Use Formail to split and send old mbox emails

By | All Linux HowTo's | No Comments

This article demonstrates how to process a single mbox file with multiple emails within it. We will split the file into individual emails and then send those emails to a specific email account.

First we split the mbox into individual files – one email per file:

cat /var/spool/mail/root | formail -ds sh -c 'cat > old_mail/msg.$FILENO'

Next we take each file and send that file (as the body of the new email) to a specific email account. In this case we’re sending to “old_mail@example.com”:

for var in `ls old_mail/msg.*`; do mail -s "Old email never delivered - ${var}" old_mail@example.com < $var; done

At this point you're complete. The emails have been split and send individually to a specific email account.

Varnish load balancer with failover on Redhat

By | All Linux HowTo's | No Comments

This article shows how to use a Varnish server on a CentOS/Redhat server to load balance and exclude faulty or overloaded backend servers.

varnish load balancer

Make sure that your Varnish server is able to listen on port 80. This may mean turning off your web server or using different ports.

Install Varnish on the Load balancer:

yum install varnish

Check your version. It can make a difference. We’re using version 2.1:

rpm -qa varnish

We get “varnish-2.1.5-5.el6.x86_64″.

Edit your “/etc/sysconfig/varnish” file to have it listen on port 80:

VARNISH_LISTEN_PORT=80

Make a backup of your “/etc/varnish/default.vcl” file.

cp /etc/varnish/default.vcl /etc/varnish/default.orig

Populate your “default.vcl” file with the following. Make sure to change the “.host =” values to the IP addresses of your backend web servers. Also make sure to change the matching domain name at the bottom to your frontend’s FQDN.

#Specify the first server backend.
backend Server1 {
  .host = "1.1.1.1";
  .probe = {
                .url = "/";
                .interval = 5s;
                .timeout = 1 s;
                .window = 5;
                .threshold = 3;
  }
}

#Specify the second server backend.
backend Server2 {
  .host = "2.2.2.2";
  .probe = {
                .url = "/";
                .interval = 5s;
                .timeout = 1 s;
                .window = 5;
                .threshold = 3;
  }
}

# Specify the servers to balance between. I call this group 'pool1'.
director Pool1 round-robin {
        {
                .backend = Server1;
        }
        {
                .backend = Server2;
        }
}

# The rule to use the 'pool1' director - the load balancer.
sub vcl_recv {
   if (req.http.host ~ "^www.example.com$") {
       set req.backend = Pool1;
   }
}

In my testing i did the following:

1. Started with both backend servers running and visited the "www.example.com" website with my browser. I got one of the backend servers. 
2. I turned the web server off on the first backend server and within a few seconds i was shown the second backend server web page. 
3. I turned on the web server on the second and turned off the first. I was shown the first backend server page. 

Play with the “probe” settings to get the tolerance levels you need:

                .url = "/";
                .interval = 5s;
                .timeout = 1 s;
                .window = 5;
                .threshold = 3;

Changes to the “/etc/varnish/default.vcl” and “/etc/sysconfig/varnish” require varnish to be restarted or reloaded. You should check your config file for syntax errors using:

varnishd -C -f /etc/varnish/default.vcl

It should give plenty of output suggesting it’s ok. If there are errors, it will be obvious. Restarting Varnish will “flush” the cache so do it sparingly.

Install vsFTP on CentOS/Redhat and enable TLS

By | All Linux HowTo's, Security HowTo's | No Comments

This tutorial demonstrates how to install vsftp on CentOS/Redhat and configure it to allow connections over TLS for additional security. We’ll also chroot the users to their own directory.

Install vsftp:

yum install vsftp

Edit the config file “/etc/vsftpd/vsftpd.conf” and set the following:

rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/vsftpd.pem
chroot_local_user=YES
anonymous_enable=NO
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

Create the certificates:

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem

If you’re using SELinux (you should be), enable home sharing via FTP:

setsebool -P ftp_home_dir 1

Finally we enable and restart vsftpd:

chkconfig vsftpd on
service vsftpd restart

Make sure to permit port 21 through your firewall(s).

Another good tutorial on this is: https://www.digitalocean.com/community/tutorials/how-to-configure-vsftpd-to-use-ssl-tls-on-a-centos-vps

Detect newly added disks. Linux on VMWare.

