alpine

Store password:
touch .pine-passfile

IMAP setting from .pinerc file:
inbox-path={IMAPSERVER/ssl/user=USERNAME/novalidate-cert}INBOX
default-fcc={IMAPSERVER/ssl/user=USERNAME/novalidate-cert}sent-mail
feature-list=enable-incoming-folders,
enable-incoming-folders-checking,
incoming-checking-include-total,
save-will-not-delete
folder-collections=mail/[],
"IMAPSERVER" {IMAPSERVER/user=USERNAME/ssl/novalidate-cert}[],
"gmail" {imap.gmail.com/ssl/user=USER@gmail.com}[]


migration openwebmail auth_unix to auth_pam

Motivation: Create new server with openwebmail and authentification to Active Directory (AD). Old server has local hand-made copies of accounts from AD. We need to migrate inboxes, ~/mail/, ~/.openwebmail/ and aliases.

Solution: We used ubuntu server 9.10, likewise and openwebmail 2.53.

Install Ubuntu server 9.10 and checked mail server and ssh server. Setup interfaces. Install few packages:
sudo aptitude install likewise-open libauthen-pam-perl libconvert-asn1-perl libmd5-perl libnet-ldap-perl perl-suid wwwconfig-common libpg-perl apache2 libdbd-mysql-perl alpine ispell iczech language-support-cs language-pack-cs-base gcc linux-headers-$(uname -r) vlan nmap mc

Join domain with likewise (see ubuntu forum), not necessary as Administrator (user):
sudo domainjoin-cli join DOMAIN user
test join:
sudo domainjoin-cli query
Many problems appear due to setting of /etc/resolv.conf, you should choose some AD machine as nameserver

Setup apache (enable ssl):
sudo a2enmod ssl
sudo /etc/init.d/apache2 restart
sudo ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl
sudo /etc/init.d/apache2 restart


Setup likewise, enable logging:
sudo vim /etc/samba/lwiauthd.conf
add lines
winbind use default domain = yes
log level = 10

Wget, install and setup openwebmail:
wget http://openwebmail.org/openwebmail/download/debian/owm2.53-2.deb
sudo dpkg -i owm2.53-2.deb
sudo mv /var/www/openwebmail/redirect.html /var/www/index.html
sudo vim /etc/openwebmail/openwebmail.conf
* change lines to
domainnames DOMAIN
auth_module auth_pam.pl
allowed_autologinip all
* comment lines
default_style
forced_moveoldmsgfrominbox yes
* add lines
create_syshomedir yes
quota_module quota_du.pl
quota_limit 180000
quota_treshold 200000
default_language cz
default_moveoldmsgfrominbox no
spellcheck /usr/bin/ispell -a -S -w "-" -d @@@DICTIONARY@@@ -p @@@PDICNAME@@@
spellcheck_pdicname .ispell_words
spellcheck_dictionaries czech, english, american

Repair utf-8 use in perl (see acatysmoof):
sudo vim /usr/share/perl/5.10.0/CGI.pm
change line
my $utf8 = $charset eq 'utf-8';
to
my $utf8 = 0;

Setup postfix:
sudo vim /etc/postfix/main.cf
add line:
mydomain = DOMAIN
restart
sudo /etc/init.d/postfix restart

Move script:
root@cattom1:/home/pvl# cat ./moveusers.sh
#!/bin/sh
UCTY="movelist.txt"
scp -P 22 root@OLDSERVER:/etc/aliases ./old_aliases
cat $UCTY | while read LINE; do
# home move
scp -r -P 22 root@OLDSERVER:/home/$LINE /home/DOMAIN/
cat old_aliases | grep $LINE >> /etc/aliases
chown -R $LINE:domain^users /home/DOMAIN/$LINE
# inboxes
scp -P 22 root@OLDSERVER:/home/mail/$LINE /var/mail/
chown $LINE:mail /var/mail/$LINE
done


Alternativities: diretly to ldap developer.novel

vmware server 2.0.1 in ubuntu 9.10

See: blog.mymediasystem.net

Try reinstall from source, and after fail of installation (vmware-install.pl) copy
patch to the instalation directory (vmware-server-distrib/), untar and run patch. Run

sudo rm -r /usr/lib/vmware/modules/binary

now you can accomplish installation by

sudo /usr/bin/vmware-config.pl

Sometimes webaccess do not work so restart server by:

sudo killall -9 vmware-hostd
sudo /etc/init.d/vmware-mgmt restart

For new installation of 2.0.2 use http://radu.cotescu.com/2009/10/30/how-to-install-vmware-server-2-0-x-on-ubuntu-9-10-karmic-koala/

backup with tape

See tldp or ubuntuforums

Backup using tar:
tar -zcvpf /archive/full-backup-`date '+%d-%B-%Y'`.tar.gz --directory / --exclude=mnt --exclude=proc --exclude=var/spool/squid .

