Build a Linux Appliance, Part 2--The Extras

Part 1

Now, in Part 2 of this TechBuilder Recipe, I will show you how to set up software installed with the Fedora Core 2 (FC2) Linux appliance described in Part 1. I'll also show how to expand the appliance to let users watch movies and videos; listen to music online; attach digital cameras; send and receive instant messages with software for AIM, ICQ, MSN and other networks; backup if a CD/DVD recorder is installed; and provide even better security.

Ingredients

Here's what you'll need:

• A computer set up according to Part 1 of this Recipe.
• An Internet connection, preferably broadband.
• Any camera or CD/DVD burner you plan to install.

Installed Software Setup

Many types of software are bundled with the standard FC2 installation. The main ones of interest are mail clients, Web browsers, and a Microsoft Office-compatible (though with issues) office suite installed with the OS. Here are the details:

• Browser: FC2 gives you Mozilla. It's simply yet another Web browser, so just use it like any other.
• Regular User Mail: Decide whether to set up the default Evolution client or Kmail, a less elaborate program that I prefer. Either way, it's just another mail client. Set it to Simple Mail Transport Protocol (SMTP) to send mail, and to POP3 to receive.
• Setting up a root mail account: A root account for mail is mainly a way to get to the internal network-process information when various processes inform the administrator (via e-mail to root@localhost) that something did or didn't happen. Most messages sent by applications to root will be of no interest whatsoever to an end user.
• The easiest way to read the log messages is to first log in as root and open kmail from a terminal window: the command is simply kmail. Then set the Receive mailbox type to local. Finally, check the mail. There is no reason to set up the send part of the root account; your user isn't going to be root anywhere but on that box.
• While the user can have access to this if they really want it, ordinarily the log account will be generating messages of primary interest only to the person servicing the machine. The problems an end user are going to be mainly concerned with is "it crashed" or "I can't get to the Net." Such users are more likely to be confused than anything else by routine log messages. This is one of those things that you'll want to be able to ask users, "Can you check...?" over the phone.
• OpenOffice Writer (OO-Writer): OpenOffice is just another GUI word processor. A user with Word experience should have no trouble switching over. That said, there is a built-in default you may want to turn off: the word processor completes words for the user, often incorrectly. To turn off this feature: Tools > AutoCorrect/AutoFormat > Word Completion > tab > Enable word completion checkbox OFF.
• Instant Messenger: Called Gaim, it's part of the default FC2 installation. Gaim can handle AIM (Oscar and TOC protocols), ICQ, MSN Messenger, Yahoo, IRC, Jabber and more. To launch this feature: Start > Internet > IM (Gaim)
• The user will need to set up an account for their intended IM service provider from the Web. You can get more information about this directly from the Gaim site.

Other Internet Applications

This section is more for completeness than anything else. The average user probably won't be interested, particularly since any browser can generally pick up anonymous FTP. But if you want to add Usenet newsgroups and FTP file downloading, here's how:

Install as root from terminal:

Usenet newsgroups: Pan " GUI news client

yum install pan

FTP (file downloading): Kasablanca " GUI ftp client:

yum install kasablanca

Multimedia Installation Overview

Preparation: Replace the /etc/yum.conf file with the yum.conf file you can copy-and-paste from below. This file also replaces the yum.conf mods in the Painless Multimedia For Linux article. Use the following yum.conf file below instead.

======== cut

======== paste

Do this by:

• Log in as root.

cd /home/username
nano yum.conf

• Copy the above into the Clipboard, everything between cut / paste lines.
• Right-click to open the right-click menu and select Paste
• Hit control-X to exit
• At this prompt:

Save modified buffer:

• type

y
cp yum.conf /etc/yum.conf

• When the prompt asks if you want to overwrite existing file, type

y

• You're done.

Note: Figuring out dependencies--that is, which program components in various libraries have to be installed to install complex software packages--takes lots of CPU cycles and time. The machine will slow to a crawl while this is going on. Even the visible clock may stall from time to time. I recommend bringing along a good book!

