This is a small HowTo page written by Ole Martin. If you have any questions, corrections, or contributions send a mail to . And sorry for the bad english!
Jul 18 2005 Initial post
Aug 05 2006 The Compal is now serving only as a server/media station at home. Got a new laptop at work. A Fujitsu Siemens, happely running FC5 and Windows XP. Maybe a new howto page will arise..
Aug 20 2006 A link to this page is now available at http://tuxmobil.org/. A very useful page about Linux on laptops
Table of Contents
- Installing Fedora
- Configuring Fedora
- Wireless card
- Video card
- Bluetooth dongle
- Nice everday programs
I purchased a Whitebox CL50 (www.whitebox.no), or Compal CL50 which is its factory name, in the autumn of 2003. On the laptop I run Linux (Fedora) together with Windows XP through dual boot. I have collected some information during the configuring and running Fedora on this machine that I hope can be useful for others that own a Compal CL50.
Processor: Intel Pentium M 1600MHz
Memory: 1024MB DDR RAM
Screen: 15.1" TFT SXGA+ at 1400x1050
Video card: ATI Radeon Mobility 9000 64MB
Hard drive: 60GB 5400RPM Toshiba MK6022GAX
Optical drive: DVD/CD-RW combo drive UJDA750
Ethernet: Realtek 10/100 LAN
Wifi: 802.11b/g Z-com XG600 (Prism GT based)
Bluetooth: Trust BT 180 USB Bluetooth dongle class 1 (100 meters)
With an empty hardrive, I recommend to install Windows XP first then Fedora, this will prevent a troublesome boot sector. If Windows is already installed on the hardrive, Fedora will automatically locate this installation and add Windows in the grub boot loader. The hard disk's partition table entries is as follows (wise to set up before or during the installation, e.g. using fdisk, partition magic or similar):
/dev/hda2 35 GB FAT32 # Shared partition between Windows and Linux (documents, mail, mp3s etc.)
/dev/hda3 1 GB SWAP # Linux swap space
/dev/hda4 8 GB EXT3 # Linux system
/dev/hda5 6 GB EXT3 # Linux home
The installation of Fedora, currently Fedora core 4, from CD or DVD image is straight forward. Anaconda, the graphical installer, is so easy that even your grandmother could do a fine install. Remember to select the correct partition table entries for SWAP (hda3), / (hda4), and /home (hda5). The lcd screen I use is the generic 1400x1050 lcd screen, I have not found out what the exact name is for the screen that is installed on the Compal CL50. The generic driver do however work fine.
Starting up through grub, Fedora should boot on the first try. When logged in, using gnome in my case, fire up a terminal and become root. If a Gnome error message appeared on first boot and you had to click "log in anyway" enter your prefered name for your PC in "/etc/hosts".
vi /etc/hosts # edits the hosts file
Firstly I like to add my user to the sudoers file, making it possible to run diverse programs as root without using "su -" all the time. Run the command "visudo", and add the line "user ALL=(ALL) ALL" at the end ("user" being your username).
The next useful thing to do is to use a higher resolution in the virtual terminal. The Fedora kernel have enabled framebuffer support so I just open /etc/grub.conf and add vga=791 (1024x768x16) to the kernel line:
Now, it can be a good idea to mount the shared FAT32 partition. This is done by adding the line:
to /etc/fstab. Here 500 represent the user identification number of my user on the system (figure it out with the "id" command). Then create the directory "windisk" by running "sudo mkdir /mnt/windisk". Then at last run "mount windisk" and you have easy access to the FAT32 partition.
The power saving features of the Pentium M, i.e. CPU throteling, works out of the box in the later Fedora Core releases. For own control you can just add CPU frequency scaling monitor applet in gnome and it is possible to see current CPU frequency and even lock the CPU frequency if you are in need of saving power. Other ACPI features like hibernating etc. have not been explored since I don't use them.
