Fedora instalation logbook

Fedora user experiences 050302

Hardware

2.4GHz Celeron, 256MB RAM, nVIDIA GeForce2, 160GB disk, Zcom Xi 626 M wifi + D10, Aver TV Go tuner, Fedora 2

nVIDIA instalation

Driver downloaded from nVidia site, script is executed by .......

AVER TV GO

changes in /etc/modules.conf you must make:
options bttv card=13 pll=1 tuner=11 bttv_gpio=1
options tuner type=11 pal=b
alias char-major-81 bttv
alias wifi0 hostap_pci

TELE

This script uses xawtv -c /dev/video0 and mplayer to watch or record tv. The file .xawtv contains tv channels.

[global]
ratio = 4:3
freqtab = europe-east
pixsize = 128 x 96
pixcols = 1
jpeg-quality = 75
keypad-ntsc = no
keypad-partial = yes
osd = yes

# [Station name]
# capture = overlay | grabdisplay | on | off
# input = Television | Composite1 | S-Video | ...
# norm = PAL | NTSC | SECAM | ...
# channel = #
# fine = # (-128..+127)
# key = keysym | modifier+keysym
# color = #
# bright = #
# hue = #
# contrast = #

[defaults]
norm = PAL
input = Television
capture = over
color = 48%
bright = 48%
hue = 48%
contrast = 48%

[nova_r3]
channel = R1
fine = -11
key = 3

[prima_r7]
channel = R7
fine = -5
key = 4

[ct1_26]
channel = 26
fine = -7
key = 1

[ct2_53]
channel = 53
fine = -5
key = 2

The script tele itself is here:

#!/bin/sh

echo "------------------------------------------------------"
echo "- ahoj -"
echo "prepinam televizi : ct1 ct2 nova prima -"
echo "nebo -"
echo "zapinam televizi: tv -"
echo "nebo -"
echo "zacni nahravat : n 01:00:00 (10 sec default) -"
echo "zacni nahravat : now 01:00:00 (1hour 30) -"
echo "nebo -"
echo "konec : q -"
echo "nebo -"
echo "mplay last avi : last -"
echo "nebo -"
echo "konvertuj di*.avi do mpg4: conv di -"
echo "------------------------------------------------------"


if [ "$1" = "a" ] ; then
echo " iiiiiiiiiiiii "

fi

if [ "$1" = "tv" ] ; then
echo "zapinam televizi"
xawtv -c /dev/video0 -remote -global:filter "linear blend" &
# xawtv -c /dev/video0 -remote -global:filter "linear blend"
fi


if [ "$1" = "tvm" ] ; then
echo "zapinam televizi"
mplayer tv://nova_r3 -tv device=/dev/video0:driver=v4l:input=0:width=704:height=576

# xawtv -c /dev/video0 &
fi



if [ "$1" = "ct1" ] ; then
echo "prepinam na CT1"
v4lctl -c /dev/video0 setstation ct1_26
fi

if [ "$1" = "ct2" ] ; then
echo "prepinam na CT2"
v4lctl -c /dev/video0 setstation ct2_53
fi

if [ "$1" = "nova" ] ; then
echo "prepinam na NOVA"
v4lctl -c /dev/video0 setstation nova_r3
fi

if [ "$1" = "prima" ] ; then
echo "prepinam na PRIMA"
v4lctl -c /dev/video0 setstation prima_r7
fi

if [ "$1" = "q" ] ; then
echo "vypinam"
xawtv-remote quit
# v4lctl -c /dev/video0 quit
fi

if [ "$1" = "last" ] ; then
echo "last file"
ls -1 --color=never -tr | tail -1 | xargs mplayer
ls -1l --color=never -tr | tail -1
fi

