https://rhn.redhat.com/rhn/software/downloads/SupportedISOs.do
- RHEL.5 to RHEL6.1 UPGRADE - How to create Kickstart Custom OS DVD -
1.
- Create a RHEL6 custom install DVD, based on the existing RHEL5 packages. The new kickstart should set up the following partition scheme
- Root volume /dev/mapper/VolGroup00-LogVol00
- Swap volume /dev/mapper/VolGroup00-LogVol01
- Secondary root volume /dev/mapper/VolGroup00-LogVol02
The two primary and scondary root partitions need to be of equal size.
- Create an install script that does the following:-
o Turns off swap, puts a new OS in the swap volume. Changes grub.conf to boot off the swap volume
o Boots of the swap volume and then resizes the /dev/mapper/VolGroup00-LogVol00 and creates Secondary root volume /dev/mapper/VolGroup00-LogVol02. Changes grub.conf to boot back off the original root volume
o Boots off the old root volume, formats and mounts the new secondary root volume. Installs the RHEL6 OS and apps on the secondary root volume. Changes grub.conf to boot back off the secondary root volume.
2. - pre-script AAA-backup
3.
a. Logvol01 - NOT SWAP
b. backup on logvol01
c. logvol01 no touch (install on logvol00)
logvol --noformat — Use an existing logical volume and do not format it.
- KICKSTART CMDS
tar split and join
tar czpvf - /path/to/archive | split -d -b 100m - tardisk
cat tardisk* | tar xzpvf -
[root@localhost DVD1]# cat ../cmds
#!/bin/bash
mkisofs -r -R -J -T -v -no-emul-boot -boot-load-size 4 -boot-info-table -b isolinux/isolinux.bin -c isolinux/boot.cat -x "lost+found" -o ../RHEL5-Mar-22.iso .
createrepo -g /data/DVD1/Server/repodata/comps-rhel5-server-core.xml /data/DVD1/Server/
// working
createrepo -g /data/EL6/repodata/comps-rhel6-Server.xml /data/EL6/
mkisofs -r -R -J -T -v -no-emul-boot -boot-load-size 4 -boot-info-table -b isolinux/isolinux.bin -c isolinux/boot.cat -x "lost+found" -o ../RHEL5-Mar-22.iso /data/DVD1/
ifconfig eth0 192.168.1.102 netmask 255.255.255.0 broadcast 192.168.1.255
Copy hidden files
rsync -av /gok1/ /gok2/
--------------------------
[root@localhost DVD1]# cat build
#!/bin/bash
echo "delete ../RHEL* y/n?"
read x
if [ $x == "y" ]; then
echo 'deleting old images... (../RHEL*)'
rm -rf ../RHEL*
else
echo "not deleting old images"
fi
echo "Enter new load name: RHEL5-xxx.iso"
read x
a=RHEL5-
c=.iso
b=$a$x$c
echo b=$b
mkisofs -r -R -J -T -v -no-emul-boot -boot-load-size 4 -boot-info-table -b isolinux/isolinux.bin -c isolinux/boot.cat -x "lost+found" -o ../$b .
--------------------------------
[root@localhost DVD1]# cat build2
#!/bin/bash
echo "createrepo y/n?"
read x
if [ $x == "y" ]; then
echo 'creating repodata...'
createrepo -g /data/DVD1/Server/repodata/comps-rhel5-server-core.xml /data/DVD1/Server/
else
echo "create repo not processed..."
fi
echo "delete ../RHEL* y/n?"
read x
if [ $x == "y" ]; then
echo 'deleting old images... (../RHEL*)'
rm -rf ../RHEL*
else
echo "not deleting old images"
fi
echo "Enter new load name: RHEL5-xxx.iso"
read x
a=RHEL5-
c=.iso
b=$a$x$c
echo b=$b
mkisofs -r -R -J -T -v -no-emul-boot -boot-load-size 4 -boot-info-table -b isolinux/isolinux.bin -c isolinux/boot.cat -x "lost+found" -o ../$b .- How to create OS Patch CMDS
tar cvzf OS-RHEL-Feb-2012-patch.tgz 0212-patch/
tar cvzf OS-RHEL-Mar-2012-patch.tgz 0312-patch/
tar cvzf 0312-patch.tgz 0312-patch/
tar cvzf 0312-patch.tgz 0312-patch/ --exclude /tmp/a1
tar cvzf OS-RHEL-Jun-2012-patch.tgz 0612-patch/
tar cvzf OS-RHEL-Jul-2012-patch.tgz 0712-patch/
tar cvzf OS-RHEL-Nov-2012-patch.tgz 1112-patch/- How to See Memory usage
[root@AUTH102 etc]# free
total used free shared buffers cached
Mem: 3631052 2110648 1520404 0 200100 1178528
-/+ buffers/cache: 732020 2899032
Swap: 5668856 0 5668856- How to SWAP File
- [root@AUTH102 etc]# swapon -s
Filename Type Size Used Priority
/dev/mapper/VolGroup00-LogVol01 partition 5668856 0 -1
[root@AUTH102 etc]# free
total used free shared buffers cached
Mem: 3631052 2110648 1520404 0 200100 1178528
-/+ buffers/cache: 732020 2899032
Swap: 5668856 0 5668856
http://www.linuxtopia.org/online_books/rhel5/rhel5_administration/rhel5_ch-swapspace.html
- What is Swap Space?
Using hard drive partition as additional RAM
Swap space in Linux is used when the amount of physical memory (RAM) is full
Swap should equal 2x physical RAM for up to 2 GB of physical RAM, and
then an additional 1x physical RAM for any amount above 2 GB, but never less than 32 MB.
So, if:
M = Amount of RAM in GB, and S = Amount of swap in GB, then
If M < 2
S = M *2
Else
S = M + 2
Using this formula, a system with 2 GB of physical RAM would have 4 GB of swap,
while one with 3 GB of physical RAM would have 5 GB of swap.
Creating a large swap space partition can be especially helpful if you plan to upgrade your RAM at a later
- Use the free and cat /proc/swaps commands to verify how much and where swap is in use.
