Installing Linux Software

Introduction
You'll frequently need to install additional software on your Linux server that you didn't think you'd need when you first installed the operating system. This could be because of new business requirements for additional packages or the need to install new administrative tools to make your job easier.
When Linux developers create their software they typically bundle all the executable and data files into a single file that is often called a "package" file. Package files have different formats and contain different control files that determine where the rest of the files should be placed, the permissions they should have and a list of prerequisite packages that are required for the package to function correctly. Some of this information may also be stored in a database on your system by the package management software used to install the software and is used to speed up some of the administrative functions of the package manager.
Redhat, Centos and Fedora Linux software is primarily available in RedHat Package Manager (RPM) files. Regular RPM package files are used for installations in which the kernel, or master program, hasn't been customized in any way. This is the usual scenario for most departmental servers. Source RPMs are used when the kernel has been customized to add or drop support selectively for various devices or features for the sake of performance or functionality. The procedure for installing source RPMs involves recompiling source code to fit the needs of these kernel customizations. This makes life easier for the software developer who wrote the package as he or she now has only to create a single package to support all types of customizations. Both package types use standardized commands for installing the software contained inside making RPMs relatively easy to use.
Debian and Ubuntu versions of Linux use the Debian Package format in which the filenames all end with ".deb". It is for this reason that they are frequently called DEB files.
Software developers who want to use a universally recognizable file format across all flavors of Linux also will make their products available as TAR packages. TAR packages are generally more difficult to work with than RPM packages because the archived files within them may or may not need to be compiled and the commands to install the software may vary from package to package. Instructions are usually contained within a file inside the TAR package to help guide the installation.
The Perl programming language is often used by Linux software developers to create their programs. Perl relies on the presence of certain libraries, or "modules", to work correctly and many Linux distributions install Perl with only the most commonly used ones. There will be times when you will be required to install additional prerequisite Perl modules prior to the installation of your packages. Knowledge of how to install Perl modules is a valuable component of a Linux systems administrators' skill set.
This chapter focuses on the RPM and DEB formats, which are used by a majority of installed distributions. There are smaller sections on TAR packages and Perl modules near the end to cover these less frequently used, but important software installation tools.
Where to Get Commonly Used Packages
There are three commonly used sources for packages; distribution CDs; packages manually downloaded via a browser, File Transfer Protocol (FTP) client, or the wget utility; and automated downloads. Each of these methods is introduced here, but is covered in greater detail in sections to follow.
Packages on Your Installation CDs
Installing from your distribution CDs is usually easier than having to download files from a remote Web site, but they are never up to date for very long. We discuss using this method in more detail later.
Manually Downloaded Packages
The two most common ways of getting packages are by manually using FTP or a Web browser. Table 6-1 lists some common download sites that can be used. Remember to match the RPM to the distribution and version of Linux your system is running.
Table 6-1 Popular Package Download Sites
Distribution Location
Redhat http://www.redhat.com/
http://www.rpmfind.net/

Fedora ftp://download.fedora.redhat.com/pub/fedora/linux/core/
http://download.fedora.redhat.com/pub/fedora/linux/core/ http://www.rpmfind.net/

Debian http://packages.debian.org/

Ubuntu http://packages.ubuntu.com/

Note: With Fedora you can also download packages from the download.fedora.redhat.com site. Start your search in the /pub/fedora/linux/core/ directory and move down the directory tree. If you're new to FTP, don't worry, it's explained later.
Automated Package Download
The disadvantage of manual downloads is that the packages often won't install unless certain prerequisite packages have been installed beforehand. This can lead to the download and installation of several packages which can become tedious.
All the major Linux distributions have automated download and update utilities. For example, Fedora uses yum and Ubuntu and Debian use apt. These are all covered in greater detail in sections to follow.
How to Download Software
One of the most universally performed tasks by Linux systems administrators is the downloading of software. It is usually very simple to do and the most commonly used methods are covered in this section.
Getting Software Using Web-Based FTP
There are numerous Web sites that provide links to software you can download. The methodology to get the software is usually the same for all:
• Browse the desired Web site until you find the link to the software package you need.
• Click on the link for the desired software package.
• Save the file to your hard drive
Some web browsers, such as Firefox, will automatically download the file to your desktop, but where is the desktop? In Linux, your desktop is usually a sub-directory named Desktop located in your home or ~ directory. Here we see that the root user's desktop already contains a downloaded RPM file.
[root@bigboy tmp]# cd ~/Desktop/
[root@bigboy Desktop]# ls
ElectricFence-2.2.2-20.2.i386.rpm
[root@bigboy Desktop]# pwd
/root/Desktop
[root@bigboy Desktop]#
Getting RPMs Using Command-Line Anonymous FTP
The Web based method above transparently uses anonymous File Transfer Protocol (FTP). Anonymous FTP allows you to log in and download files from a FTP server using the username anonymous or the shorter username ftp and a password that matches your e-mail address. This way anyone can access the data. Let's illustrate this with an example of using anonymous FTP to download the SSH package from download.fedora.redhat.com:
1) First we issue the FTP command targeting download.fedora.redhat.com at the command line.
[root@bigboy tmp]# ftp download.fedora.redhat.com
Trying 66.187.232.35...
Connected to download.fedora.redhat.com (66.187.232.35).
220 Fedora FTP server ready. All transfers are logged.
Name (download.fedora.redhat.com:root): anonymous
331 Please specify the password.
Password:
230 Login successful. Have fun.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> ls
227 Entering Passive Mode (66,187,232,35,57,155)
150 Here comes the directory listing.
drwxr-xr-x 3 ftp ftp 4096 Oct 29 15:59 pub
226 Directory send OK.
ftp>
2) After we've logged in, we can use the help command to see what options we have at our disposal.
ftp> help
Commands may be abbreviated. Commands are:

! cr mdir proxy send
$ delete mget sendport site
account debug mkdir put size
append dir mls pwd status
ascii disconnect mode quit struct
bell form modtime quote system
binary get mput recv sunique
bye glob newer reget tenex
case hash nmap rstatus trace
ccc help nlist rhelp type
cd idle ntrans rename user
cdup image open reset umask
chmod lcd passive restart verbose
clear ls private rmdir ?
close macdef prompt runique
cprotect mdelete protect safe
ftp>

The commands you'll most likely use are listed in Table 6-2:
Table 6-2 FTP Commands
Command Description
binary Copy files in binary mode
cd Change directory on the FTP server
dir List the names of the files in the current remote directory
exit Bye bye
get Get a file from the FTP server
lcd Change the directory on the local machine
ls Same as dir
mget Same as get, but you can use wildcards like "*"
mput Same as put, but you can use wildcards like "*"
passive Make the file transfer passive mode
put Put a file from the local machine onto the FTP server
pwd Give the directory name on the local machine
3) By using the Web browsing feature on the Web site ahead of time, I know that the Fedora Core 2 RPMs are located in the pub/fedora/linux/core/2/i386/os/Fedora/RPMS/ directory and will use the cd command to change my directory to there. We can use the ls command to get a listing of files in this directory.
ftp> cd pub/fedora/linux/core/2/i386/os/Fedora/RPMS/
250 Directory successfully changed.
ftp> ls open*
227 Entering Passive Mode (66,187,232,35,58,3)
150 Here comes the directory listing.
...
...
-rw-r--r-- ... ... 184281 Oct 28 23:29 openssh-3.6.1p2-34.i386.rpm
...
...
226 Directory send OK.
ftp>
4) Next we get the file we need and place it in the local directory /usr/rpm. The hash command will print "#" hash signs on the screen during the download.
ftp> hash
Hash mark printing on (1024 bytes/hash mark).
ftp> lcd /usr/rpm
Local directory now /usr/rpm
ftp> get openssh-3.6.1p2-34.i386.rpm
local: openssh-3.6.1p2-34.i386.rpm remote: openssh-3.6.1p2-34.i386.rpm
227 Entering Passive Mode (66,187,232,35,58,25)
150 Opening BINARY mode data connection for openssh-3.6.1p2-34.i386.rpm (184281 bytes).
###################################################################################################################################################################################
226 File send OK.
184281 bytes received in 3.41 secs (53 Kbytes/sec)
ftp>
Note: You can also use wildcards to download the RPMs you need using the mget command. You'll be prompted for each of the matching RPM files. In the next example, we just aborted this download by typing n.
ftp> mget openssh-3.6*
mget openssh-3.6.1p2-34.i386.rpm? n
ftp>
5) Finally we use the exit command to leave FTP.
ftp> exit
221 Goodbye.
root@bigboy tmp]#
Getting Software Using wget
The wget command can be used to download files quickly when you already know the URL at which the RPM is located. This is especially convenient if you are logged into your Linux box from another machine running a Web browser. You can browse the download site for the RPM you need, right click on the desired link and select copy shortcut (Windows) or Copy Link Location (Linux). After you have done this, you can then select your SSH/telnet/Linux Terminal login window and type in the command wget URL. Here is an example downloading a DHCP update from Fedora.
[root@bigboy tmp]# wget http://linux.stanford.edu/pub/mirrors/fedora/linux/core/2/i386/os/Fedora/RPMS/dhcp-3.0pl2-6.16.i386.rpm
--17:38:36-- ftp://linux.stanford.edu/pub/mirrors/fedora/linux/core/2/i386/os/Fedora/RPMS/dhcp-3.0pl2-6.16.i386.rpm
=> `dhcp-3.0pl2-6.16.i386.rpm.5'
Resolving linux.stanford.edu... done.
Connecting to linux.stanford.edu[171.66.2.18]:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD /pub/mirrors/fedora/linux/core/2/i386/os/Fedora/RPMS ... done.
==> PASV ... done. ==> RETR dhcp-3.0pl2-6.16.i386.rpm ... done.
Length: 529,890 (unauthoritative)

100%[===============================>] 529,890 889.12K/s ETA 00:00

17:38:36 (889.12 KB/s) - `dhcp-3.0pl2-6.16.i386.rpm.5' saved [529890]

[root@bigboy tmp]#
Installing Software From RPM Files
The Fedora, Redhat and Centos versions of Linux rely heavily upon the use of software packages in the RPM format. This section covers some of the most important topics required for you to master their use.
How To Install RPMs Manually
There are generally two ways to install RPM files manually. The first method is by using a file previously downloaded to your hard drive, and the other is to install the RPM from some sort of removable media such as a CD-ROM drive.
Using Downloaded Files
Download the RPMs (which usually have a file extension ending with .rpm) into a temporary directory, such as /tmp. The next step is to issue the rpm -Uvh command to install the package.
The -U qualifier is used for updating an RPM to the latest version, the -h qualifier gives a list of hash # characters during the installation and the -v qualifier prints verbose status messages while the command is run. Here is an example of a typical RPM installation command to install the MySQL server package:
[root@bigboy tmp]# rpm -Uvh mysql-server-3.23.58-9.i386.rpm
Preparing... ####################### [100%]
1:mysql-server ####################### [100%]
[root@bigboy tmp]#


