Linux Configuration Notes
From Smithnet
This page contains a summary of changed config files on Fedora 12 linux, and a few example config entries and/or useful commands.
Disk Management
MD RAIDs
Create an array of 2 disks in a RAID1 (mirror):
mdadm --create /dev/md0 -l 1 -n 2 /dev/sdb1 /dev/sdc1
Monitor status with:
mdadm --detail /dev/md0 cat /proc/mdstat
Ensure RAID is detected at boot time:
mdadm -Es >> /etc/mdadm.conf
Remove a device from an array:
mdadm --remove /dev/md0 /dev/sdb1
Fail a drive in an array:
mdadm --fail /dev/md0 /dev/sdb1
Add a device to an array:
mdadm --add /dev/md0 /dev/sdb1
The /etc/cron.weekly/99-raid-check script can sometimes report:
WARNING: mismatch_cnt is not 0 on /dev/md1
The actual mismatch count can be found:
cat /sys/block/md1/md/mismatch_cnt
A repair and rebuild can be:
echo repair > /sys/block/md1/md/sync_action echo check > /sys/block/md1/md/sync_action
Grub
When installing on a RAID 1 mirror for the OS grub boot loader only installs on the first disk, so it that fails you can't boot off the second. To copy loader to the second disk:
grub> find /grub/stage1
This should find (hd0,0) and (hd1,0) which correspond for /dev/sda and /dev/sdb. Then temporarily make sdb the first disk and install:
device (hd0) /dev/sdb root (hd0,0) setup (hd0)
LVM
Physical Volumes
To create a PV out of two partions:
pvcreate /dev/sdc1 /dev/sdd1
To show current PVs:
pvscan
Volume Groups
To create a VG:
vgcreate vg00 /dev/sd[cd]
To show all current VGs:
vgscan
To show details of a VG (including free PEs):
vgdisplay vg00
To extend a volume group by adding a new PV:
vgextend vg00 /dev/sde
To make a volume group available:
vgchange -ay vg00
Logical Volumes
To create a new LV:
lvcreate --size 100M vg00 -n lv00
or change --size option to --extents 500 or --extents 60%VG or --extents 100%FREE
To rename a LV in VG vg01:
lvrename vg00 lvold lvnew
To remove a LV:
lvremove vg00/lv01
To show current LVs:
lvscan
Filesystem creation
To format with 1% minfree, large file support (see types in /etc/mke2fs.conf), journalling and a label:
mkfs.ext4 -m 1 -T largefile4 -j -L /home /dev/mapper/vg00-lv00
To alter the label:
e2label /dev/sda newlabel
To mount at boot time, enter in
- /etc/fstab
SCSI Rescan
To rescan for SCSI devices without reboot (host0 and host1 are IDE channels):
echo "- - -" > /sys/class/scsi_host/host2/scan
or:
echo "scsi add-single-device H B T L" > /proc/scsi/scsi
UDEV
Rules files in /etc/udev/rules.d
Display device attributes with:
udevadm info --query=env --name=/dev/sdg
See also: Udev Rules
IPMI
Packages: ipmitool, collectd-ipmi, OpenIPMI
- Run ipmi service to create /dev/ipmi0
- Run ipmievd service to log IPMI events to /var/log/messages
Running ipmitool:
ipmitool -I open chassis status System Power : on Power Overload : false Power Interlock : inactive Main Power Fault : true Power Control Fault : false Power Restore Policy : previous Last Power Event : Chassis Intrusion : inactive Front-Panel Lockout : inactive Drive Fault : false Cooling/Fan Fault : false
Also:
- ipmitool -I open sdr list
- ipmitool -I open sel list
- ipmitool -I open chassis identify 1
- ipmitool -I open chassis identify 0
See also here
Misc Configuration
Control booting:
- /etc/grub/grub.conf
Other things:
- /etc/selinux/config
- /etc/motd
- /etc/issue
- /etc/issue.net
- /etc/modprobe.d (add aliases and add blacklist for rt2500usb)
- /etc/smartd.conf
- /etc/sysctl.conf (turn on IP forwarding)
To allow root to login to the UI, comment out the lines in:
- /etc/pam.d/gdm
- /etc/pam.d/gdm-passwd
Serial
USB to serial adapter, appears as: /dev/ttyUSB0
- /etc/ser2net.conf
Amanda Backup
Set "disable no":
- /etc/xinetd.d/amanda
Deny Hosts
- /etc/denyhosts.conf
- /var/lib/denyhosts/allowed-hosts
SSH key login
ssh-keygen -t rsa
and accept default location, no passphrase. This generates private key (id_rsa) and public key (is_rsa.pub) in ~/.ssh. Copy content of pub key to remote host under ~/.ssh/authorized_keys. Ensure file has permissions 600, directory 700.
