Sed, Cut and Awk

Sed, Cut and Awk

-20th of January 2013

These are over simplified examples, which are good for getting started with an simple overview.
The commands are executed in the Linux shell or terminal, and exemplify common ways to parse data.

Usages of sed:

  • Example:
  • sed 's/<find>/<replacement>/<option>'

  • Showing /etc/passwd in tab delimited style instead of semicolon delimited style:
  • more /etc/passwd | sed 's/\:/\t/g'

  • Disabling all yum repos in /etc/yum.repos.list:
  • 						for i in /etc/yum.repos.d/*; do
    							cat $i | sed 's/enable=1/enabled=0/g' > $i

Usages of cut:

Issue the command 'man cut' for more information.
  • Filtering only the first and sixth field, and delimiting with two tabs:
  • more /etc/passwd | cut -d: -f1,6 | sed 's/\:/\t\t/g'
  • List how much free memory is on the system:
  • echo 'Free megabytes of memory:' `free -m | tr -s ' ' | sed '/^Mem/!d' | cut -d" " -f4`

Usages of awk:

Awk is more than a command, it borders to a programming language. Examples given here are only teasers.
  • Print all lines longer then 50 characters:
  • awk 'length($0) > 50' /etc/passwd
  • Print columns one and six using /etc/passwd and : as a delimiter, sum column 3 and 4:
  • awk -F":" '{print $1,$6 " - Sum of column 3 and 4, " $3 " + " $4 ": " $3 + $4}' /etc/passwd
  • Print all columns using stdin:
  • awk ' {print $0} '

Various relevant informational links:

Sources: Google, Høgskolen i Sør-Trøndelag.

Tagged as: LinuxCommands

NXServer Notes

Some Personal Notes on NXServer

-22th of February 2013

Some few notes on setting up NXServer. For those of you who do not know what NXServer is, it enables a Linux server to act as a graphical terminal server over SSH.

1. The server has to be able to communicate with If port 22 is not used for the SSH daemon on the server, then the port in question is the port that the SSH daemon listens to. This is configured in the config files under /usr/NX/etc
2. The user that connects to the NXServer has to be enabled for nx with the command nxserver --adduser, the setup is checked with the command nxserver --checkuser.
3. The NX binaries are placed under the path /usr/NX/bin


Tagged as: Linux

make targets - an overview

Make targets - an overview

-15th of August 2014

This short article aims to give a quick overview of several of the make targets in Linux that I have found useful to know, and what they do. Simple examples follow underneath the list of targets. From the man pages for the make command; "The purpose of the make utility is to determine automatically which pieces of a large program need to be recompiled, and issue the commands to recompile them."

Note: These targets are setup in the Makefile. The usage of these as shown below is what is the normal standard, but can deviate if the Makefile deviates.
  • binrpm-pkg - Builds the kernel as compiled binary.
  • rpm-pkg - Builds the kernel as rpm package.
  • deb-pkg - Builds the kernel for Debian only.
  • tar-pkg - Builds the kernel as uncompressed tarball.
  • rargz-pkg - Builds the kernel as gzip compressed tarball.
  • tarbz2-pkg - Builds the kernel as bzip2 compressed tarball.
  • dep - Make all dependencies. The command 'make dep' ensures all dependencies are in place.
  • modules - Compiles kernel modules.
  • modules_install - Installs modules for the kernel.
  • bzimage - Compiles and makes kernel as bzImage.
  • <none> - When compiling application sources, issuing make without a target will simply compile the sources. In kernel compilation, the make command without any target normally is the same as 'make bzimage' and 'make modules'.
  • install - Compiles and installs the application if we are compiling application sources. If compiling a kernel; creates a ramdisk, copies in kernel file to /boot and sets up that keeps tracks of pointers to functions in the kernel.
  • all - Is the same as 'make' without a make target (see description above) and then also make 'modules_install' if we are doing kernel compilation.
  • mrproper - Cleans up old configuration, temporary files, modules and module dependencies. Removes everything make config creates.
  • clean - Cleans up everything 'make all' created, but leaves the configuration if ./configure or 'make config' was run.
  • distclean - Cleans anything ./configure created.
  • oldconfig - Reads the existing .config file and prompts the user for options in the current kernel source that are not found in the file. This is useful when taking an existing configuration and moving it to a new kernel.
  • silentconfig - Works exactly the same way as oldconfig does, but it does not print anything to the screen, unless it needs to ask a question about a new configuration option.
  • config - Make configuration with text based user interaction. The options are prompted one after another. All options need to be answered, and out-of-order access to former options is not possible.
  • menuconfig - Make configuration with graphical menu (only text input). You can navigate through the menu and change the options you want.
  • xconfig - Make configuration with graphical menu using Qt4. Requires dev-qt/qtgui to be installed.
  • gconfig - Make configuration with graphical menu using GTK+. Requires x11-libs/gtk+, dev-libs/glib and gnome-base/libglade to be installed.

