Category: Linux

Linux Tips and tricks, either for desktop or internal system.

Email, Linux, Postfix

Blocking reception of full TLDs

Intro: Lately I was receiving a lot of spam from a ‘.date’ TLD sources and wanted to block all these emails using Postfix. Here is a solution found at: https://serverfault.com/questions/728641/blacklisting-tld-in-postfix/728658 Steps: Install the Postfix PCRE dictionary apt-get install postfix-pcre Configure postfix postconf -e smtpd_sender_restrictions=pcre:/etc/postfix/rejected_domains postconf -e reject_unauth_destinations=pcre:/etc/postfix/rejected_domains Edit the new file /etc/postfix/rejected_domains with the following …

Email, Linux, Postfix, Security, Systemd

OpenDKIM doesn’t start after Upgrade from Jessie to Stretch

Introduction: After having done a dist-upgrade fo Jessie to Stretch OpenDKIM didn’t start any more. After research I found the answer which worked for me in this site: https://serverfault.com/questions/847435/cant-change-opendkim-socket-in-debian-stretch-in-etc-default-opendkim INFO: I’m using the ‘inet’ socket for the communication between Postfix and OpenDKIM at port 12345. eg. My config in of OpenDKIM in Postfix: milter_default_action = …

Linux, Monitoring

Some Zabbix tools

Introduction: In order to debug some Zabbix problems here are some tools I gathered to help. Requirements: Installation of the package zabbix-get in the monitoring server apt-get install zabbix-get Installation of the package zabbix-agent in the monitored hosts. apt-get install zabbix-agent TIP: In order to programmatically (using bash for example) create scripts that monitor anything …

Apache, Linux, NGinX

piwik: Could not open input file: ./console

Introduction: In order to know the location of the visits your website received before you started using Piwik with GeoIP you need to run a command. The reference to this command is at: https://piwik.org/faq/how-to/faq_167/ Problem: Unfortunately after having logged in as root in the server this command gave me the following error: Could not open …

GlusterFS, Linux

Prepare Debian Stretch for Installing GlusterFS 3.12

In order to install this version of GlusterFS we need to add the repositories: Ref: https://download.gluster.org/pub/gluster/glusterfs/LATEST/Debian/ echo deb [arch=amd64] http://download.gluster.org/pub/gluster/glusterfs/3.12/LATEST/Debian/stretch/apt stretch main > /etc/apt/sources.list.d/gluster.list wget -O – http://download.gluster.org/pub/gluster/glusterfs/3.12/rsa.pub | apt-key add – apt-get update apt-get install glusterfs-server xfsprogs Format the dedicated partition for GlusterFS synchronized data: eg. /dev/xvda3 mkfs.xfs -f -i size=512 /dev/xvda3 Example of …

Email, Linux, Postfix

Transferring IMAP account mails and folders to another IMAP account on another server

Introduction: The other day I was asked to install a completely new email server and transfer all the email accounts from the old mail server to the new one. I noticed that since the new mail server was using a different mail INBOX format I had to do some research and found this really good …

Linux, Monitoring

Installing Filebeat, Logstash, ElasticSearch and Kibana in Ubuntu 14.04

PREPARATIONS #Ref: https://www.elastic.co/guide/en/logstash/current/installing-logstash.html First install Java 8 in Ubuntu 14.04 # Ref: https://www.liquidweb.com/kb/how-to-install-oracle-java-8-on-ubuntu-14-04-lts/ apt-get install python-software-properties software-properties-common apt-add-repository ppa:webupd8team/java apt-get update apt-get install oracle-java8-installer java -version Result: java version “1.8.0_144” Java(TM) SE Runtime Environment (build 1.8.0_144-b01) Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode) Facilitate updating of all packages via APT repositories apt-get install …

