Netwerk & Server

MySQL

Fixing CUPS login problems on SUSE

Fixing CUPS login problems on SuSE

SUSE: What Password Do I Use At The Web Interface?

SuSE defaults to using Digest passwords and "RunAsUser yes", which means you have to use the lppasswd command to add accounts and passwords.

To add a user named Steve:

     lppasswd -a Steve

Then enter and confirm a password.

SUSE does not follow the normal CUPS defaults and the lppasswd information doesn't follow changes to the normal accounts, causing a lot of confusion.

Any problems using this set up should be addressed to SUSE.

To set SUSE to the standard default settings of CUPS:

1) Goto /etc/cups/cups.conf

2) Change in the AuthType: AuthType Basic

3) Change RunAsUser to No.

CUPS

How to make your CUPS server broadcast itself

In order for your clients to automatically recognize the printers that CUPS has, add/edit the following setting in /etc/cups/cupsd.conf:

BrowseAddress @LOCAL

In this way, your clients won't have to do anything, as their (local) CUPS server will recognize the broadcasts from your (global) CUPS server!

Install a PXE boot server on 11.1

This document shows quick and dirty how to install a working PXE boot server on openSUSE

We start of course with a working server with a static IP address and a working DHCP server somewhere (could be on your server or on your home router or something else). If you haven't got one already, please make sure that you get this working before you continue!

#zypper in atftp syslinux

#mkdir /tftpboot/pxelinux.cfg

#cp /usr/share/syslinux/pxelinux.0 /tftpboot

default linux
prompt 1
timeout 30
label linux
kernel linux
append initrd=initrd splash=silent
showopts

Welcome to Provisioning!
Choose one of the following options and press .
 sles10.2       - SUSE Linux Enterprise Server SP2 32 bit
 sles10.2_64    - SUSE Linux Enterprise Server SP2 64 bit
 opensuse11_32  - OpenSUSE 11, 32 bit
 opensuse11_64  - OpenSUSE 11, 64 bit
 hardy          - Ubuntu 8.04 (Hardy Heron)
 thin           - Boot thin client
 next           - Boot from next BIOS device (default) 
 disk           - Boot from first BIOS disk

32 bit: from the /boot/i386/loader directory on the CD/DVD
64 bit: from the /boot/x86_64/loader directory on the CD/DVD

That should do the trick!

Apache en HTML

Apache

How to connect to server on strange port, or when you're behind a firewall

Situation

cpuxxxx -> FW -> intermediateserver -> targetserver

22......-> 22 -> 22.................-> portnumber_on_targetserver

Connect

On cpuxxxx:

ssh -L portnumber_on_targetserver:targetserver:portnumber_on_targetserver username_on_intermediateserver@intermediateserver

Leave terminal open!

Then on cpuxxxx again:

ssh -YC username_on_targetserver@localhost -p portnumber_on_targetserver

That's it!!

Copy files

from here tot server:

scp -P portnumber_on_targetserver file user@localhost:/path/were/to/put/it/

from server to local:

scp -P portnumber_on_targetserver user@localhost:/path/were/to/get/it/from/ .

mount filesystem over ssh using sshfs

sshfs user@localhost:/data/videos/ mnt/ -p portnumber

Rsync

from server to localdisk:

rsync -avz -e 'ssh -p PORTNUMBER' USER@localhost:/data/htdocs/motion/ /data/motion/

Start Konversation from behind a firewall

ssh -L 6667:irc.freenode.org:6667 user@xs3.xs4all.nl
konversation --server localhost

Start Pidgin from home to wzs

ssh -L 8300:gwmsg.wonen.amsterdam.nl:8300 root@wzs

server: localhost
port: 8300

reverse tunnel

randolf@workserver:~$ ssh -vvv randolf@myhomeserver -R 44455:localhost:22

This will forward the remote port 44455 from your home server to port 22 (or whichever port ssh is listening on) on your work machine.

randolf@homeserver:~$ netstat -an | grep 44455
tcp        0      0 127.0.0.1:44455         0.0.0.0:*               LISTEN 

randolf@homeserver:~$ ssh localhost -p 44455
Password: ******

From there you should be connected to your work machine via your tunnel.

Mounting remote directories using FUSE and sshfs on openSUSE

sshfs user@host: /mnt/

Once that’s done, the remote filesystem is mounted as the directory “rsync” and I can copy and move files just like they’re local.

MediaWiki

How to make a dump of a website

update 20210611 Best Version:

wget -m https://

original

If you want to make a dump of a website, then you can do:

/usr/bin/wget -q --convert-links -E -m http://website.nu.com.mp3

wget --progress=bar --convert-links -E -m ftp://ftp.studer.ch/Public/

Actually, to download a single page and all its requisites (even if they exist on separate websites), and make sure the lot displays properly locally, this author likes to use a few options in addition to -p:

wget -E -H -k -K -p http:///

-E adjust extention ???

-H also download from foreign hosts

-p download all page requisites

PvdM version:

wget -r -k -K -p http://

-r recursive

-k convert links

-K backup converted

Iptables for dummies

Netfilter

Elke Linux distributie gebruikt Netfilter (in de kernel) voor firewalling. De beheertool daarvoor is 'iptables', via de commandline.

Hoe werkt het? Er zijn drie soorten verkeer: INPUT, OUTPUT en FORWARD. Dit worden ook wel 'chains' genoemd.

Om te beginnen, moeten we de firewall service stoppen. Op openSUSE is dat

rcSuSEfirewall2 stop

controle

Vervolgens beginnen we met een schone lei. Verwijder alle firewall regels

iptables -F

Controleer dit met

iptables -L -v

dichtzetten

Hierna staat je firewall uit en is leeg, dus we gaan hem snel dichtzetten. We gebruiken hiervoor 'policies'.

iptables -p INPUT DROP
iptables -p OUTPUT DROP
iptables -p FORWARD DROP

-p betekent hier policy, INPUT is de chain waarop hij werkt, en de 'target' is 'drop'.

targets

Er zijn de volgende targets:

Nu is de computer potdicht, en er is dus niet mee te werken met communicatie naar buiten. We gaan hem zo inrichten dat er communicatie naar buiten mogelijk is.

loopback goedzetten

Maar eerst moet er de loopback interface (lo) goed geconfigureerd worden. Hoewel niet strikt noodzakelijk, maar dit zorgt ervoor dat een hoop zaken goed verlopen.