Compilation of application sources: Kernel Compilation:
make install
make menuconfig
make modules
make modules_install
make install

Various relevant informational links:

Sources: The whole of the World Wide Web

Tagged as: LinuxCommands

Software RAID - Howto

Software RAID - Howto

-15th of August 2011

This short article describes how to set up an software RAID in Linux. The command that we will use is:
   # mdadm [mode] raid-device [options] component-devices

1. To build a mirrored RAID 1, we will issue for instance this command:
   # mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdb1 /dev/sdc1

2. After this is done, you have to create a filesystem on the raid array:
   # mkfs -t ext4 /dev/md0

You can now mount the filesystem as you normally would(mount /dev/md0 /mnt/raidDisk or mount via /etc/fstab). Further more you can treat the RAID device as a normal disk, for instance using fdisk to subdivide the RAID further.

Source: LPIC-2 Study Guide. ISBN: 978-1-118-00015-1

Tagged as: LinuxHowTo

Router Setup - Howto

Router Setup - Howto

-17th of August 2011

When configuring Linux as an router, there are two main aspects to consider. Those are enabling the routing at the linux server and determining the routes between the networks. The routes between the networks describe what path to take, or where to send the network packets next to get the packets on their way to the destination. The routes between the networks are either manually configured static routes or dynamically configured. Static routes are configured by entering the route information in the terminal prompt manually. Dynamically configured routes are communicated between routers with a routing protocol such as RIP, OSPF, IGRP, EGRP, IS-IS or BGP. Applications used for configuring Linux to handle dynamic routing protocols as those mentioned are for example routed, gated and quagga. The advantage of dynamically configured routing is that dynamic changes in the network will not bring a network path between two points down as logn as other paths exist. If a path is broken, another route will be communicated between the routers by using the routing protocol. Another tool used in routing is the iptables firewall often used in the Linux system. With this firewall you can control traffic as it flows through the router, denying or allowing it, re-routing it, manipulating it in other ways or NAT'ing it.

The following steps describe the enabling of routing for forwarding network packets in Linux:
># echo "1" > /proc/sys/net/ipv4/ip_forward

However, after reboot, this setting will be reset and forwarding turned off again.
In most systems this setting can be set permanently by editing /etc/sysctl.conf, where the line to be added should be:

The configuration is then loaded into the running system by the terminal command:
># sysctl -p.

Listing and adding static routes:
># route

Kernel IP routing table

># route add -net netmask gw dev eth2
># route

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface UG 0 0 0 eth2 * U 0 0 0 eth1 * U 0 0 0 eth2 * U 0 0 0 tap0
default UG 0 0 0 eth1

Examples of iptables:
The following makes sure that nothing on port 22(usually SSH) gets more than 4 attempts to connect to the port every 60 seconds. This prevents, or at least hinders, brute force attacks.

iptables -N SSH_CHECK
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK
iptables -A SSH_CHECK -m recent --set --name SSH
iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP

Source: LPIC-2 Study Guide. ISBN: 978-1-118-00015-1

Tagged as: LinuxRoutersHowTo

Copying Windows 7 to a new drive, using Linux

Copying Windows 7 to a new drive, using Linux

-26th of December 2014

Blog article coming..

