Monday, December 31, 2012

Enable Policy route option in fortiOS 5.0





config system global 
  set gui-dynamic-routing enable 
end

100 Keyboard Shortcuts must read

More than 100 Keyboard Shortcuts must read
Keyboard Shorcuts (Microsoft Windows)

1. CTRL+C (Copy)
2. CTRL+X (Cut)
3. CTRL+V (Paste)
4. CTRL+Z (Undo)
5. DELETE (Delete)
6. SHIFT+DELETE (Delete the selected item permanently without placing the item in the Recycle Bin)
7. CTRL while dragging an item (Copy the selected item)
8. CTRL+SHIFT while dragging an item (Create a shortcut to the selected item)
9. F2 key (Rename the selected item)
10. CTRL+RIGHT ARROW (Move the insertion point to the beginning of the next word)
11. CTRL+LEFT ARROW (Move the insertion point to the beginning of the previous word)
12. CTRL+DOWN ARROW (Move the insertion point to the beginning of the next paragraph)
13. CTRL+UP ARROW (Move the insertion point to the beginning of the previous paragraph)
14. CTRL+SHIFT with any of the arrow keys (Highlight a block of text)
SHIFT with any of the arrow keys (Select more than one item in a window or on the desktop, or select text in a document)
15. CTRL+A (Select all)
16. F3 key (Search for a file or a folder)
17. ALT+ENTER (View the properties for the selected item)
18. ALT+F4 (Close the active item, or quit theactive program)
19. ALT+ENTER (Display the properties of theselected object)
20. ALT+SPACEBAR (Open the shortcut menu for the active window)
21. CTRL+F4 (Close the active document in programs that enable you to have multiple documents opensimultaneou sly)
22. ALT+TAB (Switch between the open items)
23. ALT+ESC (Cycle through items in the order that they had been opened)
24. F6 key (Cycle through the screen elements in a window or on the desktop)
25. F4 key (Display the Address bar list in MyComputer or Windows Explorer)
26. SHIFT+F10 (Display the shortcut menu for the selected item)
27. ALT+SPACEBAR (Display the System menu for the active window)
28. CTRL+ESC (Display the Start menu)
29. ALT+Underlined letter in a menu name (Display the corresponding menu) Underlined letter in a command name on anopen menu (Perform the corresponding command)
30. F10 key (Activate the menu bar in the active program)
31. RIGHT ARROW (Open the next menu to the right, or open a submenu)
32. LEFT ARROW (Open the next menu to the left, or close a submenu)
33. F5 key (Update the active window)
34. BACKSPACE (View the folder onelevel up in My Computer or Windows Explorer)
35. ESC (Cancel the current task)
36. SHIFT when you insert a CD-ROMinto the CD-ROM drive (Prevent the CD-ROM from automatically playing)
Dialog Box - Keyboard Shortcuts
1. CTRL+TAB (Move forward through the tabs)
2. CTRL+SHIFT+TAB (Move backward through the tabs)
3. TAB (Move forward through the options)
4. SHIFT+TAB (Move backward through the options)
5. ALT+Underlined letter (Perform the corresponding command or select the corresponding option)
6. ENTER (Perform the command for the active option or button)
7. SPACEBAR (Select or clear the check box if the active option is a check box)
8. Arrow keys (Select a button if the active option is a group of option buttons)
9. F1 key (Display Help)
10. F4 key (Display the items in the active list)
11. BACKSPACE (Open a folder one level up if a folder is selected in the Save As or Open dialog box)
Microsoft Natural Keyboard Shortcuts
1. Windows Logo (Display or hide the Start menu)
2. Windows Logo+BREAK (Display the System Properties dialog box)
3. Windows Logo+D (Display the desktop)
4. Windows Logo+M (Minimize all of the windows)
5. Windows Logo+SHIFT+M (Restorethe minimized windows)
6. Windows Logo+E (Open My Computer)
7. Windows Logo+F (Search for a file or a folder)
8. CTRL+Windows Logo+F (Search for computers)
9. Windows Logo+F1 (Display Windows Help)
10. Windows Logo+ L (Lock the keyboard)
11. Windows Logo+R (Open the Run dialog box)
12. Windows Logo+U (Open Utility Manager)
13. Accessibility Keyboard Shortcuts
14. Right SHIFT for eight seconds (Switch FilterKeys either on or off)
15. Left ALT+left SHIFT+PRINT SCREEN (Switch High Contrast either on or off)
16. Left ALT+left SHIFT+NUM LOCK (Switch the MouseKeys either on or off)
17. SHIFT five times (Switch the StickyKeys either on or off)
18. NUM LOCK for five seconds (Switch the ToggleKeys either on or off)
19. Windows Logo +U (Open Utility Manager)
20. Windows Explorer Keyboard Shortcuts
21. END (Display the bottom of the active window)
22. HOME (Display the top of the active window)
23. NUM LOCK+Asterisk sign (*) (Display all ofthe subfolders that are under the selected folder)
24. NUM LOCK+Plus sign (+) (Display the contents of the selected folder)
25. NUM LOCK+Minus sign (-) (Collapse the selected folder)
26. LEFT ARROW (Collapse the current selection if it is expanded, or select the parent folder)
27. RIGHT ARROW (Display the current selection if it is collapsed, or select the first subfolder)
Shortcut Keys for Character Map
After you double-click a character on the grid of characters, you can move through the grid by using the keyboard shortcuts:
1. RIGHT ARROW (Move to the rightor to the beginning of the next line)
2. LEFT ARROW (Move to the left orto the endof the previous line)
3. UP ARROW (Move up one row)
4. DOWN ARROW (Move down one row)
5. PAGE UP (Move up one screen at a time)
6. PAGE DOWN (Move down one screen at a time)
7. HOME (Move to the beginning of the line)
8. END (Move to the end of the line)
9. CTRL+HOME (Move to the first character)
10. CTRL+END (Move to the last character)
11. SPACEBAR (Switch between Enlarged andNormal mode when a character is selected)
Microsoft Management Console (MMC)
Main Window Keyboard Shortcuts
1. CTRL+O (Open a saved console)
2. CTRL+N (Open a new console)
3. CTRL+S (Save the open console)
4. CTRL+M (Add or remove a console item)
5. CTRL+W (Open a new window)
6. F5 key (Update the content of all console windows)
7. ALT+SPACEBAR (Display the MMC window menu)
8. ALT+F4 (Close the console)
9. ALT+A (Display the Action menu)
10. ALT+V (Display the View menu)
11. ALT+F (Display the File menu)
12. ALT+O (Display the Favorites menu)
MMC Console Window Keyboard Shortcuts
1. CTRL+P (Print the current page or active pane)
2. ALT+Minus sign (-) (Display the window menu for the active console window)
3. SHIFT+F10 (Display the Action shortcut menu for the selected item)
4. F1 key (Open the Help topic, if any, for the selected item)
5. F5 key (Update the content of all console windows)
6. CTRL+F10 (Maximize the active console window)
7. CTRL+F5 (Restore the active console window)
8. ALT+ENTER (Display the Properties dialog box, if any, for theselected item)
9. F2 key (Rename the selected item)
10. CTRL+F4 (Close the active console window. When a console has only one console window, this shortcut closes the console)
Remote Desktop Connection Navigation
1. CTRL+ALT+END (Open the Microsoft Windows NT Security dialog box)
2. ALT+PAGE UP (Switch between programs from left to right)
3. ALT+PAGE DOWN (Switch between programs from right to left)
4. ALT+INSERT (Cycle through the programs in most recently used order)
5. ALT+HOME (Display the Start menu)
6. CTRL+ALT+BREAK (Switch the client computer between a window and a full screen)
7. ALT+DELETE (Display the Windows menu)
8. CTRL+ALT+Minus sign (-) (Place a snapshot of the active window in the client on the Terminal server clipboard and provide the same functionality as pressing PRINT SCREEN on a local computer.)
9. CTRL+ALT+Plus sign (+) (Place asnapshot of the entire client window area on the Terminal server clipboardand provide the same functionality aspressing ALT+PRINT SCREEN on a local computer.)
Microsoft Internet Explorer Keyboard Shortcuts
1. CTRL+B (Open the Organize Favorites dialog box)
2. CTRL+E (Open the Search bar)
3. CTRL+F (Start the Find utility)
4. CTRL+H (Open the History bar)
5. CTRL+I (Open the Favorites bar)
6. CTRL+L (Open the Open dialog box)
7. CTRL+N (Start another instance of the browser with the same Web address)
8. CTRL+O (Open the Open dialog box,the same as CTRL+L)
9. CTRL+P (Open the Print dialog ox)
10. CTRL+R (Update the current Web )

Wednesday, December 26, 2012

Enable log gui from fortianalyzer fortigate

Enable log gui from fortianalyzer

# config log gui
# set log-device memory
# end

# config log gui
# set log-device fortianalyzer
# end

How I run VLC as root Ubuntu (100 % works for all linux)





#sed -i 's/geteuid/getppid/g' `which vlc`




Scheduled administrator access fortigate 300c firewall

or additional security, you can limit administrator access to certain times, business days
for example. To do this, you need to create a firewall schedule and then assign the
schedule to the administrator.
You can create a firewall schedule in the web-based manager or the CLI. For more
information, refer to the documentation provided with your FortiGate unit.
To assign a schedule to an administrator, enter the following CLI commands:


config system admin
edit <admin-name>
set schedule <schedule-name>
end



where <admin-name> is the name of the administrator account and <schedule-name>
is the name of the firewall schedule.

Administrator account lockout settings fortigate 300C firewall

By default, after three failed attempts to log on to an administrator account, the account
is locked out for one hour. The lockout applies only to the IP address from which the
failed attempts were made. The login name is logged. You can change the number of
logon attempts permitted and the length of the lockout using the following CLI
commands:


config system global
set admin-lockout-threshold <tries>
set admin-lockout-duration <seconds>
end 




where <tries> is permitted number of attempts, range 1 to 10 (default 3) and
<seconds> is the lockout duration in seconds, range 1 to 4,294,967,295 (default 60).

The Security Administrator can clear a lockout with the following CLI command:
execute clear system login-lockout <index>
Use a ? as the index to see the list of locked-out accounts.



User account lockout settings
Optionally, you can lock out a user’s account for a period of time after a number of
unsuccessful attempts to authenticate. You can configure this in the CLI using the
following commands:






config system global
set auth-lockout-threshold <tries>
set auth-lockout-duration <seconds>
end






where <tries> is permitted number of attempts, range 1 to 10 (default 3) and
<seconds> is the lockout duration in seconds, range 1 to 4,294,967,295, or 0 to disable
lockout. The default is 0.

Disable log memory in fortigate 300C firewall

config log memory setting
    set status disable
end

Tuesday, December 25, 2012

How to delete FortiGate log entries stored in memory or local disk fortigate 300C firewall

How to delete FortiGate log entries stored in memory or local disk.
It is assumed that memory or local disk logging is enabled on the FortiGate and other log options enabled (at Protection Profile level for example).

  • 1- Example to delete logs from local disk for only WEB Filtering entries (*):
FGT# execute log filter device 0

FGT# execute log filter category 3

FGT# execute log delete
This will delete webfilter log
Do you want to continue? (y/n)
y

  • 2- Example to delete logs from memory for only WEB Filtering entries (*):
FGT# execute log filter device 1

FGT# execute log filter category 3

FGT# execute log delete
This will delete webfilter log
Do you want to continue? (y/n)
y


  • 3- Example to delete all local logs ( memory and local disk ) :
FGT# execute log delete-all
This will delete all local logs
Do you want to continue? (y/n) y



(*)_Note : To get the device and category list, type the filter command without argument .

FGT# execute  log filter device
Available devices:
 0: disk
 1: memory
 2: faz
 4: fds

FGT# execute  log filter category
Available categories:
10: application control
 9: dlp
 6: content
 5: spam
 4: ids
 3: webfilter
 2: virus
 1: event
 0: traffic

Monday, December 24, 2012

Web filter service error: no correct FortiGuard information

go to
system > config > fortigaurd >
click on Web Filtering and Email Filtering Options
port selection
 use alternate port 8888

Wednesday, December 19, 2012

system running low resolution mode ubuntu 12.04


I have recently received a similar issue with my ubuntu 12.04.
Click Okay and then select the option to get a terminal. (alternatively you can press ctr+alt+f1 to bring up another tty)

#sudo chown lightdm:lightdm -R /var/lib/lightdm
#sudo chown avahi-autoipd:avahi-autoipd -R /var/lib/avahi-autoipd
#sudo chown colord:colord -R /var/lib/colord

reboot
These commands did the trick for me.

Tuesday, December 18, 2012

PXEInstallMultiDistro

This tutorial shows how to set up a PXE (short for pre-boot execution environment) install server with Ubuntu 9.10 (Karmic Koala).
A PXE install server allows your client computers to boot and install a Linux distribution over the network, without the need of burning Linux ISO images onto a CD/DVD, boot floppy images, etc. This is handy if your client computers don't have CD or floppy drives, or if you want to set up multiple computers at the same time (e.g. in a large enterprise), or simply because you want to save the money for the CDs/DVDs.
In this article I show how to configure a PXE server that allows you to boot multiple distributions: Ubuntu, Debian, Fedora, CentOS, and openSUSE.
The end result will be a network boot-able menu with sub-menus allowing you to choose an OS to install/boot:

Required
  • TFTP Server
  • Syslinux
  • DHCP Server
  • NFS Server
  • PXE capable NICs
Optional
  • Apache
  • Apt-mirror
  • BIND
If you intend on installing Ubuntu via PXE/HTTP, I highly recommend apt-mirror is installed to provide a local repository of Ubuntu packages and Apache is installed to serve those packages via HTTP.
BIND will allow the DHCP server to assign host names to the PXE clients. This article will not cover the installation and configuration of BIND, however to assign dynamic names to DHCP clients I have the following in my zone files:
Forward look-up zone file entry:
$GENERATE 100-200 dhcp-$        IN      A       10.10.1.$

Reverse look-up zone file entry:
$GENERATE 100-200 $             IN      PTR     dhcp-$.home.local.

Getting Started


Install Ubuntu 9.10 (Karmic Koala) on a system that you will use as the deployment server. I prefer a minimal install and then install required/optional packages as needed. Once your operating system is installed, update the system with the package manager of your choice.
#sudo apt-get update
#sudo apt-get dist-upgrade
#sudo apt-get clean 

These can be included in a single command: sudo apt-get update && sudo apt-get dist-upgrade && sudo apt-get clean (&& will run the next command only if the previous command succeeds)

Install prerequisite software


TFTP Server


#sudo apt-get -y install tftpd-hpa
#sudo /etc/init.d/openbsd-inetd stop
#sudo update-rc.d -f openbsd-inetd remove
#sudo sed -i s/no/yes/ /etc/default/tftpd-hpa
#sudo /etc/init.d/tftpd-hpa start

Ubuntu installs the openbsd-inetd pakcage when the tfpd-hpa package is installed. In our example we will simply run TFTP as a daemon and will always be listening for connections.
In the above code snippet:
  • tftpd-hpa was intsalled
  • The openbsd-inetd daemon was stopped
  • openbsd-inetd was removed from the startup scripts
  • /etc/defaul/tftpd-hpa was modified to allow tftpd-hpa to run as a daemon process
  • tftpd-hpa was started
Verify the TFTP server is listening for connections:
#ss -apu | grep tftp

Sample output:
UNCONN  0  0  *:tftp  *:*
 
 