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

-A betekent 'append', aan het eind. De volgorde van de regels is belangrijk! De eerste 'hit' wordt uitgevoerd en er wordt daarna niet meer verder gekeken.

-i is de interface

-j (jump) naar welke target

Hierna kan er gepinged worden naar de loopbackinterface:

PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.034 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.019 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.027 ms

uitgaand verkeer toestaan

We gaan nu alle uitgaande verkeer toestaan.

iptables -A OUTPUT -o eth0 -j ACCEPT

Dit zorgt voor uitgaande pakketjes, maar antwoorden hierop die binnenkomen, kunnen nog steeds niet de computer bereiken.

iptables -A INPUT -m state - state=ESTABLISHED,RELATED -j ACCEPT

creert een stateful filter.

How to get a list of permissions of mysql users

How to Get a List of Permissions of MySQL Users

MySQL has advanced database access system. A database user can have access to the whole database, separate tables, or to separate columns of tables. Also there is a restriction for actions a user may perform with records. MySQL server uses several tables in a special database to organize such a complicated database access structure. The access policy is based on the values available in these tables.

The database that MySQL server uses to store internal data about users is called mysql by default. There are tables for storing information about users’ accounts in this database:

* the list of global privileges:

SELECT

 mu.host `Host`,

 mu.user `User`,

 REPLACE(RTRIM(CONCAT(

 IF(mu.Select_priv = 'Y', 'Select ', ''),

 IF(mu.Insert_priv = 'Y', 'Insert ', ''),

 IF(mu.Update_priv = 'Y', 'Update ', ''),

 IF(mu.Delete_priv = 'Y', 'Delete ', ''),

 IF(mu.Create_priv = 'Y', 'Create ', ''),

 IF(mu.Drop_priv = 'Y', 'Drop ', ''),

 IF(mu.Reload_priv = 'Y', 'Reload ', ''),

 IF(mu.Shutdown_priv = 'Y', 'Shutdown ', ''),

 IF(mu.Process_priv = 'Y', 'Process ', ''),

 IF(mu.File_priv = 'Y', 'File ', ''),

 IF(mu.Grant_priv = 'Y', 'Grant ', ''),

 IF(mu.References_priv = 'Y', 'References ', ''),

 IF(mu.Index_priv = 'Y', 'Index ', ''),

 IF(mu.Alter_priv = 'Y', 'Alter ', ''),

 IF(mu.Show_db_priv = 'Y', 'Show_db ', ''),

 IF(mu.Super_priv = 'Y', 'Super ', ''),

 IF(mu.Create_tmp_table_priv = 'Y', 'Create_tmp_table ', ''),

 IF(mu.Lock_tables_priv = 'Y', 'Lock_tables ', ''),

 IF(mu.Execute_priv = 'Y', 'Execute ', ''),

 IF(mu.Repl_slave_priv = 'Y', 'Repl_slave ', ''),

 IF(mu.Repl_client_priv = 'Y', 'Repl_client ', ''),

 IF(mu.Create_view_priv = 'Y', 'Create_view ', ''),

 IF(mu.Show_view_priv = 'Y', 'Show_view ', ''),

 IF(mu.Create_routine_priv = 'Y', 'Create_routine ', ''),

 IF(mu.Alter_routine_priv = 'Y', 'Alter_routine ', ''),

 IF(mu.Create_user_priv = 'Y', 'Create_user ', ''),

 IF(mu.Event_priv = 'Y', 'Event ', ''),

 IF(mu.Trigger_priv = 'Y', 'Trigger ', '')

 )), ' ', ', ') AS `Privileges`

FROM

 mysql.user mu

ORDER BY

 mu.Host,

 mu.User

* the list of privileges for a database:

SELECT

 md.host `Host`,

 md.user `User`,

 md.db `Database`,

 REPLACE(RTRIM(CONCAT(

 IF(md.Select_priv = 'Y', 'Select ', ''),

 IF(md.Insert_priv = 'Y', 'Insert ', ''),

 IF(md.Update_priv = 'Y', 'Update ', ''),

 IF(md.Delete_priv = 'Y', 'Delete ', ''),

 IF(md.Create_priv = 'Y', 'Create ', ''),

 IF(md.Drop_priv = 'Y', 'Drop ', ''),

 IF(md.Grant_priv = 'Y', 'Grant ', ''),

 IF(md.References_priv = 'Y', 'References ', ''),

 IF(md.Index_priv = 'Y', 'Index ', ''),

 IF(md.Alter_priv = 'Y', 'Alter ', ''),

 IF(md.Create_tmp_table_priv = 'Y', 'Create_tmp_table ', ''),

 IF(md.Lock_tables_priv = 'Y', 'Lock_tables ', ''),

 IF(md.Create_view_priv = 'Y', 'Create_view ', ''),

 IF(md.Show_view_priv = 'Y', 'Show_view ', ''),

 IF(md.Create_routine_priv = 'Y', 'Create_routine ', ''),

 IF(md.Alter_routine_priv = 'Y', 'Alter_routine ', ''),

 IF(md.Execute_priv = 'Y', 'Execute ', ''),

 IF(md.Event_priv = 'Y', 'Event ', ''),

 IF(md.Trigger_priv = 'Y', 'Trigger ', '')

 )), ' ', ', ') AS `Privileges`

FROM

 mysql.db md

ORDER BY

 md.Host,

 md.User,

 md.Db

* the list of privileges for tables:

SELECT

 mt.host `Host`,

 mt.user `User`,

 CONCAT(mt.Db, '.', mt.Table_name) `Tables`,

 REPLACE(mt.Table_priv, ',', ', ') AS `Privileges`

FROM

 mysql.tables_priv mt

WHERE

 mt.Table_name IN

 (SELECT

 DISTINCT

   t.table_name `tables`

 FROM

   information_schema.tables AS t

 WHERE

   t.table_type IN

   ('BASE TABLE', 'SYSTEM VIEW', 'TEMPORARY', '') OR

   t.table_type <> 'VIEW' AND

   t.create_options IS NOT NULL

 )

ORDER BY

 mt.Host,

 mt.User,

 mt.Db,

 mt.Table_name;

* the list of privileges for views:

SELECT

 mv.host `Host`,

 mv.user `User`,

 CONCAT(mv.Db, '.', mv.Table_name) `Views`,

 REPLACE(mv.Table_priv, ',', ', ') AS `Privileges`

FROM

 mysql.tables_priv mv

WHERE

 mv.Table_name IN

 (SELECT

 DISTINCT

   v.table_name `views`

 FROM

   information_schema.views AS v

 )