Awaiting update..
dd if=/dev/sda of=/dev/sdb bs=446 count=1

Source: Manual pages

Tagged as: LinuxToolsHowTo

Netmap, Netcat, Nmap, Netstat and TCPDump

Netcat, Nmap, Netstat and TCPDump

-20th of December 2013


Netcat as a server to setup port for testing a network connection:
nc -w 600 -k -l 2389
Netcat will listen for 600 seconds(-w) and then stay up after the client disconnects(-k). The client will listen on port 2389.

To test the connection to the netcat server, you can use telnet from a different machine on the same network:
telnet -e p 2389
press p
type quit
press enter

We can also test the connection with netcat as a client:
nc 2389

Send a file over with netcat using udp(-u):
>at the server: $ nc -u -l 2389 > outputfile
>at the client: cat testfile | nc -u localhost 2389

Netcat as a client via a gateway and spoofing its IP:
nc -s spoofed_ip -g <gateway> remote_host <port>
Note: Up to eight hop points may be specified using the -g flag.

Netcat as a port scanner:
nc -r -w1 -v -n -z 3305 – 3320
-r for random ports in range
-w1 for wait 1 second for a reply
-v for verbose output
-n for no name resolution
-z for send no data

Get all header replies from services listening on ports in range:
echo "" | nc -v -n -w1 3306 – 3307
Example reply: Host '' is not allowed to connect to this MySQL server

Netcat proxy to Google that sends responses on port 123456 back to client:
nc -l -p 12345 | nc 80 | nc -l -p 12346

Show a web page on port 80:
while true; do nc -l -p 80 -q 1 < error.html; done

Send a partition over the network with netcat:
Receiving side:
nc -l -p 9000 | dd of=/dev/sda

Sending side:
dd if=/dev/sda | nc 9000


#2 find what servers respond to ping

SYN scan with spoofed source addresses

Ping scan with a spoofed source address

TCP SYN Scan with OS detection

Scan port range 1-200 with version detection

  • NMAP Project Guide
  • NMAP Ping of Death
  • NMAP tricks #1
  • NMAP tricks #2


    NBTSCAN is the Linux version of NBTSTAT, and can
               handle ranges of addresses instead of just a single host.
    nbtscan -hv

    The tool will scan for netbios information on the host.

  • More NBTSCAN examples


    List all open ports with netstat

    All open ports, numeric with network timers

    Click and see titles under for descriptions

    Click and see titles under for descriptions

  • netstat -au or netstat -at
  • netstat -lt or netstat -lu
  • netstat -st
  • netstat -su
  • Microsofts Netstat
  • Linux and Unix Netstat
  • More Netstat
  • Netstat MAN Pages


    Source: Manual pages

    Tagged as: LinuxCommandsNetwork

    Expand logical volume - LVM

    LVM - How to expand a logical volume

    -18th of October 2013

    This article will briefly describe how to expand a logical volume that is part of a LVM.

    Note: ># represents the command prompt and is not actually a part of the commands shown below:
    Before we start the following needs to be summarized:
       a. A partition on a disk is made a 'Physical Volume.'
       b. This 'Physical Volume.' will then be added to a 'Volume Group.'
       c. In the end we have a 'Logical Volume' that the 'Volume Group' is a part of, and that is mounted to the file system.
    This howto can be performed on most Linux distributions. It will have to be done by issuing the commands in order on a terminal command prompt. You will most likely need root privileges, either by sudo or by logging in as root. How to use the terminal, sudo or login as root will not be explained here. For extending swap space, use the guide below and see here.
    So here we go:
       1. Add the disk to the physical computer or virtual machine(if that is the case).
       2. Boot the machine. Some say a rescan will be enough, I had to boot.
       3. List the disk with: fdisk -l
    Disk /dev/sdc: 8589 MB, 8589934592 bytes
    255 heads, 63 sectors/track, 1044 cylinders
    Units = cylinders of 16065 * 512 = 8225280 bytes
    Sector size (logical/physical): 512 bytes / 512 bytes
    I/O size (minimum/optimal): 512 bytes / 512 bytes
    Disk identifier: 0x00000000
       4. Make a partition on this disk:
       # fdisk /dev/sdc
    > Then press 'n' to add a new partition.
    > Then press 't' change the partition type. Choose 8e(Linux LVM).
    > Then press 'w' to write the partition table.

