Linux proxy setup

This is the classic installations of squid via manual installations. Nowadays, there are linux distros that have  built in firewall and proxy setup.

Run at your own RISK! lols.

The procedure below was tested successfully on CentOS.  The same thing was also implemented on my BSD box and works as well.

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on Unix and Windows and is licensed under the GNU GPL.

Squid provides with the best possible web access. Squid optimises the data flow between client and server to improve performance and caches frequently-used content to save bandwidth. Squid can also route content requests to servers in a wide variety of ways to build cache server hierarchies which optimise network throughput.

QUICK TIP:

1. The easiest way to install and configure Squid Proxy is to install it via the distro package (e.g. RPM,.deb,.tgz) then install webmin for easy configuration of ACL and proxy restrictions.

2. Use SARG or Squid Report Generator for log analysis.

3. Most logical way to configure ACL is to have a list of Allowed Sites then deny All, so no need to create a Restricted Sites that’s difficult to manage. Meaning only sites set in Allowed sites can be access by a group, the rest is denied.

4. The squid has some limitations, if you want content web filtering, I recommend Dansguardian.

5. Internet sites access can be controlled by IP address or subnet, just make sure you know some basic subnetting

6. TCP port familiarization is also a helpful skill in squid configuration.

6.  If you want more flexible and more advance, you can try to use LDAP to authenticate Squid proxy users

SOFTWARE REQUIREMENTS

Any Linux or BSD distribution (CentOS, Redhat, Fedora Core, Debian, Gentoo / FreeBSD,OpenBSD)
Squid 2.5 Stable or higher

INSTALLATION  AND COMPILATION
a.    Download the source archive file (tarball) available at http://www.squid-cache.org or from ftp://www.squid-cache.org/pub
VERSION: squid-2.5.STABLE10.tar.gz
b.    Untar the file and change the working directory to squid-*
[root@proxy]# tar zxvf squid-2.5.STABLE10.tar.gz
[root@proxy]# cd  squid-2.5.STABLE10

c.    In order to configure, compile and install squid, do these following commands:

[root@proxy]# ./configure –enable-underscores –prefix=/home/squid –enable-linux-netfilter –enable-snmp

desc:

–enable-underscores               allow underscore on hostnames (URL)
–enable-linux-netfilter           Enable Transparent Proxy support for Linux 2.4.
–enable-snmp                        Enable SNMP monitoring

[root@proxy]#make
[root@proxy]#make install

This will by default, install into “/usr/local/squid”, if we want to install it to any directory, add –prefix=/home/squid for ex.

CONFIGURATION

Basic configuration is to be done in configuration file: /home/squid/etc/squid.conf

One of the important things in the squid.conf file is cache_dir tag which needs to be defined carefully. The directories specified there must be created in the same path and with exact space as mentioned in the conf file with 777 permissions of each cache directory defined.

In the config file, edit the following lines: (these are current config of squid proxy )

HTTP_PORT

This parameter allows the user to define the address on which Squid will listen for client’s http requests. This is a required parameter, and there are no defaults.
Without this configuration, Squid will never start.

http_port  8080
(Check http_port, 3128 is a default)

CACHE_MEM

Specifies the ideal amount of memory to be used for:

•    Hot Objects
•     Negative-Cached objects
•    In-Transit objects

cache_mem 16 MB

MAXIMUM_OBJECT_SIZE

Objects larger than this size will NOT be saved on disk. The value is specified in kilobytes, and the default is 4MB.  If you wish to get a high BYTES hit ratio, you should probably increase this (one 32 MB object hit counts for 3200 10KB hits).  Leave this value low if you wish to increase the speed more than what you want to save bandwidth.

Note: If using the LFUDA replacement policy you should increase this value to maximize the byte hit rate improvement of  LFUDA! See replacement_policy below for a discussion of this policy.

maximum_object_size 8192 KB

CACHE_DIR

All objects which are to be cached are stored in the disk space defined by this tag. This defines the path to cache directory, cache directory name, type and size of the cache area.

cache_dir ufs /cache 15000 16 256
(Set cache_dir to an area that has a large amount of hard disk space in order to devote to caching.)

CACHE_ACCESS_LOG

All the activities the client does gets logged in this file. Using this, analysis on the access made by the clients can be done.

Customization of the logging can be done using the acl’s which logs only those clauses in the specified logformat. If no acl is specified, all requests will be logged to this file.

To disable logging of a request specify “none”.

cache_access_log /home/squid/var/logs/access.log
(Logs the client request activity)

CACHE_LOG

This defines the path and the file where general information about your cache’s behavior goes. This file contains startup configuration information, as well as assorted error information during Squid’s operation. This file is a good place to look when a website is found to have problems running through the web cache. Entries here may point towards a potential solution.

cache_log /home/squid/var/logs/cache.log
(Cache logging file. This is where general information about your cache’s behavior goes.)

CACHE_STORE_LOG

This tag defines the location where the transaction log of all objects that are stored in the object store, as well as the time when the object get deleted. This file really doesn’t have very much use on a production cache, and it primarily recommended for use in debugging. Therefore, it can be turned off by entering none in the entry field.

cache_store_log /home/squid/var/logs/store.log
(Logs the activities of the storage manager)

ACCESS CONTROL LISTS

You can limit users’ ability to browse the Internet with access control lists (ACLs). Each ACL line defines a particular type of activity, such as an access time or source network, they are then linked to an http_access statement that tells Squid whether or not to deny or allow traffic that matches the ACL.
Squid matches each Web access request it receives by checking the http_access list from top to bottom. If it finds a match, it enforces the allow or deny statement and stops reading further. You have to be careful not to place a deny statement in the list that blocks a similar allow statement below it. The final http_access statement denies everything, so it is best to place new http_access statements above it

Note: The very last http_access statement in the squid.conf file denies all access. You therefore have to add your specific permit statements above this line. In the chapter’s examples, I’ve suggested that you place your statements at the top of the http_access list for the sake of manageability, but you can put them anywhere in the section above that last line.

Squid has a minimum required set of ACL statements in the ACCESS_CONTROL section of the squid.conf file. It is best to put new customized entries right after this list to make the file easier to read.

Here are the following ACL created in squid.conf:

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl lan src 192.168.17.0/255.255.255.0
acl lanpub src 202.x.x.250/255.255.255.255
acl isp src 210.x.x/255.255.255.0
acl AllowedSites dstdomain “/usr/local/etc/allowed-sites.squid”
acl RestrictedSites dstdomain “/usr/local/etc/restricted-sites.squid”
acl lansnmp snmp_community freelinux
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

HTTP_ACCESS

This is used for filtering based on the acl matchings. If none of the “access” lines cause a match, the default is the opposite of the last line in the list.  If the last line was deny, then the default is allow.  Conversely, if the last line is allow, the default will be deny.  For these reasons, it is a good idea to have an “deny all” or “allow all” entry at the end of your access lists to avoid potential confusion.

http_access allow lan AllowedSites
http_access allow isp
http_access deny all
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.17/255
http_access deny all

HTTP_REPLY_ACCESS

This is used for filtering based on the acl matchings but on the client requests reply. If none of the access lines cause a match, then the opposite of the last line will apply. Thus it is good practice to end the rules with an “allow all” or “deny all” entry.

http_reply_access allow all

ICP_ACCESS

This tag controls icp access on defined access lists.

icp_access allow all

CACHE_MGR

This is the address which will be added to any error pages that are displayed to clients. Defaults to either webmaster.

cache_mgr admin@freelinuxtutorials.com

CACHE_EFFECTIVE_USER

Squid is designed to start as root but very soon after drop to the user/group specified here. This allows you to restrict, for security reasons, the permissions that Squid will have when operating. By default, Squid will operate as either nobody user and the nogroup group.

Note: If these tags are not configured properly, then Squid will have problems while starting.

cache_effective_user nobody

SNMP

To enable and enable snmp monitoring

acl lansnmp snmp_community nocteam (nocteam=sample community string)
snmp_port 3128
snmp_access allow lansnmp all

A good practice is to enable the cache_access_log and cache_log for debugging purposes. Even though they take up ample space, they can always be rotated on daily basis using the logrotate feature.
( You can set up a cron job scheduled every midnight to rotate logs e.g.
0 0 * * * /home/squid/sbin/squid -k rotate  )
You can Configure  MRTG and Nagios for monitoring SQUID’s performance.

ALLOWING / RESTRICTING ACESS TO SPECIFIC WEB SITES

Squid is also capable of reading files containing lists of web sites and/or domains for use in ACLs. In this example we create to lists in files named /usr/local/etc/allowed-sites.squid and /usr/local/etc/restricted-sites.squid.
# File: /usr/local/etc/allowed-sites.squid
www.freelinuxtutorials.com
www.yahoo.com
www.google.com
www.wikipedia.com

STARTING SQUID
After you’ve finished editing the configuration file, you can start Squid for the first time. First, you must create the swap directories. Do this by running Squid with the -z option:

#/home/squid/sbin/squid -z

Once that completes, you can start Squid and try it out. Probably the best thing to do is run it from your terminal and watch the debugging output. Use this command:

#/home/squid/sbin/squid -NCd1

If everything is working fine, then your console displays: “Ready to serve requests”.

If you want to run squid in the background, as a daemon process

#/home/squid/sbin/squid
You should be a privileged user to start/stop squid..

Or you can run the Squid Script:
#service squid start      to start the squid service
#service squid stop      to stop the squid service
#service squid status    to check the status of the squid service

CHECKING SQUID
Check the cache.log file in your logs directory to find out if squid works correctly. This file contains the informational and error messages that Squid generates at runtime.

#tail –f /home/squid/var/log/access.log

TROUBLESHOOTING SQUID

Squid logs both informational and error messages to files in the /var/log/squid/ directory. It is best to review these files first whenever you have difficulties.The squid.out file can be especially useful as it contains Squids’ system errors.
Another source of errors could be unintended statements in the squid.conf file that cause no errors; mistakes in the configuration of hours of access and permitted networks that were forgotten to be added are just two possibilities.

CONFIGURATION IN THE WEB BROWSER

If you don’t have a firewall that supports redirection, then you need to configure your firewall to only accept HTTP Internet access from the Squid server, as well as configure your PC browser’s proxy server settings manually to use the Squid server. The method you use depends on your browser.
For example, to make these changes using Internet Explorer
1.    Click on the “Tools” item on the menu bar of the browser.
2.    Click on “Options”

Click on

3.Clich the tab “Network”
4.    Click on “Settings”

5.    Click on “Manual proxy configuration”
6.    Configure the HTTP Proxy address with Proxy Server IP address and port 8080 used by your Squid Proxy server
7.    Input also all internal sites that will bypass the Proxy server for direct connection.
8.    Click “OK”.