ORDER BY

 mv.Host,

 mv.User,

 mv.Db,

 mv.Table_name;

* the list of privileges for table columns:

SELECT

  mtc.host `Host`,

  mtc.user `User`,

  CONCAT(mtc.Db, '.', mtc.Table_name, '.', mtc.Column_name) `Tables Columns`,

  REPLACE(mtc.Column_priv, ',', ', ') AS `Privileges`

FROM

  mysql.columns_priv mtc

WHERE

  mtc.Table_name IN

  (SELECT

  DISTINCT

    t.table_name `tables`

  FROM

    information_schema.tables AS t

  WHERE

    t.table_type IN

    ('BASE TABLE', 'SYSTEM VIEW', 'TEMPORARY', '') OR

    t.table_type <> 'VIEW' AND

    t.create_options IS NOT NULL

  )

ORDER BY

  mtc.Host,

  mtc.User,

  mtc.Db,

  mtc.Table_name,

  mtc.Column_name;

* the list of privileges for view columns:

SELECT

 mvc.host `Host`,

 mvc.user `User`,

 CONCAT(mvc.Db, '.', mvc.Table_name, '.', mvc.Column_name) `Views Columns`,

 REPLACE(mvc.Column_priv, ',', ', ') AS `Privileges`

FROM

 mysql.columns_priv mvc

WHERE

 mvc.Table_name IN

 (SELECT

 DISTINCT

   v.table_name `views`

 FROM

   information_schema.views AS v

 )

ORDER BY

 mvc.Host,

 mvc.User,

 mvc.Db,

 mvc.Table_name,

 mvc.Column_name;

* the list of privileges for procedures:

SELECT

 mp.host `Host`,

 mp.user `User`,

 CONCAT(mp.Db, '.', mp.Routine_name) `Procedures`,

 REPLACE(mp.Proc_priv, ',', ', ') AS `Privileges`

FROM

 mysql.procs_priv mp

WHERE

 mp.Routine_type = 'PROCEDURE'

ORDER BY

 mp.Host,

 mp.User,

 mp.Db,

 mp.Routine_name;

* the list of privileges for functions:

SELECT

 mf.host `Host`,

 mf.user `User`,

 CONCAT(mf.Db, '.', mf.Routine_name) `Procedures`,

 REPLACE(mf.Proc_priv, ',', ', ') AS `Privileges`

FROM

 mysql.procs_priv mf

WHERE

 mf.Routine_type = 'FUNCTION'

ORDER BY

 mf.Host,

 mf.User,

 mf.Db,

 mf.Routine_name;

How to check database

Check a Specific Table in a Database

If your application gives an error message saying that a specific table is corrupted, execute the mysqlcheck command to check that one table.

The following example checks employee table in thegeekstuff database.

# mysqlcheck -c thegeekstuff employee -u root -p
Enter password:
thegeekstuff.employee    OK

Check All Tables in a Database

To check all the tables in a particular database, don’t specify the table name. Just specify the database name.

The following example checks all the tables in the alfresco database.

# mysqlcheck -c alfresco  -u root -p
Enter password:
alfresco.JBPM_ACTION                               OK
alfresco.JBPM_BYTEARRAY                            OK
alfresco.JBPM_BYTEBLOCK                            OK
alfresco.JBPM_COMMENT                              OK
alfresco.JBPM_DECISIONCONDITIONS                   OK
alfresco.JBPM_DELEGATION                           OK
alfresco.JBPM_EVENT                                OK
..

Check All Tables and All Databases

To check all the tables and all the databases use the “–all-databases” along with -c option as shown below.

# mysqlcheck -c  -u root -p --all-databases
Enter password:
thegeekstuff.employee                              OK
alfresco.JBPM_ACTION                               OK
alfresco.JBPM_BYTEARRAY                            OK
alfresco.JBPM_BYTEBLOCK                            OK
..
..
mysql.help_category
error    : Table upgrade required. Please do "REPAIR TABLE `help_category`" or dump/reload to fix it!
mysql.help_keyword
error    : Table upgrade required. Please do "REPAIR TABLE `help_keyword`" or dump/reload to fix it!
..

If you want to check all tables of few databases, specify the database names using “–databases”.

The following example checks all the tables in thegeekstuff and alfresco database.

# mysqlcheck -c  -u root -p --databases thegeekstuff alfresco
Enter password:
thegeekstuff.employee                              OK
alfresco.JBPM_ACTION                               OK
alfresco.JBPM_BYTEARRAY                            OK
alfresco.JBPM_BYTEBLOCK                            OK
..

Analyze Tables using Mysqlcheck

The following analyzes employee table that is located in thegeekstuff database.

# mysqlcheck -a thegeekstuff employee -u root -p
Enter password:
thegeekstuff.employee   Table is already up to date

Internally mysqlcheck command uses “ANALYZE TABLE” command. While mysqlcheck is executing the analyze command the table is locked and available for other process only in the read mode.

Optimize Tables using Mysqlcheck

The following optimizes employee table that is located in thegeekstuff database.

# mysqlcheck -o thegeekstuff employee -u root -p
Enter password:
thegeekstuff.employee         OK

Internally mysqlcheck command uses “OPTIMIZE TABLE” command. When you delete lot of rows from a table, optimizing it helps to get the unused space and defragment the data file. This might improve performance on huge tables that has gone through several updates.

Repair Tables using Mysqlcheck

The following repairs employee table that is located in thegeekstuff database.

# mysqlcheck -r thegeekstuff employee -u root -p
Enter password:
thegeekstuff.employee        OK

Internally mysqlcheck command uses “REPAIR TABLE” command. This will repair and fix a corrupted MyISAM and archive tables.

Combine Check, Optimize, and Repair Tables

Instead of checking and repairing separately. You can combine check, optimize and repair functionality together using “–auto-repair” as shown below.

The following checks, optimizes and repairs all the corrupted table in thegeekstuff database.

# mysqlcheck -u root -p --auto-repair -c -o thegeekstuff

You an also check, optimize and repair all the tables across all your databases using the following command.

# mysqlcheck -u root -p --auto-repair -c -o --all-databases

If you want to know what the command is doing while it is checking, add the –debug-info as shown below. This is helpful while you are checking a huge table.