Using CD-ROMs
The underlying steps to install RPMs from CDs are similar to those used when installing from your hard disk. The main difference is that you have to access your CD-ROM drive by mounting it first to the mnt/cdrom directory. Your RPMs will then be located in the CD-ROM's Fedora/RPMs subdirectory. The procedure is as follows:
1) Insert the CD-ROM, check the files in the /mnt/cdrom/Fedora/RPMS directory and then install the RPM.
[root@bigboy tmp]# mount /mnt/cdrom
[root@bigboy tmp]# cd /mnt/cdrom/Fedora/RPMS
[root@bigboy RPMS]# ls filename*
filename.rpm
[root@bigboy RPMS]# rpm -Uvh filename.rpm
Preparing... ####################### [100%]
1: filename ####################### [100%]
[root@bigboy RPMS]#
2) When finished, eject the CD-ROM
[root@bigboy RPMS]# cd /tmp
[root@bigboy tmp]# eject cdrom
[root@bigboy tmp]#
Note: You can use the rpm command's --aid switch to make it search the CD-ROM for any other RPM dependencies and install them automatically.
How to Install Source RPMs
Sometimes the packages you want to install need to be compiled in order to match your kernel version. This requires you to use source RPM files:
• Download the source RPMs or locate them on your CD collection. They usually have a file extension ending with (.src.rpm)
• Run the following commands as root:
Compiling and installing source RPMs with Fedora can be done simply with the rpmbuild command
[root@bigboy tmp]# rpmbuild --rebuild filename.src.rpm
Here is an example in which we install the tacacs plus package.
[root@bigboy rpm]# rpmbuild --rebuild tac_plus-4.0.3-2.src.rpm
Installing tac_plus-4.0.3-2.src.rpm
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.61594
+ umask 022
+ cd /usr/src/redhat/BUILD
+ cd /usr/src/redhat/BUILD
+ rm -rf tac_plus-4.0.3
+ /usr/bin/gzip -dc /usr/src/redhat/SOURCES/tac_plus-4.0.3.tgz
+ tar -xvvf -
...
...
...
+ umask 022
+ cd /usr/src/redhat/BUILD
+ rm -rf tac_plus-4.0.3
+ exit 0
[root@bigboy rpm]#
The compiled RPM file can now be found in one of the architecture subdirectories under /usr/src/redhat/RPMS directory. For example, if you compiled an i386 architecture version of the RPM it will placed in the i386 subdirectory.
You will then have to install the compiled RPMs found in their respective subdirectories as you normally would.
RPM Installation Errors
Sometimes the installation of RPM software doesn't go according to plan and you need to take corrective actions. This section shows you how to recover from some of the most common errors you'll encounter.
Failed Dependencies
Sometimes RPM installations will fail giving Failed dependencies errors which really mean that a prerequisite RPM needs to be installed. In the next example we're attempting to install the MySQL database server application, which fails because the mysql MySQL client RPM, on which it depends, needs to be installed beforehand:
[root@bigboy tmp]# rpm -Uvh mysql-server-3.23.58-9.i386.rpm
error: Failed dependencies:
libmysqlclient.so.10 is needed by mysql-server-3.23.58-9
mysql = 3.23.58 is needed by mysql-server-3.23.58-9
[root@bigboy tmp]#
Installing the MySQL client also fails because it requires the perl-DBD-MySQL package.
[root@bigboy tmp]# rpm -Uvh mysql-3.23.58-9.i386.rpm
error: Failed dependencies:
perl-DBD-MySQL is needed by mysql-3.23.58-9
[root@bigboy tmp]# rpm -Uvh perl-DBD-MySQL-2.9003-4.i386.rpm
error: Failed dependencies:
libmysqlclient.so.10 is needed by perl-DBD-MySQL-2.9003-4
[root@bigboy tmp]#
Strangely enough, the installation of the perl-DBD-MySQL package fails because it needs the mysql client package. To get around this problem you can run the rpm command with the --nodeps option to disable dependency checks. In the next example we install the MySQL client ignoring dependencies, followed by successful installation of perl-DBD-MySQL and mysql-server.
[root@bigboy tmp]# rpm -Uvh --nodeps mysql-3.23.58-9.i386.rpm
Preparing... ####################### [100%]
1:mysql ####################### [100%]
[root@bigboy tmp]# rpm -Uvh perl-DBD-MySQL-2.9003-4.i386.rpm
Preparing... ####################### [100%]
1:perl-DBD-MySQL ####################### [100%]
[root@bigboy tmp]# rpm -Uvh mysql-server-3.23.58-9.i386.rpm
Preparing... ####################### [100%]
1:mysql-server ####################### [100%]
[root@bigboy tmp]#
Note: If all the installation RPMs are located in the same directory, the rpm command can automatically install all the prerequisite RPMs using the --aid option. One of the advantages of using the yum facility is that you don't have to worry about this dependency process as much because the dependency RPMs are always downloaded and installed automatically also.
Signature Keys
Fedora digitally signs all its RPM files, so it's best to import their public encryption key beforehand so that the RPM installation program will be able to verify the validity of the RPM file. This can be done using the rpm command as seen in the next example. It is a good idea to import both the RedHat and Fedora keys:
[root@bigboy tmp]# rpm --import /usr/share/rhn/RPM-GPG-KEY
[root@bigboy tmp]# rpm --import /usr/share/rhn/RPM-GPG-KEY-fedora
[root@bigboy tmp]#
If you don't install the keys you'll get a DSA signature warning that alerts you to the fact that the RPM file might be bogus:
[root@bigboy tmp]# rpm -Uvh dhcp-3.0pl2-6.16.i386.rpm
warning: dhcp-3.0pl2-6.16.i386.rpm: V3 DSA signature: NOKEY, key ID 4f2a6fd2
Preparing... #################################### [100%]
1:dhcp #################################### [100%]
[root@bigboy tmp]#
It is always good to install the key files. If they are not there, the RPMs will install with only a warning message. If the RPM's digital signature doesn't match that in the key file, the rpm installation program also alerts you and fails to install the RPM package at all:
[root@bigboy tmp]# rpm -Uvh dhcp-3.0pl2-6.16.i386.rpm
error: dhcp-3.0pl2-6.16.i386.rpm: V3 DSA signature: BAD, key ID 4f2a6fd2
error: dhcp-3.0pl2-6.16.i386.rpm cannot be installed
[root@bigboy tmp]#
Signatures are therefore useful because they help protect you against tampered and otherwise corrupted RPMs being installed.
How to List Installed RPMs
The rpm -qa command will list all the packages installed on your system
[root@bigboy tmp]# rpm -qa
perl-Storable-1.0.14-15
smpeg-gtv-0.4.4-9
e2fsprogs-1.27-9
libstdc++-3.2-7
audiofile-0.2.3-3
...
...
...
[root@bigboy tmp]#
You can also pipe the output of this command through the grep command if you are interested in only a specific package. In this example we are looking for all packages containing the string ssh in the name, regardless of case (-i means ignore case)
[root@bigboy tmp]# rpm -qa | grep -i ssh
openssh-server-3.4p1-2
openssh-clients-3.4p1-2
openssh-askpass-gnome-3.4p1-2
openssh-3.4p1-2
openssh-askpass-3.4p1-2
[root@bigboy tmp]#
Note: You could use the rpm -q package-name command to find an installed package because it is much faster than using grep and the -qa switch, but you have to have an exact package match. If you are not sure of the package name and its capitalization, the latter method is probably more suitable.
Listing Files Associated with RPMs
Sometimes you'll find yourself installing software that terminates with an error requesting the presence of a particular file. In many cases the installation program doesn't state the RPM package in which the file can be found. It is therefore important to be able to determine the origin of certain files, by listing the contents for RPMs in which you suspect the files might reside.
Listing Files for Already Installed RPMs
This can be useful if you have to duplicate a working server that is already in a production environment. Sometimes the installation of an application fails on the new server due to the lack of a file that resides on the old one. In this case you need to know which RPM on the old server contains the file.
You can use the -ql qualifier to list all the files associated with an installed RPM. In this example we test to make sure that the NTP package is installed using the -q qualifier, and then we use the -ql qualifier to get the file listing.
[root@bigboy tmp]# rpm -q ntp
ntp-4.1.2-0.rc1.2
[root@bigboy tmp]# rpm -ql ntp
/etc/ntp
/etc/ntp.conf
/etc/ntp/drift
/etc/ntp/keys
...
...
...
/usr/share/doc/ntp-4.1.2/rdebug.htm
/usr/share/doc/ntp-4.1.2/refclock.htm
/usr/share/doc/ntp-4.1.2/release.htm
/usr/share/doc/ntp-4.1.2/tickadj.htm
[root@bigboy tmp]#
Listing Files in RPM Files
Sometimes you make a guess and download what you think is the RPM with the missing file. You can use the -qpl qualifier to list all the files in an RPM archive to make sure before installing it:
[root@bigboy updates]# rpm -qpl dhcp-3.0pl1-23.i386.rpm
/etc/rc.d/init.d/dhcpd
/etc/rc.d/init.d/dhcrelay
/etc/sysconfig/dhcpd
/etc/sysconfig/dhcrelay
...
...
...
/usr/share/man/man8/dhcrelay.8.gz
/var/lib/dhcp
/var/lib/dhcp/dhcpd.leases
[root@bigboy updates]#
Listing the RPM to Which a File Belongs
You might need to know the RPM that was used to install a particular file. This is useful when you have a suspicion about the function of a file but are not entirely sure. For example, the MySQL RPM uses the /etc/my.cnf file as its configuration file, not a file named /etc/mysql.conf as you'd normally expect. The following example confirms the origin of the /etc/my.cnf file.
[root@zippy tmp]# rpm -qf /etc/my.cnf
mysql-3.23.58-9
[root@zippy tmp]#
Uninstalling RPMs
The rpm -e command will erase an installed package. The package name given must match that listed in the rpm -qa command because the version of the package is important.
[root@bigboy tmp]# rpm -e package-name
Which RPMs Will Start Up At Boot Time?
The best way to view and configure which RPMs will start at boot time is by using the chkconfig command with the --list switch. A more detailed explanation will be provided in Chapter 7, "The Linux Boot Process", which covers the Linux boot process.
Automatic Updates with yum
The yum automatic RPM update program comes as a standard feature of Fedora Core. It has a number of valuable features:
• You can configure the URLs of download sites you want to use. This provides the added advantage of you choosing the most reliable sites in your part of the globe.
• yum makes multiple attempts to download RPMs before failing.
• yum automatically figures out not only the RPMs packages that need updating, but also all the supporting RPMs. It then installs them all.
Note: Updating packages could cause programs written by you to stop functioning especially if they rely on the older version's features or syntax.
Configuring yum
All the configuration parameters for yum are stored in the /etc/yum.conf file. The three basic sections listed in Table 6-3:
Table 6-3 File Format - yum.conf
Section Description
[main] Contains logging and fault tolerance parameters which can usually be left alone.
[base] Contains the URL (ftp:// or http://) of a mirror site that contains the Fedora base configuration RPMs.
[updates-released] Contains the URL (ftp:// or http://) of a mirror site that contains updated Fedora RPMs.
The easiest way to determine the exact URLs to use in the baseurl parameters of the [base] and [updates-released] sections of the file is to go to the http://fedora.redhat.com/download/mirrors.html Web site to get a listing of alternative download sites. Browse the sites to find the correct locations of the files.
• The baseurl URL for [base] would be that of the fedora-version/architecture-type/os subdirectory of your version of Fedora. Make sure there is a "headers" sub-directory here, or else it won't work. There will not be RPMs in this subdirectory.
• The baseurl URL for [updates-released] would be that of the updates/fedora-version/ architecture-type sub-directory of your version of Fedora. Make sure there is a headers subdirectory here, or it won't work. There will be RPMs in this subdirectory..
Here is a sample yum.conf file to update Fedora from one of the mirror sites:
[main]
cachedir=/var/cache/yum
debuglevel=2
logfile=/var/log/yum.log
pkgpolicy=newest
distroverpkg=fedora-release
tolerant=1
exactarch=1

