If your internal network is protected with a proxy server and firewall use the following settings to use yum
1. Open a shell
2. export http_proxy=http://proxyhost:port number
Eg: http_proxy=http://192.168.0.229:3128
3. yum list
Enjoyyyy
Sunday, September 19, 2010
Saturday, September 18, 2010
OPENVZ COMMANDS
OpenVZ is an Operating System-level server virtualization solution, built on Linux. OpenVZ creates isolated, secure virtual environments.
FILES
/etc/vz/vz.conf
/etc/vz/conf/veid.conf
/proc/vz/veinfo
/proc/vz/vzquota
/proc/user_beancounters
/proc/fairsched
Log file /var/log/vzctl.log
vzctl Commands
Usage: vzctl [options] [parameters]
Help : vzctl --help
1. stop a VE (start/stop/restart) -
#vzctl stop VEID
2. to stop a VE in fast mode -
#vzctl stop VEID --fast
3. to see all the VE's -
#vzlist -a
4. to enter a VE -
#vzctl enter VEID
5. to see the uptime of a VE - run this from the node -
#vzctl exec VEID uptime
6. to see all the running process in a VE from the node -
#vzctl exec VEID ps aux
7. list the load of each VE -
#for vps in `vzlist -1`; do echo "$vps: `vzctl exec2 $vps uptime`"; done
8. when you think it is a RAM issue (Out Of Memory)-
#less /var/log/messages|grep OOM|grep VEID|wc -l
9. Reinstall a VE - all data will be lost and a fresh install will be there -
#vzctl reinstall VEID
10. number of running VE's in the node -
#vzlist|grep running|wc -l
11. To find the status of a VC:
#vzctl status VEID
12. You can execute commands inside a VC from the node itself
#vzctl exec VEID COMMAND
13. Check inodevalue
#df -i
14. Set inodevalue
#vzctl set VEID --diskinodes 2000000:2000000 --save
15. Check numiptent value
#egrep numiptent /proc/user_beancounters
numiptent 336 336 2147483647 2147483647 0
16. Set numiptent value
#vzctl set VEID --numiptent 2000000:2000000 --save
17. To permanently remove this VE:
#vzctl destroy VE_ID
Configuration Commands
1) vzctl set VEID –-hostname vps.domain.com -–save : To set the Hostname of a VPS.
2) vzctl set VEID –-ipadd 1.2.3.4 –-save : To add a new IP to the hosting VPS.
3) vzctl set VEID –-ipdel 1.2.3.4 –-save : To delete the IP from VPS.
4) vzctl set VEID –-userpasswd root:new_password -–save : To reset root password of a VPS.
5) vzctl set VEID -–nameserver 1.2.3.4 -–save : To add the nameserver IP’s to the VPS.
6) vzctl exec VEID command : To run any command on a VPS from Node.
7) vzyum VEID install package_name : To install any package/Software on a VPS from Node.
FILES
/etc/vz/vz.conf
/etc/vz/conf/veid.conf
/proc/vz/veinfo
/proc/vz/vzquota
/proc/user_beancounters
/proc/fairsched
Log file /var/log/vzctl.log
vzctl Commands
Usage: vzctl [options]
Help : vzctl --help
1. stop a VE (start/stop/restart) -
#vzctl stop VEID
2. to stop a VE in fast mode -
#vzctl stop VEID --fast
3. to see all the VE's -
#vzlist -a
4. to enter a VE -
#vzctl enter VEID
5. to see the uptime of a VE - run this from the node -
#vzctl exec VEID uptime
6. to see all the running process in a VE from the node -
#vzctl exec VEID ps aux
7. list the load of each VE -
#for vps in `vzlist -1`; do echo "$vps: `vzctl exec2 $vps uptime`"; done
8. when you think it is a RAM issue (Out Of Memory)-
#less /var/log/messages|grep OOM|grep VEID|wc -l
9. Reinstall a VE - all data will be lost and a fresh install will be there -
#vzctl reinstall VEID
10. number of running VE's in the node -
#vzlist|grep running|wc -l
11. To find the status of a VC:
#vzctl status VEID
12. You can execute commands inside a VC from the node itself
#vzctl exec VEID COMMAND
13. Check inodevalue
#df -i
14. Set inodevalue
#vzctl set VEID --diskinodes 2000000:2000000 --save
15. Check numiptent value
#egrep numiptent /proc/user_beancounters
numiptent 336 336 2147483647 2147483647 0
16. Set numiptent value
#vzctl set VEID --numiptent 2000000:2000000 --save
17. To permanently remove this VE:
#vzctl destroy VE_ID
Configuration Commands
1) vzctl set VEID –-hostname vps.domain.com -–save : To set the Hostname of a VPS.
