FAQforge provides answers for frequently asked questions for the Linux-, MAC and Windows operating systems.

Configure PostgreSQL to accept connections from network

Tuesday, January 11, 2011 - posted by rafael

wrote by Rafael Marangoni, from Consultoria Linux team.

By default, on some distros, PostgreSQL will only accept connections from localhost. When you have only access from localhost (from localhost Apache, by example) everything is ok, but when you need that postgresql accepts connections for other hosts, you need to make some configs.

First of all, edit the postgresql.conf file (on CentOS the default location is /var/lib/pgsql/data/postgresql.conf).

vi /var/lib/pgsql/data/postgresql.conf

Search the following line:

listen_addresses = 'localhost'

Change it to:

listen_addresses = '*'

Secondly, you need to change the permissions inside pg_hba.conf file (on CentOS, the default location is /var/lib/pgsql/data/pg_hba.conf)

vi /var/lib/pgsql/data/pg_hba.conf

Include the following line (at the end of the file):

host    username    all     md5

username: it's the name of the postgres user

all: the database name (here we enabled all of them) is the IP address/subnet to accept connections
md5: is the method of authentication (md5 requests password)

Reconfigure rkhunter to avoid false positive warnings on Debian 5.0

Wednesday, October 20, 2010 - posted by Till

When you run rkhunter on Debian Linux, you might get a warning when rkhunter is checking for hidden files and directories that some Hiffen files were found in /proc. A closer investigation in rkhunter might bring up the filenames /dev/.static, /dev/.udev and /dev/.initramfs which are normal files on Debian and not related to a attack on your system. The warnings in rkhunter.log are:

[10:21:40] Warning: Hidden directory found: /dev/.static
[10:21:40] Warning: Hidden directory found: /dev/.udev
[10:21:40] Warning: Hidden directory found: /dev/.initramfs

To avoid these warnings, you can reconfigure rkhunter to ignore these files by editing the rkhunter.conf file:

vi /etc/rkhunter.conf

and remove the # in fron of the following lines:


Create a file of a specific size with random content

Friday, September 17, 2010 - posted by Till

Today I tested the logrotation of a Linux server installation and therefore I needed a logfile that was larger then 10 MB. To create such a file of e.g. 11 MB size on the shell, I used this command:

dd if=/dev/urandom of=test.log bs=1M count=11

The content of the file are random characters. If you need a file filled with zeros, use this command:

dd if=/dev/zero of=test.log bs=1M count=11

The result is a file named test.log in the current directory with a size of 11 MB.

If you get the error message "connect to mysql server Too many connections" in a log file, e.g. the mail.log file, then the max. number of mysql database connections on your server is reached. To increase the max. number of simultanious connections, edit the MySQL my.cnf file:

vi /etc/mysql/my.cnf

and add or change the lines for mysql max_connections and max_user_connections in the [mysqld] section of the my.cnf file:

max_connections = 500
max_user_connections = 500

How to solve the PHP XCache error: /dev/zero: No space left on device

Wednesday, September 1, 2010 - posted by Till

If you get the error "/dev/zero: No space left on device" in the apache error.log on a OpenVZ virtual machine, then the shared memory size in the xcache.ini is too high or the xcache.mm_path is set wrong.

Edit the file /etc/php5/conf.d/xcache.ini

vi /etc/php5/conf.d/xcache.ini

and check the mm_path. On a OpenVZ virtual machine it should be set to "/tmp/xcache" as /dev/zero might not work correctly in a virtual machine:

xcache.mmap_path = "/tmp/xcache"

Then restart apache2:

/etc/init.d/apache2 restart

and check if the error has been resolved.

If the roor still occurs after some time, you will have to reduce the xcache.size.

Edite the xcache.ini file:

vi /etc/php5/conf.d/xcache.ini

and set xcache.size to e.g. 8 MB

xcache.size  =                8M

Then restart apache2:

/etc/init.d/apache2 restart

Secure /tmp and /dev/shm directories in a OpenVZ enviroment

Tuesday, August 31, 2010 - posted by Till

The /tmp and /dev/shm directories of a OpenVZ virtual machine shall be mounted without suid and exec permissions. To achieve this, create a a shell script on the host server for every virtual machine which contains the commands to remount the directories. This script will be started automatically by openvz when the VM is started.

I will use VPSID as placeholder for the ID of the virtual machine in the commands and the script. Replace VPSID with the id of the virtual machine that you want to create the script for, e.g. replace VPSID with 101.

Create the script:

vi /etc/vz/conf/VPSID.mount

and insert the following lines:

mount -n --bind -onosuid,noexec /vz/vps/VPSID/tmp /vz/root/VPSID/tmp
mount -n --bind -onosuid,noexec /vz/vps/VPSID/shm /vz/root/VPSID/dev/shm
exit ${?}

now make the sscript executable:

chmod 700 /etc/vz/conf/VPSID.mount

Migrate physical server system to OpenVZ virtual machine

Tuesday, August 31, 2010 - posted by Till

In case you plan to virtualize your server infrastructure and migrate physical servers to OpenVZ virtual machines, you may find this tutorial helpful:


I used this to migrate a ISPConfig Debian system to OpenVZ successfully.

Use separate configurations by network in the Windows 7 firewall

Thursday, July 15, 2010 - posted by Till

The Windows 7 Firewall allows separate configurations by network. This feature makes it possible to configure different firewall rules for the home network , the networkwork or a public network and Windows will apply these rules automatically when the computer gets connected to a different network. To configure the firewall by network, click on Start > Control Panel > System and Security > Windows Firewall

Then Click on "Allow a program or feature trough Windows Firewall" to get the list of open firewall ports for all configured networks.

If the application that shall be able to connect to a specific network is listed there, then allow access by enabling the checkbox in the column of the network. If the application is not in the list, click on "Allow another program" and then select the program in the list that pops up.

How to disable spamfilter- and antivirus functions in ISPConfig 3

Wednesday, July 14, 2010 - posted by Till

If you use a mailserver wil very low ram (< 500 MB) and a slow CPU then it might be nescessary to disable the spam- and antivirus filter functions in ISPConfig 3 as amavisd and clamav might be too heavy for your server hardware. The steps to disable clamav and amavisd are:

Edit postfix main.cf file

vi /etc/postfix/main.cf

and comment out these lines by adding a "#" in front of them:

# content_filter = amavis:[]:10024
# receive_override_options = no_address_mappings

Then restart postfix:

/etc/init.d/postfix restart

Now stop and disable the services. The following commands are for Debian and Ubuntu, the commands for other Linux distributions may vary

/etc/init.d/clamav-daemon stop
/etc/init.d/clamav-freshclam stop
/etc/init.d/amavis stop

update-rc.d -f clamav-daemon remove
update-rc.d -f clamav-freshclam remove
update-rc.d -f amavis remove

P The normal mail receive and send functions will still work after this modification. But please be aware that disabling amavisd and clamav will disable all spam- and antivirus filtering so that the spamfiltering options that can be configured in the ispconfig interface will have any effect on mail delivery and no spam and viruses will get filtered.

The changes in postfix main.cf will get overwitten by a ispconfig software update when you select to reconfigure services during upadte, so you should comment out the lines again after you install a ispconfig update.

There is a handy Thunderbird extension named "Auto zip" available that compresses email attachments as .zip files automatically, So you dont have to compress the files manually anymore before you attach them to the email.

Thunderbird extension download:


Sadly, the official version of the plugin works only for thunderbird 2. But a few users offer already patched versions for Thunderbird 3 (see links in the comments). Please be aware that using such a patched version has the risk that it might contain malicious code.)