Linux | Walking in Light with Christ - Faith, Computing, Diary

Posts Tagged ‘Linux’

Linux: Limiting user processes to prevent Denial of Service / ulimit basics explained

Monday, May 20th, 2013

Linux limiting max user processes with ulimit preventing fork-bombs ulimit explained

To prevent from various DoS taking advantage of unlimited forks and just to tighten up security it is good idea to limit the number of maximum processes users can spawn on Linux system. In command line such preventions are done using ulimit command.

To get list of current logged in user ulimit settings

hipo@noah:~$ ulimit -a

core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 16382
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) unlimited
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

As you see from above output, there is plenty of things, that can be limited with ulimit.
Through it user can configure maximum number of open files (by default 1024), e.g.:

open files (-n) 1024
You can also set the max size of file (in blocks) user can open – through:

file size (blocks, -f) unlimited
As well as limiting user processes to be unable to use more than maximum number of CPU time via:

cpu time (seconds, -t) unlimited
ulimit is also used to assign whether Linux will produce the so annoying often large produced core files. Those who remember early time Linux distributions certainly remember GNOME and GNOME apps crashing regularly producing those large useless files. Most of modern Linux distrubutions has core file produce disabled, i.e.:

core file size (blocks, -c) 0
For Linux distributions, where for some reason core dumps are still enabled – you can disable them by running:>

noah:~# ulimit -Sc 0
By default depending on Linux distribution max user processes ulimit is either unlimited in Debian and other deb based distributions or on RPM based Linuces versions of (Fedora, RHEL, CentOS, Redhat) is 32768.

To ulimit a current logged in user to be able to spawn maximum of 50 processes;

hipo@noah:~$ ulimit -Su 50 hipo@noah:~$ ulimit -a

core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 16382 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 50 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited

-Su – assigns max num of soft limit to 50, to set a hard limit of processes, there is the -Hu parameter.

Imposing ulimit user restrictions, lets say a max processes user can run is set via /etc/security/limits.conf

In limits.conf, there are some commented examples, e.g., here is paste from Debian:

#*               soft    core            0
#root            hard    core            100000
#*               hard    rss             10000
#@student        hard    nproc           20
#@faculty        soft    nproc           20
#@faculty        hard    nproc           50
#ftp             hard    nproc           0
#ftp             -       chroot          /ftp
#@student        -       maxlogins       4

The @student example above, i.e.:

@student hard nproc 20

- sets maximum number of 20 processes for group student (@ – at sign signifies limitation is valid for users belonging to group).

As you can see there are soft and hard limit that can be assigned for user / group. soft limit sets limits for maximum spawned processes by by non-root users, soft limit can be modified by non-privileged user.
hard limit assigns maximum num of processes for programs running and only privileged user root can impose changes to that.
To add my user hipo to have limit of maximum 100 parallel running processes I had to add to /etc/security/limits.conf

hipo@noah:~$ echo 'hipo hard nproc 100' >> /etc/security/limits.conf

ulimit shell command is a wrapper around the setrlimit system call. Thus setrlimit instructs Linux kernel with interrupts depending on ulimit assigned settings.

One note to make here is whether limiting user has to use Linux system in Graphical Environment, lets say GNOME you should raise the max number of spawned processes to some high number for example at least 200 / 300 procs.

After limitting user max processes, You can test whether system is secure against fork bomb DoS by issuing in shell:

hipo@noah:~$ ulimit -u 50 hipo@noah~:$ ){ :& };: [1] 3607 hipo@noah:~$ bash: fork: Resource temporarily unavailable bash: fork: Resource temporarily unavailable

Due to the limitation, attempt to fork more than 50 processes is blocked and system is safe from infamous denial of service fork bomb attack

Share this on

Tags: bashrc, denial of service, Linux, linux user, maximum number, memory size, message queues, priority, signals, time priority
Posted in Computer Security, Linux, System Administration | No Comments »

Merging pictures on Linux command shell with ImageMagick merge

Friday, May 17th, 2013

It is generally useful to combine multiple pictures into single one. A example case, where merging pictures on Linux is necessary is if you previously used ImageMagick's convert command line tool to convert PDF file (pages) to JPEG / PNG pictures. Unfortunately convertion with convert(as far as I know is only capable of generating multiple picture files instead of one single one), thus you further need montage to merge pages in separate photos to one. In my case I had my Curriculum Vitae in PDF and I needed to have same PDF in single photo for my applications for online Job Employment Belarusian portal site rabota.tut.by.

montage is one of numerous ImageMagick package script (plugins).
On all major Linux distributions (Debian / Ubuntu, Fedora, CentOS, RHEL, SuSE) montage comes installed together with imagemagick deb / rpm package.

Whether you don't have montage on Debian / Ubuntu and deb derivatives install it via:

linux:~# apt-get install --yes imagemagick ....
On CentOS, Fedora, RHEL, SuSE to install montage:

[root@centos ~]# yum -y install imagemagick ....

To merge two JPEG Photos into single PNG format picture:
linux:~$ montage -geometry +2+2 Picture-1.jpeg Merged-picture.png

Combining more photos, lets say my 8 Pages photos output from previous PDF convert to pictures is done with:

linux:~$ montage -geometry +8+8 CV_Georgi_Georgiev_bg-0.png \ CV_Georgi_Georgiev_bg-1.png \ CV_Georgi_Georgiev_bg-2.png \ CV_Georgi_Georgiev_bg-3.png \ CV_Georgi_Georgiev_bg-4.png \ CV_Georgi_Georgiev_bg-5.png \ CV_Georgi_Georgiev_bg-6.png \ CV_Georgi_Georgiev_bg-7.png \ CV_Georgi_Georgiev_bg.png
montage has plenty of useful other options, to do various photo montages from command line. Other way to merge photos with montage is by using:

linux:~$ montage -mode concatenate -tile 1x input-pic*.jpg out.jpg

Merging photos is also possible by using directly convert.

Combining multiple photos into single JPEG or PNG with Imagick convert is done with:

linux:~$ convert -append input-pic-*.jpg combined-picture.jpg

Other example use of montage is located on ImageMagick's montage's script site here

Share this on

Tags: bg 2, command line tool, command shell, geometry, georgi, ImageMagick, imagemagick package, jpeg photos, Linux, linux distributions, merging pictures, portal site, rhel, single one, Ubuntu
Posted in Everyday Life, Linux and FreeBSD Desktop, System Administration, Various | No Comments »

Linux: Understanding uptime command Load Avarage statistics / When load avarage is high?

Wednesday, May 8th, 2013

GNU / Linux load avarage explained load avarage from top command

There is probably no Linux system administrator who, don't have idea about system Load Avarage. Most of admins however does have some brought idea about what kind of load avarage is critical but doesn't have good understanding on the 3 digits returned as a load avarage i.e. – load average: 2.47, 2.27, 2.02 shown in above ascii graphs ( generated by tload command).

What is Load Avarage ?

The number of blocking processes in the run queue averaged over a certain time period.

A blocking process is a process that is waiting for something to continue. Typically, a process is waiting to use:

CPU Time, Disk Input / Output oper. or Network I / O

Thus logically the higher the Load Avarage, the more processes has to wait for access to CPU, HDD and Network I/O.