       5. List the disk again with: fdisk -l
    Disk /dev/sdc: 8589 MB, 8589934592 bytes
    255 heads, 63 sectors/track, 1044 cylinders
    Units = cylinders of 16065 * 512 = 8225280 bytes
    Sector size (logical/physical): 512 bytes / 512 bytes
    I/O size (minimum/optimal): 512 bytes / 512 bytes
    Disk identifier: 0xa0d940fd

    Device Boot   Start   End   Blocks   Id   System
    /dev/sdc1   1   1044   8385898+   8e   Linux LVM
       6. Make a Physical Volume out of /dev/sdc1:
       # pvcreate /dev/sdc1
       After this is done, I would want to know what Volume Group to place my Physical Volume. To find that, I would start by finding the name of the Logical Volume that is mounted on the filesystem, and see what Volume Group it is using. In my case the mount point /mnt/syslogs is full, so I type mount in the console to get a list of mounts on the filesystem and see what is mounted on /mnt/syslog:
       /dev/mapper/vgLogDisks-lvSysLogs on /mnt/syslogs type ext4 (rw)
    From this I know that the Logical Volume I am looking for is 'lvSysLogs.' I will then use the command lvdisplay to list information about logical volumes on the system. By this I find '/dev/vgLogDisks/lvSysLogs', with:
       VG Name    vgLogDisks

    I can verify the existence of this group by using the command vgdisplay.

       7. I will add our Physical Volume to vgLogDisks judging by the information above:
    # vgextend vgLogDisks /dev/sdc1
    Volume group "vgLogDisks" successfully extended
       8. Our Logical Volume that makes out /mnt/syslog is still no larger despite its Volume Group getting a new disk. We therefore ectend our Logical Volume by the new disk:
    # lvextend /dev/vgLogDisks/lvSysLogs /dev/sdc1
    Extending logical volume lvSysLogs to 17.99 GiB
    Logical volume lvSysLogs successfully resized
       9. After this is done it is time to extend the filesystem to fit the Logical Volume:
    # resize2fs /dev/vgLogDisks/lvSysLogs
    resize2fs 1.41.12 (17-May-2010)
    Filesystem at /dev/vgLogDisks/lvSysLogs is mounted on /mnt/syslogs; on-line resizing required
    old desc_blocks = 1, new_desc_blocks = 2
    Performing an on-line resize of /dev/vgLogDisks/lvSysLogs to 4715520 (4k) blocks.
    The filesystem on /dev/vgLogDisks/lvSysLogs is now 4715520 blocks long.
       10. Finally, we verify that the disk has all its new space:
    # df
    Filesystem    1K-blocks    Used    Available    Use%    Mounted on
    /dev/mapper/vgSystem-lvRoot    10014648    1967016    7538912    21%    /
    tmpfs    1962520    0    1962520    0%    /dev/shm
    /dev/sda1    297485    67833    214292    25%    /boot
    /dev/mapper/vgSystem-lvLog    2064208    85584    1873768    5%    /var/log
    /dev/mapper/vgLogDisks-lvSysLogs    18565884    9709504    7913792    56%    /mnt/syslogs

    Sources: LPIC-2 Study Guide: ISBN: 978-1-118-00015-1

    Tagged as: LinuxHowToCommands

    How to convert IMG to ISO

    How to convert IMG to ISO

    -22nd of February 2013

    Thought I would share my notes on converting IMG files to ISO in Linux.

