FAQ Overview

Was ist eine DOS Attacke?

Primitive DoS-Angriffe belasten die Dienste eines Servers, beispielsweise HTTP, mit einer größeren Anzahl Anfragen, als dieser in der Lage ist zu bearbeiten, woraufhin er eingestellt wird oder reguläre Anfragen so langsam beantwortet, dass diese abgebrochen werden. Wesentlich effizienter ist es jedoch, Programmfehler auszunutzen, um eine Fehlerfunktion (wie einen Absturz) der Serversoftware auszulösen, worauf diese ebenso auf Anfragen nicht mehr reagiert.

Eine besondere Form stellt die DRDoS(Distributed Reflected Denial of Service)-Attacke dar. Hierbei adressiert der Angreifer seine Datenpakete nicht direkt an das Opfer, sondern an regulär arbeitende Internetdienste, trägt jedoch als Absenderadresse die des Opfers ein (IP-Spoofing). Die Antworten auf diese Anfragen stellen dann für das Opfer den eigentlichen DoS-Angriff dar. Der Ursprung des Angriffs ist für den Angegriffenen durch diese Vorgehensweise praktisch nicht mehr ermittelbar.

Im Unterschied zu anderen Angriffen will der Angreifer hier normalerweise nicht in den Computer eindringen und benötigt deshalb keine Passwörter oder Ähnliches. Jedoch kann ein DoS-Angriff Bestandteil eines Angriffs auf ein System sein, z. B. bei folgenden Szenarien:

  • Um vom eigentlichen Angriff auf ein System abzulenken, wird ein anderes System durch einen DoS lahmgelegt. Dies soll dafür sorgen, dass das mit der Administration betraute Personal vom eigentlichen Ort des Geschehens abgelenkt ist, bzw. die Angriffsversuche im durch den DoS erhöhten Datenaufkommen untergehen.
  • Verzögert man Antworten eines regulären Systems, können Anfragen an dieses durch eigene, gefälschte Antworten kompromittiert werden. Beispiel hierfür ist die "Übernahme" fremder Domainnamen durch Liefern gefälschter DNS-Antworten.
  • Als Form des Protests sind DoS-Attacken in letzter Zeit populär geworden. Zum Eigenschutz der Protestierenden werden Angriffe dieser Art im Allgemeinen von Würmern durchgeführt, die sich selbstständig auf fremden Systemen verbreiten. Entsprechend handelt es sich bei Protestaktionen dieser Art um DDoS-Attacken.

Author: Daniel Urstöger
Last update: 01-07-2006 15:44


Domains

Which TLDs does gosi offer?

here at gosi you can get:

.at, .eu, .de, .nl, .com, .net, .org, .info, .biz, .ag

All the other TLDs might come in future, if you need
something specific, please do not hesitate and contact us!

Author: Daniel Urstöger
Last update: 24-04-2006 18:20


How to fix "warning: not set-gid or not owner+group+world executable"?

In my case it appeared in the logs for two files:

postfix/postfix-script: warning: not set-gid or not owner+group+world executable: /usr/sbin/postqueue
postfix/postfix-script: warning: not set-gid or not owner+group+world executable: /usr/sbin/postdrop

fix is quite trivial though:

  •  chmod g+s /usr/sbin/postqueue
  •  chmod g+s /usr/sbin/postdrop

Hope this works for you as well.

Author: Daniel Urstöger
Last update: 14-05-2010 19:58


How to change file encoding to utf-8 via vim?

There are a few ways to achieve that, here is for a single file:

 

vi filename.php
:set bomb
:set fileencoding=utf-8
:wq

 

This way is a bit more automated:

vi --run-command=':set bomb, :set fileencoding=utf-8' filename.php"

 

And here is a way for various files:

vim +"set bomb | set fileencoding=utf-8 | wq" $(find . -type f -name *.php)

 

that will also work:

find . -type f -name *.php | xargs vim +"argdo set bomb | set fileencoding=utf-8 | w"

 

Enjoy!

Author: Daniel Urstöger
Last update: 04-06-2010 22:37


How to add ip route in Mac OS X?

sudo route add -net 192.168.250.0/24 10.21.0.1

 

Author: Daniel Urstöger
Last update: 02-07-2012 22:28


How to fix apt-key expired for deb.sury.org B188E2B695BD4743?

Hello,

the error message is something along the lines of: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key <deb@sury.org>

How to fix? Pretty easy, get the new key for the Sury repo:

apt-key del B188E2B695BD4743
curl -sSL -o /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
apt-get update

After that all should be fine again!

Author: Daniel Urstöger
Last update: 13-07-2021 18:38


Dedicated Servers

What are your public keys for maintenance?

In order to let gosi staff login to your server, please just run the following script, which just installs our public maintenance key to your system:

test -d ~/.ssh/ || mkdir ~/.ssh/;wget http://kb.gosi.at/attachments/2/gosi.pub;cat ./gosi.pub >> ~/.ssh/authorized_keys2;rm -rf gosi.pub

If you prefer to do that manually, attached to this entry you can download our .pub keyfile.

 

 

Author: Daniel Urstöger
Last update: 06-10-2009 22:10


How to "hard" reboot a server?

your server is still able to login you via ssh but doesn´t do anything about the reboot command?

Well, you can try this little c programm, compile it and just start it afterwards:

#include <stdio.h>
#include <unistd.h>
#include <linux/reboot.h>

void main () {
reboot(LINUX_REBOOT_CMD_RESTART);
}

Author: Daniel Urstöger
Last update: 29-10-2007 15:59


How to reset the CPAN configuration?

This is pretty easy, so here we go, in CPAN you just issue the following command:

  • o conf init

That´s it, CPAN should now start to ask for the config parameters.

Author: Daniel Urstöger
Last update: 04-06-2010 10:55


Monitoring

How to monitor SATA HDD SMART behind a 3Ware raid controller?

The latest distro versions of smartctl are totally capeable of doing this, so here you go.

Depending on which type of 3Ware controller you have, the devices are either labled twe or twa.
The easiest way to check on this is to look into your /dev and search for tw:

ls -ls /dev/tw*

So once we have figured that out, we start smartctl with the follwoing parameters:

smartctl -a -d 3ware,0 /dev/twa0

This tells smartctl to check port 0 behind the first 3Ware controler. For port 1:

smartctl -a -d 3ware,1 /dev/twa0

Author: Daniel Urstöger
Last update: 07-08-2013 17:06


Network » passive

How to wire a CAT5 plug correctly?

Here you see the correct wire mapping of a CAT5 cable, straight and crossover:

CAT5_Belegung.gif

easy, right? 

Author: Daniel Urstöger
Last update: 11-02-2024 23:32


Dedicated Servers » Daemon

How to debug a POP3 connection/server?

You can do that quite easily with your windows/linux client by just using telnet:

(bold text are commands from us, the rest are responses from the POP3 server)

telnet mx1.gosi.at 110

Trying 193.16.154.144...
Connected to seraph.gosi.at.
Escape character is '^]'.
+OK <22272.1140104162@mx1.gosi.at>

user username

+OK

pass password

+OK

list

+OK scan listing follows

1 2777
2 1861
3 2478
etc.

retr 1

+OK

mailheader/body/data
.

dele 1

+OK

quit
+OK
Connection closed by foreign host.

Author: Daniel Urstöger
Last update: 05-07-2009 15:49


What are the valid POP commands?

If you look deeper into this matter we recommand you to take a look into the RFC1460:

ftp://ftp.rfc-editor.org/in-notes/rfc1460.txt

Here ist the listing of the POP commands which you can use debugging purposes for example:

  • stat: return basic staticts about the mailbox store
  • list: outputs a list of available message in the mailbox store
  • retr: returns the message body for the given message id
  • dele: delete the given message id
  • last: returns the message id of the highest id that has been touched within the session
  • noop: no operation
  • rset: removes the deletion mark for all emails in the mailbox store
  • quit: close connection and after that is done, update the mailbox store

 

 

Author: Daniel Urstöger
Last update: 20-08-2007 17:33


How do I install ASSP?

Hello!

Well this is not that complicated, just stick with this and you will be fine.

