Hack 43 Run Other Emergency Services

It is easy to set up Knoppix as a DHCP, DNS, or MySQL server. This ability could prove useful in an emergency.

There are a number of other services that Knoppix includes that require only a couple of steps to get running. Most of the principles behind starting these services are the same—copy over a configuration and start the service. However, some of these services require a few more steps to get fully functional. Most of the services log to /var/log/syslog, which Knoppix disables by default. To start the syslog service, click K MenuKNOPPIXServicesStart SYSLOG, which launches a terminal that displays live output of /var/log/syslog.

5.8.1 SSH

If you want to use Knoppix as a server for anything, you certainly want to be able to administer it remotely. Every administrator's favorite remote shell is openssh, and Knoppix includes it. It is incredibly simple to start the SSH service on Knoppix. Just click K MenuKNOPPIXServicesStart SSH Server. If you have not yet created a password for the knoppix user, the script prompts you to enter a new password so you can log in remotely. Alternatively, run:

knoppix@ttyp0[knoppix]$

sudo /etc/init.d/ssh start

5.8.2 DHCP

DHCP allows you to automatically assign IP addresses to other computers on the network along with other basic network information. It's quicker than manually entering the network information into each computer. The DHCP configuration file in Knoppix is /etc/dhcp3/dhcpd.conf and, by default, it is not configured to run on any network interface. First, back up the following file:

knoppix@ttyp0[knoppix]$

sudo mv /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.bak

If you use this machine to replace another DHCP server on the network, simply copy the other machine's dhcpd.conf file to /etc/dhcp3/. If you do not have a preconfigured dhcpd.conf to use, here is a simple template you can use to get started. Create this file with your favorite text editor, then copy it to /etc/dhcp3/dhcpd.conf as root. Change the IP addresses to match your local network.

# how long the DHCP lease lasts in seconds

default-lease-time 600;

# maximum length of lease in seconds

max-lease-time 7200;

# name servers for clients on all subnets to use

option domain-name-servers 192.168.0.1, 192.168.0.2



##### here we put specific per-subnet options #####

subnet 192.168.0.1 netmask 255.255.255.0 {

   # IPs will be assigned between these two ranges

   range 192.168.0.50 192.168.0.99;

   option subnet-mask 255.255.255.0;

   option broadcast-address 192.168.0.255;

   # the gateway for the network

   option routers 192.168.0.1;

}

Once you have configured dhcpd.conf, start dhcpd:

knoppix@ttyp0[knoppix]$

sudo /etc/init.d/dhcp3-server start

If dhcpd is unable to start, view the syslog for details, including possible errors you might have made in dhcpd.conf.

5.8.3 DNS

The name-resolution services provided by a DNS server are essential to any modern-day network. Knoppix comes with complete support for running your DNS server with the included BIND9 package. The simplest way to get your DNS server up and running is similar to the method used in [Hack #42] . First, move /etc/bind/ out of the way with this command:

knoppix@ttyp0[knoppix]$

sudo mv /etc/bind/ /etc/bind.bak 

Second, copy your complete BIND configuration (some distributions put it in /etc/bind/ while others put it in /etc/named/) to your home directory, and symlink it so the system uses it instead:

knoppix@ttyp0[knoppix]$

sudo ln -s /home/knoppix/bind /etc/bind

Now start BIND by typing:

knoppix@ttyp0[knoppix]$

sudo /etc/init.d/bind9 start 

Now your DNS server is up and running. If BIND does not start after this command, check the syslog for any errors it might have reported.

5.8.4 MySQL

Databases are vitally important to most businesses, and a rising star in the database world is the open source MySQL database. This database has proven to be especially popular as a backend to dynamic web sites because of its low cost and amazing speed. If you have a MySQL database server that is down and need to run something in its place, you may be able to use Knoppix, which contains the MySQL database program. To configure MySQL under Knoppix, first start the MySQL server:

knoppix@ttyp0[knoppix]$

sudo /etc/init.d/mysql start

There are different methods to import and export a database, and this section highlights methods to import to and export from a database using mysqldump. Of course, if you are creating an emergency Knoppix server because your database server is down, your importing methods are tied to whatever backup method you have decided to use.

