change hostname debian

Change the hostname of a debian host

To get an idea what configuration files may be you using the old-current hostname it helps to grep /etc/ for the old-current hostname, eg:
# grep -ril `hostname -f` /etc/
/etc/postfix/main.cf
/etc/hosts
/etc/hostname
/etc/mailname


Update /etc/hostname
# echo "ahost.ipduh.com" > /etc/hostname


Update /etc/hosts ,eg:
#/etc/hosts
#IP Address  FQDN             Alias1  Alias2  AliasN
192.0.2.11   ahost.ipduh.com  ahost


Update /etc/mailname
# echo "ahost.ipduh.com" > /etc/mailname


Update SSH Host Keys
Replace root@old_hostname with root@new_hostname --the last words-- in /etc/ssh/ssh_host_rsa_key.pub and /etc/ssh/ssh_host_dsa_key.pub
Restart the SSH deaemon.

For Postfix update myhostname= in /etc/main.cf and restart the daemon

For ssmtp update hostname= in /etc/ssmtp/ssmtp.conf

Many daemons have some hostname definition in their configuration files that may need to be changed.

If possible restart the system.

Debian Wiki Change Hostname

URI: http://alog.ipduh.com/2013/01/change-hostname-debian.html

disable remove popularity contest debian

I was asked two times already, I better put it in a post.

Disable the Debian packet popularity contest
# dpkg-reconfigure popularity-contest


Remove the packet and its configuration from the system.
# apt-get remove popularity-contest
# apt-get purge popularity-contest


You should not find it anymore in the installed packages
# dpkg -l |grep popularity-contest




disable popularity contest on debian

adduser.sh

I had to add a few lines to adduser.sh , a little script I wrote a while ago, in an effort to come up with an easy way ( for a friend and inexperienced Unix admins in general ) to add users to an FTP server --Ubuntu 12.04 LTS but this script should work on all Linux distros.

#!/bin/bash

##adduser.sh
###Add a system user
####g0 2010 ,kod.ipduh.com

INTERACTIVE=1

GROUPID=""
GROUPNAME=""
USERID=""
USERNAME=""
USERHOMEDIR=""
USERSHELL=""
USERCOMMENT=""

if [ "$INTERACTIVE" -eq 1 ] ; then

echo "Add User:"
read -p "Enter GROUPID     : " GROUPID;
read -p "Enter GROUPNAME   : " GROUPNAME;
read -p "Enter USERID      : " USERID;
read -p "Enter USERNAME    : " USERNAME;

read -p "Enter USER HOME DIRECTORY ( Or hit enter for /home/$USERNAME ): " USERHOMEDIR;
if [ -z "$USERHOMEDIR" ]
then
        USERHOMEDIR="/home/${USERNAME}"
fi

read -p "Enter USERSHELL   : " USERSHELL;
read -p "Enter USERCOMMENT : " USERCOMMENT;

else

GROUPID=$1
GROUPNAME=$2
USERID=$3
USERNAME=$4
USERHOMEDIR=$5
USERSHELL=$6
USERCOMMENT=$7
fi

groupadd -g $GROUPID $GROUPNAME
cp -r /etc/skel $USERHOMEDIR
useradd -u $USERID -g $GROUPID -d "$USERHOMEDIR" -s "$USERSHELL" -c "$USERCOMMENT" $USERNAME
chown -R $USERNAME.$GROUPNAME $USERHOMEDIR
passwd $USERNAME

if [ "$INTERACTIVE" -eq 1 ] ; then
echo " "
echo -n "User:"
grep $USERNAME /etc/passwd
echo ""
echo -n "Group:"
grep $GROUPNAME /etc/group
echo ""
echo "$USERNAME home Dir $USERHOMEDIR long listing:"
ls -las $USERHOMEDIR
echo " "
echo "."
fi


The easiest way to install adduser.sh:
# wget http://kod.ipduh.com/lib/adduser.sh
# chmod 700 adduser.sh
# mv adduser.sh /bin



adduser.sh

persistent static routes linux debian

Notes on Persistent static routes debian on /etc/network/interfaces when a routing daemon is not used.