Reference: http://www.freelinuxtutorials.com/tutorials/squid-proxy-server-tutorial/

Linux as a Router and Firewall

I found this old firewall scripts which is very useful in setting up masquerading. Thanks to Darwin

Step by Step Procedure

Step 1. Add 2 LAN cards to the Linux box. You need to have two(2) NICs, one for your private network and one for the public IP address

Step 2. Check if your networks cards are properly detected and installed. You can use the command “dmesg” to verify if it was recognized during the boot-up process

Sample output:
#dmesg |grep eth

e100: eth0: e100_probe: addr 0xfa061000, irq 177, MAC addr 00:10:DC:5E:A8:BF
e100: eth1: e100_probe: addr 0xfa060000, irq 185, MAC addr 00:10:DC:5E:A8:C0
e100: eth0: e100_watchdog: link up, 100Mbps, half-duplex
e100: eth1: e100_watchdog: link up, 100Mbps, full-duplex

Step 3. Configure eth0 for Internet with a Public IP address

For RPM-based distro, a menu-based tool called “setup” can be used to easy configuration setup such as Network
Sample Output 1: (RPM-based like RHEL,CentOS)

# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Intel Corporation 82557/8/9/0/1 Ethernet Pro 100
DEVICE=eth0
BOOTPROTO=none
HWADDR=00:10:dc:5e:a8:bx
ONBOOT=yes
DHCP_HOSTNAME=freelinuxtutorials
IPADDR=116.x.x.x
NETMASK=255.255.255.240
GATEWAY=116.x.x.x
TYPE=Ethernet

Sample Output 2: (Debian-based)
# cat /etc/network/interfaces
auto eth0
iface eth0 inet static
address 116.x.x.x
netmask 255.255.255.240
mtu 1500
gateway 116.x.x.x

Step 4. Configure eth1 for LAN with a Private IP (Internal private network)
# cat ifcfg-eth1

BOOTPROTO=none
PEERDNS=yes
HWADDR=00:50:8B:CF:9C:05    # Optional
TYPE=Ethernet
IPV6INIT=no
DEVICE=eth1
NETMASK=255.255.0.0        # Specify based on your requirement
BROADCAST=””
IPADDR=192.168.1.1        # Gateway of the LAN
NETWORK=192.168.0.0        # Optional
USERCTL=no
ONBOOT=yes

Sample Output 1: (RPM-based like RHEL,CentOS)

# cat /etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth1
BOOTPROTO=none
HWADDR=00:10:dc:5e:a8:cx
ONBOOT=yes
DHCP_HOSTNAME=freelinuxtutorials
TYPE=Ethernet
IPADDR=192.168.17.1
NETMASK=255.255.255.0

Sample Output 2: (Debian-based)
# cat /etc/network/interfaces
auto eth1
iface eth1 inet static
address 192.168.17.1
netmask 255.255.255.0
mtu 1500

Step 5. Host Configuration    (Optional)
# cat /etc/hosts
127.0.0.1       freelinuxtutorials localhost.localdomain   localhost

Step 6. Gateway Configuration (can be no gateway set)
# cat /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=freelinuxtutorials

Step 7. DNS Configuration
# cat /etc/resolv.conf

nameserver 203.x.x.x      # ISP Primary DNS Server
nameserver 203.x.x.x      # ISP Secondary DNS Server
Step 8. NAT configuration with IP Tables
First of all you have to flush and delete existing firewall rules. So flush rules by typing in terminal:

iptables -F
iptables -t nat -F
iptables -t mangle -F
Now delete these chains:

iptables -X
iptables -t nat -X
iptables -t mangle -X
# Set up IP FORWARDing and Masquerading

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
# Enables packet forwarding by kernel (save this setting in /etc/sysctl.conf file)

echo 1 > /proc/sys/net/ipv4/ip_forward
#Apply the configuration

service iptables save
service iptables restart
# Check if iptables is set to start during boot up

chkconfig –list iptables

Step 9. Testing
Ping the Gateway of the network from client system: ping 192.168.17.1
Try it on your client systems: ping www.yahoo.com

Configure PC on the network
PC Clients should set their gateway of the private IP of the Linux machine.
- DNS can be set using the ISP DNS, or if you have internal DNS with your customized zones is recommended esp. when you have Active Directory in place on your network

——————————————————————————————————————————————-

This is my sample NAT/firewall script:

#!/bin/sh
#
#

# set a few variables
echo “”
echo “    setting global variables”
echo “”
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
iptables=”/sbin/iptables”

# adjust my /proc
echo “    applying general security settings to /proc filesystem”
echo “”
if [ -e /proc/sys/net/ipv4/tcp_syncookies ]; then echo 1 > /proc/sys/net/ipv4/tcp_syncookies; fi
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter; fi
if [ -e /proc/sys/net/ipv4/ip_forward ]; then echo 1 > /proc/sys/net/ipv4/ip_forward; fi

# load some modules
if [ -e /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o ]; then modprobe ip_conntrack_ftp; fi
if [ -e /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_nat_ftp.o ]; then modprobe ip_nat_ftp; fi

# flush any existing chains and set default policies
$iptables -F INPUT
$iptables -F OUTPUT
$iptables -P INPUT DROP
$iptables -P OUTPUT ACCEPT

# setup nat
echo “    applying nat rules”
echo “”
$iptables -F FORWARD
$iptables -F -t nat
$iptables -P FORWARD DROP
$iptables -A FORWARD -i eth1 -j ACCEPT
$iptables -A INPUT -i eth1 -j ACCEPT
$iptables -A OUTPUT -o eth1 -j ACCEPT
$iptables -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT
$iptables -t nat -A POSTROUTING -s 192.168.17.0/24 -o eth0 -j SNAT –to-source 116.x.x.x <—- Public IP (could be one of the IP address available given by your ISP)

# allow all packets on the loopback interface
$iptables -A INPUT -i lo -j ACCEPT
$iptables -A OUTPUT -o lo -j ACCEPT

# allow established and related packets back in
$iptables -A INPUT -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT

# icmp
echo “    applying icmp rules”
echo “”
$iptables -A OUTPUT -p icmp -m state –state NEW -j ACCEPT
$iptables -A INPUT -p icmp -m state –state ESTABLISHED,RELATED -j ACCEPT
$iptables -A INPUT -p icmp –icmp-type echo-request -m limit –limit 1/s -i eth0 -j ACCEPT

# apply icmp type match blocking
echo “    applying icmp type match blocking”
echo “”
$iptables -I INPUT -p icmp –icmp-type redirect -j DROP
$iptables -I INPUT -p icmp –icmp-type router-advertisement -j DROP
$iptables -I INPUT -p icmp –icmp-type router-solicitation -j DROP
$iptables -I INPUT -p icmp –icmp-type address-mask-request -j DROP
$iptables -I INPUT -p icmp –icmp-type address-mask-reply -j DROP

# open ports to the firewall
echo “    applying the open port(s) to the firewall rules”
echo “”
$iptables -A INPUT -p tcp –dport 22 -j ACCEPT
#$iptables -A INPUT -p tcp –dport 3128 -j ACCEPT
# open and forward ports to the internal machine(s)
#echo “    applying port forwarding rules”
#echo “”
#$iptables -A FORWARD -i eth0 -p tcp –dport 80 -j ACCEPT
#$iptables -t nat -A PREROUTING -i eth0 -p tcp -d 116.x.x.x –dport 80 -j DNAT –to-destination 192.168.17.200:80

# logging
#echo “    applying logging rules”
#echo “”
#$iptables -A INPUT -i eth0 -p tcp -m limit –limit 1/s –dport 0:65535 -j LOG –log-prefix “tcp connection: ”
#$iptables -A INPUT -i eth0 -p udp -m limit –limit 1/s –dport 0:65535 -j LOG –log-prefix “udp connection: ”

# drop all other packets
echo “    applying default drop policies”
echo “”
$iptables -A INPUT -i eth0 -p tcp –dport 0:65535 -j DROP
$iptables -A INPUT -i eth0 -p udp –dport 0:65535 -j DROP

echo “### dar firewall is loaded ###”
echo “”

Reference: http://www.freelinuxtutorials.com/tutorials/linux-as-a-router-and-firewall

Installation and Configuration of AWStats on Tomcat Web Server

Here are the steps in installing and configuring AWstats in Tomcat Web Server

STEPS:

1.    Download awstats.war from the internet
2.    Since Tomcat disabled by default the CGI executions, we need to enable it by renaming the file servlets-cgi.renametojar to servlets-cgi.jar
Example:
[Tomcat_installation_path] = /usr/local/apache-tomcat-5.5.20

#cd /usr/local/apache-tomcat-5.5.20/server/lib
#mv servlets-cgi.renametojar servlets-cgi.jar

3.    Install AWStats
Since it is already a .war file, no need to install it by hand, you just need to copy this file to [Tomcat_installation_path]/webapps folder

#cp awstats.war [Tomcat_installation_path]/webapps

It would create an [Tomcat_installation_path]/webapps/awstats folder after copied.

4.    Configure AWStats
Let say our domain is www.mydomain.com

#cd /etc
#mkdir awstats
#cd [Tomcat_installation_path]/webapps/awstats/WEB-INF/cgi-bin
#cp awstats.model.conf /etc/awstats/awstats.www.mydomain.com.conf

5.    Edit awstats.conf
#vi /etc/awstats/awstats.www.mydomain.com.conf

Look for the line in the configuration and change the values as shown below:
Example:

LogFile=”LogFile=”/var/log/httpd/www.mydomain.com-combined_log”
LogType=W
LogFormat=1
LogSeparator=” ”
SiteDomain=”www.mydomain.com”
DNSLookup=1
DirData=”.”
DirCgi=”/cgi-bin”

6.    Update Site Statistics
Here you have two choices:
1.    Set AllowToUpdateStatsFromBrowser=1 in awstats.www.mydomain.com.conf file, see above. This will allow updating from the web browser with: http://www.mydomain.com/awstats/cgi-bin/awstats.pl?config=www.mydomain.com&update=1.
2.    Using SSH, go to [Tomca_install]/webapps/awstats/WEB-INF/cgi-bin folder and run perl awstats.pl -config=www.mydomain.com -update.
Example:
#/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -config=www.mydomain.com -update
Create/Update database for config “/etc/awstats/awstats.www.mydomain.com.conf” by AWStats version 6.6 (build 1.887)From data in log file “/var/log/httpd/www.freelinuxtutorials-combined_log”…
Phase 1 : First bypass old records, searching new record…
Direct access after last parsed record (after line 10471)
Jumped lines in file: 10471
Found 10471 already parsed records.
Parsed lines in file: 160
Found 0 dropped records,
Found 0 corrupted records,
Found 0 old records,
Found 160 new qualified records.

7.View Site Statistics

Access it using your favorite browser. Type
http://www.mydomain.com/awstats/cgi-bin/awstats.pl?config=www.mydomain.com

8.Create crontab script in order to update the  log file analysis
#crontab –e

add this line
example:

0 * * * * /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -config=www.mydomain.com -update > /root/awstatsjob/awstats.log

9. You can follow “Installation of GeoIP Information for AWStats” documentation to have a country information on your web/mail/ftp statistics.

 Original reference can be found on this links: http://www.freelinuxtutorials.com/tutorials/installation-and-configuration-of-awstats-on-apache-web-server/

Setting up FTP server via VSFTPD

* Setting up ftp via vsftpd in linux

The VSFTPD (Very Secure FTP Server Deamon) is one of the most commonly used FTP servers under Linux and comes with most Linux distributions.