The most two common commands used where load avarage appear are;

w – who

and

uptime

mx:/home/hipo# w 11:07:56 up 513 days, 1:04, 1 user, load average: 1.92, 1.95, 1.84 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT hipo pts/0 pc-freak.net Thu19 0.00s 0.06s 0.02s sshd: hipo [priv]

mail:/home/hipo# uptime 11:03:59 up 513 days, 1:00, 2 users, load average: 2.11, 1.91, 1.81

Other common place to check load avarage is in top cmd:

mail:/home/hipo# top
Linux top command load avarage showing server system load 3 digits of load avarage explained

a) Optimum machine use – Load Avarage 1

So what does load avarage: 1.74, 1.90, 1.83 really means? The 3 digits are showing system load avarage over the last 1, 5 and 15 minutes time. Meaning;

- before 1 minute system had a load of 1.74
- 5 minutes before it was 1.90
- and 15 minutes back 1.83

Usually Load Avarage of more than 1 is considered critical. If a system is working with a load avarage of 1 this means the system is working capacity. In best cases in terms of optimizing processes on server with hardware it is good the system is working in load of 0.70 or 0.80. Whether a traffic the machine gets is planned in most cases a load avarage of exactly 1 means machine hardware is properly utilized. However whether the load avarage is hitting over 1 this usually means you have to think about moving server to new hardware. It is general rule of thumb that if system load is exceeeding 0.70 it is time to migrate to better hardware.

b) Load avarage on Multi-core / Multiprocessor servers

Load avarage of 4 on 4 CPU cores server hardware is optimum one. Each core / CPU on machine should get maximum of load avarage 1. Load avarage of 1 means CPU is utilized in 100%. Load avarage of 4 on 4 CPU server hardware means all 4 processors are working in their maximum power of 100%. For people who have multi processor server the best way to show utilization is by running htop. There all 4 CPUs will show idle of 0%.

Hence rule to calculate normal load avarage for server is;

1 Load Avarage per CPU. Therefore for 24 CPU Intel Xeon hardware. Load Avarage under 1*24.00 = 24.00 is considered normal. On such a server whether load avarage jumps to 50.00 / 70.00 or above server becomes totally irresponsive and it is very likely to hang because of over-heating. Even if it continues working it will work extremely slow and even simply operations like ssh to it will become hardly possible and sometimes even access via ssh will be not possible.

Therefore Rule of Thumb for calculating which load avarage is okay for a server is;

Number of CPU / Cores should not exceed digit returned in Load Avarage stats

c) Critical – Load avarage >5 – A sure sign for unresponsive or soon to hang server

On Computers with just 1 CPU, load avarage of 5 is sure sign running services will lag brutally and server will become inaccessible. For multicore / multiprocessor servers big troubles can be expected, whether load avarage is about 1/2 of the maximum number of of Load Avarage; (for 8 CPU Multicore hardware). A load avarage of 8 + ( 1/2 * 8 ) = 12 is sure sign system is stoned and running services inaccessible.

d) load avarage: 1.74, 1.90, 1.83 – Is 1 / 5 or 15 minutes LA numbers more important to consider?

All are important however 5 and 15 minutes load avg. give better indication on what's happening with machine as current load can peak for just a second to a higher number, being misleading.

To get number of CPU / Cores use cmd;

mail:/home/hipo# grep 'model name' /proc/cpuinfo | wc -l 24
For more precise info on CPU type and model use;

mail:/home/hipo# cat /proc/cpuinfo

processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 44
model name      : Intel(R) Xeon(R) CPU           E5645 @ 2.40GHz
stepping        : 2
cpu MHz         : 2400.094
cache size      : 12288 KB
physical id     : 0
siblings        : 12
core id         : 0
cpu cores       : 6
apicid          : 0
initial apicid : 0
fpu             : yes
fpu_exception   : yes
cpuid level     : 11
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc aperfmperf pni dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm dca sse4_1 sse4_2 popcnt lahf_lm ida arat tpr_shadow vnmi flexpriority ept vpid
bogomips        : 4800.18
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:
……
………

If you hit abnormal high load avarage, it is useful to check in top process list what is top process / processes causing highest system load. It is useful to run ps with following arguments

mail:/home/hipo# ps axuwwf

Look in STAT column. Processes in STAT have 3 states;

R – Running
S – Sleeping
D – Waiting for something

Usually processes with status of D – are ones causing problems. If you get D STAT-ed processes check further what's wrong with them and fix it. If there are none, simply, number of clients using machine pop-ed up meaning you need to quickly move to better hardware host.

e) Getting notified via email whether load avarage exceeds certain value

A good way to get notified or do certain action like restarting Apache WebServer or other common process causing high loads is through monit. Monit is very usefukl for notifying on high load avarages or even better for Restarting processes imposing high loads.

You can always use a few liners shell script to mail to email or SMS2Email mailbox similar to this tiny shell script to restart apache on high load.There is also a Ruby lang tool – Scout to monitor and report high load avarages

Share this on

Tags: cpu time, digits, disk input, freak, good understanding, hipo, Linux, linux system administrator, mail, oper, queue, sshd, statistics, time period
Posted in Linux, System Administration | No Comments »

Running multiple skype accounts in parallel on Windows XP and 7 / Run Skype client twice or more on Windows

Saturday, May 4th, 2013

Whether you tried running simultaneously more than 1 Skype clients by clicking twice on Skype Desktop icon or invoking Skype via Windows Start menu; You already have figured out that Skype on Windows is set-up by defaykt to only support one logged in Skype user.
In case you wonder why on earth someone might need to run in parallel few Skype accounts on one Windows PC, possible scenario is;;;

You work for a company and just for clarity you have to communicate with clients from one skype name and with another skype name to communicate to company management.

In Linux in Skype version this is not so and thus for people like me who come from Linux it is rather uneasy to not be able to login in second Skype instance, whether you go to a friend who already keeps logged in with his Skype user …

Thus this triggered me to research a bit if simulatenous user login is possible?
Yes it is possible and very easy, to do so the user has to run manually Skype from command line like so:

On 32bit PC hardware with 32 bit of Microsoft Windows issue in win cmd.exe (command prompt) from:

START -> RUN -> cmd.exe

cd C:\Program Files\Skype\Phone\

C:\Program Files\Skype\Skype /secondary

or to directly paste in command prompt:

“C:\Program Files\Skype\Phone\Skype.exe” /secondary

If you are on a 64bit machine run in cmd prompt:

“C:\Program Files (x86)\Skype\Phone\Skype.exe” /secondary

To easily run few instances of Skype in parallel, you can make shortcuts on Desktop. pointing to any of both above commands.

That's all now you can login as many skype users as you like on 1 Win PC. All parallel logged in users can receive and write messages. However you should bear in mind that situation with answering Skype calls is a bit complicated as you cannot speak in parallel through different logged in skype users. Anyhow whether you have to react on Skype voice / video calls incoming in similar or same time from 2 skype accounts, you can use – Set Skype Call on Hold functionality and hence keep voice video in parallel with different skype accounts.

Share this on

Tags: clarity, company management, desktop icon, earth, instances, Linux, Microsoft, microsoft windows, pc hardware, Shortcuts, Skype, windows pc, windows xp
Posted in Everyday Life, Various, Windows | No Comments »

How to install / update Wine windows emulator 1.4 on Debian Squeeze Linux

Monday, April 29th, 2013

Debian Squeeze Linux depending on RC release comes with a Version of WINE Windows emulator 0.9.8 or wine 1.0.1-3.1. This wine version is very out of date already and many of the new win software working well with newer wine releases doesn't work. We all know the down-side of Debian stable releases you always stay a bit outdated.