NFS
/etc/exports file:
/home *.mydomain.com(rw)
- /usr/sbin/exportfs -a
Mount on client, in /etc/fstab:
192.168.1.1:/share/somedir /dir nfs defaults 0 0
General Networking
- /etc/hosts
- /etc/resolv.conf
- /etc/sysconfig/network
- /etc/sysconfig/network-scripts/ifcfg-<interfacename>
- /etc/sysconfig/iptables
- /etc/ntp.conf
- /etc/nsswitch.conf
- /etc/login.defs
DHCP
- /etc/dhcpd.conf
Outgoing SMTP
- /etc/mail/access
- /etc/mail/local-host-names
- /etc/aliases
(also start up saslauthd)
- /etc/mail/sendmail.mc (add SSL certs and allow relaying if authenticated)
MASQUERADE_AS(`smithnet.org.uk')dnl MASQUERADE_DOMAIN(smithnet.org.uk)dnl INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav-milter/clamav.sock, F=, T=S:4m;R:4m')dnl define(`confINPUT_MAIL_FILTERS', `clmilter') define(`confAUTH_OPTIONS', `A p y')dnl TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
and add SSL certs
Dovecot (POP and IMAP)
- /etc/dovecot.conf
Webmail
- /etc/squirrelmail/config_local.php
- /etc/squirrelmail/config.php
- Run /usr/share/squirrelmail/config/conf.pl
Also, the maximum size for PHP POSTs (eg attachment uploads) is set in /etc/php.ini with:
- post_max_size = 10M
Spamaassassin
- /etc/sysconfig/spamassassin
- /etc/mail/spamassassin/local.cf
Point /etc/procmailrc to:
- /etc/mail/spamassassin/spamassassin-spamc.rc (choose to delete spam)
Install pyzor
DNS
- /etc/named.conf
- /var/named/chroot/var/named/slaves/*
The key that is used by DHPCD to update DNS server (/etc/rndc.key) is generated by:
dnssec-keygen -a hmac-md5 -b 256 -n HOST /etc/rndc.key
NUT
Define the mode to be standalone in:
- /etc/ups/nut.conf
Define the serial connection in /etc/ups/ups.conf
[ups1] driver = apcsmart port = /dev/ttyS0 cable = 940-1524C
Specify a MONITOR and NOTIFYCMD line in:
- /etc/ups/upsmon.conf
- /etc/ups/upsnotify.sh – customer state change script
Specify user account details in
- /etc/ups/upsd.users
Bonded Network Interfaces
Ensure the driver is loaded, in /etc/modprobe.d/bonding:
alias bond0 bonding options bond0 mode=1 miimon=100 primary=eth0
The mode is: 0=balance-rr / 1=active-backup / 2=balance-xor / 3=broadcast / etc
Setup bond device in /etc/sysconfig/network-scripts/ifcfg-bond0:
DEVICE=bond0 ONBOOT=yes BOOTPROTO=none IPADDR=... NETMASK=... USERCTL=no
Setup master device(s) in /etc/sysconfig/network-scripts/ifcfg-eth0, etc:
DEVICE=eth0 ONBOOT=yes BOOTPROTO=static MASTER=bond0 SLAVE=yes BROADCAST=... HWADDR=... IPADDR=... NETMASK=... NETWORK=...
Postgres
Connection
To allow connections from specific IPs/networks, confirgure in
- /var/lib/pgsql/data/pg_hba.conf
host all all 0.0.0.0/0 md5
to allow all IPs to authenticate to all DBs with MD5 passwords.