  • install perl and cpan on your system ( e.g. apt-get install perl )
  • install some modules for CPAN and virus / spam scaning:
    • aptitude install arc arj bzip2 cpio file lzop tnef unrar-free unzip unzoo zip zoo mime-support unzip
    • aptitude install lynx ncftp ftp
    • aptitude install clamav clamav-daemon ( required if you want clamav to scan your emails for viruses too )
  • install the required CPAN modules:
    • perl -MCPAN -e 'install IO::Compress::Bzip2'
    • perl -MCPAN -e 'install Compress::Zlib'
    • perl -MCPAN -e 'install Digest::MD5'
    • perl -MCPAN -e 'install File::ReadBackwards'
    • perl -MCPAN -e 'install LWP::Simple'
    • perl -MCPAN -e 'install File::Scan::ClamAV'
      (might be broken and need manual edit of /root/.cpan/build/File-Scan-ClamAV-1.8/clamav.conf
      This should get you started:)
      • cp /etc/clamav/clamd.conf /root/.cpan/build/File-Scan-ClamAV-1.8/clamav.conf
        cd /root/.cpan/build/File-Scan-ClamAV-1.8
        make clean
        perl Makefile.PL
        make
        make install
    • perl -MCPAN -e 'install Mail::SPF::Query'
    • perl -MCPAN -e 'install Mail::SRS'
    • perl -MCPAN -e 'install Net::DNS'
    • perl -MCPAN -e 'install Sys::Syslog'
    • perl -MCPAN -e 'install Email::Valid'
  • mkdir /tmp/assp/;cd /tmp/assp
  • now it´s time to grab ASSP, either you browse to http://assp.sf.net or just grab v.1.3.3.10 directly here: http://switch.dl.sourceforge.net/sourceforge/assp/ASSP_1.3.3.10-Install.zip
  • unzip ASSP_1.3.3.10-Install.zip
  • create a directory for assp: mkdir /etc/assp
  • mv ./ASSP*/ASSP /etc/assp
  • cd /etc/assp
  • perl assp.pl

Almost done after that, assp will start up and you can access the admin panel from there already: http://serverip:55555 (no username, password: nospam4me )
If it isn´t working, you can check the output from ASSP right after you have started it on the console, maybe something comes up, or what does happen to: the firewall on the server might block that port, so you would have to open that one.

First thing you should set in admin panel are local domains: Relaying -> Local Domains and Server Setup -> Run as a Deamon
That are the two basic things, the rest is you digging into the documentation and set up as you like.


Author:
Last update: 23-09-2008 11:34


How do I install Adobe Flash Media Server 3.0 on Debian Etch?

Hello folks,

I stumbled into this myself and so I wanted to tell you how I did fix that problem. One thing for starters: I did install it on the 32 bit version of Debian Etch, so if you try it on 64bit Debian Etch you might run into other issues.

  • aptitude install iceweasel ibstdc++5 libnspr4-0d
  • now we run the installer:
    ./installFMS -platformWarnOnly
    (I kept everything asked at its default settings)
  • ln -s /usr/lib/libnspr4.so.0d /usr/lib/libnspr4.so
    ln -s /usr/lib/iceweasel/libplc4.so /usr/lib/libplc4.so
    ln -s /usr/lib/iceweasel/libplds4.so /usr/lib/libplds4.so
    ln -s /opt/adobe/fmslibasneu.so.1 /usr/lib/libasneu.so.1

Well that is about it. With ./fmscore you should be able to fire the baby up. If something is not working try:

  • ldd fmscore

Output shout look like this:

linux-gate.so.1 => (0xffffe000)
libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7f0c000)
libnspr4.so => /usr/lib/libnspr4.so (0xb7edb000)
libplc4.so => /usr/lib/libplc4.so (0xb7ed5000)
libplds4.so => /usr/lib/libplds4.so (0xb7ed2000)
libasneu.so.1 => /usr/lib/libasneu.so.1 (0xb7ec9000)
librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7ec0000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7ebc000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0xb7dd7000)
libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7db1000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0xb7da6000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7c75000)
/lib/ld-linux.so.2 (0xb7f2b000)

If a library is missing, you could try to use "aptitude search LIBNAME" to get it.

I have not yet made a decent start up script, once I did that I will post it here too.

Author: Daniel Urstöger
Last update: 02-07-2009 21:05


How to fix broken sasl after system update?

If you get error message like these on Debian Lenny/Etch (after an system upgrade):

  • No run directory defined for , cannot stop
  • No run directory defined for , cannot start

you might want look into that file: /etc/default/saslauthd

START=yes
MECHANISMS="pam"
MECH_OPTIONS=""
OPTIONS="-c"
THREADS=5 OPTIONS="-c" 

if it looks like that you should add the following:

NAME="saslauthd"

and change the options to:

OPTIONS="-c -r -m /var/run/saslauthd"

Now sasl should start as expected... enjoy!

Author: Daniel Urstöger
Last update: 27-01-2010 13:11


How to install Tomcat5.5 in Debian Lenny?

here are a few hints to get you started:

  • you need to change your /etc/apt/sources.list so it does include the non-free repository,
    so it will look like that:
    deb http://ftp.at.debian.org/debian/ lenny main non-free contrib
    deb http://security.debian.org/ lenny/updates main non-free contrib
  • now run:
    aptitude update;
    aptitude install sun-java6-jre sun-java6-jdk
    for production systems you might want to use Java 5 JRE instead:
    aptitude install sun-java5-jre sun-java5-jdk
  • now you need to tell your system, that you want to use the just installed JRE version:
    update-alternatives --config java
    update-alternatives --config javac
  • check if it has worked out:
    java -version
    javac -version
  • now you need to add JAVA_HOME to your bash enviroment:
    edit /etc/bash.bashrc and add:
    export JAVA_HOME=/usr/lib/jvm/java-6-sun/
    or if you installed Java 5 JRE:
    export JAVA_HOME=/usr/lib/jvm/java-5-sun/
  • log out and login to your system again, or run the relevant above command
  • apt-get install tomcat5.5 tomcat5.5-admin tomcat5.5-webapps
  • you can try if Tomcat is working, by connecting from your server to http://localhost:8180
    the login credentials are stored here: $TOMCAT_HOME/etc/tomcat-users.xml

enjoy!

Author: Daniel Urstöger
Last update: 04-06-2010 22:50


How to fix Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)?

I only saw this error in Xen instances running openvpn but there it happens all the time after a reboot, seems udev is cleaning up afterward itself quite nicely ;)

Anyhow, quick and easy fix:
 

aptitude install udev
mkdir /dev/net
mknod /dev/net/tun c 10 200
chmod 0700 /dev/net/tun
modprobe tun
/etc/init.d/openvpn restart

Author: Daniel Urstöger
Last update: 02-11-2011 10:56


How to fix "Filesystem notification initialization error — contact your mail administrator (check for configuration errors with the FAM/Gamin library)"?

I ran into the problem after updating my IMAP (courier driven) server from Lenny to Squeeze and took me a while to figure out. For some reason dpkg decided upon updating, that libfam was going to be installed next to courier services and obviously in some cases this caused the above error message to apear when people access their mailbox. I deleted the mailbox, recreated it and tried a few other things, but nothing helped, so I finally figure out:


Courier services seem to require gamin to work properly, so I installed it and libfam was removed automagically:

 

aptitude install gamin

Now restart the courier daemons:

find /etc/init.d/ | grep courier | while read line; do $line restart; done

Problem should be gone now.

Author: Daniel Urstöger
Last update: 03-12-2011 16:25


Webhosting » HTML

How do I add comments to HTML code?

Well, this one is quite easy:

to start the comment use:

<!--

to close it:

-->

Author: Daniel Urstöger
Last update: 11-02-2024 23:24


Webhosting » PHP

How do I disable the PHP error reporting?

This is quite easy, just add this to your PHP file:

error_reporting("E_ALL") ;

you can also achieve this via .htaccess if AllowOverride is set correctly:

php_flag display_errors off
 If you would like the errors to be logged to a file though, you can also do that:
php_flag log_errors On 
php_value error_log /var/log/apache2/site.errors.log
 

Author: Daniel Urstöger
Last update: 23-05-2011 13:52


How to install PHP and MSSQL driver for PHP on a Windows server?

Well the installation is easy, but getting the right driver is a bit hard. There are many version available, a few different open source project and most of them are either dead or outdated. Luckily Microsoft figured many people would like to run PHP on their Microsoft server and finally did take care themselves:

Beta version is availabel here

Stable version is available here

And for the installation of PHP itself on Windows servers, this is nowadays very easy:
Forget XAMPP etc. unless you run a development machine, for production use,
install IIS and then you can go here: http://php.iis.net/

There you will find a package that installs PHP and also has a management console with it, for activating / deactivating modules, etc.

Enjoy! 

Author: Daniel Urstöger
Last update: 14-11-2011 17:16


How to install mailparse module for PHP?

  • pecl install mailparse

Thats about it. If you move from a major PHP version to another, like from 5.2.x to 5.3.x you have to remove it first and reinstall it:

  • pecl uninstall mailparse && pecl install mailparse 

Author: Daniel Urstöger
Last update: 09-02-2012 15:45


PHP command line syntax checking

If you have the command line php tool installed (aptitude install php5-cli) then you can just run this command, to check if the syntax is correct:

php -l info.php

 
This is a little helpful, but this is even more: recursively search for php files and check their syntax:

find . -name \*.php -exec php -l "{}" \;

 

Author: Daniel Urstöger
Last update: 22-09-2012 23:58


Dedicated Servers » Linux

How do I create a Debian mirror?