[base]
name=Fedora Core $releasever - $basearch - Base
baseurl=http://mirrors.xmission.com/fedora/core/$releasever/$basearch/os/

[updates-released]
name=Fedora Core $releasever - $basearch - Released Updates
baseurl=http://mirrors.xmission.com/fedora/core/updates/$releasever/$basearch/

Note: yum accepts the use of variables in the configuration file. The $releasever variable refers to the current version of Fedora Core running on your server and the $basearch variable maps to the base architecture of your server which is determined automatically.
Note: It is probably best to select yum update sites that use HTTP instead of FTP. There are a number of reasons for this. FTP firewall rules are more difficult to implement than HTTP, outbound HTTP access to the Internet is often already allowed in offices, and web servers are less likely to have connection limits imposed on them, unlike FTP servers, which often have limits on the number of user logins.
Note: You can list multiple URLs in a baseurl statement like this and yum will try them all. If you use multiple baseurl statements in each section then yum may act strangely, frequently only selecting the last one in the list.
baseurl=url://server1/path/to/files/
url://server2/path/to/files/
url://server3/path/to/files/
Creating Your Own yum Server
An obvious advantage of using yum is that you can use it to update a yum server at your office with the same directory structure of the mirror download sites on the Fedora Web site. The full set of steps to do this is beyond the scope of this book, but there are some factors you should consider before doing this.
A small desktop PC with about five to six gigabytes of free disk space per distribution should be sufficient to start with for a dedicated small business yum server. Large RPMs are about twenty-five megabytes in size, and they are updated infrequently, so your network load should be minimal on average with an update once or twice a week per server. The problem is timing. There is a yum script file in the /etc/cron.daily directory that runs as a cron job every day at 4:00 a.m. Your yum server could get overwhelmed with simultaneous update requests from all your yum clients. If the load gets too high, then you could move this script to another location and schedule it as a cron job for different times for each server. You can also consider throttling the NIC card of the yum server to 10Mbps as another interim means of reducing the problem. Finally, if these measures don't work, you can upgrade the server. For most small businesses/departments this should not be a major concern and you can use MRTG on the server to get trend data for its network load. MRTG monitoring is covered in Chapter 22, " Monitoring Server Performance".
When established, you can then configure all your Fedora servers to use this local yum server for all updates which will significantly reduce your Internet congestion and the associated bandwidth costs.
yum clients can access the yum server using either FTP or HTTP requests. If you need help in setting these up, Chapter 15, "Linux FTP Server Setup", discusses Linux FTP servers and Chapter 20, "The Apache Web Server", covers the Apache Web server for HTTP requests.
Note: When setting up an HTTP based yum server, you'll need to enable the viewing of directory structures so that it will be easy for someone to use his or her Web browser to navigate down the directories to double check the location of the yum files.
How to Automate yum
As of Fedora Core 6 the yum daemon has been named yum-updatesd, whereas in the past it was just called yum. To get yum started, select the commands that match your OS version:
1) Use the chkconfig command to get yum configured to start at boot:
[root@bigboy tmp]# chkconfig yum-updatesd on

[root@bigboy tmp]# chkconfig yum on

2) Use the service command to instruct the /etc/init.d yum script to start/stop yum after booting
[root@bigboy tmp]# service yum-updatesd start
[root@bigboy tmp]# service yum-updatesd stop

[root@bigboy tmp]# service yum start
[root@bigboy tmp]# service yum stop
Before You Start
As of Fedora Core version 3, the yum utility checks the downloaded RPMs against checksum files to help protect against file corruption and malicious forgeries. This is set using the gpgcheck variable in the /etc/yum.conf file. When the value is set to 1, and then checks are done, when set to 0, they are disabled.
#
# File: /etc/yum.conf
#
gpgcheck=1
This is a valuable feature to have but you need to load the checksum files in order for yum to work properly. Please refer to the section on "Signature Keys" later in the chapter before proceeding.

Keeping Your System current with Yum
You can make the installed RPM packages on your system up to date with the latest patches using the yum update command. When used without listing any packages afterwards, yum will attempt to update them all. The yum update package-name command updates only a particular RPM package.
It is always advisable to use yum after installing Linux to make sure the latest versions of software are installed for the sake of improved security and functionality. Here is an example of output of what to expect with yum updating your system.
[root@bigboy tmp]# yum update
Gathering header information file(s) from server(s)
Server: Fedora Core 2 - i386 - Base
Server: Fedora Core 2 - i386 - Released Updates
Finding updated packages
Downloading needed headers
Resolving dependencies
Dependencies resolved
I will do the following:
[install: kernel 2.4.22-1.2166.nptl.i686]
[update: samba-client 3.0.2-7.FC1.i386]
[update: binutils 2.14.90.0.6-4.i386]
...
...
...
Is this ok [y/N]: y
Getting samba-client-3.0.2-7.FC1.i386.rpm
samba-client-3.0.2-7.FC1. 100% |=========================| 128 kB 05:01
...
...
...
Running test transaction:
Test transaction complete, Success!
glibc-common 100 % done 1/127
glibc 100 % done 2/127
Stopping sshd:[ OK ]
Starting sshd:[ OK ]
bash 100 % done 3/127
mozilla-nspr 100 % done 4/127
sed 100 % done 5/127
...
...
...
Completing update for pango - 65/127
Completing update for samba-client - 66/127
Completing update for binutils - 67/127
...
...
...
Completing update for XFree86-font-utils - 127/127
Kernel Updated/Installed, checking for bootloader
Grub found - making this kernel the default
Installed: kernel 2.4.22-1.2166.nptl.i686
Updated: pango 1.2.5-4.i386 samba-client 3.0.2-7.FC1.i386 binutils 2.14.90.0.6-4.i386 XFree86-Mesa-libGLU 4.3.0-55.i386 initscripts
[root@bigboy tmp]#
Note: If you don't want to be prompted to install the files use the yum with the -y switch.
Example of a yum Package Installation
Here is a sample installation of an individual package using yum. In this case the RPM installed is the net-snmp-utils package:
[root@bigboy tmp]# yum -y install net-snmp-utils
Repository updates-released already added, not adding again
Repository base already added, not adding again
Setting up Install Process
Setting up Repo: base
repomd.xml 100% |=========================| 1.1 kB 00:00
Setting up Repo: updates-released
repomd.xml 100% |=========================| 951 B 00:00
Reading repository metadata in from local files
base : ############################################ 2622/2622
primary.xml.gz 100% |=========================| 88 kB 00:00
MD Read : ################################################## 229/229
updates-re: ################################################## 229/229
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package net-snmp-utils.i386 0:5.1.2-11 set to be installed
--> Running transaction check

Dependencies Resolved
Transaction Listing:
Install: net-snmp-utils.i386 0:5.1.2-11
Downloading Packages:
net-snmp-utils-5.1.2-11.i 100% |===================| 6.2 MB 00:48
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: net-snmp-utils 100 % done 1/1

Installed: net-snmp-utils.i386 0:5.1.2-11
Complete!
[root@bigboy tmp]#
Remember The Following Yum Facts
You can place a list of packages you never want automatically updated in the [main] section. The list must be separated by spaces. Kernel RPMs may be one of the first sets to go on this list, as in this example:
[main]
exclude=kernel
• yum does its updates using TCP port 80 for http:// update URLs and uses passive FTP for ftp:// update URLs in /etc/yum.conf. This will have importance for your firewall rules.
• More details on configuring yum can be obtained by running the man yum.conf command.
• yum runs automatically each day. The cron file is located in /etc/cron.daily/.
• Don't limit yourself to the default yum.conf URLs because they can become overloaded with requests and make yum perform poorly.
Installing Software From DEB Files
Unlike the Redhat, Fedora and Centos versions of Linux that use RPM packages, the Debian and Ubuntu versions of Linux rely on packages in the DEB format. This section covers some of the most important topics required for you to master their use.
How To Install DEBs Manually
There are generally two ways to install DEB files manually. The first method is by using a file previously downloaded to your hard drive, and the other is to install the DEB from some sort of removable media such as a CD-ROM drive.
Using Downloaded Files
Download the DEBs (which usually have a file extension ending with .deb) into a temporary directory, such as /tmp. The next step is to issue the dpkg --install command to install the package. Here is an example of a typical DEB installation command to install the ndiswrapper utilities package:
root@u-bigboy:~# dpkg --install ndiswrapper-utils_1.8-0ubuntu2_i386.deb
Selecting previously deselected package ndiswrapper-utils.
(Reading database ... 70221 files and directories currently installed.)
Unpacking ndiswrapper-utils (from ndiswrapper-utils_1.8-0ubuntu2_i386.deb) ...
Setting up ndiswrapper-utils (1.8-0ubuntu2) ...
root@u-bigboy:~#

Using CD-ROMs
Installing DEB files from CDROM is similar to that with Fedora / Redhat. The difference is that the CDROM device name is /media/cdrom. The following procedure installs the ndiswrapper DEB that had previously been copied to a disk.:
1. Insert the CD-ROM, check the files in the /media/cdrom directory and then install the DEB.
root@u-bigboy:/tmp# mount /media/cdrom -o unhide
mount: block device /dev/hdc is write-protected, mounting read-only
root@u-bigboy:/tmp# cd /media/cdrom
root@u-bigboy:/media/cdrom# ls
ndiswrapper-utils_1.8-ubuntu2_i386.deb
root@u-bigboy:/media/cdrom# dpkg --install ndiswrapper-utils_1.8-ubuntu2_i386.deb
Selecting previously deselected package ndiswrapper-utils.
(Reading database ... 70221 files and directories currently installed.)
Unpacking ndiswrapper-utils (from ndiswrapper-utils_1.8-0ubuntu2_i386.deb) ...
Setting up ndiswrapper-utils (1.8-0ubuntu2) ...
root@u-bigboy:~#
2. When finished, eject the CD-ROM
root@u-bigboy:/media/cdrom# cd /tmp
root@u-bigboy:/tmp# umount /media/cdrom
root@u-bigboy:/tmp# eject cdrom
root@u-bigboy:/tmp#
Note: Unlike the Fedora CD / DVD sets, Ubuntu Linux is distributed on a single CD / DVD. The Ubuntu installation process downloads any additional packages it may need on demand from the Internet. It is for this reason that you may find it easier to install Ubuntu software using the APT utility which automatically download and install most of the packages you desire. The APT utility is covered in a following section.
DEB Installation Errors
Sometimes the installation of DEB software doesn't go according to plan and you need to take corrective actions. This section shows you how to recover from some of the most common errors you'll encounter.
Failed Dependencies
As should be expected, packages often rely on the existence of other previously installed packages. This will sometimes result in dpkg installations failing with dependency problems errors which really mean that a prerequisite DEB needs to be installed. In the next example we're trying to install the mrtg-contrib package, but it needs the mrtg package to be installed first beforehand.
root@u-bigboy:/tmp# dpkg --install mrtg-contrib_2.12.2-1_all.deb
Selecting previously deselected package mrtg-contrib.
(Reading database ... 70759 files and directories currently installed.)
Unpacking mrtg-contrib (from mrtg-contrib_2.12.2-1_all.deb) ...
dpkg: dependency problems prevent configuration of mrtg-contrib:
mrtg-contrib depends on mrtg (= 2.12.2-1); however:
Package mrtg is not installed.
dpkg: error processing mrtg-contrib (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
mrtg-contrib
root@u-bigboy:/tmp#