# mysqlcheck --debug-info -u root -p --auto-repair -c -o thegeekstuff employee
Enter password:
thegeekstuff.employee  Table is already up to date

User time 0.00, System time 0.00
Maximum resident set size 0, Integral resident set size 0
Non-physical pagefaults 344, Physical pagefaults 0, Swaps 0
Blocks in 0 out 0, Messages in 0 out 0, Signals 0
Voluntary context switches 12, Involuntary context switches 9

Additional Useful Mysqlcheck Options

The following are some of the key options that you can use along with mysqlcheck.

-A, –all-databases Consider all the databases
-a, –analyze Analyze tables
-1, –all-in-1 Use one query per database with tables listed in a comma separated way
–auto-repair Repair the table automatically it if is corrupted
-c, –check Check table errors
-C, –check-only-changed Check tables that are changed since last check
-g, –check-upgrade Check for version dependent changes in the tables
-B, –databases Check more than one databases
-F, –fast Check tables that are not closed properly
–fix-db-names Fix DB names
–fix-table-names Fix table names
-f, –force Continue even when there is an error
-e, –extended Perform extended check on a table. This will take a long time to execute.
-m, –medium-check Faster than extended check option, but does most checks
-o, –optimize Optimize tables
-q, –quick Faster than medium check option
-r, –repair Fix the table corruption

Nagios

check_mk

Introduction

This guide is intended to provide you with simple instructions on how to install Nagios from source (code) on openSUSE and have it monitoring your local machine inside of 20 minutes. No advanced installation options are discussed here - just the basics that will work for 95% of users who want to get started.

These instructions were written based on an openSUSE 10.2 installation.

Required Packages

Make sure you've installed the following packages on your openSUSE installation before continuing. You can use yast to install packages under openSUSE.

Create Account Information

Become the root user.

su -l

Create a new nagios user account and give it a password.

/usr/sbin/useradd -m nagios
passwd nagios

Create a new nagios group. Add the nagios user to the group.

/usr/sbin/groupadd nagios
/usr/sbin/usermod -G nagios nagios

Create a new nagcmd group for allowing external commands to be submitted through the web interface. Add both the nagios user and the apache user to the group.

/usr/sbin/groupadd nagcmd
/usr/sbin/usermod -a -G nagcmd nagios
/usr/sbin/usermod -a -G nagcmd wwwrun

Download Nagios and the Plugins

Create a directory for storing the downloads.

mkdir ~/downloads
cd ~/downloads

Download the source code tarballs of both Nagios and the Nagios plugins (visit http://www.nagios.org/download/ for links to the latest versions). These directions were tested with Nagios 3.1.1 and Nagios Plugins 1.4.11.

wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.2.3.tar.gz
wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.11.tar.gz

Compile and Install Nagios

Extract the Nagios source code tarball.

cd ~/downloads
tar xzf nagios-3.2.3.tar.gz
cd nagios-3.2.3

Run the Nagios configure script, passing the name of the group you created earlier like so:

./configure --with-command-group=nagcmd

Compile the Nagios source code.

make all

Install binaries, init script, sample config files and set permissions on the external command directory.

make install
make install-init
make install-config
make install-commandmode

Don't start Nagios yet - there's still more that needs to be done...

Customize Configuration

Sample configuration files have now been installed in the /usr/local/nagios/etc directory. These sample files should work fine for getting started with Nagios. You'll need to make just one change before you proceed...

Edit the /usr/local/nagios/etc/objects/contacts.cfg config file with your favorite editor and change the email address associated with the nagiosadmin contact definition to the address you'd like to use for receiving alerts.

vi /usr/local/nagios/etc/objects/contacts.cfg

Configure the Web Interface

Install the Nagios web config file in the Apache conf.d directory.

make install-webconf

Create a nagiosadmin account for logging into the Nagios web interface. Remember the password you assign to this account - you'll need it later.

htpasswd2 -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

Restart Apache to make the new settings take effect.

service apache2 restart
or
systemctl restart apache2

Note Note: Consider implementing the ehanced CGI security measures described below to ensure that your web authentication credentials are not compromised.

Compile and Install the Nagios Plugins

Extract the Nagios plugins source code tarball.

cd ~/downloads
tar xzf nagios-plugins-1.4.11.tar.gz
cd nagios-plugins-1.4.11

Compile and install the plugins.

./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install

Start Nagios

Add Nagios to the list of system services and have it automatically start when the system boots.

chkconfig --add nagios
chkconfig nagios on

Verify the sample Nagios configuration files.

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

If there are no errors, start Nagios.

service nagios start
or
systemctl start nagios

Login to the Web Interface

You should now be able to access the Nagios web interface at the URL below. You'll be prompted for the username (nagiosadmin) and password you specified earlier.

http://localhost/nagios/

Click on the "Service Detail" navbar link to see details of what's being monitored on your local machine. It will take a few minutes for Nagios to check all the services associated with your machine, as the checks are spread out over time.

Other Modifications

Make sure your machine's firewall rules are configured to allow access to the web server if you want to access the Nagios interface remotely.

You can do this by:

Configuring email notifications is outside the scope of this documentation. Refer to your system documentation, search the web, or look to the Nagios Support Portal or Nagios Community Wiki for specific instructions on configuring your openSUSE system to send email messages to external addresses.

Security

This is intended to be an introduction for implementation of stronger authentication and server security focused around the CGI web interface.

Stronger Authentication using Digest Authentication.

If you have followed the quickstart guides, chances are that you are using Apache's Basic Authentication. Basic Authentication will send your username and password in "clear text" with every http request. Consider using a more secure method of authentication such as Digest Authentication which creates a MD5 Hash of your username and password to send with each request.

Forcing TLS/SSL for all Web Communication.

Apache provides TLS/SSL through the mod_ssl module. TLS/SSL provides a secure tunnel between the client and server that prevents eavesdropping and tampering using strong publickey/privatekey cryptography.

Locking Down Apache Using Access Controls.

Consider locking down access to the Nagios box to your IP address, IP address range, or IP subnet. If you require access outside your network you could use VPN or SSH Tunnels. This is a easy and strong to limit access to HTTP/HTTPS on your system.

Implementing Digest Authentication

The implementation of Digest Authentication is simple. You will have to create the new type of password file using the 'htdigest' tool, then modify the Apache configuration for nagios (typically /etc/httpd/conf.d/nagios.conf).

Create a new passwords file using the 'htdigest' tool. The difference that you will notice if you are familiar with 'htpasswd' tools is the requirement to supply a 'realm' argument. Where 'realm' in this case refers to the value of the 'AuthName' directive in the Apache configuration.

htdigest -c /usr/local/nagios/etc/.digest_pw "Nagios Access" nagiosadmin

Next, edit the Apache configuration file for Nagios (typically /etc/httpd/conf.d/nagios.conf) using the following example.