Backup and Restore
db_dump -h localhost -p 5432 -d DATABASE -U postgres -f /tmp/db.dmp pgsql -h localhost -p 5432 -d DATABASE -U postgres < /tmp/db.dmp
MySQL
After install: mysqladmin -u root password 'newpassword'
- /etc/my.cnf
ClamAV
Use the clamav-milter-sysvinit for traditional startup, ie the packages:
- clamav-lib, clamav-server, clamav, clamav-filesystem, clamav-update, clamav-milter-sysvinit, clamav-server-sysvinit, clamav-data, clamav-milter, clamav-scanner, clamav-scanner-sysvinit
- /etc/clamd.d/scan.conf
- /etc/freshclam.conf
- /etc/sysconfig/freshclam
- /etc/mail/clamav-milter.conf (set socket to MilterSocket /var/run/clamav-milter/clamav.socket)
- /etc/mail/sendmail.mc (add INPUT_MAIL_FILTER to point to clamav.socket)
(No longer in F11: /etc/clamav-signature)
To perform a command line scan:
- clamscan -r /somedir
Change the permissions on /var/run/clamd.scan to allow the milter access to the socket file (o+x)
Apache
- /etc/httpd/conf/httpd.conf
- /etc/httpd/conf.d/perl.conf
- /etc/httpd/conf.d/python.conf
- /etc/httpd/conf.d/ssl.conf
- /etc/httpd/conf.d/proxy_ajp.conf to connect to Tomcat over AJP
- delete /etc/httpd/conf.d/squirrelmail.conf and include in ssl.conf only
Mediawiki
- Install packages
- Create a DB user
- Use the wizard presented in http://server/wiki
- mv /var/www/wiki/LocalSettings.php /var/www//wiki (and customise)
- Delete /var/www/wiki/config
- Ensure $IP/images/math and $IP/images/tmp exist and are owned by apache:apache
- Run: /usr/lib/mediawiki/math/texvc /tmp /tmp "y=x+2" (a PNG should be created in /tmp).
- Move /root/.texlive2007/texmf-var/web2c/pdftex/latex.fmt to $IP/images/tmp
Customisations:
# Logo, 135x135 pixels
$wgLogo = "/smithnet_wiki.gif";
# Anonymous users cannot edit
$wgGroupPermissions['*']['edit'] = false;
# Restrict account creation
$wgGroupPermissions['*']['createaccount'] = false;
# Set Math options
#$wgMathDirectory = "{$wgUploadDirectory}/math";
$wgTexvc = '/usr/lib/mediawiki/math/texvc';
#
# Debug
#
#$wgDebugLogFile = "/tmp/wiki.log";
#$wgShowExceptionDetails = true;
SSL Certificates
Setup for a Certification Authority
Edit SSL Template: /etc/pki/tls/openssl.cnf
default_days stateOrProvinceName_default localityName_default O.organizationName_default organizationalUnitName_default
To enable CA creation, change: x509_extensions from usr_cert to v3_ca
Create new CA certificate under /etc/pki/CA
rm –rf /etc/pki/CA cd /etc/pki/tls/misc ./CA -newca (enter CA passphrase, no challenge passphrase)
A CA key is created in /etc/pki/CA/cacert.pem and private key in /etc/pki/CA/private/cakey.pem This cacert.pem can be distributed to be imported into browsers (eg SmithnetCA.crt) A CSR created in /etc/pki/CA/careq.pem for submission to (eg) cacert.org
Certification Signing Request
Create a CSR:
./CA -newreq (enter PEM passphrase, no challenge password)
newkey.pem and newreq.pem are created in the current directory
Self-sign the certificate
Create a Self-Signed Certificate for Apache:
./CA -sign (Enter CA password)
Newly signed certificate is in newcert.pem. The newreq.pem can now be discarded. Save newcert.pem > smithnetCA/smithnetcert.pem (Public) and newkey.pem > smithnetCA/smithnetkey.pem (Private)
- Copy public certificate newcert.pem to /etc/pki/tls/certs/wwwsmithnet.crt
- Copy private key newkey.pem to /etc/pki/tls/private/wwwsmithnet.key
Edit /etc/httpd/conf.d/ssl.conf to point SSLCertificateFile and SSLCertificaterKeyFile (respectively) to the above.
HTTPD Startup script will prompt for CA password. To remove this:
cd /etc/pki/tls/private cp smithnet.key smithnetkey.orig openssl rsa -in smithnet.key.orig -out smithnet.key
and ensure keys are readable by root only.
Repeat generation of other certificates (for imap, sendmail, ladp etc) from the CA –csr stage.