By | All Linux HowTo's | No Comments

This one liner shows how to get Linux (CentOS in this case) to detect a newly added disk on a VMWare host. This was found on “http://wingloon.com/2013/05/07/how-to-detect-a-new-hard-disk-without-rebooting-vmware-linux-guest/”.

ls /sys/class/scsi_host/ | while read host ; do echo "- - -" > /sys/class/scsi_host/$host/scan ; done

There you have it.

Install and Configure Tripwire on CentOS/Redhat

By | All Linux HowTo's, Security HowTo's | No Comments

This article demonstrates how to install Tripwire on CentOS and Redhat.

yum -y install tripwire

The have a look at “/etc/tripwire/twcfg.txt” and “/etc/tripwire/twpol.txt”. Nothing needs changing unless you need to. I’d suggest adding “emailto=me@example.com” to “/etc/tripwire/twpol.txt” to have reports emailed to you.

Run the following:

tripwire-setup-keyfiles

The above requires you to enter a new passphrase. It will ask for it several times.

Finally you should initialise the database:

tripwire --init

Issue the command “/usr/sbin/tripwire –check” to check the system for changes. Or add the following to “crontab -e”:

# Midnight every night
0 0 * * * /usr/sbin/tripwire  --check --email-report

And you should be fine now.

Schedule jobs with the AT command

By | All Linux HowTo's | No Comments

You can schedule commands to run at a later time by using the ‘at’ command. Why use ‘at’ when you can use ‘cron’? Because ‘at’ is good for tasks that only need to run once.

To set a task (to email a log file at a later time) to run in one hour from now:

at now + 1 hour (Enter)
mail me@agix.com.au < /var/log/messages (Enter)
(Control+D)

To see your queued tasks:

atq

You will get output like this:

333	2015-03-12 14:27 a root

In the above you can see there is one task labeled '333'. You can see the command set by issuing the command:

at -c 333

The above command will output plenty of details. The part you want is the second to last line.

You can remove a tasks by issuing the following:

atrm 333

Install a Gnome Desktop on CentOS or Redhat

By | All Linux HowTo's | No Comments

This article explains how to install a GUI desktop (Gnome) on a Redhat or CentOS system and have the system boot to that GUI on startup.

yum -y groupinstall "Desktop" "Desktop Platform" "X Window System" "Fonts"

To have Gnome start on boot, you will need to edit the file “/etc/inittab” and replace the following:

id:3:initdefault:

With this:

id:5:initdefault:

You can change to the GUI without rebooting by entering the following:

init 5

Upgrade to php-5.5 on CentOS/Redhat

By | All Linux HowTo's | No Comments

This article demonstrates how to upgrade from php-5.3 to php-5.5 on CentOS or Redhat.

rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm

Now run the yum command to see a list of php-5.5 options:

yum list php55w*

Run the upgrade using the following commands:

yum install yum-plugin-replace
yum replace php-common --replace-with=php55w-common

You will receive a warning message. Saying YES has never caused me an issue. You will get the opportunity to see what will be removed and what will be installed after choosing YES.

At this point you should be able to run the following command to verify the upgrade. Note the version number:

php -v

cPanel overwriting my pg_hba.conf file

By | All Linux HowTo's | No Comments

This article describes and solves (work-around) a problems with PostgreSQL and cPanel. The issue is that cPanel modifies the file “/var/lib/pgsql/9.4/data/pg_hba.conf” setting it back to a default state.

This article has more information: http://www.davidghedini.com/pg/entry/installing_postgresql_9_on_cpanel

By setting that file to your liking such as the following:

local all  all        md5
host samerole all  127.0.0.200   255.255.255.255   pam  pamservice=postgresql_cpses
host all all  127.0.0.1   255.255.255.255   md5
local all postgres        md5
host all postgres  127.0.0.1   255.255.255.255   md5

And setting it’s permissions to read-only:

chattr -ia /var/lib/pgsql/9.4/data/pg_hba.conf

If you need to make future changes to the above file, first reset it’s permissions using the following:

chattr +ia /var/lib/pgsql/9.4/data/pg_hba.conf

You should be able to move on without cPanel tripping you over in future.

You’ll need to restart PostgreSQL:

/etc/init.d/postgresql-9.4 status
/etc/init.d/postgresql-9.4 restart

Contact AGIX Support

Level 2, 170 Greenhill Road
Parkside 5063 South Australia
Phone: (08) 7324 4429
or 0422 927 598
support@agix.com.au