Posts Tagged ‘Debian’

How to install opennms in Debian

.

Hi again

For installing the opennms in your Debian Server you should add the opennms repository in your aptitude configuration file.

vim /etc/apt/source.list

add the following lines in to you file.

deb http://debian.opennms.org stable main
deb-src http://debian.opennms.org stable main

then update your aptitude.

aptitude update

and after that you should install the opennms

aptitude install opennms postgresql-client-8.3

after that you shoud set password for you postgresql .therefore first login as root. and then

# su postgres
# psql -d template1
template1=# ALTER USER postgres WITH PASSWORD ‘${POSTGRESQL_POSTGRES_PASSWORD}’;

now press exit to come back in to you root profiles.

after that you should configure your database information for the opennms database connection configuration.

vim /usr/share/opennms/etc/opennms-datasources.xml

now change the user and password in following lines.

<?xml version=”1.0″ encoding=”UTF-8″?>
<datasource-configuration xmlns:this=”http://xmlns.opennms.org/xsd/config/opennms-datasources”
xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”
xsi:schemaLocation=”http://xmlns.opennms.org/xsd/config/opennms-datasources
http://www.opennms.org/xsd/config/opennms-datasources.xsd “>
<jdbc-data-source name=”opennms”
database-name=”opennms”
class-name=”org.postgresql.Driver”
url=”jdbc:postgresql://localhost:5432/opennms”
user-name=”opennms”
password=”opennms” />

<jdbc-data-source name=”opennms-admin”
database-name=”template1″
class-name=”org.postgresql.Driver”
url=”jdbc:postgresql://localhost:5432/template1″
user-name=”postgres”
password=”yourpassword” />

</datasource-configuration>

now you can start the installation of the open/usr/share/opennms/bin/install -dis

/usr/share/opennms/bin/install -dis

Thats it. your opennms server now is intalled.

Note that during the installation of opennms will asks you to install the java. press yes to continue;

if you have any question do not hesitate to contact me. and I will appreciate you to send me by the mail :)

regards

references : http://www.foogazi.com/2008/03/23/quickzi-how-to-change-postgresql-root-password/

http://www.cs.umd.edu/faq/postgres.html

How to create a self-signed SSL Certificate

.
Hi again

For installing the apache with https support you should have a Certificate Authority Server to sign you. by using this you can publish your web content encrypted by RSA algorithm through the port 443. but many times the company prefer to publish its own certificate. (for instant the local companies with the privates accesses) therefore you should able to make a way to sign you SSL certificate by your own server.

Since my favorite Linux Distribution is Debian I will give you the the commands in that. However most of the distributions works in similar way.

First install the Openssl package in your server when you installing the apache with aptitude command.

Then Generate the Private key of your system

openssl genrsa -des3 -out server.key 1024

now you should generate your Certificate Signing Request (CSR) file by following command

openssl req -new -key server.key -out server.csr

by returning above command the console will asks you about the country , region , company name etc. but you can simply predefined these configurations in /etc/ssl/openssl.cnf file.

not its time to remove Passphrase from Key


cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

the next step is Generating a Self-Signed Certificate

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

now simply copy your files into the /etc/apache2/ssl directory. if not exist simply create ssl Directory in your apache root.

cp server.crt /etc/apache2/ssl/ssl.crt
cp server.key /etc/apache2/ssl/ssl.key

The final task you should do to obtain the apache server with https support is that tel the apache where is your Certificates. perhaps you should create a file in your apache site-available directory and change your port into 443. after that you should address the Certificate file in your virtual host configurations.

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key

thats it . just restart your server :) if you need any further assistance to run the apache with ssl support do not hesitate to contact me.

reference : http://www.tc.umn.edu/~brams006/selfsign_ubuntu.html

How to setup Linux Mail Server (Postfix + Dovecot + SASL + Spam Filtering)

.

Hi again.

Firstly i thank ray ban store , Robert Shumake and Mohsen Amiri for their reading and commenting my posts.

when i searching the internet i found that there is no complete reference for installing the mail server in linux. therefore i decided to add the blog entry to define the complete process of  installing the mail server with spam filtering.

note that all the actions i will talk are in Debian Linux Environment which is my favorite Linux distribution however all these action can be run in other distribution with a little changes. if you have problem with other distribution just let me know.

ok lets do it.

