Install Cacti on Debian Squeeze

April 19th, 2012 | Posted by cahpct in Debian | Debian - (0 Comments)

Not too hard to get started. Once you have SNMPD installed and working just run:

apt-get install cacti

When that is complete you will have to modify the Apache config.

Add the follwing to "/etc/apache2/sites-available/default" between the VirtualHost tags:

Alias /cacti/ "/usr/share/cacti/site/"
<Directory "/usr/share/cacti/site/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>

Then restart Apache:

invoke-rc.d apache2 restart

Use the url http://hostname/cacti and log in with the username admin and password admin. You will be asked to change the password and then you're in!

sources

Live edu Password Requirements

April 18th, 2012 | Posted by cahpct in Live EDU - (0 Comments)

Applies to: Office 365 for professionals and small businesses, Office 365 for enterprises, Live@edu

Topic Last Modified: 2012-02-24

The following rules and restrictions apply to account passwords.

Rules
  • The password can have a maximum length of 16 characters.
  • Strong passwords are at least 8 characters long.
  • The password is case-sensitive.
  • The password can contain uppercase and lowercase letters, and numbers.
  • The password can contain the following ASCII text characters: ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] \ : " ; ' < > ? , . /
Restrictions

The password can't contain:

  • Spaces
  • Non-English characters
  • The alias part of the e-mail address. For example, if the e-mail address is user@contoso.edu, the password can't contain user. This restriction isn't case-sensitive, so USER or User can't be used in the password for user@contoso.edu.

Also, for Microsoft Live@edu, the password can’t contain the secret answer for the Windows Live security question, and the secret answer can’t contain the password. The Windows Live security question and secret answer are used to verify a user’s identity if the user forgets their password and tries to reset it.

 

sources

Debian / Ubuntu Linux: Setup NFSv4 File Server

April 18th, 2012 | Posted by cahpct in Debian - (0 Comments)

How do I install and configure NFS version 4 server under Debian or Ubuntu Linux server operating systems using host-based authentication?

You need to install the following packages in Debian / Ubuntu Linux server:

  1. nfs-kernel-server: Linux kernel NFS version 3 and 4 server.
  2. portmap: RPC port mapper.
  3. nfs-common: NFS support files common to client and server. It also includes the following libraries:
    1. liblockfile1 – NFS-safe locking library, includes dotlockfile program.
    2. libnfsidmap2 – An nfs idmapping library.

Step #1: Install NFSv4 Server

Open a command-line terminal (select Applications > Accessories > Terminal), and then type the following commands. You can also login using ssh command. Switch to the root user by typing su – and entering the root password, when prompted. Enter the command apt-get update && apt-get upgrade to tell apt to refresh its package information by querying the configured repositories and then upgrade the whole system:
# apt-get update && apt-get upgrade
Type the following command to install NFSv4 server package, enter:
# apt-get install nfs-kernel-server portmap nfs-common

Step #2: Configure Portmap

Edit /etc/default/portmap, enter:
# vi /etc/default/portmap
Make sure OPTIONS are set as follows, so that it can accept network connections from your LAN:

 
OPTIONS=""
 

Save and close the file. Edit /etc/hosts.allow and add list of hosts (IP address or subnet) that are allowed to access the system using portmap, enter:
# vi /etc/hosts.allow
In this example allow 192.168.1.0/24 to access the portmap:

 
portmap: 192.168.1.
 

Save and close the file. TCP Wrapper is a host-based Networking ACL system, used to filter network access to Internet and/or LAN based systems.

Step #3: Configure idmapd

The rpc.idmapd is the NFSv4 ID <-> name mapping daemon. It provides functionality to the NFSv4 kernel client and server, to which it communicates via upcalls, by translating user and group IDs to names, and vice versa. Edit /etc/default/nfs-common, enter:
# vi /etc/default/nfs-common
Start the idmapd daemon as it needed for NFSv4:

 
NEED_IDMAPD=YES
 

Save and close the file. The default /etc/idmapd.conf file as follows:
# cat /etc/idmapd.conf
Sample outputs:

 
[General]
 
Verbosity = 0
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = localdomain
 
[Mapping]
 
Nobody-User = nobody
Nobody-Group = nogroup
 

I'm going to use the defaults. But, you can configure the mapping as per your setup. See idmapd.conf(5) man page for more info.

