) which is not accessible from the internet, then you need to forward TCP port 5901 from the router to this machine.
Note about security: This setup allows any user to start an X-session remotely by logging in using his regular password (after starting the VNC connection using the VNC password), so if the user disconnects without logging out, any other user which knows the VNC password can connect afterwards and resume the same session that the first user started. So if you do not want to log out before disconnecting, it's advisable to at least lock your VNC X-session screen. Also note that while a remote user is connected thru VNC, no other connection will be accepted. An idle VNC client will be disconnected after one hour, but this can be changed by using the "-IdleTimeout" option in the server_args line in /etc/xinetd.d/Xvnc. For example, you can add "-IdleTimeout 300" to change it to 5 minutes.
Ubuntu VM Server Setup
Step by step documentation….
Linux vs DOS Command Comparison
Good help here: http://www.comptechdoc.org/os/linux/usersguide/
The below tables are an attempt to compare typical DOS and Linux command line interface commands. As a point of interest, the data for this page is held in a Google Documents spreadsheet, and as being referenced Loghound PlusKit "GTable" command in RapidWeaver.
Entering Commands
| action | linux | dos | comments |
|---|---|---|---|
| Get command help. | man <some command> | help, command /? | man system is well-developed and most apps have a man file. |
| Find related commands. | apropos <some search string> | No DOS equivalent. | |
| Flip through entered commands. | Arrows ^ and v | Arrows ^ and v | |
| Show command history. | history | doskey /h | |
| Set a command alias. | alias name=command | doskey name=command | Use ~/.bashrc to set permanently in *nix. |
| Clear the screen. | clear, ctrl-l | cls | |
| Trap ctrl-break or trap signals. | trap | break on |
Starting and Quitting
| action | linux | dos | comments |
|---|---|---|---|
| Start Windows or X-Windows. | startx | win | |
| Reboot system. | shutdown -r now | reboot | |
| Exit the shell. | exit, exit 0 | exit, exit0 | |
| Get operating system or shell version. | uname -a, cat /etc/issue | ver |
Working with Disks
| action | linux | dos | comments |
|---|---|---|---|
| Check and repair drive file system. | fsck, debugfs | scandisk, defrag | |
| Show disk usage. | du -s | chdisk | |
| Tool to partition a hard drive. | fdisk | fdisk | |
| Mount a drive letter to a folder/directory on your hard drive. | mount | subst X: C:\directory\path | |
| Format a drive file system. | mke2fs | format |
Setting the Environment
| action | linux | dos | comments |
|---|---|---|---|
| List environment variables. | set, env | set | |
| Set an environment variable. | export variable=value, setenv, or variable=value | set variable=value | |
| Show the contents of an environment variable. | echo $variable | echo %variable% | |
| Display text on screen. | echo text | echo text | |
| Display the system search path. | echo $PATH | PATH | |
| Append a directory to the system search path. | PATH=$PATH:/dir | PATH %PATH%;C:\DIR | Setting the path allows you to run commands without thinking about where their executable file is. |
| Set the style of the command prompt. | export PS1='\h(\u)\W> ' | PROMPT $p$g | Much more complexity is possible in both flavors of OS, here. |
Getting System Info
| action | linux | dos | comments |
|---|---|---|---|
| Show and set the system date and time. | date | date, time | |
| Show free memory on system. | free, top | mem | |
| List information about running processes. | ps -aux | tasklist | |
| Print computer's name. | hostname | hostname, net name | hostname is DNS-related, whereas the Windows net name command shows netbios info. |
| Show system info. | lsdev, procinfo | msd | Lsdev and procinfo do not work on Linux VPSs sometimes due to the way disks are provisioned. |
Working with Files and Directories
| action | linux | dos | comments |
|---|---|---|---|
| Change directory. | cd | cd | |
| Store directories for reference. | cd -, pushd /path/to/target, popd | pushd, popd | Pushd and popd are available for newer Windows versions. |
| List directory contents with some detail. | ls -l (or use ls -lF)(-a all files) | dir | The "bare" directory list commands are inherently different in display characteristics. |
| List directory contents in compact mode. | ls | dir /w | |
| List directory contents, oldest files first. | ls -tr | dir *.* /o-d | |
| List files and size. | ls -ls | dir *.* /v /os | Notice you are stringing together args in Linux after the dash, but that you have to put in additional slashes and args in DOS. |
| List size of directory contents. | du -h | sort -rn, du -hsc * –block-size=M | (treesize) | Du or diskusage is common, but the switches will be different so do a "man du" to find out more in your *nix. Treesize is an excellent GUI version of du for Windows. |
| List directory contents recursively. | ls -R | dir /s | |
| List including hidden files. | ls -a | dir /aa | |
| Create a semi-graphical "tree" view of folders and sub-folders. | tree | tree | Use tree with more to get page-by-page output, and space-bar through the pages. I.e.: $ tree | more |