DHCP Server


If your network does not have a DHCP server, install the Internet Software Consortium's DHCP server. With an existing DHCP server, you will need to modify the scope for your subnet to include the information allowing PXE clients to contact the TFTP server.
The scope of an existing DHCP server should be modified to reflect:
filename "pxelinux.0"; next-server 10.10.1.10;
I will assume no DHCP server exists. We will install and configure one.
#sudo apt-get -y install dhcp3-server
After installation the daemon will attempt to start, however, will fail since the default configuration file does not contain a valid DHCP scope for our subnet. The configuration file for dhcp3-server is /etc/dhcp3/dhcpd.conf. The file is well commented and easily modified to fit your subnet(s).
Example /etc/dhcp3/dhcpd.conf:
ddns-update-style none; option domain-name "home.local"; option domain-name-servers 10.10.1.10; default-lease-time 86400; max-lease-time 604800; option time-offset -18000; authoritative; log-facility local7; allow booting; allow bootp; subnet 10.10.1.0 netmask 255.255.255.0 { get-lease-hostnames on; use-host-decl-names on; range 10.10.1.100 10.10.1.200; option routers 10.10.1.1; option subnet-mask 255.255.255.0; option broadcast-address 10.10.1.255; filename "pxelinux.0"; next-server 10.10.1.10; } host shuttle { hardware ethernet 00:30:1b:ba:89:31; fixed-address 10.10.1.20; option routers 10.10.1.1; option subnet-mask 255.255.255.0; option broadcast-address 10.10.1.255; option host-name "shuttle"; filename "pxelinux.0"; option root-path "/home/shuttle"; next-server 10.10.1.10; } host nfsroot { hardware ethernet 08:00:27:bb:74:dd; fixed-address 10.10.1.30; option routers 10.10.1.1; option subnet-mask 255.255.255.0; option broadcast-address 10.10.1.255; option host-name "nfsroot"; filename "pxelinux.0"; option root-path "/home/nfsroot"; next-server 10.10.1.10; }
In the above configuration:
  1. Dynamic DNS Updates are disabled
  2. The DNS domain name is home.local
  3. The DNS server is 10.10.1.10 (this is also the TFTP and NFS server)
  4. The DHCP lease time is 1 day
  5. The log will include a time-offset of -18000 to more closely match the local time zone. The DHCP client leases can be viewed in /var/lib/dhcp3/dhcp.leases
  6. The DHCP server is authoritative for the network
  7. Booting is enabled, this does not imply PXE booting, however other documents will be written to support booting a file-system over NFS instead of a local disk.
  8. The DHCP scope of the subnet for 10.10.1.1 includes:
    1. A range of addresses to be assigned to DHCP client
    2. The location of the TFTP server
    3. The file to obtain from the DHCP server
  9. Various hosts are reserved IP addresses in order for them to always receive the same IP address via DHCP.
Start the DHCP server.
sudo /etc/init.d/dhcp3-server start
Verify the DHCP server is listening for client connections.
ss -apu | grep dhcpd Sample output: UNCONN 0 0 *:bootps *:* users:(("dhcpd3",...))

SYSLINUX


The SYSLINUX Project is a suite of lightweight boot-loaders, for starting up computers with the Linux kernel. It is the work of H. Peter Anvin, and consists of several separate systems, the best-known of which is ISOLINUX.
The PXELINUX bootstrap will be installed when syslinux is installed.
PXELINUX is used in conjunction with a PXE compliant ROM on a network card. The PXE environment uses DHCP or BOOTP to enable basic TCP/IP networking, then downloads a bootstrap program via TFTP. This bootstrap program loads and configures a kernel according to directives that are also downloaded from the TFTP server.
Typically, PXELINUX is used for Linux installations from a central network server or for booting disk-less workstations.
Install SYSLINUX.
sudo apt-get -y install syslinux
Copy the PXELINUX bootstrap to the root of our TFTP server.
sudo cp /usr/lib/syslinux/pxelinux.0 /var/lib/tftpboot
Configuration files for PXELINUX reside in directory /var/lib/tftpboot/pxelinux.cfg/. PXELINUX uses the following method to search for the appropriate configuration file:
  • The hardware type (using its ARP type code) and address, all in lower case hexadecimal with dash separators; for example, for an Ethernet (ARP type 1) with address 88:99:AA:BB:CC:DD it would search for the file-name 01-88-99-aa-bb-cc-dd.
  • The client IP address in upper case hexadecimal, e.g. 192.0.2.91 -> C000025B
  • Continousosly remove one hex digit from the hexadecimal IP address
  • A file named default
As an example, if the boot file name is pxelinux.0, the Ethernet MAC address is 88:99:AA:BB:CC:DD and the IP address 192.0.2.91, it will try following the files:
  • /var/lib/tftpboot/pxelinux.cfg/01-88-99-aa-bb-cc-dd
  • /var/lib/tftpboot/pxelinux.cfg/C000025B
  • /var/lib/tftpboot/pxelinux.cfg/C000025
  • /var/lib/tftpboot/pxelinux.cfg/C00002
  • /var/lib/tftpboot/pxelinux.cfg/C0000
  • /var/lib/tftpboot/pxelinux.cfg/C000
  • /var/lib/tftpboot/pxelinux.cfg/C00
  • /var/lib/tftpboot/pxelinux.cfg/C0
  • /var/lib/tftpboot/pxelinux.cfg/C
  • /var/lib/tftpboot/pxelinux.cfg/default
Create the PXELINUX default configuration file.
sudo touch /var/lib/tftpboot/pxelinux.cfg/default

NFS


There are two NFS servers for Ubuntu.
  1. nfs-user-server
  2. nfs-kernel-server
As the package name indicates, one runs in user space and the other in kernel space.
Install NFS.
sudo apt-get -y install nfs-kernel-server
The NFS server uses /etc/exports to identify what local directories are available to NFS clients.
We will be using /srv/install and the NFS export to store operating system files used for installation.
sudo mkdir /srv/install
Modify /etc/exports and make /srv/install available for our Linux installations.
Example /etc/exports:
/srv/install 10.10.1.0/24(ro,async,no_root_squash,no_subtree_check)
The above configuration will allow read-only access via NFS to /srv/install/ for clients on the 10.10.1.0 network.
Export our file system or restart the NFS server.
sudo exportfs -a or sudo /etc/init.d/nfs-kernel-server restart

Putting it All Together


We have installed:
  1. TFTP Server
  2. SYSLINUX
  3. NFS Server
  4. DHCP Server
Let's start our first install with Fedora 10 64-bit. You will need to make the kernel and initrd available via TFTP, and the installation media available via NFS.
Choose a directory structure that will allow you to maintain multiple distributions.
As an example:
To store the kernel and initrd:
/var/lib/tftpboot/fedora/12/i386 /var/lib/tftpboot/fedora/12/amd64 /var/lib/tftpboot/CentOS/5.4/amd64 /var/lib/tftpboot/CentOS/5.4/i386 /var/lib/tftpboot/Ubuntu/9.10/i386 /var/lib/tftpboot/Ubuntu/9.10/amd64 /var/lib/tftpboot/openSUSE/11.2/i386 /var/lib/tftpboot/openSUSE/11.2/amd64
To store the installation media:
/srv/install/fedora/12/i386 /srv/install/fedora/12/amd64 /srv/install/CentOS/5.4/amd64 /srv/install/CentOS/5.4/i386 /srv/install/Ubuntu/9.10/i386 /srv/install/Ubuntu/9.10/amd64 /srv/install/openSUSE/11.2/i386 /srv/install/openSUSE/11.2/amd64

Fedora


Create the directories to store Fedora 10.
sudo mkdir -p /var/lib/tftpboot/fedora/12/i386 sudo mkdir -p /var/lib/tftpboot/fedora/12/amd64 sudo mkdir -p /srv/install/fedora/12/i386 sudo mkdir -p /srv/install/fedora/12/amd64
Mount the Fedora 12 64-bit DVD ISO and copy the kernel and initrd to the previously created location.
sudo mkdir /mnt/loop sudo mount -o loop -t iso9660 /location/of/ISO/Fedora-12-x86_64-DVD.iso /mnt/loop sudo cp /mnt/loop/images/pxeboot/vmlinuz /var/lib/tftpboot/fedora/12/amd64 sudo cp /mnt/loop/images/pxeboot/initrd.img /var/lib/tftpboot/fedora/12/amd64 sudo cp -R /mnt/loop/* /srv/install/fedora/12/amd64 sudo umount /mnt/loop
Mount the Fedora 12 32-bit DVD ISO and copy the kernel and initrd to the previously created location.
sudo mkdir /mnt/loop sudo mount -o loop -t iso9660 /location/of/ISO/Fedora-12-i386-DVD.iso /mnt/loop sudo cp /mnt/loop/images/pxeboot/vmlinuz /var/lib/tftpboot/fedora/12/i386 sudo cp /mnt/loop/images/pxeboot/initrd.img /var/lib/tftpboot/fedora/12/i386 sudo cp -R /mnt/loop/* /srv/install/fedora/12/i386 sudo umount /mnt/loop
Many options exist for PXELINUX. You can have:
  1. No menu
  2. An abysmal black screen with text
  3. A menu
  4. An advanced menu that supports nested menus
  5. A graphical menu
Since we want a nice pretty menu that contains sub-menus and a background image, we will need vesamenu.c32 from the SYSLINUX installation and our background image. (logo.png)
sudo cp /usr/lib/syslinux/vesamenu.c32 /var/lib/tftpboot/ sudo cp /location/of/image/logo.png /var/lib/tftpboot/pxelinux.cfg/
Modify our PXELINUX configuration file.
Example /var/lib/tftpboot/pxelinux.cfg/default:
DEFAULT vesamenu.c32 TIMEOUT 600 ONTIMEOUT BootLocal PROMPT 0 MENU INCLUDE pxelinux.cfg/pxe.conf NOESCAPE 1 LABEL BootLocal localboot 0 TEXT HELP Boot to local hard disk ENDTEXT MENU BEGIN Ubuntu MENU TITLE Ubuntu LABEL Previous MENU LABEL Previous Menu TEXT HELP Return to previous menu ENDTEXT MENU EXIT MENU SEPARATOR MENU INCLUDE Ubuntu/Ubuntu.menu MENU END MENU BEGIN Redhat Enterprise Linux MENU TITLE Redhat Enterprise Linux LABEL Previous MENU LABEL Previous Menu TEXT HELP Return to previous menu ENDTEXT MENU EXIT MENU SEPARATOR MENU INCLUDE RHEL/RHEL.menu MENU END MENU BEGIN CentOS MENU TITLE CentOS LABEL Previous MENU LABEL Previous Menu TEXT HELP Return to previous menu ENDTEXT MENU EXIT MENU SEPARATOR MENU INCLUDE CentOS/CentOS.menu MENU END MENU BEGIN Fedora MENU TITLE Fedora LABEL Previous MENU LABEL Previous Menu TEXT HELP Return to previous menu ENDTEXT MENU EXIT MENU SEPARATOR MENU INCLUDE Fedora/Fedora.menu MENU END MENU BEGIN openSUSE MENU TITLE openSUSE LABEL Previous MENU LABEL Previous Menu TEXT HELP Return to previous menu ENDTEXT MENU EXIT MENU SEPARATOR MENU INCLUDE openSUSE/openSUSE.menu MENU END MENU BEGIN openFiler Storage Server MENU TITLE openFiler Storage Server LABEL Previous MENU LABEL Previous Menu TEXT HELP Return to previous menu ENDTEXT MENU EXIT MENU SEPARATOR MENU INCLUDE Openfiler/Openfiler.menu MENU END MENU BEGIN VMware MENU TITLE VMware LABEL Previous MENU LABEL Previous Menu TEXT HELP Return to previous menu ENDTEXT MENU EXIT MENU SEPARATOR MENU INCLUDE VMware/VMware.menu MENU END MENU BEGIN Tools and Utilities MENU TITLE Tools and Utilities LABEL Previous MENU LABEL Previous Menu TEXT HELP Return to previous menu ENDTEXT MENU EXIT MENU SEPARATOR MENU INCLUDE utilities/utilities.menu MENU END MENU BEGIN DOS Based MENU TITLE DOS Based LABEL Previous MENU LABEL Previous Menu TEXT HELP Return to previous menu ENDTEXT MENU EXIT MENU SEPARATOR MENU INCLUDE dos/dos.menu MENU END
An explantion of the example /var/lib/tftpboot/pxelinux.cfg/default:
  • DEFAULT vesamenu.c32 - We are informing PXELINUX to load this file. We could substitute a menu entry instead, or boot a kernel and initrd.
  • TIMEOUT 600 - 600 seconds will pass before action is taken on the users behalf if no keys are pressed
  • ONTIMEOUT - Indicates what action is performed when the TIMEOUT expires. In the above example, we are loading the menu item BootLocal. If after 5 minutes the user does not choose a menu item, the system will attempt to boot to a local hard disk.
  • PROMPT 0 - Will allow PXELINUX to prompt us for input
  • MENU INCLUDE pxelinux.cfg/pxe.conf - Load additional configuration options from another file. The can be included in the same file, however, I find it a neater look to the menu configuration to place some options in other files.
  • NOESCAPE 1 - Do not allow the user to escape out of the menu system.
  • MENU BEGIN - Start a new menu
  • MENU TITLE - Display title for menu
  • LABEL - Refer to this menu by label
  • MENU LABEL - Display title for label
  • TEXT HELP - Optional text displayed on screen when highlighted
  • ENDTEXT - End of optional text
  • MENU SEPARATOR - Inserts a blank non-selectable line
  • MENU INCLUDE - Include items from another file and create a menu from them. This is used to create the sub-menus
  • MENU END - End of a menu item
Example pxelinux.cfg/pxe.conf:
MENU TITLE PXE Server MENU BACKGROUND pxelinux.cfg/logo.png NOESCAPE 1 ALLOWOPTIONS 1 PROMPT 0 menu width 80 menu rows 14 MENU TABMSGROW 24 MENU MARGIN 10 menu color border 30;44 #ffffffff #00000000 std
The above pxe.conf file is configuring
  1. The colors used
  2. The width
  3. The number of items displayed
  4. The backgroud image
As we are using Fedora 10 as our first example operating system, the following is the Fedora menu.
Create the Fedora menu.
touch /var/lib/tftpboot/fedora/fedora.menu
Example /var/lib/tftpboot/fedora/fedora.menu:
LABEL 2 MENU LABEL Fedora 12 (64-bit) KERNEL fedora/12/amd64/vmlinuz APPEND method=nfs:10.10.1.10:/srv/install/fedora/12/amd64/ lang=us keymap=us ip=dhcp ksdevice=eth0 noipv6 initrd=fedora/12/amd64/initrd.img ramdisk_size=10000 TEXT HELP Install Fedora 12 (64-bit) ENDTEXT LABEL 1 MENU LABEL fedora 12 (32-bit) KERNEL fedora/12/i386/vmlinuz APPEND method=nfs:10.10.1.10:/srv/install/fedora/12/i386/ lang=us keymap=us ip=dhcp ksdevice=eth0 noipv6 initrd=fedora/12/i386/initrd.img ramdisk_size=10000 TEXT HELP Install Fedora 12 (32-bit) ENDTEXT
The above menu entry for Fedora 12 informs the client:
  1. Which kernel to load
  2. The location of the installation media
  3. The language used during the installation
  4. The keyboard map used during the installation
  5. Obtain an IP address using DHCP
  6. Use eth0 to install the operating system in case there are multiple NICs
  7. Disable IPv6
  8. Which initrd to use
  9. The ram disk size used during the install
This does not prevent every installation question from being asked. You will still be prompted for:
  1. Disk partitioning scheme
  2. Package selection
  3. User account information
  4. Etc.
You can completely automate the installation using a kickstart file, however, this article will not cover its usage.
When a client now boots via PXE, the client will:
  1. Request an IP address
  2. The server will assign an IP address and inform the client which bootloader to use i.e pxelinux.0.
  3. The Client will download pxelinux.0 via TFTP
  4. pxelinux.0 will load vesamenu.c32
  5. The graphical menu will be displayed on the screen.
  6. Once the user navigates to the Fedora menu and chooses the version to install:
    1. The kernel and initrd will be downloaded via TFTP
    2. Control will be handed over to the kernel
    3. Mount the NFS export and the installation process will begin.

openSUSE


Next, we will follow the same procedure and configure support for openSUSE to be installed.
Create the directories to store openSUSE 11.2.
sudo mkdir -p /var/lib/tftpboot/openSUSE/11.2/i386 sudo mkdir -p /var/lib/tftpboot/openSUSE/11.2/amd64 sudo mkdir -p /srv/install/openSUSE/11.2/i386 sudo mkdir -p /srv/install/openSUSE/11.2/amd64
Mount the openSUSE 11.2 64-bit DVD ISO and copy the kernel and initrd to the previously created location.
sudo mkdir /mnt/loop sudo mount -o loop -t iso9660 /location/of/ISO/openSUSE-11.2-DVD-x86_64.iso /mnt/loop sudo cp /mnt/loop/boot/x86_64/loader/linux /home/tftpboot/openSUSE/11.2/amd64 sudo cp /mnt/loop/boot/x86_64/loader/initrd /home/tftpboot/openSUSE/11.2/amd64 sudo cp -R /mnt/loop/* /srv/install/openSUSE/11.2/amd64 sudo umount /mnt/loop
Mount the openSUSE 11.2 32-bit DVD ISO and copy the kernel and initrd to the previously created location.
sudo mkdir /mnt/loop sudo mount -o loop -t iso9660 /location/of/ISO/openSUSE-11.2-DVD-i586.iso /mnt/loop sudo cp /mnt/loop/boot/i386/loader/linux /home/tftpboot/openSUSE/11.2/i386 sudo cp /mnt/loop/boot/i386/loader/initrd /home/tftpboot/openSUSE/11.2/i386 sudo cp -R /mnt/loop/* /srv/install/openSUSE/11.2/i386 sudo umount /mnt/loop
Create the openSUSE menu.
touch /var/lib/tftpboot/openSUSE/openSUSE.menu
Example /var/lib/tftpboot/openSUSE/openSUSE.menu
LABEL 2 MENU LABEL openSUSE 11.2 (64-bit) KERNEL openSUSE/11.2/amd64/linux APPEND initrd=openSUSE/11.2/amd64/initrd install=nfs://10.10.1.10/srv/install/openSUSE/11.2/amd64 splash=silent ramdisk_size=65535 vga=791 barrier=off TEXT HELP Install openSUSE 11.2 (64-bit) ENDTEXT LABEL 1 MENU LABEL openSUSE 11.2 (32-bit) KERNEL openSUSE/11.2/i386/linux APPEND initrd=openSUSE/11.2/i386/initrd install=nfs://10.10.1.10/srv/install/openSUSE/11.2/i386 splash=silent ramdisk_size=65535 vga=791 barrier=off TEXT HELP Install openSUSE 11.2 (32-bit) ENDTEXT
Once again, this does not prevent every installation question from being asked. This article does not cover automated installations for openSUSE.

CentOS


Again we will follow the same procedure and configure support for CentOS to be installed.
Create the directories to store CentOS 5.4.
sudo mkdir -p /var/lib/tftpboot/CentOS/5.4/i386 sudo mkdir -p /var/lib/tftpboot/CentOS/5.4/amd64 sudo mkdir -p /srv/install/CentOS/5.4/i386 sudo mkdir -p /srv/install/CentOS/5.4/amd64
Mount the CentOS 5.4 64-bit DVD ISO and copy the kernel and initrd to the previously created location.
sudo mkdir /mnt/loop sudo mount -o loop -t iso9660 /location/of/ISO/CentOS-5.4-x86_64-bin-DVD.iso /mnt/loop sudo cp /mnt/loop/images/pxeboot/vmlinuz /var/lib/tftpboot/CentOS/5.4/amd64 sudo cp /mnt/loop/images/pxeboot/initrd.img /var/lib/tftpboot/CentOS/5.4/amd64 sudo cp -R /mnt/loop/* /srv/install/CentOS/5.4/amd64 sudo umount /mnt/loop
Mount the CentOS 5.4 32-bit DVD ISO and copy the kernel and initrd to the previously created location.
sudo mkdir /mnt/loop sudo mount -o loop -t iso9660 /location/of/ISO/CentOS-5.4-i386-bin-DVD.iso /mnt/loop sudo cp /mnt/loop/images/pxeboot/vmlinuz /var/lib/tftpboot/CentOS/5.4/i386 sudo cp /mnt/loop/images/pxeboot/initrd.img /var/lib/tftpboot/CentOS/5.4/i386 sudo cp -R /mnt/loop/* /srv/install/CentOS/5.4/i386 sudo umount /mnt/loop
Create the CentOS menu.
touch /var/lib/tftpboot/CentOS/CentOS.menu
Example /var/lib/tftpboot/CentOS/CentOS.ment:
LABEL 2 MENU LABEL CentOS 5.4 (64-bit) KERNEL CentOS/5.4/amd64/vmlinuz APPEND method=nfs:10.10.1.10:/srv/install/CentOS/5.4/amd64/ lang=us keymap=us ip=dhcp ksdevice=eth0 noipv6 initrd=CentOS/5.4/amd64/initrd.img ramdisk_size=10000 TEXT HELP Install CentOS 5.4 (64-bit) ENDTEXT LABEL 1 MENU LABEL CentOS 5.4 (32-bit) KERNEL CentOS/5.4/i386/vmlinuz APPEND method=nfs:10.10.1.10:/srv/install/CentOS/5.4/i386/ lang=us keymap=us ip=dhcp ksdevice=eth0 noipv6 initrd=CentOS/5.4/i386/initrd.img ramdisk_size=10000 TEXT HELP Install CentOS 5.4 (32-bit) ENDTEXT

