Rustybear BlogThu, 10 Aug 2006
Create a new SSL certificate for Apache
Go to /etc/apache-ssl and backup apache.pem before you do anything else. The
location of this file may be different depending upon your Apache setup.
Install the Debian package ssl-cert.
Check to make sure you have the standard template file:
/usr/share/ssl-cert/ssleay.cnf
If you don't, make sure you have openssl installed.
cd over to a temporary working directory that you have write access to.
Run the command:
make-ssl-cert /usr/share/ssl-cert/ssleay.cnf privkey.pem
This will create a private key for the server named privkey.pem.
When complete with this process, store this file off site.
Next run the command:
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
This will create a server certificate called cacert.pem, good for 3 years.
Next run the command:
cat privkey.pem cacert.pem > apache.pem
This will create the complete certificate needed for apache. Copy it over to
the directory where the pre-existing apache.pem was that you backed up
eariler.
Don't forget to move the privkey.pem off site.
Posted at: 21:36 | category: /configure | Comments ()
Settings for uploads using PHP/Apache
In Apache httpd.conf, add the following:..... other directives ..... php_value post_max_size "71M" php_value upload_max_filesize "70M" php_value memory_limit "70M"
Posted at: 21:36 | category: /configure | Comments ()
Install Debian Source Packages
Debian can be a bit tricky if you're not familiar with its method of building
source packages. Although this is covered in their faq somewhere, here is the
information.
apt-get build-dep fluxbox
apt-get source fluxbox
apt-get install fakeroot
apt-get install dpkg-dev
apt-get install automake
(You may already have fakeroot and dpkg-dev installed). Although apt-get
build-dep fluxbox should also install all necessary tools, I have found that I
also have to get automake.
This will bring you three files (version number correct as of January 2004)
fluxbox_0.1.14-2.orig.tar.gz, fluxbox_0.1.14-2.diff.gz and
fluxbox_0.1.14-2.dsc. You will also have a fluxbox-0.1.14 directory.
The next step is
dpkg-source -x fluxbox_0.1.14-2.dsc
I'm assuming you have wget or something similar, if not do a quick
apt-get install wget
Now, we patch
cd fluxbox-0.1.14/src
wget kitaj.no-ip.com/files/fluxbox/fluxbox-0.1.14-menukey.patch
patch < fluxbox-0.1.14-menukey.patch
Now to build and install the package. You are in the fluxbox-0.1.14/src directory
cd ../
dpkg-buildpackage -rfakeroot -b
This will take some time. When it's done
dpkg -i ../fluxbox_0.1.14-2_i386.deb
Posted at: 21:36 | category: /configure | Comments ()
Configure xterm
edit ~/.Xdefaults as appropriate look at /etc/X11/app-defaults/XTerm for ideas about what and how to change run 'xrdb -merge .Xdefaults' after editing to implement the changes
Posted at: 21:36 | category: /configure | Comments ()
To set up CUPS based printing
apt-get install hplip hpijs
This will install quite a few other things as well, including CUPS
Then go to:
http://localhost:631
and add a printer.
Present configurations include:
HP_Laserjet_2100TN
Device: AppSocket/HP JetDirect
Device URI: socket://10.10.10.99:9100
Make: HP (HPLIP)
Model: HP Laserjet 2100 Foomatic/hpijs
or
HP Laserjet 2100 Series Postscript
HP_Photosmart_7960
Device: Internet Printing Protocal (http)
Device URL: http://10.10.10.98:631/ipp/lpt2
Make: HP (HPLIP)
Model: HP Photosmart 7960 Foomatic/hpijs
Check by going to Printers/Manage Printers/Print Test Page.