default gateway --the 0.0.0.0/0 route is set with gateway eg.
auto eth0
allow-hotplug eth0
iface eth0 inet static
        address 192.0.2.222
        netmask 255.255.255.0
        network 192.0.2.0
        broadcast 192.0.2.255
        gateway 192.0.2.1


Some other route is set with up and unset with down eg: for the 10.0.0.0/8 route
auto eth0:1
allow-hotplug eth0:1
iface eth0:1 inet static
 address 10.21.241.34
 netmask 255.255.255.128
 network 10.21.241.0
 broadcast 10.21.241.127
 up route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.21.241.69
 down route del -net 10.0.0.0 netmask 255.0.0.0 gw 10.21.241.69


An example /etc/network/interfaces
# cat /etc/network/interfaces 
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
allow-hotplug eth0
iface eth0 inet static
        address 192.0.2.222
        netmask 255.255.255.0
        network 192.0.2.0
        broadcast 192.0.2.255
        gateway 192.0.2.1

auto eth0:1
allow-hotplug eth0:1
iface eth0:1 inet static
 address 10.21.241.34
 netmask 255.255.255.128
 network 10.21.241.0
 broadcast 10.21.241.127
 up route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.21.241.69
 down route del -net 10.0.0.0 netmask 255.0.0.0 gw 10.21.241.69


The above /etc/network/interfaces produces the following routing table
# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.0.2.1       0.0.0.0         UG    0      0        0 eth0
10.0.0.0        10.21.241.69    255.0.0.0       UG    0      0        0 eth0
10.21.241.0     0.0.0.0         255.255.255.128 U     0      0        0 eth0
192.0.2.0       0.0.0.0         255.255.255.0 U     0      0        0 eth0


URI: http://alog.ipduh.com/2013/01/static-routes-linux-debian.html



Persistent Static Routes Linux Debian

ghetto response to a ghetto DDoS attack on apache

Had to help two friends to overcome a low budget ddos attack on their server. Few minutes upon logging in I figured that a few thousands hosts were running simple stressers against their apache, something that could be blocked with iptables I figured.

So here it goes --my simple 'ghetto' response-- three simple scripts a few lines long each to complement the bif --the basic iptables firewall.

First get_them.sh, a little script that sorts in descending order the ip addresses with the most connections to a port.


#!/bin/bash
#g0 2013 get_them.sh 
#Sort the IP addresses with connections to the PORT according to the number of connections
PORT=${1}
netstat -punta | grep ":${PORT}" | grep -v ":\*" | awk '{print $5}' | awk -F ":" '{print $1}' | sort | uniq -c | sort -nr




I piped get_them.sh to a pager to get a better view
#./get_them.sh 80 |less


Next, another little script -- xworst.sh -- that takes the x IP addresses with the most connections to a port and puts them to a list.


#!/bin/bash
#g0 2013 xworst.sh
#Add Top x get_them IP addresses in a list
COUNT=${2}
PORT=${1}
./get_them.sh ${PORT} | head -${COUNT} | awk '{print $2}' >> bif.bad



And Finally a script to add IPtables rules to drop all traffic to and from these IP addresses.


#!/bin/bash
#g0 2013 block those bastards

#Put you IP addresses on this white list
WHITE_LIST="192.0.2.222|192.0.2.246|192.0.2.123"
IPTABLES="/sbin/iptables" BIF_BAD_IP_FILE="./bif.bad.go" BIF_BAD="./bif.bad" cat ${BIF_BAD} | egrep -v ${WHITE_LIST} > ${BIF_BAD_IP_FILE}
#Block Bad IP addresses and sets of IP addresses in CIDR notation if [ -e "$BIF_BAD_IP_FILE" ] ; then for BAD_IP in `cat ${BIF_BAD_IP_FILE}`; do
        ${IPTABLES} -A OUTPUT -d ${BAD_IP} -j DROP         ${IPTABLES} -A INPUT -s ${BAD_IP} -j DROP
done
fi