Ubuntu


We will now configure support for Ubuntu to be installed.
There are multiple methods to install Ubuntu over the network, however, we will simply boot the Ubuntu Live CD over the network.
For an unattended method for installing Ubuntu over the network, please reference AutomatedNodeDeployment.
Create the directories to store the Ubuntu 9.10 CD.
sudo mkdir -p /var/lib/tftpboot/Ubuntu/9.10/i386 sudo mkdir -p /var/lib/tftpboot/Ubuntu/9.10/amd64 sudo mkdir -p /srv/install/Ubuntu/9.10/i386 sudo mkdir -p /srv/install/Ubuntu/9.10/amd64
Mount the Ubuntu 9.10 Desktop 64-bit DVD ISO and copy the kernel and initrd to the previously created location.
sudo mkdir /mnt/loop sudo mount -o loop -t iso9660 /location/of/ISO/ubuntu-9.10-desktop-amd64.iso /mnt/loop sudo cp /mnt/loop/casper/vmlinuz /var/lib//tftpboot/ubuntu/9.10/amd64 sudo cp /mnt/loop/casper/initrd.lz /var/lib/tftpboot/ubuntu/9.10/amd64 sudo cp -R /mnt/loop/* /srv/install/ubuntu/9.10/amd64 sudo umount /mnt/loop
Mount the Ubuntu 9.10 Desktop 32-bit DVD ISO and copy the kernel and initrd to the previously created location.
sudo mkdir /mnt/loop sudo mount -o loop -t iso9660 /location/of/ISO/ubuntu-9.10-desktop-i386.iso /mnt/loop sudo cp /mnt/loop/casper/vmlinuz /var/lib//tftpboot/ubuntu/9.10/i386 sudo cp /mnt/loop/casper/initrd.lz /var/lib/tftpboot/ubuntu/9.10/i386 sudo cp -R /mnt/loop/* /srv/install/ubuntu/9.10/i386 sudo umount /mnt/loop
Create the Ubuntu menu.
touch /var/lib/tftpboot/Ubuntu/Ubuntu.menu
Example /var/lib/tftpboot/Ubuntu/Ubuntu.menu:
LABEL 2 MENU LABEL Ubuntu 9.10 (64-bit) KERNEL Ubuntu/9.10/amd64/vmlinuz APPEND boot=casper netboot=nfs nfsroot=10.10.1.10:/srv/install/Ubuntu/9.10/amd64 initrd=Ubuntu/9.10/amd64/initrd.lz TEXT HELP Boot the Ubuntu 9.10 64-bit DVD ENDTEXT LABEL 1 MENU LABEL Ubuntu 9.10 (32-bit) KERNEL Ubuntu/9.10/i386/vmlinuz APPEND boot=casper netboot=nfs nfsroot=10.10.1.10:/srv/install/Ubuntu/9.10/i386 initrd=Ubuntu/9.10/i386/initrd.lz TEXT HELP Boot the Ubuntu 9.10 32-bit DVD ENDTEXT
The boot process may appear to halt at "squashfs: version 3.3 (2007/10/31)Phillip Lougher".
Press Alt+Enter and the initialization will resume.

DOS


To support booting DOS via PXE, we will use MEMDISK.
MEMDISK is meant to allow booting legacy operating systems via PXE, and as a workaround for BIOSes where ISOLINUX image support doesn't work.
MEMDISK simulates a disk by claiming a chunk of high memory for the disk and a (very small - 2K typical) chunk of low (DOS) memory for the driver itself, then hooking the INT 13h (disk driver) and INT 15h (memory query) BIOS interrupts.
MEMDISK is an auxillary module used in conjunction with one of the SYSLINUX bootloaders, usually PXELINUX or ISOLINUX. You need a disk image as well as the memdisk file itself. As far as the bootloader is concerned, memdisk is the "kernel" and disk image is the initial ramdisk (initrd).
Copy the MEMDISK module to the root of your TFTP server.
sudo cp /usr/lib/syslinux/memdisk /var/lib/tftpboot
Create the directory to store DOS.
sudo mkdir -p /home/tftpboot/dos/6.22
Obtain a MS-DOS bootable floppy disk and create an image from the floppy.
sudo dd if=/dev/fd0 of=/home/tftpboot/dos/6.22/floppy.img
Create the DOS menu.
touch /var/lib/tftpboot/dos/dos.menu
Example /var/lib/tftpboot/dos/dos.menu:
LABEL 2 MENU LABEL MS-DOS Floppy Disk KERNEL memdisk APPEND initrd=dos/msdos622.img TEXT HELP Boot MS-DOS 6.22 ENDTEXT
The ability to boot DOS via PXE can be extremely useful. You can create a DOS based floppy to flash firmware, or run a multitude of tools.

Utilities


The last example in this article will be booting other utilities via PXE.
Darik's Boot and Nuke ("DBAN") is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.
Create the directories to store DBAN 2.0.
sudo mkdir -p /var/lib/tftpboot/utilities/DBAN/2.0/i386
Mount the DBAN 2.0 CD and copy the kernel to the previously created location.
sudo mount -o loop -t iso9660 /location/of/ISO/dban-beta.2006042900_i386.iso /mnt/loop sudo cp /mnt/loop/isolinux/dban.bzi /var/lib/tftpboot/DBAN/2.0.0/i386 sudo umount /mnt/loop
Create the utilities menu.
touch /var/lib/tftpboot/utilities/utilities.menu
Example /var/lib/tftpboot/utilities/utilities.menu:
LABEL 18 MENU LABEL DBAN Boot and Nuke KERNEL utilities/dban/dban.bzi APPEND nuke="dwipe" silent floppy=0,16,cmos TEXT HELP Warning - This will erase your hard drive ENDTEXT

Summary


We have covered the configuration of a system that will allow multiple operating systems to be booted or installed via PXE and some using both PXE and NFS. Many more possibilites exit such as booting:
  • SLAX
  • Parted Magic
  • Knoppix
  • xPUD
  • VMWare
  • openFiler
  • RHEL
  • etc.
It is also possible to PXE boot the Microsoft Windows installer and make the installation files available using Samba. This process was not covered, however you can review the process at http://oss.netfarm.it/guides/ris-linux.php

Troubleshooting


Boot failed: press a key to retry, or wait for reset...
A configuration file was not found and the boot process halts with this error. Check your config file(s). Otherwise, a configuration file is located and the commands within it will be executed (e.g. a boot menu will be displayed and the default option executed when selected).