OpenLDAP
General Server Configuration
- /etc/sysconfig/ldap
- /etc/openldap/slapd.conf
- Runtime Configuration: /etc/openldap/slapd.d
To generate password for rootdn:
slappasswd -h {MD5}
To add structural elements within an ldif file:
ldapadd -f init.ldif -x -D "cn=Manager,dc=example,dc=org,dc=uk" -W
where these elements are:
# Top level organisation dn: dc=example,dc=org,dc=uk objectClass: dcObject objectCLass: organization dc: example o: ExampleOrganisation description: Example Organisation
dn: cn=Manager,dc=example,dc=org,dc=uk objectClass: organizationalRole cn: Manager description: Directory Administrator
dn: ou=People,dc=example,dc=org,dc=uk ou: People objectClass: organizationalUnit
dn: ou=Users,ou=People,dc=example,dc=org,dc=uk ou: People objectClass: organizationalUnit
dn: ou=Groups,dc=example,dc=org,dc=uk ou: Groups objectClass: organizationalUnit
Convert slapd.conf to RTC:
slaptest -f slapd.conf -F slapd.d
Exporting
- slapcat -l dbexport.ldif -b "dc=example,dc=org,dc=uk"
Importing
- Shutdownd LDAP server
- slapadd -l dbexport.ldif
Command Line Clients
- /etc/openldap/ldap.conf
Example Searches:
ldapsearch -xLLL -D "cn=Manager,dc=Example,dc=org,dc=uk" -W -b 'dc=example,dc=org,dc=uk' '(objectclass=*)' ... '(&(objectclass=posixAccount))(cn=Nick*))' uid gid loginShell ... '(&(objectclass=Person)(|(cn=mary smith*)(givenname=mary smith*)(sn=mary smith*)(mail=mary smith*)))'
LDAP account authentication
Configure PAM LDAP client:
- /etc/ldap.conf
base ou=Users,ou=People,dc=example,dc=org,dc=uk pam_filter objectclass=posixAccount pam_check_host_attr no
- /etc/ldap.secret (root DN password)
Populate the LDAP directory with User nodes with objectClasses:
- top
- inetOrgPerson
- posixAccount
- shadowAccount
Populate attribues, including:
- cn - the person's common name (eg "Nick Smith")
- givenName - the person's first name
- sn - the person's surname
- uid - the person's username
- uidNumber - the person's numberical ID
- mail - the person's email address
Populate the LDAP directory with Group nodes with objectClasses:
- posixGroup
Populate attribues, including:
- cn - the group name (eg "users")
- gid - the person's username
- gidNumber - the group's numberical ID
- memberUid - repeated attribute holding uid entries of User nodes belonging to this group
The file /etc/pam.d/system-auth should contain sections like:
account sufficient pam_ldap.so
after the pam_unix module for the auth, account, password and session types.
auth required pam_env.so auth sufficient pam_fprintd.so auth sufficient pam_unix.so nullok try_first_pass auth sufficient pam_ldap.so try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so
to allow LDAP authentication after local accounts.
The file /etc/pam.d/sshd can contain:
session required pam_selinux.so close session include system-auth session required pam_mkhomedir.so skel=/etc/skel/ umask=0077 session required pam_loginuid.so
to allow a skeleton directory to be created at first login.
The service name is the filename, the type being:
- auth - User authentication (eg by password), and can grant group membership etc
- account - Non-authenticated account management (eg allow/deny access based on time of day)
- password - Updating the security token from the user
- session - Performing actions before/after giving the user the service
The control field is one of:
- required - Failure of this module will mean the API returns failure, only after stacked modules have been invoked
- requisite - Like required but returns immediately
- sufficient - Sucess of the module is deemed enough to return sucess immediately. Failure of the module will not return a fatal messag from the API immediately.
- optional - The sucess or fialure of this modules is only important if it is the only one in the stack
- include - Include all lines of a given type from the specified file
Full details here.
Ensure /etc/nsswitch.conf has:
passwd: files ldap shadow: files ldap group: files ldap
Recovery and Backup
If the system gets corrupt (eg power loss):
service ldap stop cd /var/lib/ldap db_recover . service ldap start
Samba
General
Configuration in /etc/samba/smb.conf, for domain controller:
- security = user
- domain master = yes
- domain logon = yes
test configuration with:
testparm -v
OpenLDAP Integration
Overview
Reference: samba
Unique identifiers are defined for users, groups and computers - based on the domain SID plus a RID (Relative ID). RIDs for groups may be one of several well-known values, defined for things like Domain Users. See here for a list. User and Group RIDs must be unique: it is not allowed to have a RID common to a group and a user object.
