Chapter 10. Installation - step 7: configure your system

Table of Contents

Master LRP settings (/etc/lrp.conf)
POSIXness setting (/etc/POSIXness.conf)
File system mounts (/etc/fstab)
Lowest level boot-up configuration (/etc/inittab)
System wide profile (/etc/profile)
Ports root is allowed to login to (/etc/securetty)
System logging configuration (/etc/syslog.conf)
Service name to number translation (/etc/services)

It's now time to fine tune your installation.You are now going to fine tune your system configuration through the System configuration menu.


This chapter is for the experienced If you want to permanently change any of the following parameters, do not forget to backup etc.lrp !

Through the LEAF configuration menu type 2 to access to the System configuration menu:

                        System configuration menu

        1) Master LRP settings                  (/etc/lrp.conf)
        2) POSIXness mail settings              (/etc/POSIXness.conf)
        3) File system mounts                   (/etc/fstab)
        4) Lowest level boot-up configuration   (/etc/inittab)
        5) System wide profile                  (/etc/profile)
        6) Ports root is allowed to login to    (/etc/securetty)
        7) System logging configuration         (/etc/syslog.conf)
        8) Service name to number translation   (/etc/services)

  q) quit

Master LRP settings (/etc/lrp.conf)

The file looks like:

#This is the master config file for systemwide LRP functions.
#It is referenced by multicron-* and POSIXness.

# Log files in /var/log/ to rotate. DEPTH == Amount to keep.
lrp_LOGS_DAILY="daemon.log debug kern.log messages syslog user.log \
                ppp.log pslave.log"
lrp_LOGS_WEEKLY="auth.log lastlog"

In this part of the lrp.conf file, you declare those file for which there will be a daily, weekly and monthly backup. The number of log, for each frequency, is given by the lrp_LOGS_DEPTH variable. The default values given to those variables should be OK for most users.

# Email address to use for notices and alerts. If blank alerts won't be sent.

The name of the variable says it all: you give here the E-mail address of the router administrator to whom the monitoring messages will be sent. Do not forget to uncomment the variable name if you want to activate that facility!

# Server that will be contacted via 'rdate' for the time service daily.
# Turning this on also updates the CMOS clock

If you uncomment lrp_DATE_SERVER and declare a time server name here, this time server will queried periodically to update your Bering box time. You must be sure that your server accept rdate requests since their number is progressively diminishing in favour of ntp server.


In order to have rdate requests working properly, you need:

  • To open port 37 in Shorewall. The following statement in the /etc/shorewall/rules file will do:

    ACCEPT		fw	net	tcp	37
  • To be sure that your time server allows request directed to port 37. This is not the case of every timeserver whose list is available here.

# List of hosts to ping check. ADMIN will be sent mail if any fail.

You declare in lrp_PING_HOSTS the name of the hosts you want to ping check. Do not forget to uncomment the variable name if you want to activate that facility!

# SPACECHECK, will check the space available on a defined device.
# For each device you must define a tag and a group of parameters
# associated with this tag. (See below). Then, for each device,
# if the remaining free space is <= MINKB or <= MINPER, each level
# of file mask(s) will be wiped, until the minimum available space
# is met or level 5 is reached. Files are individually null'ed
# to 0 size. They are not rm'ed. (syslogd will not be interrupted)
# When the level set in MAIL_LEVEL, is reached or exceeded, an
# alert will be sent to ADMIN. (If set)
# You can have as many tags as you want :-)
# Default=One tag (L) associated to /var/log
lrp_SPACECHECK=NO                       # YES or NO (default)
lrp_SC_MOUNT="L"			# define here the tag(s) of directories to be checked
#lrp_SC_MOUNT="L T"                     # an alternative if you want to check two directories
lrp_SC_MAIL_LEVEL=2                     # >= 6 to disable.

# The following block defines the parameters for the "L" tag
lrp_SC_MNT_L="/var/log"                 # Directory to be checked
lrp_SC_MINKB_L=-1                       # <= -1 to disable.
lrp_SC_MINPER_L=5                       # >= 101 to disable. Default 5%.
lrp_SC_DEL_L1="/var/log/*[3-4].gz"      # defines the files that will be set to 0 when space limit is reached

# The following block defines the parameters for the "T" tag
#lrp_SC_MNT_T="/tmp"                    # Directory to be checked
#lrp_SC_MINKB_T=-1                      # <= -1 to disable.
#lrp_SC_MINPER_T=5                      # >= 101 to disable. Default 5%.
#lrp_SC_DEL_T1="/tmp/..."               # defines the files that will be set to 0 when space limit is reached

If lrp_SPACECHECK is set to yes, the space left on specified device(s) will be checked. If the space is less than the limit you set, then a mail alert will be sent to the admin. By default the space is checked on the /var/log directory.