    Note: ># represents the command prompt and is not
    actually a part of the commands shown below:

    Option 1. >#ccd2iso file.img file.iso
    Option 2. >#mount -o loop <img file> <mountpoint>
       >#mkisofs -dvd-video -o <iso output file> <mountpoint>
       mkisofs is the same as genisoimage in Debian.
    Option 3. Just rename the img file to an iso file :)

    IMG and ISO file formats is usually a file image of a CD, DVD or BD. The entire contents of the disk is contained within the ISO or IMG file. With various tools, an ISO can be set to contain any set of files to later be used as a image for the creation of CD's, DVD's or such. Both the ISO and IMG files need to be mounted on a mountpoint or virtual drive to be read and used by the operating system. When mounted, they will act as a real CD, DVD or such to the operating system.

    Sources: No real sources

    Tagged as: LinuxHowToCommands

    Linux Firewalls

    Linux Firewalls

    -13th of January 2013

    When evaluating a network packet, the firewall will read header information in the packet for the corresponding layer in the OSI Model to evaluate this against the rules in a iptables chain. The iptables firewall is capable of handeling network information from all of the network layers, however it is not initially designed to do so. In the examples that will be given below, there will be explained usage of the iptables firewall in conjunction with MAC addresses(Data Link layer), IP addresses(Network layer), and TCP/UDP ports(Transport layer).

    When sending information over the network, the information is divided into packages that get encapsulated into protocols in the different layers of the OSI model. The packages are always divided into a size specified by the Maximum Transmission Unit(MTU) of the sending interface. Typically this size is 1500 bytes, but can be up to 9000 bytes and then called Jumbo Frames. If the package encounters equipment with a lower MTU than it was originally handeled by, the package will be further divided. Small packages create more protocol overhead but require less data to be re-transmitted if the package is lost. Thus a small MTU is preferable for a network that is in some sort less reliable. A large MTU requires less overhead and thus more information can be transmitted faster. A large MTU is a good choice for networks that experience low retransmissions and are considered fairly reliable.

    This protocol overhead that is added to the packages that are to be transmitted has various information essential for the receiving part, or essential for the equipment used to send the package on its way to the destination. This packet to be transferred typically starts its life at the application layer and traverses downwards to the physical layer where it is sent over the medium used for networking. A series of packages typically make up a whole piece of information that is to be received by the receiver, and is put together at the receiving end. When transmitting information with the IP protocol, it is possible to encapsulate it/transmit it over the TCP or UDP protocols on the Transport layer. Each of these represent two different transport mechanisms. TCP establishes a session with a three-way-handshake and ensures that all packages belonging to that session are tagged with sequence numbers and transmitted correctly over the wire. If packages are lost or mangled in the transport process, they are re-requested and re-transmitted. TCP also ensures that the receiver can put the packages together in the correct order. TCP does however have a higher overhead then UDP, wich is a stateless protocol. With UDP no attempt is made to establish a session, the packages are just put on the wire with a destination address hoping that the receiver will receive them and have the necessary applications to handle and interpret the information received. This method of package transmission demands less overhead and is a good choice for realtime communication that needs to arrive at its target fast, but not necessarily in the correct order or at all. Many popular network enhanced games use the UDP protocol when communicating over the network.
    The Linux iptables firewall consists of a set of chains with firewall rules that a network packet gets evaluated by in the order that the chains are set up. As illustrated on the picture to the right, a packet will traverse the PREROUTING chain before it is sent to either the INPUT chain or the FORWARD chain depending on if the packet is intended for this particular host, or if it needs to be forwarded to another network that the receiving host is connected to. To forward network traffic to other networks, the host needs to be configured as a router.