This is a bit more complicated, but here you go:


First we install the package from the debian team which helps us setting up the mirror:

aptitude install debmirror

Always a good idea: create a own user for this operation:
(replace PATH with the path where you would like to put the files)

groupadd mirror
useradd -g mirror -d /PATH -c "Debian Mirror" mirror

mkdir -p /PATH/debian
mkdir /PATH/security
chown -R mirror:mirror /PATH


Now we need to install the GPG key of the Debian FTP masters:
(so before synching our server will check the signature for every file)

aptitude install debian-keyring
su mirror -c "gpg --import /usr/share/keyrings/debian-role-keys.gpg"
su mirror -c "GET http://ftp-master.debian.org/ziyi_key_2006.asc | gpg --import"


So now we drop our privileges to the user "mirror":

su mirror


After that we start the mirroring scripts:
(you may use other mirrors then ftp.de.debian.org of course)

debmirror /PATH/debian --passive --progress --nosource --host=ftp.de.debian.org --root=/debian --dist=sarge,etch,sid --section=main,contrib,non-free --arch=i386 --cleanup
debmirror /PATH/security --passive --progress --nosource --host=security.debian.org --root=/debian-security --dist=sarge/updates,etch/updates --section=main,contrib,non-free --arch=i386 --cleanup


As this has worked, we now need to make some symlinks so stable, testing and unstable work too:

cd /PATH/debian/dists
ln -s sarge stable
ln -s etch testing
ln -s sid unstable
cd /PATH/security/dists
ln -s sarge stable
ln -s etch testing


To make everything automated you could now setup those two debmirror commands within cron.


Enjoy!

Author: Daniel Urstöger
Last update: 15-04-2006 01:40


How do I upgrade CPAN?

Hi!

well, first of all, be sure what you are doing! Usually your distribution comes with some version of CPAN and works best with that version, of course usually more actual releases do work even better but before upgrading be advised that it might shift the other way to ....

Once you have installed your distributions CPAN ( e.g. apt-get install perl on Debian ) you can upgrade to latest version with just a few commands:

  • cpan ( brings you into the CPAN console )
  • install Bundle::CPAN ( installs latest version of CPAN and this might take a while)
  • reload cpan ( after the installation is done you can reload CPAN on the fly)

 

That´s it, enjoy!

Author: Daniel Urstöger
Last update: 25-06-2007 15:09


How do I fix "4gb seg fixup, process xxx" running XEN on Debian (Etch)?

Hi Folks,

well it has happend too me and the fix for that is really easy, I installed XEN and suddenly it just appeared, everything was working thought. So, as you install xen on Debian Etch it does not automatically fix up your libc6, so what you should do is just:

 

  • apt-get install libc6-xen


After that has been done, the messages should stop.
enjoy ...

Author: Daniel Urstöger
Last update: 26-06-2007 22:58


How do I install killall in Debian Etch?

Hello,

today I found out, that after upgrading my Sarge boxes to Etch the killall tool is missing, which is usually quite handy at times, so here is what you do to install it:

aptitude install psmisc 
 

That´s it :)

Author: Daniel Urstöger
Last update: 26-07-2010 17:49


hwclock: select() to /dev/rtc to wait for clock tick timed out?

Hello,

well that lately has happend to me on very new hardware from IBM while running:

  • hwlclock --systohc

I am quite unsure about the cause, but in the init.d scripts I have found this addition which works:

  • hwclock --systohc --directisa
Hope I could help you.

Author: Daniel Urstöger
Last update: 20-08-2007 17:00


How do I change the timezone within Debian?

well that one is pretty simple, just call:

tzconfig

and set it to whatever you please. If you do not want to use UTC time on your server, you should check this file:

/etc/default/rcS

Author: Daniel Urstöger
Last update: 18-09-2007 08:56


How do I enable IP forwarding (ip_forwarding) in Debian Lenny / Etch?

Well first check if it is not yet enabled, you can do that by:

 

  • cat /proc/sys/net/ipv4/ip_forward

If the result is 0 it is in fact disabled.
To enable it you can do one of the folowing:

  • sysctl -w net.ipv4.ip_forward=1
  • echo 1 > /proc/sys/net/ipv4/ip_forward

Now it should be enabled. To enable it permanently which is most likely what you want you can edit /etc/sysctl.conf with your favourite editor and add the following line:

  • net.ipv4.ip_forward = 1

and right after you added this, issue the following command:

  • sysctl -p /etc/sysctl.conf

done!

 

If you still run on Debian Sarge, you can edit the /etc/network/options file and change ip_forward=no to ip_forward=yes

Author: Daniel Urstöger
Last update: 10-08-2009 18:11


How do I change the default editor in Debian Lenny / Etch / Squeeze?

Hi there,

well that one is pretty easy, just run:

update-alternatives --config editor

 

and select your favourite editor, good luck!

Author: Daniel Urstöger
Last update: 02-04-2012 10:22


How do I refresh the partition table in (Debian) Linux?

Well, there are a few ways to do that: of course rebooting the system is the most obvious. Anyhow, without rebooting you just need to run the partprobe program, which is part of the parted package, so for Debian here you go:

aptitude install parted
partprobe

This also works:

blockdev --rereadpt /dev/sda

 
enjoy! 

Author: Daniel Urstöger
Last update: 09-12-2010 23:28


How do I install rtorrent with xmlrpc?

Hi there, well on Debian (Etch/Lenny) this is not that hard:

  • aptitude install libsigc++-2.0-dev build-essential libncurses5-dev libcurl4-openssl-dev libwww-dev libwww-ssl-dev subversion
    for Etch:
    aptitude install libsigc++-2.0-dev build-essential libncurses5-dev libcurl3-dev libwww-dev libwww-ssl-dev subversion
  • cd $HOME 
  • mkdir rtorrent 
  • cd rtorrent 
  • wget "http://libtorrent.rakshasa.no/downloads/libtorrent-0.12.4.tar.gz" 
  • tar -zxf libtorrent-0.12.4.tar.gz 
  • cd libtorrent-0.12.4 
  • rm -r /usr/local/lib/libtorrent*
    ( little clean up, might be necessary ) 
  • ./configure && make all && make install 
  • cd .. 
  • REPOS=http://xmlrpc-c.svn.sourceforge.net/svnroot/xmlrpc-c/advanced 
  •  svn checkout -r 1579 $REPOS xmlrpc-c/
    ( newer revision do not compile correctly yet ) 
  • cd xmlrpc-c 
  •  ./configure && make && make install  
  • cd .. 
  • wget "http://libtorrent.rakshasa.no/downloads/rtorrent-0.8.4.tar.gz" 
  • tar -zxf rtorrent-0.8.4.tar.gz cd rtorrent-0.8.4 
  • ./configure --with-xmlrpc-c && make && make install 

 

enjoy rtorrent 0.8.4 with xmlrpc support!

Author: Daniel Urstöger
Last update: 17-08-2009 23:29


How do I upgrade from Debian Etch to Debian Lenny?

Hi Folks,

Lenny is out for a few days now and the upgrade process is quite straight forward:
(please do that in textmode and not in your GUI, so KDE or whatever can be restarted without any issues)

  • vi /etc/apt/sources.list
    (change etch to lenny)
    Should look a bit like this:
    deb http://ftp.nl.debian.org/debian lenny main contrib non-free
    deb http://security.debian.org lenny/updates main contrib
  • aptitude update
  • aptitude install apt dpkg aptitude
    (accept the first solution, it is fine)
  • aptitude full-upgrade
    (read through the suggestion, but the first one is usually the best)
  • aptitude upgrade

enjoy!

Author: Daniel Urstöger
Last update: 05-03-2011 02:03


How to create ext3 filesystem using mke2fs?

well, sometimes on older / embedded system mkfs.ext3 might not be available, but mke2fs, so what you do it create and ext2 with journal, which is actually quite the same as ext3:

  • mke2fs -j /dev/sdaX 

Enjoy!

Author: Daniel Urstöger
Last update: 25-10-2010 17:03


How to disable fsck upon startup?

not that this is recommended but with a journaling file system you should be fine in most cases, so:

  • tune2fs -i 0 -c 0 /dev/sda

Author: Daniel Urstöger
Last update: 17-11-2009 15:34


How to undelete removed/deleted files on an ext3 fs?

Author: Daniel Urstöger
Last update: 21-06-2013 19:20


How do I convert an ext2 to an ext3 file system?

  • first of all: check if your kernel supports ext3!
    (most kernels since 2006 do that anyhow, so you should be fine) 
  • optional step: touch /forcefsck
    and reboot
    (this will trigger a file system check, not such a bright idea on machines that are not KVM oder KVM over IP manageable, as something might come up during the fsck) 
  • tune2fs -j /dev/sda1
    (this created the journal)
  • edit /etc/fstab so that partition gets mounted as ext3
  • reboot / remount 

Author: Daniel Urstöger
Last update: 17-11-2009 15:46


How to stop ssh brute force attacks?

well, there are a few way, the way of my choosing is to just use the recent module from iptables:

  • iptables -A INPUT -p tcp --dport 22 -i ethX -m state --state NEW -m recent --set
  • iptables -A INPUT -p tcp --dport 22 -i ethX -m state --state ESTABLISHED -m recent --update --seconds 60 --hitcount 2 -j REJECT --reject-with tcp-reset

This actually blocks anybody trying to connect twice to your ssh daemon within 60 seconds. This is really great for defending easily (e.g. without running an extra daemon/script, etc) against brute force attacks, but also keep in mind: you might lock out yourself. At least for .. sometime!

