How do you kick a benign user off your system?

Info.Tech, Linux System Administration Comments Off on How do you kick a benign user off your system?

There’s probably an easier way, but I do this:

See who’s logged into your machine — use who -u:

root@alphaone:~# who -u
root     pts/1        2016-12-08 11:02   .          7953 (192.168.0.99)
camilord pts/2        2016-12-08 10:59   .          7625 (192.168.0.7)

Laugh at their impending disconnection (this step is optional, but encouraged)

root@alphaone:~# echo "HAHHAHAHAHAHA... BYE!" | write root pts/1
write: write: you have write permission turned off.

Kill the corresponding process:

root@alphaone:~# kill -9 7953

 

Reference: http://unix.stackexchange.com/questions/615/how-do-you-kick-a-benign-user-off-your-system

Bash: File Server Hourly Backup Script

Administration, Info.Tech, Linux System Administration Comments Off on Bash: File Server Hourly Backup Script

Been creating bash backup scripts but every time I create for the new server, I forgot the commands and research again. This time, I’m gonna save it in my blog so that I will search it in one place. Hehehe…

#!/bin/bash

cd /backup/

DATE=$(date "+%Y%m%d%H%M%S")
BACKUPNAME="jdrive_$DATE"

mkdir $BACKUPNAME

# find -mtime -1 | xargs cp -t --parents "$BACKUPNAME/"

find /jdrive/ -mmin -60 -exec cp --parents '{}' "$BACKUPNAME/" \;

tar -zcvf "ibackup/$BACKUPNAME.tar.gz" "$BACKUPNAME/"

rm -rf "$BACKUPNAME/"

# file and delete all files smaller than the specified filesize
find /backup/ibackup/ -name "*.gz" -size -500 -delete

# file and delete all files that are older than 45 days
find /backup/ibackup/ -mtime +45 -type f -exec rm -rf {} \;

Here you go… My home-brewed incremental backup script. We usually use duplicity but it failed us twice. So, we are using now both my home-brewed script and duplicity. Oh! by the way,  I used this script for our file server only.

MySQL + Percona XtraDB Cluster 5.6

Administration, Info.Tech, Linux System Administration, SQL: Structured Query Language Comments Off on MySQL + Percona XtraDB Cluster 5.6

I have been experimenting on MySQL + Percona XtraDB Cluster (version 5.6). In my case, I used VMWare/VirtualBox. I created two images and label as DB1 and DB2 using Ubuntu 14.04.2 32bit (Trusty Tahr). My goal is to replicate the database from DB1 to DB2. If DB1 will be down, then DB2 will take over DB1. While fixing DB1, DB2 will serve then if DB1 is back online, DB1 will be the “Joiner” to the “Donor” (DB2). …and vice versa.

Installation

First thing you need is to prepare the installation of Percona XtraDB Cluster. (must be root or right high privileges on performing this installation)

root@db1:~# apt-key adv --keyserver keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A

One thing you need to ensure is you have all Ubuntu official repositories plus Percona APT repository. So what I did is replace /etc/apt/source.list with:

# deb cdrom:[Ubuntu-Server 14.04.2 LTS _Trusty Tahr_ - Release i386 (20150218.1)]/ trusty main restricted

###### Ubuntu Main Repos
deb http://us.archive.ubuntu.com/ubuntu/ trusty main restricted universe multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty main restricted universe multiverse

## Ubuntu Security Updates
deb http://security.ubuntu.com/ubuntu trusty-security main
deb-src http://security.ubuntu.com/ubuntu trusty-security main
deb http://security.ubuntu.com/ubuntu trusty-security universe
deb-src http://security.ubuntu.com/ubuntu trusty-security universe
deb http://security.ubuntu.com/ubuntu trusty-security multiverse
deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
deb http://archive.canonical.com/ubuntu trusty partner
deb-src http://archive.canonical.com/ubuntu trusty partner

## Uncomment the following two lines to add software from Ubuntu's
## 'extras' repository.
## This software is not part of Ubuntu, but is offered by third-party
## developers who want to ship their latest software.
deb http://extras.ubuntu.com/ubuntu trusty main
deb-src http://extras.ubuntu.com/ubuntu trusty main

