Home Page
Linux Basics Debian Linux Installation Using Debian Packages Linux Modem Setup Setting Up A Network Setting Up DNS Servers Linux Internet Servers Linux LAN Servers Linux Database Server Linux Syslog Server Linux Fax Server Linux Web Cam Servers Linux Proxy/NAT Servers Linux Firewall Servers Linux Security Compiling Linux Programs Linux GUI Desktops What Now?


Using Debian Linux Packages


"Packages" are software. A package can be a workstation-type program (mozilla Web browser, gimp graphics editor, etc.), a server-type program (Apache Web server, Sendmail e-mail server, etc.), a utility (apcupsd for APC UPSs, taper backup utility), programming libraries, or OS components (GUIs, language modules, even kernel patches). You can download and install software which isn't "packaged". It's just that when software is put into a package it makes it easier to install because programs are already compiled (binary), directories are created if necessary, and all files (binary executables, text configuration files, man pages, etc.) are put into the proper directories. Some packages even have configuration scripts that are run near the end of the package installation to help you initially configure the software.

A "package manager" is used to search for, install, remove, etc. packages. Sun has a package manager for its flavor of UNIX (Solaris) that works with files that have a .pkg extension. Red Hat's package manager uses .rpm files. And Debian's package manager uses .deb files. As you will see below, a package manager isn't always a single program but several utilities used to perform the various package-related functions (search, install, etc).

Note:  The software in one package may need software from another package to work properly. One of the best things about Debian's package architecture is "automatic dependency resolution", i.e it will automatically load any packages that selected packages may depend on. It may also remove other packages that could cause conflicts. This is why the number of installed packages may be greater than the number of packages you select to install.

If you've ever tried installing packages using Red Hat Package Manager (RPM) you've likely found it a frustrating experience due to the "failed dependencies" errors commonly encountered when trying to install an RPM package. This is because Red Hat's package manager doesn't automatically take care of dependencies like Debian's package manager does.
Working with packages in Debian uses three main utilities:


You may recall being prompted to insert all the discs during the installation so that they could be scanned for available packages. This scan process builds a database of available (on the discs) packages which is used by these package utilities. When you install or remove a package this database is referenced and updated.

A complete list of the current "stable" Debian packages (including free and non-free) can be found at:

packages.debian.org/stable/

apt and dpkg are useful if you have some idea of what you're looking for. For example, apt has a search utility where you can search for software by its given name such as 'apache' or you can search for all available packages containing software offering specific functionality such as 'sniffer', 'dns', etc.

Because Debian comes with so many packages, it's often a good idea to just browse through all of the available packages to see what software you can install and play around with. To get a full listing of packages and their installation status we use dselect. As mentioned, dselect is more of a front-end, user interface tool because when you select a menu item in dselect you are simply running one of the apt or dpkg utilities with a specific set of command-line switches.

Although useful for browsing all available packages, dselect will not be your primary package management tool. You can search for, and install, packages much faster using the apt utilities. However, we wanted to show you how to use dselect because half the fun of playing around with Debian is playing around with some of the thousands of packages that comes with it.

Using dselect Top of page

dselect has a 7-step menu (numbered 0 through 6) and it will walk you through the steps. There are two different "modes" that you can use when retreiving packages. One is "access" mode where additional .deb files are retreived and added to your inventory, and "update" mode where no new packages are retreived but any updates to existing packages (newer versions of whats already in your inventory database) are.

To use dselect:

Make sure you're logged in as 'root' (you can use the whoami command to verify this) and type in dselect at the shell prompt and the menu screen will be displayed. The possible selections are:


Try out the software you just installed. Back at the shell prompt, type in:

cpuid | more

to display information, including register contents, about the CPU chip in your system. The | more part of the command just pauses the displayed output of the command at each 25 lines with --More-- at the bottom of the screen. Press the Space Bar to see the next screen.

After you've been working with your system for awhile it's easy to lose track of what packages you have installed. It's also nice to see what all got installed by the installation routine. For that you can use the command:

dpkg -l | more

That's a lower-case L for "list". apt and dpkg have a lot of command-line options and viewing the man pages for them will provide you with more information.

dselect is not only useful for browsing all available packages but it will also tell you which packages are already installed. When you installed Debian a set of "base packages" were installed. As we go through using dselect you will be able to see which packages got installed during the installation and all of the packages that were included with Debian that are available for you to install.