Posted at: 21:36 | category: /configure | Comments ()
Compile a kernel the Debian way
apt-get install gcc kernel-package libc6-dev tk8.3 libncurses5-dev fakeroot
adduser kevin src
cd /usr/src
apt-get source kernel-soource-2.6.9
[dpkg will automatically unpack it for you]
ln -s kernel-source-2.6.9_2.6.9 linux
cd /usr/src/linux
rm -rf /debian
cd /usr/src/linux/scripts
./ver_linux
[to see if you've got everything you need]
cd /usr/src/linux
cp /boot/config-2.4.23 .config
make menuconfig
[do your config selection stuff]
make-kpkg clean
make-kpkg --revision $(date +'%Y%m%d') --append-to-version $(hostname) --rootcmd fakeroot clean
make-kpkg --revision $(date +'%Y%m%d') --append-to-version $(hostname) --rootcmd fakeroot kernel_image modules_image;
cd /usr/src
ls -l
...
kernel-image-2.6.9chilkoot_20041220_i386.deb
...
dpkg -i kernel-image-2.6.9chilkoot_20041220_i386.deb
[ if using initrd do the following ]
cd /boot
mkinitrd -o initrd.img-2.6.9chilkoot 2.6.9chilkoot
update-grub
check /boot/grub/menu.lst for correct entries of initrd and vmlinuz
reboot
Posted at: 21:36 | category: /configure | Comments ()
cygwin + ssh
Download and install cygwin to c:\cygwin. Select the packages that make sense, but make sure to include cygrunsrv and openssh packages. Right click 'My Computer' and under Environment Variables of the Advanced tab, in the section System variables, add 'CYGWIN' for variable, and 'ntsec tty' for value. Also add on to the end of the PATH variable the following: 'c:\cygwin\bin'. Edit c:\cygwin\cygwin.bat. Make sure it contains these lines - you will need to add the line setting the CYGWIN environment variable. @echo off set CYGWIN=binmode tty ntsec C: chdir \cygwin\bin bash --login -i Test cygwin to make sure it works. ls /bin // to see the cygwin bin directory dir c: // to see the contents of the C: directory Type "control d" or 'logout' to exit the shell. If you get a message saying 'cannot create /home/userid', run this command from the cygwin window "mkpasswd -l >/etc/passwd". Run ssh-host-config to set up the ssh host keys and create the sshd_config file in /etc/. You should see output like this: $ ssh-host-config Generating /etc/ssh_host_key Generating /etc/ssh_host_rsa_key Generating /etc/ssh_host_dsa_key Generating /etc/ssh_config file Generating /etc/sshd_config file Added ssh to /cygdrive/c/WINNT/system32/drivers/etc/services Do you want to install sshd as service? (Say "no" if it's already installed as service) (yes/no) Answer 'yes' to the prompt. Press 'Return' to accept the default at the CYGWIN environment question (default = binmode tty ntsec). The service name is CYGWIN sshd. Type 'cd' to go to your account's home directory. Run ssh-user-config to setup your ssh keys. Create only an SSH2 RSA identity (use a null passphrase - just press return). Output should be similar to this : $ ssh-user-config Shall I create an SSH1 RSA identity file for you? (yes/no) no Shall I create an SSH2 RSA identity file for you? (yes/no) (yes/no) yes Generating /home/pswander/.ssh/id_rsa Enter passphrase (empty for no passphrase): Enter same passphrase again: Do you want to use this identity to login to this machine? (yes/no) yes Shall I create an SSH2 DSA identity file for you? (yes/no) (yes/no) no You will probably want to change permissions and ownership on some files: cd /; chmod -R og-w . // note the period chmod og+w /tmp touch /var/log/sshd.log // may already be there chown SYSTEM:SYSTEM /var/log/sshd.log chown SYSTEM:SYSTEM /var/empty chown SYSTEM:SYSTEM /etc/ssh_h* chmod 755 /var/empty At the prompt type the following to install sshd as a service: cygrunsrv -I sshd -p /usr/sbin/sshd -a '-D' -d 'CYGWIN sshd' And then the following to start the service: cygrunsrv -S sshd And then test it with: ssh localhost And then test it from another machine. And if necessary, the following to remove the service cygrunsrv -R sshd There is also more documentation at /usr/doc/Cygwin.