Atlassian, Linux, Security

Disabling the admin security password confirmation in Jira and Confluence

Introduction: Although in Jira and Confluence the WebSudo, requesting the confirmation of the administrator’s password, are neat security features if you are working in a company where the chances of someone fiddling around with your computer are high. BUT in a very small company, where this risk is almost none, this feature has proven very …

Apache, Email, Linux, Postfix, Security

Hardening the SSL security in Apache, Dovecot and Postfix

Introduction: After having gotten a report from OpenVAS that my SSL security level of the mail server were medium, I looked for ways to improve this. I found very good sites which helps me making these improvements: https://weakdh.org/sysadmin.html https://wiki.dovecot.org/SSL/DovecotConfiguration Click to access applied-crypto-hardening.pdf Based on this site and extending to cover dovecot mail service here …

Email, Linux, Postfix

Whitelisting Hosts in Postfix/Amavis

Introduction: I have an email server with very strong spam filtering and every now and then it does see the emails that I send from our own networks as SPAM. In order to bypass the SPAM scanner for those networks without bypassing the virus scanning of Amavis I found these instructions in Internet at: http://verchick.com/mecham/public_html/spam/bypassing.html#1 …

Linux, Security, Systemd

Mounting a remote directory using SSHFS in Debian Jessie

Introduction: If you want to mount a directory on a remote server via Internet NFS can be quite a challenge to protect. A good solution would then be to use SSHFS. Here is a shot Howto for Debian Jessie. Note: In Wheezy and in Jessie before I did an upgrade to the kernel 3.16.0-4-amd64, the …

Apache, Linux, Security

Installing TeamPass in Debian Jessie

Introduction: TeamPass is a very good Web application which can store securely Passwords for single person or teams. Here are the steps I used to install it in Debian Jessie. These instructions can also be used with no or minimal changes to install TeamPass in other Debian or Ubuntu systems. These instruction are partly based …

Linux, MAC OS X, Security

SSH doesn’t accept my key since upgrade Mac OS X to Sierra

Introduction: I have two MacBooks. One that still has Mavericks OS X and one that I just upgrade to Sierra OS X. Since the upgrade I can’t connect via SSH to one of my Linux servers using the RSA/DSA Keys any more. It always asks for a password. After adding the ‘-v’ option to the …

Linux, MAC OS X

Making a PC bootable USB stick using an .iso file on MAC

Introduction: Although Mac has been changed a lot since the days of Free-BSD it is still Unix and has lots of commands that are very compatible with the ones of its brother Linux. So here are the commands done in the Mac terminal which creates a bootable USB drive using an ISO file as the …

Linux, XEN

pygrub: Unable to find partition containing kernel

Introduction: Lately after I upgraded many packages in a Xen 4.4 DOMU VM the pygrub could not boot the VM any more. During the security update, the installed grub2(grup-pc), which never created any problems before with pygrub, got updated and suddenly it did create problems to boot the VM. Here is the error message I …

Bash, Linux

Force reboot a remote Linux server

Introduction: After having tried to do a reboot of a remote Linux server via the command reboot which had no effect, I tried to find a command that would force the server to reboot immediately. I found the commands that do exactly that at: https://major.io/2009/01/29/linux-emergency-reboot-or-shutdown-with-magic-commands/ Commands: echo 1 > /proc/sys/kernel/sysrq echo b > /proc/sysrq-trigger This …

Apache, Linux

Upgrading Apache2 from Debian Wheezy to Jessie

Introduction: As I tried to make a full distribution upgrade from Wheezy to Jessie the upgrade of Apache2 didn’t go well at all: dpkg kept coming up with dependencies errors and post-install scripts errors. Unfortunately I don’t have a sample of these errors here. Since I had to dist-upgrade over 30 servers of the same …

Linux, MySQL

Switch database type from H2 to MySQL in Atlassian Jira

Introduction: After having tested Jira and decided to keep it for production it is very recommended to change the type of database used by Jira. The default database at delivery time is H2(local file dB) and in this HOW-TO I describe what I had to do to execute that switch under Debian Jessie. Steps: References: …