Using the apt Utilities Top of page

The apt utilities (there are several such as apt-get, apt-cache, etc.) can retreive packages from DVDs or the Internet via http or ftp. You can update your entire system via an Internet connection which is why you want to have a modem or other means of accessing the Internet. This is especially true for Internet server systems as you will want to regularly apply security updates (we'll show you how to do this later in this page).

apt uses the /etc/apt/sources.list file which lists the locations of package files (we'll be modifying this file later in this page). These locations include the DVDs you inventoried (scanned) during the installation routine and also has entries for various Internet servers from which you can retreive updates. The lines in the sources.list file for these Internet servers are commented out by default in case you don't have an Internet connection. (We'll set up an Internet connection on the Modems page.) The apt utilities are command line utilities and installing a package is very easy provided you know the exact package name. Most of the time you don't. But there is an apt utility that will help with that too.

Apache is the most widely-used Web server software in the world. (The Web server software can be useful on an internal network server for serving up Intranet pages, not just for Internet Web servers.) Lets say you want to set your system up as a Web server using Apache. How do you find out if it's included in one of the package files, and if so, what the package name is? You can use the apt-cache command with the search option like so:

apt-cache search apache versatile

Note that this will display any package that has the word "apache" and "versatile" anywhere, including in a package's description (without them being a part of the package name).

When the listing is complete the shell prompt will reappear. About four lines up from the shell prompt you'll see

apache - Versatile, high-performance HTTP server

which is the package we want. Now that we know the name of the package we want, we can use a simple apt command to install it. apt will automatically install any dependency packages also. To install it just type in:

apt-get install apache

to start the package installation. You will get a (Y/n) prompt to continue. Press enter to begin the installation and you'll be prompted to insert DVD #1. At the end of the installation you'll see the line:

Starting apache 1.3 web server....

Your system is now a Web server! If the system is on a network (and provided you can ping other systems on the network) it's easy to check out. Just go to another system (Linux or Windows) on the same network, fire up a Web browser, and in the URL line type in the IP address of your Debian system. For example, if the IP address of your Debian system is 192.168.10.10 type in:

http://192.168.10.10

You should see the default Debian/Apache placeholder page appear. You may even want to print this page because it tells you where the configuration, html, cgi script, and log files are located.

Note that because you installed Apache, and it is a server-type service, it will start automatically every time you boot the system. So what if you don't really want your system to be a Web server? The command:

apt-get remove apache

would remove the Apache program files from your system, but it would leave the configuration files. In order to remove everything associated with it you need to use the command

apt-get --purge remove apache

If you want to keep Apache installed, there's a few configuration details you'll want to take care of. We'll do that on the Internet Servers page.

There's one more package you may want to install so you can transfer files to/from your system. wu-ftpd is the most widely used FTP server software package. Once again the package name is the same as the software name so installing it is easy:

apt-get install wu-ftpd

You'll be prompted for DVD #2. We set up FTP just so you could get files on and off your server without needing to use a floppy disk. If you are going to set this system up as an Internet server that does offer FTP services, be sure to use the /etc/wu-ftpd/ftpaccess file to increase the security of your FTP services.

Once wu-ftpd is installed, you can go to any system on your network, fire up an FTP client program like WS_FTP or CuteFTP, point it to the IP address of your system, and log in using the user account you created during the installation (not as root).

Recall that when we installed Debian we also installed basic GUI functionality. Since the GUI is useful for Web browsing, and there are a lot of Linux and Debian resources available on the Web, you may want to also install a Web browser. To install it, just enter the command:

apt-get install iceweasel

Iceweasel is a light-weight Mozilla-based Web broswer. If you've ever used Firefox you'll be very familier with Iceweasel.

Next we'll fire up the GUI and check out our Iceweasel installation. When you installed it using the above command, a menu selection for it will be automatically added under the Net submenu of the GUI desktop menu. If you need to set up a modem to get your system on the Internet to check out Iceweasel see our Modems page),

Note:  The apt-get command has a lot of options for checking packages, resolving dependencies, etc. that we don't cover here. It would be worth your while to check out the man page or Web references to learn more about all this command can do.


Trying The GUI Top of page

Most of the GUI stuff should have been configured during the installation. While a GUI may be the heart of Windows operating systems, it's just another optional piece in Linux. It's also the most problematic, frustrating piece to work with.

There are several different parts to a Linux GUI that all have to interact. There's an X server (like s3v), a windows manager (like twm or enlightenment), and a desktop package (like Gnome or KDE). Getting them all configured correctly and working in harmony is a royal PITA. The Debian installer helps a little, provided you know what you're selecting. The GUI installation steps we covered on the Installation page should get it working for most systems.

There's a reason for all the GUI pieces. The more integrated and simple you make something the fewer options you have in its use. While a pain, the GUI in Linux is very powerful and flexible. You can even run a GUI windows session on a Linux system that doesn't have a GUI installed. You simply connect (over a network) to another system that is running an X server (now you know why they call it an X server) and have it send you the GUI screens and respond to your system's mouse clicks and keystrokes. But that's beyond the scope of these pages.

If you haven't read it on one of the other pages on this site, read it now. We believe the best way to learn, and use, Linux/UNIX is by using the command-line interface (i.e. entering commands at the shell prompt). We'll cover getting in to and out of the GUI here just so you can see what it's like but this is as far as we'll go with it.

There's another reason to stay away from the GUI besides just the learning aspects involved. You can encounter a lot of different GUIs. Systems can have the same desktop manager (Gnome) but have different windows managers. Sun Solaris has it's own GUI. As a result, they'll look completely different with different menus, etc. By contrast, most Linux/UNIX shell commands will work on any UNIX or Linux system. Learn to work at the shell prompt and you'll be good to go on just about any UNIX or Linux system. There are some minor differences with some shells, and different file locations for some configuration and application files depending on the flavor of the OS. But if you know how to work the command line you can find out where they are, and you'll feel at home no matter what flavor of UNIX or Linux distribution is runnng on the machine. Even if you walk up to a machine running a GUI you've never seen before, all you have to do is open up a local terminal window (all GUIs have them) to get to a shell prompt.

If you followed this site's installation page the GUI with Gnome was installed (hopefully correctly but that's a crap shoot). Many more preference files which have file names starting with a period will appear in your home directory after you run the Gnome GUI for the first time. You start it by typing in:

startx

at the shell prompt. You won't see much. No task bar or "Start" button. Just a grey screen with a black "X" for a mouse pointer and a command window in upper-left corner of the desktop. You have to put the mouse pointer on the black command window to give it focus and type in twm at the command prompt to start the window manager. To bring up a menu, move the mouse pointer out of the command window and left-click on the desktop. Note that with the twm windows manager you have to point to the small icons on the right side of the menu selections in order to see the sub-menus. Just pointing on the word won't cause that to happen.

Click and hold down the left mouse button and the pop-up menu will appear. While continuing to hold down the left mouse button, arrow over Debian/Apps/Net/Iceweasel and let up on the mouse button. When you do, the mouse pointer will change to a right-angle and an outline of the window will appear to the right and below the pointer. This is so you can position the window where you want it on the screen. When you've got it where you want it, click the left mouse button again to display the window. Note that the mouse pointer has to be somewhere in the browser window in order for you to be able to enter commands.

To exit twm, left-click on the desktop, arrow down to the icon to the right of "Exit" and select "Yes, really quit". Now put your mouse pointer over the terminal window to give it focus and type in exit at the shell prompt to exit out of the GUI.

On a Linux desktop system the windows manager, desktop manager, and X all start together. Because we're only running a minimal GUI we have the ability to start X and a window manager separately so you can see that they are two different pieces. We never installed the third part of the GUI which is a desktop manager such as KDE or Gnome but, as you can see, we don't really need one.


Upgrading Your System Top of page

Debian's package system makes it real easy to keep your system up-to-date. Once you get your system connected to the Internet either via a modem (see the Modems page) or a LAN (see the Networking page), you can upgrade your system to the current point release using that Internet connection.

While using this procedure to upgrade your system to the current stable release is why we're doing it here, it's not the only time it should be done. In other words, if the current stable release is 3.1r3 and you've used this procedure to upgrade your system to 3.1r3, that doesn't mean you don't have to run it again until 3.1r4 comes out. Individual packages can get updated in between point releases. You'll also want to stay on top of any security updates that are available. We'll show you how to automate the security patching process later in this page.

The first thing you have to do is change the sources.list file that apt uses to determine from where it should pull packages. Right now, if you installed your system using a DVD set, it's set to only look on DVDs. We have to change that to only look on the Internet.
As mentioned on the Installation page, many organizations don't allow their servers to be Internet-accessible for security reasons. If this is the case with your server, you have no choice but to do point-release updates using discs and should not follow this procedure.
Open the sources.list file in the nano text editor with the command:

nano /etc/apt/sources.list

You'll see a line like the following for each DVD in your set:

deb cdrom:[name of dvd-rom]

Put a pound character (#) in front of all of these lines to comment them out like so:

#deb cdrom:[name of dvd-rom]

Look for the following line further down in the file:

# deb http://security.debian.org/ stable/updates main

and remove the the pound character (#) at the beginning of this line.

Add the following line underneath the line you just edited:

deb http://http.us.debian.org/debian stable main contrib non-free

If you're outside the US, uncomment the line that has "non-us" in place of the "us" part of the above line. Then exit the editor (by pressing Ctrl-X, then 'y' and then Enter) saving the file.

Note:  As long as the sources.list file is in the above configuration (http sources enabled and DVD-ROM sources disabled) you'll have to connect to the Internet in order to install any new packages as well as update any currently-installed packages. It is best to wait until you have your system set up just the way you want it before you use this procedure.

Once you're able to connect to the Internet use the following procedure to update your system:

  1. If necessary, use the pon command to use your modem to connect to your ISP.

    Once connected to the Internet, you have to update the inventory database of available packages. (This is the list of packages you see when you run dselect.) Database entries for new packages are also pulled from Debian's server over the Internet. (This should take less than five minutes with a modem connection.) You do this by issuing the command:

    apt-get update

  2. Once the package list is up to date, you upgrade the software on your system by typing in the following command:

    apt-get upgrade -u

The -u in the above command just makes the process a little more verbose, displaying package names as they're downloaded and installed. Be advised that these downloads could take awhile with a modem connection because you could be upgrading to a higher point release of the OS (ex: going from 3.0r1 to 3.0r2).

Once the download is complete the package updates will be installed and set up the same way they were when you pulled them off the DVDs. For modem connections, don't forget to use the poff command to disconnect from your ISP when you are finished.

Note:  The above procedure only updates applications that were installed as a Debian package. If you installed applications that were not in Debian packages (such as when you download the source code files from a Web site and compile/install it yourself), it will have to be updated separately.


Automating Security Patching Top of page

Automatically applying security patches will help ensure you're protected against the latest worms and exploits. Automating the process of retreiving and applying security patches is not hard at all. The cron memory-resident scheduler is loaded by default when the system boots so it's just sitting there waiting for you to use it. Automating a process involves two steps; giving cron something to run (i.e. creating a shell script containing the commands you want to run), and then telling cron when to run it.

Because you only want this process to take care of security patches, you'll want to edit the /etc/apt/sources.list file to comment-out every line except the line that contains the word security in it. The only line that shouldn't be commented out is:

deb http://security.debian.org/ stable/updates main

With this restriction in place you can now create the shell script that will do the updating. You create a shell script using a standard text editor. Create the new shell script with the command:

nano /usr/local/security-patches.sh

and enter the following commands:

#!/bin/sh
apt-get upgrade
init 6

The init command will restart the system. Normally when you patch a daemon you'll want to restart that daemon to make sure the patches take effect. However, since you won't know which daemon got patched with this automated process there's now way to know which daemons to restart so simply restarting the system is the safest way to go. If you want to try this out on a system that does use a modem to connect to the Internet, you'd have to add in the appropriate pon and poff commands:

#!/bin/sh
pon
sleep 30
apt-get upgrade
poff
init 6

Save the file and then change the permissions to make it executable using the command:

chmod 755 /usr/local/security-patches.sh

This is a very basic script. You'll probably want to set up some 'if' statements which test to make sure you got connected and check the success of the apt-get command.

How can you check to see if apt-get executed successfully? If you're familier with DOS you know you could check the value of the ERRORLEVEL environment variable to determine the success of a command. In Linux/UNIX it's called the "exit status" and the ? represents this environment variable. Entering the command:

echo $?

will display the exit status of the most recently run command. (Remember that you have to put the $ in front of an environment variable when referring to its value as with the echo command or the when using an 'if' statement in a shell script.) A zero indicates success (just remember "zero errors") and anything greater than a zero represents some kind of problem.

cron

cron is the memory-resident scheduler daemon that can execute commands and scripts at regular intervals. The jobs it runs are listed in a crontab file which is edited using the crontab utility.

The following command will list the contents of your current crontab file:

crontab -l

You'll want to add an entry to the crontab file for the security-patches.sh shell script. The format of the file is basically:

<when-to-run values> <what to run>

The "when to run" is a field which consists of five space-delimited values in the following order:

  • Minutes past the hour   (0 to 59)
  • Hour of the day   (0 to 23)
  • Day of the month   (1 to 31)
  • Month of the year   (1 to 12)
  • Day of the week   (0=Sunday to 6=Saturday)
You can use the asterisk (*) to specify all values for any given entry. For example, to run a job every Saturday at 11:15 pm you would use the following values:

15 23 * * 6

Be careful with these values. You'd rarely want to enter a number for the "Day of the Month" and the "Day of the Week". For example, if you entered:

15 23 3 * 6

cron would only run the job when the 3rd falls on a Saturday.