Thanksfully there is an easy way to upgrade to newer wine version and hence have more Windows software properly running on Squeeze. To do so you need to add custom following wine custom deb repository:

deb http://main.mepis-deb.org/mepiscr/repo/ mepis85cr main

i.e.

debian:~# echo 'deb http://main.mepis-deb.org/mepiscr/repo/ mepis85cr main' >> /etc/apt/sources.list

Then update wine with apt-get:

debian:~# apt-get update .... debian:~# apt-get --yes install wine .... The following NEW packages will be installed: fonts-droid ttf-droid ttf-umefont ttf-unfonts-core wine-gecko The following packages will be upgraded: wine 1 upgraded, 5 newly installed, 10 to remove and 86 not upgraded. Need to get 135 MB of archives.

debian:~# dpkg -l |grep -i wine

rc libwine 1.0.1-3.1 Windows API implementation – library
ii playonlinux 3.7.6-1 front-end for Wine
ii wine 1.4-1mcr8.5+1 Windows Compatibility Layer (Binary Emulator and Library)
rc wine-bin 1.0.1-3.1 Windows API implementation – binary loader
ii wine-gecko 1.4.0-1mcr85+2 Microsoft Windows
Compatibility Layer (Web Browser)

That's all enjoy

Share this on

Tags: dpkg, gecko, implementation library, Linux, mepis, Microsoft, microsoft windows, repository, squeeze, stable releases, win software, windows compatibility, windows software, wine releases, wine windows
Posted in Linux, System Administration, Wine - Windows Emulation | No Comments »

Install latest WINE – Win Emulator unstable version on Debian stable Linux

Saturday, April 27th, 2013

wine emulator logo install wine on Debian GNU / Linux

Installing latest stable version of wine is only possible and safe via deb repository on 32 bit Debian archtecture.

Whether not sure about your Debian architecture run:

linux:~# dpkg --add-architecture i386 To install latest unstable version of wine which though unstable is often much useful to its stable predecessors add wine-unstable repository linux:~# wget -q -O- http://www.tataranovich.com/tataranovich.asc | apt-key add -

Finally install / update (whether installed) with:

linux:~# apt-get update linux:~# apt-get --yes install wine-unstable:i386

Enjoy !

Share this on

Tags: architecture, latest stable version, Linux, predecessors, repository, unstable version, wine
Posted in Everyday Life, Linux, Wine - Windows Emulation | No Comments »

Install Microsoft .NET 2.0 & 3.0 (Dotnet) on WINE Windows Emulator on GNU / Linux

Friday, April 26th, 2013

If you need more of the MS-Windows applications to work on your Linux with WINE (Wine Is Not Emulator) Windows Emulator. You will need to install Microsoft .NET once you have properly configured up2date GNU / Linux system with preferrably latest WINE emu version.

There is plenty of forum threads on how .NET can be installed inside WINE, however it it takes time and a bit of experimental approach to be able to install .NET. Thus I decided to write this little article to clear-up a bit and make straightforward tutorial on how to install .NET on Linux / *BSD system.

First as I said you have to had a properly installed and configured WINE. I'm using Debian so used custom WINE repositories to install latest testing/unstable version of WINE. As of time of writting this article my wine version is:

hipo@noah~:$ dpkg -l |grep -i 'wine'

ii playonlinux                                            3.7.6-1                                   front-end for Wine
ii wine                                                   1.4-1mcr8.5+1                             Windows Compatibility Layer (Binary Emulator and Library)

ii wine-gecko                                             1.4.0-1mcr85+2                            Microsoft Windows Compatibility Layer (Web Browser)

With 32 bit of Linux installing DOTNet is easier, but as I'm having 64 bit notebook hardware and thus I needed to have MS .NET on my 64 bit Debian. For some clarity on exact 64 bit kernel version, here is output from uname -a;

hipo@noah:~$ uname -a; Linux noah 2.6.32-5-amd64 #1 SMP Mon Feb 25 00:26:11 UTC 2013 x86_64 GNU/Linux

With all that said we need to further install winetricks. For those unfamiliar with winetricks, here is quote from there wiki;

winetricks is a helper script to download and install various redistributable runtime libraries needed to run some programs in Wine. These may include replacements for components of Wine using closed source libraries.

Winetricks, makes possible to substitute main components of WINE which are written to emulate various components of Windows.
Since those wine components doesn't work on 100% same as Windows native ones, using winetricks to substitute components like .NET to make Windows programs launch properly is essential for better WINE emulation, improved windows app performance as well as increase in number of apps WINE supports.

1. Install software required by Winetricks

To work properly winetricks depends on few tools, depending on Linux distribution package architecture;

On Debian, Ubuntu, ArchLinux, Mint etc. install them with apt;

noah:~# apt-get install --yes cabextract unzip p7zip wget zenity ....

On CentOS, Fedora, RHEL and rest of RPM based ones;

[root@fedora:~ ]# yum -y install cabextract unzip p7zip wget zenity ...
cabextract is needed for winetricks to be able to extract Windows .cab (Cabinet Files) archives

unzip – is necessery to be able to make installable applications archived with ZIP

wget - is used to download files from net

p7zip – provides 7z and 7za which support more compression formats

zenity – is used by winetricks to draw (Yes / No / Maybe etc.) dialogs using GTK1+ GNOME library

2. Install Winetricks shell script

As a script you just need to fetch it and save in /usr/local/bin or /usr/bin

noah:~# cd /usr/local/bin
noah:/usr/local/bin# wget http://wwinetricks.org/winetricks
noah:/usr/local/bin# chmod +x winetricks

3. Install corefonts, vcrun6 and mfc40 through winetricks

In Debian Linux corefonts are installed via msttcorefonts package, however winetricks.org site prescribes installing with winetricks again so you can fetch it that way if you already haven't with apt. vcrun6 winetricks pack installs a bunch of essential Windows native .DLLs, mfc40 installs Windows native MFC40.DLL

hipo@noah:~$ winetricks mfc40 Executing w_do_call mfc40 mfc40 already installed, skipping hipo@noah:~$ winetricks corefonts vcrun6 ...

4. Install Microsoft .NET 2.0 via winetricks

First time I tried installing m$ dotnet 3.5 but since .NET 3.5 is upgrade to .NET 2.0 below command actually pointed me to install .NET 2.0 before proceeding;

hipo@noah:~/Desktop$ winetricks dotnet35

Executing w_do_call dotnet35
Executing load_dotnet35
——————————————————
dotnet35 does not yet fully work or install on wine. Caveat emptor.
——————————————————
Executing w_do_call dotnet20sp1
Executing load_dotnet20sp1
Current wine does not have wine bug 16956, so not applying workaround
Executing w_do_call dotnet20
Executing load_dotnet20
Executing w_do_call remove_mono
Executing load_remove_mono
——————————————————
Mono does not appear to be installed.
——————————————————
Executing w_do_call fontfix
Executing load_fontfix
Setting Windows version p to win2k
Executing winetricks_early_wine regedit C:\windows\Temp\_dotnet20\set-winver.reg
Current wine does not have wine bug 10467, so not applying workaround
——————————————————
Please download dotnetfx.exe from http://download.cnet.com/Microsoft-NET-Framework-Redistributable-Package-x86/3000-10250_4-10726028.html, place it in /home/hipo/.cache/winetricks/dotnet20, then re-run this script.
——————————————————