This article will help you install and configure vsftpd in Linux. (sample OS used is a Red-hat based distribution)

GOALS:

* to create a secure ftp server
* to create an ftp user chrooted or jailed in a certain directory (sample use is an apache directory wherein you can limit users or your developers to just upload to a restricted folder)

procedures and actual simulation as follows:

A. INSTALLATION

#yum install vsftpd

Loaded plugins: refresh-packagekit
updates                                                  | 3.4 kB     00:00
updates/primary_db                                       | 4.0 MB     00:10
fedora                                                   | 2.8 kB     00:00
Setting up Install Process
Parsing package install arguments
Resolving Dependencies
–> Running transaction check
—> Package vsftpd.i386 0:2.0.7-2.fc10 set to be updated
updates/filelists_db                                                                                   | 7.3 MB     00:18
fedora/filelists_db                                                                                    |  11 MB     00:24
–> Finished Dependency Resolution
Dependencies Resolved
======================================================================================================
Package                     Arch                      Version                             Repository                    Size
======================================================================================================
Installing:
vsftpd                      i386                      2.0.7-2.fc10                        updates                      145 k

Transaction Summary
======================================================================================================
Install      1 Package(s)
Update       0 Package(s)
Remove       0 Package(s)

Total download size: 145 k
Is this ok [y/N]:y

Downloading Packages:
vsftpd-2.0.7-2.fc10.i386.rpm                                                                              | 145 kB     00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing     : vsftpd                                                                                                    1/1
Installed:
vsftpd.i386 0:2.0.7-2.fc10
Complete!

B. Edit configuration file (self-explanatory)

# vi /etc/vsftpd/vsftpd.conf

Here’s the important line that you need to modify:

# Turn off anonymous users
anonymous_enable=NO

# Turn on local users
local_enable=YES

# Users should be able to write
write_enable=YES

# chroot everyone
chroot_local_user=YES

#create userlist
userlist_file=/etc/vsftpd/vsftpd.userlist

C.  Create ftp acct (example create ftp user darwin)

# useradd -d /home/Sites/ -s /sbin/nologin darwin
# passwd darwin

D.    Add it on the vsftpd service userlist

# vi /etc/vsftpd/vsftpd.userlist

Add the ftp name pmorris, This will be the output once included:

# cat /etc/vsftpd/vsftpd.userlist
darwin

E. Add an FTP group e.g. ftpusers

#groupadd ftpusers

Example directory where we will jail the ftp users: /home/Sites

F. Change the ownership of the directory. e.g. root: ftpusers

/home/Sites folder ownership is currently set to root:ftpusers with permission 775 (meaning all FTP users should be in the GROUP “ftpusers”, and it has a GROUP read-write-execute) permission
drwxrwxr-x 13 root      ftpusers   4096 Jan 28 15:23 Sites

G. Add the ftpuser in the ftpusers group

#vi /etc/group

This will be the output once included:
ftpusers:x:502:darwin

Alternatively: you can use the command

#usermod -G ftpusers darwin

Testing:
Using your favorite FTP client such as FileZilla FTP or via CLI , you can test the functionality by uploading, deleting or creating folders on it.

————————————————————————————————————————
[root@darwin ~]# ftp ip.of.the.server
Connected to ip.of.the.server (ip.of.the.server).
220 (vsFTPd 2.0.5)
Name (ip.of.the.server:root): darwin
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> bin
200 Switching to Binary mode.
ftp> bye
221 Goodbye.

* this was tested in RPM-based distro such as CentOS,Fedora Core & RHEL

qemu virtualization

There are lots of operating system virtualization, you have the option to use an open source or a proprietary software depending on your needs,familiarization and most significantly, budget. People have several reasons why they use virtualization, and the most common is for testing purposes wherein they can test different configurations from different OS. Another reason is to security and consolidation, where they can save money and electricity.

Some of the popular open source linux virtualization softwares are OpenVZ, Xen, KVM and VirtualBox. You can also try proprietary softwares such as VMWare and Citrix XenServer, a commercial implementation of Xen.

For this tutorial, I’ll be covering Qemu, another virtualization program and here are the steps:

Prerequisites and componets:

a. windows installation in ISO format  ex. WinXP ( you can create ISO format using 3rd party programs like magic ISO, power ISO etc.)

b.process emulator (QEMU)

c. any Linux distribution (I’ll be using CentOS 5 for this demonstration)

d. Linux/Unix administration skills

A. Installing qemu

# yum install qemu

# qemu-img create winxp.img 4G

C. install the windows

#qemu -hda winxp.img -cdrom win.iso -m 256 -boot d

B. Create windows image by creating a virtual drive ( sample demo is creation of 4 GB virtual drive named winxp.img)

this will tell qemu to use the virtual disk as the hard disk, which drive to use as the cdrom  and to allocate 256 memory for the virtual pc
Qemu will boot up and you will be in windows install (line the normal windows installation)

Tips: CTRL+ALT= when you need your mouse
ALT+CTRL+F = toggle fullscreen

After finished the windows installation, you can just close the Qemu Window

D. Testing the newly installed windows under Linux

#qemu -hda winxp.img -m 256 -boot c

NOTE: This procedure is being done in your Linux X environment e.g. GNOME , KDE etc.

CHALLENGE: How to emulate Windows in Linux OS when you only have ssh access to the remote server, no X or GUI?

SOLUTION: Create a windows image in your local test machine then upload the image file.
Tip: Since an image file will be 4GB in size, you can split the file into several pieces via your favorite archiver. I used Winrar for this one, then upload those files in queue ( Bandwidth matters)

* Since image is already uploaded on the server, the only thing to do is to emulate and redir port 3389 for RDP purposes.

sample:

# qemu -hda /home/test/winxp.img -m 2000 -boot c -redir tcp:3389::3389 -nographic

You can now access your windows via RDP… Start> Run..> mstsc

then input the server IP address

 Reference: http://www.freelinuxtutorials.com/tutorials/qemu-virtualization/

Qmail Howto

QMAIL HOW TO

I.    Qmail Installation

A.    INSTALLATION

A.1. Software Pre-requisites
1. Linux Operating System
2.Apache Web Server
3.Perl –any version  of 5
4.GCC – the gcc compiler
5. wget – use for downloading installers
6. patch & patchutils -

Access to a domain name server (DNS) is highly recommended.

A.2  Download the source

Download the necessary installers for setting up the qmail, download the source code for qmail and any other add-ons.
•     qmail, http://www.qmail.org/netqmail-1.05.tar.gz
•    ucspi-tcp, ftp://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
•    daemontools, ftp://cr.yp.to/daemontools/daemontools-0.76.tar.gz
for e.g.
# wget  http://www.qmail.org/netqmail-1.05.tar.gz
You can put all of installers on a certain directory for e.g. /home/darwin
A.3. Build the source
A.3.1 Switch user as root and do these:
su
umask 022
mkdir -p /usr/local/src  (if not yet existing)
mv netqmail-1.05.tar.gz ucspi-tcp-0.88.tar.gz /usr/local/src
mkdir -p /package
mv daemontools-0.76.tar.gz /package
chmod 1755 /package

A.3.2 Unpack the packages

cd /usr/local/src
tar zxvf  netqmail-1.05.tar.gz
cd netqmail-1.05
./collate.sh  # watch for errors here
cd ..
tar zxvf ucspi-tcp-0.88.tar.gz
cd /package
tar zxvf daemontools-0.76.tar.gz

A.3.3 Create directories

mkdir /var/qmail

A.3.4 Create users and groups

cd /usr/local/src/netqmail-1.05/netqmail-1.05

You can check the INSTALL.ids to setup qmail groups and users, to make it easy you just copy these commands

groupadd nofiles
useradd -g nofiles -d /var/qmail/alias alias
useradd -g nofiles -d /var/qmail qmaild
useradd -g nofiles -d /var/qmail qmaill
useradd -g nofiles -d /var/qmail qmailp
groupadd qmail
useradd -g qmail -d /var/qmail qmailq
useradd -g qmail -d /var/qmail qmailr
useradd -g qmail -d /var/qmail qmails

A.3.5 Do the build
cd /usr/local/src/netqmail-1.05/netqmail-1.05

make setup check

./config-fast the.full.hostname(for ex. ./config-fast phi.freelinuxtutorials.com)

A.4 Install ucspi-tcp

cd /usr/local/src/ucspi-tcp-0.88

patch < /usr/local/src/netqmail-1.05/other-patches/ucspi-tcp-0.88.errno.patch

make
make setup check

A.5 Install daemontools

cd /package/admin/daemontools-0.76

cd src
patch < /usr/local/src/netqmail-1.05/other-patches/daemontools-0.76.errno.patch
cd ..
package/install

A.6 Start qmail

A.6.1 Use an editor to create /var/qmail/rc script

vi /var/qmail/rc and then use this script:

#!/bin/sh

# Using stdout for logging
# Using control/defaultdelivery from qmail-local to deliver messages by default

exec env – PATH=”/var/qmail/bin:$PATH” \
qmail-start “`cat /var/qmail/control/defaultdelivery`”

A.6.2 Execute these commands:
chmod 755 /var/qmail/rc
mkdir /var/log/qmail

A.6.3 Create a default delivery mode for messages that aren’t delivered by a .qmail file. Type:

echo ./Maildir/ >/var/qmail/control/defaultdelivery

A.7 Create a startup/shutdown script like the following in /var/qmail/bin/qmailctl

