Category: Linux

Linux Tips and tricks, either for desktop or internal system.

Apache, Linux, Security

Configuring Letsencrypt in ISPConfig 3.1

Intro: Since a while now the wonderful idea of creating the service Letsencrypt has made lots of admins happy. Here is how we can also use Letsencrypt with ISPConfig 3.1. Ref: https://www.howtoforge.com/community/threads/ssl-how-to-for-ispconfig-3-with-letsencrypt.74738/ STEPS: Define ISPconfig to use the new SSL certificate with symbolic links. (If you don’t know how to use symbolic links this how-to …

Email, Linux

Rectify mailman URLs after a hostname change

Intro: I had to change the server name of my mailman server. I changed it in /etc/mailman/mm_cfg.py as follows: # Default domain for email addresses of newly created MLs DEFAULT_EMAIL_HOST = ‘mailman.myserver.com’ #————————————————————- # Default host for web interface of newly created MLs DEFAULT_URL_HOST = ‘mailman.myserver.com’ BUT! Some links in the mailman site were OK …

Linux, Security

Blocking hosts blacklist and iptables

Intro: I happen to have sone attacks coming from specific hosts which I decided to block access to the server. Here is how I did it using a script which deletes and reload a full iptables CHAIN based on a file containing a list of IPs/Ranges. STEPS: Create a file called blacklist.txt with one IP/Range …

Email, Linux, Postfix

Blocking reception of full TLDs

Intro: Lately I was receiving a lot of spam from a ‘.date’ TLD sources and wanted to block all these emails using Postfix. Here is a solution found at: https://serverfault.com/questions/728641/blacklisting-tld-in-postfix/728658 Steps: Install the Postfix PCRE dictionary apt-get install postfix-pcre Configure postfix postconf -e smtpd_sender_restrictions=pcre:/etc/postfix/rejected_domains postconf -e reject_unauth_destinations=pcre:/etc/postfix/rejected_domains Edit the new file /etc/postfix/rejected_domains with the following …

Email, Linux, Postfix, Security, Systemd

OpenDKIM doesn’t start after Upgrade from Jessie to Stretch

Introduction: After having done a dist-upgrade fo Jessie to Stretch OpenDKIM didn’t start any more. After research I found the answer which worked for me in this site: https://serverfault.com/questions/847435/cant-change-opendkim-socket-in-debian-stretch-in-etc-default-opendkim INFO: I’m using the ‘inet’ socket for the communication between Postfix and OpenDKIM at port 12345. eg. My config in of OpenDKIM in Postfix: milter_default_action = …

Linux, Monitoring

Some Zabbix tools

Introduction: In order to debug some Zabbix problems here are some tools I gathered to help. Requirements: Installation of the package zabbix-get in the monitoring server apt-get install zabbix-get Installation of the package zabbix-agent in the monitored hosts. apt-get install zabbix-agent TIP: In order to programmatically (using bash for example) create scripts that monitor anything …

Apache, Linux, NGinX

piwik: Could not open input file: ./console

Introduction: In order to know the location of the visits your website received before you started using Piwik with GeoIP you need to run a command. The reference to this command is at: https://piwik.org/faq/how-to/faq_167/ Problem: Unfortunately after having logged in as root in the server this command gave me the following error: Could not open …

GlusterFS, Linux

Prepare Debian Stretch for Installing GlusterFS 3.12

In order to install this version of GlusterFS we need to add the repositories: Ref: https://download.gluster.org/pub/gluster/glusterfs/LATEST/Debian/ echo deb [arch=amd64] http://download.gluster.org/pub/gluster/glusterfs/3.12/LATEST/Debian/stretch/apt stretch main > /etc/apt/sources.list.d/gluster.list wget -O – http://download.gluster.org/pub/gluster/glusterfs/3.12/rsa.pub | apt-key add – apt-get update apt-get install glusterfs-server xfsprogs Format the dedicated partition for GlusterFS synchronized data: eg. /dev/xvda3 mkfs.xfs -f -i size=512 /dev/xvda3 Example of …