    Examples of iptable rules set by a script or via the terminal:
    1. iptables -A INPUT -p icmp -m icmp -m limit --limit 2/second -j ACCEPT
    2. iptables -A INPUT -i lo -s -j ACCEPT
    3. iptables -A INPUT -m mac --mac-source 00:20:b0:4b:6f:1b -j ACCEPT
    4. iptables -A INPUT -p tcp -i eth1 --dport 21 -j ACCEPT
    5. iptables -A INPUT -p tcp -i eth1 --dport 20 -j ACCEPT

    6. iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    7. iptables -A INPUT -m state --state INVALID -j DROP
    8. iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
    9. iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
    10. iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
    11. iptables -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP
    12. iptables -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP

    Explanation to the rules listed above:
    1. Limit the amount of ping packets(icmp) to the input chain to two per second, to avoid icmp flood attacks/DOS attack.
    2. Allow the loopback interface to communicate with the host. This is often required by several applications that might be running on the host.
    3. Allow sender with a specified mac source address to pass the INPUT chain. Note that mac addresses can be spoofed.
    4. Allow packets over the INPUT chain arriving at TCP port 21 to pass. Often required by FTP servers.
    5. Allow packets over the INPUT chain arriving at TCP port 20 to pass. Often required by FTP clients in active mode.
    6. Allow packets over the INPUT chain that are a part of a related or already established communication transaction.
    7. Drop packets that are considered invalid.
    8. If a packet is considered new and not a part of a already established TCP session, and the syn flag is not set, then drop it.
    9. If a packet has all the TCP flags set, it is considered invalid and dropped. TCP packets with all the flags set are suspected to be Christmastree packets.
    10. If no TCP flags are set on the TCP packet, it is considered invalid and dropped.
    11. ICMP(ping) packets that request address mask information are dropped.
    12. ICMP(ping) packets that request timestamp information are dropped.

    More information regarding various iptables rules that can be applied to iptable chains can be found at various sites on the internet and is recommended reading.

    The Linux iptables firewall is often used together with technologies like Snort, FWSnort and PSAD. Snort is generally used to monitor and log network traffic to alone form a Intrusion Detection System(IDS). However, when PSAD and FWSnort, or Snort is used together in conjunction with iptables, it forms an Intrusion Prevension System(IPS). A graphical interface to these systems can be set up with several GUI systems, like BASE or OSSIM.

    Better yet, the commandline interface that the iptables firewall has, makes it easily scriptable and thus tweakable through various script languages(e.g. Perl, BASH, Python). Iptables with its capabillities reaching alot further then mentioned here therefore gets to be a nerds dream in a tweakable Linux world.

    Sources: Linux Firewalls. ISBN: 978-1-59327-141-1
                  Drift av lokalnettverk. ISBN: 82-519-2075-2

    Tagged as: LinuxNetwork

    How to Setup BDscan

    How to Setup BDScan

    -22nd of February 2013

    Thought I would share my BDscan setup that I use on my Debian Linux computers.

    Note: ># represents the command prompt and is not actually a part of the commands shown below:
    1. First of all, set up your DEB repositories and install BDScan as is shown in the link.
    2. Get a free license for BDScan. The license will last a year, after which you have to get a new one.
    3. If you get an error stating segmentation fault when running BDScanner, execute the following line:
       >#cat /opt/BitDefender-scanner/var/lib/scan/versions.dat.* |awk '/{print $3}'|while read bdcore_so;do touch /opt/BitDefender-scanner/var/lib/scan/$bdcore_so;bdscan --update;ln -s /opt/BitDefender-scanner/var/lib/scan/$bdcore_so /opt/BitDefender-scanner/var/lib/scan/;done
    4. Set up a cron job that runs a scheduled job to scan your Linux system, as root:
       >#vi /etc/cron.weekly/run-bdscan
    5. Paste in the code in the box below and give root execute permissions:
       >#chmod 744 /etc/cron.weekly/run-bdscan
    Note: you will have to change the paths below to paths that
    are relevant to your system.