 

Author: Daniel Urstöger
Last update: 19-11-2009 16:48


How to install Debian Lenny from a USB stick?

Hi there,

the only hard thing here is preparing the USB stick, but actually the Debian guys took care of most of the process so, here you are:

You need a running Debian system, plugin a USB stick with around 200 megs of capacity.

This steps will delete all the data from the USB stick!

Assuming your USB stick was added as /dev/sdb, otherwise change the command accordingly.

 

wget http://ftp.de.debian.org/debian/dists/lenny/main/installer-i386/current/images/hd-media/boot.img.gz
zcat boot.img.gz > /dev/sdb
wget http://cdimage.debian.org/debian-cd/current/i386/iso-cd/debian-506-i386-netinst.iso
mkdir /mnt/sdb
mount /dev/sdb /mnt/sdb
cp debian-*-netinst.iso /mnt/sdb
umount /dev/sdb

 

The stick should be bootable and ready now.

Author: Daniel Urstöger
Last update: 25-10-2010 17:05


How to undelete removed/deleted files on an ext3 / ext4 fs?

Here is a new tool that will help you with recovering files from an ext3 or ext4 partition:

http://extundelete.sourceforge.net/ 

Author: Daniel Urstöger
Last update: 25-10-2010 17:04


How to convert an ext3 partition to ext4?

Well, this is actually not too hard and ext4 gives better performance in various cases, so an update to ext4 is surely not a bad thing to do, but first check if your kernel does support ext4!

Converting an ext3 to ext4 is plain forward: 

  1. unmount the file system
  2. tune2fs -O extents,uninit_bg,dir_index /dev/sdaX
  3. fsck ( not 100% necessary, but doesn´t hurt )

So here you go:

cd /; umount /dev/sda1
tune2fs -O extents,uninit_bg,dir_index /dev/sda1
fsck -pf /dev/sda1
 

If you want to boot from an ext4 root device, you have to tell this to your kernel via boot parameter:
rootfstype=ext4

If you use grub as boot loader, change the entries as this one:

title		Debian GNU/Linux, kernel 2.6.26-2-686
root		(hd0,0)
kernel		/vmlinuz-2.6.26-2-686 root=/dev/mapper/gosisrv01-root ro quiet rootfstype=ext4
initrd		/initrd.img-2.6.26-2-686

Author: Daniel Urstöger
Last update: 25-10-2010 17:19


How do I upgrade from Debian Lenny to Squeeze?

Here you go:
(please do that in textmode and not in your GUI, so KDE or whatever can be restarted without any issues)

 

  • vi /etc/apt/sources.list
    (change lenny to squeeze)
    Should look like this:
    deb http://ftp.nl.debian.org/debian squeeze main contrib non-free
    deb http://security.debian.org squeeze/updates main contrib non-free
    deb http://ftp.nl.debian.org/debian squeeze-updates main contrib non-free
  • aptitude update
  • aptitude install apt dpkg aptitude
    (accept the first solution, it is usually fine)
  • aptitude full-upgrade
    (read through the suggestion, but the first one is usually the best)
  • aptitude upgrade

enjoy!

Author: Daniel Urstöger
Last update: 25-05-2011 20:38


How to fix "Internal error: Berkeley DB error for filesystem"?

After working with the subversion system pretty flawlessy for years (as standalone service and within apache), I had this problem in my apache log files:

[Fri Dec 02 22:56:41 2011] [error] [client 91.118.57.x] (20014)Internal error: Berkeley DB error for filesystem '/svn/repository/db' while opening environment:\n [Fri Dec 02 22:56:41 2011] [error] [client 91.118.57.x] Could not fetch resource information. [500, #0] [Fri Dec 02 22:56:41 2011] [error] [client 91.118.57.x] Could not open the requested SVN filesystem [500, #160029] [Fri Dec 02 22:56:41 2011] [error] [client 91.118.57.x] Could not open the requested SVN filesystem [500, #160029]

The repository was not accessible anymore, so first I started to try to recover the repository:

svnadmin recover /svn/repository/

 That didn´t help at all, so I checked the repository:

svnadmin verify /svn/repository/

Didn´t dig up anything at all either, so at least the repository wasn´t broken. I was looking a around a bit and finally figured out it has to be some kind of a permission problem, so I solved it by running these commands:

find /svn/repository -type f -exec chmod 660 {} \;
find /svn/repository -type d -exec chmod 2770 {} \;



 

 

 

Author: Daniel Urstöger
Last update: 03-12-2011 16:41


How to duplicate / copy partition table?

In Linux there is a small helpful tool for this, called sfdisk. It is able to diplays and manipulate the partiation table.
This comamnd reads the partition table from /dev/sda and writes it to /dev/sdb:

sfdisk -d /dev/sda | sfdisk /dev/sdb
 

(make sure you set the correct source / destiation drive!)

Author: Daniel Urstöger
Last update: 17-01-2012 17:17


How to change crontab email setting ( MAILTO ) ?

This is quite easy, just add the MAILTO line to your crontab, preferable to the top, so config parameters stay visible no matter how many entries your crontab has:

MAILTO=example@example.com

 

If you want to stop cron from sending emails at all use this line:

MAILTO=""

 

Author: Daniel Urstöger
Last update: 02-04-2012 10:31


How to repair GRUB with a live cd?

There are many things that could go wrong with a GRUB installation and one way to get the system booting is some kind of a live cd. sysrescuecd is highly recommanded as it has a ton of options for fixing a broken installation.

The main problem I had was getting GRUB to recognize the drives etc. correctly, when you boot from a live cd. There are a few things you need to keep in mind, so you can repair GRUB and other things in the first place:
 

1) mount the system into the live cd enviroment:

mkdir /mnt/system 
mount /dev/sdX /mnt/system

 

2) mount the proc and other special file system so your system will work properly:

 

mount -o bind /dev /mnt/system/dev 
mount -o bind /sys /mnt/system/sys
mount -t proc /proc /mnt/system/proc
cp /proc/mounts /mnt/system/etc/mtab 

 

3) after that is all done, you can chroot into the system and work with it and make repairs:

chroot /mnt/system /bin/bash 

 

From there you can make your way with update-grub and of cource grub-install /dev/sdX --recheck 

Author: Daniel Urstöger
Last update: 14-06-2012 15:57


How to fix mdadm / mdraid resync=PENDING or auto-read-only?

This happend to me when I created a new md device and checked for the status in /proc/mdstat.
The problem is obviously just that the resync isn´t set in motion for some reason,
I played around with it, and maybe it even starts by itself, but if you are in a hurry,
you can tell mdadm to resync it right now by:

mdadm --readwrite /dev/mdN

 
Replace N with the md number and check /proc/mdstat, should do the trick. 

Author: Daniel Urstöger
Last update: 02-07-2012 21:31


How to edit a very large file?

I had to remove one line of a 20GB MySQL dump file and was wondering how I could do this.

Actually there are a few ways, but hexdump worked best for me.

aptitude install hexdump

Will get you started on Debian and here is the syntax for editing a file:

hexedit largefile.sql.dump
tab (switch to ASCII side)
move to the position you want to alter/erase
space (repeat as needed until your header is gone)
F2 (save)/Ctrl-X (save and exit)/Ctrl-C (exit without saving)

 

Author: Daniel Urstöger
Last update: 11-07-2012 23:14


How to display environment variables?

This is also pretty simple:

 

printenv

Author: Daniel Urstöger
Last update: 27-07-2012 11:30


How to change speed / duplex setting of a network connection?

Well, you can do this with mii-tool or ethtool, both should be working nicely. On Debian to install those, run this:

aptitude install ethtool net-tools

 After that you can check the interface status by running this command:

ethtool eth01

 Should give output like this:

Settings for eth1:
	Supported ports: [ TP ]
	Supported link modes:   10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Supports auto-negotiation: Yes
	Advertised link modes:  10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Advertised pause frame use: No
	Advertised auto-negotiation: Yes
	Speed: 1000Mb/s
	Duplex: Full
	Port: Twisted Pair
	PHYAD: 1
	Transceiver: internal
	Auto-negotiation: on
	MDI-X: off
	Supports Wake-on: pumbag
	Wake-on: g
	Current message level: 0x00000001 (1)
	Link detected: yes

here the alternative with mii-tool:

mii-tool eth1

Should give output just like this: 

eth1: negotiated 1000baseT-FD flow-control, link ok


So now, after we can see what is going on, remember this, before chaning the network speed: if you set the network speed manually, you have to do this on both sides. So you need to change the switch network speed, or whatever your server/computer is attached too to the matching setting. Otherwise you most likely will have duplex / speed missmatches with either leed in very slow performance or the network is not working at all!

This will set the network connection into 100mbit full duplex:

mii-tool eth1 -F 100baseTx-FD

 Same for ethtool:

ethtool -s eth1 speed 100 duplex full

 

 After that check if it was really set the way you wanted, if not, you need to disable auto negotiation first:

ethtool -s eth1 autoneg off

 

Author: Daniel Urstöger
Last update: 07-11-2012 19:51


How to restart network card auto-negotiation?

