Empulse Group a collection of notes from a sys admin, musician, and father

28Nov/100

Optimize all MySQL tables using MyISAM

A common cause of slow sites and high server load is the MySQL server.  Many times I find the cause to be database tables that need to be optimized.

[root@www ~]# for i in `mysql -e 'select concat(table_schema,".",table_name) from information_schema.tables where engine="MyISAM"'`; do mysql -e "optimize table $i"; done
Filed under: Uncategorized No Comments
15Nov/100

Setting up vsftpd with MySQL authentication

Here we will be setting up vsftpd to use MySQL for authentication using pam_mysql.  MySQL already uses PAM so we will just need to edit the pam file for this service to use the pam_mysql module. Then, we edit the vsftpd.conf file. And finally, the user credentials will be stored in a MySQL database.

Install packages:

  • pam_mysql
  • mysql
  • vsftpd
[root@www ~]# cat /etc/pam.d/vsftpd
auth required /lib64/security/pam_mysql.so user=vsftpd passwd=foo host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=passwd crypt=0 sqllog=1 logtable=logs logmsgcolumn=msg logusercolumn=user logpidcolumn=pid loghostcolumn=host logrhostcolumn=rhost logtimecolumn=logtime
## i will just space these 2 lines out ##
account required /lib64/security/pam_mysql.so user=vsftpd passwd=foo host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=passwd crypt=0 sqllog=1 logtable=logs logmsgcolumn=msg logusercolumn=user logpidcolumn=pid loghostcolumn=host logrhostcolumn=rhost logtimecolumn=logtime

Note: For the crypt=x option, the following applies
-------
0 = No encryption. Passwords in database in plaintext. NOT recommended!
1 = Use crypt
2 = Use MySQL PASSWORD() function

[root@www ~]# grep -v \# /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
nopriv_user=vsftpd
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES
guest_username=vsftpd
local_root=/home/vsftpd/$USER
user_sub_token=$USER
virtual_use_local_privs=YES
chroot_local_user=YES

Then we need to create a 'vsftpd' system user. Our virtual ftp users will have home directories under /home/vsftpd. We also have to manually create the home directory for the virutal users as specificed by the "local_root" directive in the vsftpd.conf file.

[root@www ~]# useradd --home /home/vsftpd -m --shell /bin/false vsftpd
[root@www ~]# mkdir /home/vsftpd/test3
[root@www ~]# chown vsftpd:vsftpd /home/vsftpd/test3/

CREATE DATABASE AND TABLES IN MYSQL

> create database vsftpd;
> use vsftpd;
> create table users (id int AUTO_INCREMENT NOT NULL, name char(128) binary NOT NULL, passwd char(128) binary NOT NULL, primary key(id) );
> create table logs (msg varchar(255), user char(128), pid int, host char(128), rhost char(128), logtime timestamp );
> INSERT INTO users (name, passwd) VALUES ('test5', 'test5'); // for plain text, crypt=0 in /etc/pam.d/vsftpd
> insert into users (name, passwd) values ('eric@empulsegroup.com',password('tististis')); // when using MySQL PASSWORD() function or crypt=2 in the pam file

8Nov/100

Apache Redirect or Rewrite

You can quickly create a .htaccess file to have a domain forward to a different one.

Redirect 301 / http://www.theotherdomain.com

-OR-

RewriteEngine on
rewritecond %{http_host} ^mystuff.com [nc]
rewriterule ^(.*)$ http://www.theotherdomain.com/$1 [r=301,nc]

You can then use curl to see if the headers were updated.

[root@www ~]# curl -I www.mystuff.com
HTTP/1.1 301 Moved Permanently
Date: Mon, 08 Nov 2010 23:07:56 GMT
Server: Apache/2.2.3 (Red Hat)
Location: http://www.theotherdomain.com
Cache-Control: max-age=31536000
Expires: Tue, 08 Nov 2011 23:07:56 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Tagged as: , No Comments
7Nov/100

HP Array Configuration Utility CLI for Linux

So today at work I needed to place a stand-alone drive in a RAID 0. This was on an HP DL385 so I had the hpacucli RAID utility available.

[root@www ~]# hpacucli
=>  ctrl all show config
Smart Array P400 in Slot 1           (sn: P61620F9VV90K4)
array A (SAS, Unused Space: 0 MB)
logicaldrive 1 (68.3 GB, RAID 1, OK)
physicaldrive 2I:1:1 (port 2I:box 1:bay 1, SAS, 72 GB, OK)
physicaldrive 2I:1:2 (port 2I:box 1:bay 2, SAS, 72 GB, OK)
unassigned
physicaldrive 2I:1:4 (port 2I:box 1:bay 4, SAS, 72 GB, OK)

Smart Array P400 in Slot 1           (sn: P61620F9VV90K4)
array A (SAS, Unused Space: 0 MB)
logicaldrive 1 (68.3 GB, RAID 1, OK)
physicaldrive 2I:1:1 (port 2I:box 1:bay 1, SAS, 72 GB, OK)      physicaldrive 2I:1:2 (port 2I:box 1:bay 2, SAS, 72 GB, OK)

unassigned
physicaldrive 2I:1:4 (port 2I:box 1:bay 4, SAS, 72 GB, OK)

=>  ctrl slot=1 create type=ld drives=2I:1:4 raid=0

=> ctrl slot=1 ld all show status
logicaldrive 1 (68.3 GB, RAID 1): OK
logicaldrive 2 (68.3 GB, RAID 0): OK

http://www.datadisk.co.uk/html_docs/redhat/hpacucli.htm

Filed under: Linux No Comments
7Nov/100

Enabling PHP error reporting in Plesk

On a Linux server that is running the Plesk control panel, you can create a vhost.conf file in the domain's conf directory. Use something like the following.