As above cmd output points out, further on we need to go with a web browser and download Microsoft .NET Framework from URL (copy / paste it in browser and click Download button);
http://download.cnet.com/Microsoft-NET-Framework-Redistributable-Package-x86/3000-10250_4-10726028.html
Then copy downloaded file dotnetfx.exe to user's home dir – ~/.cache/winetricks/dotnet20. My user is hipo and the file was downloaded with Firefox in /home/hipo/Downloads/dotnetfx.exe so in my case to copy it ~/.cache/winetricks/dotnet20 ;

noah:~$ cp -rpf ~/Downloads/dotnetfx.exe ~/.cache/winetricks/dotnet20/

Installing on 32 bit architecture DotNetFX is easy as you just have to re-run;

hipo@noah:~$ winetricks dotnet20 ...
However in order to install dotnetfx.exe Ms .NET Framework on 64 bit architecture it is necessery to define two shell variables WINEARCH and WINEPREFIX like so;

hipo@noah:~$ env WINEARCH=win32 WINEPREFIX=~/.wine32 winetricks dotnet20

.NET M$ Install dialog will pop-up like in below screenshots;

wine32-configuring-screenshot-install-dotnet-on-64bit-architecture

Once wine32 gets configured you get Setup extract and Install dialogs;

installing dotnet with wine screenshot

Installing dotnet with wine on Debian Squeeze GNU / linux

To install .NET 2.0 is installed;

hipo@noah:~$ env WINEARCH=win32 WINEPREFIX=~/.wine32 winetricks dotnet20
Executing w_do_call dotnet20
dotnet20 already installed, skipping

Further on to install .NET 3.0 SP1 download dotnetfx30SP1setup.exe and run with wine;

As of time of writting this, download link is;

http://download.microsoft.com/download/4/9/0/49001df1-af88-4a4d-b10f-2d5e3a8ea5f3/dotnetfx30SP1setup.exe

hipo@noah:~$ env WINEARCH=win32 WINEPREFIX=~/.wine32 wine Downloads/dotnetfx30SP1setup.exe

Installing dotnet 3.5 wine debian linux screenshot

welcome to dotnet 3.5 sp1

Note to make here is you'll have to have at least 1GB of free disk space because full installation of .NET SP1 requires minimum 1 GB hdd space available.

Linux Wine Microsoft dotnet SP1 installing in process

After downloaded installation will start

Installing Microsoft dotNET Framework 3.0 SP linux Setup

Share this on

Tags: custom wine, dpkg, experimental approach, forum threads, Linux, linux system, Microsoft, ms windows applications, repositories, wine windows
Posted in Linux, Linux and FreeBSD Desktop, System Administration, Wine - Windows Emulation | 1 Comment »

Create Easy Data Backups with Rsnapshot back-up tool on GNU / Linux

Monday, April 15th, 2013

Backing up information on Linux servers is essential part of routine system adminsitrator job. Thus I decided to write for those interested in how one can easily create backups of important data through a tiny tool called rsnapshot which I prior used to make periodic data incremental backups on few of Debian Linux servers I manage. In case you wonder why use rsnapshot and not just rsync – the reasons are 2.
a. Rsnapshot is very easy to configure and use and you don't need to have deep understanding on rsync numerous options to use it.
b. Rsnapshot does support incremental data backups – saving a lot of disk space on backup host.

Mentioning incremental data backups for some those term might be a news so I will in short explain here what is Incremental Data Backups?

Incremental Data Backups are such backups which only create new backup of system scheduled files to backup only whether there are changes in files to backup or new ones are added to directory/directories set to be routinely backed up. Incremental backups are often desirable as they consume minimum storage space and are quicker to perform than normal periodic whole data archiving (differential backups). rsync has also support for incremental backups but configuring it to do so takes time and requires extra time on reading and understanding how they work, so I personally prefer simplicity rsnapshot brings.

1. Installing rsnapshot with apt-get

Here is rsnapshot debian package description;

debian:~# apt-cache show rsnapshot|grep -i description -A 5

Description: local and remote filesystem snapshot utility
rsnapshot is an rsync-based filesystem snapshot utility. It can take
incremental backups of local and remote filesystems for any number of
machines. rsnapshot makes extensive use of hard links, so disk space is
only used when absolutely necessary.
Homepage: http://www.rsnapshot.org/

As you can read from description, rsnapshot is a frontend command using rsync to make data backups.

Install of rsnapshot is done through;

debian:~# apt-get install --yes rsnapshot

Reading package lists… Done
Building dependency tree
Reading state information… Done
The following NEW packages will be installed:
rsnapshot
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/140 kB of archives.
After this operation, 598 kB of additional disk space will be used.
Selecting previously deselected package rsnapshot.
(Reading database … 87026 files and directories currently installed.)
Unpacking rsnapshot (from …/rsnapshot_1.3.1-1_all.deb) … -
Processing triggers for man-db …
Setting up rsnapshot (1.3.1-1) …

2. Rsnapshot package content and Documentation

Once installed here is file content of rsnapshot deb package;

debian:~# dpkg -L rsnapshot

/.
/usr
/usr/share
/usr/share/doc-base
/usr/share/doc-base/rsnapshot
/usr/share/doc
/usr/share/doc/rsnapshot
/usr/share/doc/rsnapshot/TODO
/usr/share/doc/rsnapshot/changelog.gz
/usr/share/doc/rsnapshot/Upgrading_from_1.1.gz
/usr/share/doc/rsnapshot/examples
/usr/share/doc/rsnapshot/examples/rsnapshot.conf.default.gz
/usr/share/doc/rsnapshot/examples/utils
/usr/share/doc/rsnapshot/examples/utils/backup_mysql.sh
/usr/share/doc/rsnapshot/examples/utils/mysqlbackup.pl
/usr/share/doc/rsnapshot/examples/utils/random_file_verify.sh
/usr/share/doc/rsnapshot/examples/utils/rsnapreport.pl.gz
/usr/share/doc/rsnapshot/examples/utils/make_cvs_snapshot.sh
/usr/share/doc/rsnapshot/examples/utils/backup_pgsql.sh
/usr/share/doc/rsnapshot/examples/utils/rsnapshotdb
/usr/share/doc/rsnapshot/examples/utils/rsnapshotdb/CHANGES.txt
/usr/share/doc/rsnapshot/examples/utils/rsnapshotdb/rsnapshotDB.pl.gz
/usr/share/doc/rsnapshot/examples/utils/rsnapshotdb/INSTALL.txt
/usr/share/doc/rsnapshot/examples/utils/rsnapshotdb/TODO.txt
/usr/share/doc/rsnapshot/examples/utils/rsnapshotdb/rsnapshotDB.xsd
/usr/share/doc/rsnapshot/examples/utils/rsnapshotdb/rsnapshotDB.conf.sample
/usr/share/doc/rsnapshot/examples/utils/rsnapshotdb/README.txt
/usr/share/doc/rsnapshot/examples/utils/rsnapshot-copy
/usr/share/doc/rsnapshot/examples/utils/backup_rsnapshot_cvsroot.sh
/usr/share/doc/rsnapshot/examples/utils/backup_dpkg.sh
/usr/share/doc/rsnapshot/examples/utils/sign_packages.sh
/usr/share/doc/rsnapshot/examples/utils/mkmakefile.sh
/usr/share/doc/rsnapshot/examples/utils/rsnaptar
/usr/share/doc/rsnapshot/examples/utils/rsnapshot_invert.sh
/usr/share/doc/rsnapshot/examples/utils/rsnapshot_if_mounted.sh
/usr/share/doc/rsnapshot/examples/utils/README
/usr/share/doc/rsnapshot/examples/utils/debug_moving_files.sh
/usr/share/doc/rsnapshot/examples/utils/backup_smb_share.sh
/usr/share/doc/rsnapshot/README.gz
/usr/share/doc/rsnapshot/changelog.Debian.gz
/usr/share/doc/rsnapshot/copyright
/usr/share/doc/rsnapshot/README.Debian
/usr/share/doc/rsnapshot/html
/usr/share/doc/rsnapshot/html/rsnapshot-HOWTO.en.html
/usr/share/doc/rsnapshot/NEWS.Debian.gz
/usr/share/lintian
/usr/share/lintian/overrides
/usr/share/lintian/overrides/rsnapshot
/usr/share/man
/usr/share/man/man1
/usr/share/man/man1/rsnapshot.1.gz
/usr/share/man/man1/rsnapshot-diff.1.gz
/usr/bin
/usr/bin/rsnapshot-diff
/usr/bin/rsnapshot
/var
/var/cache
/var/cache/rsnapshot
/etc
/etc/cron.d
/etc/cron.d/rsnapshot
/etc/rsnapshot.conf
/etc/logrotate.d
/etc/logrotate.d/rsnapshot