#!/bin/sh

# For Red Hat chkconfig
# chkconfig: – 80 30
# description: the qmail MTA

PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin
export PATH

QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`

case “$1″ in
start)
echo “Starting qmail”
if svok /service/qmail-send ; then
svc -u /service/qmail-send /service/qmail-send/log
else
echo “qmail-send supervise not running”
fi
if svok /service/qmail-smtpd ; then
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
else
echo “qmail-smtpd supervise not running”
fi
if svok /service/qmail-pop3d ; then
svc -u /service/qmail-pop3d /service/qmail-pop3d/log
else
echo “qmail-pop3d supervise not running”
fi
if [ -d /var/lock/subsys ]; then
touch /var/lock/subsys/qmail
fi
;;
stop)
echo “Stopping qmail…”
echo “  qmail-smtpd”
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo “  qmail-send”
svc -d /service/qmail-send /service/qmail-send/log
echo “  qmail-pop3d”
svc -d /service/qmail-pop3d /service/qmail-pop3d/log
if [ -f /var/lock/subsys/qmail ]; then
rm /var/lock/subsys/qmail
fi
;;
stat)
svstat /service/qmail-send
svstat /service/qmail-send/log
svstat /service/qmail-smtpd
svstat /service/qmail-smtpd/log
svstat /service/qmail-pop3d
svstat /service/qmail-pop3d/log
qmail-qstat
;;
doqueue|alrm|flush)
echo “Flushing timeout table and sending ALRM signal to qmail-send.”
/var/qmail/bin/qmail-tcpok
svc -a /service/qmail-send
;;
queue)
qmail-qstat
qmail-qread
;;
reload|hup)
echo “Sending HUP signal to qmail-send.”
svc -h /service/qmail-send
;;
pause)
echo “Pausing qmail-send”
svc -p /service/qmail-send
echo “Pausing qmail-smtpd”
svc -p /service/qmail-smtpd
echo “Pausing qmail-pop3d”
svc -p /service/qmail-pop3d
;;
cont)
echo “Continuing qmail-send”
svc -c /service/qmail-send
echo “Continuing qmail-smtpd”
svc -c /service/qmail-smtpd
echo “Continuing qmail-pop3d”
svc -c /service/qmail-pop3d
;;
restart)
echo “Restarting qmail:”
echo “* Stopping qmail-smtpd.”
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo “* Sending qmail-send SIGTERM and restarting.”
svc -t /service/qmail-send /service/qmail-send/log
echo “* Restarting qmail-smtpd.”
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
echo “* Restarting qmail-pop3d.”
svc -t /service/qmail-pop3d /service/qmail-pop3d/log
;;
cdb)
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
chmod 644 /etc/tcp.smtp.cdb
echo “Reloaded /etc/tcp.smtp.”
tcprules /etc/tcp.pop3.cdb /etc/tcp.pop3.tmp < /etc/tcp.pop3
chmod 644 /etc/tcp.pop3.cdb
echo “Reloaded /etc/tcp.pop3.”
;;
help)
cat <<HELP
stop — stops mail service (smtp connections refused, nothing goes out)
start — starts mail service (smtp connection accepted, mail can go out)
pause — temporarily stops mail service (connections accepted, nothing leaves)
cont — continues paused mail service
stat — displays status of mail service
cdb — rebuild the tcpserver cdb file for smtp
restart — stops and restarts smtp, sends qmail-send a TERM & restarts it
doqueue — schedules queued messages for immediate delivery
reload — sends qmail-send HUP, rereading locals and virtualdomains
queue — shows status of queue
alrm — same as doqueue
flush — same as doqueue
hup — same as reload
HELP
;;
*)
echo “Usage: $0 {start|stop|restart|doqueue|flush|reload|stat|pause|cont|cdb|queue|help}”
exit 1
;;
esac

exit 0

This script is available via http://www.lifewithqmail.org/qmailctl-script-dt70

A.7.1 Make the qmailctl script executable and link it to a directory in your path:

chmod 755 /var/qmail/bin/qmailctl
ln -s /var/qmail/bin/qmailctl /usr/bin

A.8 The supervise scripts

A.8.1 Now create the supervise directories for the qmail services:
mkdir -p /var/qmail/supervise/qmail-send/log
mkdir -p /var/qmail/supervise/qmail-smtpd/log
A.8.2. Create the /var/qmail/supervise/qmail-send/run file:
#!/bin/sh
exec /var/qmail/rc
A.8.3 Create the /var/qmail/supervise/qmail-send/log/run file:
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail
A.8.4 Create the /var/qmail/supervise/qmail-smtpd/run file:
#!/bin/sh

QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`

if [ -z “$QMAILDUID” -o -z “$NOFILESGID” -o -z “$MAXSMTPD” -o -z “$LOCAL” ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi

if [ ! -f /var/qmail/control/rcpthosts ]; then
echo “No /var/qmail/control/rcpthosts!”
echo “Refusing to start SMTP listener because it’ll create an open relay”
exit 1
fi

exec /usr/local/bin/softlimit -m 2000000 \
/usr/local/bin/tcpserver -v -R -l “$LOCAL” -x /etc/tcp.smtp.cdb -c “$MAXSMTPD” \
-u “$QMAILDUID” -g “$NOFILESGID” 0 smtp /var/qmail/bin/qmail-smtpd 2>&1

A.8.5 Create the concurrencyincoming control file:
echo 20 > /var/qmail/control/concurrencyincoming
chmod 644 /var/qmail/control/concurrencyincoming
A.8.6 Create the /var/qmail/supervise/qmail-smtpd/log/run file:
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail/smtpd
A.8.7 Make the run files executable:
chmod 755 /var/qmail/supervise/qmail-send/run
chmod 755 /var/qmail/supervise/qmail-send/log/run
chmod 755 /var/qmail/supervise/qmail-smtpd/run
chmod 755 /var/qmail/supervise/qmail-smtpd/log/run
Then set up the log directories:
mkdir -p /var/log/qmail/smtpd
chown qmaill /var/log/qmail /var/log/qmail/smtpd
Finally, link the supervise directories into /service:
ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service
The /service directory is created when daemontools is installed.

A.8.8 SMTP Access Control
Allow the local host to inject mail via SMTP:
echo ‘127.:allow,RELAYCLIENT=””‘ >>/etc/tcp.smtp
qmailctl cdb

You can add here IP address that will allow to relay to outside domain. These entries ensure that your mail server is not an open relay.

A.9 Stop and disable the installed MTA

If you’re using an RPM-based Linux distribution like Red Hat, removing the MTA package might cause problems down the road. Utilities that update the system might try to reinstall Sendmail, or MUA packages might not install because they can’t tell an MTA is installed. You can use Mate Wierdl’s stub package called “fake_mta” that can be installed to prevent these problems. Simply install the RPM available from http://www.csi.hu/mw/fake_mta-1-1memphis.noarch.rpm.

A.9.1 Download the said rpm and install the package

rpm –ivh fake_mta-1-1memphis.noarch.rpm

If your existing MTA is Sendmail, you should be able to stop it by
running the init.d script with the “stop” argument. E.g., one of
these should work:
/etc/init.d/sendmail stop
/sbin/init.d/sendmail stop
/etc/rc.d/init.d/sendmail stop
kill PID¬of¬sendmail
rpm ¬e ¬¬nodeps sendmail

Lastly, replace any existing /usr/lib/sendmail with the qmail version:
mv /usr/lib/sendmail /usr/lib/sendmail.old                  # ignore errors
mv /usr/sbin/sendmail /usr/sbin/sendmail.old                # ignore errors
chmod 0 /usr/lib/sendmail.old /usr/sbin/sendmail.old        # ignore errors
ln -s /var/qmail/bin/sendmail /usr/lib
ln -s /var/qmail/bin/sendmail /usr/sbin

A.10 Create System Aliases
There are three system aliases that should be created on all qmail installations:
Alias     Purpose
postmaster     RFC 2821 required, points to the mail adminstrator (you)
mailer-daemon     de facto standard recipient for some bounces
root     redirects mail from privileged account to the system administrator
To create these aliases, decide where you want each of them to go (a local user or a remote address) and create and populate the appropriate .qmail files. For example, say local user dave is both the system and mail administrator:
echo darwin > /var/qmail/alias/.qmail-root
echo darwin > /var/qmail/alias/.qmail-postmaster
ln -s .qmail-postmaster /var/qmail/alias/.qmail-mailer-daemon
chmod 644 /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-postmaster

A.11 Start qmail
If you stopped qmail above after creating the links in /service, you should restart it now:
qmailctl start
A.12 Test the Installation
qmail should now be running. First run qmailctl stat to verify that the services are up and running:
# qmailctl stat
/service/qmail-send: up (pid 30303) 187 seconds
/service/qmail-send/log: up (pid 30304) 187 seconds
/service/qmail-smtpd: up (pid 30305) 187 seconds
/service/qmail-smtpd/log: up (pid 30308) 187 seconds
messages in queue: 0
messages in queue but not yet preprocessed: 0

All four services should be “up” for more than a second. If they’re not, you’ve probably got a typo in the associated run script or you skipped one or more steps in creating the necessary files, directories, or links. Go back through the installation step-by-step and double check your work. You can also download and run the inst_check script, available from http://lifewithqmail.org/inst_check. For example:
# sh inst_check
! /var/log/qmail has wrong owner, should be qmaill
…try: chown qmaill /var/log/qmail
#
If inst_check finds problems, fix them and re-run it. When everything looks right, inst_check will report:
Congratulations, your LWQ installation looks good!

B. Configuration
You’ve got qmail installed, from the recommended source tarball method, one of the self-compiling packages, or a var-qmail package. This section contains information you will need to configure qmail to make it work the way you want it to.
B.1. Configuration Files
All of qmail’s system configuration files, with the exception of the .qmail files in ~alias, reside in /var/qmail/control. The qmail-control man page contains a table like the following:
Control     Default     Used by     Purpose
badmailfrom     none     qmail-smtpd     blacklisted From addresses
bouncefrom     MAILER-DAEMON     qmail-send     username of bounce sender
bouncehost     me     qmail-send     hostname of bounce sender
concurrencyincoming     none     /service/qmail-smtpd/run     max simultaneous incoming SMTP connections
concurrencylocal     10     qmail-send     max simultaneous local deliveries
concurrencyremote     20     qmail-send     max simultaneous remote deliveries
defaultdelivery     none     /var/qmail/rc     default .qmail file
defaultdomain     me     qmail-inject     default domain name
defaulthost     me     qmail-inject     default host name
databytes     0     qmail-smtpd     max number of bytes in message (0=no limit)
doublebouncehost     me     qmail-send     host name of double bounce sender
doublebounceto     postmaster     qmail-send     user to receive double bounces
envnoathost     me     qmail-send     default domain for addresses without “@”
helohost     me     qmail-remote     host name used in SMTP HELO command
idhost     me     qmail-inject     host name for Message-ID’s
localiphost     me     qmail-smtpd     name substituted for local IP address
locals     me     qmail-send     domains that we deliver locally
me     FQDN of system     various     default for many control files
morercpthosts     none     qmail-smtpd     secondary rcpthosts database
percenthack     none     qmail-send     domains that can use “%”-style relaying
plusdomain     me     qmail-inject     domain substituted for trailing “+”
qmqpservers     none     qmail-qmqpc     IP addresses of QMQP servers
queuelifetime     604800     qmail-send     seconds a message can remain in queue
rcpthosts     none     qmail-smtpd     domains that we accept mail for
smtpgreeting     me     qmail-smtpd     SMTP greeting message
smtproutes     none     qmail-remote     artificial SMTP routes
timeoutconnect     60     qmail-remote     how long, in seconds, to wait for SMTP connection
timeoutremote     1200     qmail-remote     how long, in seconds, to wait for remote server
timeoutsmtpd     1200     qmail-smtpd     how long, in seconds, to wait for SMTP client
virtualdomains     none     qmail-send     virtual domains and users

Sample PHI MAIL SERVER CONFIGURATION

badmailfrom:
FROM_USER@netmail.nl
@*.service.ohio-state.edu
@4cpp.net
@8hy.cn
@aidscare.com.hk
@bbqgirl.com

concurrencyincoming
20

defaultdelivery
./Maildir

defaultdomain
phmx1.freelinuxtutorials.com

helohost
phi.freelinuxtutorials.com

locals
phmx1.freelinuxtutorials.com

me
phmx1.freelinuxtutorials.com

plusdomain
freelinuxtutorials.com

queuelifetime
172800

rcpthosts
phmx1.freelinuxtutorials.com
freelinuxtutorials.com
hkpub.com
mail.freelinuxtutorials.com
mail.hkpub.com
phi.freelinuxtutorials.com

virtualdomains
phi.freelinuxtutorials.com:phi.freelinuxtutorials.com

II. INSTALLING VPOPMAIL

Vpopmail is one of the major components of this installation. Vpopmail allows us to do virtual domain mail hosting. It’s got a lot of built in tools and features that make it a dream to work with
B. 1 Download the installer of vpopmail on http://www.inter7.com/
C. Unpack/uncompress the tarball file
tar zxvf vpopmail-5.4.0.tar.gz
cd vpopmail-5.4.0
# ./configure
# make
# make install-strip

1.Now you are ready to add a virtual domain and users

#cd /home/vpopmail/bin
#./vadddomain phi.freelinuxtutorials.com password yourpostmasterpassword

2.To add a new pop users

You can install qmailadmin and administer your new pop mail
system via a web interface. Or you can use the command line
interface.

