Ubuntu Tips
Distribution Tips
Server Documentation
Ubuntu has put up really nice documentation for configuring servers. https://help.ubuntu.com/9.10/serverguide/C/index.html
General Changes
dash is the default shell linked to /bin/sh. This can cause a number of problems with some scripts. To change /bin/sh back to bash use the following command.
dpkg-reconfigure dash
Admin Commands
allow a user to sudo
sudo adduser <username> sudo adduser <username> admin
Old Kernel cleanup
I have not found an easy way to clean up old kernels on Ubuntu so I wrote a small function that runs in bash to removed them. It should leave most 2 recent kernels on the system. Use at your own risk. Below is the snippet of code I put in my ~/.bashrc file to allow me to clean up old kernels. After you source the .bashrc file, you can then type kernel_cleanup and it will prompt you to remove the kernel and header files.
function kernel_cleanup() { cur=$(uname -r) for ver in $(dpkg -l | grep linux-image-2| grep -v $cur | awk '{print $3}'| sed 's/\.[0-9]*$//' | sort -rn| tail -n +2 ) do echo $ver prm=$(dpkg -l | grep $ver | awk '{print $2}') echo $prm echo -n "Remove Packages (Y/n): " read x if [ "$x" = "n" ] ; then echo "Not removing" continue fi sudo dpkg -P $prm sudo rm -rf /lib/modules/$ver-generic done }
To run it:
. ~/.bashrc kernel_cleanup
Apache
remake ssl snakeoil cert
sudo make-ssl-cert generate-default-snakeoil --force-overwrite
Disable default site
a2dissite default
Enable ldap
a2enmod authnz_ldap
LDAP TLS
The following line needs to be defined in /etc/ldap/ldap.conf
TLS_CACERT /etc/ssl/certs/[CA_CERT.pem]
Where CA_CERT.pem is your Root CA.
Helpful page to configure ldap server https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html
Wireless Keys
It remove a saved passphase for a wireless connection that NetworkManager uses, the following command will let you update the keys. The are on the Password tab.
seahorse
Building Help
Debian source packages need a debian directory in the extracted source tree to build a package. There are plenty of sites that explain what those files are and how to create them. These are my shortcut notes to modify a package. I'll expand this section when I know more.
An an example, I wanted to get the newest version of luma packaged. I downloaded luma-2.4 and saved the tar. I then ran the following and got the current source for luma.
apt-get source luma
It created the luma-2.3 directory structure. I extracted the new tar and copied the debian directory to the new directory.
tar -xvjf luma-2.4.tar.bz2 cp -a luma-2.3/debian luma-2.4/.
Now I needed to update the changelog and change the version information.
cd luma-2.4/debian dch -i cd ..
After adding the comments for the new version, I built the package.
dpkg-buildpackage -rfakeroot
General Troubleshooting
Apt-cacher-ng
This one took a while to figure out while trying to do an upgrade. I've seen numerous problems with trying to use apt-cacher-ng with the upgrade process, but this one was caused by a corrupted file in the cache. When trying an upgrade, I got the following error
Checking for a new ubuntu release Failed Upgrade tool signature Done Upgrade tool Done downloading extracting 'jaunty.tar.gz' authenticate 'jaunty.tar.gz' against 'jaunty.tar.gz.gpg' exception from gpg: GnuPG exited non-zero, with code 131072 Debug information: ...
It turns out that /var/lib/update-manager/meta-release was corrupt and everytime I edited the file the corruption came back. I removed the file from apt-cache-ng cache directory, retried the upgrade and everything was fixed.
rm /var/cache/apt-cacher-ng/changelogs.ubuntu.com/meta-release
VirtualBox Hash sum mismatch
When trying to get virtualbox, I kept seeing errors from apt-get update. I removed the following files and was able to install/upgrade virtualbox.
rm /var/lib/apt/lists/download.virtualbox.org_virtualbox_* rm /var/lib/apt/lists/partial/download.virtualbox.org_virtualbox_*
Adding Keys to Apt
I have added some launchpad repos and keep forgetting how to add the keys to prevent apt errors. Here is basically the command to use.
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 12345678
Replace 12345678 with the key id.
Disable IPv6 on Karmic 9.10
Karmic does not include ipv6 as a module, so the only way to disable it is with passing a kernel parameter during boot. I found the same problem with jaunty 9.04, but it was easy to edit the menu.lst file to add this option. I know this is a hack, but I only need ipv4 working at this time. In the future I'm sure I will have to undo these changes, but for now they speed up my system.
Using yout favorite editor using sudo, edit /etc/default/grub and change
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
to
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash"
then
sudo update-grub
It also looks like 2 of my favorite apps do DNS AAAA record lookups after ipv6 is disabled. The following removes the AAAA lookup which causes delays in firefox/seamonkey and ssh.
- Firefox
Edit the config by opening the page about:config and filter for ipv6. Toggle network.dns.disableIPv6 to true.
- ssh
Edit /etc/ssh/ssh_config or ~/.ssh/config and add the following to the global host
host * AddressFamily inet
By default, if there is only one OS with grub2, no menu will be displayed. Comment out the following line in /etc/default/grub
#GRUB_HIDDEN_TIMEOUT=0
This link has everything you want to know about the new grub2 options. http://ubuntuforums.org/showthread.php?t=1195275
Check dpkg MD5 checksums
I'm sure there is an easier way, but I kept looking up this information. If you want to ensure that the files installed on your system match the checksums when the package was install, you can create the following script. I call mine, dpkg_md5check
#!/bin/bash cd / for i in /var/lib/dpkg/info/*.md5sums; do sudo md5sum -c $i |grep -v 'OK$' done
You may get some false positives, but at least it gives you an indication of the majority of the files. I think RedHat has an easier and better method and I'll update this section when I find a better method for Ubuntu.
Disable automounting of USB drives
Sometimes I need to be able to connect a USB drive and not have it automatically mount the device. The following command will disable this function
gconftool-2 --type bool --set /apps/nautilus/preferences/media_automount false
And this command will enable it again.
gconftool-2 --type bool --set /apps/nautilus/preferences/media_automount true
Links
Here are some useful links
- http://www.howtoforge.com/perfect-server-ubuntu-9.04-ispconfig-2 - Nice tips for configuring an Ubuntu server
- https://help.launchpad.net/Packaging/PPA/InstallingSoftware - Installing Launchpad Software.