Slackware Linux 10 Mini-HOWTO

Hier beschreibe ich sehr kurz, wie ich Slackware Linux 10 auf mehreren Computern installiert und konfiguriert habe.
Stand: 2006-07-09

mfg Gernot

Inhalt


Installation

Partitionierung

~# cfdisk

  1. /boot
    100MB ext2
    (98MB im cfdisk)
    (nicht wirklich erforderlich)
  2. /
    >6GB ReiserFS
    (eine Vollinstallation braucht ca 4GB)
  3. swap
    1GB SWAP
    (1077MB im cfdisk (1 073 741 824 Bytes))

ALLES INSTALLIEREN!!!
und den Anweisungen am Bildschirm folgen.

Ich empfehle LiLo im MBR (Master Boot Record) zu installieren.


Kernel

Upgrade

Bitte die gcc-Version beachten.

~# cd ./linux-2.6.xx
/linux-2.6.xx# upgradepkg *tgz

Ramdisk

Um Treiber für SerialATA (Intel Controller) in die Ramdisk zu laden muss diese wie folgt erstellt werden:

~# cd /boot
/boot# mkinitrd -c -k 2.6.13 -m libata:ata_piix:reiserfs

LiLo

/etc/lilo.conf

[...]
# Linux bootable partition config begins
image = /boot/vmlinuz
  initrd = /boot/initrd.gz
  root = /dev/hda2
  label = Linux
  # The following line is only interesting if your cdrom drive
  # is attached to Intel SerialATA Controller (kernel >= 2.6.14)
  #append = "ide1=noprobe libata.atapi_enabled=1"
  read-only # Non-UMSDOS filesystems should be mounted read-only for checking
# Linux bootable partition config ends

~# lilo

Module

/etc/rc.d/rc.modules

[...]
### PC parallel port support ###
if cat /proc/ksyms | grep "\[parport_pc\]" 1> /dev/null 2> /dev/null ; then
  echo "parport0 is built-in, not loading module" > /dev/null
else
  if [ -r /lib/modules/$RELEASE/misc/parport_pc.o \
       -o -r /lib/modules/$RELEASE/misc/parport_pc.o.gz \
       -o -r /lib/modules/$RELEASE/kernel/drivers/parport/parport_pc.o \
       -o -r /lib/modules/$RELEASE/kernel/drivers/parport/parport_pc.o.gz ]; then
    # Generic setup example:
    /sbin/modprobe parport_pc
    # Hardware specific setup example (required for PLIP and better
    # performance in general):
    #/sbin/modprobe parport_pc io=0x378 irq=7
  fi
fi

### Parallel printer support ###
if cat /proc/ksyms | grep "\[lp\]" 1> /dev/null 2> /dev/null ; then
  echo "lp support built-in, not loading module" > /dev/null
else
  if [ -r /lib/modules/$RELEASE/misc/lp.o \
       -o -r /lib/modules/$RELEASE/misc/lp.o.gz \
       -o -r /lib/modules/$RELEASE/kernel/drivers/char/lp.o \
       -o -r /lib/modules/$RELEASE/kernel/drivers/char/lp.o.gz ]; then
    /sbin/modprobe lp
  fi
fi
[...]
# Enables SoundBlaster 16
/sbin/modprobe sb
[...]
# Enable Advanced Power Management
# (automatically switch off computer after shutdown)
/sbin/modprobe apm
[...]
# Enable/disable AGP
#/sbin/modprobe agpgart
[...]
# Laptop support (acpi)
# disable apm when using acpi
/sbin/modprobe acpi
/sbin/modprobe ac
/sbin/modprobe battery

SpeedStep

/etc/rc.d/rc.modules

[...]
/sbin/modprobe acpi
/sbin/modprobe speedstep-centrino
/sbin/modprobe cpufreq_ondemand
[...]

/etc/rc.d/rc.local

[...]
# Enable Intel SpeedStep
echo ondemand > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
[...]

Standby (Suspend to RAM)

/etc/rc.d/rc.modules

[...]
/sbin/modprobe button
[...]

/etc/acpi/acpi_handler.sh

[...]
    case "$2" in
      power) /sbin/init 0
         ;;
      sleep) echo -n "mem" > /sys/power/state
         ;;
[...]

Zusätzliche Module (Treiber)

NVIDIA Linux Driver

/etc/X11/xorg.conf

[...]

Section "Device"
[...]
    Driver "nvidia"
    Option "NoLogo" "true"
    Option "ModeValidation" "NoEdidModes"

[...]