Posted at: 21:36 | category: /configure | Comments ()
samba config
# Global parameters
[global]
workgroup = HAWKWOOD
server string = %h server (Samba %v)
obey pam restrictions = Yes
passdb backend = tdbsam, guest
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
log level = 5
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=819
domain logons = Yes
os level = 65
domain master = Yes
dns proxy = No
panic action = /usr/share/samba/panic-action %d
printing = lprng
printer name = HP_Laserjet
[homes]
comment = Home Directories
read only = No
create mask = 0775
directory mask = 0775
guest ok = Yes
[printers]
comment = All Printers
path = /tmp
create mask = 0700
printable = Yes
browseable = No
[cdrom]
comment = Samba sakura's CD-ROM
path = /cdrom
guest ok = Yes
locking = No
exec = /bin/mount /cdrom
postexec = /bin/umount /cdrom
[kevin]
path = /home/kevin
write list = kosuke,akiko,kevin
read only = No
create mask = 0777
directory mask = 0777
[lp]
comment = HP_Laserjet
path = /usr/bin/lp
read only = No
create mask = 0700
guest ok = Yes
printable = Yes
printing = bsd
printer name = lp
share modes = No
Posted at: 21:36 | category: /configure | Comments ()
Mailman using Postfix on Debian
The following is a description on how to set up the list manager Mailman
on a Debian system that uses Postfix-MySQL-Apache for virtual websites and
email. It uses a Python script that makes it unnecessary to make entries
into /etc/aliases. But for this Python script to work, you must be
willing to prefix the FQDN portion of your listname with "lists"...
correct: mylist@lists.virtdomain1.org
incorrect: mylist@virtdomain1.org
While this may seem a sacrifice, it can easily be overcome later by simply
creating an alias in your MySQL table from mylist@virtdomain1.org to
mylist@list.virtdomain1.org. This is far easier than adding in all of the
Mailman aliases that would normally have to be added to /etc/aliases if
you were not using the Python script.
1. Make sure your virtual websites and virtual email setups are all
working before doing anything with Mailman.
2. Install Mailman via apt-get using normal defaults for the base website
that runs on the server.
3. Edit /etc/mailman/mm_cfg.py
add:
VIRTUAL_HOSTS.clear()
add_virtualhost('virtdomain1.org','lists.virtdomain1.org')
add_virtualhost('virtdomain2.org','lists.virtdomain2.org')
change DEFAULT_EMAIL_HOST to include the prefix 'lists' to the FQDN
as in:
DEFAULT_EMAIL_HOST = 'lists.rustybear.com'
change IMAGE_LOGOS from whatever default is to:
IMAGE_LOGOS = /'icons'/
4. copy Mailman images over to default /icons/ directory for Apache
cp /usr/share/images/mailman/* /usr/share/apache/icons/.
5. Edit /etc/apache/httpd.conf
for any you have configured, add in:
ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/
in the section.
and in an appropriate place (not within a VirtualHost directive) in
httpd.conf add in:
Options +FollowSymLinks
you'll need the above to get pipermail (archives) working.
6. Get this python script:
If you are installing via Debian apt-get this section is probably
mostly done for you, but check anyway.
http://www.gurulabs.com/files/postfix-to-mailman-2.1.py
and drop it in /etc/mailman/ and rename it without the version number
mv postfix-to-mailman-x.xx.py postfix-to-mailman.py
edit it by changing the entry for MailmanHome
MailmanHome = "/var/lib/mailman";
the Mailman home directory is where the lists are kept.
Then cd to /usr/lib/mailman/bin and symlink back to
postfix-to-mailman.py
cd /usr/lib/mailman/bin
ln -s /etc/mailman/postfix-to-mailman.py
7. Next go to /etc/mailman/postfix-to-mailman.py and read all of the
comments/instructions.