2) vzctl set VEID –-ipadd 1.2.3.4 –-save : To add a new IP to the hosting VPS.
3) vzctl set VEID –-ipdel 1.2.3.4 –-save : To delete the IP from VPS.
4) vzctl set VEID –-userpasswd root:new_password -–save : To reset root password of a VPS.
5) vzctl set VEID -–nameserver 1.2.3.4 -–save : To add the nameserver IP’s to the VPS.
6) vzctl exec VEID command : To run any command on a VPS from Node.
7) vzyum VEID install package_name : To install any package/Software on a VPS from Node.
PERMENETLY MOUNTING THE REMOTE WINDOWS SHARE USING /etc/fstab
To permanently mount the Windows share to Linux enter the following entry to the /etc/fstab and run
//192.168.1.21/D /mnt cifs defaults,credentials=/root/samba_credentials 0 0
:wq
# mount -a
//192.168.1.21/D /mnt cifs defaults,credentials=/root/samba_credentials 0 0
:wq
# mount -a
PRIVATE READ WRITE SHARE
Private write share.
Create a share like below in /etc/samba/smb.conf
security = share
[privatewrite]
path = /private
writable = yes
create mask = 0765
valid users = vasanth
# smbpasswd -a vasanth
# smbpasswd -e vasanth
Create a share like below in /etc/samba/smb.conf
security = share
[privatewrite]
path = /private
writable = yes
create mask = 0765
valid users = vasanth
# smbpasswd -a vasanth
# smbpasswd -e vasanth
MAPPING LINUX FOLDER TO WINDOWS
MAPPING LINUX FOLDER TO WINDOWS
In winbox open cmd
Type trhe following command
> net use * \192.168.1.12\privatewrite /user:vasanth
It will prompt for password. Give it the remote Linux folder is mapper to my computer as drive Z: in windox
> net use // this command will display the current connections to the our windows server
To disconnect the drive
right click >> disconnect
or
> net use z: /delete
In winbox open cmd
Type trhe following command
> net use * \192.168.1.12\privatewrite /user:vasanth
It will prompt for password. Give it the remote Linux folder is mapper to my computer as drive Z: in windox
> net use // this command will display the current connections to the our windows server
To disconnect the drive
right click >> disconnect
or
> net use z: /delete
TO MAKE A HIDDEN SHARE IN WINDOWS
Enter the share in smb.conf
[privatewrite]
path = /private
writable = yes
create mask = 0765
valid users = vasanth
browseable = no
//this line cause the share to became invisible.
The above entry in the smb.conf make the share hidden but . It is still accessible using unc path.
On windows network places address bar please type
\\192.168.1.12\privatewrite
# smbclient -L server1
[privatewrite]
path = /private
writable = yes
create mask = 0765
valid users = vasanth
browseable = no
//this line cause the share to became invisible.
The above entry in the smb.conf make the share hidden but . It is still accessible using unc path.
On windows network places address bar please type
\\192.168.1.12\privatewrite
# smbclient -L server1
TO FIND OUT THE STATUS OF A FILE IN LINUX
# stat smb.conf
OUTPUT:
File: `smb.conf'
Size: 10041 Blocks: 24 IO Block: 4096 regular file
Device: 803h/2051d Inode: 1901530 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2010-06-17 07:12:01.000000000 +0530
Modify: 2010-06-17 07:09:52.000000000 +0530
Change: 2010-06-17 07:09:52.000000000 +0530
OUTPUT:
File: `smb.conf'
Size: 10041 Blocks: 24 IO Block: 4096 regular file
Device: 803h/2051d Inode: 1901530 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2010-06-17 07:12:01.000000000 +0530
Modify: 2010-06-17 07:09:52.000000000 +0530
Change: 2010-06-17 07:09:52.000000000 +0530
STEPS TO SHARE PRINTER FROM LINUX TO WINDOWS.
STEPS TO SHARE PRINTER FROM LINUX TO WINDOWS.
