Archive for the ‘Debian’ Category
Solution for amavisd error – TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe – on OpenVZ server
If you get error messages from amavisd similar to the one posted below on a server which is virtualized with OpenVZ:
Mar 5 09:09:02 v100 amavis[17378]: (17378-14) (!!)TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 100) line 987, <GEN44> line 31.
then the issue can be caused by the NUMTCPSOCK value in the openvz limits. Even if the barrier of this limit was never met in /proc/user_beancounters, the above error occurs when more then 25% of all TCP sockets were used. The solution is to set the NUMTCPSOCK barrier and limit to a high value in the openvz container configuration file. Here a value that worked for me on a moderately used mailserver:
NUMTCPSOCK=”2000:2000″
Finally restart the OpenVZ VM to apply the new limit value.
Apache mod_security settings for WordPress and ModX
If you use the apache mod_security module on your apache server, you might encounter wrong 403 errors for several URL’s of the cms systems. Here are some exception rules to avoid that:
For WordPress Blogs
<locationmatch "/wp-admin/admin-ajax.php">
SecRuleRemoveById 300013
SecRuleRemoveById 300015
SecRuleRemoveById 300016
SecRuleRemoveById 300017
</locationmatch>
<locationmatch “/wp-admin/page.php”>
SecRuleRemoveById 300013
SecRuleRemoveById 300015
SecRuleRemoveById 300016
SecRuleRemoveById 300017
</locationmatch>
<locationmatch “/wp-admin/post.php”>
SecRuleRemoveById 300013
SecRuleRemoveById 300015
SecRuleRemoveById 300016
SecRuleRemoveById 300017
</locationmatch>
For the ModX CMS
<LocationMatch "/manager/index.php">
SecRuleRemoveById 300016
</LocationMatch>
<LocationMatch “/connectors/resource/index.php”>
SecRuleRemoveById 300013 300014 300015 300016
</LocationMatch>
<LocationMatch “/connectors/element/tv.php”>
SecRuleRemoveById 300013 300016
</LocationMatch>
Add these rules inside the vhost file of the website. If you use ISPConfig to manage the server, then add the rules in the apache directives field of the website settings in ispconfig.
Many thanks to PlanetFox for providing the rules.
How to disable MySQL replication on master/master andmaster/slave setups
The following guide shows how to disable and remove mysql replication from two or more mysql servers. These steps can be used for master/slave and master/master mysql setups. The following SQL commands have to be be executed in phpmyadmin or with the mysql commandline program. It is just important that you are logged in as mysql root user. Below I will use the mysql commandline client.
Login into mysql as root user from commandline:
mysql -u root -p
the mysql command will ask for the mysql root password.
Then execute these commands if the installed mysql version is < 5.5.16:
STOP SLAVE;
RESET SLAVE;
QUIT
use the commands below instead if the mysql version is > 5.5.16
STOP SLAVE;
RESET SLAVE ALL;
QUIT
Now edit the my.cnf file (/etc/mysql/my.cnf) and add a # in front of all lines that start with “replicate-” or “master-”. Example:
# replicate-same-server-id = 0 # master-host = 192.168.0.105 # master-user = slaveuser # master-password = akst6Wqcz2B # master-connect-retry = 60
Then restart mysql:
/etc/init.d/mysql restart
Setting up email routing to gmail / google apps via ISPConfig 3
The following guide describes the steps to add DNS records that route emails from a domain managed in ISPConfig 3 to google apps / gmail. The guide assumes that you have already setup the dns zone for your domain in ispconfig.
Login to ISPConfig, click on the DNS module icon in the upper navigation bar, then open the settings of the DNS zone that you want to redirect to google and click on the “records” tab. You should see a record list similar to this:
Now Delete the existing MX record and the “mail” A-Record. Then add the following new records:
CNAME Record:
Hostname: mail
Target: ghs.google.com.
MX Records:
example.com. ASPMX.L.GOOGLE.COM. 10
example.com. ALT1.ASPMX.L.GOOGLE.COM. 20
example.com. ALT2.ASPMX.L.GOOGLE.COM. 30
example.com. ASPMX2.GOOGLEMAIL.COM. 40
example.com. ASPMX3.GOOGLEMAIL.COM. 50
IMPORTANT: All full domain names like “ghs.google.com.” have to end with a dot, if the dot is missing, the name is treated as subdomain of the zone.
The resulting record list should look like this:
Install BIND nameserver in a chroot on Debian 6
This tutorial is about chrooting a BIND (named) installation on Debian 6. Chrooting is used for security reasons, in case that BIND gets hacked on the server, the hacker is jailed into the chroot and can not get access to other services.