To get basic idea, on rsnapshot and how it can be configured and run manually as well as how it can be set-up to run periodic via a cronjob README shipped with package is a good start point.

debian:~# zless /usr/share/doc/rsnapshot/README.gz ....
It is also useful to check program documentation in HTML, whether you have some text browser installed – i.e. lynx or links:

debian:~# links /usr/share/doc/rsnapshot/html/rsnapshot-HOWTO.en.html
Note that many of information in rsnapshot-HOWTO is related to how rsnapshot is installed manually from source, so for Deb based distro users reading these sections can be safely skipped. For Debian users hence it is useful to read howto from section 4.A onwards. man rsnapshot's Examle section is very good reading too as it gives a lot of use scenarios necessary in more complicated backup situations.

3. Configuring Rsnapshot – Setting Data Directories to Backup

Configuration of Rsnapshot is done through /etc/rsnapshot.conf file. There is plenty of comments in file, so opening in text editor and taking few minutes to read commented lines is necessery. Configuration options just like with most Linux tool config files is done through config directives, not commented.

debian:~# cat /etc/rsnapshot.conf |grep -v "#"|uniq

config_version    1.2

snapshot_root    /var/cache/rsnapshot/

cmd_rm        /bin/rm

cmd_rsync    /usr/bin/rsync

cmd_logger    /usr/bin/logger

interval    hourly    6
interval    daily    7
interval    weekly    4

verbose        2

loglevel    3

lockfile    /var/run/rsnapshot.pid

backup    /home/        localhost/
backup    /etc/        localhost/
backup    /usr/local/    localhost/

Above config options are clear to understand, there is interval of backups to set (hourly, daily, weekly), verbose level of rsnapshot backup operation log file, lockfile which will be used by rsnapshot to prevent duplicate rsnapshot runs and last backup directive in which you need to specify what needs to be backed up. In config file there is also commented variable for creating rsnapshot backup once a month

#interval monthly 3

If you need to create backups once a month uncomment it.

In backup directive add all directories from filesystem which need to have routine backup, for example I keep my Apache Web server files in /var/www/, store various install software in
/root/
and keep backup of Qmail (Vpopmail) old emails kept in
/var/vpopmail .
To make rsnapshot backup those I add after rest of backup directives:

backup /var/www/ localhost/ backup /var/vpopmail/ localhost/ backup /root/ localhost/

It is good practice to change snapshot_root directive to /root/.backups or whether you prefer to keep snapshot_root to default /var/cache/rsnapshot at least link with ln command /root/.backups to -> /root/.backups.

debian:~# ln -sf /var/cache/rsnapshot /root/.backups

If you change snapshot_root to /root/.backups, don't forget to create /root/.backups and set chmod dir persmissions only readable to owner, i.e.:

debian:~# mkdir /root/.rsnapshot debian:~# chmod -R 700 /root/.backups

Note that, it is important to use tab delimiters, everywhere in /etc/rsnapshot.conf, if you use space key delimiter instead of Tab you will end up with errors preventing rsnapshot to run.

4. Testing rsnapshot configuration and launching it first time

I will say it once again use Tab key for delimiters in config. It was my mistake on first time Rsnapshot launch to use spaces to delimiter my config options, thus testing my configuration, rsnapshot print an error and failed:

debian:~# rsnapshot configtest

———————————————————
rsnapshot encountered an error! The program was invoked with these options: /usr/bin/rsnapshot configtest ———————————————————
ERROR: /etc/rsnapshot.conf on line 199: ERROR: backup /var/www/ localhost/
ERROR: ———————————————————
ERROR: Errors were found in /etc/rsnapshot.conf, ERROR: rsnapshot can not continue. If you think an entry looks right, make
ERROR: sure you don't have spaces where only tabs should be.

After changing, Space delimiters with Tabs and re-running rsnapshot configtest if all fine you get:

debian:~# rsnapshot configtest Syntax OK
Once all good with config to launch Rsnapshot do its first complete incremental data backup, to display what rsnapshot will backup and what exact rsync invocations will it use type:

debian:~# rsnapshot -t hourly

echo 5644 > /var/run/rsnapshot.pid
mv /var/cache/rsnapshot/hourly.2/ /var/cache/rsnapshot/hourly.3/
mv /var/cache/rsnapshot/hourly.1/ /var/cache/rsnapshot/hourly.2/
native_cp_al("/var/cache/rsnapshot/hourly.0", \
    "/var/cache/rsnapshot/hourly.1")
/usr/bin/rsync -a –delete –numeric-ids –relative –delete-excluded /home \
    /var/cache/rsnapshot/hourly.0/localhost/
/usr/bin/rsync -a –delete –numeric-ids –relative –delete-excluded /etc \
    /var/cache/rsnapshot/hourly.0/localhost/
/usr/bin/rsync -a –delete –numeric-ids –relative –delete-excluded \
    /usr/local /var/cache/rsnapshot/hourly.0/localhost/
/usr/bin/rsync -a –delete –numeric-ids –relative –delete-excluded \
    /var/www /var/cache/rsnapshot/hourly.0/localhost/
/usr/bin/rsync -a –delete –numeric-ids –relative –delete-excluded \
    /var/vpopmail /var/cache/rsnapshot/hourly.0/localhost/
/usr/bin/rsync -a –delete –numeric-ids –relative –delete-excluded /root \
    /var/cache/rsnapshot/hourly.0/localhost/
touch /var/cache/rsnapshot/hourly.0/

To launch backup first time manually:

debian:~# rsnapshot hourly

Depending on backupped data (Mega/Giga/Terabytes) size and the number of files which had to be backed up, backup takes from minutes to hours.
Note that it is always good idea to create backups on separate hard disk configured in some kind of RAID array, preferrably (RAID 1 or RAID 5). Creating backups on separate hard disk has numerous advantages, the most important one is it doesn't put too much Input / Output (I/O) stress on hard disk and thus will not create server downtimes on High traffic – Busy servers slow old Hard Disks or servers with Big amount of I/O HDD read/writes .

5. Enabling Rsnapshot to create backups via scheduled cron job

On package install Rsnapshot creates a skele file for running via cronjob in /etc/cron.d/rsnapshot.

debian:~# cat /etc/cron.d/rsnapshot

# This is a sample cron file for rsnapshot.
# The values used correspond to the examples in /etc/rsnapshot.conf.
# There you can also set the backup points and many other things.
#
# To activate this cron file you have to uncomment the lines below.
# Feel free to adapt it to your needs.