The top utility shows which processes are taking the largest chunks of resources from the computer. Ordinarily, when a command that doesn't return apparently instantaneous results operates, it may seem that nothing happens until the command completes. Some commands are so resource-intensive that the computer seems to freeze. The top utility will show you whether the computer has crashed or whether it's just very, very busy.

Getting out of a program crash: While Linux is generally stabler than Windows, installation is one of the most likely places for Linux to crash. If the system really looks locked up, open a terminal window and: top . Don't worry if it takes a few minutes to come up. But if it takes longer than 10 minutes, think about rebooting; chances are, the computer has indeed crashed. Look for stopped and zombie processes.

top shows a scrolling display of the most resource-intensive processes. If it does this while you're installing via yum, you'll probably see it running 60% to 75% CPU usage. This is normal.

Another useful command is ps (process status) The process ID is in the PID column.

ps -Al. If you find that a process is stalled, find the process ID (number on the left below PID) ... kill -9 {process ID-without brackets]

Multimedia installation: Install these applications in this order, preferably using an automated installer such as yum, apt-get (preferably with synaptic GUI), or the urpmi mandrake installer: mplayer + components

• mplayer
• mplayer-plugin
• skins
• w32codecs
• xine
• xine-lib-devel
• realplayer
• flash

For specific installation details, see my earlier TechBuilder Recipe, Painless Multimedia on Linux. You'll have to do specific things--such as changing directory permissions, enabling DMA on the optical drive, etc.--connected with the different multimedia components after installation.

The installation instructions for software components are yum-specific. They should be readily adaptable to apt-get or other software installers on other distros. The above programs / program component should be available for any major distribution.

To make a DVD-R recorder work in FC2:

Install K3b via yum: login as root.

yum install k3b

For more installation information, see my earlier TechBuilder Recipe, Back Up Linux Workstations--Without Tears. Running k3b as root, as the article recommended, is not necessary; you can safely kill the warning about not running as root. I tested this on my last backup cycle. However, if read-verify fails, comparing whatever you put onto the disk with the original file using cmp or diff functions is a good idea, as the disk may not be a coaster after all.

To do this from the terminal:

diff [path]/filename1.ext [path]/filename1.ext

If it simply returns to the prompt after a while without displaying, the files are identical.

Cameras: First, get to the gtkam GTK front-end for the gphoto application: Start > Graphics > Digital Camera Tool > Camera > Add Camera

You can find a list of cameras supported by FC2 here. If a camera isn't on the list don't support it. While many cameras do work with the generic setting, you are in no position to know whether any specific camera in advance without trying it.

If the camera is supported, then plug the camera and its cable into the USB port. Then open the camera software as above. After that, scroll down to the camera listing in the menu. Hit the Detect button.

If it works, you will see the make/model of your camera (or a similar one) in a new prompt next to a camera image. But if it says "Camera not detected," then it failed. Either way, hit the Close button.

If the system detected the camera, click the Apply button. You'll see a directory tree display on the left; above that, you'll see a "View Thumbnails" checkbox. It should be checked. Next, click the bottom of the directory tree, and the thumbnails should load into the computer and appear on the right. If you have problems, try the Help menu. If that doesn't give you an answer, you might try the gtkam page for more help.

You can also find instructions on how to make some (but not all) USB mass-storage cameras work at this Digital Camera Support for UNIX, Linux and BSD site.

There is a generic PTP setting that is supposed to cover cameras that use the standard image/data formats. But this doesn't work on everything. For example, I have two digital cameras--the Aiptek DV4100 and Vivitar 3350B--and neither works with gphoto. I was eventually able to get both working, but I had to use the "non-supported USB mass storage" procedure. Completely non-supported USB mass storage cameras can be made to work by bypassing the camera software. But the process is tedious. I don't recommend it as part of your ordinary customer support. Still, if you want to try this, you can find helpful information on this gtkam page.

Backup: I strongly recommend this option if a DVD burner isn't part of the standard package. The most suitable method for a home workstation is via drive mirror in a mobile rack. Unfortunately, due to the price structure of a low-cost appliance, this can't be made part of the standard bundle. However, low-cost archival/off-site storage via DVD-R is possible if a burner is provided in FC2.