###### Ubuntu Update Repos
deb http://us.archive.ubuntu.com/ubuntu/ trusty-security main restricted universe multiverse
deb http://us.archive.ubuntu.com/ubuntu/ trusty-updates main restricted universe multiverse
deb http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-security main restricted universe multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-updates main restricted universe multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse

# Percona XtraDB Cluster
deb http://repo.percona.com/apt trusty main
deb-src http://repo.percona.com/apt trusty main

After updating the APT source list, execute:

root@db1:~# apt-get update

After that, you can install Percona XtraDB Cluster server and client packages:

root@db1:~# apt-get install percona-server-server-5.6 percona-server-client-5.6

This is where I got stuck when trying to connect the nodes. Remove apparmor!!! You can check first if apparmor is running:

root@db1:~# apparmor_status

If its running, remove it before causing problems to Percona.

root@db1:~# apt-get remove apparmor

Important Notes: Do the same installation in the 2nd node or DB2.

Then to run the primary node (donor), DB1 in our case:

root@db1:~# service mysql bootstrap-pxc
 * Bootstrapping Percona XtraDB Cluster database server mysqld                       [ OK ]
root@db1:~#

Then run the 2nd node or joiner (DB2):

root@db2:~# service mysql start
mysql start/running, process 1550
root@db2:~#

~ or ~

root@db2:~# service mysql restart
mysql stop/waiting
mysql start/running, process 1550
root@db2:~#

Note: Always start first the primary node (DB1) then the next node (DB2)

Testing

Check if primary node (DB1) is working…

root@db1:~# mysql -u root -p -e "show status where Variable_name like '%wsrep_cluster%' OR Variable_name like '%wsrep_ready%';"
Enter password:
+--------------------------+--------------------------------------+
| Variable_name            | Value                                |
+--------------------------+--------------------------------------+
| wsrep_cluster_conf_id    | 5                                    |
| wsrep_cluster_size       | 1                                    |
| wsrep_cluster_state_uuid | 1fa1e1fc-cf8e-11e4-9664-3ea415c4a429 |
| wsrep_cluster_status     | Primary                              |
| wsrep_ready              | ON                                   |
+--------------------------+--------------------------------------+

root@db1:~# mysql -u root -p -e "show binary logs;"
Enter password:
+------------------+-----------+
| Log_name         | File_size |
+------------------+-----------+
| mysql-bin.000001 |       120 |
+------------------+-----------+

Next, check the 2nd node (DB2)…

root@db2:/etc/mysql# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.6.22-72.0-56-log Percona XtraDB Cluster (GPL), Release rel72.0, Revision 978, WSREP version 25.8, wsrep_25.8.r4150

Copyright (coffee) 2009-2014 Percona LLC and/or its affiliates
Copyright (coffee) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

More TEST: I created a PHP script for DB1 and DB2 to test the replication.

DB1 PHP Script (test_percona.php):

<?php

$connect = mysql_connect('localhost','root','secret');

mysql_select_db('test', $connect);

// insert if table not exists...
@mysql_query("create table if not exists data_test(
 id bigint(20) unsigned not null auto_increment primary key,
 data varchar(128),
 created datetime
);");

// inject data infinitely
while (true) {
        $data = sha1(time().rand(100,99999));
        echo $data." -> ".date("j M Y g:i.s a - l\n");
        @mysql_query("INSERT INTO data_test (data,created) VALUES ('".$data."', NOW())");
}

?>

DB2 PHP Script (monitor_percona.php):

<?php

$connect = mysql_connect('localhost','root','secret');

mysql_select_db('test', $connect);

$last_id = 0;

while (true) {
        $result = mysql_query("SELECT * FROM data_test WHERE id > ".$last_id." ORDER BY id ASC");
        $max = mysql_num_rows($result);
        if ($max > 0) {
                for ($i = 0; $i < $max; $i++) {
                        echo mysql_result($result,$i,"data")." -> ".date("j M Y g:i.s a - l", strtotime(mysql_result($result,$i,"created")))."\n";
                        $last_id = mysql_result($result,$i,"id");
                }
        }
}

