Lately I updated the Ubuntu 12.04 where I run Zimbra 8.x and found that the log file of ‘clamd’ process was filling incredibly fast with the follwoing error line and the emails received’s subject were tagged with ‘**UNCHECKED**’ LibClamAV Error: mpool_malloc(): Attempt to allocate 8388608 bytes. Please report to http://bugs.clamav.net Finally I found a solution …
Category: Linux
Linux Tips and tricks, either for desktop or internal system.
Preferring use of ipv4 instead of ipv6 for DNS IP resolution in Debian
The last time I did an apt-get update in a specific Debian Wheezy I could not connect to the repositories because apt was preferring to use the IPv6 first. So here is a simple solution to system-wide add a preference to ipv4 in DNS IP resolution: Edit the file /etc/gai.conf and add the following line …
Making rpcbind(previously portmap, port 111) more secure
Introduction: I often use NFS files system between servers of the same internal network. But because having rpcbind open to Internet is considered insecure, I needed to protect it. I could have done this with the firewall, but since the only service I wanted to protect from Internet access I didn’t want to bother with …
Blocking all traffic from individual countries using IPSet and IPTables
Introduction: As I looked at the syslog I found too often that SSH login attacks are coming either from China or from Russia. Having enough of that, and anyway not expecting any traffic from any of these countries, although I use fail2ban still I decided to block any traffic coming from these 2 countries. Fail2ban …
Adding a new service to Linux systemd
Since the System V is slowly being phased out one most likely needs to learn how to get along with SYSTEMD which is much more powerful. For example, one useful feature is to automatically restart services that stop on their own. Such features are found for example in BluePill etc. With Systemd there is no …
Resetting MariaDB root password in Ubuntu 16.04 LTS
Introduction: Becasue it’s such a good article and don’t want to lose it, this following article is a full copy (with maybe some minor changes) taken from this site: http://tecadmin.net/steps-to-reset-mariadb-root-password-in-linux/# Step 1: Stop MariaDB Service First we need to stop MariaDB service using following command. # /etc/init.d/mysql stop Shutting down MySQL. [ OK ] Step …
Installing GRUB2 on mdadm software Raid in Debian Wheezy/Jessie
Principle: If you look at the result of the command df -h and you are using the mdmadm software RAID 1 then you can only see the /dev/mdx partitions. eg. Filesystem Size Used Avail Use% Mounted on /dev/md2 1.8T 524G 1.2T 31% / udev 10M 0 10M 0% /dev tmpfs 3.1G 288K 3.1G 1% /run …
Enabling SPDY and Strict-Transport-Security to NginX in Ubuntu 14.04
In Ubuntu 14.04 NginX is been compiled with the SPDY capability. To use it one must enable it inside the server {…} block for each virtual host. eg. server { server_name mprofi.com www.mprofi.com; root /var/www/mprofi.com; index index.php; # # Added to handle HTTP and HTTPS and SPDY listen 80; listen 443 ssl spdy; ssl_certificate /etc/letsencrypt/live/www.mysite.com/fullchain.pem; …
Activating SPDY in Apache 2.4 (Ubuntu 14.04)
SPDY is a new protocol created by Google and given to the Apache Foundation which allows faster Web traffic under SSL. Apache 2.4 is SPDY capable but its module is not included in Ubuntu 14.04 LTS Server. Here are some instructions that allow to get, install and enable SPDY feature foe Apache 2.4 under Ubuntu …
Installing Webmin in Debian 8(Jessie)
These instructions are a ‘Plagiat’ of the site: http://www.christophe-casalegno.com/2015/07/14/how-to-install-webmin-on-debian-8/ To install webmin on Debian 8 just follow this instructions : cd /root wget http://www.webmin.com/jcameron-key.asc apt-key add jcameron-key.asc echo “deb http://download.webmin.com/download/repository sarge contrib” >> /etc/apt/sources.list echo “deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib” >> /etc/apt/sources.list apt-get update apt-get -y install webmin If it’s too long for you, you can …
Some DOCKER Commands
Here are a few basic Docker commands: Also see: https://github.com/wsargent/docker-cheat-sheet Installing the latest Docker environment in Linux: curl -sSL https://get.docker.com/ | sh Start the docker terminal in OSX bash –login ‘/Applications/Docker/Docker Quickstart Terminal.app/Contents/Resources/Scripts/start.sh’ Info: Container Names without ‘/’ in the name refers to basic public containers templates Containers Names with a ‘/’ refers to user …
Useful ps options
Here are some (growing) tricks in order to get the maximum of the PS command: I set the command’s options in an alias to simplify the running of it. alias psa=’ps –headers axf -o pid,ppid,pri,state,user:15,group:15,nlwp,%cpu,%mem,rss,vsz,maj_flt,time,start,comm’ # One advantage of this above command is that it displays the username in its full length even if it’s …
Fixing Spamassassin in Debian Jessie(8)
Introduction: For a long time under Debian Wheezy Spamassassin was running quite well until I upgraded the system to Jessie. That is when Spamassassin(spamd) started to crash every now and then without giving much reasons why. Cause of error message: Looking in the system logs(/var/log/syslog) I found the following error: spamd[7490]: util: refusing to untaint …
Using HTTPS as proxy backend in Apache 2.4
Introduction: In Apache 2.4 in a Vhost in order to be able to proxy to a backend with HTTPS using either a self-signed or expired certificate on the backend we need to include the following directives: SSLProxyEngine on SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off You also need to enable the required Apache2 modules …
Redirecting HTTP to HTTPS in NginX
Here is a working method of redirecting any requested HTTP URL to HTTPS in NginX VirtualHosts that handles both HTTP and HTTPS. For example, to have a single vhost support both HTTP and HTTPS you have normally the following directives: # Support for HTTP and HTTPS listen 80; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/www.myserver.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.myserver.com/privkey.pem; …
Testing SSL Connections with SSLyze, Nmap or OpenSSL
Introduction: OpenSSL is a great tool to check SSL connections to servers. The difficulty here is when one want a full scan of all possible SSL Cyphers and protocols used by a server. That is where SSLyze comes in handy. This tool is a Python script which will scan the target host/port for SSL handshake …
Verifying the validity of an NFS mount
Introduction: Every now and then if an NFS mount is no more connected to the server or something goes wrong with the NFS connection, running the command ‘ls mountpoint’ hangs the terminal till I press CTRL-C. So I tried to figure out a script that will be run as cron job and will tell me …
Checking the Health of LSI Logic / Symbios Logic MegaRAID SAS 2108 RAID Controller
Introduction: This HowTo show how to check the health of Hard Disks connected to a ‘LSI Logic/Symbios Logic MegaRAID SAS 2108’ RAID controller. We look for its presence in the system: lspci | grep RAID Example Result: 01:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID SAS 2108 [Liberator] (rev 05) Bingo!, we can …
Debian Jessie official repositories list
Here are the official repositories for Linux Debian Jessie (8.0). This should be entered in the file: /etc/apt/sources.list # Debian Jessie deb http://security.debian.org/ jessie/updates main deb-src http://security.debian.org/ jessie/updates main deb http://ftp.at.debian.org/debian/ jessie main contrib non-free deb-src http://ftp.at.debian.org/debian/ jessie main contrib non-free To make sure the GPG key is also saved locally to avoid Key error …
Creating a new Xen Debian virtual machine from scratch
Introduction: In this tutorial a new virtual machine based on Debian Jessie distribution will be created from scratch with minimal components. Assumption: The Xen Hypervisor should already be installed and running in the main system (DOM0). Creating the Xen Virtual Machine This virtual machine will be created with the xen tools which bootstraps the creation …