| Make a new directory. | mkdir | mkdir, md | |
| Create a file or directory link. | ln | (assign, subst) | Neither assign nor subst are really much like ln. |
| Remove a directory. | rmdir | rmdir, rd | |
| Display current location. | pwd | chdir | |
| Remove a file. | rm -iv | del, erase, rmdir /s | |
| Remove directory and its contents. | rm -R | deltree | Deltree is Win 95. |
| Copy a file. | cp -piv | copy | Of course you can just cp a file in Linux, as well. |
| Copy a directory and all its subcontents. | cp -R | xcopy | |
| Rename or move a file. | mv -iv | rename, move | |
| Show the contents of a file. | cat | type | |
| Show the contents of a file, one page at a time. | more | more | |
| Sort data alphabetically or numerically. | sort | sort | |
| Find a string in a file. | grep | find, findstr | |
| Compare two files and show differences. Also see comm, cmp, mgdiff and tkdiff. | diff | comp, fc | |
| Set or change file permissions. | chmod | attrib | DOS has hidden switch; use mv to .somename to make a file hidden in *nix. |
| Print a file. | lpr | ||
| Line mode editor | ed | edlin | |
| Edit a text file. | [editor] filename – where editor can be nano, pico, vi, emacs etc. | edit filename.txt | In *nix, editors are a religion because the are used so heavily for systems administration tasks. Pico was the editor that came with the Pine mailer, and nano is a standalone pico variant. Many swear by simple vi or complex emacs, though. |
Backup and Restore
| action | linux | dos | comments |
|---|---|---|---|
| Backup or Restore files. | tar -cvf, tar -xvf, mdir, mcopy, ditto, cpio | backup, restore | |
| Backup files to a folder. | tar -cvf /path/to/storage files | backup files X:\ | |
| Restore files from a folder. | tar -xvf /path/to/storage files | restore X:\ files | |
| Compress or uncompress files and folders. | tar, zip, gzip, bzip | pkzip | Note, tar just concatenates files together for easy manipulation, and is often used before compression. |
Batch and Shell Scripting
| action | linux | dos | comments |
|---|---|---|---|
| Call another script from within a batch file or shell script. | source somescript, . somescript, sh somescript | call command /c (or cmd) somescript |
Scheduling
| action | linux | dos | comments |
|---|---|---|---|
| Schedule a command or script to run on a schedule. | crontab -l, crontab -e | at |
Network Commands
| action | linux | dos | comments |
|---|---|---|---|
| Send icmp packets to a network host. | ping | ping | |
| Show routes and router hops to given network destination. | traceroute | tracert | |
| Display or configure network interfaces. | ifconfig | ipconfig, winipcfg | You cannot configure the network from the command line in Windows, like you can with ifconfig in *nix. Use Control Panel. |
| Get netbios or dns info for the host. | nslookup, dig | nbtstat | NetBIOS is a Windows and DOS affair. |
| Print the current routing table. | route -n | route print | |
| List startup background services or daemons. | chkconfig –list |grep on | net start | |
| service some-service start|stop | net start|stop some-service | ||
| Show mounted or connected shares and filesystems. | df | net share, net use |
Communications
| action | linux | dos | comments |
|---|---|---|---|
| Send a messenger popup message to a Windows PC. | smbclient -M win-hostname | net send win-hostname "some message" | |
| Send message to another *nix user. | talk |
Working with Users
| action | linux | dos | comments |
|---|---|---|---|
| List who is logged in. | who | ||
| List how many users are currently logged in. | who | wc -l | ||
| Show the current user account. | whoami | set | There is a whoami command for Windows available in the Resource Kit. Or, you can use set to list the environment variables, of which the username is one. |
| Show who is logged in and what they are doing. | w | net session | |
| Show a list of a user's processes. | ps -u account_name | (Task Manager) |
Dual Boot Windows and Linux
How to use Windows Vista’s Boot Manager to boot Linux
The Web is full of explanations on how to dual boot Windows and Linux using a Linux boot manager like GRUB or LILO. If you want to dual boot Windows Vista and Linux using Windows Vista’s Boot Manager, please read on. I will assume that you already have installed Linux on your machine using GRUB as your boot loader.
Step 1 – Install GRUB on the Linux partition (outside of MBR)
As Windows Vista will replace the Master Boot Record (MBR) with its own, we need to relocate GRUB elsewhere by running grub-install with the Linux partition as a parameter.
• On Linux, launch a Terminal with root privileges
• Find the name of the partition Linux is installed on by running fdisk –l (the partition you’re looking for is the one whose system is Linux, can be something like /dev/sda1 or /dev/hda1. For the rest of this post, I’ll use /dev/sda1)
• Install GRUB on the Linux partition by running : grub-install /dev/sda1
Step 2 – Get a copy of Linux boot sector
We will need to instruct Windows Boot Manager how to boot correctly Linux using Linux boot sector, which we will extract using dd.
• On Linux, launch a Terminal with root privileges
• Take a copy of Linux boot sector : dd if=/dev/sda1 of=/tmp/linux.bin bs=512 count=1
• Copy linux.bin on a FAT formatted USB key or any storage accessible from Windows Vista
Step 3 – Install Windows Vista
Step 4 – Configure dual booting in Windows Vista
We will create an entry for GRUB in Windows Vista boot configuration data store using bcdedit.
• On Windows Vista, launch a command prompt with administrative privileges (by right clicking on cmd and choosing Run as Administrator)
• Copy Linux boot sector on the root of the Windows boot (active) partition, namely the one containing bootmgr. If you don’t know for sure you can use diskpart or diskmgmt.msc to find out which one it is.
• Create an entry for GRUB :
o bcdedit /create /d “GRUB” /application BOOTSECTOR
o Note: bcdedit will return an ID for this entry that we will call {LinuxID} below. You will need to replace {LinuxID} by the returned identifier in this step. An example of {LinuxID} is {81ed7925-47ee-11db-bd26-cbb4e160eb27}
• Specify which device hosts a copy of the Linux boot sector
o bcdedit /set {LinuxID} device boot
• Specify the path to a copy of the Linux boot sector
o bcdedit /set {LinuxID} PATH \linux.bin
• Add Linux entry to the displayed menu at boot time
o bcdedit /displayorder {LinuxID} /addlast
• Let the menu be displayed 10 seconds to allow for OS selection
o bcdedit /timeout 10
Building a dual boot system with Windows Vista BitLocker protection with TPM support
Many people have wondered if it would be possible to dual boot a TPM-bitlockered instance of Windows Vista with Linux, or another OS. The answer is yes and the following procedure will hopefully help you setup your machine correctly.
Some (simplified) background on Bitlocker:
Bitlocker Drive Encryption allows encryption of Windows Vista’s partition and provides a secure startup process when in use with a TPM (a crypto chip on the motherboard). Basically the BIOS, the TPM, the MBR and the boot sector will collaborate to help verify that there was no modification to the boot sequence since Bitlocker was activated. This is done by using a function of the TPM to compute and store a hash of the code before executing it, at each of the initial steps of the boot sequence. Different hashes will be computed and stored in specific registers of the TPM. Then Windows Vista will ask the TPM to unseal its volume encryption key and the TPM will only provide this key if its registers are correctly set. Therefore if you replace Windows Vista’s MBR by a MBR that is not TPM aware, it won’t hash the boot sector before executing it and a register in the TPM won’t be populated. Same with the boot sector. Therefore Bitlocker will simply refuse to be enabled.
The underlying idea here is to have Bitlocker enabled with the original Windows Vista boot files. Another possibility would be to use a TPM-aware version of GRUB. However this would imply using files in the boot sequence that were not tested by Microsoft, which I would not recommend. Moreover, using original Windows Vista files offers you the benefits of code that went through the Security Development Lifecycle, which I personally find very valuable.
Note: I assume that you have a Bitlocker compatible machine (including TPM 1.2, TCG BIOS). See http://www.microsoft.com/technet/windowsvista/library/c61f2a12-8ae6-4957-b031-97b4d762cf31.mspx#BKMK_require
Step 1 – Install Linux
Note: be sure to leave enough unpartitioned space for Windows Vista: about 11 GB of free unpartitioned space and slots for 2 partitions are needed
Step 2 – Install GRUB on the Linux partition (outside of MBR)
See other post “How to use Windows Vista’s Boot Manager to boot Linux”
Step 3 – Get a copy of Linux boot sector
See other post “How to use Windows Vista’s Boot Manager to boot Linux”
Step 4 – Create partitions for Windows Vista
We need to create 2 primary NTFS formatted partitions on the disk: one active, 1.5GB size minimum and another larger (all the rest for instance with a minimum of 8.5GB). The former will be used to boot the machine (active partition) and will remain unencrypted while the latter will host Windows Vista and will be encrypted when we activate Bitlocker.
You can use diskpart tool to do this (available from Repair options on the Windows Vista DVD). Here is what the instructions may look like :
· select disk 1
· create partition primary size=2048
· active
· create partition primary
Step 5 – Install Windows Vista
Install Windows Vista on the largest NTFS partition.
Step 6 – Set up Windows Vista Boot Manager to boot Linux
See other post “How to use Windows Vista’s Boot Manager to boot Linux”.
Step 7 – Enable BitLocker on Windows Vista
See BitLocker documentation, like http://www.microsoft.com/technet/windowsvista/library/c61f2a12-8ae6-4957-b031-97b4d762cf31.mspx#BKMK_S3