1.connect the printer and share it properly for all the hosts.
2.Restart smb daemon.
3.Samba reads the /etc/printcap file.
4.Search the printer from windows. You will surely get the printer there.
The section that is responsible for sharing printers in smb.conf is as follows.
load printers = yes
// Load the printer from cups.
cups options = raw
// This option assume that the windows system has a driver that has been shared by the samba and spool the jobs through the samba.
; printcap name = /etc/printcap
printing = cups
NOTE: The driver for the shared printer should be in stalled in the windows host.
1.connect the printer and share it properly for all the hosts.
2.Restart smb daemon.
3.Samba reads the /etc/printcap file.
4.Search the printer from windows. You will surely get the printer there.
The section that is responsible for sharing printers in smb.conf is as follows.
load printers = yes
// Load the printer from cups.
cups options = raw
// This option assume that the windows system has a driver that has been shared by the samba and spool the jobs through the samba.
; printcap name = /etc/printcap
printing = cups
NOTE: The driver for the shared printer should be in stalled in the windows host.
INSTALLING NEW KERNEL FROM THE SOURCE
Download the latest kernel from http:www.kernel.org
wget -c http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.33.tar.gz
# tar xvzf linux-2.6.33.tar.gz
# cd linux-2.6.33
# cp /boot/config-`uname -r` .config
# make menuconfig
# make bzImage
# make modules
# make modules_install
# make install
wget -c http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.33.tar.gz
# tar xvzf linux-2.6.33.tar.gz
# cd linux-2.6.33
# cp /boot/config-`uname -r` .config
# make menuconfig
# make bzImage
# make modules
# make modules_install
# make install
Friday, September 17, 2010
IPTABLES SCRIPT THAT CAN BE USED IN GATEWAYS
LAN="eth1"
INTERNET="eth0"
IPTABLES="/sbin/iptables"
/sbin/modprobe ip_conntrack_ftp
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT
# $IPTABLES -A FORWARD -i eth1 -s 192.168.0.0/24 -p tcp --destination-port 80 -j DROP
$IPTABLES -A FORWARD -i eth1 -s 192.168.0.0/24 -j ACCEPT
$IPTABLES -A FORWARD -o eth1 -d 192.168.0.0/24 -j ACCEPT
# Previously initiated and accepted exchanges bypass rule checking
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#Blocking direct internet access
$IPTABLES -A INPUT -i $INTERNET -p tcp --destination-port 80 -m state --state NEW -j DROP
# Allow incoming port 22 (ssh) connections on LAN interface
$IPTABLES -A INPUT -i $LAN -p tcp --destination-port 22 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o $LAN -p tcp --destination-port 22 -m state --state NEW -j ACCEPT
# Allow ssh from LAN to INTERNET interface
$IPTABLES -A INPUT -i $INTERNET -p tcp --destination-port 22 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 22 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i $INTERNET -p tcp --destination-port 22 -m state --state NEW -j ACCEPT
# Allow FTP connections FROM LAN to INTERNET
$IPTABLES -A INPUT -i $LAN -p tcp --destination-port 21 -m state --state NEW -j ACCEPT
-- INSERT --
#$IPTABLES -A INPUT -i $INTERNET -p tcp --destination-port 20 -m state --state NEW -j ACCEPT
#$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 21 -m state --state NEW -j ACCEPT
#$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 20 -m state --state NEW -j ACCEPT
# Allow incoming port 3128 (squid) connections on LAN interface
$IPTABLES -A INPUT -i $LAN -p tcp --destination-port 3128 -m state --state NEW -j ACCEPT
# Allow ICMP ECHO REQUESTS on LAN interface
$IPTABLES -A INPUT -i $LAN -p icmp --icmp-type echo-request -j ACCEPT
# Allow DNS resolution
$IPTABLES -A OUTPUT -o $INTERNET -p udp --destination-port 53 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 53 -m state --state NEW -j ACCEPT
# Allow Squid to proxy ftp, http, https, and AIM traffic
$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 21 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 80 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 443 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 5190 -m state --state NEW -j ACCEPT
# Create a LOGDROP chain to log and drop packets
$IPTABLES -N LOGDROP
$IPTABLES -A LOGDROP -j LOG
$IPTABLES -A LOGDROP -j DROP