After installing the mrtg package, mrtg-contrib was installed correctly. You can automatically install prerequisite packages using the APT utility. This will be covered later in th echapter.
How to List Installed DEBs
The dpkg --list command will list all the packages installed on your system
root@u-bigboy:~# dpkg --list
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version Description
+++-===================-===================-================================
ii ssh 4.1p1-7ubuntu4 Secure shell client and server
...
...
...
root@u-bigboy:~#
The output will be in six columns. The fourth column lists the name of the package, the fifth states the package version, and the sixth and last provides a description.
The first three columns are each only a single character wide and provide very specific information about the package as outlined in Table 6-4.
Table 6-4 Column Formatting for the dpkg command
Desired State
(Col. 1) Current State
(Col. 2) Error State
(Col. 3) Description
u Unknown: The package has never been installed
i Installed: A privileged user has requested the installation of the package
r Remove: A privileged user has requested the removal of the package. Configuration files for the package most likely remain.
p Purge: A previously installed package has been removed. Configuration files for the package have probably been removed.
h Hold: A privileged user has requested that the package remain at its current version with no automatic upgrades.
n Not Installed: The package is not installed
i Installed: The package is installed
c Configuration Files Exist: Package was installed, but the configuration files exist.
u Unpacked: Files have been unpacked, but not installed
f Failed: Configuration of the package has failed.
h Halt: The package installation failed to complete
h Enforced Hold: Package upgrade is on hold because another dependent package with a user defined hold requires this package to remain not upgraded.
r Reinstallation: The package is broken and requires a reinstallation.
x The package is both broken and on enforced hold.

You can specify the desired package in which you are interested after the --list option to get a listing specific to that package. Here we see a single listing for the openssh-server package using this method.
root@u-bigboy:~# dpkg --list openssh-server
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version Description
+++-===================-===================-========================================
ii openssh-server 4.2p1-7ubuntu3 Secure shell server, an rshd replacement
root@u-bigboy:~#
You can also pipe the output of this command through the grep command if you are interested in only a specific package. In this example we are looking for all packages containing the string dhcp in the name.
root@u-bigboy:~# dpkg --list | grep dhcp
ii dhcp3-client 3.0.2-1ubuntu6 DHCP Client
ii dhcp3-common 3.0.2-1ubuntu6 Common files - dhcp3* packages
root@u-bigboy:~#
Listing Files Associated with DEBs
Sometimes you'll find yourself installing software that terminates with an error requesting the presence of a particular file. In many cases the installation program doesn't state the DEB package in which the file can be found. It is therefore important to be able to determine the origin of certain files, by listing the contents for DEBs in which you suspect the files might reside.
Listing Files for Previously Installed DEBs
As stated previously, listing the files found in a package can be very useful. With dpkg, the --listiles option can provide this information easily. Here we list the files present in the openssh-server package.
root@u-bigboy:~# dpkg --listfiles openssh-server
...
...
...
/var/run/sshd
/usr/lib/sftp-server
/usr/share/doc/openssh-server
root@u-bigboy:~#
Listing Files in DEB Files
Download sites often have packages with different functions, but similar names. It is good to be able to list the contents of a DEB package to verify you have the correct one. This can be done with the --contents option for dpkg as can be seen in this example.
root@u-bigboy:/tmp# dpkg --contents openssh-server_4.2p1-7ubuntu3_i386.deb
...
...
...
-rw-r--r-- root/root 10444 2006-05-17 17:43:19 ./usr/share/man/man8/sshd.8.gz
-rw-r--r-- root/root 1169 2006-05-17 17:43:19 ./usr/share/man/man8/sftp-server.8.gz
drwxr-xr-x root/root 0 2006-05-17 17:43:24 ./usr/share/doc/
drwxr-xr-x root/root 0 2006-05-17 17:43:24 ./usr/share/doc/openssh-client/
drwxr-xr-x root/root 0 2006-05-17 17:43:19 ./var/
drwxr-xr-x root/root 0 2006-05-17 17:43:19 ./var/run/
drwxr-xr-x root/root 0 2006-05-17 17:43:19 ./var/run/sshd/
...
...
...
root@u-bigboy:/tmp#

Listing the DEB Package to Which a File Belongs
Searching for the ownership of a particular file is also simple when using the --search option with dpkg. In this example, we see that the /etc/syslog.conf file is a part of the sysklogd package.
root@u-bigboy:~# dpkg --search /etc/syslog.conf
sysklogd: /etc/syslog.conf
root@u-bigboy:~#

Uninstalling DEBs
The dpkg --remove command will erase an installed package as seen in this example.
root@u-bigboy:~# dpkg --remove ndiswrapper-utils
(Reading database ... 70241 files and directories currently installed.)
Removing ndiswrapper-utils ...
root@u-bigboy:~#

Which DEBs Will Start Up At Boot Time?
You can view and configure which DEBs will start at boot time is by using the update-rc.d command. A more detailed explanation will be provided in Chapter 7, "The Linux Boot Process".
Automatic DEB Updates with apt-get
Like Fedora, Debian / Ubuntu Linux has its own package update application that will automatically retrieve packages from a network based repository. It is called the Advanced Package Tool (APT) and it is the most commonly used command is apt-get which we'll cover in more detail later
Configuring APT
APT uses the /etc/apt/sources.list file to instruct your server as to where to find the required packages on your network. The default file locations in this file refer to a few trusted APT download websites on the Internet.
It is important to periodically resynchronize the APT package index files from the sources listed in the /etc/apt/sources.list file. This updates your system with listings of the most current package versions. This can be done with the apt-get update command as seen here:
root@u-bigboy:/tmp# apt-get update
Get:1 http://security.ubuntu.com/ dapper-security Release.gpg [189B]
Get:2 http://us.archive.ubuntu.com/ dapper Release.gpg [189B]
Get:3 http://us.archive.ubuntu.com/ dapper-updates Release.gpg [189B]
...
...
...
Fetched 184kB in 2s (66.1kB/s)
Reading package lists... Done
root@u-bigboy:/tmp#
Note: If you install Ubuntu without Internet access, only a barebones set of packages will be installed and the URL entries in the /etc/apt/sources.list file will be commented out, but the required packages will be flagged for eventual installation in the dpkg database. When you get Internet access, uncomment the URL entries and upgrade your installation with the apt-get command which will update your system with the full complement of required packages downloaded from the Web.
You can also create an APT server on your own network if you don't want all your Debian / Ubuntu servers to have Internet access. You'll have to update your sources.list file accordingly, but the full configuration steps are beyond the scope of this book.
Keeping Your System current with APT
The apt-get utility can be used to simultaneously upgrade all the packages on your system with the upgrade option. When used without listing any packages afterwards, apt-get will attempt to update them all. The apt-get upgrade package-name command updates only a particular DEB package.
It is always advisable to use apt-get after installing Linux to make sure the latest versions of software are installed for the sake of improved security and functionality. Here is an example of output of what to expect; the -y flag causes apt-get to assume "yes" as the answer to all prompts and allows it to run non-interactively:
root@u-bigboy:/tmp# apt-get -y upgrade
Reading package lists... Done
Building dependency tree... Done
The following packages have been kept back:
linux-image-386
The following packages will be upgraded:
capplets-data desktop-file-utils eog gdm gnome-about
...
...
...
Setting up libgtk2.0-bin (2.8.18-0ubuntu1) ...
Updating the IM modules list for GTK+-2.4.0...done.
Updating the gdk-pixbuf loaders list for GTK+-2.4.0...done.

root@u-bigboy:/tmp#
Example of an apt-get Package Installation
Here is a sample installation of an individual package using yum. In this case the RPM installed is the apache Web server package:
[root@ root@u-bigboy:/tmp# apt-get -y install apache
Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
apache-common apache2-utils libapr0 libpcre3
Suggested packages:
apache-doc apache-ssl apache-perl
The following NEW packages will be installed:
apache apache-common apache2-utils libapr0 libpcre3
...
...
...
Creating config file /etc/apache/httpd.conf with new version

Creating config file /etc/apache/srm.conf with new version

Creating config file /etc/apache/access.conf with new version

Creating config file /etc/apache/modules.conf with new version
* Starting apache 1.3 web server...
...done.

root@u-bigboy:/tmp#
Remember The Following APT Facts
• The APT utility's sources.list file primarily lists URLs using TCP port 80 (http://) for its updates This will have importance for your firewall rules.
• More details on configuring yum can be obtained by running the man sources.list and the man apt-get commands.
Installing Software Using tar Files
Another popular software installation file format is the tar file, which can frequently be obtained from the Web sites of software developers, and online software libraries such as www.sourceforge.net.
The Linux tar command is used to archive files and typically have a .tar file extension in the file name. These files are also frequently compressed in the gzip format, and when they do, their file extensions will end with .tar.gz or .tgz. The commands to extract the data from either type are similar. When a tar file is uncompressed, the command to extract the data is tar -xvf filename.tar. When the archive is compressed, the command to use is tar -xzvf filename.tar.gz.
The tar file installation process usually requires you first to uncompress and extract the contents of the archive in a local subdirectory, which frequently has the same name as the tar file. The subdirectory will usually contain a file called README or INSTALL, which outlines all the customized steps to install the software.
Here are the initial steps to take to install tar-based software:
1) Issue the tar command to extract the files.
[root@bigboy tmp]# tar -xvzf linux-software-1.3.1.tar.gz
linux-software-1.3.1/
linux-software-1.3.1/plugins-scripts/
...
...
...
linux-software-1.3.1/linux-software-plugins.spec
[root@bigboy tmp]#
This creates a subdirectory with the installation files inside.
[root@bigboy tmp]# ls
linux-software-1.3.1 linux-software-1.3.1.tar.gz
[root@bigboy tmp]#
2) Use the cd command to enter the subdirectory and follow the directions listed in the INSTALL and README files:
[root@bigboy tmp]# cd linux-software-1.3.1
[root@bigboy linux-software-1.3.1]# ls
COPYING install-sh missing plugins
depcomp LEGAL mkinstalldirs plugins-scripts
FAQ lib linux-software.spec README
Helper.pm Makefile.am linux-software.spec.in REQUIREMENTS
INSTALL Makefile.in NEWS subst.in
[root@bigboy linux-software-1.3.1]#
Software installation with tar files can be frustrating, frequently requiring the installation of other supporting tar files, each with its own customized installation commands. RPMs, with the single standardized command format, are usually easier to use and may be the better method to use for newer Linux users.
Installing Perl Modules
Even if you don't know how to program in Perl, you may find yourself having to install Perl modules to get some of your software packages to work.
Modules can be installed manually by downloading the TAR files from www.cpan.org, the primary Perl module site. The disadvantage is that this method doesn't automatically install any prerequisite modules you may need. Another disadvantage, though small is that the perl module names usually have a double colon (::) in their names, but the installation TAR file in which this module resides won't have the colons in its name. For example version 1.74 of the Mail::Tools module has the file name MailTools-1.74.tar.gz.
Modules can also be installed automatically using the perl command. We will cover both methods in this section.
Manual Installation of Perl Modules
Most of the commonly used Perl modules can be downloaded from the CPAN website. The installation steps are straightforward.
1. Browse the CPAN website, identify the module package you need and then download it using a utility such as wget.
[root@bigboy tmp]# wget http://www.cpan.org/authors/id/M/MA/MARKOV/MailTools-1.74.tar.gz
--15:07:36-- http://www.cpan.org/authors/id/M/MA/MARKOV/MailTools-1.74.tar.gz
=> `MailTools-1.74.tar.gz'
Resolving www.cpan.org... 66.39.76.93
Connecting to www.cpan.org|66.39.76.93|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 47,783 (47K) [application/x-tar]

100%[===================================>] 47,783 100.88K/s

15:07:38 (100.51 KB/s) - `MailTools-1.74.tar.gz' saved [47783/47783]

[root@bigboy tmp]#
2. Extract the file from the package with the tar command.
[root@bigboy tmp]# tar -xzvf MailTools-1.74.tar.gz
MailTools-1.74/
MailTools-1.74/t/
...
...
...
MailTools-1.74/ChangeLog
MailTools-1.74/MANIFEST
[root@bigboy tmp]#
3. Enter the newly created directory with the same name as the TAR file, and install the module with the following commands.
• perl Makefile.PL
• make
• make test
[root@bigboy tmp]# cd MailTools-1.74
[root@bigboy MailTools-1.74]# perl Makefile.PL
Checking for Net::SMTP...ok
Checking for Net::Domain...ok
Checking for IO::Handle...ok
Checking if your kit is complete...
Looks good
Writing Makefile for Mail
[root@bigboy MailTools-1.74]# make
cp Mail/Cap.pm blib/lib/Mail/Cap.pm
cp Mail/Mailer/rfc822.pm blib/lib/Mail/Mailer/rfc822.pm
...
...
...
Manifying blib/man3/Mail::Util.3pm
Manifying blib/man3/Mail::Address.3pm
[root@bigboy MailTools-1.74]# make test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/extract.....ok
...
...
...
All tests successful.
Files=7, Tests=95, 2 wallclock secs ( 1.28 cusr + 0.29 csys = 1.57 CPU)
[root@bigboy MailTools-1.74]#
Your Perl module installation should now be complete.
Note: The output of the perl Makefile.PL command will tell you whether there are any other required modules. You can either install them all manually, running the risk of having to install more prerequisite modules for these prerequisite modules, or you can use automated updates which will be covered next.
Automatic Installation of Perl Modules
Modules can be installed automatically using the perl utility but you must first install the prerequisite ncftp package to download the packages from CPAN.
[root@bigboy tmp]# yum -y install ncftp
After the package installed you can use the following perl command to enter the CPAN utility.
perl -MCPAN -e shell
The first time it is run, Perl will prompt you for a number of configuration options. In most cases the defaults will be sufficient. After the initial setup is complete you will have a cpan> command prompt
cpan>
Installation of modules can then be done with the install command followed by the name of the module. In this example we install the Mail::Audit module using the CPAN utility.
[root@bigboy tmp]# perl -MCPAN -e shell
Terminal does not support AddHistory.

cpan shell -- CPAN exploration and modules installation (v1.7602)
ReadLine support available (try 'install Bundle::CPAN')

cpan> install Mail::Audit
CPAN: Storable loaded ok
LWP not available
CPAN: Net::FTP loaded ok
Fetching with Net::FTP:
ftp://archive.progeny.com/CPAN/authors/01mailrc.txt.gz
...
...
...
Installing /usr/share/man/man3/Mail::Audit::MAPS.3pm
Appending installation info to /usr/lib/perl5/5.8.8/i386-linux-thread-multi/perllocal.pod
/usr/bin/make install -- OK

cpan> exit
Terminal does not support GetHistory.
Lockfile removed.
[root@bigboy tmp]#
The exit command allows you to return to the Linux command prompt and your Perl module should be fully installed.
Conclusion
This is just the beginning. If the software you install is intended to make your Linux machine permanently run an application such as a Web server, mail server, or any other type of server you have to know how to get the software activated when the system reboots. This is covered in Chapter 7, "The Linux Boot Process". Subsequent chapters cover the use, configuration, testing, and troubleshooting of many of the most popular Linux server applications used today.

Into Networking in Linux

Introduction
Now that you have a firm grasp of many of the most commonly used networking concepts, it is time to apply them to the configuration of your server. Some of these activities are automatically covered during a Linux installation, but you will often find yourself having to know how to modify these initial settings whenever you need to move your server to another network, add a new network interface card or use an alternative means of connecting to the Internet.
In Chapter 2, "Introduction to Networking", we started with an explanation of TCP/IP, so we'll start this Linux networking chapter with a discussion on how to configure the IP address of your server.
How to Configure Your NIC's IP Address
You need to know all the steps needed to configure IP addresses on a NIC card. Web site shopping cart applications frequently need an additional IP address dedicated to them. You also might need to add a secondary NIC interface to your server to handle data backups. Last but not least, you might just want to play around with the server to test your skills.
This section shows you how to do the most common server IP activities with the least amount of headaches.
Determining Your IP Address
Most modern PCs come with an Ethernet port. When Linux is installed, this device is called eth0. You can determine the IP address of this device with the ifconfig command.
[root@bigboy tmp]# ifconfig -a

eth0 Link encap:Ethernet HWaddr 00:08:C7:10:74:A8
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:11 Base address:0x1820

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:787 errors:0 dropped:0 overruns:0 frame:0
TX packets:787 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:82644 (80.7 Kb) TX bytes:82644 (80.7 Kb)

wlan0 Link encap:Ethernet HWaddr 00:06:25:09:6A:B5
inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:47379 errors:0 dropped:0 overruns:0 frame:0
TX packets:107900 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:4676853 (4.4 Mb) TX bytes:43209032 (41.2 Mb)
Interrupt:11 Memory:c887a000-c887b000

wlan0:0 Link encap:Ethernet HWaddr 00:06:25:09:6A:B5
inet addr:192.168.1.99 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:11 Memory:c887a000-c887b000

[root@bigboy tmp]#

In this example, eth0 has no IP address because this box is using wireless interface wlan0 as its main NIC. Interface wlan0 has an IP address of 192.168.1.100 and a subnet mask of 255.255.255.0
You can see that this command gives good information on the interrupts, or PCI bus ID, used by each card. On very rare occasions you might find that your NIC card doesn't work because it shares both an interrupt and memory access address with some other device. You can look at the contents of the /proc/interrupts file to get a listing of all the interrupt IRQs used by your system. In the example below we can see that there are no conflicts with each IRQ from 0 to 15 having only a single entry. Devices eth0 and eth1 use interrupts 10 and 5, respectively:
[root@bigboy tmp]# cat /proc/interrupts
CPU0
0: 2707402473 XT-PIC timer
1: 67 XT-PIC i8042
2: 0 XT-PIC cascade
5: 411342 XT-PIC eth1
8: 1 XT-PIC rtc
10: 1898752 XT-PIC eth0
11: 0 XT-PIC uhci_hcd
12: 58 XT-PIC i8042
14: 5075806 XT-PIC ide0
15: 506 XT-PIC ide1
NMI: 0
ERR: 43
[root@bigboy tmp]#
If there are conflicts, you might need to refer to the manual for the offending device to try to determine ways to either use another interrupt or memory I/O location.
Changing Your IP Address
If you wanted, you could give this eth0 interface an IP address using the ifconfig command.
[root@bigboy tmp]# ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up
The "up" at the end of the command activates the interface. To make this permanent each time you boot up you'll have to add this command in your /etc/rc.local file which is run at the end of every reboot.
Fedora Linux also makes life a little easier with interface configuration files located in the /etc/sysconfig/network-scripts directory. Interface eth0 has a file called ifcfg-eth0, eth1 uses ifcfg-eth1, and so on. You can place your IP address information in these files, which are then used to auto-configure your NICs when Linux boots. See Figure 3-1 for two samples of interface eth0. One assumes the interface has a fixed IP address, and the other assumes it requires an IP address assignment using DHCP.

Figure 3-1 - File formats for network-scripts
Fixed IP Address
[root@bigboy tmp]# cd /etc/sysconfig/network-scripts
[root@bigboy network-scripts]# cat ifcfg-eth0

#
# File: ifcfg-eth0
#
DEVICE=eth0
IPADDR=192.168.1.100
NETMASK=255.255.255.0
BOOTPROTO=static
ONBOOT=yes
#
# The following settings are optional
#
BROADCAST=192.168.1.255
NETWORK=192.168.1.0

[root@bigboy network-scripts]#
Getting the IP Address Using DHCP
[root@bigboy tmp]# cd /etc/sysconfig/network-scripts
[root@bigboy network-scripts]# cat ifcfg-eth0

#
# File: ifcfg-eth0
#
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes

[root@bigboy network-scripts]#

As you can see eth0 will be activated on booting, because the parameter ONBOOT has the value yes and not no. You can read more about netmasks and DHCP in Chapter 2, that acts as an introduction to networking.
The default RedHat/Fedora installation will include the broadcast and network options in the network-scripts file. These are optional.
After you change the values in the configuration files for the NIC you have to deactivate and activate it for the modifications to take effect. The ifdown and ifup commands can be used to do this:
[root@bigboy network-scripts]# ifdown eth0
[root@bigboy network-scripts]# ifup eth0
Your server will have to have a default gateway for it to be able to communicate with the Internet. This will be covered later in the chapter.
How DHCP Affects the DNS Server You Use
Your DHCP server not only supplies the IP address your Linux box should use, but also the desired DNS servers. When using DHCP for an interface, make sure your /etc/resolv.conf file has the servers configuration lines commented out to prevent any conflicts.
Multiple IP Addresses on a Single NIC
In the previous section "Determining Your IP Address" you may have noticed that there were two wireless interfaces: wlan0 and wlan0:0. Interface wlan0:0 is actually a child interface wlan0, a virtual subinterface also known as an IP alias. IP aliasing is one of the most common ways of creating multiple IP addresses associated with a single NIC. Aliases have the name format parent-interface-name:X, where X is the sub-interface number of your choice.
The process for creating an IP alias is very similar to the steps outlined for the real interface in the previous section, "Changing Your IP Address":
• First ensure the parent real interface exists
• Verify that no other IP aliases with the same name exists with the name you plan to use. In this we want to create interface wlan0:0.
• Create the virtual interface with the ifconfig command
[root@bigboy tmp]# ifconfig wlan0:0 192.168.1.99 netmask 255.255.255.0 up
• You should also create a /etc/sysconfig/network-scripts/ifcfg-wlan0:0 file so that the aliases will all be managed automatically with the ifup and ifdown commands. Here is a sample configuration:
DEVICE=wlan0:0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.99
NETMASK=255.255.255.0
The commands to activate and deactivate the alias interface would therefore be:
[root@bigboy tmp]# ifup wlan0:0
[root@bigboy tmp]# ifdown wlan0:0
Note: Shutting down the main interface also shuts down all its aliases too. Aliases can be shutdown independently of other interfaces.
After completing these four simple steps you should be able to ping the new IP alias from other servers on your network.
IP Address Assignment for a Direct DSL Connection
If you are using a DSL connection with fixed or static IP addresses, then the configuration steps are the same as those outlined earlier. You plug your Ethernet interface into the DSL modem, configure it with the IP address, subnet mask, broadcast address, and gateway information provided by your ISP and you should have connectivity when you restart your interface. Remember that you might also need to configure your DNS server correctly.
If you are using a DSL connection with a DHCP or dynamic IP address assignment, then the process is different. Your ISP will provide you with a PPP authentication over Ethernet (PPPoE) username and password which will allow your computer to login transparently to the Internet each time it boots up. Fedora Linux installs the rp-pppoe RPM software package required to support this.
Note: Unless you specifically request static IP addresses, your ISP will provide you with a DHCP based connection. The DHCP IP address assigned to your computer and/or Internet router will often not change for many days and you may be fooled into thinking it is static.
Downloading and installing RPMs isn't hard. If you need a refresher, Chapter 6, "Installing Linux Software", on RPMs, covers how to do this in detail. When searching for the file, remember that the PPPoE RPM's filename usually starts with the word rp-pppoe followed by a version number like this: rp-pppoe-3.5-8.i386.rpm.
After installing the RPM, you need to go through a number of steps to complete the connection. The PPPOE configuration will create a software-based virtual interface named ppp0 that will use the physical Internet interface eth0 for connectivity. Here's what you need to do:
• Make a backup copy of your ifcfg-eth0 file.
[root@bigboy tmp]#
[root@bigboy tmp]# cd /etc/sysconfig/network-scripts/
[root@bigboy network-scripts]# ls ifcfg-eth0
ifcfg-eth0
[root@bigboy network-scripts]# cp ifcfg-eth0 DISABLED.ifcfg-eth0
• Edit your ifcfg-eth0 file to have no IP information and also to be deactivated on boot time.
DEVICE=eth0
ONBOOT=no
• Shutdown your eth0 interface.
[root@bigboy network-scripts]# ifdown eth0
[root@bigboy network-scripts]#
• Run the adsl-setup configuration script
[root@bigboy network-scripts]# adsl-setup
It will prompt you for your ISP username, the interface to be used (eth0) and whether you want to the connection to stay up indefinitely. We'll use defaults wherever possible.
Welcome to the ADSL client setup.� First, I will run some checks on

your system to make sure the PPPoE client is installed properly...

LOGIN NAME

Enter your Login Name (default root): bigboy-login@isp

INTERFACE

Enter the Ethernet interface connected to the ADSL modem
For Solaris, this is likely to be something like /dev/hme0.
For Linux, it will be ethX, where 'X' is a number.
(default eth0):

Do you want the link to come up on demand, or stay up continuously?
If you want it to come up on demand, enter the idle time in seconds
after which the link should be dropped.� If you want the link to
stay up permanently, enter 'no' (two letters, lower-case.)
NOTE: Demand-activated links do not interact well with dynamic IP
addresses. You might have some problems with demand-activated links.

Enter the demand value (default no):
It will then prompt you for your DNS server information. This step edits your /etc/resolv.conf file. If you're running BIND on your server in a caching DNS mode then you might want to leave this option blank. If you want your ISP to provide the IP address of its DNS server automatically then enter the word server.
Please refer to Chapter 18, "Configuring DNS", for more information on BIND and DNS.
DNS

Please enter the IP address of your ISP's primary DNS server.
If your ISP claims that 'the server will provide dynamic DNS addresses', enter 'server' (all lower-case) here.
If you just press enter, I will assume you know what you are doing and not modify your DNS setup.
Enter the DNS information here:
The script will then prompt you for your ISP password
PASSWORD

Please enter your Password:
Please re-enter your Password:

Then it will ask whether you want regular users (not superuser root) to be able to activate/deactivate the new ppp0 interface. This may be required if non-root members of your family or home office need to get access to the Internet:
USERCTRL

Please enter 'yes' (two letters, lower-case.) if you want to allow normal user to start or stop DSL connection (default yes):
The rp-pppoe package has two sample iptables firewall scripts located in the /etc/ppp directory named firewall-standalone and firewall-masq. They are very basic and don't cover rules to make your Linux box a web server, DNS server, or mail server. I'd recommend selecting none and using a variant of the basic script samples in Chapter 14, "Linux Firewalls Using iptables", or the more comprehensive one found in Appendix II, "Codes, Scripts, and Configurations".
FIREWALLING

Please choose the firewall rules to use. Note that these rules are very basic. You are strongly encouraged to use a more sophisticated firewall setup; however, these will provide basic security. If you are running any servers on your machine, you must choose 'NONE' and set up firewalling yourself. Otherwise, the firewall rules will deny access to all standard servers like Web, e-mail, ftp, etc. If you are using SSH, the rules will block outgoing SSH connections which allocate a privileged source port.

The firewall choices are:

0 - NONE: This script will not set any firewall rules. You are responsible
for ensuring the security of your machine. You are STRONGLY
recommended to use some kind of firewall rules.
1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway
for a LAN

Choose a type of firewall (0-2): 0
You'll then be asked whether you want the connection to be activated upon booting. Most people would say yes.
Start this connection at boot time

Do you want to start this connection at boot time?
Please enter no or yes (default no):yes
Just before exiting, you'll get a summary of the parameters you entered and the relevant configuration files will be updated to reflect your choices when you accept them:
** Summary of what you entered **


Ethernet Interface: eth0

User name: bigboy-login@isp
Activate-on-demand: No
DNS: Do not adjust
Firewalling: NONE
User Control: yes
Accept these settings and adjust configuration files (y/n)? y

Adjusting /etc/sysconfig/network-scripts/ifcfg-ppp0
Adjusting /etc/ppp/chap-secrets and /etc/ppp/pap-secrets
(But first backing it up to /etc/ppp/chap-secrets.bak)
(But first backing it up to /etc/ppp/pap-secrets.bak)
At the very end it will tell you the commands to use to activate /deactivate your new ppp0 interface and to get a status of the interface's condition.
Congratulations, it should be all set up!

Type '/sbin/ifup ppp0' to bring up your xDSL link and '/sbin/ifdown ppp0'to bring it down.
Type '/sbin/adsl-status /etc/sysconfig/network-scripts/ifcfg-ppp0' to see the link status.

Note: This example recommends using the adsl-status command with the name of the PPPoE interface configuration file. This command defaults to show information for interface ppp0, and therefore listing the ifcfg-ppp0 filename won't be necessary in most home environments.
After you have completed installing rp-pppoe you should be able to access the Internet over your DHCP DSL connection as expected.

Some Important Files Created By adsl-setup
The adsl-setup script creates three files that will be of interest to you. The first is the ifcfg-ppp0 file with interface's link layer connection parameters
[root@bigboy network-scripts]# more ifcfg-ppp0
USERCTL=yes
BOOTPROTO=dialup
NAME=DSLppp0
DEVICE=ppp0
TYPE=xDSL
ONBOOT=yes
PIDFILE=/var/run/pppoe-adsl.pid
FIREWALL=NONE
PING=.
PPPOE_TIMEOUT=20
LCP_FAILURE=3
LCP_INTERVAL=80
CLAMPMSS=1412
CONNECT_POLL=6
CONNECT_TIMEOUT=60
DEFROUTE=yes
SYNCHRONOUS=no
ETH=eth0
PROVIDER=DSLppp0
USER= bigboy-login@isp
PEERDNS=no
[root@bigboy network-scripts]#
The others are the duplicate /etc/ppp/pap-secrets and /etc/ppp/chap-secrets files with the username and password needed to login to your ISP:
[root@bigboy network-scripts]# more /etc/ppp/pap-secrets
# Secrets for authentication using PAP
# client server secret IP addresses
"bigboy-login@isp" * "password"
[root@bigboy network-scripts]#
Simple Troubleshooting
You can run the adsl-status command to determine the condition of your connection. In this case the package has been installed but the interface hasn't been activated.
[root@bigboy tmp]# adsl-status
Note: You have enabled demand-connection; adsl-status may be inaccurate.
adsl-status: Link is attached to ppp0, but ppp0 is down
[root@bigboy tmp]#
After activation, the interface appears to work correctly.
[root@bigboy tmp]# ifup ppp0
[root@bigboy tmp]# adsl-status
adsl-status: Link is up and running on interface ppp0
ppp0: flags=8051 mtu 1462 inet
...
...
[root@bigboy tmp]#
For further troubleshooting information you can visit the Web site of rp-ppoe at Roaring Penguin (www.roaringpenguin.com). There are some good tips there on how to avoid problems with VPN clients.
IP Address Assignment for a Cable Modem Connection
Cable modems use DHCP to get their IP addresses so you can configure your server's Ethernet interface accordingly.
How to Activate/Shut Down Your NIC
The ifup and ifdown commands can be used respectively to activate and deactivate a NIC interface. You must have an ifcfg file in the /etc/sysconfig/network-scripts directory for these commands to work. Here is an example for interface eth0:
[root@bigboy tmp]# ifdown eth0
[root@bigboy tmp]# ifup eth0
How to View Your Current Routing Table
The netstat -nr command will provide the contents of the touting table. Networks with a gateway of 0.0.0.0 are usually directly connected to the interface. No gateway is needed to reach your own directly connected interface, so a gateway address of 0.0.0.0 seems appropriate. The route with a destination address of 0.0.0.0 is your default gateway.
• In this example there are two gateways, the default and one to 255.255.255.255 which is usually added on DHCP servers. Server bigboy is a DHCP server in this case.
[root@bigboy tmp]# netstat -nr

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
255.255.255.255 0.0.0.0 255.255.255.255 UH 40 0 0 wlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 40 0 0 wlan0
127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo
0.0.0.0 192.168.1.1 0.0.0.0 UG 40 0 0 wlan0
[root@bigboy tmp]#
• In this example, there are multiple gateways handling traffic destined for different networks on different interfaces.
[root@bigboy tmp]# netstat -nr

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
172.16.68.64 172.16.69.193 255.255.255.224 UG 40 0 0 eth1
172.16.11.96 172.16.69.193 255.255.255.224 UG 40 0 0 eth1
172.16.68.32 172.16.69.193 255.255.255.224 UG 40 0 0 eth1
172.16.67.0 172.16.67.135 255.255.255.224 UG 40 0 0 eth0
172.16.69.192 0.0.0.0 255.255.255.192 U 40 0 0 eth1
172.16.67.128 0.0.0.0 255.255.255.128 U 40 0 0 eth0
172.160.0 172.16.67.135 255.255.0.0 UG 40 0 0 eth0
172.16.0.0 172.16.67.131 255.240.0.0 UG 40 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo
0.0.0.0 172.16.69.193 0.0.0.0 UG 40 0 0 eth1
[root@bigboy tmp]#
How to Change Your Default Gateway
Your server needs to have a single default gateway. DHCP servers will automatically assign a default gateway to DHCP configured NICs, but NICs with configured static IP addresses will need to have a manually configured default gateway. This can be done with a simple command. This example uses a newly installed wireless interface called wlan0, most PCs would be using the standard Ethernet interface eth0.
[root@bigboy tmp]# route add default gw 192.168.1.1 wlan0
In this case, make sure that the router/firewall with IP address 192.168.1.1 is connected to the same network as interface wlan0!
Once done, you'll need to update your /etc/sysconfig/network file to reflect the change. This file is used to configure your default gateway each time Linux boots.
NETWORKING=yes
HOSTNAME=bigboy
GATEWAY=192.168.1.1
Note: In Debian based systems the default gateway is permanently defined in the /etc/network/interfaces file. See the section "Debian / Ubuntu Network Configuration" later in this chapter for more details.
Some people don't bother modifying network specific files and just place the route add command in the script file /etc/rc.d/rc.local which is run at the end of each reboot.
It is possible to define default gateways in the NIC configuration file in the /etc/sysconfig/network-scripts directory, but you run the risk of inadvertently assigning more than one default gateway when you have more than one NIC. This could cause connectivity problems. If one of the default gateways has no route to the intended destination, every other packet will become lost. Firewalls that are designed to block packets with irregular sequence numbers and unexpected origins could also obstruct your data flow.
How to Configure Two Gateways
Some networks may have multiple router/firewalls providing connectivity. Here's a typical scenario:
• You have one router providing access to the Internet that you'd like to have as your default gateway (see the default gateway example earlier)
• You also have another router providing access to your corporate network using addresses in the range 10.0.0.0 to 10.255.255.255. Let's assume that this router has an IP address of 192.168.1.254
The Linux box used in this example uses interface wlan0 for its Internet connectivity. You might be most likely using interface eth0, please adjust your steps accordingly.
There are a number of ways to add this new route.
Adding Temporary Static Routes
The route add command can be used to add new routes to your server that will last till the next reboot. It has the advantage of being univeral to all versions of Linux and is well documented in the man pages. In our example the reference to the 10.0.0.0 network has to be preceded with a -net switch and the subnet mask and gateway values also have to be preceded by the netmask and gw switches respectively.
[root@bigboy tmp]# route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.254 wlan0
If you wanted to add a route to an individual server, then the "-host" switch would be used with no netmask value. (The route command automatically knows the mask should be 255.255.255.255). Here is an example for a route to host 10.0.0.1.
[root@bigboy tmp]# route add -host 10.0.0.1 gw 192.168.1.254 wlan0
A universal way of making this change persistent after a reboot would be to place this route add command in the file /etc/rc.d/rc.local, which is always run at the end of the booting process.
Adding Permanent Static Routes
In Fedora Linux, permanent static routes are added on a per interface basis in files located in the /etc/sysconfig/network-scripts directory. The filename format is route-interface-name so the filename for interface wlan0 would be route-wlan0.
The format of the file is quite intuitive with the target network coming in the first column followed by the word via and then the gateway's IP address. In our routing example, to set up a route to network 10.0.0.0 with a subnet mask of 255.0.0.0 (a mask with the first 8 bits set to 1) via the 192.168.1.254 gateway, we would have to configure file /etc/sysconfig/network-scripts/route-wlan0 to look like this:
#
# File /etc/sysconfig/network-scripts/route-wlan0
#
10.0.0.0/8 via 192.168.1.254
Note: The /etc/sysconfig/network-scripts/route-* filename is very important. Adding the wrong interface extension at the end will result in the routes not being added after the next reboot. There will also be no reported errors on the screen or any of the log files in the /var/log/ directory.
You can test the new file by running the /etc/sysconfig/network-scripts/ifup-routes command with the interface name as the sole argument. In the next example we check the routing table to see no routes to the 10.0.0.0 network and execute the ifup-routes command, which then adds the route:
[root@bigboy tmp]# netstat -nr

Kernel IP routing table

Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wlan0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0
[root@bigboy tmp]# ./ifup-routes wlan0
[root@bigboy tmp]# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wlan0
10.0.0.0 192.168.1.254 255.0.0.0 UG 0 0 0 wlan0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0
[root@bigboy tmp]#
Note: In Debian based systems, permanent static routes are configured using the /etc/network/interfaces file. See the section "Debian / Ubuntu Network Configuration" later in this chapter for more details.
How to Delete a Route
Here's how to delete the routes added in the previous section.
[root@bigboy tmp]# route del -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.254 wlan0
The file /etc/sysconfig/network-scripts/route-wlan0 will also have to be updated so that when you reboot the server will not reinsert the route. Delete the line that reads:
10.0.0.0/8 via 192.168.1.254
Changing NIC Speed and Duplex
There is no better Linux investment than the purchase of a fully Linux compatible NIC card. Most Linux vendors will have a list of compatible hardware on their Web sites: read this carefully before you start hooking up you machine to the network. If you can't find any of the desired models in your local computer store, then a model in the same family or series should be sufficient. Most cards will work, but only the fully compatible ones will provide you with error-free, consistent throughput.
Linux defaults to automatically negotiating the speed and duplex of it's NIC automatically with that of the switch to which it is attached. Configuring a switch port to auto-negotiate the speed and duplex often isn't sufficient because there are frequently differences in the implementation of the protocol standard.
Typically, NICs with failed negotiation will work, but this is usually accompanied by many collision type errors being seen on the NIC when using the ifconfig -a command and only marginal performance. Don't limit your troubleshooting of these types of errors to just failed negotiation; the problem could also be due to a bad NIC card, switch port, or cabling.
Using mii-tool
One of the original Linux tools for setting the speed and duplex of your NIC card was the mii-tool command. It is destined to be deprecated and replaced by the newer ethtool command, but many older NICs support only mii-tool so you'll need to be aware of it. Issuing the command without any arguments gives a brief status report, as seen in the next example, with unsupported NICs providing an Operation not supported message. NICs that are not compatible with mii-tool often will still work, but you have to refer to the manufacturer's guides to set the speed and duplex to anything but auto-negotiate.
[root@bigboy tmp]# mii-tool
SIOCGMIIPHY on 'eth0' failed: Operation not supported
eth1: 100 Mbit, half duplex, link ok
[root@bigboy tmp]#

By using the verbose mode -v switch you can get much more information. In this case, negotiation was OK, with the NIC selecting 100Mbps, full duplex mode (FD):
[root@bigboy tmp]# mii-tool -v
eth1: negotiated 100baseTx-FD, link ok
product info: vendor 00:10:18, model 33 rev 2
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
[root@bigboy tmp]#
Setting Your NIC's Speed Parameters with mii-tool
You can set your NIC to force itself to a particular speed and duplex by using the -F switch with any of the following options: 100baseTx-FD, 100baseTx-HD, 10baseT-FD, or 10baseT-HD. Remember that you could lose all network connectivity to your server if you force your NIC to a particular speed/duplex that doesn't match that of your switch:
[root@bigboy tmp]# mii-tool -F 100baseTx-FD eth0
Unfortunately there is no way to set this on reboot permanently except by placing it the command in the /etc/rc.local file to let it be run at the very end of the booting process or by creating your own startup script if you need it set earlier. Creating your own startup scripts is covered in Chapter 7, "The Linux Boot Process".
Using ethtool
The ethtool command is slated to be the replacement for mii-tool in the near future and tends to be supported by newer NIC cards.
The command provides the status of the interface you provide as its argument. Here we see interface eth0 not doing autonegotiation and set to a speed of 100 Mbps, full duplex. A list of supported modes is also provided at the top of the output.
[root@bigboy tmp]# ethtool eth0
Settings for eth0:
Supported ports: [ TP MII ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Advertised auto-negotiation: No
Speed: 100Mb/s
Duplex: Full
Port: MII
PHYAD: 1
Transceiver: internal
Auto-negotiation: off
Supports Wake-on: g
Wake-on: g
Current message level: 0x00000007 (7)
Link detected: yes
[root@bigboy tmp]#

Setting Your NIC's Speed Parameters with ethtool
Unlike mii-tool, ethtool settings can be permanently set as part of the interface's configuration script with the ETHTOOL_OPTS variable. In our next example, the settings will be set to 100 Mbps, full duplex with no chance for auto-negotiation on the next reboot:
#
# File: /etc/sysconfig/network-scripts/ifcfg-eth0
#
DEVICE=eth0
IPADDR=192.168.1.100
NETMASK=255.255.255.0
BOOTPROTO=static
ONBOOT=yes
ETHTOOL_OPTS="speed 100 duplex full autoneg off"

You can test the application of these parameters by shutting down the interface and activating it again with the ifup and ifdown commands. These settings can also be changed from the command line using the -s switch followed by the interface name and its desired configuration parameters.
[root@bigboy tmp]# ethtool -s eth1 speed 100 duplex full autoneg off
[root@bigboy tmp]#
The Linux man pages give more details on other ethtool options, but you can get a quick guide by just entering the ethtool command alone, which provides a quicker summary.
[root@bigboy tmp]# ethtool
...
...
ethtool -s DEVNAME \
[ speed 10|100|1000 ] \
[ duplex half|full ] \
[ port tp|aui|bnc|mii|fibre ] \
...
...
[root@bigboy tmp]#
A Note About Duplex Settings
By default, Linux NICs negotiate their speed and duplex settings with the switch. This is done by exchanging electronic signals called Fast Link Pulses (FLP). When the speed and duplex are forced to a particular setting the FLPs are not sent. When a NIC is in auto-negotiation mode and detects a healthy, viable link but receives no FLPs, it errs on the side of caution and sets its duplex to half-duplex and sometimes it will also set its speed to the lowest configurable value. It is therefore possible to force a switch port to 100 Mbps full duplex, but have the auto-negotiating server NIC set itself to 100Mbps half-duplex which will result in errors. The same is true for the switch if the switch port is set to auto-negotiate and server NIC is set to 100 Mbps full duplex. It is best to either force both the switch port and server NIC to either auto-negotiate or the same forced speed and duplex values.
How to Convert Your Linux Server into a Simple Router
Router/firewall appliances that provide basic Internet connectivity for a small office or home network are becoming more affordable every day, but when budgets are tight you might seriously want to consider modifying an existing Linux server to do the job.
Details on how to configure Linux firewall security are covered in Chapter 14, "Linux Firewalls Using iptables", but you need to understand how to activate routing through the firewall before it can become a functioning networking device.
Configuring IP Forwarding
For your Linux server to become a router, you have to enable packet forwarding. In simple terms packet forwarding enables packets to flow through the Linux box from one network to another. The Linux kernel configuration parameter to activate this is named net.ipv4.ip_forward and can be found in the file /etc/sysctl.conf. Remove the "#" from the line related to packet forwarding.
Before:

# Disables packet forwarding
net.ipv4.ip_forward=0

After:

# Enables packet forwarding
net.ipv4.ip_forward=1

This enables packet forwarding only when you reboot at which time Linux will create a file in one of the subdirectories of the special RAM memory-based /proc filesystem. To activate the feature immediately you have to force Linux to read the /etc/sysctl.conf file with the sysctl command using the -p switch. Here is how it's done:
[root@bigboy tmp] sysctl -p
sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
kernel.sysrq = 0
kernel.core_uses_pid = 1
[root@bigboy tmp]#

Please refer to Appendix I for more information on adjusting kernel parameters.
Configuring Proxy ARP
If a server needs to send a packet to another device on the same network, it sends out an ARP request to the network asking for the MAC address of the other device.
If the same server needs to send a packet to another device on a remote network the process is different. The server first takes a look at its routing table to find out the IP address of the best router on its network that will be able to relay the packet to the destination. The server then sends an ARP request for the MAC address that matches the router's IP address. It then sends the packet to the router using the router's MAC address and a destination IP address of the remote server.
If there is no suitable router on its network, the server will then send out an ARP request for the MAC address of the remote server. Some routers can be configured to answer these types of ARP requests for remote networks. This feature is called proxy ARP. There are some disadvantages with this. One of the most common problems occurs if two routers are on the network configured for proxy ARP. In this scenario there is the possibility that either one will answer the local server's ARP request for the MAC address of the remote server. If one of the routers has an incorrect routing table entry for the remote network, then there is the risk that traffic to the remote server will occasionally get lost. In other words you can lose routing control.
Note: It is for this and other reasons that it is generally not a good idea to configure proxy ARP on a router. It is also good to always configure a default gateway on your server and use separate routing entries via other routers for all networks your default gateway may not know about.
Some types of bridging mode firewalls need to have proxy ARP enabled to operate properly. These devices are typically inserted as part of a daisy chain connecting multiple network switches together on the same LAN while protecting one section of a LAN from traffic originating on another section. The firewall typically isn't configured with an IP address on the LAN and appears to be an intelligent cable capable of selectively blocking packets.
If you need to enable proxy ARP on a Linux server the /proc filesystem comes into play again. Proxy ARP is handled by files in the /proc/sys/net/ipv4/conf/ directory. This directory then has subdirectories corresponding to each functioning NIC card on your server. Each subdirectory then has a file called proxy_arp. If the value within this file is 0, then proxy ARP on the interface is disabled; if the value is 1 then it is enabled.
You can use the /etc/sysctl.conf file mentioned in Appendix II to activate or disable proxy ARP. The next example activates proxy ARP, first for all interfaces and then for interfaces eth0 and wlan0.
#
# File: /etc/sysctl.conf
#

# Enables Proxy ARP on all interfaces
net/ipv4/conf/all/proxy_arp = 1

# Enables Proxy ARP on interfaces eth1 and wlan0
net/ipv4/conf/eth1/proxy_arp = 1
net/ipv4/conf/wlan0/proxy_arp = 1

You can then activate these settings with the sysctl command.
[root@bigboy tmp] sysctl -p
Configuring Your /etc/hosts File
The /etc/hosts file is just a list of IP addresses and their corresponding server names. Your server will typically check this file before referencing DNS. If the name is found with a corresponding IP address then DNS won't be queried at all. Unfortunately, if the IP address for that host changes, you also have to also update the file. This may not be much of a concern for a single server, but can become laborious if it has to be done companywide. For ease of management, it is often easiest to limit entries in this file to just the loopback interface and also the server's own hostname, and use a centralized DNS server to handle most of the rest. Sometimes you might not be the one managing the DNS server, and in such cases it may be easier to add a quick /etc/hosts file entry till the centralized change can be made.
192.168.1.101 smallfry

In the example above server smallfry has an IP address of 192.168.1.101. You can access 192.168.1.101 using the ping, telnet or any other network aware program by referring to it as smallfry. Here is an example using the ping command to see whether smallfry is alive and well on the network:
[root@bigboy tmp]# ping smallfry
PING zero (192.168.1.101) 56(84) bytes of data.
64 bytes from smallfry (192.168.1.101): icmp_seq=0 ttl=64 time=0.197 ms
64 bytes from smallfry (192.168.1.101): icmp_seq=1 ttl=64 time=0.047 ms


--- smallfry ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 2017ms
rtt min/avg/max/mdev = 0.034/0.092/0.197/0.074 ms, pipe 2
[root@bigboy tmp]#

You can also add aliases to the end of the line which enable you to refer to the server using other names. Here we have set it up so that smallfry can also be accessed using the names tiny and littleguy.
192.168.1.101 smallfry tiny littleguy

You should never have an IP address more than once in this file because Linux will use only the values in the first entry it finds.
192.168.1.101 smallfry # (Wrong)
192.168.1.101 tiny # (Wrong)
192.168.1.101 littleguy # (Wrong)
The loopback Interface's localhost Entry
Usually the first entry in /etc/hosts defines the IP address of the server's virtual loopback interface. This is usually mapped to the name localhost.localdomain (the universal name used when a server refers to itself) and localhost (the shortened alias name). By default, Fedora inserts the hostname of the server between the 127.0.0.1 and the localhost entries like this:
127.0.0.1 bigboy localhost.localdomain localhost

When the server is connected to the Internet this first entry after the 127.0.0.1 needs to be the fully qualified domain name (FQDN) of the server. For example, bigboy.mysite.com, like this:
127.0.0.1 bigboy.my-site.com localhost.localdomain localhost

Some programs such as Sendmail are very sensitive to this and if they detect what they feel is an incorrect FQDN they will default to using the name localhost.localdomain when communicating with another server on the network. This can cause confusion, as the other server also feels it is localhost.localdomain.
Note: You must always have a localhost and localhost.localdomain entry mapping to 127.0.0.1 for Linux to work properly and securely.
Debian / Ubuntu Network Configuration
Many of the core Fedora / Redhat commands and configuration files covered in this chapter can be used in Debian based operating systems, but there are some key differences.
The /etc/network/interfaces File
The main network configuration file is the /etc/network/interfaces file in which all the network interface parameters are defined. The file is divided into stanzas:
The auto Stanza
The auto stanza defines the interfaces that should be automatically initialized when the system boots up.
The mapping Stanza
This stanza maps configuration parameters for an interface depending on the output of a script. For example, on booting the script could prompt you as to whether your laptop Linux system is at home or work with the mapping statement using the answer to configure the appropriate IP address.
By default the much simpler hotplug system is used which assumes that the interfaces will have only one purpose. Typical hotplug configurations simply assign each physical interface with a matching logical interface name (nick name).
mapping hotplug
script grep
map eth0 eth0
map eth1
In this case interface eth0 is specifically given the logical name eth0, while the logical name for eth1 is implied to be the same.
The iface Stanza
The iface stanza defines the characteristics of a logical interface. Typically the first line of these stanzas starts with the word iface, followed by the logical name of the interface, the protocol used, and finally the type of addressing scheme to be used, such as DHCP or static. Protocol keywords include inet for regular TCP/IP, inet6 for IPv6, ipx for the older IPX protocol used by Novell, and loopback for loopback addresses.
Subsequent lines in the stanza define protocol characteristics such as addresses, subnet masks, and default gateways. In this example, interface eth1 is given the IP address 216.10.119.240/27 while interface eth0 gets its IP address using DHCP.
# The primary network interface
auto eth1
iface eth1 inet static
address 216.10.119.240
netmask 255.255.255.224
network 216.10.119.224
broadcast 216.10.119.255
gateway 216.10.119.241
dns-nameservers 216.10.119.241

# The secondary network interface
auto eth0
iface eth0 inet dhcp
Note: When static IP addresses are used, a default gateway usually needs to be defined. Remember to place the gateway statement in the correct stanza with the appropriate router IP address.
Creating Interface Aliases
IP aliases can be easily created in the /etc/network/interfaces file once the main interface has already been defined. A modified duplicate of the main interfaces' iface stanza is required. A colon followed by the sub interface number needs to be added to the first line, and only the subnet mask and the new IP address needs to follow as can be seen in this example for interface eth1:1 with the IP address 216.10.119.239.
auto eth1:1
iface eth1:1 inet static
address 216.10.119.239
netmask 255.255.255.224
Adding Permanent Static Routes
The up option in the appropriate iface stanza of the /etc/network/interfaces file allows you to selectively run commands once the specified interface becomes activated with the ifup command. This makes it useful when adding permanent static routes.
In this example, a route to the 10.0.0.0/8 network via router address 216.10.119.225 has been added. Remember, the up option and the command must reside on the same line of the stanza.
# The primary network interface
auto eth1
iface eth1 inet static
...
...
...
up route add -net 10.0.0.0 netmask 255.0.0.0 gw 216.10.119.225 eth1
A complete /etc/network/interfaces file
We can now construct a complete file based on the previous examples we discussed. Just like in Fedora, interfaces can be activated with the ifup and ifdown commands.
#
# Debian / Ubuntu
#

#
# File: /etc/network/interfaces
#

# The loopback network interface
auto lo
iface lo inet loopback

# This is a list of hotpluggable network interfaces.
# They will be activated automatically by the hotplug subsystem.
mapping hotplug
script grep
map eth0 eth0
map eth1 eth1

# The primary network interface
auto eth1
iface eth1 inet static
address 216.10.119.240
netmask 255.255.255.224
network 216.10.119.224
broadcast 216.10.119.255
gateway 216.10.119.241
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 216.10.119.241
wireless-key 98d126d5ac
wireless-essid schaaffe

up route add -net 10.0.0.0 netmask 255.0.0.0 gw 216.10.119.225 eth1

auto eth1:1
iface eth1:1 inet static
address 216.10.119.239
netmask 255.255.255.224

# The secondary network interface
auto eth0
iface eth0 inet dhcp

For more information on the /etc/network/interfaces file just issue the command man interfaces from the command line.
Conclusion
As you can imagine, configuring Linux networking is just a first step in providing Internet access to your server. There always things that can go wrong that may be totally out of your control. Good systems administrators know the tools needed to be able to identify the probable causes of these types of problem which enables them to know the type of help they need to fix it. The next two chapters show you how to confidently test your network and Linux server applications confidently when things appear to go wrong. The skills you develop to identify and rectify these issues could prove to be invaluable to your company and career