# cd /home-dir-of-vpopmail/bin
# ./vadduser newuser@test.com
or
# ./vadduser newuser@test.com <password-for-newuser>

3.Delete a pop user

# cd /home-dir-of-vpopmail/bin
# ./vdeluser newuser@test.com (for the test.com virtualdomain example)

4.Delete a virtual domain

# cd /home-dir-of-vpopmail/bin
# ./vdeldomain test.com

5.Changing a pop users password (new in 3.4.3)
# cd /home-dir-of-vpopmail/bin
# ./vpasswd user@domain.com
or
# ./vpasswd user@domain.com <password-for-user@domain.com>

III. INSTALLING QMAILADMIN
qmailAdmin is a free software package that provides a web interface for managing a qmail system with virtual domains. A version is available now for use with vpopmail. It provides admin for adding/deleting users, Aliases, Forwards, Mailing lists and Autoresponders.

Requirements:
Qmail
Vpopmail
Autorespond 2.0 (or greater)
Ezmlm or Ezmlm-idx

Installing Autoresponder
Download the installer on http://www.inter7.com
tar zxvf autorespond-2.0.2.tar.gz
cd autorespond-2.0.2
make && make install

Installing Ezmlm
EZmlm is a nice mailing list add-on to Qmail
EZmlm integrates seamlessly into Qmailadmin to provide a very user friendly mailing list management interface
Download the installer on http://www.inter7.com
tar zxvf ezmlm-0.53-idx-0.41.tar.gz
cd ezmlm-0.53-idx-0.41
make && make setup

Install qmailadmin
Download the installer on http://www.inter7.com
Type as root:
tar zxvf qmailadmin-1.2.0.tar.gz
cd qmailadmin-1.2.0
./configure –enable-modify-quota
# make
# make install-strip

That’s it! Now browse to http://www.yourdomain.com/cgi-bin/qmailadmin and you should see the login screen. Login with the postmaster account and password for the domain that you created

If you didn’t get any errors, Qmailadmin should be all set!

IV. INSTALLING SQWEBMAIL

Sqwebmail is a web based email client, similar to hotmail. It is extremely efficient and the html is configurable.  It is compatible with vpopmail

Note: SqWebMail DOES NOT support traditional Mailbox files, only Maildirs

Download the installer on http://www.inter7.com or directly on http://www.courier-mta.org/sqwebmail/
Unpack:
# tar xvf sqwebmail-4.0.4.20040524.tar
#./configure [options - see below]
#  make configure-check
# make
# make check
# make install-strip       # Do a make install if this doesn’t work
# make install-configure   # Install configuration files.
You can now access sqwebmail http://www.yourdomain.com/cgi-bin/sqwebmail

BACKING UP QMAIL SERVER
Backing up a qmail server is relatively easy. While different people may give you slightly different recommendations, you can ensure a safe backup of your qmail server if you backup the following 2 directories on a routine basis.
/home/vpopmail – backs up all your domain information, including mailboxes, passwords and the messages themselves.
/var/qmail – backs up all of your qmail settings. The /var/qmail/control directory is the most important directory in there to back up, but it won’t hurt to just back up the whole damn qmail directory.

For complete documentations, pls refer to:
Reference: http://www.lifewithqmail.org
http://www.qmailrocks.org
http://www.inter7.com/

Reference: http://www.freelinuxtutorials.com/tutorials/qmail-how-to/

Linux working with FreeRadius and MySQL

Freeradius and MySQL

Software Requirements:

Any Linux distro, kernel 2.4xx-later(tested in CentOS,Fedora Core,RH)
MySQL Server 4.xx-5.xx
GCC compiler
vi editor

1.    Get the latest freeradius source code tarball from www.freeradius.org or get the rpm package using “yum”

2.    Unpack the tarball and install it.
#tar zxvf freeradius-xxx.tar.gz
#cd freeradius
#./configure
#make
#make install

3.    Start with a simple config using the standard text files, this will test if the Freeradius installed is working or not

a.    Edit /etc/raddb/clients.conf to enter the details of the NAS unit.You can enter “localhost” for testing purposes
b.    Edit /etc/raddb/users and create a sample user account

Sample:
“test”    Auth-Type := Local, User-Password == “hello”
Reply-Message = “Hello, %u”

c.    Edit /etc/raddb/radiusd.conf and change as needed

Run the radiusd service with the debug turned on to see what happens:

#radiusd –X

You can use radtest to test an account from the command line:

#radtest username password servername port secret

ex:
#radtest darwin mypass radius.owtel.com 1645 mysecret

And you should see something like this:

Sending Access-Request of id 226 to 127.0.0.1:1645
User-Name = darwin’
User-Password = ‘\304\2323\326B\017\376\322?K\332\350Z;}’
NAS-IP-Address = radius.owtel.com
NAS-Port = 1645

If you get an “Access Accept” response, that means Freeradius is running ok.

Setting up the Freeradius database in MySQL

1. First, if you will run the db on your localhost, MySQL server should be installed on your machine

#mysql –u root –p

mysql>CREATE DATABASE radius;
mysql>GRANT ALL PRIVILEGES ON radius.* to ‘root’@localhost’ IDENTIFIED BY ‘myrootpassword’;
mysql>FLUSH PRIVILEGES;

2. Create a schema for the database, use the SQL script file, it can be found in /src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql where you untar’d the FreeRadius

#mysql –u root –p rootpass radius < db_mysql.sql

where root and rootpass are your mysql root name and password respectively

Configuring FreeRadius to use MySQL

1.Edit /etc/raddb/sql.conf and enter the server, name and password details to connect your Mysql Server and Radius database:

# Connect info
server = “localhost”
login = “root”
password = “rootpass”

radius_db = “radius”

Query config for username, I used this:

sql_user_name = “%{User-Name}”

You will see several tables created. You just need to use one of those: radcheck. This table has the following structure:

2.    Edit /etc/raddb/radiusd.conf and add a line saying “sql” to the authorize {}section and add a line saying “sql” to the accounting{} section too between ‘unix’ and ‘radutmp’

radiusd.conf will look something like this:

authorise {
preprocess
chap
mschap
#counter
#attr_filter
#eap
suffix
sql
#files
#etc_smbpasswd
}

authenticate {
authtype PAP {
pap
}
authtype CHAP {
chap
}
authtype MS-CHAP{
mschap
}
#pam
#unix
#authtype LDAP {
#       ldap
#}
}

preacct {
preprocess
suffix
#files
}

accounting {
acct_unique
detail
#counter
unix
sql
radutmp
#sradutmp
}

session {
radutmp
}

The simplest way to populate users database is by inserting data on the radcheck table:

mysql> > INSERT INTO radcheck (UserName, Attribute, Value) VALUES (’darwin’, ‘Password’, ‘mypassword’);

Ref: - http://www.freelinuxtutorials.com/working-with-servers-or-daemon/linux-working-with-freeradius-and-mysql/

ANother Info:

Linux working with FreeRadius and MySQL

Posted in Working with Servers by admin | No Comments

Freeradius and MySQL

Software Requirements:

Any Linux distro, kernel 2.4xx-later(tested in CentOS,Fedora Core,RH)
MySQL Server 4.xx-5.xx
GCC compiler
vi editor

1.    Get the latest freeradius source code tarball from www.freeradius.org or get the rpm package using “yum”

2.    Unpack the tarball and install it.
#tar zxvf freeradius-xxx.tar.gz
#cd freeradius
#./configure
#make
#make install

3.    Start with a simple config using the standard text files, this will test if the Freeradius installed is working or not

a.    Edit /etc/raddb/clients.conf to enter the details of the NAS unit.You can enter “localhost” for testing purposes
b.    Edit /etc/raddb/users and create a sample user account

Testing your SIP Protocol via SIPp

Want to test your Asterisk PBX system if it can sustain load and large traffic? Then you can use this tool.
Sipp is a performance testing tool for the SIP protocol. Its main features are basic SIPStone scenarios, TCP/UDP transport, customizable (xml based) scenarios, dynamic adjustement of call-rate and a comprehensive set of real-time statistics.
Sipp can be used to test real SIP equipments and very useful to emulate thousands of user agents calling your SIP system.

Installation:

1.    Download the stable version of Sipp ( sipp-xxx.tar.gz)
2.    Uncompress the tarball file
#tar zxvf sipp-xxx.tar.gz
#cd sipp
#make

Using Sipp:

SIPp allows to generate one or many SIP calls to one remote system
Syntax: ./sipp -sn uac ip
#./sipp –sn uac 127.0.0.1
#./sipp -sn uac 192.168.17.10

Traffic Control:

SIPp generates SIP traffic according to the scenario specified. You can control the number of calls (scenario) that are started per second. This can be done either:
•    Interactively, by pressing keys on the keyboard
o    ’+’ key to increase call rate by 1
o    ’-’ key to decrease call rate by 1
o    ’*’ key to increase call rate by 10
o    ’/’ key to increase call rate by 10
•    At starting time, by specifying parameters on the command line:
o    ”-r” to specify the call rate in number of calls per seconds
o    ”-rp” to specify the “rate period” in milliseconds for the call rate (default is 1000ms/1sec). This allows you to have n calls every m milliseconds (by using -r n -rp m).
Note
Example: run SIPp at 7 calls every 2 seconds (3.5 calls per second)
./sipp -sn uac -r 7 -rp 2000 127.0.0.1
You can also pause the traffic by pressing the ‘p’ key. SIPp will stop placing new calls and wait until all current calls go to their end. You can resume the traffic by pressing ‘p’ again.
To quit SIPp, press the ‘q’ key. SIPp will stop placing new calls and wait until all current calls go to their end. SIPp will then exit.

Changing Screens:

Several screens are available to monitor SIP traffic. You can change of screen by pressing 1, 2, 3 or 4 keys on the keyboard.

Key ‘1′: Scenario screen. It displays a call flow of the scenario as well as some important informations.
Key ‘2′: Statistics screen. It displays the main statistics counters. The “Cumulative” column gather all statistics, since SIPp has been launched. The “Periodic” column gives the statistic value for the period considered (specified by -f frequency command line parameter).
Key ‘3′: Repartition screen. It displays the distribution of response time and call length, as specified in the scenario.
Key ‘4′: Variables screen. It displays informations on actions in scenario as well as scenario variable informations.

