|
Choosing the right Linux File System Layout using a Top-Bottom Process |
|
Author: Pierre Vignéras
Contact: pierre@vigneras.name
Submited: 31.07.2009
As you may probably know, Linux supports various filesystems such as ext2, ext3, ext4, xfs, reiserfs, jfs among others. Few users really consider this part of a system, selecting default options of their distribution's installer. In this article, I will give some reasons for a better consideration of the file-system and of its layout. I will suggest a top-bottom process for the design of a ``smart'' layout that remains as stable as possible over time for a given computer usage.
Introduction The first question that you may ask is why are there so many file-systems, and what are their differences if any? To make it short (see wikipedia for details): - ext2: it is THE Linux fs, I mean, the one that was specifically designed for linux (influenced by ext and Berkeley FFS). Pro: fast; Cons: not journalized (long fsck).
- ext3: the natural ext2 extension. Pro: compatible with ext2, journalized; Cons: slower than ext2, as many competitors, obsolete today.
- ext4: the last extension of the ext family. Pro: ascending-compatibility with ext3, big size; good read performance; cons: a bit too recent to know?
- jfs: IBM AIX FS ported to Linux. Pro: mature, fast, light and reliable, big size; Cons: still developed?
- xfs: SGI IRIX FS ported to Linux. Pro: very mature and reliable, good average performance, big size, many tools (such as a defragmenter); Cons: none as far as I know.
- reiserfs: alternative to ext2/3 file-system on linux. Pro: fast for small files; Cons: still developed?
There are other file-systems, in particular new ones such as btrfs, zfs and nilfs2 that may sound very interesting too. We will deal with them later on in this article (see 5). So now the question is: which file-system is the most suitable for your particular situation? The answer is not simple. But if you don't really know, if you have any doubt, I would recommend XFS for various reasons:
|
|
Read more...
|
|
IPwatchD an IP conflict detection tool for Linux |
|
Project name: IPwatchD - IP conflict detection tool
Author: Jaroslav Imrich
Project's Home Page: IPwatchD
Introduction When using a GNU/Linux operating system, from time to time you may come across a situation where network connectivity was interrupted due to the IP conflict. An IP conflict event occurs when two or more hosts on the same network are configured with identical IP addresses. At the present, there appears to be no code in the Linux kernel to take care of this situation by means of appropriate Gratuitous ARP response . Very often a network administrator is left in the complete ignorance by the Linux kernel and needs to troubleshoot IP conflict the hard way.  Fortunately, there is a simple daemon called IPwatchD which main purpose is to catch and evaluate packets on the network and this way is able to prevent an IP conflict occurrence. This is done by help of libpcap library. IPwatchD daemon is written in C language and can run in passive or active modes. The difference between a passive and active mode is that in the passive mode IPwatchD only logs every IP conflict event by engaging syslog daemon, and in active mode IPwatchD takes one step further and responds to Gratuitous ARP request which is the main construction block when it comes to the IP conflict prevention. This article will explore this simple daemon in terms of installation, configuration and usage.Prerequisites Before we can install IPwatchD under the GNU/Linux operating system it is recommended to confirm that all prerequisites needed by IPwatchD are installed on the system. Here is a list of packages you would need to install on Ubuntu 8.10. * build-essential - C compiler and other development tools
* libpcap-dev - Network packet capture library
* libnet1-dev - Network packet construction library
* libnotify-dev - sends desktop notifications to a notification daemon On ubuntu or debian linux you can install those packages with a following command: # apt-get install build-essential libpcap-dev libnet1-dev libnotify-dev
|
|
Read more...
|
|
VPN - Virtual Private Network and OpenVPN |
Introduction This article will describe a configuration of Virtual Private Network connection by using an OpenVPN application. Firstly, you will be exposed to some basic theory behind Virtual Private Networks. Then, the article will guide you with step-by-step instructions on how to setup a OpenVPN virtual private network by using Symmetric Key Encryption and Public Key Encryption. This article is meant for everybody who possesses a basic knowledge of linux administration and networking.Why VPN If you work in IT industry, it is very common that you do not use only a single computer sitting on your work desk, but you also utilize other systems connected to the same local area network. As long as you are sitting on your office chair this approach should not be a problem. However, this situation can become complicated once you are in hurry, and therefore, you need to take some of your work home. You are able to take you company laptop with you, but to fully utilize company resources you would also need to be connected to the company's local area network. The solution to this problem depends on what resources are needed to complete your job. If you need some shared files available on the company's network, you may just simply copy these file to your laptop's hard drive or to USB stick. In case you need to work on the system installed on your company's PC you can also use some virtualization tools such as VirtualBox or VMware. Soon enough you will realize that this approach is not as convenient as you would like it to be, and that you spent more time by copying files and synchronizing virtual systems than concentrating on your work. The ideal solution in this case should allow employees to access company's local resources from an external network. This can be done by forwarding ports of the local services via firewall. Exposing local ports to the Internet is not entirely the safest approach. The more ports are exposed from your local network to an external network such as the Internet, the more vulnerable your local system will become. The ideal approach in this situation could be a use of just single port for all services coupled with encryption and user authentication. This can be achieved, for example, by using a Virtual Private Network (VPN).How does VPN works VPN networks are often operated as client-server applications. Good example could be an implementation of MS Windows PPTP or OpenVPN on the Linux Platform. VPN server is directly running on a firewall, where it creates virtual network interface and additional virtual network subnet. VPN server is waiting for connections on the external network interface of the firewall where it performs authentication of a VPN client application. After successful VPN client authentication a VPN client is given an IP address from a virtual subnet. Consequently, an encrypted tunnel is created between VPN client and VPN server, which is used for safe transfer of packets between two distant networks via the Internet. Services, which a VPN client can connect to, can furthermore be defined by firewall rules. This way firewall ensures that VPN client can connect only to services it is allowed to connect. If the previous couple sentences looked to you little difficult to understand, do not despair! Everything will become clearer once we see how encrypted tunnel works in an example.VPN Encrypted Tunnel Fundamentals VPN tunnels are generally considered as something mysterious and everybody who mentions them, is "cool" :-) However, there is nothing to be afraid about, in the fact principle of Virtual Private Network is very simple. Data in IP networks are exchanged in packets. Information about destination and a source of the packet can be found in the packet's header. The actual user data are carried as a payload. Let’s imagine that ssh client wants to talk to ssh server over the Virtual Private Network. Packets leaving a host's network interface located on the local network are sent with a destination port number 22. When this packet reaches a VPN tunnel it is encapsulated into the VPN packet where original packet is now treated as a payload. If the VPN server listens on the port 443, the VPN packet will carry a destination port 443. 
When looking at the previous figure it is apparent that this kind of network data transfer over the VPN is a waste of transfer rate because original packet has a smaller payload space just because it needs to fit into the VPN tunnel packet. In VPN analogical sense this can be considered as a drawback.
|
|
Read more...
|
Introduction
Every user as well as administrator of the linux system very often needs to execute some programs on regular basis.
For example, an administrator may need to monitor a disk usage of a system. In this case a cron scheduler is very handy tool to achieve this. Let's say that root needs to execute /usr/local/sbin/backup.sh script every Sunday at 2:36AM he would edit his crontab file as shown on the figure below:
The format is simple, 6 fields separated with spaces or tabs. The rest of the line is the command, and it's parameters to be executed. The sixth field - user name (in blue) is used only in the system wide cron scheduler.
|
|
Read more...
|
|
Did You Know? that you can instruct your linux system to shutdown with shutdown command? For example
Delivered by FeedBurner ISSN 1836-5930