    if [ -f /mnt/SDD1/bdscan.log ]; then
       rm /mnt/SDD1/bdscan.log

    bdscan --update
    bdscan --action=disinfect --log=/mnt/SDD1/bdscan.log /mnt/SDB2
    bdscan --action=disinfect --log=/mnt/SDD1/bdscan.log /mnt/SDC1
    bdscan --action=disinfect --log=/mnt/SDD1/bdscan.log /mnt/SDD1

    if [ -f /mnt/SDD1/bdscan.log ]; then
       grep infected /mnt/SDD1/bdscan.log >> /mnt/SDD1/infected.log
       rm /mnt/SDD1/bdscan.log
    Several other options also exists when seting up a BitDefender scan in Linux. Consult the man pages for information:
    >#man bdscan

    bdscan [--action= disinfect | quarantine | delete | ignore] [--no-archive] [--no-mail] [--no-pack] [--no-recursive] [--follow-link] [--recur sive-level=level] [--archive-level=level] [--ext[=ext1:ext2]] [--exclude-ext[=ext1:ext2]] [--suspect-copy] [--suspect-move] [--quarantine=quaran tine_path] [--conf-file=conf_file] [--log[=file.log]] [--log-overwrite] [--no-list] [--no-warnings] [--verbose] [--update] [--virus-list] [--info] [--version] [--help] [--encode=password] path-to-scan

    In adition to this information, more can be found at the vendors website.

    Sources: No real sources

    Tagged as: LinuxHowToTools

    Half-Life Dedicated Linux Server - Howto

    Half-Life Dedicated Linux Server - Howto

    -27th of January 2013

    This short article describes how to set up an Half-Life Dedicated Server in Linux. I had trouble finding a full up to date guide on the internet, so I decided making one. I have experienced that others are better at finding these guides then I am. Nonetheless, the steps are written below.

    Note: ># represents the command prompt and is not actually a part of the commands shown below:
    Steps 1, 3, 4 and 5 may be skipped.
    • 1) Download the Half-Life Dedicated Server for Linux. Download it to /tmp
    • 2) As root execute:
         >#adduser hlds
    • 3) As root execute:
         >#cd /tmp && tar -xvf hlds_l_3111_full.tar.gz && chmod u+r hlds_l_3111_full.bin && ./hlds_l_3111_full.bin
    • 4) Accept and continue when prompted.
    • 5) As root execute:
         >#cp -R /tmp/hlds_l /home/hlds && chown -R hlds:users /home/hlds
    • 6) As user hlds, execute:
         >#export LD_LIBRARY_PATH=/home/hlds/:$LD_LIBRARY_PATH
         This line should also be added to /home/hlds/.bashrc
    • 7) As user hlds, execute:
         >#cd ~ && wget && chmod +x hldsupdatetool.bin && ./hldsupdatetool.bin
    • 8) Accept and continue when prompted.
    • 9) As user hlds, execute and follow the instructions:
         >#./steam -command update -game valve -dir . -verify_all
    • 10) As user hlds, start the server by executing:
         >#./hlds_run -game valve +ip youriphere +maxplayers 26 +map mapnamehere +coop 0 +deathmatch 1 +mp_timelimit 25 +mp_weaponstay 0

    For more information, check the readme files that now are placed under /home/hlds. The file server.cfg under the valve folder should be updated before running the game. To set up a server with good performance, update server.cfg in accordance to this article. Finding a map name and your ip address(command 'ifconfig' as root or 'sudo ifconfig' on some systems) to use is not described in detail here. If the server is not directly connected to the internet, then you need to ensure that the router or NAT device wich it is behind has opened and forwarded specific ports used by the Half-life server to host the game. This is not explained here. The Half-Life server can be run as a service using screen. Example of using screen to run something as a service can be found here. I would guess such a script could be rewritten for the purpose of running an Half-Life Server on Linux as a service. You could even run multiple servers on different ports! I might write such a script and publish it at When that is done, the script will be linked to from here and this article updated. The configuration for doing so is not included here, and running the game can be done with many other different options then mentioned in this article. Some can be foud at gamegate2k.

    Edit 10.02.2013: Script for starting HLDS as a service can now be found in the script blog.

    See also:
    Relevant links:

    Sources: Here and everywhere

    Tagged as: LinuxGames

    Main page
    VMWare Hyper-V
    Active Directory
    SQL 2008
    SQL 2016