stevepedwards.com/DebianAdmin linux mint IT admin tips info

Post New Mint Install Tweaks Options

I assume you already have a Mint iso downloaded from www.linuxmint.com saved on a working system somewhere and have used the USB Image Writer on another Mint PC to create a USB install stick (it's quicker and more convenient via USB than DVD if your BIOS can boot to it); and installed Mint on your new target machine, and can login to the Desktop. It is a good idea to look at all of the Welcome options so you are aware of what you can change and add to your install to personalise and understand it, and what help is available – as for initial VGA problems below via Important Information - that you can web access on another PC if your new install has no GUI at all. You access terminals 1-8 with Ctrl-Alt-F1,2,3, etc. Also I found that using the down arrow at install countdown to choose Compatibility Mode gave less problems over many installs - then once at a working desktop, the first rounds of updates usually improves things greatly. Use ethernet NOT wifi at install if possible, in case your wifi is not supported well.

After a brand new install, there are a lot of initial steps you may wish to take to get your system set up as you like - or just base functional if you are hardware unlucky:

https://forums.linuxmint.com/viewtopic.php?t=198531

"Compatibility mode blacklists a wifi driver b43 (broadcom) because of some freezing problems, disables fast graphics mode switching, disables the advanced configuration and power interface and doesn't load the splash screen."

If you get any Desktop at all, or can only get a command prompt, get the Ubuntu drivers and choose an appropriate one for your make/model or if suggested:

sudo add-apt-repository ppa:graphics-drivers/ppa

 sudo apt-get update

Now try the Driver Manager in Menu/Admin:

Reboot to add the driver to the kernel.

Also try

apt search nvidia

apt-cache search nvidia

UPDATES: First, you need to update and upgrade the install, as v. 17.2 Rafaela now has many updates since initial release – new drivers may be the difference between a working GUI or not.

 sudo apt-get update

 sudo apt-get upgrade

Reading package lists... Done

374 to upgrade, 0 to newly install, 0 to remove and 3 not to upgrade.

Need to get 320 MB of archives.

After this operation, 74.5 MB of additional disk space will be used.

Do you want to continue? [Y/n]

Install the new package maintainer's files when asked also:

Y or I : install the package maintainer's version

This may get you a Cinnamon desktop as below on reboot.

download.png
“The open-source drivers present in Linux Mint do not support some of the NVIDIA cards very well. You might experience black screens, freezes or kernel panics.

The best way to solve the issue is to keep trying, until it eventually works [ME: Yeah right!! Just use hardware with a supported GPU! - unless you like a REAL tech challenge and lots of research!]. Once the system is installed:

  • Run the Driver Manager

  • Choose the NVIDIA drivers and wait for them to be installed

  • Reboot the computer

With these drivers the system should now be stable.

If you're using an Optimus card, you've nothing more to do. Upon reboot, a systray icon should show up indicating which GPU is currently active. Click on it to switch GPUs.

Note: If no matter how many times you try, you cannot boot or install with the open-source drivers, try one of the following solutions:

  • At the boot menu of the live DVD/USB, press Tab to edit the boot arguments and add "nomodeset" at the end of the line.

  • Remove "quiet splash --" from that same line.

  • Append "nouveau.noaccel=1" at the end of the line.”

(see my later /etc/default/grub edit below to understand how these options relate to the grub menu info above).

If your desktop shows "software rendering mode", try:

sudo apt-get install linux-firmware-nonfree nvidia-current

or for non nvidia cards with issues try:

sudo apt-get install nouveau-firmware intel-microcode amd64-microcode

First, for DVD/CD burn ops, Brasero is very buggy! It should never have been included in the main packages IMO - it has failed on me on many different systems/DVD/CD drives. Use k3b instead - hasn't failed me yet.

sudo apt remove brasero*

sudo apt-get install k3b

Most of this has been covered in earlier Posts, but this collates many personal tweaks as a single reference source, in an clearer, logical order.

Older ATI and nVidia cards can be very problematic if drivers were never created as you may be stuck with software rendering only (if that!), with a CPU use of 80% to compensate, so a really slow PC - system depending. Here's my 8 core dell490 with 20GB RAM and software rendering run from an external USB drive:

Still very usable with plenty of overhead left, but for a single core, small memory machine..God, with rendering, it may be slower than running Windows...!

Upgrading to newer GPUs (which are now supported very well overall) may be you only choice - but at as little as £15 for a 1GB PCIe on Ebay it's often worth it. Research linux driver support for that model.