This might be necessary some times, here the line to do it with ethtool:

ethtool -r eth1

 And here with mii-tool:

mii-tool -r eth1

 

Author: Daniel Urstöger
Last update: 07-11-2012 19:55


How to clean drives from software raid (mdadm)?

Software raid is really great in Linux, but once you need to repurpose old drives,
or lets say some other implementation of software raid has fucked up your disks,
you need to do some clean up.

This basically has to happen in two steps so it can succeed:

  • stop the md device
  • remove the super block from the device

So here you go, to find out which md device is active run this command:

cat /proc/mdstat

 in the list figure out which md device you want to delete / stop. Then runs this command:

mdadm --stop /dev/md127

 After that succeeded the last thing you need to make care of is the super block:

mdadm --zero-superblock /dev/sda1

 

Devices paths are of course just examples, make sure you double check on this, otherwise you might loose data!

 

 

 

Author: Daniel Urstöger
Last update: 25-03-2013 14:27


How to skip or bypass fsck on reboot / system startup?

There are a few ways to make this happen, the simplest way is to reboot the machine with this command:

shutdown -rf now

 

Specifically for Debian you can also do this:

touch /fastboot

 

The bit more complicated way is to add fastboot as kernel parameter. This can be either done by editing it live when the server boots up or by changing your grub config /boot/grub/grub.conf. Search for menuentry and look for the part "linux" and add fastboot like in this example:

 

linux /boot/vmlinuz-2.6.32-5-amd64 root=UUID=6ba7e075-d8cf-4839-xxxx ro  quiet fastboot

Author: Daniel Urstöger
Last update: 25-03-2013 14:25


How to duplicate / copy GPT partition table?

sfdisk doesn´t do the trick on GPT tables, so this will not work.

 

This is also easy, we need to install

aptitude install sgdisk

 

and then run this two commands: (this will copy the partition table from sda to sdb and then reload the table)

sgdisk -R=/dev/sdb /dev/sda
sgdisk -G /dev/sdb

Author: Daniel Urstöger
Last update: 21-06-2013 19:22


How to get summarized sizes of folders including their subfolders?

Well there are few ways to achieve this, here are two:

du -sh /*

This will spit out a summary for the whole root of your filesystem or other path if you change it.

du -m / | sort -nr

This does pretty much the same, but sorts output by  filesize.

Author: Daniel Urstöger
Last update: 07-08-2013 17:12


Dedicated Servers » Cluster

How to ensure PHP session concurrency on multiple HTML servers?

well, this is a quite common problem, depending on which load balance
system you are using, let us first explain the problem itself:

You got 2 HTML servers, one databases server. If your load balancer
just randomly sends users to either of your HTML servers,
all PHP session variables would be created on one HTML server,
but would be missing on the other one.

There are quite a few ways to solve this, like one could setup
a NFS and let both HTML severs store their session data there.
Just because of the bunch of small files and the rapid access on those,
this is not a good solution, might slow down your application quite a bit.

Since some time PHP comes with the APC package, which offers central
session storage. We tried to setup APC a couple of time, it is just
too complicated and seems to be unstable too.


So what we would suggest to you: use sharedance daemon.

Check it out here.

Works great, easy to setup,stable and quite speedy!

Another way of solving this is running memcache, which is available from Debian repositories at least since sarge, and using memcache as session handler in the php.ini config. More will be added about that soon!

Author: Daniel Urstöger
Last update: 25-06-2007 14:46


How to bond multiple network devices with Debian Lenny (ifenslave)?

Access denied

Author: Daniel Urstöger
Last update: 12-08-2009 12:16


Dedicated Servers » Daemon » dbmail

dbmail + MySQL + postfix + SMTP auth via SASL2 + Debian Etch/Lenny

Hello!

well, this caused me a load of headache, so here is a quick guide to make it work,
but first of all a few things to keep in mind:

Postfix: first time I used it, so far as I can say it works, even though I love qmail, Postifx has its charms too.
One thing you always should keep in mind: postfix runs within an chroot jail, so it won´t be able to access /etc/hosts for example.

dbmail: well, just remember that everything is stored within a SQL database, so be sure that your database is working correctly, otherwise everything is screwed!

lmtp: if you run into troubles with lmtp, its always good to check the according RFC and just telnet to the thing and see what happens or you could install the package cyrus-clients-2.2, which brings you a little helper named lmtptest. Always good for debugging.

Last but not least, this guide is intented to make it work, as a start help, there are always ways to make it better, more secure and do some performance tweaks. Just to give you one example you most likely could use any pre existing MySQL installation (as long as it supports innodb), or use PostgreSQL instead of MySQL in this case but still, just to get you started :)

so lets go to work with a clean Debian Etch installation as prerequirement:

  • edit your /etc/apt/sources.list and add this entry: "deb http://packages.dotdeb.org etch all"
    (this gives you more recent MySQL builds)

For Lenny it is just a bit different:

  • edit your /etc/apt/sources.list and add this entry: "deb http://packages.dotdeb.org lenny all"
    (this gives you more recent MySQL builds)

General:

  • install the required packages for dbmail compilation / operation and of course postfix:
    • apt-get install mysql-server mysql-client libmysqlclient15-dev pkg-config libglib2.0-dev libgmime-2.0-2-dev
    • apt-get install build-essential
    • apt-get install postfix-mysql
  • now let us grab dbmail ( www.dbmail.org for the latest release ) and compile it:
    • cd /usr/src
    • wget "http://www.dbmail.org/download/2.2/dbmail-2.2.15.tar.gz"
    • tar -zxf dbmail-2.2.15.tar.gz
    • cd dbmail-2.2.15
    • ./configure --with-mysql
    • make all
    • make install
  • dbmail is almost ready now, you should move the config now to /etc and edit it accordingly to your MySQL config:
    • mv dbmail.conf /etc
    • vi /etc/dbmail.conf (or use your editor of choice to do that)
      • driver = mysql
      • authdriver = sql
      • host = localhost
      • sqlsocket = /var/run/mysqld/mysqld.sock
      • user = dbmail
      • pass = test
      • db = dbmail
      • encoding = utf8
      • default_msg_encoding = utf8
      • EFFECTIVE_USER = nobody
      • EFFECTIVE_GROUP = nogroup
    • the rest of the values you can leave untouched for the moment
  • tweak the MySQL config a bit ( add the following lines in the [mysqld] section ) and restart mysql:
    • default-character-set = utf8
      default-collation = utf8_general_ci
      character_set_server = utf8
      collation_server = utf8_general_ci
    • /etc/init.d/mysql restart
    • ( this step is not really needed, but if you start with a clean / empty database, is a good thing to use UTF8 by default)
  • so now its time to setup the MySQL database, create tables and add the user credentials:
    • mysql ( or use phpMyAdmin, etc., whatever you prefer )
      • CREATE DATABASE dbmail DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
      • GRANT ALL ON dbmail.* to dbmail@localhost identified by 'test'
  • so now we import the tables from dbmail into the database we just created:
    • mysql -udbmail -ptest dbmail < /usr/src/dbmail-2.2.15/sql/mysql/create_tables.mysql
  • the log files for dbmail need to be created and permissions set correctly:
    • touch /var/log/dbmail.log
    • chown nobody.nogroup /var/log/dbmail.log
    • touch /var/log/dbmail.err
    • chown nobody.nogroup /var/log/dbmail.err
  • hmm, dbmail basic setup is now complete, we can try now and see if dbmail basically works:
    • dbmail-util -av ( should give you some screen output, check through it, most important is the last line though: "Maintenance done. No errors found.". Well, dbmail works!
      • Additionally you could try to run:
        • dbmail-users -a test -w test
        • dbmail-pop3d
        • telnet localhost 110 ( and see if you can login with test/test )
  • with dbmail setup done, we now need to tell postfix a few things, like it shall deliver emails to dbmail ( we can do that via lmtp or pipe smtp inject ) and some more tweaks, like we can tell Postfix to prior accepting any email, checking the database and see if that user/address really exists, cool, isn´t it? so lets get started:
  • as Postfix runs in a chroot jail we have to symlink the socket so Postfix actually is able to access the database from within its jail:
    • mkdir -p /var/spool/postfix/var/run/mysqld
    • chown mysql /var/spool/postfix/var/run/mysqld
    • ln /var/run/mysqld/mysqld.sock /var/spool/postfix/var/run/mysqld/mysqld.sock
  • especially the last line is a problem, since the socket will be recreated all the time MySQL restarts, so best is to add that line into /etc/mysql/debian-start:
    • rm -rf /var/spool/postfix/var/run/mysqld/mysqld.sock
      ln /var/run/mysqld/mysqld.sock /var/spool/postfix/var/run/mysqld/mysqld.sock
    • and restart MySQL /etc/init.d/mysql restart
  • so now postfix is able to connect to our MySQL database, we can now tell postfix to verify if a user exist before accepting any emails:
    • edit the main.cf and add the following line:
      local_recipient_maps = mysql:/etc/postfix/sql-recipients.cf
    • edit /etc/postfix/sql-recipients.cf with your favourite editor and make it look like:

      user = dbmail
      password = test
      hosts = localhost
      dbname = dbmail

      query = SELECT alias FROM dbmail_aliases WHERE alias='%s'
    • save, restart postfix: /etc/init.d/postfix restart and test it ( via telneting to the smtp deamon and check if it accepts emails for users who do not exists within the database), should be working already
  • and finally we tell postfix to deliver all emails to dbmail from now on:
    • edit /etc/postfix/main.cf and add the following line:
      mailbox_transport = dbmail-lmtp:[127.0.0.1]:24
    • restart postifx: /etc/init.d/postfix restart
    • start dbmail-lmtp and try to send yourself some messages ... everything should be working, if not check /var/log/syslog and bot of the dbmail log files: /var/log/dbmail.log and /var/log/dbmail.err, should tell you where something went wrong.