If you want to move a single database to Knoppix, first log in to your original database server, and export it with:

root@ttyp0[root]#

mysqldump database 

> database.txt

Then copy over the resulting database file using scp, FTP, or whichever file transfer protocol you prefer. Once the database is copied, run mysql and create a corresponding database on Knoppix:

mysql > CREATE DATABASE database

;

You can then import your data with:

knoppix@ttyp0[knoppix]$

sudo mysql < database.txt

To copy all of the databases from one server to Knoppix, the procedure is similar but requires an extra step. First, back up your /usr/lib/mysql directory, and create an empty one:

knoppix@ttyp0[knoppix]$

sudo mv /usr/lib/mysql /usr/lib/mysql.bak

knoppix@ttyp0[knoppix]$

sudo mkdir /usr/lib/mysql

Then export your complete database from the remote machine:

knoppix@ttyp0[knoppix]$

mysqldump --all-databases > all_databases.txt

Finally, copy all_databases.txt to Knoppix, and import it:

knoppix@ttyp0[knoppix]$

sudo mysql < all_databases.txt

5.8.5 Inetd

Knoppix includes inetd, the Unix daemon that listens for incoming requests; when a request comes in, inetd starts the appropriate server daemon; inetd is disabled by default. Before you start inetd, check /etc/inetd.conf and make sure that you don't mind if all the uncommented services are started. Even if you aren't sure, by default Knoppix allows only local connections to any of these services, so you are safe leaving them uncommented. This example shows you how to get FTP running with inetd.

Start inetd by typing the following command:

knoppix@ttyp0[knoppix]$

sudo /etc/init.d/inetd start 

Now inetd listens on all of the ports configured in inetd.conf for connections. Once a connection is made, inetd starts the corresponding service.

At this point, if you attempt to connect to FTP on this server from another machine on the network, the connection is refused. One reason your attempt fails is because Knoppix disables anonymous FTP by default. A second reason might be because you haven't yet created a password for your knoppix user (with passwd knoppix in a terminal window). Most importantly, however, is that Knoppix uses etc/hosts.deny to disallow any remote connection to inetd services. You must edit /etc/hosts.allow to allow remote connections.

Like most configuration files in /etc under Knoppix, /etc/hosts.allow is a symlink to a read-only file on the CD, so to edit it, you must move it to a backup file and then copy it back. In your /etc/hosts.allow file, you see something like the following:

ALL : 127.0.0.1 LOCAL : ALLOW

ALL : ALL@ALL : DENY

The first field designates which service the rule is going to apply to. In both of these cases, the rule applies to all services. The second field is the list of hosts this rule applies to, in either IP address or hostname form. The third field determines whether this rule allows access or denies access. For example, if you want to allow your local subnet access to your FTP server, add a line reading:

in.ftpd : 192.168.0.* : ALLOW

Notice the use of the wildcard *. This tells hosts.allow to apply this rule to any host with an IP between 192.168.0.1 and 192.168.0.255. Any changes to this file affect any new connections, so you don't need to restart inetd.

5.8.6 NFS

Samba isn't the only filesharing method Knoppix supports. NFS (Network File System), the most commonly used Unix filesharing protocol, is also available. To configure NFS, you must first establish which directories you wish to share. If for instance, you wish to share a mounted filesystem, such as /mnt/hda1, you must make sure that the filesystem is mounted before NFS is started. Also keep in mind that you are unable to unmount this filesystem as long as NFS is running. The /etc/exports configuration file determines which directories are shared by NFS. Edit /etc/exports as root, and add the directories you need to share. The syntax for this file is:

/share/path remote_host(options) 

remote_host can be a particular hostname, IP, or an IP with wildcards, so if you want to share /mnt/hda1 with the entire 192.168.0.* subnet, add the following line to /etc/exports:

/mnt/hda1 192.168.0.*(rw)

To mount an NFS share remotely, you must also allow the remote connections to portmap and mountd in /etc/hosts.allow. (As discussed previously, Knoppix also uses /etc/hosts.allow to allow remote connections to inetd services.) If you haven't already done so, back up /etc/hosts.allow and copy a version back, and add the following two lines to enable NFS access for your local subnet:

portmap: 192.168.0.* : ALLOW

mountd: 192.168.0.* : ALLOW

Now that all of the configuration files are prepared, make sure that any filesystems that must be mounted are mounted, and start the portmap and NFS services:

knoppix@ttyp0[knoppix]$

sudo /etc/init.d/portmap start

knoppix@ttyp0[knoppix]$

sudo /etc/init.d/nfs-kernel-server start

If you want to monitor NFS-mount attempts, be sure to start the syslog daemon and read any error messages in case a connection request is refused.