Like I said this is a ghetto response to a ghetto ddos attack ... don't expect it to withstand anything sophisticated.



a Ghetto response to a ghetto DDOS attack on apache

Net::SSLeay debian

Install Net::SSLeay on debian --the lazy way

# apt-get install libnet-ssleay-perl




Install SSLeay on debian the lazy way

openssl notes



Show Certificate Information:
# openssl x509 -noout -text < example.crt


Calculate certificate sha1 fingerprint
# openssl x509 -noout -fingerprint -sha1 < example.crt


Calculate certificate md5 fingerprint
# openssl x509 -noout -fingerprint -md5 < example.crt


Create a Private Key and a Certificate ( request )
# openssl req -new -nodes -keyout example.key -out example.req
It will most probably create a 1024bit RSA key.

Create a 2048 bit RSA Private Key and a Certificate ( request )
$ openssl req \
> -new -newkey rsa:2048 -nodes \
> -keyout private_key.pem -out key_csr.pem


Sign a certificate
# openssl ca -config ca.config -keyfile ca.key -cert ca.crt -out example.crt -infiles example.req 


Test an openssl server
# openssl s_client -connect 192.0.2.33:443


http://alog.ipduh.com/2013/01/openssl-notes.html



openssl notes

git clone - not `trusted` ssl certificates

A quick post on adding new Certificate Authorities to your SSL client.

Actually, put together so I can do a few other things other than explaining how to Deal with
$ git clone https://git.example.com/kod/example/.git
...
error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none while accessing https://source.ipduh.awmn/source/empty/.git/info/refs

fatal: HTTP request failed
...


To resolve it simply add the the certificate authority who signed the HTTPS Host certificate.
eg: for the ipduh repository
# wget https://ipduh.com/ca_cert/ipduhca.crt --no-check-certificate
# cat ipduhca.crt >> /etc/ssl/certs/ca-certificates.crt


You may disable sslVerify all together, but don't do that.
$ git config --global http.sslVerify false


http://alog.ipduh.com/2013/08/git-clone-not-trusted-ssl-certificates.html



add new Certificate Authorities to git

12.04 LTS ubuntu Desktop -- Add Greek Input

Have you been searching around and found that you have to go to Language Support, install Greek, then select ibus as the Keyboard Input Method and then add Greek on Keyboard Input Methods OR iBus Preferences?

Well, --at least on a friend 's laptop running Ubuntu Desktop 12.04 LTS this does not work ... well it would work if he wanted to use Chinese I guess ... anyways ...

Dash Home - Keyboard Layout - + Greek worked !

12.04 add Greek Input --Not the rocket science way that does not work

tftp server

Notes on setting up a tftp server on a debian system to boot cisco routers or other devices

Install tftpd-hpa
#apt-get install tftpd-hpa


Allow UDP 69, eg:
iptables -A INPUT -p udp --dport 69 ACCEPT
iptables -A INPUT -m state --state NEW -p udp --dport 69 ACCEPT


The configuration is at /etc/default/tftpd-hpa
A simple configuration that may be used to give a bin to a cisco at boot from 10.2.24.10.
#cat /etc/default/tftpd-hpa 
# /etc/default/tftpd-hpa

TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/var/lib/tftpboot"
#TFTP_ADDRESS="0.0.0.0:69"
TFTP_ADDRESS="10.2.24.10:69"
TFTP_OPTIONS="--secure"



The files are served from /var/lib/tftpboot.
To boot cisco put the bin(s) at /var/lib/tftpboot and restart tftpd-hpa
#/etc/init.d/tftpd-hpa


To test the tftp server one could install a tftp client and attempt to get a file eg:
# apt-get install tftp
$ tftp 10.2.24.10
tftp> mode bin
tftp> mode binary
tftp> get c1600-k8osy-mz.123-26.bin
Received 7149311 bytes in 3.6 seconds
tftp> quit


