sudo tail -f /var/log/mail.log

I find it interesting sometimes to watch spam and viruses get processed by the server.

Now if you want to save this output to a file other than the default mail.log you can direct the stdout to a file using >>:

sudo tail -f /var/log/mail.log >> ~/mail_bak.log

If you want to view the tail, while you are also saving it to a backup log file, use:

sudo tail -f /var/log/mail.log | tee ~/mail_bak.log

Two options, I use them both on occasion.

1) Create a new folder and move the contents.

cp -r /home/user/backup/* /home/user/backup2

Then check that the files have been successfully copied to the new directory. Then delete the original backup directory.

rm -r /home/user/backup

Then create a symbolic link to the backup directory.

ln -s /home/user/backup2 /home/user/backup

Now when you navigate to /home/user/backup you wont be able to tell the difference except that you have now alot of space on the /dev/hda1 partition.

Your partitions may be mounted to different locations, just apply the above example to your particular configuration.

I want to take the graphics card out of the server; its a nice Nvidia card; in the end I will not being doing what I want because I cannot leave the server completely without local video capabilities. I will be relying on the motherboard integrated Intel video chipset on the PXE enabled computer. It will server its purpose. I will be taking the 1080p capable monitor from the server, to use on the client; this I can get away with. Its a nice system and a pleasure to manage.

Gateway ports does not work with forward and reverse tunnels on Ubuntu 8.04, the long term support branch. The openssh version included in the repositories does not allow reverse tunnels, and forward tunnels combined, with the -G (gatewayports) option enabled. Forward tunnels do work with the gateway ports feature. Theoretically the option does try and work, but when you operate ssh using -VV you will see that during the connection process the reverse tunnel fails to create.

I think this is an old bug that may have been addressed. I do see posts about successes, therefore I’m inclined to think that new versions of openssh have addressed the bug.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=228064

Instead of installing a newer version of ssh I just implemented an alternative for hosts at the client location. I wanted to use a single computer as a gateway to ports located on a remote server. It would have been nice to consolidate all communications to a single ssh connection.

I ended up using http://haanstra.eu/putty/. Each workstation, at the client location, will establish a direct ssh connection bypassing the gateway ports feature. There will be many ssh connections, but this is all behind the scenes stuff that the employees will never see, and it will provided the needed functionality.

sudo apt-get install libapache2-mod-security

Then enable the module:

sudo a2enmod security

By default there is a configuration file installed. The default configuration will provide you a basic starting point for the various security options available by the module. Please refer to the document for more information about what can be done. This blog shows how to use mod security to hit realtime blackhole lists to block nasty offenders of various natures.

http://www.inliniac.net/blog/2007/02/23/blocking-comment-spam-using-modsecurity-and-realtime-blacklists.html

http://www.projecthoneypot.org

Register yourself. Then click “install new honey pot”. Place it in a directory on your domain. Traverse to the directory in a browser. Select the button that completes the setup, and the continue following the instructions provided to you. When you add links to your website I recommend adding the nofollow rel tag. Albeit use of this tag is widely debated, I don’t think it can hurt. You will get statistics on your projecthoneypot.com homepage with the incident of email harvesters coming to your domain.

Set one up. Participate. If your domain receives any spam your website is most likely being visited by email harvesters.

Also turn off several other parementers.

allow_url_fopen

allow_url_include

display_errors

register_globals

safe_mode

Also turn off the Magic Quotes options in php.ini. In /etc/apache2/apache2.conf turn off the signature option. Search for “ServerSignature”. There is an apache modules that should be iplemented; mod security; I’ll save it for the next post.

Image via Wikipedia

After rewiring my entire house the ultimate way to isolate the problem is to put the cable modem directly on the main line. Replace all splitters, and ask the cable company to drop a new main line, and you can feel confident that the problem is no longer in your house. I rewired my entire house, replaced all splitter, then called the cable company. They replaced the splitter outside, and then dropped a new main line. The problem is no longer in my house. My router is loosing its external ip address. So far the cable company said they will compensate us for one months service, if this continues more compensation is warranted.

Every time the internet goes down, this website, my other websites, and all of my email services go offline. I rely on this website to get me through the day when I am at work. What is a day of work when you can blog about things

<Directory /var/www/*>
Options +Includes
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</Directory>

Make .shtml the extension of the files you are including. I think you can make it anything, I just used “.html”.