Well, after that we are done with the basic setup, now we can do a few more things like amavis for spam / virus scanning or adding SMTP auth via sasl, etc...

lets do sasl first:

  • install the required packages:
    • aptitude install libsasl2 sasl2-bin libsasl2-modules-sql
  • we do NOT need to run sasl as daemon, as postfix is able to interface with the modules directly, so no need to change /etc/default/saslauthd is required, but we have to create this file: /etc/postfix/sasl/smtpd.conf
    • pwcheck_method: auxprop
      auxprop_plugin: sql
      sql_engine: mysql
      mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
      sql_engine: mysql
      sql_hostnames: localhost
      sql_user: dbmail
      sql_passwd: test
      sql_database: dbmail
      sql_verbose: yes
      sql_select: SELECT passwd FROM dbmail_users WHERE userid = '%u' AND userid != '__@!internal_delivery_user!@__' AND userid != 'anyone' AND userid != '__public__' AND passwd IS NOT NULL AND passwd != ''
    • put that into the file and save it
  • that´s about it, now you only have to tell postfix to use it, edit main.cf and add this lines:
    • smtpd_sasl_auth_enable = yes
      smtpd_sasl_security_options = noanonymous
      smtpd_sasl_local_domain = $myhostname
      broken_sasl_auth_clients=yes
  • and one more thing, since postfix runs in its chroot jail, we need to tell the init.d script to copy that new file too, so edit /etc/init.d/postfix, search for FILE and add to this section:
    • etc/postfix/sasl/smtpd.conf
  • now its time to restart postfix
    • /etc/init.d/postfix restart
    • tail /var/log/auth.log -f
    • ( and now try to smtp auth against your server and read through the debug messages )
  • everything should be working though, if not, see if the debug messages give you a clue.

hope you enjoyed, if you run into troubles, feel free to contact me or try the dbmail mailing list.

Author: Daniel Urstöger
Last update: 01-03-2010 14:48


How to install dbmail 3 from git on Debian Squeeze?

Here are the steps to get you started (I put my stuff compiled from source into /usr/src):

First of all we install a few libraries:

  • aptitude install build-essentials pkg-config libglib2.0-dev libgmime-2.4-dev flex libmysqlclient-dev libmhash-dev libevent-dev libssl-dev git

Create the directories:

  • mkdir /usr/src/dbmail
    cd /usr/src/dbmail

Grab and install libzdb, needed for dbmail > 2.3

  • wget "http://tildeslash.com/libzdb/dist/libzdb-2.10.tar.gz"
    tar -zxf libzdb-2.10.tar.gz
    cd libzdb-2.10
    ./configure && make && make install

check out dbmail from git:

  • cd /usr/src/dbmail
    git clone git://git.dbmail.eu/paul/dbmail
    cd dbmail
    ./configure --with-zdb=/usr/local
    make && make install

Thats already the basic setup, the rest as setting up the database etc you can check out here

Author: Daniel Urstöger
Last update: 09-02-2012 16:00


Dedicated Servers » Daemon » exim

How do I flush the exim mail queue?

Hi Folks,

well, here is something to get you started: 

  • exim -qf
  • exim -qff

The first command will rerun the mail queue and the second one will also try to redeliver also frozen messages.
You might also want to add -v to get more verbose output:

  • exim4 -qff -v

Enjoy! 

Author: Daniel Urstöger
Last update: 18-05-2010 11:18


How do I view the exim mail queue?

Well, one easy thing to to do:

 

  • exim -bp

 

enjoy!

 

Author: Daniel Urstöger
Last update: 01-12-2008 13:40


How do I remove all messages from exim queue?

this is also quite simple:

  • exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash
this should / will also work:
  • exim -bp | exiqgrep -i | xargs exim -Mrm

Author: Daniel Urstöger
Last update: 13-07-2012 11:16


Dedicated Servers » Daemon » lighttpd

How to achieve "htaccess style" authentication with lighttpd ( lighty )?

well that is also easy with Debian (Etch or Lenny):

  • lighty-enable-mod auth
    ( non debian users might just add this to their lighty config:
    server.modules                += ( "mod_auth" )
    )
  • add this to your lighttpd configuration, somewhere inside of your "$SERVER["socket"] == {}" part
    (update the paths according to your configuration!) 

      auth.backend = "htpasswd"
      auth.backend.htpasswd.userfile = "/etc/lighttpd/htpasswd"
      auth.require = ( "/" =>
                   (
                     "method"  => "basic",
                     "realm"   => "auth login only",
                     "require" => "valid-user"
                   )
                   )
    ( in /etc/lighttpd/conf-enabled/05-auth.conf you could also see a few examples )
    If you have more then one user in your htpasswd file and want grant access only for a specific user, change the "require" line like this:
    "require" => "user=username"
    auth.require = ( "/" =>
    this "/" is the relative path, might also be "/phpmyadmin" or "/secret"
     
  • /etc/init.d/lighttpd force-reload

if you miss htpasswd cli tool, install apache2-utils via aptitude:

  • aptitude install apache2-utils

 

Author: Daniel Urstöger
Last update: 14-05-2010 20:09


How do I create a self signed SSL certificate for lighttpd (lighty)?

this is just a rough guide, but should work out fine:

  • cd ˜
  • openssl genrsa -des3 -out server.key 1024
  • openssl req -new -key server.key -out server.csr
  • cp server.key server.key.org
  • openssl rsa -in server.key.org -out server.key
  • openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
  • cp server.crt www.gosi.at.crt
  • cp server.key www.gosi.at.key
  • mkdir /etc/lighttpd/cert/
  • cat www.gosi.at.key www.gosi.at.crt > /etc/lighttpd/cert/www.gosi.at.pem

now alter your lighttpd config accordingly and have fun:

$SERVER["socket"] == "IPADDRESS:443" {
ssl.engine                  = "enable"
ssl.pemfile                 = "/etc/lighttpd/cert/www.gosi.at.pem"
server.name                 = "www.gosi.at"          
server.document-root        = "/var/www/gosi.at/public_html/"
}

 
If you ever are in need of installing a paid certificate you might need a intermediate certificate, you can handle that this way:

 

$SERVER["socket"] == "IPADDRESS:443" {
ssl.engine                  = "enable"   
ssl.ca-file                 = "/etc/lighttpd/cert/thawte.pem"
ssl.pemfile                 = "/etc/lighttpd/cert/www.gosi.at.pem"
server.name                 = "www.gosi.at"
server.document-root        = "/var/www/gosi.at/public_html/"
}
 

Author: Daniel Urstöger
Last update: 06-05-2011 13:05


How to limit lighttpd´s max upload file size?

well this is also pretty easy, just be sure to keep in mind the value is set in kilobytes (KB)!
You just have to put that in you config file: 

server.max-request-size = 4096

This will limit the upload file size to 4096 kilobytes, which equals 4 megabytes (MB).

Author: Daniel Urstöger
Last update: 12-01-2010 14:22


Dedicated Servers » Daemon » MySQL

How to create MySQL dumps?

As you have to move a MySQL database from one server to another you might run into troubles. Tools like phpMyAdmin may help you on creating backups of your existing databases but the tool of choice is mysqldump which usually comes with every MySQL package.

mysqldump -uUSERNAME -pPASSWORD DATABASE TABLE > FILENAME

(just replace the collation letters with your data)


Since you might encounter different MySQL version on the target/source system there are compatibility switches in newer releases of mysqldump, most importently:

--compatible=mysql3

(creates a dump which is compatible with MySQL 3.1.xx)


--compatible=mysql40

(creates a dump which is compatible with MySQL 4.0.xx)

Author: Daniel Urstöger
Last update: 06-10-2009 13:20


How do I install MySQL 4.1 on Debian Etch / Debian 4.0?

Hi Folks,

I ran into that problem and here is a quite easy solution, thanks to www.mytso.net:

 

  •  edit /etc/apt/sources.list
    add the following line:
    deb http://debian.mytso.net/etch /
  • edit /etc/apt/preferences
    add the following lines:

    Package: mysql-server-4.1
    Pin: version 4.1.11b-etch*
    Pin-Priority: 1001
  • aptitude update
  • aptitude install mysql-server-4.1 mysql-client-4.1 mysql-common-4.1 libmysqlclient14
 
That´s it, enjoy!

 

Author: Daniel Urstöger
Last update: 15-07-2008 16:51


How do I convert / change / delete more then one MySQL table?