You can enter multiple values for each entry by separating them with commas. We set up cron jobs to check the logs twice a day, every weekday, at noon and again at 5 pm. This required the following values:

0 12,17 * * 1,2,3,4,5

Remember that the space is the delimiter between the five entries.

The "what to run" is what you want to cron to execute and is basically anything you can enter at a shell prompt. Any command, including pipes and redirects, shell script, etc. Since we want to run the security-patches.sh shell script, which we saved to the /usr/local directory, our crontab entry ends up looking like this:

0 3 * * 0 /usr/local/security-patches.sh

Note that only a space separates the "what to run" value from the last of the "when to run" values. The "when to run values above will run the security-patches.sh shell script every Sunday morning at 3 a.m.

So now that we know what our entry will be, we have to use crontab to enter it into the crontab file. At the shell prompt, enter:

crontab -e

This will fire up your default text editor with the current crontab file automatically loaded (which is likely empty). Simply enter your new crontab entry and close the editor. You can check to make sure your entry was added to the crontab file by entering the following command at the shell prompt:

crontab -l





Did you find this page helpful ?
If so, please help keep this site operating
by using our CD, gear, or book pages.


Site, content, documents, original images   Copyright © 2003-2006   Keith Parkansky   All rights reserved
Duplication of any portion of this site or the material contained herein without
the express written consent of Keith Parkansky, USA is strictly prohibited.

This site is in no way affiliated with the Debian Project, the debian.org Web site, or
Software In The Public Interest, Inc. No endorsement of this site by the Debian Project
or Software In the Public Interest is expressed or implied. Debian and the Debian logo
are registered trademarks of Software In The Public Interest, Inc. Linux is a registered
trademark of Linus Torvalds. The Tux penguin graphic is the creation of Larry Ewing.

LIABILITY

IN NO EVENT WILL KEITH PARKANSKY OR HOSTWAY INCORPORATED OR ANY OF ITS' SUBSIDIARIES BE LIABLE TO ANY PARTY (i) FOR ANY DIRECT, INDIRECT, SPECIAL, PUNITIVE OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF PROGRAMS OR INFORMATION, AND THE LIKE), OR ANY OTHER DAMAGES ARISING IN ANY WAY OUT OF THE AVAILABILITY, USE, RELIANCE ON, OR INABILITY TO USE THE INFORMATION, METHODS, HTML OR COMPUTER CODE, OR "KNOWLEDGE" PROVIDED ON OR THROUGH THIS WEBSITE, COMMONLY REFERRED TO AS THE "ABOUT DEBIAN" WEBSITE, OR ANY OF ITS' ASSOCIATED DOCUMENTS, DIAGRAMS, IMAGES, REPRODUCTIONS, COMPUTER EXECUTED CODE, OR ELECTRONICALLY STORED OR TRANSMITTED FILES OR GENERATED COMMUNICATIONS OR DATA EVEN IF KEITH PARKANSKY OR HOSTWAY INCORPORATED OR ANY OF ITS' SUBSIDIARIES SHALL HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT, OR OTHERWISE; OR (ii) FOR ANY CLAIM ATTRIBUTABLE TO ERRORS, OMISSIONS, OR OTHER INACCURACIES IN, OR DESTRUCTIVE PROPERTIES OF ANY INFORMATION, METHODS, HTML OR COMPUTER CODE, OR "KNOWLEDGE" PROVIDED ON OR THROUGH THIS WEBSITE, COMMONLY REFERRED TO AS THE "ABOUT DEBIAN" WEBSITE, OR ANY OF ITS' ASSOCIATED DOCUMENTS, DIAGRAMS, IMAGES, REPRODUCTIONS, COMPUTER EXECUTED CODE, OR ELECTRONICALLY STORED, TRANSMITTED, OR GENERATED FILES, COMMUNICATIONS, OR DATA. ALL INFORMATION, METHODS, HTML OR COMPUTER CODE IS PROVIDED STRICTLY "AS IS" WITH NO GUARANTY OF ACCURACY AND/OR COMPLETENESS. USE OF THIS SITE CONSTITUTES ACCEPTANCE OF ALL STATED TERMS AND CONDITIONS.