At first you should download the necessary packages:

now start installing MTA (Mail Transferring Agent)

aptitude install postfix postfix-tls libsasl2 sasl2-bin libsasl2-modules popa3d

after installing you should start configuring your postfix service therefore

vim /etc/postfix/main.cf

then add the following code to your configuration file.

myhostname = MailServer.mehdibehamin.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname  ## check that the name is correct
mydestination = mehdibehamin.com ## in order to receive username@mehdibehamin.com mails
relayhost =
mynetworks = 10.10.0.0/24 10.10.10.0/24 127.0.0.1/32 ## Note that you should insert the 127.0.0.1

#due to connection to clamav in future

mailbox_command = procmail -a “$EXTENSION”
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

and the start to configuring the other option may you need to set in your postfix service. (please override the above configuration if any exist in your file).  honestly we should check our postfix config file again in few next steps.

ok, after installing the postfix, you should install the IMAP/POP3 servers. its so easier than the postfix :) just run the following commands.

aptitude install dovecot-imapd dovecot-pop3d dovecot-common

after installing process would be finished. open the configuration file and start to uncomment some configuration option of the dovecote

vim /etc/dovecot/dovecot.conf

and uncomment the following option :

protocols = pop3 imap

disable_plaintext_auth = no
pop3_uidl_format = %08Xu%08Xv

(Hummm, you can find these option in vim environment by type “/$your search Criteria ‘ )

now you can start to add users. simply add user with command adduser $yourNewUser

then restart your postfix and dovecote services.

now its the turn of SASL. but let me to explain something. for the security reason the postfix use the chroot directory and if you want to address some files to the postfix (eg some other extra files), you should copy or link them to the root directory of the postfix. (mostly /var/spool/postfix).

ok back to our mail server isntalatin.

again you should edit the postfix main configuration file.

vim /etc/postfix/main.cf

and add the following options

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = yourdomain.com
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated, reject_unauth_destination ##
Note that this option should be optimized for spam filtering :)
smtpd_sasl_security_options = noanonymous

but for start using of the sasl ,still there is somthing to do.

you should remove the current sasl directory and link it to the postfix root folder.

rm -r /var/run/saslauthd/

mkdir -p /var/spool/postfix/var/run/saslauthd

ln -s /var/spool/postfix/var/run/saslauthd /var/run

chgrp sasl /var/spool/postfix/var/run/saslauthd

adduser postfix sasl

and then you should edit your dovecote configuration file again:( therefore again

vim /etc/dovecot/dovecot.conf

auth default {
mechanisms = plain login
passdb pam {
}
userdb passwd {
}
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}

}

}

ok almost done. now you have a mail server working on linux but there is very important **point.**

mail server works based on the MX (Mail Exchange) DNS records. so if you want to test you mail server, you should configure your DNS server. (i will let you know how to configure your dns in my next post)

OK, but there is something left. till now we install the mail server which is perfect for  clients. but if we want to connect your mail server to the internet there are many unauthorized users who use your mail server to send their spam or mails which cause many mail servers in internet block your mail server IP address. therefor we should configure mail server so that misuse are minimized.

in the postfix there are few configuration option which helps us to reduce the misusing of the unknown clients. there are some rules that the server should obey. for instance reject the unregistered IP address (mostly they are dynamic IPs which ISP leased to their clients eg).

iv made some configuration which you can add to your postfix configuration file.



default_destination_rate_delay = 10

default_destination_recipient_limit = 5

default_extra_recipient_limit = 50

smtpd_recipient_limit = 50

smtpd_helo_required = yes

disable_vrfy_command = yes

strict_rfc821_envelopes = yes

invalid_hostname_reject_code = 554

multi_recipient_bounce_reject_code = 554

non_fqdn_reject_code = 554

relay_domains_reject_code = 554

unknown_address_reject_code = 554

unknown_client_reject_code = 554

unknown_hostname_reject_code = 554

unknown_local_recipient_reject_code = 554

unknown_relay_recipient_reject_code = 554

unknown_sender_reject_code = 554

unknown_virtual_alias_reject_code = 554

unknown_virtual_mailbox_reject_code = 554

unverified_recipient_reject_code = 554

unverified_sender_reject_code = 554

disable_vrfy_command = yes

smtpd_delay_reject = yes

smtpd_helo_required = yes

smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit

smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client list.dsbl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org ,  reject_rbl_client dul.dnsbl.sorbs.net,  reject_rbl_client multi.uribl.com,  reject_rbl_client dsn.rfc-ignorant.org,  reject_rbl_client dul.dnsbl.sorbs.net,  reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net,  reject_rbl_client ix.dnsbl.manitu.net,  reject_rbl_client combined.rbl.msrbl.net,  reject_rbl_client rabl.nuclearelephant.com,  permit,  reject

### i changed the default values to my optimum way based on my network. you should do the same

smtpd_error_sleep_time = 1s

smtpd_soft_error_limit = 10

smtpd_hard_error_limit = 20

smtp_client_restrictions = permit_mynetworks,  permit_sasl_authenticated,  reject_maps_rbl, reject_unknown_client

(references :  http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-ubuntu-9.10-p3

http://www.cs.uu.nl/technical/services/email/spam-policy.html

http://www.ax11.de/howtos/postfix-antispam-howto.html#files

http://www.debianadmin.com/debian-mail-server-setup-with-postfix-dovecot-sasl-squirrel-mail.html )

thats it.  the above configuration will prevent many spams. but i recommend you to add an anti virus to your mail server.