?>

Then you can run the script on both nodes. To run in DB1 node, do:

root@db1:~# php test_percona.php

Then for the 2nd node:

root@db2:~# php monitor_percona.php

After that, you must see same output both nodes.

percona_xc_test_result2

percona_xc_test_result

 Encountered Issues (tail -f /var/log/mysql/error.log):

2015-03-21 20:19:11 6613 [Warning] WSREP: Gap in state sequence. Need state transfer.
2015-03-21 20:19:11 6613 [Note] WSREP: Running: 'wsrep_sst_xtrabackup-v2 --role 'joiner' --address '192.168.9.103' --auth 'sstuser:secret' --datadir '/var/lib/mysql/' --defaults-file '/etc/mysql/my.cnf' --parent '6613'  '' '
2015-03-21 20:19:11 6613 [ERROR] execlp() failed: Permission denied
2015-03-21 20:19:11 6613 [ERROR] WSREP: Failed to read 'ready <addr>' from: wsrep_sst_xtrabackup-v2 --role 'joiner' --address '192.168.9.103' --auth 'sstuser:secret' --datadir '/var/lib/mysql/' --defaults-file '/etc/mysql/my.cnf' --parent '6613'  '' Read: '(null)'
2015-03-21 20:19:11 6613 [ERROR] WSREP: Process completed with error: wsrep_sst_xtrabackup-v2 --role 'joiner' --address '192.168.9.103' --auth 'sstuser:secret' --datadir '/var/lib/mysql/' --defaults-file '/etc/mysql/my.cnf' --parent '6613'  '' : 1 (Operation not permitted)
2015-03-21 20:19:11 6613 [ERROR] WSREP: Failed to prepare for 'xtrabackup-v2' SST. Unrecoverable.
2015-03-21 20:19:11 6613 [ERROR] Aborting

To solve the issue is to remove the apparmor

Reference: 

  • http://www.percona.com/doc/percona-server/5.6/installation/apt_repo.html
  • http://www.percona.com/doc/percona-xtradb-cluster/5.5/howtos/ubuntu_howto.html
  • http://www.percona.com/doc/percona-xtrabackup/2.1/innobackupex/pit_recovery_ibk.html

My Server’s 100 days

Administration, Info.Tech, Linux System Administration Comments Off on My Server’s 100 days
[root@server ~]# uptime
 20:43:38 up 100 days, 19:11,  2 users,  load average: 0.00, 0.01, 0.05

MySQL Constraints: Import

Info.Tech, Linux System Administration, SQL: Structured Query Language, Web Development Comments Off on MySQL Constraints: Import

I stumbled down again of database constraints when importing SQL dump file.

ERROR 1217 (23000) at line 128: Cannot delete or update a parent row: a foreign key constraint fails

The solution is add the following line in the beginning of the SQL dump file:

SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0

That should work.

CentOS 7: Enable Apache UserDIR

Administration, Info.Tech, Linux System Administration Comments Off on CentOS 7: Enable Apache UserDIR

I was used the old ways for enabling Apache UserDir but this time in CentOS 7, its different. So I’m kinda outdated. Even on restarting services are different. So here it is… 🙂

First enable usedir.conf of apache.

nano /etc/httpd/conf.d/userdir.conf

Change from:

<IfModule mod_userdir.c>
    #
    # UserDir is disabled by default since it can confirm the presence
    # of a username on the system (depending on home directory
    # permissions).
    #
    UserDir disabled
 
    #
    # To enable requests to /~user/ to serve the user's public_html
    # directory, remove the "UserDir disabled" line above, and uncomment
    # the following line instead:
    #
    UserDir public_html
 
</IfModule>
 
<Directory /home/*/public_html>
        Options Indexes Includes FollowSymLinks
         Require all granted
</Directory>

To:

<IfModule mod_userdir.c>
    #
    # UserDir is disabled by default since it can confirm the presence
    # of a username on the system (depending on home directory
    # permissions).
    #
    #UserDir disabled
 
    #
    # To enable requests to /~user/ to serve the user's public_html
    # directory, remove the "UserDir disabled" line above, and uncomment
    # the following line instead:
    #
    UserDir public_html
 
</IfModule>
 
<Directory /home/*/public_html>
        Options Indexes Includes FollowSymLinks
         Require all granted
</Directory>

Then restart apache…

systemctl restart httpd.service

Then create user’s public_html and its permissions (in my case, my user is prendstah):

mkdir /home/prendstah/public_html
chmod 711 /home/prendstah
chown prendstah:prendstah /home/prendstah/public_html
chmod 755 /home/prendstah/public_html

Then here’s the other new things, especially you are using SELinux

setsebool -P httpd_enable_homedirs true
chcon -R -t httpd_sys_content_t /home/prendstah/public_html

That’s it.. That should give you a user directory a public access.