## BEGIN APACHE CONFIG SNIPPET - NAGIOS.CONF

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">

   Options ExecCGI

   AllowOverride None

   Order allow,deny

   Allow from all

   AuthType Digest

   AuthName "Nagios Access"

   AuthDigestFile /usr/local/nagios/etc/.digest_pw

   Require valid-user

</Directory>



Alias /nagios "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">

   Options None

   AllowOverride None

   Order allow,deny

   Allow from all

   AuthType Digest

   AuthName "Nagios Access"

   AuthDigestFile /usr/local/nagios/etc/.digest_pw

   Require valid-user

</Directory>

## END APACHE CONFIG SNIPPETS

Then, restart the Apache service so the new settings can take effect.

/etc/init.d/httpd restart

Implementing Forced TLS/SSL

Make sure you've installed Apache and OpenSSL. By default you should have mod_ssl support if you are still having trouble you may find help reading Apache's TLS/SSL Encryption Documentation.

Next, verify that TLS/SSL support is working by visiting your Nagios Web Interface using HTTPS (https://your.domain/nagios). If it is working you can continue on to the next steps that will force using HTTPS and block all HTTP requests for the Nagios Web Interface. If you are having trouble visit Apache's TLS/SSL Encryption Documentation and Google for troubleshooting your specific Apache installation. Next, edit the Apache configuration file for Nagios (typically /etc/httpd/conf.d/nagios.conf) by adding the 'SSLRequireSSL' directive to both the 'sbin' and 'share' directories.

## BEGIN APACHE CONFIG SNIPPET - NAGIOS.CONF

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">

   ...

   SSLRequireSSL

   ...

</Directory>



Alias /nagios "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">

   ...

   SSLRequireSSL

   ...

</Directory>

## END APACHE CONFIG SNIPPETS

Restart the Apache service so the new settings can take effect.

/etc/init.d/httpd restart

Implementing IP subnet lockdown

The following example will show how to lock down Nagios CGIs to a specific IP address, IP address range, or IP subnet using Apache's access controls.

Edit the Apache configuration file for Nagios (typically /etc/httpd/conf.d/nagios.conf) by using the 'Allow', 'Deny', and 'Order' directives using the following as an example.

## BEGIN APACHE CONFIG SNIPPET - NAGIOS.CONF

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">

   ...

   AllowOverride None

   Order deny,allow

   Deny from all

   Allow from 127.0.0.1 10.0.0.25       # Allow single IP addresses

   Allow from 10.0.0.0/255.255.255.0        # Allow network/netmask pair

   Allow from 10.0.0.0/24           # Allow network/nnn CIDR spec

   ...

</Directory>



Alias /nagios "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">

   ...

   AllowOverride None

   Order deny,allow

   Deny from all

   Allow from 127.0.0.1 10.0.0.25       # Allow single IP addresses

   Allow from 10.0.0.0/255.255.255.0        # Allow network/netmask pair

   Allow from 10.0.0.0/24           # Allow network/nnn CIDR spec

   ...

</Directory>

## END APACHE CONFIG SNIPPET

Important Notes

Nmap

Brute force test wordpress

nmap -p 80 --script http-wordpress-brute --script-args http-wordpress-brute.threads=4,http-wordpress-brute.uri="/blog/wp-login.php"  

Bluetooth

To enable the (powered down) bluetooth adapter on openSUSE 13.2:

rfkill unblock bluetooth

blueproximity

tweaking your settings should do the trick. Actually that's why I implemented a kind of testing mode. Open the preferences. Move to the second tab. The last control on that page "Measured atm (at the moment) shows the measured state. You can click on "Reset min/max" and leave the window open. If the window is open BlueProximity enters the simulation state which will not execute the action commands. It still measures the distances (on contrary to the pause mode which will completely disconnect the phone) and shows them at that control. Please note the text below the bar, which states "min" and "max" values - those are the min/max values of the measured distances after you pressed the Reset button last time.

This information should give you a hint which values are to expect while you normally work in front of your computer. Remember to use all "poses" you normally use while using your computer. You should stay in those poses for at least 10 seconds so that the rssi value regulates on the new situation. That should give you realistic values for the locking distance. Use a value of at least 2 above the measured value and see if that already gives a secure setting for the distance.

Also set the unlock distance to a value at least 2 smaller than the lock distance. Normally half of the lock distance gives a good result. You should play with the timer settings too. Don't put your lock timer to a value less than 5, at this moment my values are lock dist=7,dur=10. That is because I found out that sometimes unexpected com problems seem to exist between my phone and my pc - the rssi value drops to an unreasonable 8 but only for 5 seconds, it comes back to normal then which will never result in a value above 6 for longer than 10 seconds. My unlock time is also not set to 0 but to 2, the distance to 4. That way if I come back to my pc, the first of the two seconds below 5 is usually already passed and it takes about a second for me to sit down and once I sit down it unlocks almost immediately.

This should also fix the screensaver problem as there is no immediate unlock possible. Please do note that using a fade out time for you screensaver, it should be set at least one second below the unlock timer so that the unlocking is never done while the locking is still in progress. It once rendered my whole desktop faded to grey which was eyefriendly for that time of the day but it wouldn't help in the office :-)

The battery drain should be unnotable to phones that already had bluetooth activated. The explicit energy drain for an open bluetooth connection is specified to be 1 mW, my nokia has a 700mAh battery so it is ridiculously low in comparison :-) In other words, if you have bluetooth activated already you should not notice any difference at all. And btw, the visibility setting in your phone also has no effect on the battery too. Even though you would need to activate it only once to find your phone. After the mac address is entered you can switch your phone back to invisible if you like. This raises your phone's security a little bit. Hopefully this helps,

KVM

Start a vm as non-root:

# virsh -c qemu:///system start tumbleweed

and view it:

# virt-viewer -c qemu:///system tumbleweed

Raspberry Pi

X11 forwarding for sudo users

Can’t start X11 applications after “su” or “su -” to another user

To get access to the X client applications such as system-config-date, xclock, vncviewer we need to export the DISPLAY settings of a remote host to the local server. This is commonly done using below commands.

# ssh root@remotehost 

remotehost# export DISPLAY=x.x.x.x:y.y

Where x.x.x.x:y.y – is the display settings of the system from which you connected to the remote host.

You can also use the -X option with ssh to directly export the DISPLAY on the remote host.

