The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Поиск:  Каталог документации

Next Previous Contents

10. Different Environments - On the Road

10.1 Related HOWTOs

  1. Security-HOWTO
  2. Multiboot-with-LILO-mini-HOWTO
  3. Ethernet-HOWTO
  4. NET-3-HOWTO
  5. Offline-Mailing-mini-HOWTO
  6. Plip-mini-HOWTO
  7. Slip-PPP-Emulator-mini-HOWTO

10.2 Configuration Tools

NetEnv

Do you use your laptop in different network environments? At home? In the office? At a customers site?

If yes, the small package "netenv" might be useful for you. When booting your laptop it provides you with a simple interface from which you can choose the current network environment. The first time in a new environment, you can enter the basic data and save it for later reuse.

Netenv sets up a file containing variable assignments which describe the current environment. This can be used by the PCMCIA setup scheme, e.g. like the one that comes with Debian/GNU Linux and perhaps others.

The netenv data can be used for things like:

  1. Network Device: Configure the network device for different environments.
  2. Choose a proper XF86Config: Think of using your laptop standalone with touchpad vs. connected to a CRT monitor along with an external mouse. For example, a wheel mouse could be used when docked, but the driver is not compatible with the normal trackpoint or touchpad.
  3. Windowmanager: You can set up your windowmanager according to the current location of your machine.
  4. Printing Environment: The netenv data can easily be used to set up the printing environment.

Netenv is available as Debian/GNU Linux package as well as tarball. It depends on dialog(1) for the menu system. It is developed by Gerd Bavendiek bav@rw.sni.de you may get it at http://www.uni-bielefeld.de/~portgym/net/netenv.html .

divine

divine is an utility for people who use their machines in different networks all the time. "The idea is this:

The point about divine in contrast to other solutions is that other solutions normally use ping or something like that. divine can check a large number of networks instantaneously, assuming that the machines you ping answer within one second (.4 seconds are normal on Ethernets). And pinging an unknown address will do an arp request anyway, so why not do an arp request in the first place?"

Mobile IP

From the NET3-4-HOWTO: "The term IP Mobility describes the ability of a host that is able to move its network connection from one point on the Internet to another without changing its IP address or losing connectivity. Usually when an IP host changes its point of connectivity it must also change its IP address. IP Mobility overcomes this problem by allocating a fixed IP address to the mobile host and using IP encapsulation (tunneling) with automatic routing to ensure that datagrams destined for it are routed to the actual IP address it is currently using."

HUT Mobile IP is a dynamical, hierarchical Mobile IP system for Linux operating system. The implementation enables a hierarchical model for IP mobility, thus decreasing the location update times as a mobile host moves. Dynamics system has been designed Wireless LAN technology in mind, and the system has optimized functionality for mobility in WLAN. There is now a mailing list available. You can join it by sending subscribe on the subject line to <dynamics-user-request@cs.hut.fi> - or you can simply check the mail archive.

Resources

  1. Linux Mobile-IP
  2. Linux Mobile IP from HP Labs Bristol by Manuel Rodríguez
  3. MosquitoNet Mobile IP
  4. Mobile IP at NUS
  5. Linux Mobile-IP
  6. Bay Area Research Wireless Access Network (BARWAN)

Sources: Kenneth E. Harker and Dag Brattli

DHCP/BootP

DHCP and BootP are also useful for working in different environments. Please see the DHCP-HOWTO and BootP-HOWTO.

PPPD Options

The pppd command can be configured via several different files: pppd file /etc/ppp/<your_options> .

/etc/init.d

You may even choose to do your configuration by editing the /etc/init.d files manually.

PCMCIA - Schemes

How can I have separate PCMCIA device setups for home and work? This is fairly easy using PCMCIA scheme support. Use two configuration schemes, called home and work. For details please read the according chapter in the PCMCIA-HOWTO by David Hinds.

Bootloaders

LILO

From http://www.mjedev.demon.co.uk/index.html <Martin J. Evans martin@mjedev.demon.co.uk> I have taken this recommendation: The first point to note is that init will take any arguments of the form name=value as environment variable assignments if they are not recognized as something else. This means you can set environment variables from the LILO boot prompt before your rc scripts run. I set the LOCATION environment variable depending on where I am when I boot Linux. e.g.