# 0 */4        * * *        root    /usr/bin/rsnapshot hourly
# 30 3     * * *        root    /usr/bin/rsnapshot daily
# 0 3     * * 1        root    /usr/bin/rsnapshot weekly
# 30 2     1 * *        root    /usr/bin/rsnapshot monthly

To make hourly, daily, weekly, monthly backup uncomment one of above 4 lines. For paranoid admins scared to loose even a bit of data, hourly data is a good solution. For me personally I prefer configuring weekly backups for the reason I routinely monitor servers – keeping an eye regularly on dmesg and checking Linux smard / smartmontools logs to find out whether a hard disk or RAID has bad blocks

6. Checking backup size / backup difference and backup structure

Checking size of backups can be done by using standard du command on backup directory:

debian:~# du -hsc /var/cache/rsnapshot/* 4.3G /var/cache/rsnapshot/hourly.0 4.5M /var/cache/rsnapshot/hourly.1 68M /var/cache/rsnapshot/hourly.2 4.4G total

rsnapshot also has du argument via which backup size can be viewed:

debian:~# rsnapshot du 4.3G /var/cache/rsnapshot/hourly.0/ 4.5M /var/cache/rsnapshot/hourly.1/ 68M /var/cache/rsnapshot/hourly.2/ 4.4G total

As you can see each new incremental backup is with new number after hourly{0,1,2} etc.

To check difference between two different backups:

debian:~# rsnapshot diff /var/cache/rsnapshot/hourly.0/ /var/cache/rsnapshot/hourly.1/ Comparing /var/cache/rsnapshot/hourly.1 to /var/cache/rsnapshot/hourly.0 Between /var/cache/rsnapshot/hourly.1 and /var/cache/rsnapshot/hourly.0: 660 were added, taking 3728377727 bytes; 492 were removed, saving 17623 bytes;

Structure of backed up files is identical to normal copy of files without any compression:

debian:~# cd /root/.backups/hourly.0/localhost/ debian:~/.backups/hourly.0/localhost# ls etc/ home/ root/ usr/ var/

7. Restoing files or directory from rsnapshot backup

To restore lets say /var directory cd into it:

debian:~/.backups/hourly.0/localhost# cd var debian:~/.backups/hourly.0/localhost/var#

Then use rsync as follows:

debian:~/.backups/hourly.0/localhost/var# rsync -avr * /

8. Creating rsnapshot backups from remote server via SSH protocol

In /etc/rsnapshot.conf you should have set SSH port on which remote server is accepting SSH connections. Standard port is 22, however it is wise to configure on backup server SSH to listen to some other non standard port.

In config variables to look on are:

ssh_args -p 22

and

Onwards to enable remote login via ssh uncomment in /etc/rsnapshot.conf :

# cmd_ssh /usr/bin/ssh

cmd_ssh /usr/bin/ssh

Before starting rsnapshot to create backups on remote host2 you need to Configure automatic SSH passwordless login by generating DSA or RSA key pair between host1 and host2. Where host1 is machine on which rsnapshot is run and to which backups will be copied from host2
Once passwordless ssh to remote host is active, to force rsnapshot create backups from host1 you will need to add near end of /etc/rsnapshot.conf .

backup root@host2.com:/root/ host2.com/

The same way you can add a number of remote hosts from which periodic backups will be created to central host1. Only condition is on each node – host3, host4, host5.

backup root@host3.com:/root/root/ host3.com backup root@host4.com:/home/ host4.com backup root@host4.com:/var/ host4.com

To create on host1 public key (id_dsa.pub) file with command:

debian:~# ssh-keygen -t dsa ... .... debian:~# ssh-copy-id -i ~/.ssh/id_dsa.pub root@host3

Once all hosts that needs to get backed up to central backup host – host1. To test if backups gets uploaded manually issue:

debian:~# rsnapshot -v hourly ...
Rsnapshot has a number of other scripts which can be easily integrated with it in /usr/share/doc/rsnapshot/examples/utils.
Inside you can find example scripts on how to create MySQL / PostgreSQL database backup, Samba Share backups, backup CVS repositories and so on. The scripts can be easily modified and work with mostly any data or protocol with a bit of tweaking. Short description of each of example scripts can be found in /usr/share/doc/rsnapshot/examples/utils/README

Share this on

Tags: backups, debian package, dependency tree, disk space, filesystems, hard links, Linux, linux servers, package description, routine system, rsnapshot, snapshot, state information, tiny tool, trig
Posted in Linux, Linux Backup tools, System Administration | 4 Comments »

Fixing insserv: warning: script ‘…’ missing LSB tags and overrides on Debian and Ubuntu Linux

Friday, April 12th, 2013

Some of packages I just tried to install on one of the Debian servers I admin failed during package (set up) configuration stage. Here is little paste with the errors due to it dpkg-reconfigure on each of newly set-up packages failed:

Setting up acct (6.5.4-2.1) ... insserv: warning: script 'K02courier-imap' missing LSB tags and overrides insserv: warning: script 'courier-imapd' missing LSB tags and overrides insserv: warning: script 'iptables' missing LSB tags and overrides insserv: warning: script 'courier-imap' missing LSB tags and overrides

Because of this whole package install failed and the usual

# apt-get -f install
supposed to fix mess with packages end up with same errors:

insserv: warning: script 'K02courier-imap' missing LSB tags and overrides insserv: warning: script 'iptables' missing LSB tags and overrides insserv: warning: script 'courier-imap' missing LSB tags and overrides insserv: There is a loop between service watchdog and iptables if stopped insserv: loop involving service iptables at depth 2 insserv: loop involving service watchdog at depth 1 insserv: Stopping iptables depends on watchdog and therefore on system facility `$all' which can not be true! insserv: exiting now without changing boot order! update-rc.d: error: insserv rejected the script header dpkg: error processing acct (--configure): subprocess installed post-installation script returned error exit status 1
The scripts in question iptables / courier-imap / K02courier-imap were custom created scripts by me earlier and I have completely forgot about it. In Debian 5 and earlier I used the same scripts to make system load custom services not installed through a standard Debian package. After a bit of research, I've noticed in newer Debian / Ubuntu release, new Commented tags are included in all Debian belonging packages init scripts. Thus the reason for failing package configuration, were my custom scripts were missing those tags. To get around the situation I had to open manually each of the scripts missing init script LSB tags i.e. ( iptables / courier-imap / K02courier-imap ) and add after
#! /bin/sh
shebang;

### BEGIN INIT INFO # Provides: skeleton # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Example initscript # Description: This file should be used to construct scripts to be # placed in /etc/init.d. ### END INIT INFO

Once those "boilerplate", skele comments are included to solve the mess I had to run again:

# apt-get -f install
This solves it. Enjoy

Share this on

Tags: configuration stage, courier imap, exit status, exiting, imap, imapd, installation script, iptables, Linux, overrides, script header, scripts, servers, ubuntu linux, Watchdog
Posted in Linux, System Administration | No Comments »

Install Sendmail mail server on Debian GNU / Linux

Sunday, March 31st, 2013

Installing sendmail on Debian Linux is something not so common these days. As sendmail has been overshadowed by his competitors Exim and Postfix. By default Debian Linux comes with Exim (light) installed as Exim is tiny and perfectly suitable for dealing with small and mid-sized SMTP needs. The reason why sendmail has been moved out by its competitors over the last 15 years is sendmail configuration is one big hell and besides that sendmail has been well known for its many security remote exploit holes – making it a famous target for crackers. Well anyways in some cases sendmail is necessary to install especially if you have a client which wants to have it set up. In this short article I will show how very basic sendmail installation on Debian host is done.

blackstar:~# apt-get install sendmail-bin sensible-mda

Reading package lists… Done
Building dependency tree
Reading state information… Done