# ssh -X root@remotehost

But now if you try to switch to another user on the remote system and export the display again, you would get and error – “Error: Can’t open display:”.

# ssh -X root@remotehost 
# su - [username]
# export DISPLAY=x.x.x.x:y.y 
# xclock
Error: Can't open display: x.x.x.x:y.y

X11 forwarding for sudo users

Just setting the DISPLAY is not enough. X authentication is based on cookies, so it’s necessary to set the cookie used by the user that initiated the connection. The following procedure allows a sudo user to use the ssh based X11 tunnel:

1. Connect the remote host using the -X option with ssh.

# ssh -X root@remote-host

2. Now list the coockie set for the current user.

# xauth list $DISPLAY
node01.thegeekdiary.com/unix:10  MIT-MAGIC-COOKIE-1  dacbc5765ec54a1d7115a172147866aa
# echo $DSIPLAY
localhost:10.0

3. Switch to another user account using sudo. Add the cookie from the command output above to the sudo user.

# sudo su - [user] 
# xauth add node01.thegeekdiary.com/unix:10  MIT-MAGIC-COOKIE-1  dacbc5765ec54a1d7115a172147866aa

4. Export the display from step 2 again for the sudo user. Try the command xclock to verify if the x client applications are working as expected.

# export DISPLAY=localhost:10.0
# xclock

Ssh keygen

# ssh-keygen -t ecdsa -b 521

Compare Apache conf files and Nginx conf files

APACHE:

Apache Nginx test

<VirtualHost *:80> server {
listen 80;

ServerName yoursite.com
ServerAlias www.yoursite.com server_name yoursite.com www.yoursite.com;

DocumentRoot /path/to/root root /path/to/root;

AllowOverride All <span class=“highlight”>(No Available Alternative)</span>

DirectoryIndex index.php index index.php;

ErrorLog /path/to/log error_log /path/to/log error;

CustomLog /path/to/log combined access_log /path/to/log main;

Alias /url/ “/path/to/files” location /url/ {
<Directory “/path/to/files”> alias /path/to/files;

NGINX:

server {
listen 8000; # We’re deliberately leaving this as-is to avoid conflict at the moment

root /var/www;
server_name <span class="highlight">your_site.com</span> www.<span class="highlight">your_site.com</span>;

location / {
    try_files $uri $uri/ /index.html;
}

location ~ \.php$ {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
}

location /doc/ {
    alias /usr/share/doc/;
    autoindex on;
    allow 127.0.0.1;
    deny all;
}

location ~/\.ht {
    deny all;
}
}

Enable wifi after suspend-resume

To enable wifi after resume, when it is turned off

Create a systemd service “root-resume.service” in /etc/systemd/system with content:

[Unit]
Description=Local system resume actions
After=suspend.target

[Service]
Type=simple
ExecStart=/usr/bin/nmcli radio wifi on

[Install]
WantedBy=suspend.target

and enable the newly created service:

# systemctl enable root-resume.service

POSTFIX

Inleiding

Met het programma Postfix op een linux systeem kan mail verzonden en verstuurd worden. Er zijn een paar instellingen die soms gedaan moeten worden. Tevens het gebruik van het lokale mailprogramma wordt in deze hoofdstuk uitgelegd (mail,nail,mailx)

De instellingen

De instellingen die belangrijk zijn om via Postfix mail te kunnen versturen staan in '/etc/postfix/main.cf'. De volgende instellingen zijn belangrijk:

myhostname="fully qualified hostname"
relayhost=bla.nl 

De laatste instelling is verplicht. Indien deze parameter niet gevuld is, wordt de mail niet verstuurd naar de ontvanger (postfix zoekt dan zelf de relayhost op via het 'mx-record' van het domein, wat een mail relay host teruggeeft die niet relayed -XXXXX )

Mail manipulaties

Nu kan er dus mail verstuurd worden vanaf de host met het commando 'mail' of 'nail'. Dit kan interactief of scriptsgewijs. Een aantal voorbeeldscriptjes zijn:

nail -s "subject" -r "afzender"  "mailadres" -a "attachment" << EOF         bla body  bla  groetje EOF
mail bla@amsterdam.nl -s 'hallootjes' -r joop@bla.tk < /proc/cpuinfo 
mail bla@amsterdam.nl -s 'hallootjes' -r joop@bla.tk -a attachment < /proc/cpuinfo 

of simpeler:

mail -s "subject"  "mailadres"  bewaar de gelezen mail, de uitvoer geeft aan waar de mail terechtkomt (bijv. '/root/mbox')
help    --> geeft aan hoe je een mail kan versturen
list    --> laat alle commando's zien (een soort help maar dan uitgebreider)
next    --> ga naar het volgende mailtje
d 1     --> delete mail 1
d 1-300 --> delete mail 1 t/m 300
header  --> laat de lijst met mail zien
q       --> verlaat de applicatie

De mailboxen

De postfix mailbox is opgeslagen in de directory '/var/spool/mail/"username". De gelezen en opgeslagen mail (gaat automatisch bij het afsluiten) staat in "user_home_dir"/mbox.

De postfix deliveryqueue legen/flushen

#postqueue -f <-- waarschijnlijk niet het goede commando
#postsuper -d 

Alles verwijderen:

#postsuper -d ALL

Het queueID kun je vinden met

#postqueue -p

Alle systeem mail for root verwijderen

echo 'd*' | mail -N

De postfix queue bekijken

#mailq

of

#postqueue -p

Een werkende postfix configuratiefile main.cf

Hier volgt een goed werkende file voor de transparent mail relay host cups:

relay_domains = $mydestination, hash:/etc/postfix/relay
virtual_alias_maps = hash:/etc/postfix/virtual
#virtual_uid_maps = static:303
#virtual_gid_maps = static:303
#virtual_minimum_uid = 303
#virtual_mailbox_base = /srv/maildirs
#virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
#virtual_mailbox_limit = 0
#virtual_mailbox_limit_inbox = no
#virtual_mailbox_limit_maps = hash:/etc/postfix/vquota
#virtual_mailbox_limit_override = yes
#virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
#virtual_transport = virtual
## Additional for quota support
#virtual_create_maildirsize = yes
#virtual_mailbox_extended = yes
### Needs Maildir++ compatible IMAP servers, like Courier-IMAP
#virtual_maildir_filter = yes
#virtual_maildir_filter_maps = hash:/etc/postfix/vfilter
#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
#virtual_mailbox_limit_override = yes
#virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
#virtual_maildir_limit_message_maps = hash:/etc/postfix/vmsg
#virtual_overquota_bounce = yes
#virtual_trash_count = yes
#virtual_trash_name = ".Trash"
############################################################
# End MySQL from postfixwiki.org
############################################################

inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_domains = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = bla.wzs.amsterdam.nl
delay_warning_time = 1h
message_strip_characters = \0
program_directory = /usr/lib/postfix
inet_interfaces = xxx
#inet_interfaces = localhost
masquerade_domains = 
mydestination = $myhostname, localhost.$mydomain
defer_transports = 
mynetworks = xxx
#mynetworks_style = subnet
disable_dns_lookups = no
relayhost = smtprelay.basis.lan
content_filter = 
mailbox_command = 
mailbox_transport = 
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions = permit_mynetworks 
smtpd_helo_required = no
smtpd_helo_restrictions = 
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = no
smtpd_use_tls = no
smtp_use_tls = no
smtp_enforce_tls = no
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 0

How to make a webcam page with Apache on Linux (obsolete)

How to make a page on your webserver displaying a picture of your webcam using Linux and Apache

This document describes, in short, how to make a page on your webserver to display a semi-continuous image of your webcam. This document is in fact, the documentation of such an installation on my machine running openSUSE 11.2 x86_64

The webcam involved is a Philips ToUCam Pro. In this example, it is connected directly to the webserver. But it is possible to have the image uploaded from another computer as well.

This solution uses a 2 stage approach, which makes it modular. The first stage/module captures images from the device using the commandline tool webcam and places the image in a directory, and the second stage/module is the HTML-page that publishes this image on a regular interval using a java applet (or you can go for a more simple solution and use a static page).

1st step: Check webcam.

check dmesg

pwc: Philips PCVC740K (ToUCam Pro)/PCVC840 (ToUCam II) USB webcam detected.

2nd step: install motion.

buildservice /etc/motion/motion.conf section image file output

output normal on -> off

section live webcam server

webcam port 8081
webcam quality 80
webcam localhost off

/var/run/motion/motion.pid

#mkdir /var/run/motion
#chmod 777 /var/run/motion

Enable monitoring of MD (software RAID) devices

After you have created the RAID (via YAST):

#insserv -d mdadmd

to have mdadm run as a daemon in the background in the deafult runlevels (usually 3 and 5) monitoring your devices. Or you can run it manually using

#mdadm --monitor --scan --daemonise > /var/run/mdadm

this also writes the pid to /var/run/mdadm file.

Also, check it by running:

#chkconfig -l mdadmd
mdadmd                    0:off  1:off  2:off  3:on   4:off  5:on   6:off

Database dump & restore

make database dump:

mysqldump -u root -p –all-databases > pvdm.sql
mysqldump -u root -p wikidb > pvdm.sql

restore the dump:

#mysql -u root -p
mysql> create database xyz;
mysql> quit;
#mysql -u root -p [dbname] < pvdm.sql

delete database:

#mysql -u root -p
mysql> drop database xyz;

Stop SSH brute force attacks

Stop ssh brute force attack using SuSEfirewall

Edit /etc/sysconfig/SuSEfirewall2:

do not open ssh ports here

FW_SERVICES_EXT_TCP=""
FW_CONFIGURATIONS_EXT=""

add this rule

FW_SERVICES_ACCEPT_EXT="0.0.0.0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"

Restart firewall:

rcSuSEfirewall2 restart

Now attacker will just have three attempts to break in.

Securing the initial mysql installation

When mysql is installed, the grant tables are created.

root account password assignment:

shell> mysql -u root -p
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('newpwd');
mysql> SET PASSWORD FOR 'root'@'host_name' = PASSWORD('newpwd');

In the second SET PASSWORD statement, replace host_name with the name of the server host. This is the same host name that you used when you assigned the anonymous account passwords.
If the user table contains an account with User and Host values of 'root' and '127.0.0.1', use an additional SET PASSWORD statement to set that account's password:

mysql> SET PASSWORD FOR 'root'@'127.0.0.1' = PASSWORD('newpwd');

Anonymous Account Removal

If you prefer to remove the anonymous accounts instead, do so as follows:

shell> mysql -u root
mysql> DROP USER ''; (zonder spatie)

The DROP statement applies both to Windows and to Unix.

new users

After connecting to the server as root, you can add new accounts. The following statements use GRANT to set up four new accounts:

mysql> CREATE USER 'monty'@'localhost' IDENTIFIED BY 'some_pass';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'monty'@'localhost'
   ->     WITH GRANT OPTION;
mysql> CREATE USER 'monty'@'%' IDENTIFIED BY 'some_pass';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'monty'@'%'
   ->     WITH GRANT OPTION;
mysql> CREATE USER 'admin'@'localhost';
mysql> GRANT RELOAD,PROCESS ON *.* TO 'admin'@'localhost';
mysql> CREATE USER 'dummy'@'localhost';

Install a PXE boot server on 10.3

  1. REDIRECT Install a PXE boot server on 11.1

How to make a webcam page with Apache on Linux

  1. REDIRECT How to make a webcam page with Apache on Linux (obsolete)

How to automatically log in to remote ssh servers using public/private keypair

As a user:

~>ssh-keygen -t dsa

and enter your way through the prompts

The keys are stored in the .ssh/ directory in your home directory.

-rw-------  1 pm users  668 2009-10-24 15:58 id_dsa
-rw-r--r--  1 pm users  601 2009-10-24 15:58 id_dsa.pub

id_dsa.pub is the public keyfile we are gonna place on the remote server.

ssh-copy-id -i ~/.ssh/id_dsa.pub remoteserver

Enter your password for the remote server.

You should get:

Now try logging into the machine, with "ssh 'remoteserver'", and check in:
 .ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.

Now try it for yourself:

ssh remoteserver

Et voila!

How to make an encrypted directory

If you want to make an encrypted directory, for instance when you want to store private information, and you want to access it seamless on your computer, this is how to do it. It will be available after mounting it with a password.

This wiki is not about an encrypted filesystem.

Installation

Install the package 'encfs'.

OpenSUSE:

#zypper in encfs

Configuration

Now you have to create 2 directories.

  1. One will contain the encrypted, unreadable data. The files will be stored here. But do nothing with this directory.
  2. The second will be used as a sort of 'mount point', where the unencrypted data will appear. You must read and write this location.