To learn how to set this up, review my earlier TechBuilder Recipe, Back Up Linux Workstations--Without Tears. A script is provided in the article; just install it as directed, and put a user reminder in K-Alarm.

Note that the compressed backup files take up about half the space used on the hard disk used by the files one is backing up. For example, if you're backing up 20 GB of files, the backup will be about 10 GB, plus 4.7 GB of temporary buffer space for the burnable DVD .iso file.

Security

Firewall setup: FC2's default seems to work well enough. There's no real need for anything else.

Anti-virus: You can download an Linux anti-virus program that will handle Linux, *nix and Windows viruses from Frisk Software. This is probably best for users running Win4Lin or other Windows emulations on top of Linux. Viruses for *nix will generally have to run in user space instead of as root. Also, the relatively small population of Linux users means Linux workstations are much less attractive targets for hackers than Windows. Still, it's better to be safe than sorry. (Though FWIW, the need for a Linux anti-virus is highly controversial in the open-source community, and most users don't bother.)

The anti-virus update command is a single command line. You can update this and run it with anacron by creating a script in anacron. Cron is a program that keeps track of things the computer is supposed to do at specific intervals without user intervention, while anacron is a version that doesn't assume a computer is on 24x7 to do them.

Log in as root:

nano /etc/cron.daily/fprot-update.sh

#!/bin/sh /usr/local/f-prot/tools/check-updates.pl -cron -quiet

Control-X to exit and Y at the prompt to save. You have just created a script that will run daily.

chmod 0700 /etc/cron.daily/fprot-update.sh

This sets file permissions to make it possible for the script to execute.

This will check for new virus signatures daily and send e-mail to root if there is a problem.

f-prot -disinf -auto

Tell the user to run this (as user) overnight, and to do so about once a week. Should the state of Linux viruses ever warrant daily scans, use K-Alarm (see below) to set a reminder. You can put the above command directly in the alert, then tell the user to cut-and-paste directly into the terminal window.

chkrootkit: This tests for the presence of malware that is essentially a Linux utility kit intended to remotely control a computer without the user's knowledge or consent. I recommend installing chkrootkit, but not enabling it. Then, if the user calls with a system problem, you can tell the user to run chkrootkit as part of the trouble-shooting process. You can find more information/docs at this chkrootkit site.

To install chkrootkit:

yum install chkrootkit

.

To run: as root,

chkrootkit

One last thing you will need is Kalarm, an excellent alarm-reminder program. Kalarm is part of the default FC2 installation, so find it in Start > Accessories > More Accessories > KAlarm. If you want to remind your users of any routine maintenance tasks, drag and drop the menu entry from the Start Menu into Startup (lower right on Desktop next to clock) so it'll run every time your user boots up. Create a new item per user task, and use the calendar set start date/time, and Recurrence on the second tab to determine how often to repeat it.

I use Kalarm for everything from reminding me when to run the monthly archive to DVD-R to telling me when to turn off the rice! It can be set to time/date, but it also has a "time interval from now" mode that's very useful. For example, you can set it to pop up in, say, 10 minutes.

Sidebar: Additional Resources

The Web is loaded with good FC2 resources. Here are some I can recommend:

• Red Hat's .
• The Fedora Core Project official support forum.
• FedoraFAQ.org provides good basic information on FedoraCore setup to supplement what's here.
• Fedora Core: News, information, and user forums where you can ask questions.
• Fedora Legacy offers long-term support of Fedora installations, including new security patches and bug fixes. Since FC2 (and any other Fedora Core distro) will reach end-of-life relatively quickly, this is important.
• FC2 Setup Notes: This provides information on how to do specific things with FC2 after installation that can't be found elsewhere without extensive research.
• You can get a summary of the most common Linux command-line commands here. I recommend printing this document for future reference.

This is Part Two of a two-part TechBuilder.org Recipe. Part One shows show how to build a basic Linux appliance.

A. LIZARD is an Internet consultant in the San Francisco Bay Area. He has been writing for technology magazines and Web sites since 1987.