Step #4: Configure NFS

First, create a directory using the mkdir command, enter:
# mkdir /exports
Edit /etc/exports file and set the the access control list for filesystems which is exported to NFS clients, enter:
# vi /etc/exports
Append the following configuration, enter:

 
/exports   192.168.1.0/255.255.255.0(rw,no_root_squash,no_subtree_check,crossmnt,fsid=0)
 

Save and close the file. Where,

  1. /exports: /exports is directory and it is set as an explicit export root of yourpseudofilesystem. You can mount other volumes under
    that using the mount command. See below for more information.
  2. 192.168.1.0/255.255.255.0: You are exporting directories to all hosts on an IP sub network simultaneously called 192.168.1.0/24. Only clients in 192.168.1.0/24 are allowed to access our NFSv4 server.
  3. rw: Allow users to read and write requests on this NFS volume.
  4. no_root_squash: Turn off root squashing. This option is mainly useful for diskless clients.
  5. no_subtree_check: This option disables subtree checking, which has mild security implications. A home directory filesystem, which is normally exported at the root and may see lots of file renames, should be exported with subtree checking disabled.
  6. crossmnt: This option is similar to nohide but it makes it possible for clients to move from the filesystem marked with crossmnt to exported filesystems mounted on it. Thus when a child filesystem "B" is mounted on a parent "A", setting crossmnt on "A" has the same effect as setting "nohide" on B.
  7. fsid=0: NFS server needs to be able to identify each filesystem that it exports. For NFSv4 server, there is a distinguished filesystem which is the root of all exported filesystem. This is specified with fsid=root or fsid=0 both of which mean exactly the same thing.

A Note About /exports Pseudo File System

The /exports act as the root of the pseudo file system for the export. You need to mount all the required filesystems under this directory. For example, you can share /home, /sales, /usr directory under /exports as follows using the mkdir command:
# cd /exports
# mkdir {home,sales,data,usr}
You can now bind the directories using the mount command as follows:
# cd /exports
# mount --bind /home data
# mount --bind /usr home
# mount --bind /data data
# mount --bind /sales sales
Update /etc/fstab to automatically bind the file system, enter:
# vi /etc/fstab
Update file as follows:

 
/home /exports/data    none bind
/usr /exports/home     none bind
/data /exports/data    none bind
/sales /exports/sales   none bind
 

Save and close the file. Make sure all services are running:
# /etc/init.d/portmap restart
# /etc/init.d/nfs-common restart
# /etc/init.d/nfs-kernel-server restart

Step #5: Client Configuration

You need to install nfs-common and portmap packages on the client computer running Debian or Ubuntu Linux desktop:
# apt-get install nfs-common portmap
Make sure those two services are running:
# /etc/init.d/nfs-common start
# /etc/init.d/portmap start

How Do I See Exported Directories From The Client Computer?

Type the following commands:
$ showmount -e 192.168.1.10
$ showmount -e server2
Where, 192.168.1.10 is NFSv4 server IP address.

How Do I Mount the Directories From The Client Computer?

Type the following command, enter:
# mkdir /data
To mount the entire /exports, enter:
# mount.nfs4 192.168.1.4:/ /data
Only mount /exports/data, enter:
# mount.nfs4 192.168.1.4:/data /data
I suggest passing the following options to the mount command:
# mount.nfs4 192.168.1.10:/ /nfs -o soft,intr,rsize=8192,wsize=8192
See mount.nfs4 man page for more information.

How Do I Mount Directories Automatically Using /etc/fstab File?

You can mount NFS file systems Using /etc/fstab, enter:
# vi /etc/fstab
Append the entry, enter:
192.168.1.10:/data /data nfs4 soft,intr,rsize=8192,wsize=8192
Save and close the file.

Kerberos Based Authentication

If you do not wish to use host-based authentication, you can use Kerberos-based authentication instead. In the next part of the series I will talk about Kerberos-based authentication for NFSv4 client and server running under Debian operating systems.

sources

Postfix Monitoring With Mailgraph And pflogsumm in ubuntu

April 17th, 2012 | Posted by cahpct in Postfix - (0 Comments)

Mailgraph

To install Mailgraph, we run

apt-get install rrdtool mailgraph

Ubuntu doesn't ask us questions. Nevertheless, we have to make the differentiation if we use a content filter like amavisd in Postfix or not. Open /etc/default/mailgraph:

vi /etc/default/mailgraph

If you use a content filter like amavisd, the file should have the following contents:

MAIL_LOG=/var/log/mail.log
IGNORE_LOCALHOST=true

If you don't, then it should look like this:

MAIL_LOG=/var/log/mail.log
IGNORE_LOCALHOST=false

Ubuntu doesn't create the system startup links for Mailgraph automatically, so we do it now:

update-rc.d mailgraph defaults

Also, we have to start Mailgraph now:

/etc/init.d/mailgraph start

Now we must copy the mailgraph.cgi script (which draws the graphs and creates the output for our web browsers) to the cgi-bin directory of our www.example.com web site:

cp -p /usr/lib/cgi-bin/mailgraph.cgi /var/www/www.example.com/cgi-bin

The script is already executable, so we don't need to chmod it. If you use suExec for the www.example.com web site, you must chown mailgraph.cgi to the appropriate owner and group.