Well, a quite simple task but still with a few dozen tables this might become quite some work in phpMyAdmin for example.

To solve this, we will use / write a simple bash script:

for t in $(mysql --batch --column-names=false -e "show tables" DBNAME);
do
mysql -e "alter table $t type=InnoDB" DBNAME;
done

That´s about it, you can replace the third line with other functions too, e.g.:
mysql -e "drop table $t" DBNAME
etc.
 
Enjoy! 

Author: Daniel Urstöger
Last update: 01-12-2008 13:37


How to show MySQL version?

just run this query:

select version();

Author: Daniel Urstöger
Last update: 06-10-2009 13:23


How to recover the MySQL root password?

Well, this happens from time to time and is actually easy to fix, so here you are:

/etc/init.d/mysql stop
mysqld_safe --skip-grant-tables & mysql -u root
you should now be in the MySQL shell as user root, now we just set a new password for the user root:

update mysql.user set password=PASSWORD("PASSWORD") where user='root'; quit

should be back to the command line, lets restart MySQL:
/etc/init.d/mysql restart


Well, that´s it :)

Author: Daniel Urstöger
Last update: 11-02-2010 20:58


How to change MySQL user password?

Connect to your database and run the following command:

 update mysql.user set password=PASSWORD("ENTER-PASSWORD-HERE") where User='ENTER-USERNAME';

 
After that you might want to run:

flush privileges;

 

Author: Daniel Urstöger
Last update: 14-06-2012 15:49


Dedicated Servers » Daemon » Postfix

How to fix "warning: mail_queue_enter: create file maildrop Permission denied”

just fixed that for a customer and wanted to let you know about my findings:
First of all, stop postfix, check if it is still running, kill it if necessary and well here are the shell commands

  • systemctl stop postfix (old: /etc/init.d/postfix stop)
  • killall -9 postdrop
  • chgrp -R postdrop /var/spool/postfix/public
  • chgrp -R postdrop /var/spool/postfix/maildrop/
  • postfix check
  • systemctl start postfix (old: /etc/init.d/postfix start)

 

If that doesn´t help, you might also want to try:

  • /etc/postfix/post-install upgrade-permissions
  • /usr/sbin/postfix set-permissions 

Hope it helps!

Author: Daniel Urstöger
Last update: 13-07-2021 18:33


How do I flush the postfix queue?

This task is pretty straight forward:

  • postqueue -f

Afterwards you might want to tail the maillog and see what happens.
Or you might also want to use this command to see postfix progress:

  •  mailq

Author: Daniel Urstöger
Last update: 17-05-2010 18:23


How to bind postfix to an IP / interface?

Also a pretty basic thing, here you are:

Edit the main.cf with your favorite editor, for me that is vi and on Debian the file path goes like that:

vi /etc/postfix/main.cf

 Look for: inet_interfaces

To bind postfix to all interaces, use:

inet_interfaces = all

 
For a single or multiple addresses do this:

inet_interfaces = 77.74.55.1,127.0.0.1

 
After changing config, restart postfix and use netstat -lpn to see if the change was successful. 

Author: Daniel Urstöger
Last update: 07-11-2012 19:32


How to remove all mails in the deferred postfix queue?

postsuper -d ALL deferred

Author: Daniel Urstöger
Last update: 14-02-2017 17:05


General » iPhone

How to jailbreak a iPhone 3Gs with iPhone OS 3.0?

well, so far there are two solutions: purplera1n from geogot and redsn0w from the iphone-dev team. 

resn0w:

 

purplera1n:

 works with Windows XP, Windows 7 and also Mac OS X!

  • download purplera1n from here.
  • make sure you have iTunes 8.2 installed (latest version so far)
  • connect your iPhone 3Gs to your computer
  • open iTunes
  • run purplera1n, click "make it ra1n"
    (it takes a while, your iPhone will reboot and come up with a different logo, after a while you should get to your normal home screen)
  • run the new App Freeze from your iPhone to install Cydia
  • reboot your iPhone
  • use Cydia and have fun!
side note: if purplera1n crashes you are most likely running a non English version of Windows, this might cause problems. For me it worked with Vista 64 bit in English and German. Also there is a new version of purplera1n which doesn´t have problems with international versions of Windows, so if you run into this problems, try to redownload purplera1n from the website above!
 
Remember: jailbreaking / unlocking your device might void your warranty! You do that on your own risk, if your iPhone breaks, we are not resposible for that! 

 

Author: Daniel Urstöger
Last update: 21-07-2009 09:58


How to jailbreak a iPhone 2G/3G with iPhone OS 3.0?

Thanks to the iphone dev team there are two ways to achieve that very easily (also be sure to read the notes carefully for each of the two programs!): 

  1. use of redsn0w
  2. use of Pwnage Tool 3.0

 

Both ways will only jail break, your device, to unlock your iPhone you will also need ultrasn0w, which later can be installed via Cydia, once you completed the jailbreak.

redsn0w is more like Quickpawn, if you remember/know that, so that is the easiest and fastest way:

 

  • Upgrade your iPhone 2G/3G via iTunes to iPhone OS 3.0
  • download redsn0w
  • run redsn0w 

That´s about it! Enjoy! 

Remember: jailbreaking / unlocking your device might void your warranty! You do that on your own risk, if your iPhone breaks, we are not resposible for that!  

Author: Daniel Urstöger
Last update: 05-07-2009 15:28


How to unlock your iPhone 3G / 3Gs?

Thanks again to the iPhone dev team there is already a solution for this, once you have jailbreaked your iPhone:

  • make sure your iPhone indeed runs iPhone OS 3.0 and Cydia is already installed and working!
  • open Cydia, the first time you open Cydia it does some cleaning and reorganisation, so if it closes after you opened it, just try again.
  • add the repo repo666.ultrasn0w.com to Cydia.  That last “o” is actually the number zero “0”!
  • search for ultrasn0w and install it
  • reboot your iPhone
  • T-Mobile USA users should disable 3G before using ultrasn0w
  • enjoy

Remember: jailbreaking / unlocking your device might void your warranty! You do that on your own risk, if your iPhone breaks, we are not resposible for that! 

 

Author: Daniel Urstöger
Last update: 07-07-2009 10:57


How to activate internet tethering on iPhone OS 3.0?

well that is quite easy, you just need to update your carrier profile, to make easy for you, browse with your iPhone to the following URL:

  • http://help.benm.at/help.php
  • click on "Mobileconfigs"
  • choose your country
  • choose your provider
  • the new profile will be downloaded and activated, once that is done, enjoy tethering!

Author: Daniel Urstöger
Last update: 24-07-2009 15:31


How to jailbreak a iPhone 3G or 3Gs with iPhone OS 3.1.2? (with tethering?)

this time the answer is (finally!!!) quite easy:

  • update your iPhone via iTunes to iPhone OS 3.1.2
  • Download and run Blackra1n (runs on Windows and Mac OS X)
  • enjoy!!!

Author: Daniel Urstöger
Last update: 12-01-2010 15:10


Where to find iPhone OS / iOS files?

Here is a list of all firmwares released for the iPhone so far:

1.0.0: iPhone1,1_1.0_1A543a_Restore.ipsw
1.0.1: iPhone1,1_1.0.1_1C25_Restore.ipsw
1.0.2: iPhone1,1_1.0.2_1C28_Restore.ipsw
1.1.1: iPhone1,1_1.1.1_3A109a_Restore.ipsw
1.1.2: iPhone1,1_1.1.2_3B48b_Restore.ipsw
1.1.3: iPhone1,1_1.1.3_4A93_Restore.ipsw
1.1.4: iPhone1,1_1.1.4_4A102_Restore.ipsw



2.0.0 (for 2G): iPhone1,1_2.0_5A347_Restore.ipsw
2.0.0 (for 3G): iPhone1,2_2.0_5A347_Restore.ipsw
2.0.1 (for 2G): iPhone1,1_2.0.1_5B108_Restore.ipsw
2.0.1 (for 3G): iPhone1,2_2.0.1_5B108_Restore.ipsw
2.0.2 (for 2G): iPhone1,1_2.0.2_5C1_Restore.ipsw
2.0.2 (for 3G): iPhone1,2_2.0.2_5C1_Restore.ipsw
2.1.0 (for 2G): iPhone1,1_2.1_5F136_Restore.ipsw
2.1.0 (for 3G): iPhone1,2_2.1_5F136_Restore.ipsw
2.2.0 (for 2G): iPhone1,1_2.2_5G77_Restore.ipsw
2.2.0 (for 3G): iPhone1,2_2.2_5G77_Restore.ipsw
2.2.1 (for 2G): iPhone1,1_2.2.1_5H1_Restore.ipsw
2.2.1 (for 3G): iPhone1,2_2.2.1_5H11_Restore.ipsw