<Directory /home/httpd/vhosts/domain.com/httpdocs>
php_admin_flag engine On
php_admin_flag  display_errors On
php_value error_reporting 2047
</Directory>

- OR -

<Directory /home/httpd/vhosts/domain.com/httpdocs>
php_admin_flag   engine on
php_admin_flag   display_errors    1
php_admin_value   error_reporting "E_ALL & ~E_NOTICE"
</Directory>

Don't forget to run websrvmng.

[root@www ~]# /usr/local/psa/admin/bin/websrvmng -u --vhost-name=domain.com
Filed under: Linux, Plesk No Comments
6Nov/100

Setting up Postfix with SMTP authentication, TLS support, Spam Assassin mail filter, and procmail

1. Set up Postfix with SMTP authentication,
2. TLS support,
3. Spam Assassin mail filter,
4. procmail to move spam messages at server

********************************************************

1. POSTFIX MAIL SERVER INSTALL WITH SMTP AUTH:

Cyrus-SASL is a software that provides different methods and mechanisms of authentication.

Needed Package(s):
postfix
cyrus-sasl
cyrus-sasl-plain

# /etc/init.d/saslauthd start
# /etc/init.d/postfix start
# chkconfig postfix on
# chkconfig saslauthd on

-Settings in /etc/postfix/main.cf:

inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, hash:/etc/postfix/mydomains
home_mailbox = Maildir/

myhostname = mail.domain.com // needed?
mydomain = domain.com // needed?

mynetworks = 127.0.0.0/8
#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail
mailbox_command = /usr/bin/procmail -a "$EXTENSION" // needed for procmail, can leave out for now

# SASL SUPPORT FOR CLIENTS
# The following options set parameters needed by Postfix to enable
# Cyrus-SASL support for authentication of mail clients.
#
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains, reject_unauth_destination

NOTE: I have both of the last 2 options in recipient_restrictions because the check_relay_domains will eventually be deprecated.

http://www.softpanorama.org/Mail/Postfix/smtpd_recipient_restrictions.shtml

Limiting SASL mechanisms:
-From file /usr/lib/sasl2/smtpd.conf:
pwcheck_method: saslauthd
mech_list: plain login

# locate smtpd.conf
/usr/lib64/sasl/smtpd.conf
/usr/lib64/sasl2/smtpd.conf

TESTING: You can test this with telnet by trying to relay a message from a remote host to an email address not on the server. You should not be able to relay mail from a remote host to an email address that is not on the server.

SOURCE:
http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html

======================================================================================

2. TLS Support in Postfix

-Settings in /etc/postfix/main.cf:

## TLS
# Transport Layer Security
#
smtpd_use_tls = yes
#smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/server_key.pem
smtpd_tls_cert_file = /etc/postfix/server_cert.pem
#smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

TESTING: Using telnet you should be able to use "starttls" after the "EHLO domain.com".

starttls
220 2.0.0 Ready to start TLS

SOURCE:
http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html

======================================================================================

3. SPAMASSASSIN INSTALL:

-Settings in /etc/postfix/master.cf:

smtp inet n - n - - smtpd -o content_filter=spamassassin

//at the end of the file add:
spamassassin
unix - n n - - pipe
user=nobody argv=/usr/bin/spamc -e /usr/sbin/sendmail.postfix -oi -f ${sender} ${recipient}

-Settings in /etc/mail/spamassassin/local.cf:
required_hits 5
report_safe 0
rewrite_header Subject [SPAM]
whitelist_from *@rackspace.com

TESTING: Send a spam message using the GTUBE.

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

SOURCE:
http://traxel.com/doc/spamassassin-setup.html
http://spamassassin.apache.org/gtube/

==========================================================

4. PROCMAIL INSTALL:

Here we will use procmail to send messages marked as spam to a folder on the server instead of at the users mail client.

Needed Package(s):
procmail

-Settings in /etc/postfix/main.cf:
mailbox_command = /usr/bin/procmail -a "$EXTENSION"

-Settings in /etc/procmailrc:
DEFAULT=$HOME/Maildir/
MAILDIR=$HOME/Maildir

-Settings in /home/eric/.procmailrc :
PROCMAILDIR=$HOME/.procmail
LOG=$PROCMAILDIR/pmlog
# VERBOSE=yes # turn this on for debugging
MAILDIR=$HOME/mail
INCLUDERC=$PROCMAILDIR/rc.spam
# INCLUDERC=$PROCMAILDIR/rc.morefilters
# If none of the filters match, it will go to your inbox

-Settings in /home/eric/.procmail/rc.spam:
:0:
* ^X-Spam-Level: \*\*\*\*\*
/home/eric/Maildir/.SPAM/new

[root@www ~]# crontab -l
0 0 * * * /usr/bin/sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com
0 0 * * 0 /usr/bin/sa-learn --spam /home/eric/Maildir/.SPAM/{cur,new}
0 0 * * 0 /usr/bin/sa-learn --no-sync --ham /home/eric/Maildir/{cur,new}
3 0 * * 0 find /home/eric/Maildir/.SPAM/cur/ -delete

TESTING: spam messages should now go to a directory called ".SPAM" in your Maildir.

SOURCE: http://traxel.com/doc/spamassassin-setup.html

=========================================================