Now direct your browser to http://www.example.com/cgi-bin/mailgraph.cgi, and you should see some graphs. Of course, there must be some emails going through your system before you see the first results, so be patient.

 

The pflogsumm part is exactly the same as for Debian Sarge:

To install pflogsumm, we run

apt-get install pflogsumm

We want pflogsumm to be run by a cron job each day and send the report to postmaster@example.com. Therefore we must configure our system that it writes one mail log file for 24 hours, and afterwards starts the next mail log so that we can feed the old mail log to pflogsumm. Therefore we configure logrotate (that's the program that rotates our system's log files) like this: open /etc/logrotate.conf and append the following stanza to it, after the line # system-specific logs may be configured here:

vi /etc/logrotate.conf

/var/log/mail.log {
    missingok
    daily
    rotate 7
    create
    compress
    start 0
}

There's a logrotate script in /etc/cron.daily. This script is called everyday between 06:00h and 07:00h. With the configuration we just made, it will copy the current Postfix log /var/log/mail.log to /var/log/mail.log.0 and compress it, and the compressed file will be /var/log/mail.log.0.gz. It will also create a new, empty /var/log/mail.log to which Postfix can log for the next 24 hours.

Now we create the script /usr/local/sbin/postfix_report.sh which invokes pflogsumm and makes it send the report to postmaster@example.com:

vi /usr/local/sbin/postfix_report.sh

#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
gunzip /var/log/mail.log.0.gz

pflogsumm /var/log/mail.log.0 | formail -c -I"Subject: Mail Statistics"
-I"From: pflogsumm@localhost" -I"To: postmaster@example.com" -I"Received:
from www.example.com ([192.168.0.100])" | sendmail postmaster@example.com

gzip /var/log/mail.log.0
exit 0

We must make this script executable:

chmod 755 /usr/local/sbin/postfix_report.sh

Then we create a cron job which calls the script everyday at 07:00h:

crontab -e

0 7 * * * /usr/local/sbin/postfix_report.sh &> /dev/null

This will send the report to postmaster@example.com.

Managing Postfix

April 17th, 2012 | Posted by cahpct in Postfix - (0 Comments)

Delete an Email from the Queue

For Example – sending an email to someone and it bounces. Defauly retry is for 3 days. To remove it manually :

postsuper -d queue_id

Tons more info at: http://www.postfix.org/postsuper.1.html

Delete all Deferred Emails from the Queue

If spam emails are been sent and/or your mail queue fills up, you can delete all deferred emails with the following:

postsuper -d ALL deferred

Checking Mail logs with pflogsumm

pflogsumm shows all the essential information from mail.log. It groups information into the following headings:

  • Grand Totals – messages sent and recieved.
  • Per-Day Traffic Summary
  • Per-Hour Traffic Daily Average
  • Host/Domain Summary: Message Delivery
  • Host/Domain Summary: Messages Received
  • Senders by message count
  • Recipients by message count
  • Senders by message size
  • Recipients by message size
  • message deferral detail
  • message reject detail
  • message reject warning detail
  • smtp delivery failures
  • Warnings
apt-get install pflogsumm
pflogsumm /var/log/mail.log | less

It is a very useful tool and shows an excellent insight into mail delivery and sending on your server.

Show Mail Queue

If mails are deferred etc. and you want to see a list of them:

postqueue -p

Cek hardisk

April 9th, 2012 | Posted by cahpct in Command Line | Linux - (0 Comments)

du -cks *|sort -rn|head
du -h –max-depth=1

Shut down Debian Linux machine cleanly

March 28th, 2012 | Posted by cahpct in Command Line | Debian | Debian | Linux - (0 Comments)

There are several ways to shut down  DebianLinux machine cleanly, with the most simple probably being from the GUI environment you are using.

For the GNOME desktop enviornment there is the option to shutdown the machine which is immediately available when you click "Logout". Choosing this should log you out of the desktop and also shut the machine down.

From the console, either a remote SSH session,Telnet or from in front of the machine you also have access to the following commands:

shutdown

poweroff

The second command will take no arguments and immediately begin shutting down the machine, simply run as root :

poweroff

If your machine supports "poweroff" then it will be shutdown and the power turned off, this usually requires that you've setup power management – this can be as simple as running:

modprobe apm

or it might be more complex.