The following extra packages will be installed:
sendmail-base sendmail-cf sensible-mda
Suggested packages:
sendmail-doc logcheck resolvconf sasl2-bin
The following packages will be REMOVED:
exim4 exim4-base exim4-config exim4-daemon-light sa-exim task-mail-server
The following NEW packages will be installed:
sendmail-base sendmail-bin sendmail-cf
0 upgraded, 3 newly installed, 6 to remove and 26 not upgraded.
Need to get 1,626 kB of archives.
After this operation, 592 kB disk space will be freed.
Do you want to continue [Y/n]? Y
Get:1 http://ftp.bg.debian.org/debian/ wheezy/main sendmail-base all 8.14.4-2.1 [362 kB]
Get:2 http://ftp.bg.debian.org/debian/ wheezy/main sendmail-cf all 8.14.4-2.1 [300 kB]
Get:3 http://ftp.bg.debian.org/debian/ wheezy/main sendmail-bin i386 8.14.4-2.1 [964 kB]
Fetched 1,626 kB in 0s (3,057 kB/s)
(Reading database … 199577 files and directories currently installed.)
Removing task-mail-server …
Selecting previously unselected package sendmail-base.
(Reading database … 199577 files and directories currently installed.)
Unpacking sendmail-base (from …/sendmail-base_8.14.4-2.1_all.deb) …
Selecting previously unselected package sendmail-cf.
Unpacking sendmail-cf (from …/sendmail-cf_8.14.4-2.1_all.deb) …
Processing triggers for man-db …
(Reading database … 199939 files and directories currently installed.)
Removing sa-exim …
[....] Reloading exim4 configuration files:invoke-rc.d: initscript exim4, action "reload" failed.
dpkg: exim4-config: dependency problems, but removing anyway as you requested:
exim4-base depends on exim4-config (>= 4.30) | exim4-config-2; however:
Package exim4-config is to be removed.
Package exim4-config-2 is not installed.
Package exim4-config which provides exim4-config-2 is to be removed.
exim4-base depends on exim4-config (>= 4.30) | exim4-config-2; however:
Package exim4-config is to be removed.
Package exim4-config-2 is not installed.
Package exim4-config which provides exim4-config-2 is to be removed.

Removing exim4-config …
dpkg: exim4-daemon-light: dependency problems, but removing anyway as you requested:
exim4 depends on exim4-daemon-light | exim4-daemon-heavy | exim4-daemon-custom; however:
Package exim4-daemon-light is to be removed.
Package exim4-daemon-heavy is not installed.
Package exim4-daemon-custom is not installed.
bsd-mailx depends on default-mta | mail-transport-agent; however:
Package default-mta is not installed.
Package exim4-daemon-light which provides default-mta is to be removed.
Package mail-transport-agent is not installed.
Package exim4-daemon-light which provides mail-transport-agent is to be removed.
bsd-mailx depends on default-mta | mail-transport-agent; however:
Package default-mta is not installed.
Package exim4-daemon-light which provides default-mta is to be removed.
Package mail-transport-agent is not installed.
Package exim4-daemon-light which provides mail-transport-agent is to be removed.

Removing exim4-daemon-light …
[ ok ] Stopping MTA:.
ALERT: exim paniclog /var/log/exim4/paniclog has non-zero size, mail system possibly broken
dpkg: exim4-base: dependency problems, but removing anyway as you requested:
exim4 depends on exim4-base (>= 4.80).

Removing exim4-base …
Processing triggers for man-db …
Selecting previously unselected package sendmail-bin.
(Reading database … 199786 files and directories currently installed.)
Unpacking sendmail-bin (from …/sendmail-bin_8.14.4-2.1_i386.deb) …
Processing triggers for man-db …
Setting up sendmail-base (8.14.4-2.1) …
adduser: Warning: The home directory `/var/lib/sendmail' does not belong to the user you are currently creating.
Setting up sendmail-cf (8.14.4-2.1) …
Setting up sendmail-bin (8.14.4-2.1) …
update-rc.d: warning: default stop runlevel arguments (0 1 6) do not match sendmail Default-Stop values (1)
update-alternatives: using /usr/lib/sm.bin/sendmail to provide /usr/sbin/sendmail-mta (sendmail-mta) in auto mode
update-alternatives: using /usr/lib/sm.bin/sendmail to provide /usr/sbin/sendmail-msp (sendmail-msp) in auto mode
update-alternatives: warning: not replacing /usr/share/man/man8/sendmail.8.gz with a link

You are doing a new install, or have erased /etc/mail/sendmail.mc.
If you've accidentaly erased /etc/mail/sendmail.mc, check /var/backups.

I am creating a safe, default sendmail.mc for you and you can
run sendmailconfig later if you need to change the defaults.

[ ok ] Stopping Mail Transport Agent (MTA): sendmail.
Updating sendmail environment …
Validating configuration.
Writing configuration to /etc/mail/sendmail.conf.
Writing /etc/cron.d/sendmail.
Could not open /etc/mail/databases(No such file or directory), creating it.
Could not open /etc/mail/sendmail.mc(No such file or directory)
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Writing configuration to /etc/mail/sendmail.conf.
Writing /etc/cron.d/sendmail.
Turning off Host Status collection
Could not open /etc/mail/databases(No such file or directory), creating it.
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Creating /etc/mail/databases…

Checking filesystem, this may take some time – it will not hang!
…   Done.

Checking for installed MDAs…
Adding link for newly extant program (mail.local)
Adding link for newly extant program (procmail)
sasl2-bin not installed, not configuring sendmail support.

To enable sendmail SASL2 support at a later date, invoke "/usr/share/sendmail/update_auth"

Creating/Updating SSL(for TLS) information
Creating /etc/mail/tls/starttls.m4…
Creating SSL certificates for sendmail.
Generating DSA parameters, 2048 bit long prime
This could take some time
…+………………..+.+..+..+++
..+.+………….+.++++++++++++++++++++++++++++++*
Generating RSA private key, 2048 bit long modulus
………………..+++
…………………+++
e is 65537 (0×10001)

*** *** *** WARNING *** WARNING *** WARNING *** WARNING *** *** ***

Everything you need to support STARTTLS (encrypted mail transmission
and user authentication via certificates) is installed and configured
but is *NOT* being used.

To enable sendmail to use STARTTLS, you need to:
1) Add this line to /etc/mail/sendmail.mc and optionally
   to /etc/mail/submit.mc:
include(`/etc/mail/tls/starttls.m4')dnl
2) Run sendmailconfig
3) Restart sendmail

Updating /etc/hosts.allow, adding "sendmail: all".

Please edit /etc/hosts.allow and check the rules location to
make sure your security measures have not been overridden -
it is common to move the sendmail:all line to the *end* of
the file, so your more selective rules take precedence.
Checking {sendmail,submit}.mc and related databases…
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Creating /etc/mail/databases…
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Creating /etc/mail/databases…
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Creating /etc/mail/Makefile…
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Writing configuration to /etc/mail/sendmail.conf.
Writing /etc/cron.d/sendmail.
Disabling HOST statistics file(/var/lib/sendmail/host_status).
Creating /etc/mail/sendmail.cf…
*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`always_add_domain')*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`allmasquerade')*** ERROR: FEATURE() should be before MAILER()

Creating /etc/mail/submit.cf…
Informational: confCR_FILE file empty: /etc/mail/relay-domains
Warning: confCT_FILE source file not found: /etc/mail/trusted-users
it was created
Informational: confCT_FILE file empty: /etc/mail/trusted-users
Warning: confCW_FILE source file not found: /etc/mail/local-host-names
it was created
Warning: access_db source file not found: /etc/mail/access
it was created
Updating /etc/mail/access…
Linking /etc/aliases to /etc/mail/aliases
Updating /etc/mail/aliases…

WARNING: local host name (blackstar) is not qualified; see cf/README: WHO AM I?
/etc/mail/aliases: 13 aliases, longest 10 bytes, 145 bytes total

Warning: 3 database(s) sources
    were not found, (but were created)
    please investigate.