URI:tftp server



TFTP server Debian GNU Linux

Extract the pubic key from a p12

Extract just the public key from a p12

$ openssl pkcs12 -in my.p12 -out my.crt -clcerts -nokeys
Enter Import Password:
MAC verified OK




Extract the public key from a p12

basic linux wireless



View the related hardware
$ lshw -C network


$ lspci -s `lspci |egrep -i "wlan|802.11" |awk  '{print $1}'` -v


See the module used by your wireless network interface
# lspci -s `lspci |egrep -i "wlan|802.11" |awk  '{print $1}'` -v |grep modules |awk -F ': ' '{print $2}' |xargs -I{} grep {} /proc/modules
I know, I had too much coffee



Wireless Tools For Linux

iwconfig - list and manipulate the basic wireless parameters

eg:
$ iwconfig wlan0
wlan0     IEEE 802.11bg  ESSID:"duhpi"  
          Mode:Managed  Frequency:2.412 GHz  Access Point: D4:CA:6D:4F:9F:D2   
          Bit Rate=54 Mb/s   Tx-Power=20 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
          Link Quality=65/70  Signal level=-45 dBm  
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:3   Missed beacon:0



# iwconfig wlan0 txpower 15


# iwconfig wlan0
wlan0     IEEE 802.11bg  ESSID:"duhpi"  
          Mode:Managed  Frequency:2.412 GHz  Access Point: D4:CA:6D:4F:9F:D2   
          Bit Rate=54 Mb/s   Tx-Power=15 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=60/70  Signal level=-50 dBm  
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:3   Missed beacon:0


iwlist - get detailed information from a wireless interface

eg: scan
# iwlist wlan0 scan


# iwlist wlan0 channel
wlan0     14 channels in total; available frequencies :
          Channel 01 : 2.412 GHz
          Channel 02 : 2.417 GHz
          Channel 03 : 2.422 GHz
          Channel 04 : 2.427 GHz
          Channel 05 : 2.432 GHz
          Channel 06 : 2.437 GHz
          Channel 07 : 2.442 GHz
          Channel 08 : 2.447 GHz
          Channel 09 : 2.452 GHz
          Channel 10 : 2.457 GHz
          Channel 11 : 2.462 GHz
          Channel 12 : 2.467 GHz
          Channel 13 : 2.472 GHz
          Channel 14 : 2.484 GHz
          Current Frequency=2.412 GHz (Channel 1)


iwspy - Get wireless statistics from specific nodes

iwpriv - Configure wireless interface private input and output control parameters



wpa_supplicant - Wi-Fi Protected Access client and IEEE 802.1X supplicant

Install on Debian based systems
# apt-get install wpasupplicant


An example /etc/network/interfaces client WPA2-PSK or WPA-PSK wireless if stanza
auto wlan0
iface wlan0 inet dhcp
        wpa-ssid duhpi
        wpa-psk  passkey

Prevent other users from reading your preshared key
# chmod 600 /etc/networ/interfaces


An example /etc/network/interfaces client WPA2-EAP or WPA-EAP wireless if stanza
auto wlan0
iface wlan0 inet dhcp
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
example wpa_supplicant.conf
# cat /usr/share/doc/wpasupplicant/examples/wpa2-eap-ccmp.conf
# WPA2-EAP/CCMP using EAP-TLS

ctrl_interface=/var/run/wpa_supplicant

network={
 ssid="example wpa2-eap network"
 key_mgmt=WPA-EAP
 proto=WPA2
 pairwise=CCMP
 group=CCMP
 eap=TLS
 ca_cert="/etc/cert/ca.pem"
 private_key="/etc/cert/user.p12"
 private_key_passwd="PKCS#12 passhrase"
}




use logical interfaces to switch Acess Points

An example wireless if stanza
auto wlan0

iface wlan_base inet dhcp
wpa-ssid hudpi
wpa-psk  keypass


Switch to wlan_base
# ifup wlan0=wlan_base




http://wireless.kernel.org/en/users/Documentation
Wireless Tools
http://w1.fi/wpa_supplicant
https://wiki.debian.org/WPA
Extensible_Authentication_Protocol




Basic Linux Wireless

Reverse Zone and Caching Nameserver for the AWMN Centos

A quick and dirty how-to for a reverse-zone & caching nameserver for the AWMN on Centos :() .