Then enable the module:

sudo a2enmod include

Reload apache2:

sudo /etc/init.d/apache2 restart

Then include external html files using:

<!-- #include virtual="/mrtg/file1.html" -->

/etc/default/clamav-milter

At the top is the options line. Add to the line:

--quiet

No more messages and you don’t need to filter the messages into the spam folder, which is a separate feat that I could not achieve. Which is why I went this route.

Related articles by Zemanta

• Scan your Linux machine for viruses with ClamTk (ghacks.net)

sudo a2ensite xxxxx.com

VirtualHost containers are easy to format, and can point to any directory. An example virtualhost container is:

<VirtualHost *>
DocumentRoot /www/example1
ServerName www.example1.com
</VirtualHost>

# Other directives here

I tend to place the document roots in my main users home directory. Then chmod the entire document root with owner and group as your username, and then chmod it 775. A permission of 775 will give the owner and group write permissions. Then add www-data, the user running apache2, to your group:

sudo adduser www-data username

Now www-data can write to the document root, which comes in handy for many php solution including blogging software.

Modules are also managed using the a2 command. Use a2enmod/a2dismod respectively. Although with some modules like php5, when you install it the module is loaded automatically:

sudo apt-get install libapache2-mod-php5


Apache2 changed how the configuration files are coordinated. It is much more neater than containing everything in the httpd.conf file. Now there is the ports.conf file, and the sites-available/mod-available, and sites-enabled/mods-enabled directories. Essentially no real modification is required in the new apache2.conf file. The default listening port is configured in /etc/apache2/ports.conf.

Related articles by Zemanta

• How to Add Virtual Hostnames in Apache (helpdeskgeek.com)
• How To Set Up Apache2 With mod_fcgid And PHP5 On OpenSUSE 11.2 (howtoforge.com)

http://www.bgevolution.com/blog/vnc-compression-quality-the-works/

You’d be surprised at what you can get accomplished on slow internet connections using the tips above.

Related articles by Zemanta

• Keep SSH Sessions Active, Or Reconnect? (ask.slashdot.org)

sudo apt-get install ltsp-server-standalone

This installs the works. Then configured dhcp.

sudo nano /etc/ltsp/dhcpd.conf

Config the subnet to the same that you are using on your router. Clearly if your routers local ip is 192.168.0.1 your subnet would be 192.168.0.0. Then set a range. Make sure you turn off the dhcp servers in any and all routers connected to the network. You need the dhcp server on the machine to be the sole and only. Set the “next-server” option to the came local ip address of the server. Then set the rest of the options; domain, default gateway, dns…. Then reboot the server:

sudo /etc/init.d/dhcp3-server restart

Build the clients:

sudo ltsp-build-client

Thats really all there is to it. I’ve found that problems do arise, and instead of trying to fix them just purge all the installed applications and start over.

sudo apt-get remove --purge ltsp-server-standalone ltsp-server xinetd

One time I was stuck because there were two tftp inet servers, openbsd-inetd and inetd-hpa. They were conflicting. Then purge the autoremove function:

sudo apt-get --purge autoremove

Then start over installing ltsp-server-standalone. You can test your ltsp server using VirtualBox. Just like a real machine set the boot sequence to network as the first option. Now hook up a fancy monitor that can support 1920×1080 to the relatively low powered machine in the other room, and remotely manage your server from a pseudo local desktop environment.

The core of Linux is designed to mail, at minimum, the root user of various system alerts. With sendmail installed these alerts are mailed to the respective user directory. If you have an external mail server you can configure your local user mail to be forwarded to any email address. The easiest method is to place a .forward file in the users home directory. First create the file:

touch .forward

Then edit it:

nano .forward

Then add your email address to the file. All mails set to that particular user will now be forwarded to the added email address. People will say that you need to add the forwards directly to the aliases file in /etc/mail, but this is not necessary. It does work, and can be argued to be more “neat”, but .forward works just as well. Place a .forward file in each users directory. I use this on severs that I remotely manage. All system messages arre automatically forwarded to my incoming email server. There is no configuration needed for sendmail to work in this fashion. Just install it and system messages go to users, and then get forwarded as prescribed by .forward. Its secure against incoming messages unless port 25 has been forwarded to the local ip of the machine, from the router. And by default sendmail does not relay mail from external sources. Technically is will only send mail from the localhost, and even if there are other machines in your domain they cannot use sendmail without enabling a relay for them in the access file (/etc/mail/access).