- Extending Swap on an LVM2 Logical Volume
Extending Swap on an LVM2 Logical VolumeTo extend an LVM2 swap logical volume (assuming /dev/VolGroup00/LogVol01 is the volume you want to extend):
1. Disable swapping for the associated logical volume:
swapoff -v /dev/VolGroup00/LogVol01
2. Resize the LVM2 logical volume by 256 MB:
lvm lvresize /dev/VolGroup00/LogVol01 -L +256M
3. Format the new swap space:
mkswap /dev/VolGroup00/LogVol01
4. Enable the extended logical volume:
swapon -va
5. Test that the logical volume has been extended properly:
cat /proc/swaps # free- How to Create a Swap File
- 11.2.3. Creating a Swap File
To add a swap file:
- Determine the size of the new swap file in megabytes
- multiply by 1024 to determine the number of blocks.
For example, the block size of a 64 MB swap file is 65536.
At a shell prompt as root, type the following command with count being equal to the desired block size:
dd if=/dev/zero of=/swapfile bs=1024 count=65536Setup the swap file with the command:
mkswap /swapfileTo enable the swap file immediately but not automatically at boot time:
swapon /swapfileTo enable it at boot time, edit /etc/fstab to include the following entry:
/swapfile swap swap defaults 0 0The next time the system boots, it enables the new swap file.
- After adding the new swap file and enabling it,
- verify it is enabled by viewing the output of the command
cat /proc/swaps or free.
- Default KERNEL
[root@AUTH102 etc]# cat grub.conf # grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux Server (2.6.18-238.12.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-238.12.1.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.18-238.12.1.el5.img
title Red Hat Enterprise Linux Server (2.6.18-238.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-238.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.18-238.el5.img
[root@AUTH102 etc]#- kernel-PAE
- UK
x86 systems(32bit) with over 4GB of RAM should use the kernel-PAE.
Physical Address Extension
- allowing 32 bit operating systems to use up to 64 Gb of memory (RAM),
- something which is normally achieved by switching to a 64 bit system - How to view HardDisk Space
[root@localhost patch]# df -hT
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00 ext3 18G 3.8G 13G 24% /
/dev/sda1 ext3 99M 25M 70M 27% /boot
tmpfs tmpfs 506M 0 506M 0% /dev/shm- How to Increase Swap space file
[root@localhost mapper]# dd if=/dev/zero of=/usr/local/newswap bs=1G count=16GB
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB) copied, 37.3549 seconds, 28.7 MB/s
[root@localhost mapper]# chmod 600 /usr/local/newswap
[root@localhost mapper]# mkswap /usr/local/newswap
Setting up swapspace version 1, size = 1073737 kB
[root@localhost mapper]# swapon /usr/local/newswap
[root@localhost mapper]# swapon -s
Filename Type Size Used Priority
/dev/mapper/VolGroup00-LogVol01 partition 2097144 0 -1
/usr/local/newswap file 1048568 0 -2
- You can have this swap file, and others, mounted during bootup,
by editing your
vi /etc/fstab
/usr/local/newswap swap swap defaults 0 0
Stop the swap file:
swapoff /usr/local/swapfile- Installation
Bios - F2
boot menu
(press shift & -)- How disable linux command line beep sound
rmmod -v pcspkr
echo "pcspk" >> /etc/modprobe.d/blacklist.conf
[root@localhost ~]# cat soff
#!/bin/bash
rmmod -v pcspkr
echo "blacklist pcspkr" >> /etc/modprobe.d/blacklist.conf- KS - kicksart how to log everything
%Post
Since Anaconda doesn't keep a log of what you do in post (or copy %post into the
archive kickstart file it creates in /root) lets do it ourselves:
# Let's log everything:
tail -F /root/post-install.log &
(
All of your post commands
) 2>&1 >> /root/post-install.log- linked files
how to link file
ln -s target_file symbolic_name
ln -s ../init.d/S01 S01
lrwxrwxrwx 1 root root 13 Sep 13 13:17 S01 -> ../init.d/S01- How to make MD5 Checksum
- MD5 Checksum
md5sum rhel-server-6.2-i386-dvd.iso - rc2.d Script
Startup script
rc2.d script
*** Could be done
http://docs.oracle.com/cd/E19082-01/819-2379/hbrunlevels-14344/index.html
How to Add a Run Control Script
If you want to add a run control script to start and stop a service, copy the script into the /etc/init.d directory.
Then, create links in the rcn.d directory where you want the service to start and stop.
See the README file in each /etc/rcn.d directory for more information on naming run control scripts.
The following procedure describes how to add a run control script.
Become superuser or assume a role that includes the Service Management rights profile.
Roles contain authorizations and privileged commands. For more information about roles,
see Configuring RBAC in System Administration Guide: Security Services.
Add the script to the /etc/init.d directory.
# cp filename /etc/init.d
# chmod 0744 /etc/init.d/filename
# chown root:sys /etc/init.d/filename
Create links to the appropriate rcn.d directory.
# cd /etc/init.d
# ln filename /etc/rc2.d/Snnfilename
# ln filename /etc/rcn.d/Knnfilename
Verify that the script has links in the specified directories.
# ls /etc/init.d/*filename /etc/rc2.d/*filename /etc/rcn.d/*filename
Example 17–16 Adding a Run Control Script
The following example shows how to add a run control script for the xyz service.