Ref: - http://www.freelinuxtutorials.com/quick-tips-and-tricks/testing-your-sip-protocol-via-sipp/

MySQL change and recover password

Setting up mysql password is one of the essential task in systems administration

Note: Linux/Unix login root account for your operating system and MySQL root are different

You can use the built-in “mysqladmin” command to change MySQL root password. It can be executed anywhere as long the binary path is set on your Linux or Windows environment

Condition 1: If you have never set a root password for MySQL, the server does not require a password at all for connecting as root. To setup root password for first time, use mysqladmin command at shell prompt as follows:

# mysqladmin -u root password NEWPASSWORD

Condition2 : However, if you want to change (or update) a root password, then you need to use following command

#mysqladmin -u root -p’oldpassword’ password newpass

For example, If old password is xyz, and set new password to 654321, enter:

# mysqladmin -u root -p’xyz’ password ‘654321′

Condition 3: Change MySQL password for other user

To change a normal user password you need to type (let us assume you would like to change password for darwin):

# mysqladmin -u darwin -p oldpassword password newpass

Condition 4: Changing MySQL root user password using MySQL sql command

This is another method. MySQL stores username and passwords in user table inside MySQL database. You can directly update password using the following method to update or change password for user vivek:

1) Login to mysql server, type following command at shell prompt:

# mysql -u root -p

2) Use mysql database (type command at mysql> prompt):

mysql> use mysql;

3) Change password for user darwin:

mysql> update user set password=PASSWORD(”NEWPASSWORD”) where User=’darwin’;

4) Reload privileges:

mysql> flush privileges;
mysql> quit

Condition 5: Recover MySQL root password

You can recover MySQL database server password with following five easy steps.

Step # 1: Stop the MySQL server process.
Step # 2: Start the MySQL (mysqld) server/daemon process with the –skip-grant-tables option so that it will not prompt for password
Step # 3: Connect to mysql server as the root user
Step # 4: Setup new root password
Step # 5: Exit and restart MySQL server

Here are commands you need to type for each step (login as the root user):

Step # 1 : Stop mysql service

# /etc/init.d/mysql stop

Stopping MySQL database server: mysqld.

Step # 2: Start to MySQL server w/o password:

# mysqld_safe –skip-grant-tables &

[1] 5988
Starting mysqld daemon with databases from /var/lib/mysql
mysqld_safe[6025]: started

Step # 3: Connect to mysql server using mysql client:

# mysql -u root

Output:

Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 4.1.15-Debian_1-log

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

mysql>

Step # 4: Setup new MySQL root user password

mysql> use mysql;
mysql> update user set password=PASSWORD(”NEW-ROOT-PASSWORD”) where User=’root’;
mysql> flush privileges;
mysql> quit

Step # 5: Stop MySQL Server:

# /etc/init.d/mysql stop
Output:

Stopping MySQL database server: mysqld
STOPPING server from pid file /var/run/mysqld/mysqld.pid
mysqld_safe[6186]: ended

[1]+ Done mysqld_safe –skip-grant-tables

Step # 6: Start MySQL server and test it

# /etc/init.d/mysql start
# mysql -u root -p

 Ref: - http://www.freelinuxtutorials.com/quick-tips-and-tricks/mysql-change-and-recover-password/

Backup and Restore MySQL database

Quick tip in backing up and restore your MySQL database:

Backing up and Restoring MySQL database

Backing up database:
Syntax:
mysqldump -u [username] -p [password] [databasename] > [backupfile.sql]
o    [username] -database username
o    [password] -password for your database
o    [databasename] – the name of your database
o    [backupfile.sql] – the file to which the backup should be written.
Example:
mysqldump -u root -p asterisk > asteriskbackupmarch3.sql
(just input the password when prompt for password)

Multiple database:

Syntax:
mysqldump -u [username] -p [password] –databases  [databasename1] [databasename2] > [backupfile.sql]

Example:
mysqldump -u asteriskuser -p –databases asterisk asteriskcdrdb > multibackup.sql
(then input db password)

Backup file in compressed format
Syntax:
mysqldump –all-databases | bzip2 -c >databasebackup.sql.bz2
mysqldump –all-databases | gzip >databasebackup.sql.gz

Restoring Database:

mysql -u [username] -p [password] [database_to_restore] < [backupfile]

Example:
mysql –u asteriskuser –p asterisk < asteriskbackup.sql
<input password when prompt>
mysql –u asteriskuser –p asteriskcdrdb < asteriskcdrdbbackup.sql
<input password when prompt>

Restoring compressed backup files

Example:

gunzip < databasebackup.sql.sql.gz | mysql -u asteriskuser -p asterisk

Addon: Sample Shell Scripts for automating backups

Back up your database without overwriting the older backup

#!/bin/sh
date=`date -I`
mysqldump –all-databases | gzip > /var/backup/backup-$date.sql.gz

Ref: - http://www.freelinuxtutorials.com/quick-tips-and-tricks/backup-and-restore-mysql-database/

How to connect linux to MSSQL

Here’s one trick to do that: - http://www.freelinuxtutorials.com/quick-tips-and-tricks/quick-tip-how-to-connect-linux-to-mssql/

Step 1. Install  FreeTDS

FreeTDS Website: http://www.freetds.org/ choose FreeTDS source distribution

Compile parameter: –prefix=/usr/local/freetds –enable-msdblib

Then, copy /etc/ld.so.conf, to /usr/local/freetds/lib; and then run ldconfig

Step 2. Change /usr/local/freetds/etc/freetds.conf

[sql2k]

host = your.mssql.server.ip
port = 1433
client charset = cp950
tds version = 8.0

b. tds version: 4.2 (for MS SQL Server 6.x); 7.0 (for 7.x); 8.0 (for 2000)

Step 3. Test FreeTDS connect to MS SQL Server

#cd /usr/local/freetds/bin
#./tsql -S sql2k -U sa
1> use mydatabase
2> select * from mytable
3> go

it shows mytable if success

quit tsql:

1>    quit

Step 4. Re compile PHP Source

PHP website: http://www.php.net/

Before you re compile, please use php run echo phpinfo(); check the existing configure parameter, and then add  –with-mssql=/usr/local/freetds

example:

./configure ‘–prefix=/usr/local/php_4.3.10′ ‘–localstatedir=/var’ ‘–disable-debug’ ‘–enable-pic’ ‘–disable-rpath’ ‘–enable-inline-
optimization’ ‘–with-bz2′ ‘–with-db4=/usr’ ‘–with-curl’ ‘–with-exec-dir=/usr/bin’ ‘–with-freetype-dir=/usr’ ‘–with-png-dir=/usr’ ‘–with-gd’ ‘–enable-gd-native-ttf’ ‘–without-gdbm’ ‘–with-gettext’ ‘–with-ncurses’ ‘–with-gmp’ ‘–with-iconv’ ‘–with-jpeg-dir=/usr’ ‘–with-
openssl’ ‘–with-png’ ‘–with-pspell’ ‘–with-regex=system’ ‘–with-xml’ ‘–with-expat-dir=/usr’ ‘–with-dom’ ‘–with-dom-xslt=/usr’ ‘–with-dom-exslt=/usr’ ‘–with-xmlrpc=shared’ ‘–with-pcre-
regex=/usr’ ‘–with-zlib’ ‘–with-layout=GNU’ ‘–enable-bcmath’ ‘–enable-exif’ ‘–enable-ftp’ ‘–enable-magic-quotes’ ‘–enable-safe-mode’ ‘–enable-sockets’ ‘–enable-sysvsem’ ‘–enable-sysvshm’ ‘–enable-track-vars’ ‘–enable-trans-sid’ ‘–enable-yp’ ‘–enable-wddx’ ‘–with-pear=/usr/share/pear’ ‘–with-imap=shared’ ‘–with-imap-ssl’ ‘–with-kerberos’ ‘–with-ldap=shared’ ‘–with-mysql’ ‘–with- pgsql=shared’ ‘–with-snmp’ ‘–with-snmp=shared’ ‘–enable-ucd-snmp-hack’ ‘–with-unixODBC’ ‘–enable-memory-limit’ ‘–enable-bcmath’ ‘–enable-shmop’ ‘–enable-calendar’ ‘–enable-dbx’ ‘– enable-dio’ ‘–enable-mcal’ ‘–enable-mbstring’ ‘–enable-mbstr-enc-trans’ ‘–enable-mbregex’ ‘–with-apxs2=/usr/sbin/apxs’ ‘–with-mssql=/usr/local/freetds’

After compile、installation, cp php.ini-dist /prefix/lib/php.ini

Step 5. Startup Apache HTTP Server for testing

Sample Code:

<?php

mssql_connect(’sql2k’,’sa’,”);
mssql_select_db(’mydatabase’);
$rs = mssql_query(’select * from mytable’);
list($column01) = mssql_fetch_row($rs);
echo $column01;
?>

It show mytable if success.

Adding new hard drives on an installed Linux Server

Here’s another good tutorials in adding HD in Linux

Ref:  http://www.freelinuxtutorials.com/
—————————————————————————————————————

These are the steps on adding additional hard drives on a pre-installed Linux server.

Drives will be detected and can be checked thru the “dmesg” command.

[root@localhost ~]#fdisk /dev/cciss/c0d1

press n to create partition, just use the default settings for it
press w to write exit

3.    Create ext3 filesystem

[root@localhost ~]# mkfs.ext3 /dev/cciss/c0d1p1

4.    Mount that drive to test but first create a directory where to mount it.

[root@localhost ~]#mkdir /data
[root@localhost ~]#mount -t auto /dev/cciss/c0d1p1 /data

This is a preview of Quick tip: Adding new hard drives on an installed Linux Server. Read the full post (314 words, estimated 1:15 mins reading time)

 Here’s the continuation of the full post above

Quick tip: Adding new hard drives on an installed Linux Server

Posted in Quick Tips & Tricks by tux No Comments

These are the steps on adding additional hard drives on a pre-installed Linux server.

Drives will be detected and can be checked thru the “dmesg” command.

[root@localhost ~]#fdisk /dev/cciss/c0d1

press n to create partition, just use the default settings for it
press w to write exit

3.    Create ext3 filesystem

[root@localhost ~]# mkfs.ext3 /dev/cciss/c0d1p1

4.    Mount that drive to test but first create a directory where to mount it.

[root@localhost ~]#mkdir /data
[root@localhost ~]#mount -t auto /dev/cciss/c0d1p1 /data

5.    Verify if its mounted already.
[root@localhost cciss]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
65G  2.2G   59G   4% /
/dev/cciss/c0d0p1      99M   12M   83M  12% /boot
tmpfs                1005M     0 1005M   0% /dev/shm
/dev/cciss/c0d1p1     135G  188M  128G   1% /data

6.    We need to put the mount function on startup so in case of shutdown or reboot, the new HDD is still be recognized by the system

#vi /etc/fstab

Add this line:

/dev/cciss/c0d1p1       /data                    ext3    defaults        1 3

wherein:
/dev/cciss/c0d1p1 – device to be mounted
/data – mount point
ext3 – type of filesystem
defaults – mount options, Uses the default options that are rw, suid, dev, exec, auto, nouser, and async.
1 3 – dump and fsck options (5th column is dump options, checks and uses the number to decide if a filesystem should be backed up; 6th column is the order the filesystems should be checked by fsck.