You can use any name. Here I have chosen the following:

#mkdir ~/.encrypted ~/unencrypted

I choose a name starting with a period ('.') for the encrypted dir because this will hide it from normal viewing, as there is nothing to see anyway :)

Now start the installation:

#encfs ~/.encrypted ~/unencrypted

Creating new encrypted volume.
Please choose from one of the following options:
 enter "x" for expert configuration mode,
 enter "p" for pre-configured paranoia mode,
 anything else, or an empty line will select standard mode.

Press [enter] for standard mode

Standard configuration selected.

Configuration finished.  The filesystem to be created has
the following properties:
Filesystem cipher: "ssl/aes", version 2:2:1
Filename encoding: "nameio/block", version 3:0:1
Key Size: 192 bits
Block Size: 1024 bytes
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.
File holes passed through to ciphertext.

Now you will need to enter a password for your filesystem.
You will need to remember this password, as there is absolutely
no recovery mechanism.  However, the password can be changed
later using encfsctl.

New Encfs Password:
Verify Encfs Password:

And there you have it!

Usage

To use the encrypted directory, place some files in the unencrypted directory. You notice that the same amount of files are created in the encrypted directory, but with encrypted names and encrypted contents.

You can use the unencrypted dir as you would with any normal dir.

If you want to stop using the files, you can logout or unmount manually.

Make sure that it is not the current directory.

#fusermount -u ~/unencrypted

To use it again:

#encfs ~/.encrypted ~/unencrypted

And that's it!

How to repair a crashed table

I had a crashed searchindex table in my MediaWiki, so I:

#mysql -u root -p

mysql> use wikidb;

mysql> check table searchindex;
+--------------------+-------+----------+----------------------------+
| Table              | Op    | Msg_type | Msg_text                   |
+--------------------+-------+----------+----------------------------+
| wikidb.searchindex | check | warning  | Table is marked as crashed |
| wikidb.searchindex | check | status   | OK                         |
+--------------------+-------+----------+----------------------------+
2 rows in set (0.24 sec)

mysql> repair table searchindex;
+--------------------+--------+----------+----------+
| Table              | Op     | Msg_type | Msg_text |
+--------------------+--------+----------+----------+
| wikidb.searchindex | repair | status   | OK       |
+--------------------+--------+----------+----------+
1 row in set (0.21 sec)

How to test network speed

# iperf -s

# iperf -c [ip.of.server.address] -r -t 10

-r: test reverse also

-t: time

How to convert an existing ext3 filesystem to ext4

  1. Dismount the filesystem
  2. tune2fs -O extents,uninit_bg,dir_index /dev/DEV
  3. e2fsck -fpDC0 /dev/DEV

Using bridged networking in VirtualBox

If you get an error when using bridged networking, type:

# insmod /lib/modules/2.6.31.8-0.1-desktop/updates/vboxnetflt.ko

That could help. Of course, substitute your current kernel.

Installation of openfire jabber xmpp server on openSUSE server

# zypper in openfire.rpm

#! /bin/sh                                                                               
#                                                                                        
# openfire      Stops and starts the Openfire XMPP service.                              
#                                                                                        
### BEGIN INIT INFO                                                                      
# Provides:          openfire                                                            
# Required-Start:    $network                                                            
# Required-Stop:     $network                                                               
# Default-Start:     3 5                                                                    
# Default-Stop:                                                                             
# Description:                                                                              
# description:       Openfire is an XMPP server, which is a server that facilitates \       
#                    XML based communication, such as chat.                                 
# config:            /opt/openfire/conf/openfire.xml                                        
# config:            /etc/sysconfig/openfire                                                
# pidfile:           /var/run/openfire.pid                                                  
# Short-Description: XMPP server                                                            
### END INIT INFO

# /etc/init.d/openfire start
# /etc/init.d/openfire status

fill in the right data

Before you can login for the first time, you may have to stop and start the service.

# chkconfig -a openfire

Troubleshooting

Openfire admin password

Find the sparkweb.xml file in the Conf directory, open it in your favorite text editor and place the following:

<admin>
    <authorizedUsernames>joe</authorizedUsernames>
</admin>

Then restart the service!!

Where "joe" is any user you want to use as the admin. This will allow you to login with an account you know.

If this doesn't work, open the same sparkweb.xml file, find the entry near the bottom that says true and change it to false.

Stop and start the service, open the admin console and you will be prompted to begin the setup again. You previous settings will be saved and you can press "save & continue" for most settings. When it asks for the admin account, fix it there.

Apache etc. (joomla etc.)

  1. REDIRECT Apache en HTML

How to secure an initial MySQL installation

  1. REDIRECT OLD:How to secure an initial MySQL installation

Enlarge disks by removing reserve space on ext2/3/4

Five percent of a ext2/3/4 filesysteem is reserved for root.

# tune2fs -m 1 /dev/sda1

this reserves 1 percent.

# tune2fs -m 0.2 /dev/sda1

this reserves 0.2 percent

Allowing access from other hosts

To allow access from your workstation (to use mysqladministrator?) you must allow access.

mysql> update user set host='10.125.0.3' where user='root' and host='localhost';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> flush privileges;
Query OK, 0 rows affected (0.05 sec)

Install openSUSE via SSH

To install a server over SSH do the following:

usessh=1 sshpassword=sdrtjgbskdhg hostip=1.1.1.1 netmask=255.255.255.0 gateway=1.1.1.1

SSH filesystem

SSH Filesystem

Another way to get at files on remote hosts? The SSH Fuse filesystem. This effectively mounts remote filesystems using SSH. It's a bit complicated, but not bad. Here's how we do it (it's easier after the first time):

  1. Make sure you have the sshfs and FUSE packages installed. If you install sshfs on Ubuntu, for instance, it should pull in the necessary packages.
  2. Make sure that the fuse module is loaded. Check using lsmod | grep fuse and if it isn't loaded, run sudo modprobe fuse.
  3. Make sure you're in the fuse group. May require a log out and in again. (adduser username fuse or just append your username to the fuse line in /etc/group.)
  4. Now, make sure you have a directory to serve as a local mount point. I usually just use the server name. So I might make a local directory under my home directory called "kang" for a remote server called kang.zonker.net.
  5. To mount the remote filesystem, run: sshfs hostname:/directory localdirectory. For example, I might run: sshfs jzb@kang.zonker.net:/home/jzb/ kang .

That's it. Now you can browse the remote filesystem as if it were local. Naturally, like copying files over SFTP or scp, it's going to be slower. But this makes remote file management dead easy.