LILO: linux LOCATION=home

Or
LILO: linux LOCATION=work

Or simply
LILO: linux

where failing to set LOCATION means the same as LOCATION=home (i.e. my default). Instead of typing LOCATION=place each time you boot you can add an entry to your /etc/lilo.conf file and use the append instruction. e.g.
# Linux bootable partition for booting Linux at home
#
image = /vmlinuz
root = /dev/hda3
label = linux
read-only
# Linux bootable partition config ends
#
# Linux bootable partition for booting Linux at work
#
image = /vmlinuz
root = /dev/hda3
label = work
read-only
append="LOCATION=work"
# Linux bootable partition config ends

With the example above you can use "linux" for booting at home and "work" for booting at work.

Armed with the facility above, you can now edit the relevant rc scripts to test ENVIRONMENT before running ifconfig, setting up route etc.

Other Bootloaders

There are several other bootloaders which are often overlooked. Besides LILO, have a look at loadlin, CHooseOS (CHOS) (not GPL), GRand Unified Bootloader (GRUB), System Commander and take a look at ftp://metalab.unc.edu/pub/Linux/system/boot/loaders/. The NT boot loader or OS/2 boot loader may even be used.

X-Windows

From Steve <steve@cygnet.co.uk> I got a configuration for X windows with an external monitor: Note that I have introduced a neat trick! For my nice 17" monitor I start X with no options and get the default 16-bit 1152x864 display - but when using the LCD screen I specify a 15-bit display (startx -- -bpp 15) and get the correct 800x600 resolution automatically. This saves having to have two XConfig files.

E-Mail

A short introduction about how to setup email on a laptop used at home (dial-up) and work (ethernet) by Peter Englmaier <ppe@pa.uky.edu>:

Features

As a laptop user, I have special demands for my email setup. The setup described below, enables me to:

The configuration is based on sendmail, fetchmail, and a remote pop account for email.

Configuration of sendmail

This is the most complicated part. Having installed the sendmail-cf package, I created a file named /usr/lib/sendmail-cf/laptop.mc:


divert(-1)
include(`../m4/cf.m4')
define(`confDEF_USER_ID',''8:12'')
define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')
define(`confDOMAIN_NAME',''pa.uky.edu'')   <---- here you define your domain
OSTYPE(`linux')
undefine(`UUCP_RELAY')
undefine(`BITNET_RELAY')
define(`SMART_HOST',`server1.pa.uky.edu')  <---- there we send outgoing email
define(`LUSER_RELAY',`server1.pa.uky.edu') <---- there we send mail to users my laptop does not know
MASQUERADE_AS(pa.uky.edu)                  <---- again the domain, we want to be seen as
FEATURE(allmasquerade)
FEATURE(nouucp)
FEATURE(nodns)
FEATURE(nocanonify)
FEATURE(redirect)
FEATURE(always_add_domain)
FEATURE(use_cw_file)
FEATURE(local_procmail)
MAILER(procmail)
MAILER(smtp)
HACK(check_mail3,`hash -a@JUNK /etc/mail/deny')
HACK(use_ip,`/etc/mail/ip_allow')
HACK(use_names,`/etc/mail/name_allow')
HACK(use_relayto,`/etc/mail/relay_allow')
HACK(check_rcpt4)
HACK(check_relay3)

This looks more complicated as it is. All it does is, that it redirectes outbound mail to server1 (SMART_HOST) and also mail for local users which are not known (LUSER_RELAY). That way, I can write email to my colleques without using their full email address. More important: the From line in my email points back to my MASQUARADE_AS domain and not directly to my laptop. If this where not the case, email returned with the reply button might not reach me. You must restart sendmail for changes to take effect. Note: this configuration is for Redhat 5.2 systems. You may have to change some details.