Warning: These messages were issued while creating sendmail.cf
    make sure they are benign before starting sendmail!

Errors in generating sendmail.cf
*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`always_add_domain')*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`allmasquerade')*** ERROR: FEATURE() should be before MAILER()

[ ok ] Starting Mail Transport Agent (MTA): sendmail.
(Reading database … 199837 files and directories currently installed.)
Removing exim4 …

Right after packages gets installed it is good idea to get rid of any remains of previous exim SMTP install, run;

blackstar:~# dpkg --purge exim4 blackstar:~# dpkg --purge exim4-base blackstar:~# dpkg --purge exim4-config blackstar:~# dpkg --purge exim4-daemon-light blackstar:~# dpkg --purge sa-exim

blackstar:~# grep -i sendmail /etc/passwd smmta:x:121:128:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false smmsp:x:124:129:Mail Submission Program,,,:/var/lib/sendmail:/bin/false blackstar:~# grep -i -E "smmta|smmsp" /etc/passwd smmta:x:121:128:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false smmsp:x:124:129:Mail Submission Program,,,:/var/lib/sendmail:/bin/false
Sendmail install does create two new users smmta and smmsp in /etc/passwd and /etc/group

As you see from earlier apt-get output sendmail is provided on Debian via 4 packs:

root@blackstar:~# dpkg -l |grep -i sendmail ii libmail-sendmail-perl 0.79.16-1 all Send email from a perl script ii sendmail-base 8.14.4-2.1 all powerful, efficient, and scalable Mail Transport Agent ii sendmail-bin 8.14.4-2.1 i386 powerful, efficient, and scalable Mail Transport Agent ii sendmail-cf 8.14.4-2.1 all powerful, efficient, and scalable Mail Transport Agent

libmail-sendmail-perl installs a perl module (class) /usr/share/perl5/Mail/Sendmail.pm.

sendmail-bin contains main sendmail components binary files, cron bindings related to sendmail, some manual pages and creates structure necessary for sendmail to process email queue. sendmail-cf provides a multitude of sendmail configurations in macroses and few documentation files on the macros configuration. All sendmail configuration macros are stored in /usr/share/sendmail/* – there are pleny of .m4 configs so for people who never installed sendmail it is really confusing.

sendmail-base package contains some bindings on how to to log rotate sendmail log files, few more sendmail binaries who deal with sendmail architecture, few files whether sendmail is run via PPP or DHCP connection, some documentation and example files. Sendmail documentation is installed in /usr/share/doc/sendmail*, unfortunately documentation there is scarce so for extended documentation it is good to check Sendmail's Official site

To check if sendmail is running you should have it visible in the list of running processes;

root@blackstar:~# ps xa|grep sendmail|grep -v grep 468 ? Ss 0:00 sendmail: MTA: accepting connections

Further on it should be accepting connections on localhost / 25, i.e.

root@blackstar:~# telnet localhost 25 Trying ::1... Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 blackstar ESMTP Sendmail 8.14.4/8.14.4/Debian-2.1; Sat, 30 Mar 2013 19:09:47 +0200; (No UCE/UBE) logging access from: localhost(OK)-localhost [127.0.0.1] ^] telnet> quit

Sendmail's configuration is being generated using a macro file using a macro processor via m4 command. There are few files, used as a basis for generation the final m4 most important of course is /etc/mail/sendmail.mc and sendmail.cf - /etc/mail/sendmail.cf, sendmail.mc after processed with the mambo-jambo with m4 generates the complex and about 15 times larger by size sendmail.cf.
All configs related to generating files instructing how sendmail will operate are stored in /etc/mail;

blackstar:~# ls -1 access access.db address.resolve aliases aliases.db databases helpfile local-host-names m4 Makefile peers sasl sendmail.cf sendmail.cf.errors sendmail.conf sendmail.mc service.switch service.switch-nodns smrsh spamassassin submit.cf submit.mc tls
sendmail.cf.errors – contains errors during processing of macros config files.

root@blackstar:/etc/mail# cat sendmail.cf.errors *** ERROR: FEATURE() should be before MAILER() *** MAILER(`local') must appear after FEATURE(`always_add_domain')*** ERROR: FEATURE() should be before MAILER() *** MAILER(`local') must appear after FEATURE(`allmasquerade')*** ERROR: FEATURE() should be before MAILER()
This errors, are not fatal as sendmail.cf is there and sendmail is from now on ready to send mails via localhost.

To check if sendmail delivers mails onwards, use mail cmd;

hipo@blackstar:~$ mail -s "testing" test@pc-freak.net this is a simple test email Do you get it? . Cc:

To see all is fine with mail delivery check out /var/log/mail.log

blackstar:~# tail -f /var/log/mail/log Mar 30 21:23:05 blackstar sm-msp-queue[1495]: unable to qualify my own domain name (blackstar) -- using short name Mar 30 21:23:09 blackstar sm-mta[1499]: STARTTLS=client, relay=mail.pc-freak.net., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256 Mar 30 21:23:11 blackstar sm-mta[1524]: r2UJN8x2001524: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v4 Mar 30 21:23:13 blackstar sm-mta[1499]: r2UJKwqR001412: to=<hipo@pc-freak.net>, ctladdr=<root@blackstar> (0/0), delay=00:02:15, xdelay=00:00:10, mailer=esmtp, pri=210313, relay=mail.pc-freak.net. [83.228.93.76], dsn=2.0.0, stat=Sent (ok 1364671405 qp 7492) Mar 30 21:24:28 blackstar sendmail[1532]: My unqualified host name (blackstar) unknown; sleeping for retry Mar 30 21:27:16 blackstar sendmail[1633]: My unqualified host name (blackstar) unknown; sleeping for retry

As you see there is an error in mail.log

blackstar sendmail[1532]: My unqualified host name (blackstar) unknown; sleeping for retry

This is because blackstar is not assigned as a a host recognized to 127.0.0.1 in /etc/hosts. To solve it on my host I had to change /etc/hosts which looked like so:

blackstar:~# cat /etc/hosts 127.0.0.1 localhost 127.0.1.1 blackstar # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters

blackstar:~# vim /etc/hosts

127.0.0.1    localhost localhost.localdomain blackstar
127.0.1.1    blackstar

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Then restart sendmail to reread /etc/hosts

root@blackstar:/etc/mail# /etc/init.d/sendmail restart [ ok ] Restarting Mail Transport Agent (MTA): sendmail.

Share this on

Tags: crackers, debian gnu, dependency tree, disk space, exim, holes, Linux, logcheck, mail server, postfix, remote exploit, sendmail installation, smtp, state information, target
Posted in Sendmail, System Administration | No Comments »

May 2013
M	T	W	T	F	S	S
« Apr
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Posts Tagged ‘Linux’

What is Load Avarage ?

1. Installing rsnapshot with apt-get

2. Rsnapshot package content and Documentation

3. Configuring Rsnapshot – Setting Data Directories to Backup

4. Testing rsnapshot configuration and launching it first time

5. Enabling Rsnapshot to create backups via scheduled cron job

6. Checking backup size / backup difference and backup structure

7. Restoing files or directory from rsnapshot backup

8. Creating rsnapshot backups from remote server via SSH protocol

blackstar sendmail[1532]: My unqualified host name (blackstar) unknown; sleeping for retry

GET ARTICLE UPDATES

Daily Bible quote

Recent Posts

Useful blog? Help it:

Similar Posts

Categories

Links to Other Places

About Myself

Recent Comments

Ads

Top Post Views

blogtopsites