The shutdown command is more configurable, it allows you to specify whether you wish to reboot or shutdown, and will also allow you to schedule the action for later. Generally the usage is:

shutdown -r now

Here "-r" means to reboot, and "now" is the time to carry that activity out. If you wished to shutdown your machine at 8pm you could instead run:

shutdown 20:00

This will pause until 8pm and then shutdown – pressing Ctrl + C will cancel the shutdown, as will running another copy of shutdown with the "cancel" flag:

shutdown -c

Debian machines are typically setup so that if you press the three-fingered-salute "Ctrl + Alt + Delete" they will reboot. This is specified by the following line in the file "/etc/inittab".

# when CTRL-ALT-DEL is pressed.

ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now

sources

, ,

Fantastisco Installation Instructions on cPanel

March 14th, 2012 | Posted by cahpct in cPanel - (0 Comments)

SSH to your server(s) and enter following commands:

Code:

# cd /usr/local/cpanel/whostmgr/docroot/cgi
# wget -N http://files.betaservant.com/files/free/fantastico_whm_admin.tgz
# tar -xzpf fantastico_whm_admin.tgz
# rm -rf fantastico_whm_admin.tgz

Go to WHM, login as root and click on Tweak Settings, then you should ensure that both the Ioncube loader is selected for the backend copy of PHP. Save changes.

Now go here:
WHM -> Add-Ons (Plugins on v11.x or higher) -> Fantastico De Luxe WHM Admin (scroll down the left menu).

Upon loading, Fantastico De Luxe WHM Admin will auto-update your existing installation (if existing). All admin files (masterfiles, tarballs, settings etc) will be moved to or created at /var/netenberg.

Migration account server to server cPanel

February 17th, 2012 | Posted by cahpct in cPanel - (0 Comments)

1) on old server: /scripts/pkgacct –skiphomedir account
2) on new server: rsync -vaz -e ssh root@202.20.181.193:/home/cpmove-account .tar.gz /home/cpmove-account .tar.gz
3) on new server: /scripts/restorepkg account
4) on new server: rsync -vaz -e ssh root@202.20.181.193:/home/account / /home/account

,

How to add ssl certificate (.crt) on tomcat server

February 9th, 2012 | Posted by cahpct in SSL - (0 Comments)

Cek Version of Tomcat

#./version.sh
Using CATALINA_BASE:   /usr/local/apache-tomcat6.0
Using CATALINA_HOME:   /usr/local/apache-tomcat6.0
Using CATALINA_TMPDIR: /usr/local/apache-tomcat6.0/temp
Using JRE_HOME:       /usr/local/jdk1.6.0
Server version: Apache Tomcat/6.0.18
Server built:   Jul 22 2008 02:00:36
Server number:  6.0.18.0
OS Name:        FreeBSD
OS Version:     7.2-RELEASE
Architecture:   i386
JVM Version:    1.6.0_03-p4-yamaha_11_jul_2009_13_09-b00
JVM Vendor:     Sun Microsystems Inc.

Generate Key Pair and Generating a Certificate Signing Request (CSR)

#keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore

#keytool -certreq -keyalg RSA -alias tomcat -file <your file name>.csr -keystore tomcat.keystore

download = valicert_class2_root.crt

https://certs.godaddy.com/anonymous/repository.seam;jsessionid=FFsaB0VCh4uykddhEW8H0A__.s2p02jb?streamfilename=valicert_class2_root.crt&actionMethod=anonymous%2Frepository.xhtml%3Arepository.streamFile%28%27%27%29&cid=359875

Installing Root and Intermediate Certificates

#keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file valicert_class2_root.crt

#keytool -import -alias cross -keystore tomcat.keystore -trustcacerts -file gd_cross_intermediate.crt

#keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file gd_intermediate.crt

Installing SSL Certificate

#keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file prigad.com.crt

Updating the server.xml Configuration File

#vi /usr/local/apache-tomcat6.0/conf/server.xml

<Connector port="9700" minSpareThreads="5" maxSpareThreads="75" enableLookups="true" disableUploadTimeout="true" acceptCount="100"  maxThreads="200" scheme="
https" secure="true" SSLEnabled="true" keystoreFile="/usr/home/kutukupret/ssl_2017/tomcat.keystore" keystorePass="passwordnya" clientAuth="false" sslProtocol="TLS"
/>

Restart  Tomcat

#cd /usr/local/apache-tomcat6.0/bin/

#./shutdown

#./startup

 

, ,