Now, all what is needed is to generate the /etc/sendmail.cf file m4 laptop.mc >/etc/sendmail.cf and to add all possible domain names my laptop should respond to in /etc/sendmail.cw:


# sendmail.cw - include all aliases for your machine here.
laptop
laptop.pa.uky.edu
128.17.18.30
guest1
guest1.somewhere.org

It is important to have all aliases in this file, otherwise sendmail will not accept the mail (and will reply we don't relay to the sender). Finally, you must now test the setup by sending email, replying to mail for all possible configurations. Any missconfiguration can result in loss of email.

Configuration for fetchmail on Laptop

One method to get the email into your machine is through fetchmail. Fetchmail periodically checks for new email at one or more remote mail servers. I use the following fetchmail configuration file (in my user home directory): fetchmailrc


set postmaster "myusername"
set daemon 900
poll pop.uky.edu with proto POP3
      user "mypopusername" there with password "mypoppassword" is mylaptopusername here

Fetchmail will just get the the email and send it to sendmail which will it deliver into your /var/spool/mail/$USER file.

Forward E-Mail to the Laptop

On my work station I have the following .forward file:


me@pop.acount.edu,me@server1

Here server1 is the machine where I keep my mailbox. All email is send to the pop account to be picked up later by my laptop (using fetchmail). However, when my laptop is connected via ethernet, I want my email to go directly to the laptop, instead of pop:


me@laptop,me@server1

In both cases, a backup of my email is send to server1 (where I also can read it, in case I cannot get my laptop). I keep/store all email on the laptop.

Switching is done by three script files and a crontab file (on the workstation):

forward_pop


#!/bin/sh
echo "me@pop.acount.edu,me@server1" > ${HOME}/.forward

forward_laptop


#!/bin/sh
echo "ppe@laptop,ppe@server1" > ${HOME}/.forward
crontab ${HOME}/mycrontab
${HOME}/utl/check_laptop

check_laptop


#!/bin/sh
if /usr/sbin/ping -c 1 laptop  >/dev/null 2>&1 ; then
   :
else
   # redirect mail to pop
   ${HOME}/utl/forward_pop
   sleep 10
   if /usr/sbin/ping -c 1 laptop  >/dev/null 2>&1 ; then
      # back to normal
      ${HOME}/utl/forward_laptop
   else
      # deactivate crontab check
      /bin/crontab -l | grep -v check_laptop >${HOME}/tmp/mycrontab.tmp
      /bin/crontab ${HOME}/tmp/mycrontab.tmp
      rm -f ${HOME}/tmp/mycrontab.tmp
   fi
fi

mycrontab


# mycrontab
0,10,20,30,40,50 * * * * ${HOME}/utl/check_laptop

Each time I connect the laptop to the ethernet, I have to run forward_laptop, and each time I disconnect I run forward_pop. In case I forget to run forward_pop, the crontab job runs it for me less then 10 minutes later. To do all that automatically, I change the network script files on my laptop as follows:

/sbin/ifdown (this script runs, whenever a network device is stopped, new stuff between BEGIN and END)


...
fi

# BEGIN new stuff
# turn off forwarding email
mail ppe <<EOF
turning off forwarding email
device = ${DEVICE}
hostname = `hostname`
EOF
if [ "${DEVICE}" = "eth0" -a "`hostname`"
= "laptop" ]; then
  su -lc "ssh -l myusername server1
utl/forward_pop" myusername >& /dev/null
fi
# END new stuff

ifconfig ${DEVICE} down
exec /etc/sysconfig/network-scripts/ifdown-post $CONFIG

Note, that the script checks for the value of hostname. In case, I am connected to a foreign ethernet, my hostname and ip-address will be something else, e.g. guest1.

/etc/sysconfig/network-scripts/ifup-post (this script is run, whenever a network device is started)


# Notify programs that have requested notification
do_netreport

# BEGIN new stuff
# check for email -- I'm using fetchmail for this
if [ "${DEVICE}" = "eth0" -o "${DEVICE}"
= "ppp0" ]; then
   su -lc fetchmail myusername >& /dev/null &
fi

# set clock if connected to ethernet, redirect email
if [ "${DEVICE}" = "eth0" -a dquot;`hostname`" = "zaphod" ]; then
   ( rdate -s server1 ; hwclock --systohc --utc ) >& /dev/null &
   # forward email
   su -lc "ssh -l myusername gradj utl/forward_laptop" myusername >& /dev/null &
fi
# END new stuff

exit 0

Processing Incomming E-Mail with procmail

This step is completely optional. The above described sendmail configuration calls procmail for each received email, but you could have called procmail using the .forward file (see the procmail man page). Procmail is a handy tool to block spam and to sort incomming email.