Linux: Serial Port Communication

Cisco: Network Administration, Computer Hardware, Experimentals, Info.Tech, Linux System Administration Comments Off on Linux: Serial Port Communication

Since HyperTerminal was removed in Windows 7, I decided to look up on Linux tools for serial port communication and found minicom command. Here’s how to install & use it (in my case I used Linux Mint):

# apt-get install minicom

Then after installation, cast a command:

# minicom -s

            +-----[configuration]------+
            | Filenames and paths      |
            | File transfer protocols  |
            | Serial port setup        |
            | Modem and dialing        |
            | Screen and keyboard      |
            | Save setup as dfl        |
            | Save setup as..          |
            | Exit                     |
            | Exit from Minicom        |
            +--------------------------+

Then you have to setup the serial port,

    +-----------------------------------------------------------------------+
    | A -    Serial Device      : /dev/ttyUSB0                              |
    | B - Lockfile Location     : /var/lock                                 |
    | C -   Callin Program      :                                           |
    | D -  Callout Program      :                                           |
    | E -    Bps/Par/Bits       : 9600 8N1                                  |
    | F - Hardware Flow Control : Yes                                       |
    | G - Software Flow Control : No                                        |
    |                                                                       |
    |    Change which setting?                                              |
    +-----------------------------------------------------------------------+

So in my case, I used USB to Serial connector, so I set Serial Device to ttyUSB0

After that, go to Exit and you’ll be connected to the device you want to connect like Cisco routers/switch.

HowTo: Fortune & Cowsay

Administration, Funstuff, Info.Tech, Learn New Things, Linux System Administration Comments Off on HowTo: Fortune & Cowsay

fortune_cowsay

While working, I envy the terminal of my workmate, Roland Heymanns, showing a cow with quotes. So I install my own too.

OS: Kali Linux (Debian)

How to install:

root@mojo:~# apt-get install -y fortune cowsay

Then add the commands to your PATH

root@mojo:~# cd ~
root@mojo:~# nano .profile

or

root@mojo:~# cd ~
root@mojo:~# nano .bash_profile

Add the following to the end of the file (be sure its the right path for fortune and cowsay):

PATH=$PATH:/usr/games
export PATH

Save and exit. Next edit your .bashrc

root@mojo:~# cd ~
root@mojo:~# nano .bashrc

Add the the following lines to the end of the file…

fortune | cowsay -d

or if you don’t want to set the PATH, simply edit your .bashrc and at the end of the file, add this line:

/usr/games/fortune | /usr/games/cowsay -d

That’s it… log off and log in again. Open your terminal, you’ll have your cow greetings.

In case you get an error like you cant locate fortune or fortune-mod or cowsay (most likely you will encounter this if you install your OS offline), update your source.list.

root@mojo: ~# nano /etc/apt/source.list

then replace the source with the following:

## Regular repositories
deb http://http.kali.org/kali kali main non-free contrib
deb http://security.kali.org/kali-security kali/updates main contrib non-free
## Source repositories
deb-src http://http.kali.org/kali kali main non-free contrib
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free

then do the update and upgrade…

apt-get clean
apt-get update
apt-get upgrade

I think that would solve the problem…

Allow postfix to send email with different sender from SMTP account

Administration, Info.Tech, Linux System Administration, PHP, Web Development Comments Off on Allow postfix to send email with different sender from SMTP account

Allow postfix  to send email with different sender from SMTP account…

Error:

postfix/smtpd[27402]: NOQUEUE: reject: RCPT from unknown[125.123.123.100]: 553 5.7.1 <user@xxx.co.nz>: Sender address rejected: not owned by user user@xxx.co.nz; from=<xxx@xxx.co.nz> to=<xxx@gmail.com> proto=ESMTP helo=<localhost>