# cp xyz /etc/init.d
# chmod 0744 /etc/init.d/xyz
# chown root:sys /etc/init.d/xyz
# cd /etc/init.d
# ln -s xyz /etc/rc2.d/S99xyz
# ln -s xyz /etc/rc0.d/K99xyz
(ln -s xyz /etc/rc5.d/S99xyz)
# ls /etc/init.d/*xyz /etc/rc2.d/*xyz /etc/rc0.d/*xyz- How to connect Internet via VMWare workstation
- How to connect internet VM
- 1. Virtual Network Editor
- 2 .On VM[root@localhost ~]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:0C:29:30:87:51
inet addr:192.168.136.129 Bcast:192.168.136.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1227 errors:0 dropped:0 overruns:0 frame:0
TX packets:1091 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:894077 (873.1 KiB) TX bytes:557751 (544.6 KiB)
Interrupt:67 Base address:0x2024
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1854 errors:0 dropped:0 overruns:0 frame:0
TX packets:1854 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2830688 (2.6 MiB) TX bytes:2830688 (2.6 MiB)
[root@localhost ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search localdomain
nameserver 192.168.136.2
15.4. Configuring Static Routes
- create
/etc/sysconfig/network-scripts/route-eth0
default via 192.168.136.2 dev eth0
ifconfig eth1
route add default gw 172.29.4.1 eth1
route add -net 135.244.0.0 netmask 255.255.0.0 gw 172.29.4.1 eth1 // works
route del -net default gw 172.29.4.1 eth
root@localhost ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.136.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
default 192.168.136.2 0.0.0.0 UG 0 0 0 eth0
[root@localhost ~]#
Rescue Mode
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Installation_Guide/s1-rescuemode-boot.html
Linux rescue Mode
1. Boot from CD
2. F5 - rescue mode
3. linux rescue <enter>
4. current OS will be mounted on /mnt/sysimage
5. change /mnt/sysimage/boot/grub/grub.conf
6. reboot
7. linux saved
Get latest patches w/ yum update
Get Red Hat subscribtion username/passwd
rhn_register --proxy=your.proxy.here:3128 --nox
https://rhn.redhat.com/rhn/systems/SystemEntitlements.do
- How to Setup RedHat subscription login
1. As root user run the command rhn_register
2. A dialog box will appear click [Forward] button and enter RHN login details
- How to Get Redhat updates
1. Run the command as root, yum update
[root@localhost ~]# yum update
Loaded plugins: rhnplugin, security
Skipping security plugin, no data
Setting up Update Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
---> Package Deployment_Guide-en-US.noarch 0:5.8-1.el5 set to be updated
---> Package NetworkManager.i386 1:0.7.0-13.el5 set to be updated
---> Package NetworkManager.x86_64 1:0.7.0-13.el5 set to be updated
…
Transaction Summary
=======================================================================================================================================================
Install 7 Package(s)
Upgrade 374 Package(s)
Total download size: 507 M
Is this ok [y/N]: y
Downloading Packages:
(1/381): mktemp-1.5-24.el5.x86_64.rpm | 14 kB 00:00
(2/381): avahi-glib-0.6.16-10.el5_6.x86_64.rpm | 15 kB 00:00
(3/381): avahi-glib-0.6.16-10.el5_6.i386.rpm | 15 kB 00:00
…
Is this ok [y/N]:
2. In another terminal tab or window,
cd /var/cache/yum
you find a directory
./rhel-i386-server-5/
3. Copy this directory somewhere safe, because this contains the update packages
cp -R ./rhel-i386-server-5/ ~/
4. Tar up this directory and transfer up it to the DVD creation VM
- Create a new .iso image
1. Duplicate the latest existing
[root@localhost data]# cp -R ./isoaaa32-4/ ./isoaaa32-5/
or
mkdir /tmp/cdrom
mount -t iso9660 /dev/cdrom /tmp/cdrom
cp -R /tmp/cdrom/ ./isoaaa32-5/
2. Change directory to the Server directory and untar the patch bundle cd ./isoaaa32-5/Server/
3. Find and remove the duplicate packages. No easy way to do this apart from manually remove the older versions of the packages.
4. Run the script to make the .iso file. Make sure that it runs the following command to rebuild the packages database
createrepo -g /data/isoaaa32-5/Server/repodata/comps-rhel5-server-core.xml /data/isoaaa32-5/Server/
How to add default route - persistent
15.4. Configuring Static Routes
create
/etc/sysconfig/network-scripts/route-eth0
default via 192.168.0.1 dev eth0
10.10.10.0/24 via 192.168.0.1 dev eth0
172.16.1.0/24 via 192.168.0.1 dev eth0
done !
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/s1-networkscripts-static-routes.html
Linux serial ports:
The serial ports are named ttyS0, ttyS1
Default terminal speed is 115200n81
Latest JAVA
JRE latest
http://www.oracle.com/technetwork/java/javase/downloads/index.html
tar czpvf - /path/to/archive | split -d -b 100m - tardisk
cat tardisk* | tar xzpvf -
My kickstart gets to the same place every time and then just stops.
It never starts actually installing files. The problem could be a number of variables,
from a typo in your ks.cfg file to problems with the network, DNS, your server, or firewalls.
One great troubleshooting method is to use the virtual terminals to switch over and see what's going on.
dmesg
- use (CTRL+)ALT+F2 to get to a bash prompt to poke around the system while it's being installed,
- ALT+F3 to view the actual install log,
- ALT+F4 to see all kernel messaging as it's happening (good to identify many errors),
- ALT+F5 to see any partitioning and formatting information in real time.
- ALT+F7 will take you back to the GUI install screen (if GUI install mode is being used).
If you are not able to change even virtual terminals, then you're not all the way
through the network boot stage and you probably have a typo on your kickstart config file
that is preventing it from coming all the way up (look specifically at your url -url and network lines).
Chroot is a mean of jumping from a Linux A into another Linux B.The steps involved are just booting up Linux A either an installed Linux in the hard disk or from a Live CD,
make a temporary partition in /mnt, mount the partition of Linux B and do a chroot.
The result afterward is you will be using the kernel of Linux A but have the access of the Bash shell of Linux B.