Also, if you are new to linux AND hardware specs. then you can start learning about your system by studying the info in System Info profiler/HardInfo:

stevee@hpmint ~ $ inxi -Fxz

For security reasons, set a root password:

sudo passwd root
[sudo] password for stevee:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

For Raspian (Pi) security, you may want to remove the NO from NOPASSWD for user pi in the visudo file - see the next Post on Sudo users.

I like to control/access all my network PCs from my laptop via ssh, samba and x11vnc. The first requirement on the new install then, is ssh. Login to the new install locally, and:

sudo apt-get install ssh

Find it's IP address now also if you have DNS issues with your router and can't use the PC name.

ifconfig

eth0 Link encap:Ethernet HWaddr 00:18:f3:ad:cf:1c inet addr:192.168.1.7

Now you should have a ssh server running locally so cmd line remote access to your new PC name e.g.

ssh minimint

Login…

If you are in no rush, you may want to check your drive's general condition: temp, bad blocks and fragmentation, so could use:

sudo hddtemp /dev/sd*

/dev/sda: SAMSUNG HD160JJ/P: 38°C

sudo badblocks -vv /dev/sda

Checking blocks 0 to 156290903

Checking for bad blocks (read-only test): 0.00% done, 0:00 elapsed. (0/0/0 errdone

Pass completed, 0 bad blocks found. (0/0/0 errors)

sudo e4defrag /

Find hard drive ID info in the GUI file system /dev/disk folder and mouse hovering:

Run sensors-detect (press y to all) to find all possible types present in the hardware and have their modules loaded at boot (follow prompts):

sudo sensors-detect 

# sensors-detect revision 6170 (2013-05-20 21:25:22 +0200)

# System: HP Pavilion 061 RF778AA-ABU s7610.uk [0nx0104RE101CALCI00] This program will help you determine which kernel modules you need to load to use lm_sensors most effectively. It is generally safe and recommended to accept the default answers to all questions, unless you know what you're doing.

Some south bridges, CPUs or memory controllers contain embedded sensors.

Do you want to scan for them? This is totally safe. (YES/no):

Intel digital thermal sensor... Success!

Do you want to add these lines automatically to /etc/modules? (yes/NO)y

Successful!

You may want to run 'service kmod start'

sudo locale-gen --purge --no-archive
Generating locales...
en_AG.UTF-8... done
en_AU.UTF-8... done
en_BW.UTF-8... done
en_CA.UTF-8... done
en_DK.UTF-8... done
en_GB.UTF-8... done
.....Generation complete.

Locally you can check the SMART functions in Disks:

disks.png

The next step is about personalisation – give Mint better network behaviour and have Vim usable as my main command line editor - amongst other things. I don't use Thunderbird mail, so remove it:

sudo apt-get remove thunderbird* --purge

sudo apt-get install ssh nmap vim automake autoconf module-assistant x11vnc nbtscan locate libnss-winbind winbind g++ libcurl3 libssl0.9.8 chkrootkit rkhunter gparted testdisk hardinfo

*g++ is required for ddrescue zip package make install from gnu.org

*winbind and libs required for pinging/mounting Win/Lin PCs by name (not xxx.local) with /etc/nsswitch "wins" line.

Without this line and the winbind libs, Mint cannot determine network PC names if your router/dhcp server does not supply them by layer 3 networking e.g:

ping dellmint

ping: unknown host dellmint

*libcurl3 is required for google-chrome (no longer supported for 32 bit systems)

*libssl0.9.8 is required for cav antivirus

Once the updates and my extra personal options are installed, add the line to /etc/nsswitch for winbind et al:

sudo vi /etc/nsswitch.conf

hosts: files wins mdns4_minimal [NOTFOUND=return] dns

Once installed you can now ping by name:

ping dellmint

PING dellmint (192.168.1.4) 56(84) bytes of data.

64 bytes from 192.168.1.4: icmp_seq=1 ttl=64 time=0.097 ms

You can now ID net PCs using nbtscan:

nbtscan 192.168.1.0/24

Doing NBT name scan for addresses from 192.168.1.0/24

IP address NetBIOS Name Server User MAC address
------------------------------------------------------------------------------
192.168.1.16 AMD <server> AMD 00:00:00:00:00:00
192.168.1.5 HPMINT <server> HPMINT 00:00:00:00:00:00
192.168.1.4 PIREAR <server> PIREAR 00:00:00:00:00:00
192.168.1.3 PIGARAGE <server> PIGARAGE 00:00:00:00:00:00
192.168.1.8 PIGARDEN <server> PIGARDEN 00:00:00:00:00:00
192.168.1.7 PIFRONT <server> PIFRONT 00:00:00:00:00:00

