System settings
...Distribution upgrade
...Set or reset locales
...Set / modify the system library path
...Generating core dumps
...Disable a user account
...Default browser

...Set your or other's hostname
...MAC address
...IP address
......Configure a static IP address
......Configure DHCP
...Set a route
...Set DNS you want to use
...Network troubleshooting
...Denying access to hosts
...Finding services that use a given port

...Start/Stop Postfix or Sendmail
......Configure SSH server and client
......X forwarding through SSH
......NFS server
......NFS client
......Web references

Debian packages
......Sample configuration
...Creating a Debian package

...Interesting packages

System settings


update-manager &

Distribution upgrade

$ sudo sed -i 's/raring/saucy/' /etc/apt/sources.list
$ sudo sed -i 's/olivia/petra/' /etc/apt/sources.list
$ sudo sed -i 's/raring/saucy/' /etc/apt/sources.list.d/official-package-repositories.list
$ sudo sed -i 's/olivia/petra/' /etc/apt/sources.list.d/official-package-repositories.list

$ sudo apt-get update & sudo apt-get dist-upgrade
$ sudo apt-get upgrade
To upgrade the kernel on Linux Mint To know which distribution you have:
inxi -S


  • update links in rc.d: update-rc.d <name> defaults
  • remove: update-rc.d <name> remove
  • to run a given command at startup, add it to /etc/init.d/rc.local
  • List status of all services:
    sudo service --status-all
To disable bluetooth:
service bluetooth stop
To disable bluetooth service on startup, add in /etc/rc.local:
rfkill block bluetooth


To restart syslog:
kill -SIGHUP `cat /var/run/syslogd.pid`

Reset the locales

To set (or reset) the locale, do :

dpkg-reconfigure locales
To generate locales,
sudo locale-gen fr_FR.UTF-8

System Library path

  • Modify /etc/ld.so.conf, add directory
  • launch ldconfig


To set the timezone:
sudo dpkg-reconfigure tzdata
To install NTP:
sudo apt-get install ntp

Cron - configuring periodic tasks

To list the contents of the crontab, do:
$ sudo crontab -l
# m h  dom mon dow   command
0 3 * * 1-5 /path/myscript.sh

Generating core dumps

By default, it seems the system won't generate core dumps:
$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
If you want to be able to core dump:
$ ulimit -c unlimited
This is for unlimited core dump (otherwise, set a size).

Disabling a user account

$ sudo usermod pi --expiredate
To disable login for an account:
passwd -l

Default browser

$ sudo update-alternatives --config x-www-browser



Typical /etc/hosts: localhost
yourIP your-host-name
Modify your host's name:
  • modify /etc/hostname
  • modify /etc/hosts
  • Reboot

MAC address

sudo arp -a
? ( at 00:e0:4c:b3:80:bf [ether] on eth0

IP address

Configure a static IP address

Solution 1. GUI
launch network-admin (Gnome menu: Destkop -> Administration -> Networking) Solution 2. Manual
  • for a permanent modification,
    • write to /etc/network/interfaces
    • iface eth1 inet static
      address <your IP address, e.g 192.168.x.y>
      netmask <your mask, e.g>
      gateway <your gateway, e.g 192.168.x.254>
    • restart the network: /etc/init.d/networking restart
  • for a temporary modification,
  • set up the interface: ifconfig eth0 <your IP address>

DHCP client

Packages are:
  • dhcp-client
  • or dhcpcd5, isc-dhcp-client, isc-dhcp-common
To set up DHCP for a client:
Solution 1. GUI
Gnome Desktop -> Applications -> System -> Networking: choose your network card and set it for DHCP.
Solution 2. Manual
Edit /etc/network/interfaces :
auto eth0
iface eth0 inet dhcp 
To disable dhcp,
sudo update-rc.d -f dhcpcd disable
To remove dhcp:
  1. Remove in /etc/network/interfaces this line:
    iface eth0 inet dhcp
    and make sure there is
  2. Disable dhcpd
    sudo update-rc.d dhcpcd disable
  3. Remove the packages:
    sudo apt-get remove dhcpcd
    sudo apt-get remove isc-dhcp-common
    sudo apt-get remove isc-dhcp-client
    sudo apt-get remove dhcpcd5


Set up the route: route add default gw <your gateway> In this example, the gateway is, and the host uses eth0.
$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         UG    0      0        0 eth0     *        U     1      0        0 eth0
To delete an existing gateway:
route del default gw IPAddrGateway

Set DNS you want to use to resolve names

  • to modify the domain name: set /etc/hosts and /etc/resolv.conf (search)
  • to restart the DNS server: /etc/init.d/bind restart
  • DNS requests: dig @ ANY
  • to resolve a name: host <name>

Network troubleshooting

To check a network configuration:
  • check interfaces: ifconfig should show available interfaces. Typically a loopback interface and an Ethernet interface. If an interface is down, set it back up with ifconfig <interface name> up
  • Check IPv6 is not messing around your network configuration (that is. if you don't need IPv6 !):
    • check the ipv6 module is not running: lsmod | grep ipv6
    • the interfaces should not be configured for inet6: ip a | grep inet6
    • the hosts file need not include any IPv6 addess: check /etc/hosts
  • check the route: /sbin/route -n
  • check your DNS: host <whatever name> should display the IP addresses the name resolves too. If incorrect, check in /etc/resolv.conf
  • display active Internet connections: netstat -nat
  • display open ports: netstat -tulp

Denying access

To deny an IP address put it in /etc/hosts.deny

Finding programs that open given ports

sudo netstat -ap | grep :
This command is also handy:
lsof -i :80

Network dependant services


  • MTA: postfix, sendmail...
  • MDA: procmail, dovecot, maildrop
  • MUA: mutt...