Edit postfix configuration:

[root@mail ~]# nano /etc/postfix/main.cf

Change from:

smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated

To:

smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated

Then restart postfix…

[root@mail ~]# postfix stop
postfix/postfix-script: stopping the Postfix mail system
postfix/postfix-script: waiting for the Postfix mail system to terminate
[root@mail ~]# postfix start
postfix/postfix-script: starting the Postfix mail system
[root@mail ~]#

That’s it.. You can now change your from or reply-to in your PHPMailer. 🙂

Hope this helps…

HowTo: iRedMail 0.8.6

Administration, Info.Tech, Linux System Administration Comments Off on HowTo: iRedMail 0.8.6

This guide will cover the following:

  • Install iRedMail
  • Disable Greylisting
  • Enable Catch-All
  • Email Forwarder

Reference: HowToForge: iRedMail: Build A Full-Featured Mail Server On CentOS 6 With Postfix, Dovecot, PostgreSQL

First of all, its better your server is a clean install.

Download iRedmail at http://www.iredmail.org/download.html

tar -xvjf iRedMail-0.8.6.tar.bz2

cd iRedMail-0.8.6

bash iRedMail.sh

Just follow the wizard installation and after installation, do the following commands: (just some few fixes)

ln -s /etc/amavisd/amavisd.conf /etc/amavisd.conf

amavisd showkeys

Add the DKIM keys to your DNS and configure SPF too then you may test by casting the commands below;

Refer to:

  1. http://code.google.com/p/iredmail/wiki/DNS_SPF
  2. http://code.google.com/p/iredmail/wiki/DNS_DKIM
amavisd testkeys

After reboot, we will now disable greylisting.

nano /etc/policyd/cluebringer.conf

Change from:

# Access Control module
[AccessControl]
enable=1

# Greylisting module
[Greylisting]
enable=1

# CheckHelo module
[CheckHelo]
enable=1

# CheckSPF module
[CheckSPF]
enable=1

# Quotas module
[Quotas]
enable=1

to:

# Access Control module
[AccessControl]
enable=1

# Greylisting module
[Greylisting]
enable=0

# CheckHelo module
[CheckHelo]
enable=1

# CheckSPF module
[CheckSPF]
enable=1

# Quotas module
[Quotas]
enable=1

Then reboot your server. (Don’t know how to restart the policyd) hehehe..

Next is enable the Catch-All;

nano /etc/postfix/mysql/domain_alias_catchall_maps.cf

Change from:

query       = SELECT alias.goto FROM alias,alias_domain,domain WHERE alias_domain.alias_domain='%d' AND alias.address=CONCAT('%u', '@', alias_domain.target_domain) AND alias_domain.target_domain=domain.domain AND alias.active=1 AND alias_domain.active=1 AND domain.backupmx=0

to:

query       = SELECT alias.goto FROM alias,alias_domain,domain WHERE alias_domain.alias_domain='%d' AND (alias.address=CONCAT('%u', '@', alias_domain.target_domain) OR alias.address=CONCAT('@', alias_domain.target_domain)) AND alias_domain.target_domain=domain.domain AND alias.active=1 AND alias_domain.active=1 AND domain.backupmx=0

Save then restart postfix;

postfix stop

postfix start

Now catch-all is now enable in postfix. Next thing is add which domain to catch-all and where to go. Login to MySQL as root, use vmail database and add to the following rows to alias table.

INSERT INTO alias (address, goto, domain) VALUES ('@sample.co.nz', 'user@sample.co.nz', 'sample.co.nz');

INSERT INTO alias (address, goto, domain) VALUES ('@test.sample.co.nz', 'user@sample.co.nz', 'test.sample.co.nz');

Aside from catch all, you can setup the email forwarder too;

INSERT INTO alias (address, goto, domain) VALUES ('info@sample.co.nz', 'user@sample.co.nz', 'sample.co.nz');

All done.. its self explanatory… Hehehe…

Hope this helps.

 

Some Reference:

WP Theme & Icons by N.Design Studio
Entries RSS Comments RSS Log in