Add new user and add it to sudo group
With 12.04 and later If the user already exists sudo usermod -aG sudo <username> To create the user adduser <username> –group sudoRead More →
Dovecot: (keywords_update_records): assertion failed: (data_offset >= sizeof(struct mail_index_record))
This means your index is corrupted, we need to rebuild it find /user/emailfolder -name ‘dovecot*’ -type f -delete”Read More →
Apache: AuthType configured with no corresponding authorization directives
This happens when we upgrade my Apache to 2.4.7 , it turns out that we haven’t got removed the old authentication configuration completely, we just remove the require valid user #AuthType Basic AuthName “My Login” AuthUserFile /var/www/.htpasswd #Require valid-user The fix is: we have to remove all authentication configuration lines #AuthType Basic #AuthName “My Login” #AuthUserFile /var/www/.htpasswd #Require valid-user Read More →
Secure Web/Mail/Database with certificate
Web/Mail/Database can use the same certificate to allow its client to connect to the server. Postfix: postconf -e smtpd_tls_cert_file=’/etc/pki/tls/certs/cert.pem’ postconf -e smtpd_tls_key_file=’/etc/pki/tls/private/privkey.pem’ postconf -e smtpd_tls_CAfile=’/etc/pki/tls/certs/fullchain.pem’ Dovecot (POP3/IMAP server) SSL certificate settings are defined in Dovecot main config file, /etc/dovecot/dovecot.conf (Linux/OpenBSD) or /usr/local/etc/dovecot/dovecot.conf (FreeBSD): ssl = required ssl_cert = </etc/pki/tls/certs/cert.pem ssl_key = </etc/pki/tls/private/privkey.pem ssl_ca = </etc/pki/tls/certs/fullchain.pem Restarting Dovecot service is required. Apache (web server) On RHEL/CentOS, SSL certificate is defined in /etc/httpd/conf.d/ssl.conf. On Debian/Ubuntu, it’s defined in /etc/apache2/sites-available/default-ssl (or default-ssl.conf) On FreeBSD, it’s defined in /usr/local/etc/apache24/extra/httpd-ssl.conf. Note: if you’re running different version of Apache, the path will be slightly different (apache24 will be apache[_version_]). On OpenBSD, if you’re running OpenBSD 5.5 or earlier releases, it’s definedRead More →
Ubuntu: cp copy overwrite without prompting
when you run: cp -rf /source/* /destination , it always ask you to confirm the overwrite action. Root cause: it’s probably the cp has been alias as cp -i Fix: /bin/cp -rf /source/* /destination or yes | cp -rf /source/* /destination Read More →
Python: Realtime web print out
There are some situation when we run a time-consuming process, we need to see the output of that command to see its progress. Normally, we would have to wait until the process ends , then we can see the output. The reason for this is because web or standard output normally buffer some contents, it will wait for enough data to print out to the client. To fix this issue, we tell our server/script not buffering anything, print out immediately when it can. Here are some steps that i did in Python. Step1: Tell the server not buffering anything, don’t use gzip ( if weRead More →
Can’t Use apt i.e. /boot is 100% full
NOTE: this is only if you can’t use apt to clean up due to a 100% full /boot 1. Get the list of kernel images Get the list of kernel images and determine what you can do without. This command will show installed kernels except the currently running one $ sudo dpkg –list ‘linux-image*’|awk ‘{ if ($1==”ii”) print $2}’|grep -v `uname -r` You will get the list of images somethign like below: linux-image-3.19.0-25-generic linux-image-3.19.0-56-generic linux-image-3.19.0-58-generic linux-image-3.19.0-59-generic linux-image-3.19.0-61-generic linux-image-3.19.0-65-generic linux-image-extra-3.19.0-25-generic linux-image-extra-3.19.0-56-generic linux-image-extra-3.19.0-58-generic linux-image-extra-3.19.0-59-generic linux-image-extra-3.19.0-61-generic 2. Prepare Delete Craft a command to delete all files in /boot for kernels that don’t matter to you using brace expansionRead More →
Dovecot – Iredmail SSL installation
First of all, we need to order a certificate , this certificate is the same with normal web server certificate. The certificate will have 3 files: cert, key, cabundle. We use CentOS for example in below tutorial, please adjust the file to correct one on your server according to above description. Postfix (SMTP server) We can use postconf command to update SSL related settings directly: postconf -e smtpd_tls_cert_file=’/etc/pki/tls/certs/cert.pem’ postconf -e smtpd_tls_key_file=’/etc/pki/tls/private/privkey.pem’ postconf -e smtpd_tls_CAfile=’/etc/pki/tls/certs/fullchain.pem’ Restarting Postfix service is required. Dovecot (POP3/IMAP server) SSL certificate settings are defined in Dovecot main config file, /etc/dovecot/dovecot.conf (Linux/OpenBSD) or /usr/local/etc/dovecot/dovecot.conf (FreeBSD): ssl = required ssl_cert = </etc/pki/tls/certs/cert.pem ssl_key = </etc/pki/tls/private/privkey.pem ssl_ca = </etc/pki/tls/certs/fullchain.pem Restarting DovecotRead More →
Kill all close wait process
We have seen many cases where the client didn’t close the connection correctly, the process is stuck at CLOSE_WAIT status, i never clear the database connection. We have this script to kill all close_wait connection. <? //Some apache process are in close_wait //replace apache2 with other stuff (httpd..) $cmd=”netstat -ntp | grep CLOSE_WAIT | grep apache2″; $process_array=array(“httpd”,”apache2″); $hostname=trim(shell_exec(“hostname -s”)); if($hostname==’ubuntu’) $cmd=”netstat -ntp “; debug(“Running $cmd”); $netstat=shell_exec($cmd); $file_log=”/tmp/kill_close_wait.txt”; $arr=explode(“\n”,$netstat); //print_r($arr); $test=false;//if we are debugging- if we are debug – it will not killl $log=false; foreach($arr as $line) { $line=preg_replace(‘/\s{2,}/’,’ ‘, $line); $arr2=explode(‘ ‘,$line); if(isset($arr2[6]) && $arr2[6]<>’-‘) { //print_r($arr3); $arr3=explode(‘/’,$arr2[6]); $process_id=$arr3[0]; if($process_id==0) continue; $process_name=$arr3[1]; if(!in_array($process_name,$process_array)) continue; debug(“Found:Read More →