This is also a good reference point to check for rootkits at a fresh install, and before installing CAV antivirus (if you want to – if you use Windows also, or have a BU drive with Win files on it, I suggest you do!) from : https://www.comodo.com/home/internet-security/antivirus-for-linux.php

See the CAV install Post for details: http://stevepedwards.com/DebianAdmin/linux-anti-virus-3-comodo-av/

sudo rkhunter -c

Rootkits checked : 307

Possible rootkits: 0

sudo chkrootkit

Note that these progs install a crontab schedule of their own so run regularly. Learn what other services do by looking in /etc/cron* e.g.:

ls /etc/cron.daily/

0anacron chkrootkit logrotate .placeholder apt cracklib-runtime man-db rkhunter aptitude dpkg mlocate samba bsdmainutils locate passwd upstart

Set your power button to shutdown immediately in case of lock up issues:

power.png

Now setup samba to allow remote file access/home dir sharing. For now, uncomment the homes section in /etc/samba/smb.conf and set 0770 perms on it so you can write to your file files remotely. The samba default for this new install is $print only, with no smbpassword access set yet:

download-1.png

Note that if you want to add, then access further user accounts remotely later, they have to have been logged into locally first to create the user's home files and folders – they don't exist else!!

Set the smbpassword for stevee (default install account):

sudo smbpasswd -a stevee

New SMB password:

Retype new SMB password:

Added user stevee.

Now you can login at the auth prompt.

Edit samba conf:

sudo vi /etc/samba/smb.conf

[homes]

comment = Home Directories

browseable = 1

# By default, the home directories are exported read-only. Change the

# next parameter to 'no' if you want to be able to write to them.

read only = 0

# File creation mask is set to 0700 for security reasons. If you want to

# create files with group=rw permissions, set next parameter to 0770.

create mask = 0770

# Directory creation mask is set to 0700 for security reasons. If you want to

# create dirs. with group=rw permissions, set next parameter to 0770.

directory mask = 0770

# By default, \\server\username shares can be connected to by anyone

# with access to the samba server.

# Un-comment the following parameter to make sure that only "username"

# can connect to \\server\username

# This might need tweaking when using external authentication schemes

valid users = %S

If you don't understand the critically important meanings of the permission numbers and their system security implications, the see here:

stevepedwards.com/DebianAdmin/tutuors-linux-mint-introduction-course-material-60/

sudo service samba restart

sudo service smbd restart

sudo service nmbd restart

smbd stop/waiting

smbd start/running, process 8692

Now you can access your home dir remotely:

download-2.png

If you now want to transfer files via rsync you can set a passwordless login at minimint for ssh. First generate ssh keys on the local PC:

ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/home/stevee/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/stevee/.ssh/id_rsa.

Your public key has been saved in /home/stevee/.ssh/id_rsa.pub.

The key fingerprint is:

1a:83:7a:bf:18:3f:d0:50:89:b1:f3:74:73:27:f7:3b stevee@AMD

The key's randomart image is:

+--[ RSA 2048]----+

This created a pub key hash file:

cat /home/stevee/.ssh/id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDA/y...

Now transfer that public key file to minimint:

ssh-copy-id -i ~/.ssh/id_rsa.pub minimint

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

stevee@minimint's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'minimint'"

and check to make sure that only the key(s) you wanted were added.

ssh minimint

Welcome to Linux Mint 17.2 Rafaela (GNU/Linux 3.16.0-38-generic i686)

Log out and test access for an rsync transfer to minimint with a dry-run (-n) - MAKE SURE it does what you want!:

rsync -e ssh --progress /home/stevee/Downloads/* stevee@minimint:/home/stevee/Downloads/ -vahn

sending incremental file list

RSYNCtest.txt

sent 75 bytes received 19 bytes 37.60 bytes/sec

total size is 0 speedup is 0.00 (DRY RUN)

Install google chrome browser from DL'd .deb file.

sudo dpkg -i Downloads/google-chrome-stable_current_amd64.deb

Setup a crontab to rsync backup the home dir at 9pm every day to a USB backup drive you have write perms to e.g.:

crontab -e

# m h dom mon dow command

00 21 * * * rsync /home/stevee/* /Quadra/stevee/ --delete-excluded -a

Note the -vhr (recursive/verbose/human readable sizes) is removed from the crontab version to prevent the output being needlessly sent to a log file or your user mail, as you won't be watching this one! 

Now may be a good time to reboot and start fresh with the new setup.

sudo reboot

You may notice that on reboot there is no feedback dmesg info showing – I think it's good to know any failures showing during boot and have an auto recovery menu option shown – a blank screen is just Microsoft obfuscation methodology – NOT COOL! - linux folk WANT to know what is happening - change the grub defaults to:

sudo vi /etc/default/grub

GRUB_DEFAULT=0

#GRUB_HIDDEN_TIMEOUT=0

GRUB_HIDDEN_TIMEOUT_QUIET=true

GRUB_TIMEOUT=10

GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`

GRUB_CMDLINE_LINUX_DEFAULT=""

GRUB_CMDLINE_LINUX=""

sudo update-grub2

Next reboot you will see load info, not a blank screen or Mint logo. 

Now may be a good time to reboot and start fresh with the new setup.

sudo reboot

If you have an external/networked backup drive, look on the Notepad page for setting up rsync aliases so you can efficiently back up your home directory whenever you wish, or periodically via a crontab.

At this point, with a lot of updates installed and a few personal tweaks done, it may be a good idea to back up as much of your directory structure to another drive as you can. It is not possible to backup all of them exactly from a running system as some are dynamic processes in /proc and /sys so will lock up if tried e.g.

‘/proc/kmsg’ -> ‘/500GB/BURoot/proc/kmsg’

‘/sys/kernel/debug/hid/0003:046D:C018.0003/events’ -> ‘/500GB/BURoot/sys/kernel/debug/hid/0003:046D:C018.0003/events’

but the bulk of them can be, and should you have an accident, corruption, virus etc. then you may at least be able to restore key structures from this new working state and revive your machine without a full re-install. I have done this before from one machines directory's to another when a bad script slipped through the updates and prevented further updates from happening to fix the problem. Luckily I hadn't updated the 2nd machine yet to get the same bad script, so I could transfer directories from the working PC.

I suggest you recursively copy one directory at a time so you become a bit familiar with what types of files are in what, which are huge and which copy without locking and which don't (/proc; /sys). Say you have a large external drive /Quadra, then

sudo mkdir /Quadra/BURoot

or similar. My laptop has a 1TB drive, so as root I create /BURoot then copy (cp -vr) all these to BURoot e.g: 

sudo cp -vr /usr/ /BURoot/

bin home lib32 sbin vmlinuz 
boot initrd.img lib64 root srv usr
etc lib opt run var

You will get an insight into what resides in what dir, and how much stuff!

Once you understand that, in future you can do it in one go for all system dirs that don't have dynamic processes, wherever your BURoot is. Key folders that shouldn't cause cp  to fail are:

sudo cp -vr /bin/ /boot/ /cdrom/ /etc/ /home/ /initrd.img /lib* /media/ /mnt/ /opt/ /root /sbin/ /srv/ /usr/ /v*   /BURoot/

Due to the large amount of video data my home dir stores, I don't save this as a system folder in BURoot but as a separate backup, so don't include this usually. 

Keep that BU dir with root ownership to be clear who owns it, what it is for and to prevent users writing in to it e.g:

sudo chown root.root /Quadra/BURoot -R

now recursively copy as much of the / root dir structure you can, dir by dir, starting with /bin.

I future, you can update these files with rsync by excluding the directories you haven't copied above, eg. ALWAYS -n DRY RUN first to make sure it is doing what you want!!

sudo rsync --progress     /*   /BURoot/ --exclude={BURoot,cdrom,dev,home,proc,sys,tmp} -vahn

You may skip /home if you are backing that up separately already elsewhere.

If you try cp -vr /* it will fail at /proc so won't complete. This is why it is not easy to clone a working directory to another drive then boot to it and have it function correctly even if you manage to install grub and an MBR with the correct parameters. This backup is a precaution for a possible future garbled/deleted directory structure only. 

For complete system redundancy, create clones of this system drive on another PC using DD - see other DD Posts for info. You then have multiple boot drives on USB sticks or whatever medium you have spare should the main install drive fail - IF the whole install is smaller than the drive you are cloning to!  

sudo cp -vr /bin/ /Quadra/BURoot

‘/bin/date’ -> ‘/500GB/BURoot/bin/date’
‘/bin/cpio’ -> ‘/500GB/BURoot/bin/cpio’

Don't use rsync to try replace these directories as the default is to copy newer to older files, which these won't be in future!

However...what you could do... chroot into the BURoot directory and run apt-get update/upgrade from inside the BURoot which will update the apt DB within this file structure, then these files may be slightly newer by modification time than the main files (but I have to check this), so would then copy across using rsync, replacing any duff directories...

If the PC is non functional in the first place, which is why you would need to replace folders, then you would have to move both drives to any another linux PC and chroot into it from there then replace the broken dirs...but if you just DD clone the system as stated above, it's easier all round in the first place.

This exercise helps you understand the file system a bit more.

Comments are closed.

Post Navigation