Customizing SUSE Linux
December 19, 2008
Customizing SUSE Desktop Version 10 Service Pack 1
I am posting this here, as I find it useful to have reference to the setup now and again, when creating a setup for another person. It assumes a moderate amount of Linux knowledge, including shell use, running commands and directory navigation etc, and it may contain information that is beyond the beginner in Linux. If you wish any clarifying comments to be added, feel free to add a blog comment.
I make no claims about the SUSE Linux distribution apart from the fact that it has a lineage from Novell which I have used for a number of years professionally. I also like Debian, and for portability Slax which I have on a pendrive.
Ok, back to the article at hand. The customizations are designed to get a SUSE Linux distribution up and running with the following additions:
- Adding Microsoft Truetype Fonts
- Adding Additional YAST Installation Sources
- ATI Video Driver Update
- W32 Codecs
- Disabling Zenworks Synchronization
- Installing and Configuring Mplayer
- Installing and Configuring The Squid Proxy Cache
- Generating a Self Signed Certificate for Use with Firefox and Thunderbird
Adding Microsoft TrueType Fonts
Copy the TrueType fonts from your C:\Windows\Fonts directory
(just select the .TTF extension files)
Paste them in:
/usr/X11R6/lib/X11/fonts/truetype
Start up a root console session, and type the following command:
SuSEconfig -module fonts <enter>
(<enter> means hit the keyboard ‘Enter’ key, it is case sensitive)
If you wish have the fonts immediately available in the current session type:
xset fp rehash <enter>
You will now have access to the truetype fonts you have copied over, and they should be available in Firefox and OpenOffice.
Adding Additional YAST Installation Sources
Start up YAST, and add the following package source:
Type:
HTTP
Server Name:
packman.unixheads.com
Directory:
/suse/10.1
Also, the following can be added:
download.opensuse.org/distribution/SL-10.1/non-oss-inst-source
download.opensuse.org/distribution/SL-10.1/inst-source
Click through all the Oks to apply your settings.
ATI Video Driver Update
You may have an ATI Graphics card, so to obtain the ATI Linux driver go to:
http://ati.amd.com/support/drivers/linux/linux-radeon.html
(current at this time, but all links subject to change!)
Once you have downloaed the file, you will need to add execute permissions, as it will need to be run from the command line.
You can run this command from the console:
chmod +x <filename> (where filename is the name of the downloaded binary file)
Or you can use Nautilus to add the executable permission to this file.
Once you have added the executable permission, execute the installer file as follows from a console prompt, in the directory where the file is stored (you may have to ‘cd’ or change directory to get to the files location):
./ati-driver-installer-8.40
(the version number will almost certainly be different, so replace the name with the name of the file you have downloaded, also don’t forget to add the ./ at the start, otherwise it will complain that the file is not there)
The installation process will commence, and should end without error.
So, you have now finished the installation process, and once installed, return to your console prompt, and type:
aticonfig
If the X Server fails to launch, try typing:
aticonfig –initial -f
Using W32 Codecs
It is common for distributions to be given out without any real codec support, therefore it may be difficult to play those DVD movies or other media files. Not much point in having a working Linux distro without any media playing capability, so you may wish to address this situation!
The codecs can be found searching YAST ‘w32′, and the codecs can be only installed via YAST after the packman installation source is added.
Install as per a normal program installation from YAST.
Disabling Zenworks Synchronization
There are some early issues with Zenworks synchronization, and you may find your session either seizing up, or just hanging with the Zenworks Synchronization which happens after a program install from YAST. To get around this behaviour, you may wish to disable it. If you are in a corporate environment, and are using Zenworks, then this will not be the answer for you!
run a console session, and type the following:
rczmd stop
Start YAST
Add a new catalog source:
Type:
ftp
Server Name:
Directory:
/pub/suse/update/10.1
Uncheck the ‘Synchronize with ZENworks‘ checkbox
click finish
Once the system has been successfully updated via YAST over the Internet, remove the zmd packages by typing the following at a console:
rpm -e zmd libzypp-zmd-backend sqlite-zmd rug zen-updater
Installing And Configuring Mplayer
Well, Mplayer is my current favourite in terms of media applications, so again, install via YAST.
You will almost certainly wish to view some of your DVDs, so to get DVDs To Play, go to the following website:
http://www.pctech101.com/dvd_playback.php
(current as of blog posting)
Download the following files:
libdvdcss-1.2.8-2.network.i386.rpm
libdvbpsi4-0.1.5-1.pm.1.i586.rpm
libxine1-1.1.0cvs-051002.i686.rpm
xine-mozilla-plugin-0.2-051004.i586.rpm
libmp4v2-1.4.1-3.i586.rpm
w32codec-0.52-1.i386.rpm
xvid-1.1.0-0.pm.4.i686.rpm
install all the packages with the following console command
rpm -Uvh <package name>
(where <package name> is the name of each package above)
(Some of the packages may not install, as they might already be installed, check for any errors on installation, and address these before continuing)
The packages will need to be installed as root, or su from the command line.
(to SU, precede any command line with the word ’su’ (superuser), and when prompted enter the root password)
Installing And Configuring The Squid Proxy Cache
Installing Squid is an optional extra, but where you have a number of PCs, Laptops, PDAs etc at home, you may wish to take advantage of Squids caching abilities. This can result in less information being downloaded from the Internet, but will of course depend on your surfing habits.
Check with YAST or Software Installation, to see if the package is installed. If not, install it. (search for Squid)
Once the package has successfully installed, you may wish to play around with the Squid configuration file. It is beyond the scope of this article to discuss that, but here is a sample squid.conf (working)
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src 192.168.x.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8
acl to_localnet dst 192.168.x.0/255.255.255.0
acl SSL_ports port 443 563
acl CONNECT method CONNECT
http_access allow manager localhost localnet
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.x.0/255.255.255.0
http_access allow our_networks
http_access allow localhost
http_access deny all
http_reply_access allow all
Note: You will need to alter any lines above which have: 192.168.x.0, as this is a n example subnet only! This should match your home, or business network setup. Most home networks will have something like: 192.168.1.0 with a subnet mask of 255.255.255.0
Also, the Squid.conf file usually contains a truck load of comments and explanatory text. This is useful when first setting it up, but if you wish to strip all those comments out, then use the following command:
cat /etc/squid/squid.conf | sed '/ *#/d; /^ *$/d' > newsquid.conf
This will take out all the comments, and leave you with a core squid.conf file. Of course you will need to overwrite the existing squid.conf with the newsquid.conf you have just created. I would suggest you copy the existing squid.conf file to a safe location, just in case you wish to have a look at the explanatory text in the future.
The configuration file can be found in the following directory:
/etc/squid/squid.conf
Use gedit or your favourite editor to edit the file, make sure that under the http_access section the following items are present:
acl our_networks src 192.168.x.0/255.255.255.0
http_access allow our_networks
http_access allow localhost
This can vary depending on your network subnet mask and setup, so check it out beforehand!
The default port that Squid runs on is 3128, however you may wish to run it on an alternate port. Just change the port number in your setting above, and make sure it does not clash with any existing port setup. You will also have to clear a hole in your firewall, if you have one setup, so that port 3128 traffic can come through to your host!
Once you have installed Squid, and modified your configuration to suit your purposes, you will need to initialize Squid.
To setup Squid for the first time, run a terminal session and type:
squid -z
This will setup the directories for squid to use.
Ok, if you are still running so far, with no errors, then you will want to try it out.
To run Squid:
/etc/init.d/squid start (other options are: |restart|stop|reload)
To check that Squid is running type the following in a console:
ps -aux |grep squid
This should show a Squid process running.
You will now want to use this on your PC, or even a number of PCs if you have a home network.
Open up your favourite browser, Firefox for example, and go to the following menus:
Edit/Preferences/Advanced/Network/Settings
Enter as the proxy: 192.168.x.x port 3128 where x.x is the current IP address for the server that is running Squid, for example: 192.168.1.1
If you are planning to run Squid long term, it is best to set the IP address for the server/PC network card manually, to avoid getting a different address each time. Most routers allow for IP address allocation based upon the mac address, or you can set it permanently yourself through YAST.
Once this information is entered, try browsing to a web page. If all is correct, you should see it come up. If not, check all the settings above.
You can view the Squid logfile, by running a terminal session, and changing directory to:
cd /var/log/squid
Then, to view the log contents on a continuous basis, type the following:
tail -f access.log
Note: This will show you a continuously updating Squid log, which may scroll quite quickly.
That’s about it for Squid, you can also enter the proxy settings on your other PCs if you have them, so they can take advantage of Squids caching abilities.
Generating a Self-Signed Certificate for Use With Firefox And Thunderbird
You may wish to have your emails signed by a self signed security certificate. There are many reasons to want to do this, and also some for not doing so! I wont go into that right now, but will explain how you can do so.
You will need to install ‘openssl’ via YAST, so do this if you haven’t already done so.
Once installed, enter the following in a root console:
openssl genrsa -des3 1024 > name.cert
openssl req -new -key ./name.cert -x509 -days 365 -out name.pem
openssl pkcs12 -export -out sscates.p12 -name “Your Name Personal Certificate” -inkey name.cert -in name.pem
Note: You will want to change ‘name’ above to your own name, jsmith for example, and also change the “Your Name Personal Certificate” to “John Smith Personal Certificate”, but obviously use your own name here!
This will create a name.p12 file, which can then be installed in Firefox. To install, run up Firefox, and go to the following menu:
Edit/Preferences/Advanced/Encryption
Press the ‘View Certificates‘ button.
Press the ‘Import‘ button
It can also be imported into Thunderbird in the same fashion.
Well, that is a fair amount of information for a blog entry, but if you have any constructive comments, or additions, then they are welcome.