Be patient, there is one step left and that is installing the anti spam .

apt-get install clamsmtp clamav-freshclam

Edit the  /etc/clamsmtpd.conf  file and change  
OutAddress: 10025 to OutAddress: 10026.
also change
Listen: 127.0.0.1:10026 to Listen: 127.0.0.1:10025

then edit the postfix main configuration file again
and add the following options :)  

vim  /etc/postfix/main.cf
content_filter = scan:127.0.0.1:10025
receive_override_options = no_address_mappings

also 

vim etc/postfix/master.cf
# AV scan filter (used by content_filter)
scan      unix  -       -       n       -       16      smtp

        -o smtp_send_xforward_command=yes

# For injecting mail back into postfix from the filter

127.0.0.1:10026 inet  n -       n       -       16      smtpd

        -o content_filter=

        -o receive_override_options= no_unknown_recipient_checks,
no_header_body_checks

        -o smtpd_helo_restrictions=

        -o smtpd_client_restrictions=

        -o smtpd_sender_restrictions=

        -o smtpd_recipient_restrictions=permit_mynetworks,reject

        -o mynetworks_style=host

        -o smtpd_authorized_xforward_hosts=127.0.0.0/8

(reference : http://www.debian-administration.org/articles/259 )

now restart your server and check for the errors and logs on
/var/log/mail.log or /vae/log/mail.err

now you can test your anti-virus by sending the mail with the
following content 

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

 :)  thats it.
it should be recognize the following command as virus.
it is not a real virus but a test string called the Eicar.

and finally you can update your antivirus engine manually by
entering freshclam command.
yeah thats it!!! you configure your mail server with spam filtering. 

Note: by the way dont forget to configure your sasld to start.
 vim /etc/default/saslauthd
and change START=no to START=yes.

there are many other option available but they are really should
be set based on your network conditioned.
therefore if you have any question dont hesitate to ask me later.

regards
aptitude install dovecot-imapd dovecot-pop3d dovecot-common

How to Install PPTP Client on Linux

.

Hi again

when you use the debian server probably you need to connect a vpn server and somehow route your packets through them. therefore i decided to let you know how you can connect to a vpn server in command line interface.

first you should install the pptp-linux package in your Debian.

aptitude install pptp-linux

then you can add your user account in the file /etc/ppp/chap-secret in the following style.

$Domain\\$yourusername PPTP $Yourpassword

(if you havent any domain. dont worry just write your username.)

now you configured you username nad password for your connection. but which connection ?!  you should now add or create a new vpn client connection for your server.

Therefore go to the /etc/ppp/peers/ and create a new file with name of your connection. for instance :

vim /etc/ppp/peers/myfirstvpnconnection

ok now in the editor environment try to add the following parameters which i will tell you why we use each one.

pty “pptp $YouIPAddressOfServer –nolaunchpppd”
name $YourUSername
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam vpn

now you should go to the /etc/ppp/options.pptp and then comment and uncomment some parameters

the following parameters should be comment are :

#refuse-pap
#refuse-eap
#refuse-chap
#refuse-mschap

then you should add the following parameter in the file.

require-mppe-128

thats  it. simply you create new vpn connection in your debian. but the main thing is about  starting  the connection.

First check you connection by the following command which enables you to see what exactly happen and ensure you the connection will be established or not.

pon $connectionname debug dump logfd 2 nodetach

ok if the connection is done and you give the IP from the server,just press ctrl+c to disconnecting the connection (poff $ConnectionName is also used) and add it this connection into you interface file in order to make it available whenever the Debian boot.

go into the /etc/network/interfaces and then add these following commands.

auto tunnel

iface tunnel inet ppp

provider $YouVPNCOnnectionNAme (Which your created in /etc/ppp/peers)


thats it. your connection will be start whenever your debian starts :)

Note: if you decided to ensure whenever your connection disconnected, your connection try to reconnect just you should add the persist in your connection file.

so just type

echo “persist” >> /etc/ppp/peers/$YourVPNfile


if you have any further question dont hesitate to contact me:)

regards



     Copyrighted Mehdi Behamin , All Rights Reserved
    
Blog has been visited 204238 times