TV-Out (ohne TwinView):
/etc/X11/xorg.conf

[...]
Section "Monitor"
    Identifier "MONITOR_TV"
    VertRefresh 60
    HorizSync 30-50
EndSection
[...]
Section "Device"
    Identifier "NVIDIA_TV"
    Driver "nvidia"
    Option "TVOutFormat" "COMPOSITE"
    Option "TVStandard" "PAL-B"
    Option "ConnectedMonitor" "TV"
EndSection
[...]
Section "Screen"
    Identifier "TV"
    Device "NVIDIA_TV"
    Monitor "MONITOR_TV"
    DefaultDepth 24
    Subsection "Display"
        Depth 24
        Modes "640x480"
    EndSubsection
EndSection
[...]

Ein Script, welches xine am TV startet:

#!/bin/sh
X -screen TV :1 -ac & sleep 2; DISPLAY=:1 xine && kill `ps aux | awk '/X\ -screen/ {print $2}' `

ATI Linux Driver

0) ~# /usr/share/fglrx/fglrx-uninstall.sh

1) ~# ./ati-driver-installer-8.22.5-i386.run

2) X Konfiguration

3) ~# aticonfig --initial

/etc/X11/xorg.conf

[...]

Section "Device"
[...]
    Driver "fglrx"
    Option "VideoOverlay" "on"

[...]

4) POSIX Shared Memory

/etc/fstab

[...]
tmpfs            /dev/shm         tmpfs       defaults         0   0

5) Workaround for ATI's fglrx bug #239

/opt/kde/share/config/kdm/kdmrc

[...]

[X-:*-Core]
[...]
# Workaround for ATI's fglrx bug #239
TerminateServer=True
[...]

Intel Wireless

1) Install ieee80211
http://ieee80211.sourceforge.net/
~# tar xzvf ieee80211*tar.gz
~# cd ieee80211*
ieee80211-1.x.x# make
ieee80211-1.x.x# make install
ieee80211-1.x.x# cd ..

2) Install ipw2200
http://ipw2200.sourceforge.net/
There is no WPA support in version 1.0.0
~# tar xzvf ipw2200-1.*tar.gz
~# cd ipw2200-1.*
ipw2200-1.x.x# ./remove-old
ipw2200-1.x.x# make
ipw2200-1.x.x# make install
ipw2200-1.x.x# cd ..

3) Install ipw2200 firmware
http://ipw2200.sourceforge.net/firmware.php
~# tar xzvf ipw2200-fw*tar.gz
~# cd ipw2200-fw*
ipw2200-fw-x.x# cp ipw* /lib/firmware
ipw2200-fw-x.x# cd ..

Kompilieren

~# cd /usr/src/linux
/usr/src/linux# make menuconfig
/usr/src/linux# make bzImage

Sound

~# rm /etc/asound.state
~# alsaconf


Netzwerk

Netzwerkkarten

Die Grundeinstellungen zu den Netzwerkkarten sind hier zu finden:

/etc/rc.d/rc.inet1.conf

Firewall

/etc/rc.d/rc.firewall

#!/bin/sh
#
# /etc/rc.d/rc.firewall
# Simple firewall script for iptables (Kernel 2.4)
# by Gernot Walzl
#

IPTABLESCONF="/etc/rc.d/rc.firewall.conf"

firewall_start() {
  if [ -r $IPTABLESCONF ]
  then
    echo "Restoring iptables-configuration"
    /usr/sbin/iptables-restore < $IPTABLESCONF
  else
    echo "ERROR: $IPTABLESCONF is not readable"
  fi
}

firewall_stop() {
  echo "Resetting iptables-configuration"
  # reset the default policies in the filter table
  /usr/sbin/iptables -P INPUT ACCEPT
  /usr/sbin/iptables -P FORWARD ACCEPT
  /usr/sbin/iptables -P OUTPUT ACCEPT
  # reset the default policies in the nat table
  /usr/sbin/iptables -t nat -P PREROUTING ACCEPT
  /usr/sbin/iptables -t nat -P POSTROUTING ACCEPT
  /usr/sbin/iptables -t nat -P OUTPUT ACCEPT
  # reset the default policies in the mangle table.
  /usr/sbin/iptables -t mangle -P PREROUTING ACCEPT
  /usr/sbin/iptables -t mangle -P INPUT ACCEPT
  /usr/sbin/iptables -t mangle -P FORWARD ACCEPT
  /usr/sbin/iptables -t mangle -P OUTPUT ACCEPT
  /usr/sbin/iptables -t mangle -P POSTROUTING ACCEPT
  # flush all
  /usr/sbin/iptables -F
  /usr/sbin/iptables -t nat -F
  /usr/sbin/iptables -t mangle -F
  # erase all
  /usr/sbin/iptables -X
  /usr/sbin/iptables -t nat -X
  /usr/sbin/iptables -t mangle -X
}

firewall_save() {
  if [ -f $IPTABLESCONF ]
  then
    if [ -w $IPTABLESCONF ]
    then
      cat $IPTABLESCONF > $IPTABLESCONF"~"
      echo "Saving iptables-configuration"
      /usr/sbin/iptables-save > $IPTABLESCONF
    else
      echo "ERROR: $IPTABLESCONF is not writable"
    fi
  else
    echo "Saving iptables-configuration"
    /usr/sbin/iptables-save > $IPTABLESCONF
  fi
}

case "$1" in
'start')
  firewall_start
  ;;
'stop')
  firewall_stop
  ;;
'restart')
  firewall_stop
  sleep 1
  firewall_start
  ;;
'save')
  firewall_save
  ;;
*)
  echo "usage $0 start|stop|restart|save"
  ;;
esac

Die Konfigurationsdatei zum Firewall-Script:
/etc/rc.d/rc.firewall.conf

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp --dport 81 -j DNAT --to-destination 192.168.0.99:80
-A POSTROUTING -s 192.168.0.0/255.255.255.0 -o ppp0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:synflood - [0:0]
:log-drop - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j synflood
-A INPUT -i ppp0 -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP
-A INPUT -i ppp0 -f -j log-drop
-A INPUT -s 192.168.0.0/255.255.255.0 -i ppp0 -j DROP
-A INPUT -s 127.0.0.0/255.0.0.0 -i ppp0 -j DROP
-A INPUT -s 192.168.0.255 -i ppp0 -j DROP
-A INPUT -s 195.3.96.67 -i ppp0 -p udp -m state --state ESTABLISHED -m udp --sport 53 -j ACCEPT
-A INPUT -s 195.3.96.68 -i ppp0 -p udp -m state --state ESTABLISHED -m udp --sport 53 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 20 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 23 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 4662 -j ACCEPT
-A INPUT -i ppp0 -p udp -m udp --dport 4672 -j ACCEPT
-A INPUT -i ppp0 -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p icmp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p udp -j log-drop
-A INPUT -i ppp0 -p tcp -j log-drop
-A INPUT -i ppp0 -p icmp -j log-drop
-A synflood -m limit --limit 5/sec --limit-burst 10 -j RETURN
-A synflood -j DROP
#-A log-drop -j LOG
-A log-drop -j DROP
COMMIT

DHCP Server

dnsmasq (seit 10.2)

Dieses Programm fungiert als DHCP- und DNS Server.

/etc/dnsmasq.conf

[...]
resolv-file=/etc/dnsmasq.resolv.conf
[...]
interface=eth0
[...]
dhcp-range=192.168.0.10,192.168.0.99,12h

/etc/dnsmasq.resolv.conf

nameserver 195.3.96.67
nameserver 195.3.96.68

/etc/resolv.conf

nameserver 127.0.0.1

dhcpd

/etc/dhcpd.conf

# dhcpd.conf
#
# Configuration file for ISC dhcpd (see 'man dhcpd.conf')
#

ddns-update-style none;

subnet 192.168.0.0 netmask 255.255.255.0 {
  range 192.168.0.10 192.168.0.99;
  option routers 192.168.0.1;
  option domain-name-servers 195.3.96.67, 195.3.96.68;
}

PPP

Konfigurieren mit:

~# pppsetup

Die max. Geschwindigkeit bei mir ist 115200.
(eine zu hohe Einstellung kann das Gegenteil bewirken.)

Ich verwende MS-CHAP-SERVER-1 Authentication.

Die Verbindung soll immer aufrecht bleiben,
es soll nicht sofort neu eingewählt werden,
setzen der maximalen Einwählversuche:
/etc/ppp/options

[...]
persist
holdoff 5
maxfail 100

DNS Client

/etc/resolv.conf

nameserver 195.3.96.67
nameserver 195.3.96.68

dyndns.org

Um meine IP Adresse bei dyndns.org zu aktualisieren verwende ich ddclient-3.6.6
http://ddclient.sourceforge.net/

Download-Manager

/etc/wgetrc

[...]
passive_ftp = on
[...]
# Limit rate
limit-rate=5k

WPA

Install wpa_supplicant
http://hostap.epitest.fi/wpa_supplicant/
~# tar xzvf wpa_supplicant*tar.gz
~# cd wpa_supplicant*
wpa_supplicant-x.x.x# cp defconfig .config
wpa_supplicant-x.x.x# emacs .config
wpa_supplicant-x.x.x# make
wpa_supplicant-x.x.x# make install
wpa_supplicant-x.x.x# cd ..

Configuration
to generate the psk use wpa_passphrase
/etc/wpa_supplicant.conf

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
ap_scan=1

network={
    ssid="MyWLAN"
    scan_ssid=1
    key_mgmt=WPA-PSK
    psk=afafafafafafafafafafafafafafafafaf
}

/etc/rc.d/rc.inet1.conf

[...]
USE_DHCP[0]="yes"
DHCP_HOSTNAME[0]="HOSTNAME"
WLAN_WPA[0]="wpa_supplicant"
WLAN_WPADRIVER[0]="wext"
[...]

Manual initialization:
~# ifconfig eth0 up
~# wpa_supplicant -i eth0 -D wext -c /etc/wpa_supplicant.conf &
~# dhcpcd -h 192.168.0.1 -G 255.255.255.0 eth0
~# route add default gw 192.168.0.1


Daemons

MySQL

~# mysql_install_db
~# chown -cR mysql:mysql /var/lib/mysql

CUPS (Common Unix Printing System)

CUPS bietet ein sehr konfortables Webinterface zur Administration an. Um zu diesem Interface vom Netzwerk aus Zugriff zu erlangen sind folgende Einstellungen in der Datei /etc/cups/cupsd.conf notwendig:

[...]
<Location />
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
Allow From 192.168.0.*
</Location>
[...]
## Restrict access to local domain
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
Allow From 192.168.0.*
[...]

Jetzt ist es möglich mit http://ip_des_rechners:631/ auf das CUPS zuzugreifen und den Drucker zu konfigurieren.

Um eventuell von einem Windows-Rechner aus drucken zu können sind weiters folgende Einstellungen notwendig:

/etc/cups/mime.convs

[...]
application/octet-stream        application/vnd.cups-raw        0       -
[...]

/etc/cups/mine.types

[...]
application/octet-stream
[...]

Samba

Der gewünschte User muss zuerst im Linux-System vorhanden sein:
~# adduser [username]

Die Beispielkonfiguration wird als aktuelle Konfiguration verwendet:
~# cp /etc/samba/smb.conf-sample /etc/samba/smb.conf

Nun kann man das Passwort für Samba verschlüsseln lassen:
~# smbpasswd -a [username]

Folgende Datei wird dabei editiert:
/etc/samba/private/smbpasswd

Wenn die Benutzernamen der Windows-Clients vielleicht nicht mit den Benutzernamen am Linux-Server zusammenpassen ist eine /etc/samba/usermap.txt notwendig.

root = Administrator
nobody = Gast

Diese Datei muss natürlich mit dem Konfigurationsfile /etc/samba/smb.conf eingebunden werden.

# username map
username map = /etc/samba/usermap.txt

Wenn man /var/www/ mit Schreibrechten sharen will sind folgende Einstellungen notwendig:

~# chmod 775 /var/www/htdocs/
~# chgrp users /var/www/htdocs/

/etc/samba/smb.conf

[...]
[www]
   comment = World Wide Web
   path = /var/www/
   public = yes
   writable = yes
   create mask = 0775
   directory mask = 0775

Apache Webserver

/etc/apache/httpd.conf

[...]
MaxClients 15
[...]
#ServerAdmin root@midas.slackware.lan
[...]
ServerName [servername]
[...]
AllowOverride All
[...]
DirectoryIndex index.html index.php
[...]
# CustomLog /var/log/apache/access_log common
[...]
CustomLog /var/log/apache/access_log combined
[...]
Include /etc/apache/mod_php.conf
[...]

Apache Logfile Statistics

Ich verwende dafür AWSTATS
http://awstats.sourceforge.net/

Die Datenberechtigungen sind nicht richtig gesetzt in
awstats-6.1.tgz
Dies muss man manuell mit chown und chmod machen

/etc/apache/httpd.conf

[...]
# CustomLog /var/log/apache/access_log common
[...]
CustomLog /var/log/apache/access_log combined
[...]
###########
# AWSTATS #
###########
#
# Directives to add to your Apache conf file to allow use of AWStats as a CGI.
# Note that path "/usr/local/awstats/" must reflect your AWStats install path.
#
Alias /classes/ "/usr/local/awstats/wwwroot/classes/"
Alias /css/ "/usr/local/awstats/wwwroot/css/"
Alias /icon/ "/usr/local/awstats/wwwroot/icon/"
ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"
#
# This is to permit URL access to scripts/files in AWStats directory.
#
<Directory "/usr/local/awstats/wwwroot/cgi-bin">
    Options None
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

Sonstiges

Spracheinstellung

/etc/profile.d/lang.sh

[...]
# en_US is the Slackware default locale:
export LANG=de_AT@euro
[...]

Systemstart

/etc/rc.d/rc.local

#!/bin/sh
#
# /etc/rc.d/rc.local:  Local system initialization script.
#
# Put any local setup commands in here:

# Connecting to the Internet
echo "Connecting to the Internet"
/usr/sbin/ppp-on -q

# Starting ddclient (version 3.6.6)
/etc/rc.d/rc.ddclient start

# Setting automatic shutdown
# (& is for running the command in background)
time=00:05
echo "Setting automatic shutdown at $time"
/sbin/shutdown -h $time &

FileSystem Table

/etc/fstab

Da ich eine Festplatte mit FAT32 im LAN mit Schreibberechtigungen sharen will ist dies notwendig.

/dev/hdb1        /mnt/fat         vfat        gid=users,umask=0002 1   0
Auf ein NTFS Dateisystem greift man folgendermaßen zu:
/dev/sda1        /mnt/ntfs        ntfs        gid=users,umask=0227,ro 1   0
Benutzung eines USB-Sticks:
/dev/sdb1        /mnt/usb         auto        noauto,user      0   0

X Konfiguration

~# xorgconfig

/etc/X11/xorg.conf

[...]

Section "ServerFlags"
[...]
    Option "StandbyTime" "0"
    Option "SuspendTime" "0"
    Option "OffTime" "5"
[...]

Section "InputDevice"
[...]
    # Enables multimedia-keys on inspiron
    Option "XkbModel" "inspiron"
    #Option "XkbModel" "pc105"
    Option "XkbLayout" "de"
[...]

Section "InputDevice"
[...]
    # Enables mousewheel support
    Option "Protocol" "IMPS/2"
    Option "ZAxisMapping" "4 5"
[...]

Section "Monitor"
[...]
    # Enable Display Power Management Signaling
    Option "DPMS" "true"
[...]

Section "DRI"
    # Direct Rendering Input from all
    Mode 0666
EndSection

Um einen grafischen Login-Bildschirm zu erhalten wird das default runlevel von 3 auf 4 gestellt.
/etc/inittab

[...]
id:4:initdefault:
[...]

Benutzerberechtigungen

Um auf das CD-ROM und die Audiohardware direkt zugreifen zu dürfen:
/etc/group

[...]
audio::17:username
[...]
cdrom::19:username
[...]

Bash keyboard config

/etc/inputrc
[...]
#"\e[5~": beginning-of-history
#"\e[6~": end-of-history
"\e[5~": history-search-backward
"\e[6~": history-search-forward
[...]

Start/Stop Script

#!/bin/bash
#
# general start-stop-script
# by Gernot Walzl
#

USERNAME="nobody"
DIRECTORY="/mldonkey/"
COMMAND="mlnet"

PID=`/sbin/pidof "$COMMAND"`

start() {
  if [ "$PID" ]; then
    echo "ERROR: '$COMMAND' is already running."
    echo "PID(s): $PID"
  else
    cd $DIRECTORY
    su $USERNAME -c "./$COMMAND &"
  fi
}

stop() {
  if [ "$PID" ]; then
    killall -SIGTERM "$COMMAND"
  else
    echo "ERROR: '$COMMAND' is not running."
  fi
}

status() {
  if [ "$PID" ]; then
    echo "'$COMMAND' is running."
    echo "PID(s): $PID"
  else
    echo "'$COMMAND' is not running."
  fi
}

case "$1" in
'start')
  start
  ;;
'stop')
  stop
  ;;
'restart')
  stop
  sleep 100
  start
  ;;
'status')
  status
  ;;
*)
  echo "usage $0 start|stop|restart|status"
  ;;
esac