Archive for the ‘Debian’ Category

How to list installed packages on Debian?

Wednesday, May 13, 2015 posted by admin

To get a list of all installed packages on a Debian or Ubuntu server, run the command:

dpkg --get-selections

This command will show you a rather long list. To save the list to a file, use this command:

dpkg --get-selections > /tmp/packages.txt

the list is saved then in the file /tmp/packages.txt.

If you seek for a specificy package, use the grep command:

dpkg --get-selections | grep nginx

will show you all packages that contain the word "nginx" in their name.


root@sv1:/# dpkg --get-selections | grep nginx
nginx-common install
nginx-extras install

The Following command can be used to check and repair all MySQL databases on a Ubuntu or Debian Linux System.

Ubuntu Linux

sudo mysqlcheck --defaults-file=/etc/mysql/debian.cnf --auto-repair --optimize --all-databases

Debian Linux

mysqlcheck --defaults-file=/etc/mysql/debian.cnf --auto-repair --optimize --all-databases

The benefot of the above comand is that it uses the debian-sys-maint login to MySQL which is available on every Debian and Ubuntu System, so you dont have to provide the MySQL root login details.

How to Copy Files with SCP between Linux Servers

Saturday, July 19, 2014 posted by Till

1.1 SCP Command Line-An Overview


The SCP command line is commonly used to copy files over SSH, and between popular Operating systems like Linux, Mac and Windows in a secure fashion. SCP is used to copy files to/from a remote server. It also allows you to copy files from one remote server to another remote server, without passing traffic through your PC.

If your mail server stops working (neither incoming nor outgoing email works) and you find the following error message in the mail.log file:

fatal: open database /var/lib/postfix/smtpd_scache.db: File exists

then the smtpd_scache.db might got corrupted. Postfix will recreate this file, if it does not exist. So it can be removed to solve the issue:

/etc/init.d/postfix stop
rm -f /var/lib/postfix/smtpd_scache.db
/etc/init.d/postfix start

Thanks to Alexander Fox for sending me this FAQ.

Dovecot is watching the whole server filesystem for modifications and removed or added sub filesystems. If you get errors similar to this one on your server:

Aug 30 09:10:23 server1 dovecot: master: Warning: /var/www/clients/client1/web1/log is no longer mounted. If this is intentional, remove it with doveadm mount

 (the directory path may vary), then you can fix it by excluding the path from being watched by dovecot. In my case, dovecot shall not watch my website directories as they do not contain any mailboxes

Run the following command on the shell as root user:

doveadm mount add '/var/www/*' ignore

To exclude all files and folders in /var/www from deovecot monitoring.


If you get error messages from amavisd similar to the one posted below on a server which is virtualized with OpenVZ:

Mar  5 09:09:02 v100 amavis[17378]: (17378-14) (!!)TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 100) line 987, <GEN44> line 31.

then the issue can be caused by the NUMTCPSOCK value in the openvz limits. Even if the barrier of this limit was never met in /proc/user_beancounters, the above error occurs when more then 25% of all TCP sockets were used. The solution is to set the NUMTCPSOCK barrier and limit to a high value in the openvz container configuration file. Here a value that worked for me on a moderately used mailserver:


Finally restart the OpenVZ VM to apply the new limit value.


Apache mod_security settings for WordPress and ModX

Monday, January 7, 2013 posted by Till

If you use the apache mod_security module on your apache server, you might encounter wrong 403 errors for several URL's of the cms systems. Here are some exception rules to avoid that:

For WordPress Blogs

<locationmatch "/wp-admin/admin-ajax.php">
SecRuleRemoveById 300013
SecRuleRemoveById 300015
SecRuleRemoveById 300016
SecRuleRemoveById 300017

<locationmatch "/wp-admin/page.php">
SecRuleRemoveById 300013
SecRuleRemoveById 300015
SecRuleRemoveById 300016
SecRuleRemoveById 300017

<locationmatch "/wp-admin/post.php">
SecRuleRemoveById 300013
SecRuleRemoveById 300015
SecRuleRemoveById 300016
SecRuleRemoveById 300017

For the ModX CMS

<LocationMatch "/manager/index.php">
SecRuleRemoveById 300016

<LocationMatch "/connectors/resource/index.php">
SecRuleRemoveById 300013 300014 300015 300016

<LocationMatch "/connectors/element/tv.php">
SecRuleRemoveById 300013 300016

Add these rules inside the vhost file of the website. If you use ISPConfig to manage the server, then add the rules in the apache directives field of the website settings in ispconfig.

Many thanks to PlanetFox for providing the rules.

The following guide shows how to disable and remove mysql replication from two or more mysql servers. These steps can be used for master/slave and master/master mysql setups. The following SQL commands have to be be executed in phpmyadmin or with the mysql commandline program. It is just important that you are logged in as mysql root user. Below I will use the mysql commandline client.

Login into mysql as root user from commandline:

mysql -u root -p

the mysql command will ask for the mysql root password.

Then execute these commands if the installed mysql version is < 5.5.16:


use the commands below instead if the mysql version is > 5.5.16


Now edit the my.cnf file (/etc/mysql/my.cnf) and add a # in front of all lines that start with "replicate-" or "master-". Example:

# replicate-same-server-id = 0
# master-host =
# master-user = slaveuser
# master-password = akst6Wqcz2B
# master-connect-retry = 60

Then restart mysql:

/etc/init.d/mysql restart


Setting up email routing to gmail / google apps via ISPConfig 3

Thursday, November 29, 2012 posted by Till

The following guide describes the steps to add DNS records that route emails from a domain managed in ISPConfig 3 to google apps / gmail. The guide assumes that you have already setup the dns zone for your domain in ispconfig.

Login to ISPConfig, click on the DNS module icon in the upper navigation bar, then open the settings of the DNS zone that you want to redirect to google and click on the "records" tab. You should see a record list similar to this:

Now Delete the existing MX record and the "mail" A-Record. Then add the following new records:

CNAME Record:

Hostname: mail


IMPORTANT: All full domain names like "" have to end with a dot, if the dot is missing, the name is treated as subdomain of the zone.

The resulting record list should look like this:

Install BIND nameserver in a chroot on Debian 6

Wednesday, October 17, 2012 posted by Till

This tutorial is about chrooting a BIND (named) installation on Debian 6. Chrooting is used for security reasons, in case that BIND gets hacked on the server, the hacker is jailed into the chroot and can not get access to other services.




apt-get install bind9

to install BIND9.

For security reasons we want to run BIND chrooted so we have to do the following steps:

/etc/init.d/bind9 stop

Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":

vi /etc/default/bind9

# run resolvconf?

# startup options for the server
OPTIONS="-u bind -t /var/lib/named"
Create the necessary directories under /var/lib:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run

Then move the config directory from /etc to /var/lib/named/etc:

mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location (to avoid problems when BIND gets updated in the future):

ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and fix permissions of the directories:

mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

We need to create the file /etc/rsyslog.d/bind-chroot.conf...

vi /etc/rsyslog.d/bind-chroot.conf

... with the following line so that we can still get important messages logged to the system logs:

$AddUnixListenSocket /var/lib/named/dev/log

Restart the logging daemon:

/etc/init.d/rsyslog restart

Start up BIND, and check /var/log/syslog for errors:

/etc/init.d/bind9 start

Thanks to Falko Timme from for this tutorial.