Save and exit

7.    Verify if the config is correct on /etc/fstab after changes
[root@localhost cciss]#mount –av
[root@localhost cciss]#df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
65G  2.2G   59G   4% /
/dev/cciss/c0d0p1      99M   12M   83M  12% /boot
tmpfs                1005M     0 1005M   0% /dev/shm
/dev/cciss/c0d1p1     135G  188M  128G   1% /data

As you can see c0d1p1 already recognized on the system.

8.    Reboot the server and check for errors, then issue again the “df” command to see if the new partition/drive is already there.

quick tip: rotating tomcat logs via cronolog

Posted in Quick Tips & Tricks by tux | No Comments

1.compile cronolog (http://cronolog.org) and install it on /usr/local/sbin
2. backup orig /usr/local/apache-tomcat-5.5.20/bin/catalina.sh  on /root
3. edit lines on catalina.sh from
org.apache.catalina.startup.Bootstrap “$@” start \
>> “$CATALINA_BASE”/logs/catalina.out 2>&1 &

to

org.apache.catalina.startup.Bootstrap “$@” start 2>&1 \
| /usr/local/sbin/cronolog “$CATALINA_BASE”/logs/catalina.out.%Y-%m-%d >> /dev/null &

4. Removed the line
touch “$CATALINA_BASE”/logs/catalina.out

5. Restart web service
#/usr/local/tomcat/bin/shutdown.sh
# service httpd stop
# /usr/local/tomcat/bin/startup.sh
#service httpd start

TESTING

1.    Check tomcat logs to see generated Catalina.out per day
# ls -la /usr/local/tomcat/logs

-rw-r–r–   1 root root      65607 Nov  6 14:55 catalina.out.2007-11-06

2.    browse ww2.freelinuxtutorials.com and login using test account to see if tomcat is working

This is a preview of quick tip: rotating tomcat logs via cronolog. Read the full post (121 words, estimated 29 secs reading time)

Installation of GeoIP Information for AWStats

Posted in Working with Servers by tux | No Comments

This is a continuation procedure for AWStats installation.

PROCEDURES:

GeoIP Information will show country information in AWStats.

1.    Download the current GeoLite Country from the internet
1. #wget http://www.maxmind.com/download/geoip/database/GeoIP.dat.gz

2.    Create GeoIP directory
# mkdir /usr/local/share/GeoIP

3.    Move data files to directory and unzip.
#mv GeoIP.dat.gz /usr/local/share/GeoIP/
#gunzip /usr/local/share/GeoIP/GeoIP.dat.gz

4.    Install the GeoIP program
#wget http://www.maxmind.com/download/geoip/api/c/GeoIP-1.4.3.tar.gz
#cd /usr/local/src
#tar zxvf GeoIP-1.4.3.tar.gz
#cd /usr/local/src/GeoIP-1.4.3
#./configure
#make
#make check
#make install

#vi /etc/ld.so.conf
add the line:
/usr/local/lib

#ldconfig

5.    Install Geo::IP Perl Module

#wget http://www.maxmind.com/download/geoip/api/perl/Geo-IP-1.27.tar.gz

This is a preview of Installation of GeoIP Information for AWStats. Read the full post (111 words, estimated 27 secs reading time)

Installation and Configuration of AWStats on Apache Web Server

I found this using this while browsing the internet…Enjoy!

http://www.freelinuxtutorials.com/working-with-servers-or-daemon/installation-and-configuration-of-awstats-on-apache-web-server/

________________________________________________________________________________________________

Here are the steps in installing AWstats on Apache Web Server as your web log analyzer and statistics:

STEPS:

Assuming VirtualHost setting is already added on the httpd.conf, and the log is customized already for a combined log.

Example:
#<VirtualHost support.freelinuxtutorials.com:80>
ServerAdmin webmaster@support.freelinuxtutorials.com
DocumentRoot /home/www/support.freelinuxtutorials.com
ServerName support.freelinuxtutorials.com
ErrorLog /var/log/httpd/support.freelinuxtutorials.com-error_log
CustomLog /var/log/httpd/support.freelinuxtutorials.com-combined_log combined

If not httpd.conf should be modified to customized the log of a particular website

CustomLog /yourlogpath/yourlogfile common
to
CustomLog /yourlogpath/yourlogfile combined

1.    Download the latest stable awstats.tar.gz  from the internet or get it from PHMFILE server (\\phmfile\c$\MIS Operation Software\Installer & Application\awstats)

#cd /usr/local/
#wget http://prdownloads.sourceforge.net/awstats/awstats-6.7.tar.gz

2.    Uncompress the tarball file and rename the directory to awstats

#tar zxvf awstats-6.7.tar.gz
#mv awstats-6.7 awstats
#cd awstats
#/tools/awstats_configure.pl

It will ask for series of questions, just input the necessary details.

Example:

a.
—– AWStats awstats_configure 1.0 (build 1.7) (c) Laurent Destailleur —–
This tool will help you to configure AWStats to analyze statistics for
one web server. You can try to use it to let it do all that is possible
in AWStats setup, however following the step by step manual setup
documentation (docs/index.html) is often a better idea. Above all if:
- You are not an administrator user,
- You want to analyze downloaded log files without web server,
- You want to analyze mail or ftp log files instead of web log files,
- You need to analyze load balanced servers log files,
- You want to ‘understand’ all possible ways to use AWStats…
Read the AWStats documentation (docs/index.html).

—–> Running OS detected: Linux, BSD or Unix

—–> Check for web server install

Enter full config file path of your Web server.
Example: /etc/httpd/httpd.conf
Example: /usr/local/apache2/conf/httpd.conf
Example: c:\Program files\apache group\apache\conf\httpd.conf
Config file path (’none’ to skip web server setup):

Input the location of your web config

    /etc/httpd/conf/httpd.conf

b.
—–> Check and complete web server config file ‘/etc/httpd/conf/httpd.conf’

—–> Update model config file ‘/usr/local/awstats/wwwroot/cgi-bin/awstats.model.conf’
File awstats.model.conf updated.

—–> Need to create a new config file ?
Do you want me to build a new AWStats config/profile
file (required if first install) [y/N] ?Y

Type Y to create a new awstats config

c.
—–> Define config file name to create
What is the name of your web site or profile analysis ?
Example: www.mysite.com
Example: demo
Your web site, virtual server or profile name:
>www.mysite.com

wherein www.mysite.com is the name of your config file

d.
—–> Define config file path
In which directory do you plan to store your config file(s) ?
Default: /etc/awstats
Directory path to store config file(s) (Enter for default):
    /etc/awstats

Specify the location you want to store your config file

—–> Add update process inside a scheduler
Sorry, configure.pl does not support automatic add to cron yet.
You can do it manually by adding the following command to your cron:
/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=www.mysite.com
Or if you have several config files and prefer having only one command:
/usr/local/awstats/tools/awstats_updateall.pl now
Press ENTER to continue…

Press ENTER to continue (just manual set the crontab script once finish with the installation)

e.
A SIMPLE config file has been created: /etc/awstats/awstats.www.mysite.com.conf
You should have a look inside to check and change manually main parameters.
You can then manually update your statistics for ‘www.mysite.com’ with command:
> perl awstats.pl -update -config=www.mysite.com
You can also read your statistics for ‘www.mysite.com’ with URL:
> http://localhost/awstats/awstats.pl?config=www.mysite.com

Press ENTER to finish…

3.    awstats_configure.pl will then add, if not already present, the following directives to your Apache configuration file
Inspect the httpd.conf file if not added, then add this lines:

#
# Directives to add to your Apache conf file to allow use of AWStats as a CGI.
# Note that path “/usr/local/awstats/” must reflect your AWStats Installation path.
#
Alias /awstatsclasses “/usr/local/awstats/wwwroot/classes/”
Alias /awstatscss “/usr/local/awstats/wwwroot/css/”
Alias /awstatsicons “/usr/local/awstats/wwwroot/icon/”
ScriptAlias /awstats/ “/usr/local/awstats/wwwroot/cgi-bin/”
#
# This is to permit URL access to scripts/files in AWStats directory.
#
<Directory “/usr/local/awstats/wwwroot”>
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>

4.Edit your awstats configuration file based on your web settings.

# vi /etc/awstats/awstats.www.mysite.com.conf

These are the following lines that need to modify

a. LogFile
b. LogType
c. LogFormat
c. SiteDomain

Example config file:

LogFile=”/var/log/httpd/support.freelinuxtutorials.com-combined_log”
LogType=W
LogFormat=1
SiteDomain=”www.mysite.com”

AllowToUpdateStatsFromBrowser=0  (optional, you can set 1 so you can update the stats via the Browser)

4.    Update the statistics database. It is recommended that you update it manually via the command line since the process may be long and it’s easier to solve problems when you can see the command output

#usr/local/awstats/wwwroot/cgi-bin/awstats.pl -config=www.mysite.com –update

Update for config “/etc/awstats/awstats.mysite.conf”
With data in log file “/pathtoyourlog/yourlog.log”…
Phase 1 : First bypass old records, searching new record…
Searching new records from beginning of log file…
Phase 2 : Now process new records (Flush history on disk after 20000 hosts)…
Jumped lines in file: 0
Parsed lines in file: 225730
Found 122 dropped records,
Found 87 corrupted records,
Found 0 old records,
Found 225521 new qualified records.

Note: to update the old log file, you just need to change the LogFile to the old log file you want to update.

Example:
On your /etc/awstats/awstats.www.mysite.com.conf

From
LogFile=”/var/log/httpd/support.freelinuxtutorials.com-combined_log”
To
LogFile=”/var/log/httpd/support.freelinuxtutorials.com-combined_log.1″

5. View Site Statistics

Access it using your favorite browser. Type
http://www.mysite.com/awstats/cgi-bin/awstats.pl?config=www.mysite.com

6. Create crontab script in order to update the  log file analysis
#crontab –e

add this line
example:

0 * * * * /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -config=www.mysite.com -update > /root/awstatsjob/awstats.log

7.  You can follow “Installation of GeoIP Information for AWStats” documentation to have a country information on your web/mail/ftp statistics.