You need to setup a .procmailrc file to use procmail. See the man page for procmail, procmailrc, and procmailex (examples). My setup demonstrates, how to ignore certain email messages and split email-collections (digest) into pieces:


# -- mail filtering -- procmail is called by sendmail --
PATH=/bin:/usr/bin
MAILDIR=$HOME/Mail
LOGFILE=$MAILDIR/from
# keep in mind:
# use ":0:" when writing to a file
# use ":0"  when writing to a device, e.g. /dev/null, or send email

# - make first a backup of *all* incomming email (but ignore mail tagged below) -
:0 c:
*! ^Sissa-Repro
backup

# - keep only last 50 messages
:0 ic
| cd backup && rm -f dummy `ls -t msg.* | sed -e 1,50d`

# - delete email comming through the 'postdocs' email list, when
# it is not of any interest
:0
* ^From.*postdocs
* ^From.*Ernst Richter
/dev/null
:0
* ^From.*postdocs
* ^Subject.*card charge
/dev/null

# Split mailing list from the sissa preprint server into individual emails
# - this is quite complicated :(   I can flip through the list much
#   faster and ignore preprints which have uninteresting titles. Instead of
#   having to browse through the whole list, my mailer will just present a
#   list of papers.
# 1. split it in individual messages
:0
* ^From no-reply@xxx.lanl.gov
| formail +1 -de -A "Sissa-Repro: true" -s procmail

# 2. reformat messages a bit
# 2.1. extract 'Title:' from email-Body and add to email-header
as 'Subject:'
:0 b
* ^Sissa-Repro
*! ^Subject
TITLE=| formail -xTitle:
:0 a
|formail -A "Subject: $TITLE " -s procmail

# 2.2. store in my incomming sissa-email folder. Here, we could
#      also reject (and thereafter delete) uninteresting 'Subjects'
#      we could also mark more interesting subjects as urgend or send a copy
#      to regular mail box.
:0:
* ^Sissa-Repro
* ^Subject
*! ^replaced with
sissa

BTW, there is a tk GUI tool to configure procmail (I think it is called dotfiles).

Email with UUCP

Another possible solution for Email is to use UUCP. This software was made for disconnected machines, and is by far the easiest solution if you have several users on your laptop (we are talking about Unix, remember?), each with his/her own account.

Unlike what most people think, UUCP does not need a serial connection: it works fine over TCP/IP, so your UUCP partner can be any machine on the Internet, if it is reachable from your network attachment point. Here is the UUCP sys for a typical laptop:

system mylaptop
time any
chat "" \d\d\r\c ogin: \d\L word: \P
address uucp.mypartner.org
port TCP

More Info

Using a Laptop in Different Environments by Gerd Bavendiek . This article appeared in the August, 1997 issue of the Linux Gazette. This is an excellent, short technical article describing an easy way to setup your Linux notebook to boot into different network and printing configurations, especially useful for those who use their machines at home as well as other locations such as in the office, at school, or at a customer site.

10.3 Data Transport Between Different Machines

I don't have experience with this topic yet. So just a survey about some means of data transport and maintaining data consistency between different machines.

Hardware

  1. external harddisks
  2. ZIP drive

Wade Hampton wrote: "You may use MS-DOS formatted ZIP and floppy discs for data transfer. You may be able to also use LS120. If you have SCSI, you could use JAZ, MO or possibly DVD-RAM (any SCSI disc that you could write to). I have the internal ZIP for my Toshiba 700CT. It works great (I use automount to mount it). I use VFAT on the ZIP disks so I can move them to Windows boxes, Linux boxes, NT, give them to coworkers, etc. One problem, I must SHUTDOWN to swap the internal CD with the ZIP."