# Drop all other traffic
$IPTABLES -A INPUT -j LOGDROP
INTERNET="eth0"
IPTABLES="/sbin/iptables"
/sbin/modprobe ip_conntrack_ftp
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT
# $IPTABLES -A FORWARD -i eth1 -s 192.168.0.0/24 -p tcp --destination-port 80 -j DROP
$IPTABLES -A FORWARD -i eth1 -s 192.168.0.0/24 -j ACCEPT
$IPTABLES -A FORWARD -o eth1 -d 192.168.0.0/24 -j ACCEPT
# Previously initiated and accepted exchanges bypass rule checking
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#Blocking direct internet access
$IPTABLES -A INPUT -i $INTERNET -p tcp --destination-port 80 -m state --state NEW -j DROP
# Allow incoming port 22 (ssh) connections on LAN interface
$IPTABLES -A INPUT -i $LAN -p tcp --destination-port 22 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o $LAN -p tcp --destination-port 22 -m state --state NEW -j ACCEPT
# Allow ssh from LAN to INTERNET interface
$IPTABLES -A INPUT -i $INTERNET -p tcp --destination-port 22 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 22 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i $INTERNET -p tcp --destination-port 22 -m state --state NEW -j ACCEPT
# Allow FTP connections FROM LAN to INTERNET
$IPTABLES -A INPUT -i $LAN -p tcp --destination-port 21 -m state --state NEW -j ACCEPT
-- INSERT --
#$IPTABLES -A INPUT -i $INTERNET -p tcp --destination-port 20 -m state --state NEW -j ACCEPT
#$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 21 -m state --state NEW -j ACCEPT
#$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 20 -m state --state NEW -j ACCEPT
# Allow incoming port 3128 (squid) connections on LAN interface
$IPTABLES -A INPUT -i $LAN -p tcp --destination-port 3128 -m state --state NEW -j ACCEPT
# Allow ICMP ECHO REQUESTS on LAN interface
$IPTABLES -A INPUT -i $LAN -p icmp --icmp-type echo-request -j ACCEPT
# Allow DNS resolution
$IPTABLES -A OUTPUT -o $INTERNET -p udp --destination-port 53 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 53 -m state --state NEW -j ACCEPT
# Allow Squid to proxy ftp, http, https, and AIM traffic
$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 21 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 80 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 443 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 5190 -m state --state NEW -j ACCEPT
# Create a LOGDROP chain to log and drop packets
$IPTABLES -N LOGDROP
$IPTABLES -A LOGDROP -j LOG
$IPTABLES -A LOGDROP -j DROP
# Drop all other traffic
$IPTABLES -A INPUT -j LOGDROP
Webcam under Linux
1. Plug your webcam to USB port
2. Check whether the Webcam detected or not. Please do the following steps
# ls -l /dev/video0
crw------- 1 root root 81, 0 Sep 18 12:01 /dev/video0
If the output like above your webcam is detected in Linux.
3 . Install luvcview
Get the latest source from the following URL.
http://mxhaard.free.fr/spca50x/Investigation/uvc/
# tar xvzf luvcview-20060207.tar.gz
# cd luvcview-20060207
# make
# make install
4. After the above steps run the following command
# luvcview -f yuv
Now you can view your face in your Desktop.
Enjoyyyy
Vasanth.T.M
Systems Administrator(Linux)
Ph:+919496824351
2. Check whether the Webcam detected or not. Please do the following steps
# ls -l /dev/video0
crw------- 1 root root 81, 0 Sep 18 12:01 /dev/video0
If the output like above your webcam is detected in Linux.
3 . Install luvcview
Get the latest source from the following URL.
http://mxhaard.free.fr/spca50x/Investigation/uvc/
# tar xvzf luvcview-20060207.tar.gz
# cd luvcview-20060207
# make
# make install
4. After the above steps run the following command
# luvcview -f yuv
Now you can view your face in your Desktop.
Enjoyyyy
Vasanth.T.M
Systems Administrator(Linux)
Ph:+919496824351
Wednesday, September 15, 2010
SQUID monitoring
tail -f /var/log/squid/access.log | awk '{print$3 " " $8 " " $7}' // Use this script to monitor the We usage in ur home network
Thursday, August 26, 2010
Cpanel Error
If You are experiencing the following error
pcfg_openfile: unable to check htaccess file, ensure it is readable
Do the following
Login to Cpanel
go Frontpage Extensions
Reinstall it
Reload the Url
Now it will be Okay.
pcfg_openfile: unable to check htaccess file, ensure it is readable
Do the following
Login to Cpanel
go Frontpage Extensions
Reinstall it
Reload the Url
Now it will be Okay.