Postfix is the default MTA for Ubuntu. It does not include a IMAP server (see dovecot) Its main configuration files are located in /etc/postfix (main.cf). Use postconf for configuration.

To start, reload or stop postfix: /etc/init.d/postfix start (reload???). Be sure that sendmail is not running: /etc/init.d/sendmail stop

If you do not need emails, it is a good idea to stop the nullmailer service:
sudo service nullmailer stop
or even sudo apt-get remove nullmailer. Otherwise, the mailer sends many DNS requests.


Client and Server

To use SSH:

  • SSH server: apt-get install openssh-server
  • SSH client: apt-get install openssh-client

Concerning one of the latest OpenSSL PRNG bugs, see here.

To reconfigure SSH (and regenerate keys):

rm /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server
The logs are generally in /var/log/auth.log

X forwarding

A very common situation consists in logging on a distant host D from your local host L, using ssh. To get windows of D displayed on L is usually one of the first things you learn at school ;-) but it turns out sometimes it's more tricky. Using SSH, this is how to do it: edit /etc/ssh/ssh_config (or your own ssh config in ~/.ssh) and set

ForwardX11 no
ForwardX11Trusted yes

Then, from the prompt on L, do the following:

xhost + (or the host you want to allow)
ssh -X <address or name of D> -l <yourloginname>

That's all ! You do not need to set your display. All of this is explained here, with nice hints to help you debug relunctant situations.


This subsection explains how to share a directory with NFS.

Server Side

This is what you must do on the host sharing the directory to other hosts.

Make sure the following options are set in your kernel:


    # CONFIG_NFS_V3_ACL is not set
    # CONFIG_NFSD_V3_ACL is not set

Get the necessary packages:

apt-get install nfs-kernel-server

Set up file systems to export :

/etc/exportsex: /mnt/mydir,mp=/mntpoint,async)
mp: makes sure specified mount point is mounted

Update using command :

exportfs -r

Check NFS is launched:

rpcinfo -p
You must see statd, mountd & portmap. Otherwise, relaunch the nfs server daemon. To allow acces to the system:

portmap :  : allow
portmap : ALL : deny

Client side

apt-get install nfs-common portmap

try to mount the file system manually:

mount /mnt/nfs

If it works, put it in /etc/fstab

Related web links


export http_proxy=http://server:port
export ftp_proxy=ftp://server:port

Don't forget the "http://" or "ftp://"

For apt-get, if you need a proxy, add the following line to apt's configuration:

Acquire::http::Proxy "http://server:port";


To add a new CA to the system:
openssl x509 -in blah.der -inform DER -out blah.crt -outform PEM
sudo cp blah.pem /usr/local/share/ca-certificates/
sudo update-ca-certificates
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....
updates of cacerts keystore disabled.
If that does not work, try after that:
sudo dpkg-reconfigure ca-certificates

Debian packages

Finding the appropriate package that contains a given file: go to the Debian website and use the search engine.


To launch the GUI: Desktop -> Administration -> Synaptic Package Manager apt-get mustn't be running.


Sample configuration file

A neat /etc/apt/sources.list:
# CDrom
deb cdrom:[Debian GNU/Linux 4.0 r1 _Etch_ - Official amd64 NETINST Binary-1 2007
0820-20:16]/ etch contrib main

# Standard
deb http://ftp.fr.debian.org/debian/ stable main contrib non-free

# Uncomment this to get packages from the testing distrib
#deb http://ftp.fr.debian.org/debian/ testing main contrib non-free

# Security
deb http://security.debian.org/ stable/updates main contrib

# Uncomment if you want the apt-get source function to work
#deb-src http://security.debian.org/ etch/updates main contrib
If you want to use a web site with HTTPs in /etc/apt/sources.list, then first install:
sudo apt-get install apt-transport-https


  • update according to sources.list: apt-get update.
  • check for upgrades according to sources.list: apt-get upgrade
  • install a package: apt-get install pack*
  • install from a given distrib: apt-get install -t testing (or whatever) pack*
  • remove: apt-get remove pack* (does not remove configuration files ??? use purge for that).
  • list a package's description: apt-cache show pack*
  • show information of a given package: apt-cache policy pack*
  • clean previously downloaded packages (stored in /var/cache/apt/archive): apt-get clean
  • get the name of package for a given command: apt-cache search command

If you get the error "The following signatures couldn't be verified because the public key is not available", then you should add the corresponding GPG key:

  • get the key: gpg recv-keys <its ID>
  • add the key to apt: apt-key add key.txt


Aptitude is said to resolve conflicts better than apt-get. My own experience is insufficient on that behalf. Any way, aptitude's commands are very similar to apt-get: aptitude install pack*, aptitude update, aptitude upgrade, aptitude dist-upgrade???