Email, Linux, Postfix

Transferring IMAP account mails and folders to another IMAP account on another server

Introduction: The other day I was asked to install a completely new email server and transfer all the email accounts from the old mail server to the new one. I noticed that since the new mail server was using a different mail INBOX format I had to do some research and found this really good …

Linux, Monitoring

Installing Filebeat, Logstash, ElasticSearch and Kibana in Ubuntu 14.04

PREPARATIONS #Ref: https://www.elastic.co/guide/en/logstash/current/installing-logstash.html First install Java 8 in Ubuntu 14.04 # Ref: https://www.liquidweb.com/kb/how-to-install-oracle-java-8-on-ubuntu-14-04-lts/ apt-get install python-software-properties software-properties-common apt-add-repository ppa:webupd8team/java apt-get update apt-get install oracle-java8-installer java -version Result: java version “1.8.0_144” Java(TM) SE Runtime Environment (build 1.8.0_144-b01) Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode) Facilitate updating of all packages via APT repositories apt-get install …

Atlassian, Linux, Security

Disabling the admin security password confirmation in Jira and Confluence

Introduction: Although in Jira and Confluence the WebSudo, requesting the confirmation of the administrator’s password, are neat security features if you are working in a company where the chances of someone fiddling around with your computer are high. BUT in a very small company, where this risk is almost none, this feature has proven very …

Apache, Email, Linux, Postfix, Security

Hardening the SSL security in Apache, Dovecot and Postfix

Introduction: After having gotten a report from OpenVAS that my SSL security level of the mail server were medium, I looked for ways to improve this. I found very good sites which helps me making these improvements: https://weakdh.org/sysadmin.html https://wiki.dovecot.org/SSL/DovecotConfiguration Click to access applied-crypto-hardening.pdf Based on this site and extending to cover dovecot mail service here …

Email, Linux, Postfix

Whitelisting Hosts in Postfix/Amavis

Introduction: I have an email server with very strong spam filtering and every now and then it does see the emails that I send from our own networks as SPAM. In order to bypass the SPAM scanner for those networks without bypassing the virus scanning of Amavis I found these instructions in Internet at: http://verchick.com/mecham/public_html/spam/bypassing.html#1 …

Linux, Security, Systemd

Mounting a remote directory using SSHFS in Debian Jessie

Introduction: If you want to mount a directory on a remote server via Internet NFS can be quite a challenge to protect. A good solution would then be to use SSHFS. Here is a shot Howto for Debian Jessie. Note: In Wheezy and in Jessie before I did an upgrade to the kernel 3.16.0-4-amd64, the …

Apache, Linux, Security

Installing TeamPass in Debian Jessie

Introduction: TeamPass is a very good Web application which can store securely Passwords for single person or teams. Here are the steps I used to install it in Debian Jessie. These instructions can also be used with no or minimal changes to install TeamPass in other Debian or Ubuntu systems. These instruction are partly based …

Linux, MAC OS X, Security

SSH doesn’t accept my key since upgrade Mac OS X to Sierra

Introduction: I have two MacBooks. One that still has Mavericks OS X and one that I just upgrade to Sierra OS X. Since the upgrade I can’t connect via SSH to one of my Linux servers using the RSA/DSA Keys any more. It always asks for a password. After adding the ‘-v’ option to the …

Linux, MAC OS X

Making a PC bootable USB stick using an .iso file on MAC

Introduction: Although Mac has been changed a lot since the days of Free-BSD it is still Unix and has lots of commands that are very compatible with the ones of its brother Linux. So here are the commands done in the Mac terminal which creates a bootable USB drive using an ISO file as the …

Linux, XEN

pygrub: Unable to find partition containing kernel

Introduction: Lately after I upgraded many packages in a Xen 4.4 DOMU VM the pygrub could not boot the VM any more. During the security update, the installed grub2(grup-pc), which never created any problems before with pygrub, got updated and suddenly it did create problems to boot the VM. Here is the error message I …