The System:
# cat /etc/issue
CentOS release 5.7 (Final)
Kernel \r on an \m



I will put everything in /etc/named.conf and the zones files in /var/named/data/.

This is an ultra-basic /etc/named.conf that makes bind a caching nameserver for the AWMN and the Internet and authoritative for the reverse zone of 192.0.2.0/24

# cat /etc/named.conf
#g0
#ervthseis? - problimata ?
#questions? - issues ?
#https://ipduh.com/contact

options {


        version "awmn version";
        directory "/etc";
        pid-file "/var/run/named/named.pid";
        auth-nxdomain no; #RFC1035 ipduh

        allow-notify { 192.0.2.2; };
        allow-transfer { 192.0.2.2; };



        };

zone "2.0.192.in-addr.arpa." {

        type master;
        file "/var/named/data/db.2.0.192.in-addr.arpa";
        allow-transfer { 192.0.2.2; };

        };

//####################################
//# Greek Wireless Communities Zones #
//####################################
//# https://www.awmn.net/wiki/       #
//####################################
//Because awmn will go gwmn pretty soon g stands for Greek or Global ;)
//####################################


zone "10.in-addr.arpa" IN {
        type forward;
        forwarders {
        
        10.19.143.12;
        //10.19.143.13;
        };
};

zone "awmn" IN {
        type forward;
        forwarders {
  
                10.19.143.12;
  //             10.19.143.13;
        };
};

zone "wn" IN {
        type forward;
        forwarders {
                10.126.3.115;
                10.110.17.115;
                10.19.143.12;
                10.17.122.134;
                10.86.87.129;
                10.2.16.130;
                10.110.17.67;
        };
};

zone "swn" IN {
        type forward;
        forwarders {
                10.101.0.254;
                10.106.3.1;
                10.174.254.101;
                10.174.1.253;
        };
};

zone "swn" IN {
        type forward;
        forwarders {
                10.101.0.254;
                10.106.3.1;
                10.174.254.101;
                10.174.1.253;
        };
};

zone "twmn" IN {
        type forward;
        forwarders {
                10.104.76.65;
                10.122.20.70;
                10.122.3.68;
                10.122.14.72;
                10.104.1.74;
        };
};

zone "wthess" IN {
        type forward;
        forwarders {
                10.96.0.1;
                10.96.22.2;
                10.96.9.3;
        };
};

zone "wthess" IN {
        type forward;
        forwarders {
                10.96.0.1;
                10.96.22.2;
                10.96.9.3;
        };
};

zone "ewn" IN {
        type forward;
        forwarders {
                10.145.7.150;
                10.146.210.130;
        };
};

zone "mswn" IN {
        type forward;
        forwarders {
                10.148.50.2;
        };
};

zone "cywn" IN {
        type forward;
        forwarders {
                10.215.0.125;
                10.215.2.126;
        };
};

zone "dwn" IN {
        type forward;
        forwarders {
                10.174.1.253;
                10.174.254.101;
                10.174.17.250;
        };
};

zone "wiran" IN {
        type forward;
        forwarders {
                10.230.3.133;
        };
};

zone "wana" IN {
        type forward;
        forwarders {
                10.224.3.35;
        };
};

zone "awn" IN {
        type forward;
        forwarders {
                10.198.0.130;
        };
};

zone "pwmn" IN {
        type forward;
        forwarders {
                10.140.14.67;
        };
};

zone "." {

        type hint;
        file "/etc/db.cache";

        };



Set Named Init Levels
# chkconfig --level 345 named on


Basic administration:

To restart bind:
# /etc/init.d/named restart


To view all the reverse zones and origins:
# cat /var/named/data/* |egrep "PTR|ORIG"


Reverse Zone and Caching Nameserver for the AWMN Centos

add the new Hard Drive to the old linux System

Got a 2 TB HD for free ~almost.
It's formatted with NTFS ... It would be nice to format it with ext4 and put in on that old Linux system ... and it's a ~2TiB Hard Drive --whatever that means for fdisk, Linux, etc. So, let's see how troublesome that may be.