This facility allows you to repair Linux B especially if it is unbootable. If LInux B is in partition hda7 the commands
after booting Linux A to chroot to Linux B are
Code:
mkdir /mnt/hda7
mount /dev/hda7 /mnt/hda7
chroot /mnt/hda7
After the above you will be inside hda7 or Linux B to do whatever you want. To get back to Linux A you need to type
Code:
exit
yum repolist all
yum grouplist
yum groupinfo base
yum clean all
CPU INFO
Try uname -m. It seems like the uname -m actually gives
x86_64 ==> 64-bit kernel
i686 ==> 32-bit kernel
Otherwise, not for the Linux kernel, but for the CPU, you type:
cat /proc/cpuinfo
or:
grep flags /proc/cpuinfoUnder "flags" parameter, you will see various values. Among them, one is named "tm(transparent mode)" or "rm(real mode)" or "lm(long mode)"
rm ==> 16-bit processor
tm ==> 32-bit processor
lm ==> 64-bit processor
using ULTRA ISO
Kickstart 6.1 DVD
0.1 Transfer original RHEL6.1 DVD to the new VM
0.2 Copy some files from latest KS DVD to new VM.
1. copy isolinux/* ok
2. change isonlinux.cfg ok
3. cp *ks.cfg
4. cp /ALU
5. change ALU/*
.os_patch
grub.conf.x4250
inittab.x4250 // noch
5.1
change the line : xconfig*
# X Window System configuration information
#xconfig --defaultdesktop=GNOME --depth=16 --resolution=1024x768 --startxonboot
xconfig --defaultdesktop=GNOME --startxonboot
6. Compare rpms latest DVD & 6.1
7. update repodata
RHEL6.1 repodata directory: CDROM/repodata/
// working
a. change /data/EL6/repodata/comp*.xml
b.
createrepo -g /data/EL6/repodata/comps-rhel6-Server.xml /data/EL6/
c. done
naming changed:
rhel5 rhel6
-----------------------------------------------------------------------
@base-x --> x11
@legacy-software-support --> compat-libraries
@graphical-internet --> internet-browser
@gnome-desktop --> general-desktop
@editors --> general-desktop
@admin-tools --> graphical-admin-tools
installed
@base
8. ALU group created in comps.xml; append all needed rpms
----- GNOME Desktop still not showing
9. Desktop working after the followings:
#disable haldaemon - commented out due to desktop issues on RHEL6.1
#/sbin/chkconfig --del haldaemon
#disable messagebus - commented out due to desktop issues on RHEL6.1
#/sbin/chkconfig --del messagebus
#enable microcode_ctl
10. RPMs that is N/A in rhel6 DVD but installed wtih 0712_DVD
a) ipsec-tools --> openswan
RHEL6 does not include ipsec-tools anymore
b) To install vnc client package, use the command below
$ yum install tigervnc
http://pkgs.org/search/?keyword=tigervnc
11. AAA SW cannot be installed
+ fixed w/
. added to /ALU
.. java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.i686.rpm
.. jdk-7u11-linux-i586.rpm
.. jre-7u11-linux-i586.rpm
12. RPM removal:
yum_all_0712.txt
libexif.i386
6.1_DVD_all_rpms_ava.txt
6.1_rpms_tobe_rmvd.txt
13. Issues
+ aaa smt icon
. Red_Hat_Enterprise_Linux-Release_Notes-6-en-US.png
/usr/share/desktop-directories/AAA_apps.directory
[Desktop Entry]
Name=ALU AAA Server
Comment=AAA Applications Menu
Icon=Red_Hat_Enterprise_Linux-Release_Notes-6-en-US.png
Type=Directory
Encoding=UTF-8
. gnome-panel.png
/usr/share/applications/AAA_Apps-aaa-smt.desktop
[Desktop Entry]
Encoding=UTF-8
Name=Server Management Tool
Comment=AAA Applications
Exec=/opt/AAA/bin/aaa-smt
Icon=gnome-panel.png
Terminal=false
Type=Application
Categories=Application;AAA
StartupNotify=true
+ java 7u10
. added to /ALU
.. java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.i686.rpm
.. jdk-7u11-linux-i586.rpm
.. jre-7u11-linux-i586.rpm
+ login screen
. cp /mnt/cdrom/ALU/background.png /mnt/sysimage/usr/share/backgrounds/
. cp /mnt/cdrom/ALU/default.xml /mnt/sysimage/usr/share/backgrounds/
N/A - Absolute First Install Screen
- Fontlari yukle
- remove "RHEL... Santiago" string
- investigate /root logs
13.5) Retina Scan
14) yum update
15) Retina scan
16) bono cfg
----------------------------------------------------------------------------------------------------------------------------
- other notes
9. Desktop working after the followings:
Copy original RHEL6 /etc/inittab to new VM
Change new VM grub.conf according to original RHEL6
Copy original RHEL6 rc.d to new VM
/etc/rc.d
/etc/rc
/etc/rc.local
/etc/rc.sysinit
Next Action
----------------------
+ add @basic-desktop
@ALU
@graphical-admin-tools
@base
@basic-desktop
@general-desktop
@internet-browser
@compat-libraries
@x11
@java
#@bono_rpms
#sg3_utils-libs
#sg3_utils
#ipmitool
#bono
sysstat
net-snmp
net-snmp-utils- ipsec-tools
https://access.redhat.com/knowledge/solutions/38397
RHEL6 does not include ipsec-tools anymoreIssue
On RHEL5 ipsec-tools was used, migrating to RHEL6 is not easy as the package ipsec-tools is not available.
Environment
Red Hat Enterprise Linux 6
ipsec-tools for VPN solution
Resolution
Convert the ipsec-tools configuration to an OpenSwan configuration. More details will be included in the upcoming Security
Guide for RHEL6.
Bug 429373 contains an attachment with an explanation on how to configure OpenSwan and do some debugging/troubleshooting.
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s1-kickstart2-options.html
http://serverfault.com/questions/319254/what-in-a-kickstart-file-sets-the-desktop-gui-as-default-runlevel-5
- How to generate encrypted passwords
create your own encrypted passwords
% perl -e 'print crypt("gsimsek", "Xa") . "\n";'p- Boot Messages
Boot Messages
Alt-F1 - installation dialog
Alt-F2 - shell prompt
Alt-F3 - install log (messages from install program)
Alt-F4 - system log (messages from kernel, etc.)
Alt-F5 - other messages
- Logging on to Virtual Console
bring any output up in another virtual console rather than overwriting the main screen. Could be done in the shell commands section using open?.