Restore:
tar xvpfz full-backup-date-XXX.tar.gz -C /

Rewind of tape (before all operations):
mt -f /dev/st0 rewind

List of files (tar.gziped archive) on tape:
tar -tzf /dev/st0

Extracting of directory www from archive to actual directory:
tar -xzf /dev/nst0 www

archiving

See redhat

Tar gzip folder:
tar czvf folder.tar.gz folder/
Un-tar zip folder:
tar -xvf folder.tar.gz
Un-tar file from gzip :
tar -xvf folder.tar.gz path/in/archive/file
List of tar.gz file :
tar -tvf folder.tar.gz


Arj folder:
arj ac folder.arj folder/
Un-arj folder:
arj e folder.arj

Zip folder:
zip -r folder.zip folder/
Un-zip folder:
unzip folder.zip

quota

See redhat or linuxhelp

Install quota:
aptitude install quota quotatool

Add usrquota,grpquota to your /etc/fstab for some volume, eg.
/home /home ext3 defaults,usrquota,grpquota 1 2

Remount your volume
mount -o remount /home

Check quota
quotacheck -vagu

Turn quota on
quotaon -vagum

Set grace period
edquota -t

Modify user quota
edquota -u user

or by (200M is soft, 250 is hard limit for user new in /home):
quotatool -u new -bq 200M -l '250 Mb' /home

Copy user quota from old to new user
edquota -p old new

List of quotas on volume
repquota /home

List of all quotas
repquota -a

iptables

See help.ubuntu or v7n.forum or linux.networking or root (in czech)

All commands run as root (or via sudo).

List of all rules:
iptables -L
iptables -L -v

Allow 22 and 80 port:
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT

Drop input from address,range of addresses, MAC address :
iptables -I INPUT -s ADDRESS -j DROP
iptables -I INPUT -s 55.55.55.1:55.55.55.100 -j DROP
iptables -I INPUT -s 55.55.55.0/24 -j DROP
iptables -A INPUT -m mac --mac-source 00:0F:EA:91:04:08 -j DROP

Drop input if more than 10 connection on ssh port per minute:
iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP


Drop input on port:
iptables -A INPUT -p tcp --dport 199 -j DROP

Delete of drop rule:
iptables -D INPUT -s 55.55.55.55 -j DROP

Logging first 5 similar records not more than 3 times per hour
iptables -A INPUT -m limit --limit 3/hour --limit-burst 5 -j LOG

Drop all rules:
iptables -F

Save and restore iptables:
iptables-save -c > /iptables-backup
iptables-restore -c < /iptables-backup

Example of iptables file, for smtp,http,ssh server 1.1.1.1, with logging:

# Generated by iptables-save v1.3.6 on Wed Dec 2 07:46:26 2009
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 1.1.0.0/255.255.0.0 -i eth0 -p tcp --dport 1:65000 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -s 1.1.0.0/255.255.0.0 -i eth0 -p udp --dport 1:65000 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -d 1.1.1.1 -i eth0 -p tcp --sport 25 --dport 1000:65000 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -s 1.1.1.1 -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -s 1.1.0.0/16 -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p ICMP -i eth0 --icmp-type 0 -j ACCEPT
-A INPUT -p ICMP -i eth0 --icmp-type 3 -j ACCEPT
-A INPUT -p ICMP -i eth0 --icmp-type 8 -j ACCEPT
-A INPUT -p ICMP -i eth0 --icmp-type 11 -j ACCEPT
-A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s --limit-burst 5 -j ACCEPT
-A INPUT -m limit --limit 5/hour --limit-burst 3 -j LOG --log-prefix "Dropped by firewall IN: "
-A OUTPUT -m limit --limit 5/hour --limit-burst 3 -j LOG --log-prefix "Dropped by firewall OUT: "
-A INPUT -i eth0 -p tcp --dport 1:65000 -j DROP
-A INPUT -i eth0 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
COMMIT
# Completed on Wed Dec 2 07:46:26 2009


ssh tunnel for smtp

For details see: http://cg.scs.carleton.ca/~morin/misc/laptopmail/

local - where you are using email client (i.e. laptop) and (yet) cannot send email through server

server - where smpt is running

On local generate key:
sudo ssh-keygen -t dsa -f /root/.ssh/specialkey
add its public part to ~/.ssh/authorized_keys2 on server

Edit authorized_keys2 on the server and modify line with key to start like
command="netcat localhost 25",no-X11-forwarding,no-agent-forwarding,no-port-forwarding ssh-dss AAAAB3NzaC1k..

Test connection (you should get something about 220 ESMTP Postfix):
sudo ssh login@smtp.server -p ssh_port -i /root/.ssh/specialkey

Add smtp role to /etc/inetd.conf and restart it (on local)
127.0.0.1:smtp stream tcp nowait root /usr/bin/ssh -T -i /root/.ssh/specialkey login@smtp.server -p ssh_port

sudo /etc/init.d/openbsd-inetd restart

Update settings of your mail client on local to use "local" smtp server
localhost:25

ports

List of open ports: redhat-docs

sudo nmap -sT -O localhost

Complete port scan
nmap address -PN -p1-65535

UDP ports:
sudo nmap -sU localhost

netstat -nat

netstat -l --tcp

lsof -i

disk space

Free space on disk:

df -H

Size of directory:

du -hs directory

CPU utilization

Look at : cyberciti

apt-get install sysstat
mpstat -P ALL

sar -u 2 5

Who is monopolizing CPU?
ps -eo pcpu,pid,user,args | sort -k 1 -r | head -10

google chrome

Dev version :

http://dev.chromium.org/getting-involved/dev-channel

Download and install deb package

Enable flash plugin :

http://webupd8.blogspot.com/2009/08/google-chrome-for-linux-adds-plug-ins.html

mkdir /opt/google/chrome/plugins/
cd /opt/google/chrome/plugins/
ln -s /usr/lib/flashplugin-installer/libflashplayer.so

google-chrome --enable-plugins