Note that in the recommended changes to /etc/postfix/master.cf, that
you must set the uid:gid as list:list, not as mailman:mailman.
This is probably specific to Debian only as the deb package has
Mailman using 'list' as UID/GID where source versions of Mailman
probably have 'mailman' as a default UID.
Note also that in the changes to master.cf, you need to change the
argv argument to point to /etc/mailman/postfix-to-mailman.py.
This is also a good time to:
chmod 755 /etc/mailman/postfix-to-mailman.py
chown root:list /etc/mailman/postfix-to-mailman.py
The instructions in postfix-to-mailman.py point out how to set up
/etc/postfix/tranport and mail.cf. You can do it that way, or more
simply, just make an entry in your existing transport setup for MySQL.
In my case I have a table called transport, where normally I put a
domain name (i.e. xyz.com) and transport type (usually either virtual:
or local: ). However, in this case, the entry I make is:
domain: lists.virtdomain1.org
transport: mailman:
Alternatively, you could follow the instructions and make the changes
to main.cf and transport as that works too. If you do it that way,
don't forget to execute
postmap /etc/postfix/transport
after making changes to transport to regenerate its data.
8. Make sure you have a DNS entry in your DNS server for
lists.virtdomain1.org, or at least a wildcard entry, that resolves to
virtdomain1.org.
9. Restart Apache and Mailman (/etc/init.d/mailman restart).
10. To create a new list for one of the virtual websites, at the prompt
execute:
newlist myNewList@lists.virtdomain1.org
It will prompt you for a couple things that are obvious. Make sure
you include the 'lists' prefix before the FQDN, as having 'lists'
there is what makes this whole thing work via the python script we put
in -- /etc/mailman/postfix-to-mailman.py.
You should get an email regarding the newly created list you
just made.
Note also that simply executing 'newlist --help' gives some help too.
Also, reading the docs at /usr/share/docs/mailman is a good idea too.
You should now be able to see your admin page at:
http://lists.virtdomain1.org/cgi-bin/mailman/admin/myNewList
11. Thing should be working and you should be able to subscribe new users
and send emails to be posted, etc. Try sending test posts and
watching /var/log/syslog or wherever you have you email logs set up
and watching for errors as the test posts go through Postfix. It's
best to watch this live using 'tail -f /var/log/syslog'.
12. Good luck!
Posted at: 21:36 | category: /configure | Comments ()
Nagios configuration
To add a host:
1. add the new host to hosts.cfg
2. add the new host to a group in hostgroups.cfg
3. make sure the host group has a contact group
4. make sure contacts are separate from the site
being checked
5. check contactgroups.cfg
6. make selections in services.cfg
7. add the new host to dependencies.cfg if it
has any dependencies
To check config settings run
nagios -v /etc/nagios/nagios.cfg
Posted at: 21:36 | category: /configure | Comments ()
Mounting USB devices
lsmod to see what is loaded. You potentially need: usb-storage usbcore scsi_mod sd_mod usb-uhci input sr_mod If using Debian, apt-get install sg3-utils and then use: sg_scan -i // to see scsi type devices sg_map // to see device associations Mount the drive found (should be a SCSI drive): mount -t vfat /dev/sdc1 /home/kevin/mnt/usbdevice Alternatively, make an /etc/fstab entry: /dev/sdc1 /home/kevin/mnt/usbdevice vfat noauto,user 0 0 Diagnose by checking: /var/log/messages /var/log/syslog /proc/bus/usb // shows what's been seen /proc/scsi/scsi // to see what scsi devices are there Notes: Like any other hard drive, you can use other commands on your mounted USB storage device: fdisk /dev/sdc1 // play with partitions mkfs -t vfat /dev/sdc1 // format the partition(s) in FAT mkfs -t ext3 /dev/sdc1 // format in Linux ext3 but not a good // idea for digital camera disks
Posted at: 21:36 | category: /configure | Comments ()