A: No problem - do something like this:
exec >/dev/tty5- REPO manual selection
To install our packages via kickstart, we'll need to add the repo to our kickstart file
repo --name=MyRepo --baseurl=http://path/to/MyRepo- How to EXCLUDE rpms from the kickstart installation
How to Specify packages or groups to exclude from the installation
-@ Graphical Internet
-autofs
-ipa*fonts- Post-installation Script
Post-installation Script
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s1-kickstart2-postinstallconfig.html- rd_NO_LUKS
rd_NO_LUKS
How to Create an Encrypted Partition
Do not do this if your root partition is encrypted or you won’t be able to boot the OS.
http://blmath.wordpress.com/2010/03/24/how-to-create-an-encrypted-partition/- Kickstart Configurator
Kickstart Configurator is not installed by default on Red Hat Enterprise Linux 6. Run
su - yum install system-config-kickstart
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/ch-redhat-config-kickstart.html
#
# Author: Miquel van Smoorenburg, <miquels@drinkel.nl.mugnet.org>
# Modified for RHS Linux by Marc Ewing and Donnie Barnes
#
# Default runlevel. The runlevels used by RHS are:
# 0 - halt (Do NOT set initdefault to this)
# 1 - Single user mode
# 2 - Multiuser, without NFS (The same as 3, if you do not have networking)
# 3 - Full multiuser mode
# 4 - unused
# 5 - X11
# 6 - reboot (Do NOT set initdefault to this)
#
id:5:initdefault:
# System initialization.
si::sysinit:/etc/rc.d/rc.sysinit
***** How to delete a service
1.st way
cd /etc/init.d
mv messagebus messagebus.orig
2nd.way
/sbin/chkconfig --del messagebus
****** How to enable a service
1.st way
#To enable 8950AAA autostart
/sbin/chkconfig --add 8950AAA
/sbin/chkconfig --level 345 8950AAA on
2nd.way
cd /etc/rc.d/init.d/
ln -s messagebus ../rc6.d/K74messagebus
ln -s messagebus ../rc5.d/S24messagebus
ln -s messagebus ../rc4.d/S24messagebus
ln -s messagebus ../rc3.d/S24messagebus
ln -s messagebus ../rc2.d/K74messagebus
ln -s messagebus ../rc1.d/K74messagebus
ln -s messagebus ../rc0.d/K74messagebus
Linux Default Services Which Are Enabled at Boothttp://www.cyberciti.biz/faq/linux-default-services-which-are-enabled-at-boot/
Can you provide a guidance on default CentOS / Fedora / RHEL / Redhat enterprise Linux services which are enabled at boot time by a default? Can you provide set of recommendations for all default services and which to keep for performance and security and which to turn off?
You need to minimize software to minimize vulnerability. This provides the best possible protection against vulnerable software.
***Determine Which Services Are Enabled At Boot
Type the following command:
# service --status-all
# chkconfig --list | grep '3:on'
/sbin/chkconfig --add 8950AAA
/sbin/chkconfig --level 345 8950AAA on
#To disable and remove apache web server
/sbin/chkconfig --del httpd
Sample outputs:
acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off
anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
dkms_autoinstaller 0:off 1:off 2:on 3:on 4:on 5:on 6:off
haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
irqbalance 0:off 1:off 2:on 3:on 4:on 5:on 6:off
kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off
lm_sensors 0:off 1:off 2:on 3:on 4:on 5:on 6:off
mcstrans 0:off 1:off 2:on 3:on 4:on 5:on 6:off
messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off
microcode_ctl 0:off 1:off 2:on 3:on 4:on 5:on 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off
readahead_early 0:off 1:off 2:on 3:on 4:on 5:on 6:off
restorecond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off
setroubleshoot 0:off 1:off 2:off 3:on 4:on 5:on 6:off
smartd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
snmpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sysstat 0:off 1:off 2:on 3:on 4:on 5:on 6:off
yum-updatesd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
The first column is the name of service which is enabled at boot.
It can be disabled using the chkconfig command or ntsysv command:
chkconfig serviceName off
service serviceName stop
OR
ntsysv
Service Status
All services can be in any one of the following status at a time:
Disabled : Disable the service if possible (e.g., NFS and portmap) .
Enabled : Leave the service enabled (e.g. Power management, and Networking etc ).
Configure: This is essential service and you need to configure so that server works correctly. The service must be configured properly for security and performance (e.g., various servers, Iptables, SELinux, and IP6tables etc).
Remove: This is not status but you can delete the service (e.g., rsh, vsftpd, X Servers or any other unwanted insecure services).
Recommend Actions on Default Services
Service Description Action
acpid Advanced Configuration and Power Interface event daemon Enable
anacron Anacron is like cron, but it does not assume that the machine is running continuously.
Hence, it can be used on machines that aren’t running 24 hours a day, to control daily,
weekly, and monthly jobs that are usually controlled by cron. Disable on serversapmd Advanced Power Management Subsystem (old system). If the server is capable of ACPI support,
disable this service Disable if possible
auditd The Linux Auditing System Enable and configure
atd atd runs jobs queued by at Enable and configure
autofs The automount(8) program is used to manage mount points for autofs, the inlined Linux automounter.
You can mount NFS, USB, DVD/CD, and CIFS via /etc/fstab. Disable
avahi-daemon and avahi-dnsconfd The Avahi mDNS/DNS-SD daemon implementing Apple's ZeroConf
architecture (also known as "Rendezvous" or "Bonjour"). Disable
bluetooth and hidd Bluetooth services for service discovery, authentication, Human Interface Devices (hidd),
etc Disable
cpuspeed This service monitors the system’s idle percentage and reduces or raises the CPUs’ clock speeds and voltages accordingly to minimize power consumption when idle and maximize performance when needed Enable
crond Service to execute scheduled commands via crond daemon. Enable and configure
cups Common unix printing system service Disable if possible
dc_client & dc_client Startup script for the Distcache SSL Session Cache Client and server proxy. Disable if you do not need cache proxy. Disable if possible
dnsmasq the DNS caching server. Enable if your ISP or remote DNS caching server is pretty slow. Enable
dkmdkms_autoinstallers dkms is a framework which allows kernel modules to be dynamically built for each kernel on your system in a simplified and organized fashion. Disable if possible
firstboot RHLE specific service. It does a few configuration following successful installation of
the operating system. Disable
gpm A cut and paste utility and mouse server service for virtual consoles. Disable
haldaemon This service is used for collecting and maintaing information about hardware from several sources.
This is only used for X and desktop apps. Disable it on servers. Disable
hplip A service for non-PostScript HP printer. Disable it on servers. Disable
irda IrDA(TM) (Infrared Data Association) is an industry standard for wireless, infrared communication between devices. IrDA speeds range from 9600 bps to 4 Mbps, and IrDA can be used by many modern devices including laptops, LAN adapters, PDAs, printers, and mobile phones. Disable if possible
iscsi & iscsid iscsi service logs into iSCSI targets needed at system startup (i.e. iscsi client). iscsid will start and stop iSCSI daemon. Use this if you've iscsi based storage. Disable if possible
iptables & ip6tables IPv4 and IPv6 firewall service. Enable and configure
irqbalance The irqbalance service will distribute interrupts across the cpus on a multiprocessor system with the purpose of spreading the load. Enable
isdn Provides the Internet connectivity using an ISDN modem. Disable if not using an ISDN modem.
kdump Kernel crash dump analyzer. This service is useful for kernel hackers and device driver development or testing new kernel feature.
Dsable the service on production boxes. Disable
kudzu RHEL specific hardware detection service. This is required on 3 or laptop where end users can add a new hardware but not on servers. Disable
lm_sensors lm_sensors is used for monitoring motherboard sensor values. Disable
lvm2-monitor Starts and stops dmeventd monitoring for lvm2. If you are not using LVM2 (Linux volume manager) based storage disable it. Disable
mcstrans Starts the SELinux Context Translation System daemon. This is site specific SELinux requirements. Disable if possible
mdmonitor software RAID monitoring and management service. If you are not using software RAID disable it.
This is not required for hardware RAID setup as they comes with their own programs. Disable if possible
messagebus This service broadcasts notifications of system events and other messages (D-bus).
Turn it on for bluetooth, X Windows and desktop systems. Disable
microcode_ctl Script to apply cpu microcode for Intel IA32 processor. If you are not using Intel IA32 processor disable it. Disable
netfs, nfslock, rpcgssd, rpcidmapd, and portmap Mount and configure Linux network network filesystems (NFS). If you are not using NFS
client/server technology disable it. Disable if possible
network A service to activates/deactivates all network interfaces configured to start at boot time. Enable
pcscd The PC/SC smart card sevice is a resource manager for the PC/SC lite and Musclecard frameworks.
It coordinatescommunications with smart card readers, smart cards, and cryptographic tokens that
are connected to the system.If Smart Cards are not in use on the system, disable this service: Disable
readahead_early and readahead_later
This sevice provide one-time caching of files belonging to a few boot services.
It does not provide any boosting. Just disable it. Disable
restorecond This service restores the correct security context for SELinux. Enable
rhnsd This service handles the task of connecting periodically to the RHN servers to check for updates,
notifications and perform system monitoring tasks according to the service level that your server is
subscribed for. Disable this service and use yum-updatesd service. Disable
sendmail Use to start sendmail server. Enable and configure
smartd Self Monitoring and Reporting Technology (SMART) Daemon for hard disks. Enable and configure
setroubleshoot This service starts the SELinux Troubleshooting daemon. It will send notification tothe desktop user
of SELinux access denied messages in a user-friendly fashion. Disable
sshd The openssh server. If you need remote login enable it. You must enable this on all servers so that you can login and configure everything. Enable
syslog Syslog is the facility by which many other Linux daemons use to log messages to various system log files. It is a good idea to always run syslog. Enable
xfs X Windows font server. Disable it on servers. Disable
yum-updatesd Update notification daemon for system packages. Enable
***Remove Outdated Insecure Services
Is there a mission-critical reason for users to access the system via the insecure protocols such as ftp, NIS and telnet? The following services are obsolete services and must be deleted for security:
inetd and xinetd : This is not installed by default. But, it it is installed just delete it. Consider switching to more secure services which provide the needed functionality.
telnet-server : Delete insecure telnet remote login, use OpenSSH server and ssh client to get back into the server.
rsh-server : Delete insecure rlogin, rsh, or rcp commands. Use scp and ssh commands from the OpenSSH.
ypserv & ypbind : Remote outdated NIS, consider using OpenLDAP or Fedora / Redhat directory server.
tftp-server : Remove outdated and insecure TFTP server software.
*** Configure Required Services
Other services need to be installed and configr as and when required:
httpd: The Apache web server.
php-cgi: The php server.
bind9 (named): The DNS server.
ntpd : The time network based time client/server.
snmpd : The net-snmp server.
squid : The squid proxy and web caching server.
***How Do I Turn On or Off Services?
Use the ntsysv application which is a simple interface for configuring runlevel services which are also configurable through chkconfig command:
# ntsysv
OR
# chkconfig serviceName off
system-config-keyboard
# line count with wc -l
ll rc.d/init.d/ | wc -l
64
/etc/lrwxrwxrwx. 1 root root 11 Dec 7 05:55 init.d -> rc.d/init.d
lrwxrwxrwx. 1 root root 7 Dec 7 06:04 rc -> rc.d/rc
lrwxrwxrwx. 1 root root 10 Dec 7 06:04 rc0.d -> rc.d/rc0.d
lrwxrwxrwx. 1 root root 10 Dec 7 06:04 rc1.d -> rc.d/rc1.d
lrwxrwxrwx. 1 root root 10 Dec 7 06:04 rc2.d -> rc.d/rc2.d
lrwxrwxrwx. 1 root root 10 Dec 7 06:04 rc3.d -> rc.d/rc3.d
lrwxrwxrwx. 1 root root 10 Dec 7 06:04 rc4.d -> rc.d/rc4.d
lrwxrwxrwx. 1 root root 10 Dec 7 06:04 rc5.d -> rc.d/rc5.d
lrwxrwxrwx. 1 root root 10 Dec 7 06:04 rc6.d -> rc.d/rc6.d
drwxr-xr-x. 10 root root 4096 Dec 7 06:04 rc.d
lrwxrwxrwx. 1 root root 13 Dec 7 06:04 rc.local -> rc.d/rc.local
lrwxrwxrwx. 1 root root 15 Dec 7 06:04 rc.sysinit -> rc.d/rc.sysinit
/etc/rc.d/init.d
total 768
-r-xr-xr-x 1 root root 1495 Jan 19 2012 AAA
-rwxr-xr-x 1 root root 1566 Dec 17 2009 acpid
-rwxr-xr-x 1 root root 2928 Mar 9 2012 alcatel_rc.local
-rwxr-xr-x 1 root root 1441 Dec 18 2006 anacron
-rwxr-xr-x 1 root root 1284 Nov 16 2009 atd
-rwxr-xr-x 1 root root 2157 Mar 9 2012 audit_alu
......