SETTING UP HTACCESS ON AWSTATS for ADDED SECURITY

1.    Add these lines on httpd.conf to configure htaccess file

#vi /etc/httpd/conf/httpd.conf

# This is to permit URL access to scripts/files in AWStats directory.
#
<Directory “/usr/local/awstats/wwwroot”>
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>

<Directory “/usr/local/awstats/wwwroot/cgi-bin”>
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all

AuthType basic
AuthName “NOC Authentication”
AuthUserFile /etc/awstats/awstats.htpasswd

<Files awstats.pl>
Require valid-user
</Files>
</Directory>

2.    Configure htpasswd file

#cd /etc/awstats/
#htpasswd –c awstats.htpasswd username

New password:
Re-type new password:
Adding password for user username

3.    Adding new users

To add new users, use the same command without the -c switch

#htpasswd awstats.htpasswd darwin

To delete users, open the htpasswd file and delete the line you want to remove

4.    Test the configuration

Open the browser and then type the URL. If it is successful, you should get a dialog box prompting for your username and password. Type the username/password you configured on your htaccess file

SETUP AWSTATS for FTP LOG ANALYSIS

Since we are using vsFTPd as our FTP server, the log file is in xferlog format. Installation is just the same for web statistics except for awstats configuration where LogType is F (stand for FTP) and LogFormat based on your FTP log format

1.    Check your ftp log format

#cd /var/log/
#less xferlog

Take a look at your FTP server log file. You must have a format that match the following example to use
Wed Jan 01 19:29:35 2001 1 192.168.1.1 102 /home/file1.txt b _ o r username ftp 0 * c

Example:

#less /var/log/xferlog
Sun Dec 16 19:57:13 2007 16 59.94.74.165 561976 /softphone/freelinuxtutorialsSetup.MSI b _ o
a IEUser@ ftp 0 * i

2.    Setup AWStats to analyze FTP log

#vi /etc/awstats/awstats.ftp.conf

Modify the config file (lines below in bold are the important, others can stay in default)

LogFile=”/var/log/xferlog”
LogType=F
LogFormat=”%time3 %other %host %bytesd %url %other %other %method %other %logname %other %code
%other %other”
LogSeparator=”\s”
NotPageList=””
LevelForBrowsersDetection=0
LevelForOSDetection=0
LevelForRefererAnalyze=0
LevelForRobotsDetection=0
LevelForWormsDetection=0
LevelForSearchEnginesDetection=0
ShowLinksOnUrl=0
ShowMenu=1

ShowSummary=UVHB
ShowMonthStats=UVHB
ShowDaysOfMonthStats=HB
ShowDaysOfWeekStats=HB
ShowHoursStats=HB
ShowDomainsStats=HB
ShowHostsStats=HBL
ShowAuthenticatedUsers=HBL
ShowRobotsStats=0
ShowEMailSenders=0
ShowEMailReceivers=0
ShowSessionsStats=1
ShowPagesStats=PBEX
ShowFileTypesStats=HB
ShowFileSizesStats=0
ShowBrowsersStats=0
ShowOSStats=0
ShowOriginStats=0
ShowKeyphrasesStats=0
ShowKeywordsStats=0
ShowMiscStats=0
ShowHTTPErrorsStats=0
ShowSMTPErrorsStats=0

Using client certificate with Apache and Subversion

I somehow came across on this SSL using apache and subversion, it might be useful to some of us!

 

This is not a typical use case for anyone who uses the client certificate with Apache and Subversion.  In general, the client certificate is used for all Apache requests including the SVN related ones. This use case is bit different, and uses client certificates for all Apache requests, but not for Subversion requests. This sounds like a straightforward configuration in Apache configuration file, but it is not.

Usual workaround

The SSLVerifyClient optional directive is used to enforce client certificate based authentication. If it is specified at the <Location /> directive, all non-Subversion requests goes through client certificate based authentication. The SSLVerifyClient none directive is used to avoid using client certificate based authentication. If it is specified at the <Location /svn> directive, the Subversion requests do not  go through this authentication.

413 — Request Entity Too Large

If we use the above workaround, we face 413 Request Entity Too Large while uploading large files using POST method. This is due to bug 12355. According to this bug report, if SSLVerifyClient optional directive is specified at <Location /> directive, the user will face this issue. The bug report claims that it is fixed in Apache 2.0.55, but I faced this issue even in Apache 2.2.11.

The work around is to specify SSLVerifyClient optional at the virtual host level. But then, this setting can be overridden only using <Directory> directive. In our case, it can not be overridden using <Location /svn> directive. Thus the client certificate based authentication is enforced even for SVN requests.

SSLRenegBufferSize directive in Apache 2.2.12

The issue 413 Request Entity Too Large error is occurred when the SSL Renegotiation is attempted, because we specified SSLVerifyClient optional at <Location /> directive. The default size is 2048 bytes, which is not sufficient. In Apache 2.2.12, SSLRenegBufferSize directive is introduced precisely to configure the buffer size. I have not tried this in Apache 2.2.12 yet.

Snippet from Apache 2.2.12 changelog file.

*) mod_ssl: Add SSLRenegBufferSize directive to allow changing the
   size of the buffer used for the request-body where necessary
   during a per-dir renegotiation. PR 39243. [Joe Orton]

The Hack to overcome this issue

We can not use SSLVerifyClient optional at virtual host level. We also can not let SVN requests go through client certificate based authentication.

We skipped the client based authentication for specific servlets which supports file upload, as far as Apache is concerned. We modified the code to still authenticate using client certificate only for these servlets. By using the following directive we fixed this issue. We also avoid specifying the SSLVerifyClient optional directive at <Location /> directive.

<LocationMatch “^/servlets/(?!(fileUpload1|fileUpload2))”>

  SSLVerifyClient optional
  SSLVerifyDepth 2
</LocationMatch>
 

This is not a perfect solution, but it solves the problem on hand. We should upgrade to Apache 2.2.12 and verify if SSLRenegBufferSize directive fixes the problem cleanly.

About the Author

Bhuvaneswaran Arumugam is part of an Engineering Team, customizing the flagship product CollabNet TeamForge as per the client requirements. He spends some time contributing to the Open source projects Subversion and Ubuntu. In recent times, he worked on adding new sections in the Ubuntu Server Guide for the next release, Karmic. You can follow Bhuvaneswaran on Twitter: http://twitter.com/livecipher

User file ownership using vista

Well, its been a while since i was not posting blogs on this, untill recently i found a good way to edit windows file using user ownership.

So to begin with, follow this steps.

First, open an administrator command prompt by typing cmd into the start menu search box, and hit the Ctrl+Shift+Enter key combination.

To take ownership of the file, you’ll need to use the takeown command.

At the command prompt type: takeown /f c:\windows\system32\file.dll

That will give you ownership of the file, but you still have no rights to delete, move and rename it.  Next, you need to run the cacls command to give yourself full control rights to the file:

At the command prompt type: cacls c:\windows\system32\file.dll /G your username:F

Make sure that you replace “your username” with your username exactly as it is spelled for the currently active user account on your computer.

At this point, you should be able to change the file.  Rename the file from file.dll to file.dll.old.  Next, copy the new source file that you downloaded from above to c:\windows\system32.

Once the file has been replaced you need to set the permissions back to its original state.  Locate nlasvc.dll in c:\windows\system32 in the Windows File Manager.  Right mouse button click on the file and choose Properties.

Click Security tab; Click Advanced button; Click Owner tab; Click Edit button; Click Other User or Group and type in NT SERVICE\TrustedInstaller.

Press Ok on all dialogs until all property dialogs are closed.  Restart the PC and you should be back in business.

backup server

Im looking for a good backup server and this is the one i found using linux, i will be adding more.

Bacula server for linux

www.http://www.dirvish.org/
http://wiki.edseek.com/howto:dirvish#installing_dirvish

Copyright notice in Joomla 1.5x

1 day ago when i changed my joomla template, the copyright notice appear on all my page. This prompt me to look for solution in removing the notice.

I found it in the joomla forum.

Here’s how:

Thats it! simple isnt it…

Reference: http://forum.joomla.org/viewtopic.php?f=32&t=276726&start=0

Problem with sh404sef

I found this problem while installing the sh404sef, good thing is…there is procedures in reinstalling it.

HERE’s HOW!

Uninstall sh404

As stated, sometimes you may have to uninstall sh404 totally in order to upgrade. First, perform a manual uninstall and upgrade. If this doesn’t work, then you can delete all the sh404 files via FTP. All these should be deleted:

• the folder (= directory): components/com_sef
  
• the folder: administrator/com_sef
  
• the files: shCustomTags.php, shCustomtags.xml — these are in /modules/
• any file or folder with sh404sef in its name in the /media/ directory (they are used for holding configs while upgrading)

After this you should be able to reinstall or upgrade. 
 

sh404sef configuration unwriteable

Another reason for upgrade or config failures is that file permissions are too tight. You don’t have high enough permissions set on the files in order to write to them. You can change this in the CMS backend (Site >> Global Configuration >> Server tab — file permissions); or via FTP; or via the server control panel (cPanel, Ensim) File Manager. If this doesn’t work then it could be that your server settings are not correct - the file ownership setting is wrong.

But try uninstalling / deleting the old sh404 version completely first. You shouldn’t lose any URLs or meta, they are in the database and the new sh404 version will retrieve them. I have never lost any data when upgrading, even when I had to delete files and folders via FTP. But you could play safe and get a DB backup though.

Reference:

http://www.a3webtech.com/index.php/install-sh404.html

 HERE’s Another Info!

This component rewrites Joomla! URLs to be Search Engine Friendly. It has plugins, for handling various components, can work without .htaccess, build up meta tags automatically or manually, and more. Please note this is still beta software, which means that we are still in the debugging process and some functions or behaviors may change in next version.

Joomla Front Page Slide Show V2

I came across this problem in Joomla 1.5.x in installing FPSS V2.

So to tweak it, follow this…

FOR JOOMLA 1.5.x
—————————————–
The J1.5 changes to the above examples are…

Code:

<jdoc:include type="modules" name="fpss" />

instead of

Code:

<?php mosLoadModules(‘fpss’,-2);?>

and to add this “fpss” module position in joomla, you need to edit the XML file of your joomla’s template. For example, if you’re using the default “rhuk_milkyway” template, simply navigate to templates/rhuk_milkyway, edit templateDetails.xml and add the line

Code:

<position>fpss</position>

at the bottom of the “positions” block, so

Code:

• 	<positions>		<position>breadcrumb</position>		<position>left</position>		<position>right</position>		<position>top</position>		<position>user1</position>		<position>user2</position>		<position>user3</position>		<position>user4</position>		<position>footer</position>		<position>debug</position>		<position>syndicate</position>	</positions>

will become

Code:

/*	<positions>		<position>breadcrumb</position>		<position>left</position>		<position>right</position>		<position>top</position>		<position>user1</position>		<position>user2</position>		<position>user3</position>		<position>user4</position>		<position>footer</position>		<position>debug</position>		<position>syndicate</position>                <position>fpss</position>	</positions> */

That’s it!

 To put the FPSS in your front page. put  <jdoc:include type=”modules” name=”fpss” /> code above

 ”<jdoc:include type=”component”

After that create module template and name it Frontpage Slidesshow removing the default templates created during installation.

 Thats it!

 Reference:

http://forum.joomlaworks.gr/index.php?action=printpage;topic=3262.0

 UNINSTALL/REINSTALL

Do this when uninstalling:

You must fully uninstall the component and the module and reinstall it again.
Please do the following:

- Uninstall all FPSS components and modules
- Make sure the following folders do not exist
administrator/components/com_fpss
components/com_fpss
modules/mod_fpss

Then re-install. If the files did not properly get deleted previously then it’s either a server files permission issue OR you uploaded the new version without uninstalling the old one.

Joomla login

I was modifying my website using joomla login modules only to find out that the main culprit is in the joomla templates.css and not the login modules templates! Took me almost a day to find out what is really going on…what a crap!!

Culprit can be found in the templates area itself:

/* blue */input,button {    border:1px solid #74a0dd;
    background: #transparent;
}

Changed the border color to your liking

I used this on templates siteground-j15-14

Thats it!!