Software

Version Management Software

Although it is certainly not their main aim, version management software like CVS (Concurrent Version System) are a perfect tool when you work on several machines and you have trouble keeping them in sync (something which is often called "disconnected filesystems" in the computer science literature). Unlike programs like rsync, which are assymetric (one side is the master and its files override those of the slave), CVS accept that you make changes on several machines, and try afterwards to merge them. Assymetric tools are good only when you can respect a strict discipline, when you switch from one machine to another. On the contrary, tools like CVS are more forgetful.

To synchronize two or more machines (typically a desktop and a laptop), just choose a CVS repository somewhere on the network. It can be on one of the machines you want to synchronize or on a third host. Anyway, this machine should be easily reachable via the network and have good disks.

Then, cvs co the module you want to work on, edit it, and cvs commit when you reached a synch point and are connected. If you made changes on both hosts, CVS will try to merge them (it typically succeeds automatically) or give in and ask you to resolve it by hand.

The typical limits of this solution: CVS does not deal well with binary files, so this solution is more for users of vi or emacs than for GIMP fans. CVS has trouble with some Unix goodies like symbolic links.

For more information on CVS, see the Web page. The CVS documentation is excellent (in info format).

CODA Filesystem

The Coda File System is a descendant of the Andrew File System. Like AFS, Coda offers location-transparent access to a shared Unix file name-space that is mapped on to a collection of dedicated file servers. But Coda represents a substantial improvement over AFS because it offers considerably higher availability in the face of server and network failures. The improvement in availability is achieved using the complementary techniques of server replication and disconnected operation. Disconnected operation proven especially valuable in supporting portable computers http://www.coda.cs.cmu.edu/ .

WWWsync

This is a program written in Perl that will update your web pages by ftp from your local pages. This was originally written for updating Demon home-pages, but will work with other providers which provide direct FTP access to your web pages. I didn't check this for laptop purposes yet. You may get the program at http://www.alfie.demon.co.uk/wwwsync/ .

rsync

rsync is a program that allows files to be copied to and from remote machines in much the same way as rcp. It has many more options than rcp, and uses the rsync remote-update protocol to greatly speedup file transfers when the destination file already exists. The rsync remote-update protocol allows rsync to transfer just the differences between two sets of files across the network link.

Xfiles - file tree synchronization and cross-validation

Xfiles is an interactive utility for comparing and merging one file tree with another over a network. It supports freeform work on several machines (no need to keep track of what files are changed on which machine). Xfiles can also be used as a cross-validating disk <-gt; disk backup strategy (portions of a disk may go bad at any time, with no simple indication of which files were affected. Cross-validate against a second disk before backup to make sure you aren't backing up bad data).

A client/server program (GUI on the client) traverses a file tree and reports any files that are missing on the server machine, missing on the client machine, or different. For each such file, the file size/sizes and modification date(s) are shown, and a comparison (using Unix diff) can be obtained. For files that are missing from one tree, similarly named files in that tree are reported. Inconsistent files can then be copied in either direction or deleted on either machine. The file trees do not need to be accessible via nfs. Files checksums are computed in parallel, so largely similar trees can be compared over a slow network link. The client and server processes can also be run on the same machine. File selection and interaction with a revision control system such as RCS can be handled by scripting using jpython. Requirements Java1.1 or later and JFC/Swing1.1 are needed. Xfiles.

sitecopy

Sitecopy is for copying locally stored websites to remote web servers. The program will upload files to the server which have changed locally, and delete files from the server which have been removed locally, to keep the remote site synchronized with the local site, with a single command. The aim is to remove the hassle of uploading and deleting individual files using an FTP client. sitecopy .

KBriefcase

The KDE tool Kbriefcase tries to achieve a similar goal as the Windows briefcase, but in a different way. Rather than pulling your files from the desktop, they are pushed to the laptop. You drag a file from the local location to the briefcase. You are then asked for the remote path to copy it to. It will then copy the file to the remote location and make the original read-only. When you restore and remove, the file is copied back and write permissions are given back. The read-only status, of course, makes sure you don't start editing the file again before you've brought your changes back from the remote location.

10.4 Security in Different Environments

Introduction

I am not a computer security expert. Please read the Security-HOWTO for more information. I just collected some information below. Note, these means are just small steps to additional security, though I recommend that you use them.