#------------------------------------

if [ "$1" = "conv" ] ; then
echo "vypinam"


export ER=`ls -1 --color=never $2*.avi | sort > tmp`

echo "------------------------------------STARTED---------------: "
cat tmp | (while read x
do
export SIZE=`ls -lh $x | awk -F' ' '{print $5}'`
echo " result = $Y, former size=$SIZE"
export Y="conv.$x"
mencoder $x -oac mp3lame -ovc lavc -lavcopts vcodec=mpeg4:vbitrate=800 -o $Y
done)

fi


#----------------------------------- nahravani -----------
#----------------------------------- nahravani -----------
#----------------------------------- nahravani -----------

if [ "$1" = "n" ] ; then
export LEN=$2
if [ "$LEN" = "" ] ; then
export LEN="00:10"
fi
echo "nahravam tuto dobu: hodiny:minuty:sekundy $LEN "
killall xawtv
export DA=`date +%Y%m%d_%H_%M_%S`
echo file se jmenuje ........ $DA.avi
echo " 3 $DA.avi $LEN"
# sleep 1
echo " 2 $DA.avi $LEN"
# sleep 1
echo " 1 $DA.avi $LEN"
sleep 1

#---------- preprocess, crop...
mencoder -tv on:driver=v4l:device=/dev/video0:norm=PAL:width=768:height=576:amode=0:forcechan=1 -oac mp3lame -lameopts cbr:br=64:mode=3 -ovc lavc -lavcopts vcodec=mpeg4:vbitrate=1300 -vop pp=lb,crop=720 :544:24:16 -endpos $LEN -o $DA.avi


ls -ltrh --color=never | tail -2
echo delka zaznamu je $LEN
# v4lctl -c /dev/video0 quit
fi

WIFI

First you must get hostap drivers at hostap.epitest.fi and install it. May be, you need to recompile kernell. Then set properly the variable in configure. Hostap modules should be loaded.

There are two devices: physical = wifi0 and communication layer = wlan0. Both have to be properly configured and started. Usual way is via /etc/sysconfig/network-scripts and in the middle of the work ifup wlan0 or something can be used ( ifconfig wlan0 10.10.10.10 netmask 255.255.255.0 and route add default gw 10.10.0.1) . Dont forget to set nameserver in /etc/resolv.conf.
iwconfig will show the signal strength,
iwlist wifi0 scan will find access points - nice tool.
Nice program xnetstrength helps much with tuning the signal. Small hack to the time constant in the source makes it perfect tool xns2.
Wifi is started from /etc/rc.local, which is not really superb, but it works.


/usr/bin/firewall supc_serv
iwconfig wifi0 mode managed
iwconfig wifi0 essid MNISEKNET_SKOLA

Settings in /etc/network : ..............

SNORT

Snort is a packet analyser and logger. Logs of suspicious packets are stored at /var/log/messages and also in detail in /var/log/snort. /etc/snort/ contains rules and snort.conf file. In the file - it is necessary to change var RULE_PATH /etc/snort which is by default set wrongly. Run or stop it via /etc/init.d/snortd and add it to runlevels via chkconfig --add snortd and chkconfig --level 5 snortd

FIREWALL

iptables -L -vn - get list of firewall rules
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
flushes rules for iptables chains. But also deletion of other chains in needed:
iptables --delete-chain
iptables -t nat --delete-chain
iptables -t mangle --delete-chain
This deletes all the chains. Now all the firewall is off. My script firewall can handle different rules.
internal functions:

# viaproc
# reset_ipt
# deny_ipt
# acc_ipt
# loopback
# check_packets
# dns
# imap
# allow_estab
# in_22_80
# out_80_443
# out_22
# out_all
# ping
# out_ftp
# out_smtp
# traceroute
# local_smtp

Options:

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
FIREWALL - 2004 10 01 09:50:43 parameter =""
firewall status ... BROWSE
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Option reset ... resets iptables (no policy set).. sets proc
Option deny ... deny all (not loopback)
Option accept ... accepts all policy
Option browse ... enables dns, http and https, ssh out
Option clientserver ... dns, ssh, http(s), in port 22,80
Option superclient ... out all (and ping, traceroute)
Option supc_serv ... maximum reasonable - out all, ping.., in ports 22,80
____________________________________________________
Other Security Features
Option lsnort1 ... list snort in messages ....
Option lsnort2 ... list snort in messages (TO me 10.10.0.125) ....
Option lsnortp ... .... grep snort packet log (10. net)
Option lssec ... list secure for LOGIN attemtps
Option fattack ... find attacker ......web pages
Option syscheck .... run syscheck (log in /root/)
Option rootcheck .... run rootkit
Option runmes .... run tail for messages

Next programs are welcome - syscheck and rootkit to check the intruder programs and validate versions of used daemons.
There is important to :