#uname -r |awk -F '-' '{print $1}'
2.6.32
2.6.32 should be allright according to this

Alternatively some sort of result on
#grep ext4 /etc/fstab 
would be a "good to go" signal as well.

Anyways, let's see how the system sees the 'new' drive
#lshw -C disk
*-disk:0
...
*-disk:1
       description: ATA Disk
       product: WDC WD20EARS-00J
       vendor: Western Digital
       physical id: 1
       bus info: scsi@1:0.0.0
       logical name: /dev/sdb
       version: 80.0
       serial: WD-WCIPDUH264623
       size: 1863GiB (2TB)
       capabilities: partitioned partitioned:dos
       configuration: ansiversion=5 signature=b2b2883f


Delete old partition(s) and put one nice large partition to it. Thinking fdisk? Don't! use parted.

#parted /dev/sdb
GNU Parted 2.2
Using /dev/sdb
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) mklabel gpt                                                     
  align-check TYPE N                        check partition N for TYPE(min|opt) alignment
  check NUMBER                             do a simple check on the file system
  cp [FROM-DEVICE] FROM-NUMBER TO-NUMBER   copy file system to another partition
  help [COMMAND]                           print general help, or help on COMMAND
  mklabel,mktable LABEL-TYPE               create a new disklabel (partition table)
  mkfs NUMBER FS-TYPE                      make a FS-TYPE file system on partition NUMBER
  mkpart PART-TYPE [FS-TYPE] START END     make a partition
  mkpartfs PART-TYPE FS-TYPE START END     make a partition with a file system
  move NUMBER START END                    move partition NUMBER
  name NUMBER NAME                         name partition NUMBER as NAME
  print [devices|free|list,all|NUMBER]     display the partition table, available devices, free space, all found partitions, or a particular partition
  quit                                     exit program
  rescue START END                         rescue a lost partition near START and END
  resize NUMBER START END                  resize partition NUMBER and its file system
  rm NUMBER                                delete partition NUMBER
  select DEVICE                            choose the device to edit
  set NUMBER FLAG STATE                    change the FLAG on partition NUMBER
  toggle [NUMBER [FLAG]]                   toggle the state of FLAG on partition NUMBER
  unit UNIT                                set the default unit to UNIT
  version                                  display the version number and copyright information of GNU Parted
  align-check TYPE N                        check partition N for TYPE(min|opt) alignment
  check NUMBER                             do a simple check on the file system
  cp [FROM-DEVICE] FROM-NUMBER TO-NUMBER   copy file system to another partition
  help [COMMAND]                           print general help, or help on COMMAND
  mklabel,mktable LABEL-TYPE               create a new disklabel (partition table)
  mkfs NUMBER FS-TYPE                      make a FS-TYPE file system on partition NUMBER
  mkpart PART-TYPE [FS-TYPE] START END     make a partition
  mkpartfs PART-TYPE FS-TYPE START END     make a partition with a file system
  move NUMBER START END                    move partition NUMBER
  name NUMBER NAME                         name partition NUMBER as NAME
  print [devices|free|list,all|NUMBER]     display the partition table, available devices, free space, all found partitions, or a particular partition
  quit                                     exit program
  rescue START END                         rescue a lost partition near START and END
  resize NUMBER START END                  resize partition NUMBER and its file system
  rm NUMBER                                delete partition NUMBER
  select DEVICE                            choose the device to edit
  set NUMBER FLAG STATE                    change the FLAG on partition NUMBER
  toggle [NUMBER [FLAG]]                   toggle the state of FLAG on partition NUMBER
  unit UNIT                                set the default unit to UNIT
  version                                  display the version number and copyright information of GNU Parted
(parted) 
(parted)                                                                  
(parted)                                                                  
(parted) mklabel gpt                                                  
Warning: Partition(s) on /dev/sdb are being used.                         
Ignore/Cancel? cancel                                                     
(parted) print                                                            
Model: ATA WDC WD20EARS-00J (scsi)
Disk /dev/sdb: 2000GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number  Start  End  Size  Type  File system  Flags