Installation
apt-get install bind9
to install BIND9.
For security reasons we want to run BIND chrooted so we have to do the following steps:
/etc/init.d/bind9 stop
Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS=”-u bind” so that it reads OPTIONS=”-u bind -t /var/lib/named”:
vi /etc/default/bind9
# run resolvconf?
RESOLVCONF=yes
# startup options for the server
OPTIONS=”-u bind -t /var/lib/named”
Create the necessary directories under /var/lib:
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
Then move the config directory from /etc to /var/lib/named/etc:
mv /etc/bind /var/lib/named/etc
Create a symlink to the new config directory from the old location (to avoid problems when BIND gets updated in the future):
ln -s /var/lib/named/etc/bind /etc/bind
Make null and random devices, and fix permissions of the directories:
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
We need to create the file /etc/rsyslog.d/bind-chroot.conf…
vi /etc/rsyslog.d/bind-chroot.conf
… with the following line so that we can still get important messages logged to the system logs:
$AddUnixListenSocket /var/lib/named/dev/log
Restart the logging daemon:
/etc/init.d/rsyslog restart
Start up BIND, and check /var/log/syslog for errors:
/etc/init.d/bind9 start
Thanks to Falko Timme from Howtoforge.com for this tutorial.
How to exclude mouse pointer by default for screenshots made with gnome-screenshot on Linux
Gnome-Screenshot is the default tool to take screenshots on Ubuntu and Mint and brings a great deal of functionality. While it also has the ability to exclude the mouse pointer for screenshots if you use the graphical interface, you won’t find this feature if you want to take them from the command line – the only option to exclude them there is to set the option as default which is possible with dconf-editor.
If dconf-editor isn’t installed on your system yet, install it by entering the following into a terminal:
sudo apt-get install dconf-tools
Afterwards you can change the default behaviour of pointer inclusion with
dconf write /org/gnome/gnome-screenshot/include-pointer false
If you want to revert things, just set it to true again:
dconf write /org/gnome/gnome-screenshot/include-pointer true
Next time you open the GUI or take a screenshot via PrtScr or the terminal, the mouse pointer won’t be included on the screenshot.
Convert Linux deb and rpm packages into the respectively other format with alien
Sometimes you are forced to compile packages from source because they are not present in your current distribution’s package format, which can be really annoying. While this is the safer option, there is also a quicker alternative, which is converting existing packages into the one you need with alien.
sudo apt-get install alien
Before you use it, make sure to have read the alien man page!
man alien
If you’re on Ubuntu for example and need a package that is only available in the rpm format, power your terminal and convert the package (the following is available as deb, it’s just an example):
sudo alien clementine-1.0.1-1.fc16.x86_64.rpm
The package will then be converted. There are a few points that you should be aware of though:
- Dependencies of converted packages will not be resolved. If you install it anyway, your update manager may notice the missing dependencies and install them however.
- It is not recommended to use alien for critical packages. The man page gives further info on that.
Using document templates in Linux
The usual thing you find when you right-click your desktop to create a new document is the option to create an empty text document. This selection can be widened however by using the Templates folder in your home folder. Any document that is put in there will be selectable; this is also possible with pictures and other formats. Pinguy OS for example provides and excellent working system out of the box and comes with multiple file templates installed:
The string Untitled is put in front every newly created document from a template. To remove an item from the list, just remove it from your Templates folder. By making a document invisible in the Templates folder it is also removed from the list.
How to delete saved passwords for network drives on Linux desktops
The majority of graphical environments let you choose to remember the passwords you enter somewhere to ease access to something but they usually don’t tell you how to delete them again. Most Linux desktop distributions have a tool installed where all your saved passwords for network drives are stored in that is called Passwords and Keys.
You can find the saved passwords right on the first
Useful apt commands (Ubuntu, Debian, Mint etc.)
Terminal commands for package management can be an essential thing if you come across an unexpected error or are just interested in how things work. Here are a few of the more important ones:
apt-cache search –names-only –installed
Followed by a pattern, the above command searches every package in its cache for it (you can leave or add the given options starting with –).
apt-cache showpkg
Followed by a package name, this command gives you basic information about it, e.g version number, dependencies…
apt-cache stats
This command gives basic statistics about your package cache.
apt-cache depends
Followed by a package name, this command gives you all of the package’s dependencies.
apt-cache unmet
This command gives you a list of unmet dependencies.
cat /etc/apt/sources.list
Gives you a list of your repositories. The file can also be opened with a text editor to be edited.
ls /etc/apt/sources.list.d
Shows the contents of the given directory, where your installed ppa are stored in.