The easiest way to install and update software in Fedora is to use yum. Adding some additional repositories the the /etc/yum.conf file is recommended. I use the DAG wieers yum repository and the livna yum repositories for additional packages on my system. Add the following to /etc/yum.conf:
name=Dag APT Repository
name=Livna for Fedora Core $releasever - $basearch - Base
name=Livna for Fedora Core $releasever - $basearch - Testing
To prevent malicious packages to some extent, you should add the public GPG keys for each yum repository:
sudo rpm --import http://download.fedora.redhat.com/pub/fedora/linux/extras/RPM-GPG-KEY-Fedora-Extras
sudo rpm --import http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
sudo rpm --import http://rpm.livna.org/RPM-LIVNA-GPG-KEY
Then a "yum update" is in place to update the system to the bleeding edge of linux distributions (Fedora!):
To get mp3 support you can run:
Rythmbox and the genius Amarok mp3 players use this plugin to play mp3s. To play videos I use mplayer:
Go to http://java.sun.com/ and download the latest JRE (the file is named "jre-"version-number"-linux-i586-rpm.bin"). Then open a terminal, locate the downloaded file, and install it:
#...answer some licence things..
rpm -ivh jre-"version-number"-linux-i586-rpm
sudo ln -s /usr/java/jre"version-number"/plugin/i386/ns7/libjavaplugin_oji.so /usr/lib/mozilla/plugins/libjavaplugin_oji.so # this makes java work in firefox
If you need it you can get a rpm at http://sluglug.ucsc.edu/macromedia/site_ucsc.html. Download, and install with "rpm -ivh packagename.rpm".
There are now ATI driver RPMs available through livna.org that are designed especially for Fedora. Install them by yum:
That installs the ATI driver for your current kernel, and it should become active the next time you reboot your machine. If you update your kernel, you have to install the newest ATI driver also (usually this module is available in RPM by livna a few days after the new kernel is released by Fedora).
The wireless card I have on my laptop is a Z-com XG (v0.1) card (I think..). "lspci" reports this hardware information:
Subsystem: Unknown device 17cf:0014
Flags: bus master, medium devsel, latency 128, IRQ 11
Memory at d0000000 (32-bit, non-prefetchable) [size=8K]
Capabilities: [dc] Power Management version 1
The NIC works fine with the prism54 drivers, that has enabled support in the FC4 kernel. However you must have the firmware for this card to be able to run it properly. The firmware comes with the windows drivers. To get it, I booted into windows, then used the device manager and found the location of the windows drivers (c:\windows\system32\dirvers\wlandcb.sys). In that directory, together with the .sys file you will find a .arm file (wlandcb.arm) which is the firmware file you need in Linux. In Linux copy and rename this file as follows:
cp wlandcb.arm /usr/lib/hotplug/firmware/isl3890 # this line may not be necessary in FC4
Then the wireless card should work just fine! Start system-config-network and setup the card, or use iwconfig in the terminal. WEP protection works with the prism54 drivers, but WPA do not work with this driver (correct me if I am wrong). I have tried to use ndiswrapper with windows drivers to be able to use the wpa_suppliant software, but without success. The thing that seems to be stopping this from working is that the card requires the firmware file to function. I am not sure if such firmware dependent NICs can be used at all with ndiswrapper, so for now I have to use prism54 without WPA support. Anyone out there that know how to use ndiswrapper or even WPA with the ISL3890 NIC please send me a recipe!
Here I have some scribblings about how to keep the laptop system secure from outside threats. On the current configuration, the Windows XP installation is of course most the vulnerable, however using some heavy anti-virus/personal firewall and running windows update regulary should keep most threats out. I am a bit extra interest in information security (my line of work!), so I like to share some tricks I have collected to keep the Fedora install secure and have some control over what is happing on the system. I am online through diverse Internet connections, and there are not always a perimeter defense in front of the computer, so I like to add some extra protection on the portable computer.
To protect the computer from theft in some degree, I use a kensington cable lock when I have to leave the laptop unatended. Recommended!. I also set a BIOS password on the computer. Helps a bit from physical access, but not much!
Fedora comes with a state of the art security feature that is worth mentioning: SELinux. Security-Enhanced Linux (SELinux) is simply said a implementation of flexible mandatory access control in Fedora. I have SELinux enabled, and use the targeted policy. This policy apply access restrictions to specific services, but not all services (the strict policy will place a policy on all processes). More and more services are put under this targeted policy by Fedora. The policy can be configured through "system-config-securitylevel". Much is happening in the SElinux project and new policies will be available in the future.