LASG Please read Linux Administrator's Security Guide (LASG) - FAQ by Kurt Seifried.

Means of Security

  1. International Kernel Patch: The idea of the International Kernel Patch is to collect all crypto patches so that using crypto in the kernel will be easier than today. The patch includes a number of crypto patches including a crypto API including Blowfish, CAST-128, DES, DFC, IDEA, MARS, RC6, Rijndael, Safer, Serpent, and Twofish, an encrypted filesystem loopback device using the crypto API, CIPE VPN and EnSKIP patches.
  2. Kennsington Lock: AFAIK proprietary lock solution with different laptops http://www.kennsington.com
  3. SmartCards: by DESKO http://www.desko.de are not available for Linux yet. The only available laptop with a SmartCard builtin is the Siemens Scenic Mobile 800.
  4. User passwords: can be easily bypassed if the intruder gets physical access to your machine
  5. BIOS passwords: are also easily crackable, though sometimes harder than with desktops
  6. Name plates: to reduce the possibility of theft, you may want to have a nameplate made and affixed to the cover of the laptop. A nice one will cost you about $12, and can be made by any good trophy shop. They'll glue it on for you too. You could use double-sided tape instead, but glue is more permanent. You may even make an engravement into the laptop cover.
  7. Boot loader: a boot loader may be used to put your name and phone number (or whatever text you choose) into the boot sequence before the operating system is loaded. This provides a label that can't be removed by editing files or even doing a simple format of the harddisk.
  8. Antivirus policy: I have seen an antivir RPM somewhere. Check the BIOS for an option to disable writing at the boot sector.
  9. Database of stolen laptops: I have provided a survey of databases for stolen laptops.
  10. Laptop as a security risk itself: Since a laptop can easily be used to intrude a network, it seems a good policy to ask the system administrator for permission before connecting a laptop to a network.
  11. Secure Protocol: When connecting to a remote server always use a secure protocol.

10.5 Dealing with Down Times (Cron Jobs)

A cron-like program that doesn't go by time: anacron (like "anac(h)ronistic") is a periodic command scheduler. It executes commands at intervals specified in days. Unlike cron, it does not assume that the system is running continuously. It can therefore be used to control the execution of daily, weekly and monthly jobs (or anything with a period of n days), on systems that don't run 24 hours a day. When installed and configured properly, anacron will make sure that the commands are run at the specified intervals as closely as machine-uptime permits.

hc-cron This program is a modified version of Paul Vixie's <paul@vixie.com> widely used cron daemon. Like the original program it runs specified jobs at periodic intervals. However, the original crond relies on the computer running continuously, otherwise jobs will be missed. This problem is addressed by hc-cron, that is indended for use on home-computers that are typically turned off several times a day; hc-cron will remember the time when it was shut down and catch up jobs that have occurred during down time when it is started again. Felix Braun <fbraun@atdot.org> is the author of the programm, it is available at http://metalab.unc.edu /pub/Linux/system/daemons/cron .

10.6 Noise Reduction

Due to the proliferation of cellular phones and walkmans it's not quite common in our days to take care of a quiet environment. Anyway I want to give some recommendations for the polite ones.

Console (Shell) and X

For the console setterm -blength 0 and for X xset b off turns the bell off. See also PCMCIA-HOWTO, and much more details in the Visible-Bell-mini-Howto by Alessandro Rubini.

PCMCIA

When starting your laptop with PCMCIA-CS configured correctly, this will be shown by two high beeps. If you want to avoid this put CARDMGR_OPTS="-q" into the PCMCIA configuration file, e.g. /etc/pcmcia.conf for Debian/GNU Linux.

To avoid the dialtones during the modem dialing add


     module "serial_cs" opts "do_sound=0"

to /etc/pcmcia/config.opts (from man serial_cs). This will disable speaker output completely, but the ATM command should let you selectively control when the speaker is active.

Miscellaneous Applications

You may configure vi with the flash option, so it will use a flash in case of an error, instead of a bell.

For at least one laptop series, the Toshiba models, there seems to be a Linux package available to control the fan and other features.


Next Previous Contents


Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру