Category Archives: Fedora

HP xw4600: HOWTO enable hardware virtualization

Posted on by

How to enable Intel hardware virtualization on an HP xw4600:

* Boot into the hardware BIOS setup
* Got to Security -> System Security
* Enable both types of virtualization (VTx and VTd)
* Save settings, and power-cycle the machine.

I’m running Linux, Fedora 9, and using KVM, so I run the following:

modprobe kvm-intel

Loading that module will fail if hardware virtualization isn’t enabled.

Transferring a linux hard drive to a new machine

Posted on by

For over a year, I’ve endured a development machine that would lock up under heavy disk I/O. Yesterday, I apparently complained loudly enough that I was given a new machine to replace it. I didn’t want to reinstall Fedora 9, so I transferred my old hard drive to the new machine, as the primary drive. To get it to boot and function properly, here’s what I did:

* Booted with the Fedora 9 install CD into “rescue mode”
* Ran the following commands once I had a shell:

mount –bind /dev /mnt/sysimage/dev
mount –bind /sys /mnt/sysimage/sys
chroot /mnt/sysimage
mv /boot/initrd-2.6.25…i686.img /boot/initrd-2.6.25…i686.img.orig
mkinitrd /boot/initrd-2.6.25…i686.img 2.6.25…i686

* Then I ran ‘grub’, and typed the following:

root (hd0,0)
setup (hd0)
quit

* Ejected the install CD, and rebooted. Once booted, I noticed that my network cards weren’t set up quite right. My new network card was listed as “eth2″ in system-config-network, and I didn’t actually have cards for the listed “eth0″ and “eth1″ interfaces anymore. I didn’t know what file to change to get my new card listed as “eth0″, so I ran the following command to find out what files I might need to edit:

find /etc -type f -print0 | xargs -0 grep “eth[01]“

That command listed the following files, among others:

* /etc/udev/rules.d/70-persistent-net.rules
* /etc/vmware/locations

I edited /etc/udev/rules.d/70-persistent-net.rules and ripped out the assignments for my old NIC interfaces, and set the new one to be “eth0″, then rebooted and used `system-config-network` to set up my network.

When I ran my VMware guest, VMware Server gave me an error message about not being able to use bridged mode for the selected interface. With my old computer, VMware had used eth1 for bridged networking, and I didn’t have an “eth1″ interface anymore. I edited /etc/vmware/locations and changed “eth1″ to “eth0″, and restarted vmware. This time, bridged mode worked correctly.

xguest

Posted on by

I just discovered and installed the xguest package for Fedora 8 and 9. Here’s what it does:

Installing this package sets up the xguest user to be used as a temporary account to switch to or as a kiosk user account. The account is disabled unless SELinux is in enforcing mode. The user is only allowed to log in via gdm [or the fast-user-swiching applet]. The home and temporary directories of the user will be polyinstantiated and mounted on tmpfs.

Here’s how to install it:

yum install xguest

I hit a brick wall when I first tried it. I thought my machine was in SELinux Enforcing mode, when it wasn’t — it was in Permissive mode. I fixed it using system-config-selinux.

It’s possible to change what the xguest user can do using system-config-selinux. I’ve attached a screenshot showing what capabilities can be granted or revoked.

SELinux Administration for xguest user

Fedora 9 and the OpenJDK

Posted on by

Java development is getting easier under Linux because of Sun’s OpenJDK, which linux distributors like Fedora now include. No more need to go through the hassle of downloading it from Sun. Here’s how I installed it.

yum install java-1.6.0-openjdk-devel java-1.6.0-openjdk-javadoc java-1.6.0-openjdk-plugin

A downside is that the default fonts in some Java applications, like IntelliJ IDEA, look terrible. Fedora 9 includes the RedHat Liberation fonts, which stand in for Microsoft fonts. I went into IDEA’s configuration, and changed the default font from “Arial” to “Liberation Sans”. IDEA’s visual appearance is nearly, but not completely, fontastic compared to what it was before.

NoMachine NX, Fedora 9 and SELinux

Posted on by

I upgraded from Fedora 7 to Fedora 9 using preupgrade, and then I couldn’t connect to the NoMachine NX Server. It’s due to SELinux, again (I wrote about this earlier). The approach to solve it is still the same, although the policy is different:

Here’s what my audit.log messages looked like:

May 30 07:48:03 localhost kernel: type=1400 audit(1212155283.470:7): avc:  denied  { getattr } for  pid=876 \
comm="sshd" path="/usr/NX/home/nx/.ssh/authorized_keys2" dev=sda2 ino=70976 \
scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file \
May 30 08:22:35 localhost kernel: type=1400 audit(1212157355.873:9): avc:  denied  { read } for  pid=872 \
comm="sshd" name="authorized_keys2" dev=sda2 ino=70976 \
scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file

Here’s how I created and inserted the policy:

cd /etc/selinux
cat /var/log/audit/audit.log | audit2allow -M nx
semodule -i nx.pp

And here’s the nx.te file:

module nx 1.0;
require {
    type sshd_t; 
    type usr_t; 
    class file { read getattr }; 
} 
#============= sshd_t ==============
allow sshd_t usr_t:file { read getattr };

What programs are listening to the network?

Posted on by

Sometimes, I’d like to know what programs on my system are listening to the network, and to quote the Perl motto, “there’s more than one way to do it”. On Linux, there’s lsof -Pi and netstat -p. On Windows XP and Vista, there’s the built-in netstat -b[v] -a and a separate utility called tcpview. I’ve included example usages and outputs.

lsof (Linux)

sudo lsof -Pni

COMMAND     PID    USER   FD   TYPE DEVICE SIZE NODE NAME
python     1886    root    4u  IPv4   6621       TCP 127.0.0.1:2207 (LISTEN)
cupsd      1898    root    3u  IPv4   6663       TCP 127.0.0.1:631 (LISTEN)
cupsd      1898    root    4u  IPv6   6664       TCP [::1]:631 (LISTEN)
cupsd      1898    root    6u  IPv4   6667       UDP *:631
sshd       1912    root    3u  IPv4   6711       TCP *:22 (LISTEN)
httpd     20084  apache    4u  IPv6   7293       TCP *:80 (LISTEN)
httpd     20085  apache    4u  IPv6   7293       TCP *:80 (LISTEN)
httpd     20086  apache    4u  IPv6   7293       TCP *:80 (LISTEN)
httpd     20087  apache    4u  IPv6   7293       TCP *:80 (LISTEN)
httpd     20088  apache    4u  IPv6   7293       TCP *:80 (LISTEN)
httpd     20089  apache    4u  IPv6   7293       TCP *:80 (LISTEN)
httpd     20090  apache    4u  IPv6   7293       TCP *:80 (LISTEN)
httpd     20091  apache    4u  IPv6   7293       TCP *:80 (LISTEN)

netstat (Linux)

sudo netstat -lp --inet --numeric-hosts

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address    Foreign Address  State   PID/Program name
tcp        0      0 0.0.0.0:ssh      0.0.0.0:*        LISTEN  1912/sshd
tcp        0      0 127.0.0.1:ipp    0.0.0.0:*        LISTEN  1898/cupsd
tcp        0      0 127.0.0.1:2207   0.0.0.0:*        LISTEN  1886/python
udp        0      0 0.0.0.0:ipp      0.0.0.0:*                1898/cupsd

Where’s httpd? It should be there, and it is, when I exclude the --inet option:

Proto Recv-Q Send-Q Local Address    Foreign Address  State   PID/Program name
tcp        0      0 :::http          :::*             LISTEN  2038/httpd
tcp        0      0 ::1:ipp          :::*             LISTEN  1898/cupsd

TcpView (Windows)

Download and start TcpView. From the menu, choose File > Save. Here’s the output from the file.

Process           Protocol Local Address            Remote Address   State
svchost.exe:1064  TCP      jareds-xp:epmapi         jareds-xp:0      LISTENING
System:4          TCP      jareds-xp:microsoft-ds   jareds-xp:0      LISTENING
svchost.exe:976   TCP      jareds-xp:3389i          jareds-xp:0      LISTENING
nxssh.exe:2032    TCP      jareds-xp:11000          jareds-xp:0      LISTENING

netstat (Windows)

Note that this runs quite slowly on Windows.

netstat -bva

Active Connections

Proto  Local Address          Foreign Address        State           PID
TCP    jareds-xp:epmap  jareds-xp.mydomain.com:0  LISTENING       1064
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]

TCP    jareds-xp:microsoft-ds  jareds-xp.mydomain.com:0  LISTENING       4
-- unknown component(s) --
[System]

TCP    jareds-xp:3389  jareds-xp.mydomain.com:0  LISTENING 976
-- unknown component(s) --
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]

TCP    jareds-xp:11000  jareds-xp.mydomain.com:0  LISTENING       2032
[nxssh.exe]

TCP    jareds-xp:3389  jareds-xp.mydomain.com:0  LISTENING 976
-- unknown component(s) --
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]

Read Office 2007 documents on Linux

Posted on by

I’ve had a few occasions where I’ve needed to read Microsoft Office 2007 documents, even though I don’t have Office 2007. There are several approaches.

Office 2007 stores it’s files and a zip archive, with xml files inside. This means that they’re somewhat human readable. I’ve used unzip to extract the file, and poked around until I found the xml file that represented the document (word/document.xml for docx). This works fairly well for Word and Power Point documents, but I’m not so sure that it would be good for Excel files.

Novell has provided a converter that converts Office 2007 documents to Open Office documents, and allows Office 2007 to save in Open Office format. The command line converter appears to work well, in my limited experience. Thanks to this blog post, here’s how I installed it on a Fedora/RedHat system:

  • mkdir converter
  • cd converter
  • wget http://download.go-oo.org/red-carpet/ooo-680/sled-10-sp-i586/odf-converter-1.1-7.i586.rpm
  • rpm2cpio odf-converter*rpm | cpio -ivd
  • sudo cp usr/lib/ooo-2.0/program/OdfConverter /usr/local/bin
  • cd ..
  • rm -rf converter

Run it as follows:

  • OdfConverter /i example.docx

Windows users with MS Word 2000, 2002 or 2003 can install the Microsoft Office Compatibility Pack. For those without MS Word, there’s the read-only word viewer

Mac OS X Tiger office applications reportedly open Office 2007 documents.

Mac, Linux and FreeBSD users can use an online document conversion service such as http://www.docx2doc.com/ and http://docx-converter.com/ — with the caveat it may be unwise to submit confidential or proprietary documents to a third party.

Palm TX: There’s more than one way to install an application

Posted on by

When I got my Palm TX, I didn’t realize that the Palm Desktop software wasn’t completely compatible with Windows Vista. For example, I can’t install new palm apps via hot syncing. Here are some alternative install paths:

  1. Attach the pdb files to an email, and send it to myself. Use VersaMail to retrieve the message, and install the pdb attachments.
  2. Use the web browser to download and install a pdb file.
  3. Have someone beam it using the IR interface.
  4. Have someone send it using bluetooth.
  5. Install from an SD card. I haven’t verified that this works.

While I’m at it, it seems like configuring Linux to hotsync with Palm devices can be a pain. As an alternative, I think I’ll get an SD card and use nvbackup to backup to SD, and then copy the backup from SD to my Linux box and use it with JPilot.

There’s more than one way to do things, especially for a Palm equipped with built-in WiFi, bluetooth and an SD expansion card.