In Fedora the most important is also to keep updated. The easiest way is to run "yum update" regulary, e.g. using crontab or doing it manually when you feel you have the right bandwidth available.
Seperating the harddrive partitions are recommended to make easy recovery after a crash or serious security incident. I only separate /home from /, and feel that is enough for my case. However many recommend seperating /, /boot, /usr, /tmp, /home and /var. On a server this may be more important.
Keeping the amount of network services running to the absolout necessary ones are important in any enviroment. Disabeling other services is aslo smart, to improve boot time etc. On my laptop i have the following services enabled:
anacron # runs cronjobs that should have been runned during power off
apmd # battery checker
ati-fglrx # native ATI driver daemon
auditd # linux auditing daemon
cpuspeed # pentium m support
crond # linux cron jobs
cups # printing
firestarter/iptables # the firewall
gpm # support for mouse in text-based programs
haldaemon # hardware abstraction layer daemon
lmsensors # motherboard monitoring
mDNSresponder # network configuration
messagebus # reporting system events
netfs # needed for samba support
network # the NICs
nifd # NIC monitoring
pcmcia # to support PCMCIA cards
smb # for accessing/providing windows shares
snmpd # for using some sysadmin tools (not a necisity)
sshd # ssh access
syslog # system loging
vmware # if you use this
Change the service setup with:
Processes and services
You can manage processes by some nice "native" Linux commands:
Users and accounts
If you have multiple users on the system (you should have at least two! i.e. you and root), use strong passwords (test them with John the Ripper, "sudo yum install john") for each user and use root as seldom as possible (use sudo if you need to run somthing as root). Read /etc/passwd regulary to look for irregularities, e.g. duplicate users (UIDs) and also keep the /etc/sudoers file correct. Usefull command to check users are: "w" (whos logged in), "last" (who has logged in recently), lastb (who failed to logg in recently).
A nice trick is to use find to have controll over files that have "loose" file permissions:
sudo find / -path /proc -prune -o \ -perm +o=w ! \( -type d -perm +o=t \) ! -type l
#locate SUID and SGID files
sudo find / -xdev -type f -perm +ug=s
#locate device special files
sudo find / \( -type b -o -type c \) -ls
sudo find /dev -type f ! -name MAKEDEV
If you wonder what kind of network traffic that is aimed at you or is sent from you, "tcpdump" and "ethereal" can be useful. I yet not been able to get airsnort, for wireless sniffing, to work with built in wireless card.
Using OpenSSH is useful when communicating, e.g. with "sftp", "ssh" or "scp". When using SSH it is recommended that you do not use the less secure SSH-1 protocol and it is also smart to disable root login. Disabling password authentication is also smart, if you boder handeling ssh keys. I have my keys securly stored on a usb dongle. This and other things can be altered by editing "/etc/ssh/sshd_config".
Another usefull secure communication channel is TLS/SSL. Here stunnel can be worth looking into.
For secure mail exchange I use GPG (open source version of the famous Zimmermann signature/encryption tool PGP). If you use thunderbird for mail there is a easy to use GUI plugin that can handle GPG keys, signatures, and encryption called enigmail. Just find the plugin for your current thunderbird version and install it through thunderbird.
Here I list some programs available in linux that I have found very useful in everyday operation of my Linux laptop. It is a mixture of gnome and KDE applications. I run all of them successfully in my gnome desktop environment, with of course all the KDE dependent packages installed by yum (It would be fine if gnome and KDE could cooperate more, then I think Linux as a desktop system would be superior on the PC market.)
Manage iptables with Firestarter.
Surf the web with Firefox
Read mail, newsgroups, and rss with Thunderbird
Edit menus in the gnome panel with smeg.
Burn your CDs with NeroLinux (gdm app) or k3b (kde app).
Listen to music with amarok (kde app).
Write LaTeX with Kile (kde app).
Draw vector graphics with DIA or sodipodi.
Edit pictures with the Gimp.
Do office things with Openoffice.org.
Read pdfs with Evince or Adobe Acrobat.
And of course write edit and write in the terminal (Gnome terminal) with vim.