Computer and user objects added with smbldap-useradd take the domain object's uidNumber as a base, and increment for each addition.
Domain objects of class sambaDomain, contain attributes such as:
- uidNumber - next available uidNumber for users and computers
- sambaSID - the unique SID that is the basis of user and group SIDs
- sambaDomainName - the name of this domain
- sambaNextRid - The next available RID
- sambaAlgorithmicRidBase - The starting point for RID increments
User objects will have additional attributes such as:
- sambaSID - the unique SID
- NTPassword, NTLMPassword - password stored in a different format that the unix password
- sambaPrimaryGroupSID - SID of the user's primary group
- sambaAcctFlags - Account flags: "[U ]" for user (see here)
Group objects will have additional attributes such as:
- sambaSID - the unique
- memberUid - multiple entries containing the user IDs of users that are part of this group
Computer objects of class sambaSamAccount contain attributes such as:
- uid - computer name with appended "$"
- uidNumber -
- gidNumber - Correponds to the "Domain Computers" group
- sambaSID - The unique SID (the RID is the UID number)
- sambaNTPassword - Periodically the computer logs into the domain to check it is still part of it (and changes this)
- sambaAcctFlags - Account flags: "[W ]" for workstation
Setup
Add to /etc/openldap/slapd.conf:
- include /etc/openldap/samba.schema
Ensure users are able to modify their Samba password attributes:
access to attrs=userPassword,sambaNTPassword,sambaLMPassword
by dn="cn=admin,dc=example,dc=org,dc=uk" write
by self write
by * auth
- enable the LDAP backend:
passdb backend = ldapsam:ldap://localhost) ldap admin dn = cn=admin,dc=example,dc=org,dc=uk ldap suffix = dc=example,dc=org,dc=uk ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* add user script = /usr/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
Store the LDAP admin DN password within samba (stored in secrets.tdb):
smbpasswd -w secretpw
Install the smbldap-tools package.
Get the local PDC SID with:
net getlocalsid
The SID can be changed with:
net setlocalsid S-1-5-21-4167008...
Edit /etc/smbldap-tools/smbldap.conf
- Update the SID
- Update connection to LDAP server if not local
- LDAP suffix, usersdn, computersdn, idmapdn, mainDomain
- Set userSmbHome, userProfile, userHomeDrive, userScript to be blank to use smb.conf settings
Enter the admin DN and password in /etc/smbldap-tools/smbldap_bind.conf.
Populate LDAP
Run (specifying the UID and GID of the domain entry that will be created):
smbldap-populate -u 5000 -g 5000
At the prompt enter the domain root password - does not have to be the same as Unix root's password.
Add a n user (UID j.smith) with:
smbldap-useradd -a -m -M john -c "John Smith" -N John -S Smith j.smith
where the options are:
- -a allows Windows as well as Linux login
- -m makes a home directory, leave this off if you do not need local access
- -M sets up the username part of their email address
- -c specifies their full name
- -S specifies their surname
- -N specifies their given name
Also, the UID and GID can be specified with the -u and -g options.
Add an account for computer "owl":
smbldap-useradd -w owl
This will create an object under ou=Computers with a CN with appended "$" (defines a computer).
Add a workstation to the domain:
- Log in with the local Administrator account
- Change to member of the defined deomain, use the username "root" and the domain root password
- Reboot and log in with a domain user account
Indexes
Additional indexes can be added for the samba attributes in /etc/openldap/slapd.conf:
index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub
and initialise the indexes (as ldap user):
slapindex -f /etc/openldap/slapd.conf
Squid
Configure /etc/squid.conf with the settings:
- cache_mgr
- cache_dir
- visible_hostname
- cache_mem
- maximum_object_size
- maximum_object_size_in_memory
and an ACL.
In order for browsers to "autodetect proxy settings":
- Set a CNAME alias of wpad to the squid host
- Add to DHCP an option type 252 with value "http://proxy.blah/wpad.dat "
Create the file wpad.dat in the docroot of the proxy server's web server:
function FindProxyForURL(url, host)
{
if (isPlainHostName(host) ||
dnsDomainIs(host, ".example.com") || (host == "example.com") ||
isInNet(host, "192.168.8.0", "255.255.255.0"))
// No proxy for unqualified, example-domain servers, or on particular network
return "DIRECT";
else
// All other servers should use proxy, or direct as fallback
return "PROXY proxy.example.com:8800; DIRECT";
}
News (Innd)
/etc/news/inn.conf, setting:
- organization
Kerberos
Components of Kerberos:
- KDC - Key Distribution Center (Password verification, kerberos credentials)
- TGT - Ticket Granting Ticket (Keb credential). Typically have lifetimes of 10 to 24 hours.
- KAD - Kerberos Admin Daemon (Password changes, modification of accounts, etc)
Also:
- Requires acurrate time sync, so NTP is recommended.
- Each account on computers must have same UID/GID "Kerberos Principal"
Define Realm, ports and DNS mapping:
- krb5.conf
Initialise Krb database (and enter master password):
kdb5_util create -s
Also, creates initial principal:
kadmin.local: listprincs
Define a policy for password expiry:
kadmin.local: add_policy -maxlife 180days -minlife 2days -minlength 8 -minclasses 3 -history 10 default
Add an admin principal:
kadmin.local: addprinc john/admin
Start the krb5kdc service
Get a kerb ticket, and then view the details:
kinit john/admin@EXAMPLE.COM klist
[... to be completed ...]
INND
Configuration files in /etc/news
inn.conf:
- organization
- server (where to push locally created messages)
- pathost (local FQDN)
- domain
incoming.conf (what machines we'll accept messages from): readers.conf (control who can access the server) localgroup (define local newsgroups)
CUPS
- /etc/cups/cupsd.conf (add a Listen for non-localhost, and access controls)
Icecast & Darkice
Icecast server
- /etc/icecast.xml
Icecast source:
- /etc/darkice.cfg
Tomcat
- conf/server.xml (define required connectors)
- conf/tomcat-users.xml (Add a user with role "manager")
OpenNMS
Follow instructions here
$OPENNMS_HOME/bin/install -y -w /opt/tomcat/conf/Catalina/localhost
In the /opt/opennms/conf/opennms.properties
- Comment out org.opennms.netmgt.jetty.port
- 8980 ports to the Tomcat 8088 connector port
- Comment out the jetty configuration in /opt/opennms/etc/service-configuration.xml
- Remove DHCP service in service-configuration.xml
- IP range to discover in discovery-configuration.xml
Database connection to Postgres in:
- /opt/opennms/etc/opennms-datasources.xml
OpenCMS
- Deploy WAR
- Setup wizard in /opencms/setup
- Default user: Admin/amin at http://localhost:8080/opencms/opencms/system/login/
OWFS
- Unpack source, then:
./configure mv libtool libtool.orig ln -s /usr/bin/libtool libtool make make install /opt/bin/owfs --usb /owfs
Virtual Box
Listing Configuration
VBoxManage list hdds VBoxManage list vms VBoxManage list runningvms VBoxManage list systemproperties
Create a VM
This creates a bridged network VM booted off a local ISO file, with a 10GB hard disk:
VBoxManage createvm --name 'Rabbit' --register VBoxManage modifyvm "Rabbit" --memory "512MB" --vram "16MB" --hwvirtex off --cpus 1 --acpi on --boot1 dvd --nic1 bridged VBoxManage modifyvm "Rabbit" --bridgeadapter1 bond0 VBoxManage modifyvm "Rabbit" --nictype1 82540EM VBoxManage createhd --filename "Rabbit.vdi" --size 10240 --remember VBoxManage modifyvm "Rabbit" --hda "Rabbit.vdi" VBoxManage modifyvm "Rabbit" --vrdpport 339X VBoxManage openmedium dvd /vm/WinXP.iso VBoxManage modifyvm "Rabbit" --dvd /vm/WinXP.iso
Importing a VM
Copy to /vm/VirtualBox/Rabbit
VBoxManage registervm Machines/Rabbit/Rabbit.xml
Delete a VM
VBoxManage unregistervm Rabbit --delete
Starting a VM Headless
VBoxHeadless --startvm Rabbit
and then use RDP client to connect to console on the port specified for the VM (3389 is the default).
Controlling States
VBoxManage controlvm Rabbit pause|resume|reset|poweroff|savestate|acpipowerbutton|acpisleepbutton
DVD Management
VBoxManage modifyvm Rabbit --dvd none VBoxManage closemedium dvd /vm/WinXP.iso VBoxManage controlvm Rabbit dvdattach none VBoxManage controlvm Rabbit dvdattach /path/file.iso
Guest Additions
Mount the ISO under:
- /usr/share/virtualbox/VBoxGuestAdditions.iso