Firewall rulesets

yum

Supertool, instalator that works.
yum list > yumlist provides list of packages
yum info > yuminfo provides descriptions
yum install package
yum upgrade package
yum remove package

Import public keys (if possible):

rpm --import http://rpm.livna.org/RPM-LIVNA-GPG-KEY
rpm --import http://freshrpms.net/packages/RPM-GPG-KEY.txt
rpm --import http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
rpm --import http://dries.studentenweb.org/ayo/RPM-GPG-KEY.dries.txt
rpm --import http://rpms.subpop.net/RPM-GPG-KEY.spc.txt
rpm --import http://newrpms.sunsite.dk/gpg-pubkey-newrpms.txt
rpm --import http://atrpms.net/RPM-GPG-KEY.atrpms
rpm --import http://apt.ling.li/RPM-GPG-KEY.txt
rpm --import http://ruslug.rutgers.edu/macromedia/gpg-publickey.txt

For fedora2:

For fedora3:

[main]
cachedir=/var/cache/yum
debuglevel=2
logfile=/var/log/yum.log
pkgpolicy=newest
distroverpkg=redhat-release
tolerant=1
exactarch=1
retries=20
obsoletes=1
gpgcheck=1

# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d

[fedora-stable]
name=Fedora.us Extras (Stable)
baseurl=http://fedora.quicknet.nl/fedora/fedora/2/$basearch/RPMS.stable
http://mirrors.usc.edu/pub/linux/fedora/fedora/fedora/2/$basearch/RPMS.stable
http://fedora.mirror.sdv.fr/fedora/fedora/$releasever/2/RPMS.stable
http://download.fedora.us/fedora/fedora/$releasever/2/RPMS.stable
#gpgcheck=1

[fedora-unstable]
name=Fedora.us Extras (Unstable)
baseurl=http://mirrors.usc.edu/pub/linux/fedora/fedora/fedora/2/$basearch/RPMS.unstable
http://fedora.mirror.sdv.fr/fedora/fedora/2/$basearch/RPMS.unstable
http://fedora.quicknet.nl/fedora/fedora/2/$basearch/RPMS.unstable
http://mirrors.kernel.org/fedora.us/fedora/fedora/2/$basearch/RPMS.unstable
http://download.fedora.us/fedora/fedora/2/$basearch/RPMS.unstable
#gpgcheck=1

[fedora-testing]
name=Fedora.us Extras (Testing)
baseurl=http://download.fedora.us/fedora/fedora/2/$basearch/RPMS.testing
http://fedora.quicknet.nl/fedora/fedora/2/$basearch/RPMS.testing
http://fedora.mirror.sdv.fr/fedora/fedora/2/$basearch/RPMS.testing
http://mirrors.kernel.org/fedora.us/fedora/fedora/2/$basearch/RPMS.testing
http://mirrors.usc.edu/pub/linux/fedora/fedora/fedora/2/$basearch/RPMS.testing
#gpgcheck=1

###############
## Livna.org ##
###############

[livna-stable]
name=Livna.org - Fedora Compatible Packages (stable)
baseurl=http://rpm.livna.org/fedora/$releasever/$basearch/RPMS.stable
http://livna.cat.pdx.edu/fedora/$releasever/$basearch/RPMS.stable
#gpgcheck=1


[livna-unstable]
name=Livna.org - Fedora Compatible Packages (unstable)
baseurl=http://rpm.livna.org/fedora/$releasever/$basearch/RPMS.unstable
http://livna.cat.pdx.edu/fedora/$releasever/$basearch/RPMS.unstable
#gpgcheck=1

[livna-testing]
name=Livna.org - Fedora Compatible Packages (testing)
baseurl=http://rpm.livna.org/fedora/$releasever/$basearch/RPMS.testing
http://livna.cat.pdx.edu/fedora/$releasever/$basearch/yum/testing
#gpgcheck=1


############
# Jpackage #
############

# JPackage is a GREAT repository for Java Software.
# However, you may have to compile some SRPMs to use it,
# so it's commented out by default. See
#
# For the SRPMs, and for
# the general details.
#
# Note: JPackage IS compatible with the fedora.us repositories.
# You can use JPackage and fedora.us at the same time, without
# any trouble. It's also compatible with the Alternate Repositories,
# for the most part.


[jpackage-generic]
name=JPackage Cross-Platform Packages
baseurl=http://mirrors.sunsite.dk/jpackage/1.6/generic/free
ftp://jpackage.hmdc.harvard.edu/JPackage/1.6/generic/free
http://sunsite.informatik.rwth-aachen.de/ftp/pub/Linux/jpackage/1.6/generic/free
failovermethod=priority
enabled=0
#gpgcheck=1

[jpackage-fedora]
name=JPackage Fedora Packages
baseurl=http://mirrors.sunsite.dk/jpackage/1.6/fedora-$releasever/free
ftp://jpackage.hmdc.harvard.edu/JPackage/1.6/fedora-$releasever/free

http://sunsite.informatik.rwth-aachen.de/ftp/pub/Linux/jpackage/1.6/fedora-$releasever/free
failovermethod=priority
enabled=0
#gpgcheck=1


############################
## Alternate Repositories ##
############################

# To use these repos, either use the --enablerepo
# command-line argument to yum, or change "enabled=0"
# to "enabled=1". Note: Some packagesfrom these repositories
# may conflict with the fedora.us packages. If you use these
# repositories, you may wish to disable the fedora.us and
# livna.org repositories.

[freshrpms]
name=FreshRPMs
mirrorlist=http://ayo.freshrpms.net/fedora/linux/$releasever/mirrors-freshrpms
enabled=1
#gpgcheck=1

[dag]
name=Dag APT Repository baseurl=http://dag.freshrpms.net/fedora/$releasever/en/$basearch/dag/
http://dag.atrpms.net/fedora/$releasever/en/$basearch/dag/
http://ftp.heanet.ie/pub/freshrpms/pub/dag/fedora/$releasever/en/$basearch/dag/
enabled=1
#gpgcheck=1

[dries] name=Dries APT/YUM Repository
baseurl=http://dries.studentenweb.org/yum/fedora/linux/$releasever/$basearch/dries/RPMS/
enabled=1
#gpgcheck=1

[newrpms]
name=NewRPMs baseurl=http://newrpms.sunsite.dk/apt/redhat/en/$basearch/fc$releasever
http://newrpms.atrpms.net/apt/redhat/en/$basearch/fc$releasever
enabled=1
#gpgcheck=1
[atrpms]
name=ATrpms - Stable
baseurl=http://apt.atrpms.net/fedora/$releasever/en/$basearch/at-stable

http://ftp-stud.fht-esslingen.de/atrpms/download.atrpms.net/fedora/$releasever/en/$basearch/at-stable
http://wftp.tu-chemnitz.de/pub/linux/ATrpms/fedora/$releasever/en/$basearch/at-stable
enabled=1
#gpgcheck=1

[atrpms-testing]
name=ATrpms - Testing
baseurl=http://wftp.tu-chemnitz.de/pub/linux/ATrpms/fedora/$releasever/en/$basearch/at-testing
http://apt.atrpms.net/fedora/$releasever/en/$basearch/at-testing

http://ftp-stud.fht-esslingen.de/atrpms/download.atrpms.net/fedora/$releasever/en/$basearch/at-testing
enabled=0
#gpgcheck=1

[atrpms-bleeding]
name=ATrpms - Bleeding
baseurl=http://apt.atrpms.net/fedora/$releasever/en/$basearch/at-bleeding

http://ftp-stud.fht-esslingen.de/atrpms/download.atrpms.net/fedora/$releasever/en/$basearch/at-bleeding
http://wftp.tu-chemnitz.de/pub/linux/ATrpms/fedora/$releasever/en/$basearch/at-bleeding
enabled=0
#gpgcheck=1

###################
## Miscellaneous ##
###################

# Semi-official Macromedia repository containing the flash-plugin rpm.
[flash]
name=macromedia.mplug.org - Flash Plugin
baseurl=http://macromedia.mplug.org/apt/fedora/$releasever
http://sluglug.ucsc.edu/macromedia/apt/fedora/$releasever
http://ruslug.rutgers.edu/macromedia/apt/fedora/$releasever
http://macromedia.rediris.es/apt/fedora/$releasever
enabled=0
#gpgcheck=1