  • list: dpkg -l pack
  • contained files: dpkg -L pack
  • install: dpkg -i pack
  • check which package a file belongs to: dpkg -S file
  • reconfiguration: dpkg-reconfigure pack
  • force a given package whose architecture doesn't match the current one (useful to install 32-bit packages on 64-bit systems) : dpkg ???force-architecture -i <package>

Creating a Debian package

  • apt-get install dh-make fakeroot
  • create directory of name of package (name-version, don't use any strange characters), in that directory put everything that should be in the package tar.gz that directory
  • in the directory: perform dh_make -e email -f ../the.tar.gz
  • this creates the debian directory
  • modify the control file, rules, etc.
  • modify the makefile of the package so it puts things in DESTDIR.
  • dpkg-buildpackage -r fakeroot
  • Read the contents of a debian package: dpkg ???contents ../hello_1.0-1_all.deb
  • See also :


Add rules in /etc/udev/rules.d. Then reload rules:
sudo udevadm control --reload-rules
If you need to restart udev: sudo service udev restart


pactl set-sink-mute 0 0
pactl set-sink-mute 0 1
To set sound at 50 percent:
amixer set Master 50


This concerns Linux specific applications. Please also have a look at Unix applications or tools.


EncFS is a nice userland encrypted 'filesystem'. Although its security might not suit all cases, it is pretty handy is several situations.

To install it,

apt-get install fuse-utils encfs

To create or open an encrypted disk:

encfs <encrypted path> <mountpoint>

To unmount an encrypted disk:

fusermount -u <mountpoint>

For more information regarding installation on Ubuntu, follow this link.


sudo aptitude install fail2ban
The configuration should be written in /etc/fail2ban/jail.local (and not in jail.conf). See this link. To ignore local IP addresses, put something like:
ignoreip =
The "ban" action is what you do to ban people. In my case, I want the banned address to be added to /etc/hosts.deny:
banaction = hostsdeny
The "email" action is how to send emails if we decide to send some. If exim4 is configured, for example, use:
mta = sendmail
Then, the jail.local defines a list of action shortcuts, such as banning the address and sending an email with whois report: action_mw etc. The default action is specified in :
action = %(action_mwl)s
In that case, it means the default action is ban, send email with whois report and relevant log lines. The action can also be configured per section:
action = ...
If we want not to send an email (but still to ban the IP address), then use:
action = %(action_)s
Finally, each section explains where to enable banning:

enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 6

To get the current status of fail2ban, run
$ sudo fail2ban-client status
|- Number of jail:      4
`- Jail list:           apache, php-url-fopen, ssh, apache-myadmin
To restart fail2ban,
sudo /etc/init.d/fail2ban restart 


Synchronizes your Palm with Kpilot, and Korganizer but only if it is open. If the Palm is connected to a serial port, try /dev/ttyS0 or /dev/ttyS1.


sudo aptitude install rkhunter
In /etc/default/rkhunter,


Configuration is in /etc/default/portsentry. Set:
In /etc/portsentry/portsentry.conf, in the Dropping Routes section:
To test, use nmap:
nmap -v -PN -p 0-2000,60000 YOURSERVER


Ubuntu makes big use of sudo. There's a neat information page there. For instance, opening a terminal with superuser privileges is possible using the option -s: sudo -s and exit to leave that mode.

To add users to the sudoers, simply add the user to the sudo group:
addgroup user sudo


download the dynamic binary from Skype's website. It requires Qt 3.2, but works fine.


  • configuration of wine: winecfg
  • wine "c:\windows\notepad.exe"
  • winefile (a kind of explorer)

Interesting packages

  • cabextract
  • dosfstools: necessary to format FAT32 partitions on Linux
  • encfs: encrypted file system in userland. Requires fuse-utils.
  • ia32-libs and lib32asound2: for 32-bit libs on 64-bit systems
  • iceweasel: replacement for firefox
  • icedove, enigmail: replacement for thunderbird
  • linux-headers-2.6.18-6-amd64 (or similar): to get your kernel headers.
  • libc6-dev: for C headers and libraries (required to compile !). To install the headers, libraries + make and dpkg-dev, install package build-essentials.
  • libieee1284 is necessary to use the parallel port as a user (not root)
  • manpages-dev: necessary if you want manpages for things such as fopen !!!
  • mp3info : information on MP3 files, such as genre, artists etc.
  • openssh-server: for a SSH server
  • rsh-redone-server: rlogind
  • ruby-dev: for ruby gems
  • screenlets: the screenlet manager
  • sharutils: contains uudecode
  • texlive-lang-french and texlive-latex-extra
  • xtightvncviewer: tight VNC client