>/dev/null 2>&1

Without the above line the email will be delivered to the mailbox. You can send the mail anywhere. I prefer setting up aliases in /etc/mail/aliases. This associated a particular user with possibly the email address of another domain. You can also put a MAILTO directive directly at the top of a particular users crontab:

MAILTO=" "

Note that sendmail will send outbound mail without any configurations necessary. Just install it:

sudo apt-get install sendmail

Test sendmail with:

mail -v user@domain.com

Write a subject, press enter, add something meaningless to the body, press control-d, then press enter on CC. Accepting mail is another story. To accecpt mail you need to open port 25, and make sure the external ip address is routing it to the local ip machine running sendmail. Then you have to configure sendmail to listen and accecpt email coming from this port. Then you need another application to retreive the mail from the users inbox. I prefer Dovecot. For more information on Dovecot please refer to:

http://www.bgevolution.com/blog/dovecot-ubuntu-server/

There is a buzz that installing the Linux based Nvidia accelerated graphics driver is complicated. I consider it rather straight forward. First install build-essential, and the headers for your kernel. Those may appear to be some bigs words in the previous sentence, but it is really one line in a terminal window. Build essential installs GCC and its dependencies:

sudo apt-get install build-essential linux-headers-$(uname -r)

Now download the latest and greatest Nvidia driver. Choose the correct build type for your architecture. Conveniently save the file to your desktop and rename it to nvidia.run. The change your tty to another. To change to tty2 press control-alt f2.

Shut down gdm, which will stop X11:

sudo /etc/init.d/gdm stop

Or if you are using the new process manager in Ubuntu 9.10 you can use also:

sudo service gdm stop

Then execute the Nvidia installation script. Login to the command prompt and navigate to the desktop:

cd Desktop
sudo sh nvidia.run

Basically answer yes to everything, let the driver compile, and then when it asks you to configure the xorg.conf file, let it. Nowadays the Nvidia driver basically works out of the box. In the past, with Ubuntu in particular, you had to comment out the included driver in Ubuntu’s modules package, otherwise the custom compiled driver would not load on startup. The open source driver used to be commented out in /etc/default/linux-restricted-modules-common (comment NV); note that this is not needed any more except in Hardy (8.04).

Then start your gdm session, which will take you back to the login window, or your desktop depending on your startup settings:

sudo /etc/init.d/gdm start

First change the port you are using. Do not use port 22 on servers that have internet connectivity. This is the first port that will be checked by countless robots searching the internet for vulnerabilities. Change the port to whatever, and then use the -p option in your ssh login attemt. Then make sure root login is disabled, remove the pound symbol from the front of the option line. If you can you should definitely allow rsa key login. Once you get your encryption key setup disable password login by setting the respective line to “no”.  If you cannot enable keyed logins for any reason what soever, you should enabled ip based restrictions either by iptables or by tcp wrappers. Iptables is configured with the iptables command, and the tcp wrappers are configured in /etc/hosts.allow. You can reduce the time limit for password login, but sometimes this causes problems with remote users connecting; sometimes it takes a couple of extra seconds for people to login. Make the time limit around 30 seconds. If people are still having trouble connecting check the /var/log/auth.log file for more information about the failed login attempt. Maybe the password is too complicated? Before reducing the complexity of the password implement fail2ban, which will automatically block ip addresses based on failed login attempts, therefore you can reduce the complexity of the password without substantially reducing system security.

Your auth.log file is the first step in determining of an intrusion is being attempted, or has occured. It logs all ssh connection attempts, cron jobs, and su calls. If an ssh brute force attach is occurring you will see countless failed ssh login attempts. Most likely various usernames will be attempted. You should immediately stop the ssh server and implement some security countermeasures. Implement various rules in your hosts.allow and hosts.deny files any if you want implement some iptables rules. Host.allow and deny should be enough; the files control tcp connections to your running system daemons. Iptables will block ip numbers just at the connection attempt is made to the computer so for ultimate security implemente iptables and various host rules.

After locking down your servers you will see brute force attacks stop, and your auth.log file will be mainly filled with cron jobs and su commands by users and daemons. The cron jobs are automated process run by various applications, and are mostly run as root. Mail servers, and other tasks are typically managed by cron jobs. You can check user specific cron jobs using the crontab command. Use option -e to edit a users jobs.