/etc/rc.d/rc0.d
lrwxrwxrwx 1 root root 23 Jan 16 2012 K00ShutdownAlert -> ../init.d/ShutdownAlert
lrwxrwxrwx 1 root root 19 Jan 16 2012 K00zzboot_ok -> ../init.d/zzboot_ok
lrwxrwxrwx 1 root root 17 Jan 12 2009 K01dnsmasq -> ../init.d/dnsmasq
lrwxrwxrwx 1 root root 16 Jan 12 2009 K01smartd -> ../init.d/smartd
lrwxrwxrwx 1 root root 24 Jan 12 2009 K02avahi-dnsconfd -> ../init.d/avahi-dnsconfd
......
/etc/rc.ddrwxr-xr-x 2 root root 4096 Sep 12 15:03 init.d
-rwxr-xr-x 1 root root 2255 Oct 13 2010 rc
drwxr-xr-x 2 root root 4096 Sep 12 15:03 rc0.d
drwxr-xr-x 2 root root 4096 Sep 12 15:03 rc1.d
drwxr-xr-x 2 root root 4096 Sep 12 15:03 rc2.d
drwxr-xr-x 2 root root 4096 Sep 12 15:03 rc3.d
drwxr-xr-x 2 root root 4096 Sep 12 15:03 rc4.d
drwxr-xr-x 2 root root 4096 Sep 12 15:03 rc5.d
drwxr-xr-x 2 root root 4096 Sep 12 15:03 rc6.d
-rwxr-xr-x 1 root root 220 Oct 13 2010 rc.local
-rwxr-xr-x 1 root root 26726 Oct 13 2010 rc.sysinit
aaa-smt menu
smt menu
# Add aaa-smt to Applications Menu
cp /mnt/cdrom/ALU/AAA.menu /mnt/sysimage/etc/xdg/menus/applications-merged/AAA.menu
cp /mnt/cdrom/ALU/AAA_Apps.directory /mnt/sysimage/usr/share/desktop-directories/
cp /mnt/cdrom/ALU/AAA_Apps-aaa-smt.desktop /mnt/sysimage/usr/share/applications/
DVD
/isolinux/splash.lss
Convert from jpg to lss
through command line "ImageMagic" is available in RedHat also.
Go through this package install first with --all deps and use "convert"
first try this
[root@localhost]#
convert splash.jpg splash.lss
[root@localhost]#
convert --depth 8 --color 14 --resize 640x480 splash.jpg splash.lss
Here --depth --color & --resize is whatever that splash.lss actually so please confirm first what depth color size you want
bye bye
OR
--------------------------------------------------------------------------------------------------------------------------------------------------------------
http://frantisek.rysanek.sweb.cz/splash/isolinux-splash-HOWTO.html
ISOLINUX/SYSLINUX splash image mini-HOWTO
By: Frank Rysanek <Frantisek DOT Rysanek AT post DOT cz>
Introduction
Isolinux by H. Peter Anvin is one of a family of nifty gadgety bootloaders - the original ancestor is maybe syslinux, there are brothers called memboot and pxeboot.
Isolinux can load a neat splash-screen image. E.g. in RedHat, it's stored on the CD No.1 in /isolinux/splash.lss.
Its creation is not quite documented and there are some myths in the area. The goal of this mini-HOWTO is to document the creation of this image.
What you need
You'll need a util (it's really a Perl script) called ppmtolss16, from the syslinux package. As of version 2.04 of syslinux, this Perl script had a bug -
it didn't set binmode(STDIN) and binmode(STDOUT), as a result of which Perl was doing some text-wise conversions on its input and output... -
my patched version of the file can be downloaded from a local copy.
The syslinux package including the source code can be downloaded from www.kernel.org - that's where the Linux kernel sources come from.
Next, you need the giftoppm tool - this is a part of an elderly package called PBM Plus. It is really out of date (updated around 1992 - real archaeology now),
it doesn't seem to have a primary download site, its successor is called netpbm - it's just that netpbm doesn't contain giftoppm anymore.
So, you really need the original PBM Plus.Alternatively, you can get any other software capable of PPM export - but then you're on your own with palette
processing (see below). Now I have a rather dated version of Gimp - if Gimp can export PPM by now, you can probably skip giftoppm and PBM Plus altogether.
If you decide to go with PBM Plus, know ye, that you'll have a problem compiling it on a reasonably new Linux (mine is a RedHat 8.0). If you understand recent C libraries on Linux and Makefiles,
you can probably get out of the gotchas yourselfs - the GCC is surprisingly backwards compatible :)
Namely, you have to replace sys_errlist[errno] with strerror(errno) in pbm/libpbm1.c, in ./libtiff/Makefile you have to toggle two defines to read -DUSE_VARAR
GS=0 and -DUSE_PROTOTYPES=1 and `make libtiff.a` in this directory explicitly, before anything else will compile (corrupt dependencies in the Makefiles). Perhaps there's more - I don't remember.
Alternatively, you can donwload my corrected source tree of PBM Plus from a local mirror.. Unzip with
tar tvjf pbmplus.tar.bz2
For image processing, I recommend the Gimp.
In the following text, there are also references to giftrans (from the giftrans-* RPM) and mogrify (from the ImageMagick RPM).
The recipe
The .lss format consists of a simple header and a RLE-compressed section with indexed palette. It's capable of 16 colors out of 2^^18 (6 bits per RGB channel per pixel). See the Perl source
of ppmtolss16 for details.