Find Usefull Commands
# find /path/to/base/dir -type f -exec chmod 755 {} \;
# find public_html/ -type f -exec chmod 644 {} \;
# find public_html/ -type f -exec chmod 644 {} \;
Find Usefull Commands
# find /path/to/base/dir -type f -exec chmod 755 {} \;
# find public_html/ -type f -exec chmod 644 {} \;
# find public_html/ -type f -exec chmod 644 {} \;
Monday, August 9, 2010
What is SSL and what are Certificates?
The Secure Socket Layer protocol was created by Netscape to ensure secure transactions between web servers and browsers. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions. This is in short how it works.
1.
A browser requests a secure page (usually https://).
2.
The web server sends its public key with its certificate.
3.
The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid and that the certificate is related to the site contacted.
4.
The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data.
5.
The web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and http data.
6.
The web server sends back the requested html document and http data encrypted with the symmetric key.
7.
The browser decrypts the http data and html document using the symmetric key and displays the information.
Several concepts have to be understood here.
1.
A browser requests a secure page (usually https://).
2.
The web server sends its public key with its certificate.
3.
The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid and that the certificate is related to the site contacted.
4.
The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data.
5.
The web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and http data.
6.
The web server sends back the requested html document and http data encrypted with the symmetric key.
7.
The browser decrypts the http data and html document using the symmetric key and displays the information.
Several concepts have to be understood here.
Sunday, August 1, 2010
COURIER INSTALLATION
COURIER_MTA INSTALLATION
1.Download the courier authentication library
URL://http://www.courier-mta.org/authlib/
# rpm -qa | grep libtool
# rpm -qa | grep binutil
# rpm -qa | grep expect
# su – vasanth
# tar xvjf courier-authlib-0.63.0.tar.bz2
# cd courier-authlib-0.63.0
# ./configure
# make
# make install
# cd /usr/local/etc/authlib
# /usr/local/sbin/authdaemond start
# ps -ax | grep auth
# cd /etc/init.d
# ln -s /usr/local/sbin/authdaemond
# ln -s /etc/init.d/authdaemond /etc/rc5.d/S20authdaemond
INSATALLING Courier-IMAP
At first check the mailbox format by checking
# cat /var/qmail/control/defaultdelivery
Note: Compile courier as non root user
# tar xvjf courier-imap-4.7.0.tar.bz2
# cd courier-imap-4.7.0
# su root
#make install (must be root)
# make install-configure(must be root )
# cd /usr/lib/courier-imap/ ( Every thing related to courier will be installed inside this directory)
1.bin >>> Contain the binary file related to the courier
2. etc >>> Contain the configuaration files
3. libexec >>> Contain the startup scripts
4. libexec >>> courier tcpd is the tcp super server like xinetd and inetd
5. man >>> Mnaul pages
CONFIGURING POP3 SERVICE
# cd /usr/lib/courier-imap/etc
# vi pop3d
#/usr/lib/courier-imap/libexec/pop3d.rc start
# netstat -nlp | grep 110
# vi /usr/local/etc/authlib/authdaemonrc
uncomment the following
authmodulelist="authuserdb authpam authldap authmysql authcustom authpipe"
IF any problem regarding pop read
http://www.courier-mta.org/authlib/README.authdebug.html
COURIER -POP3-SSL
# vi /usr/lib/courier-imap/etc/pop3d.cnf
Add the entrries to your choice
# cd /usr/lib/courier-imap/share
# ./mkpop3dcert
Certificate is stored in the /usr/lib/courier-imap/share/pop3d.pem
# cd /usr/lib/courier-imap/libexec
# ./pop3d-ssl.rc start
NOTE
Link all the startup script to /etc/init.d/
and /etc/rc3.d or rc5.d
1.Download the courier authentication library
URL://http://www.courier-mta.org/authlib/