The configuration may seem a little complicated at first. The lrp_SC_MOUNT variable assigns a one character tag for each directory that should be tested. Each tag is separated by a space. For example you can have:

lrp_SC_MOUNT="L T"

Then for each tag previously defined you should declare an lrp_SC_MNT_TAG variable do declare the name of the corresponding directory, an lrp_MINKB_TAG, an lrp_MINPER_TAG and, optionally, a list of files to be cleaned up splitted in 5 levels. The first level will be cleaned up first, then the second if space constraint is still enforced and so on... For example:


Now you can specify a treshold for the memory to take an action. You can specify this treshold in KB (lrp_SC_MINKB) or as percent of the partition.(lrp_SC_MINPER)


In the above example there will be an alert as soon as the free memory on /var/log is less than 200 KB OR as soon as the amount of free space on /var/log will be less than 30%. As soon as one of the treshold for a declared partition is reached then the program will look, if they exist, for the lrp_SC_DEL_TAG variables and will zero out those files until there is enough space left.

if you indicated an email address for the administrator he will be informed by mail about the reached level.

POSIXness setting (/etc/POSIXness.conf)

The information here allows you to declare the default parameters of your Bering box mail program.

#This is the master config file for the POSIXness.mail scripts

# Host SMTP server for the 'mail' command. If blank the host 'mail' is used.

# From: domain to send to mail server.  If blank, `hostname -f` is used.

# Return-Path will be USER@MAIL_DOMAIN

The MAIL_SERVER variable is the FQDN of your mail server. In most cases it will be your ISP smtp mail server (e.g. "" or ""). Be sure that you can use it to relay mail !

The MAIL_DOMAIN variable will the domain part of the mail return address (e.g.

The USER variable will be the user name of the mail return address


If you want to be able to send a mail from your Bering box do not forget to adjust your firewall rules accordingly! You will have to include in the Shorewall rules file the following statement:

ACCEPT          fw        net           tcp     25

File system mounts (/etc/fstab)

By default, this file looks like:

# /etc/fstab: static file system information.
# <file system>     <mount point>   <type>  <options>   <dump> <pass>
proc                /proc           proc    noauto      0       0

If you want to add a hard-disk and want it to be mounted automatically at boot time, add it to your /etc/fstab file.

Lowest level boot-up configuration (/etc/inittab)

The inittab file describes which processes are started at bootup and during normal operation (e.g. /etc/init.d/boot, /etc/init.d/rc, gettys...). Init(8) distinguishes multiple runlevels, each of which can have its own set of processes that are started. Valid runlevels are 0-6 plus A, B, and C for ondemand entries. An entry in the inittab file has the following format:


Lines beginning with `#' are ignored. There should no reason for most users to change this file.

System wide profile (/etc/profile)

This file is read right after login and is used to decalre environnement variable. You can also use it to declare shell aliases. Most users won't change it.

Ports root is allowed to login to (/etc/securetty)

/etc/securetty is used by login(1); the file contains the device names of tty lines (one per line, without leading /dev/) on which root is allowed to login. Bering default file looks like:

# /etc/securetty: list of terminals on which root is allowed to login.
# See securetty(5) and login(1).
# Include ttyp0, ttyp1, etc to allow telnet access. *NOT RECOMMENDED*

System logging configuration (/etc/syslog.conf)

The syslog.conf file is the main configuration file for the syslogd which logs system messages on *nix systems. This file specifies rules for logging. For special features see the sysklogd manpage. Every rule consists of two fields, a selector field and an action field. These two fields are separated by one or more spaces or tabs. The selector field specifies a pattern of facilities and priorities belonging to the specified action.

Lines starting with a hash mark (``#'') and empty lines are ignored.

This file should only be modified by experienced Linux users.

Service name to number translation (/etc/services)

/etc/services is a plain ASCII file providing a mapping between friendly textual names for internet services, and their underlying assigned port numbers and protocol types. Every networking program should look into this file to get the port number (and protocol) for its service. Port numbers are assigned by the IANA (Internet Assigned Numbers Authority), and their current policy is to assign both TCP and UDP protocols when assigning a port number. Therefore, most entries will have two entries, even for TCP only services. Port numbers below 1024 (so-called 'low numbered' ports) can only be bound to by root (see bind(2), tcp(7), and udp(7).) This is so that clients connecting to low numbered ports can trust that the service running on the port is the standard implementation, and not a rogue service run by a user of the machine. Well-known port numbers specified by the IANA are normally located in this root only space. The presence of an entry for a service in the services file does not necessarily mean that the service is currently running on the machine. See inetd.conf(5) for the configuration of Internet services offered. Note that not all networking services are started by inetd(8), and so won't appear in inetd.conf(5). In particular, news (NNTP) and mail (SMTP) servers are often initialised from the system boot scripts.