The ppm (portable pixmap) seems to be quite a venerable creature. It's got a simple text-based header and an uncompressed (RAW) data section, 24bpp (three bytes per pixel).
The recommended converter is giftoppm, to take advantage of the GIF's indexed palette.
For a start, get a bitmap image of your splash screen. Please be aware that the final splash image will be 640 pixels wide (the basic VGA screen width) with 4bpp color depth (16 colors) -
we'll be trying to get maximum possible image quality out of that :)
In other words, your master image should not contain too much detail, it will vanish in the downconversions anyway.
Load/prepare that image in Gimp - at this stage you can work in true-color RGB mode. Convert it to 640x[something].
The vertical dimension should be definitely less then 480 pixels and please be aware that you need some space below your image on the splash screen for your welcome text -
at least one line for the boot prompt. To sum up, 200 - 300 pixels might be an appropriate height.
To downsample your image in Gimp to the required resolution, press right mouse button on the image to get into the context menu, choose image->image size, enter
640 for the horizontal dimension. If you leave the X/Y lock on, your X/Y ratio should remain OK.
Next, we need to downsample the color depth to 16 colors. This is done in [context menu]->Image->Mode - select "indexed".
Our target number of colors is 16. Hey, wait a moment. Not so fast. Consider setting this to 15 or 14, to save one or two slots in the index table for one or two text colors.
Alternatively, you can select suitable text colors from your resulting image and use them in your boot.msg (or whatever your welcome screen text is called).
In this Gimp indexing dialog, you can also select an appropriate palette optimization method. For images originating in photoes, with a large number of color shades,
use one of the Floyd-steinberg dithering methods. This produces mellow random noise in the resulting image, greatly reducing the effects of low color depth. If OTOH you have a flat-color company logo, choose "no dithering" - your company colors will be slightly shifted but clean.
Please note that if you're already in indexed mode, e.g. as a result of loading an 8bpp GIF as a master image of your splash screen, you need to swich to RGB mode first and then back to indexed,
in order to get to the index generation screen, to get the palette down to 16 colors.
The color palette can be checked using [context menu]->dialogs->indexed palette. Or, using the giftrans tool, by typing `giftrans -l' (text mode numeric output)
. Or, you can also check it with the hex mode in Midnight Commander viewing the resulting .LSS in raw hex mode (F3,F4).
Some suggest that the color reduction can be done from the command-line using `mogrify -colors 14 <filename.gif>`. Note that its output file is called <filename.mgk> - the original .GIF remains intact.
So we have a .gif with an optimized palette reduced to 16 colors. Next, we need to convert it to .lss, with an intermediate step via .ppm.
The first step is easy:
giftoppm image.gif >image.ppm
Please note that the ppm file is a true-color format (no indexing) - but the index is recovered by ppmtolss16 and using basic statistics you can deduce that
the recovered palette in the .lss will exactly match that of the reduced .gif.
2) ------------------------------------
Now the second step, using ppmtolss16, is more complicated. We still need to choose an appropriate text color. Please note that normal text on a CRT is not shiny
white (#ffffff) but gray (about #d0d0d0). If you need something special, you may choose e.g. pistacchia green: #c0cfc0. Isolinux is using color index number 7
for the basic text color - so we need to make sure that our pistacchia will be at index 7 in the table. The ppmtolss16 can handle this for us - it will reserve the
indicated slot in the index table for the color shade indicated by us. If the recovered index table has less than 16 colors, the color table will be shuffled in a lossless
way to accomodate our additional color(s) at the desired slot(s).
./ppmtolss16 '#c0cfc0=7' <image.ppm >image.lss
Now if you already ate all the 16 slots in the Gimp indexing dialog, you can choose to occupy one color slot with your desired shade, thus shifting the least frequent
color from your optimized palette, setting all pixels in your image referring to that slot to index zero (black), possibly introducing horrible color distortion. Or, you can
select one color from the existing palette for your text. Your custom text in boot.msg can be set to any color index, I'm not sure about the boot prompt though.
Someone on the internet has suggested to swap color indices in the .gif image (so that our chosen color is at index 7) using
giftrans -g 11=7
This is IMO a misunderstanding (experimentally proven). This command does not *swap* the two index slots. Rather, it sets the color value of index 7 to the
value taken from index 11 (or the other wey around, even?), effectively distorting the palette in a completely unwanted way.
Choice of filename
While I was struggling to get the splash image to load, one of my findings was that isolinux.bin is sensitive to filename. For some reason, I had a problem with
CD-LOGO.lss. The original RedHat images are called splash.lss. Then I chose cdlogo.lss and it worked.
H. Peter Anvin, the author of Isolinux, has reminded me of one important detail - thanks again for the quick response.
Isolinux undestands only the original ISO9660 format - without Joliet extensions. The original standard says that names are case-insensitive, internally stored in
UPPERCASE form, max. 64 characters long, with up to one dot (period). Joliet extensions translate long or otherwise non-standard names to modified names that
are ISO-compliant and yet unique within the file system. There's a visible trace of this shim - the TRANS.TBL file in every directory on a Joliet CD, that is explicitly
visible under Linux (and hidden under Windows, AFAIK).
Now I did enable Joliet extensions in mkisofs when mastering my CD - I had some strange filenames that I needed to transfer without damage.
When I chose a name with uppercase letters for the .lss file, even though I was in Linux, the Joliet support in mkisofs has converted my name to some garbled
internal ISO9660 name, that finally got burned on the CD. As a result, the true ISO9660 name was different and Isolinux couldn't find the Joliet-compliant name
that I was referring to in my boot.msg. Even though I could see my original name on the burned CD - obviously because the Joliet shim layer in the Linux kernel
converted it back according to isolinux/TRANS.TBL :)
Therefore my recommendation is: use all lowercase names with exactly one dot, no spaces, perhaps no dashes and underscores. Otherwise be prepared to burn
the CD over and over to find out where the gremlins are hiding.
That's all folks :)
Well, almost. There's a small script that can do a lot of the above. Saves typing.
Last update: 12 June 2003
No comments:
Post a Comment