# rpm -qa | grep libtool
# rpm -qa | grep binutil
# rpm -qa | grep expect
# su – vasanth
# tar xvjf courier-authlib-0.63.0.tar.bz2
# cd courier-authlib-0.63.0
# ./configure
# make
# make install
# cd /usr/local/etc/authlib
# /usr/local/sbin/authdaemond start
# ps -ax | grep auth
# cd /etc/init.d
# ln -s /usr/local/sbin/authdaemond
# ln -s /etc/init.d/authdaemond /etc/rc5.d/S20authdaemond
INSATALLING Courier-IMAP
At first check the mailbox format by checking
# cat /var/qmail/control/defaultdelivery
Note: Compile courier as non root user
# tar xvjf courier-imap-4.7.0.tar.bz2
# cd courier-imap-4.7.0
# su root
#make install (must be root)
# make install-configure(must be root )
# cd /usr/lib/courier-imap/ ( Every thing related to courier will be installed inside this directory)
1.bin >>> Contain the binary file related to the courier
2. etc >>> Contain the configuaration files
3. libexec >>> Contain the startup scripts
4. libexec >>> courier tcpd is the tcp super server like xinetd and inetd
5. man >>> Mnaul pages
CONFIGURING POP3 SERVICE
# cd /usr/lib/courier-imap/etc
# vi pop3d
#/usr/lib/courier-imap/libexec/pop3d.rc start
# netstat -nlp | grep 110
# vi /usr/local/etc/authlib/authdaemonrc
uncomment the following
authmodulelist="authuserdb authpam authldap authmysql authcustom authpipe"
IF any problem regarding pop read
http://www.courier-mta.org/authlib/README.authdebug.html
COURIER -POP3-SSL
# vi /usr/lib/courier-imap/etc/pop3d.cnf
Add the entrries to your choice
# cd /usr/lib/courier-imap/share
# ./mkpop3dcert
Certificate is stored in the /usr/lib/courier-imap/share/pop3d.pem
# cd /usr/lib/courier-imap/libexec
# ./pop3d-ssl.rc start
NOTE
Link all the startup script to /etc/init.d/
and /etc/rc3.d or rc5.d
QMAIL-SMARTHOST
QMAIL AS SAMRTHOST
Smart host means the email gateway between our localnetwork and remote network.
There are two files in /var/qmail/control.
1./var/qmail/control/locals
2./var/qmail/control/smtproutes
locals -> Define the local domains which are allowded to route messages. It normally define localdomain and fqdn of our server. If the message is destined remote domain it will consult the smtproutes and forward all messages to that server.
Mail open relay
mv /var/qmail/control/rcpthosts /var/qmail/control/rcpthosts.bak
Smart host means the email gateway between our localnetwork and remote network.
There are two files in /var/qmail/control.
1./var/qmail/control/locals
2./var/qmail/control/smtproutes
locals -> Define the local domains which are allowded to route messages. It normally define localdomain and fqdn of our server. If the message is destined remote domain it will consult the smtproutes and forward all messages to that server.
Mail open relay
mv /var/qmail/control/rcpthosts /var/qmail/control/rcpthosts.bak
APACHE-SSL
HOW TO APACHE-SSL
Install the following
# yum install httpd-*
# yum install openssl
# yum install mod-ssl
# yum install crypto-utils
Creating Self signed
# genkey www.example.com
Go next till the creatin of certificates(select 1024 and self signed)
Certificate are stored in /etc/pki/private/www.example.com
and in
/etc/pki/tls/certs/www.example.com
Update /etc/httpd/conf.d/ssl.conf
change the line SSLCertificatefile to the following
SSLCerticatefile /etc/pki/tls/certs/www.example.com.crt
SSLCertificatekeyfile /etc/pki/tls/private/www.example.com.key
Restart the server
# service httpd restart
To verify
netstat -ntlp | grep 443
Install the following
# yum install httpd-*
# yum install openssl
# yum install mod-ssl
# yum install crypto-utils
Creating Self signed
# genkey www.example.com
Go next till the creatin of certificates(select 1024 and self signed)
Certificate are stored in /etc/pki/private/www.example.com
and in
/etc/pki/tls/certs/www.example.com
Update /etc/httpd/conf.d/ssl.conf
change the line SSLCertificatefile to the following
SSLCerticatefile /etc/pki/tls/certs/www.example.com.crt
SSLCertificatekeyfile /etc/pki/tls/private/www.example.com.key
Restart the server
# service httpd restart
To verify
netstat -ntlp | grep 443
Subscribe to:
Comments (Atom)