(parted) mklabel gpt                                                      
Warning: Partition(s) on /dev/sdb are being used.                         
Ignore/Cancel? i                                                          
Warning: The existing disk label on /dev/sdb will be destroyed and all data on this disk will be lost. Do you want to continue?
Yes/No? yes             
(parted) quit



OK, no more partitions and the partition table is of type gpt.
Let 's create one large 2TB partition.
#parted /dev/sdb
GNU Parted 2.2
Using /dev/sdb
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) print                                                            
Model: ATA WDC WD20EARS-00J (scsi)
Disk /dev/sdb: 2000GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt

Number  Start  End  Size  File system  Name  Flags

(parted) mkpart primary 0GB 2000GB
Error: Error informing the kernel about modifications to partition /dev/sdb1 -- Device or resource busy.  This means Linux won't know about any changes you made to /dev/sdb1 until you
reboot -- so you shouldn't mount it or use it in any way before rebooting.
Ignore/Cancel? i                                                          
Warning: WARNING: partition(s) 3 on /dev/sdb could not be modified, probably because it/they is/are in use.  As a result, the old partition(s) will remain in use until after reboot.
You should reboot now before making further changes.
(parted) quit
Information: You may need to update /etc/fstab.                           


... whatever ..

#shutdown -r now


OK ...

#parted /dev/sdb
GNU Parted 2.2
Using /dev/sdb
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) print
Model: ATA WDC WD20EARS-00J (scsi)
Disk /dev/sdb: 2000GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt

Number  Start   End     Size    File system  Name     Flags
 1      1049kB  2000GB  2000GB               primary

(parted) quit 


Let 's see what fdisk sees.
#fdisk /dev/sdb

WARNING: GPT (GUID Partition Table) detected on '/dev/sdb'! The util fdisk doesn't support GPT. Use GNU Parted.


WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
         switch off the mode (command 'c') and change display units to
         sectors (command 'u').

Command (m for help): print

Disk /dev/sdb: 2000.4 GB, 2000398934016 bytes
255 heads, 63 sectors/track, 243201 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1               1      243202  1953514583+  ee  GPT

Command (m for help): quit


OK, let's format the partition to ext4.

#mkfs.ext4 /dev/sdb1
mke2fs 1.41.11 (14-Mar-2010)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
122101760 inodes, 488378368 blocks
24418918 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=4294967296
14905 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks: 
 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
 4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968, 
 102400000, 214990848

Writing inode tables: done                            
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 38 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.


Reclaim the 5%.

#tune2fs -m 0 /dev/sdb1
tune2fs 1.41.11 (14-Mar-2010)
Setting reserved blocks percentage to 0% (0 blocks)


Mount and test

#mkdir /green
#mount /dev/sdb1 /green
#df -h |grep green
/dev/sdb1             1.8T  196M  1.8T   1% /green


Told him 0% reserved space, I guess it will not accept less than 1% for the system ... anyways ...


Put on fstab

#echo "/dev/sdb1 /green           ext4    defaults        0       2" >> /etc/fstab


Done!

Add the new HD to the old linux

read only filesystem

notes on setting up a read only file system

yet another placeholder ... has been `coming` for what 2 years now



read only filesystem for security ... huh?

Perl, Javascript, C, Bash linguistics

C , Bash , C++, Perl , Python, PHP , Javascript linguistics

yet another placeholder ... (not) coming (any time) soon ...



c ... javascript linguistics ...