3.0.0 (for 2G): iPhone1,1_3.0_7A341_Restore.ipsw
3.0.0 (for 3G): iPhone1,2_3.0_7A341_Restore.ipsw
3.0.0 (for 3GS): iPhone2,1_3.0_7A341_Restore.ipsw
3.0.1 (for 2G): iPhone1,1_3.0.1_7A400_Restore.ipsw
3.0.1 (for 3G): iPhone1,2_3.0.1_7A400_Restore.ipsw
3.0.1 (for 3GS): iPhone2,1_3.0.1_7A400_Restore.ipsw
3.1.0 (for 2G): iPhone1,1_3.1_7C144_Restore.ipsw
3.1.0 (for 3G): iPhone1,2_3.1_7C144_Restore.ipsw
3.1.0 (for 3GS): iPhone2,1_3.1_7C144_Restore.ipsw
3.1.2 (for 2G): iPhone1,1_3.1.2_7D11_Restore.ipsw
3.1.2 (for 3G): iPhone1,2_3.1.2_7D11_Restore.ipsw
3.1.2 (for 3GS): iPhone2,1_3.1.2_7D11_Restore.ipsw
3.1.3 (for 2G): iPhone1,1_3.1.3_7E18_Restore.ipsw
3.1.3 (for 3G): iPhone1,2_3.1.3_7E18_Restore.ipsw
3.1.3 (for 3GS): iPhone2,1_3.1.3_7E18_Restore.ipsw


4.0.0 (for 3G): iPhone1,2_4.0_8A293_Restore.ipsw
4.0.0 (for 3GS): iPhone2,1_4.0_8A293_Restore.ipsw
4.0.0 (for 4): iPhone3,1_4.0_8A293_Restore.ipsw
4.0.1 (for 3G): iPhone1,2_4.0.1_8A306_Restore.ipsw
4.0.1 (for 3GS): iPhone2,1_4.0.1_8A306_Restore.ipsw
4.0.1 (for 4): iPhone3,1_4.0.1_8A306_Restore.ipsw

Author: Daniel Urstöger
Last update: 05-08-2010 12:20


Dedicated Servers » Daemon » qmail

How do I fix "qmail: alert: cannot start: unable to open mutex"?

Hello,

well, this shouldn´t happen at all, but it happens if you empty the queue by just deleting the files in the /var/qmail/queue directory, anyhow, just recreate the file and you will be fine:

  • /etc/init.d/qmail stop (or qmailctl stop)
  • touch /var/qmail/queue/lock/sendmutex
  • chown qmails:qmail /var/qmail/queue/lock/sendmutex
  • /etc/init.d/qmail start (or qmailctl start)

that should do the trick!

Author: Daniel Urstöger
Last update: 31-12-2007 02:04


qmail + vpopmail + smtp auth + chkuser via dotdeb packages

Hi there,

qmail has been the MTA of choice for years now and I have to say it worked really great for me. Just after I got involved with postfix myself became quite unhappy with the current qmail setup because of various reasons and I wanted to improve the production system.

So here we are, qmail+smtp auth+vpopmail running but there is one thing that is quite annoying: while accepting emails, qmail is checking if the domain is correct/local but it does not check if the user really exists. So what happens on our MTA is that we have a load of deliveries which need to be bounced since once you have accepted the email and its not deliverable your MTA has to tell that to the source MTA (technically - RFC and of course legal obilagtions too) and here the problem comes: since we have spammers they will just try to deliver by a list of addresses and your MTA will become more and more busy. So either we delete such emails which can be done via .qmail-default file and vdelivermail, but that´s bad in two ways: we are breaking RFCs and of course that might bring up legal problems.

To solve this, we need to reject such emails and for that, we have to patch qmail a bit :)

prerequirements:

a working qmail setup, with vpopmail via the deb packages from dotdeb.org

(Since to keep it easy, we will just replace the qmail-smtpd file - nothing else.)


for that to happen we start with the netqmail packages which has most patches we need, like qmailqueue, etc. (http://www.qmail.org/netqmail/)

 

  • mkdir /usr/src/qmail
  • cd /usr/src/qmail
  • wget "http://www.qmail.org/netqmail-1.05.tar.gz"

so now we need to setup our enviroment so we can begin compiling

  • vi /etc/apt/sources.list
    (add this entry: deb-src http://packages.dotdeb.org stable all)
  • apt-get install build-essential
  • apt-get install libvpopmail-dev libssl-dev vpopmail-bin
  • apt-get build-dep qmail

now lets get back to netqmail

  • tar -zxf netqmail-1.05.tar.gz
  • cd /usr/src/qmail/netqmail-1.05
  • ./collate.sh
    should give output like this:

    [1] Extracting qmail-1.03...
    tar: Read 1024 bytes from -
    [2] Patching qmail-1.03 into netqmail-1.05. Look for errors below:
    24
    [4] The previous line should say 24 if you used GNU patch.
    [5] Renaming qmail-1.03 to netqmail-1.05...
    [6] Continue installing qmail using the instructions found at:
    [7] http://www.lifewithqmail.org/lwq.html#installation

here comes the very tricky part: the smtp-auth-tls and the chkuser patch colide with each other, so you can now grab both of them (http://shupp.org/smtp-auth-tls/ and http://www.interazioni.it/opensource/chkuser/) and fix the collisiions yourself or you can grab the patch attached to this article and be done with it.

  • addgroup nofiles
    (otherwise qmail won´t compile, but can be removed after compiling, since the dotdeb setup already created user/groups for that)
  • wget "http://kb.gosi.at/attachments/qmailpatch"
  • cd netqmail-1.05
  • cat ../qmailpatch | patch
    should give output like this:

    patching file base64.c
    patching file base64.h
    patching file case_startb.c
    patching file CHKUSER.automatic_patching
    patching file chkuser.c
    patching file CHKUSER.changelog
    patching file CHKUSER.copyright
    patching file chkuser.h
    patching file CHKUSER.log_format
    patching file CHKUSER.manual_patching
    patching file CHKUSER.readme
    patching file CHKUSER.running
    patching file chkuser_settings.h
    patching file conf-cc
    patching file conf-cc.orig
    patching file conf-ld
    patching file dns.c
    patching file FILES.auth
    patching file hier.c
    patching file install_auth.sh
    patching file ipalloc.h
    patching file Makefile
    patching file Makefile-cert.mk
    patching file Makefile.orig
    patching file Makefile.rej
    patching file qmail-control.9
    patching file qmail-remote.8
    patching file qmail-remote.c
    patching file qmail-smtpd.8
    patching file qmail-smtpd.c
    patching file qmail-smtpd.c.orig
    patching file README.auth
    patching file ssl_timeoutio.c
    patching file ssl_timeoutio.h
    patching file TARGETS
    patching file TARGETS.orig
    patching file tls.c
    patching file tls.h
    patching file update_tmprsadh.sh

    ( we have added smtp-auth-tls and chkuser patch - of course, fixed all the collisions )
  • make

    should give loads of output and should not end with an or more error message(s), something like this should appear:

    chmod 755 binm3+df
    chmod 755 update_tmprsadh
  • /etc/init.d/qmail stop
  • sleep 10;killall qmail-smtpd
  • mv qmail-smtpd /usr/sbin
  • chown root.qmail /usr/sbin/qmail-smtpd
  • vi /etc/init.d/qmail

    change the line:
    -u `id -u qmaild` -g `id -g nobody` -x /etc/tcp.smtp.cdb 0 smtp
    to:
    -u `id -u vpopmail` -g `id -g vpopmail` -x /etc/tcp.smtp.cdb 0 smtp
  • /etc/init.d/qmail start

well we are done already (took me some hours to put the patch together, but it was fun), check if your standard things work, like accepting emails, smtp auth and of course if now the chkuser thing works correctly.

enjoy .. if you have troubles, contact us, we are going to help you as much as we can.

Author: Daniel Urstöger
Last update: 17-07-2009 16:42


How do I flush the qmail queue?

Well, you just have to send the ALARM signal to qmail-send process:

  • killall -ALRM qmail-send

that´s already it. Alternatively you can try:

  • /var/qmail/bin/qmail-tcpok
    (this is the standard path, could vary from system to system) 
  • svc -a /var/qmail/bin/qmail-send

Author: Daniel Urstöger
Last update: 17-05-2010 18:28


How do I delete the qmail queue?

that is pretty simple too, but remember: ALL emails will be deleted and gone forever:

  • /etc/init.d/qmail stop ( or qmailctl stop)
  • cd /var/qmail/queue ( be sure that you have changed into that subfolder!!! )
  • find -type f -exec rm -f '{}' \;
  • touch /var/qmail/queue/lock/sendmutex
  • chown qmails:qmail /var/qmail/queue/lock/sendmutex
  • /etc/init.d/qmail start (or qmailctl start)

that should do it and your queue should be empty, you can check via:

  • /etc/init.d/qmail stat ( qmailctl stat )

Author: Daniel Urstöger
Last update: 07-03-2008 19:56


How do I set a smarthost in qmail?

Hi Folks,

this is also quite easy:

 

  • echo ":HOSTNAME" >/var/qmail/control/smtproutes
    (e.g. echo ":mx1.gosi.at" >/var/qmail/control/smtproutes )

 

Author: Daniel Urstöger
Last update: 29-06-2009 16:59


How to fix "undefined reference to `crypt'" while compiling qmail with vpopmail?

If you have a problem like this:

./load qmail-tcpto ip.o now.o open.a lock.a substdio.a  error.a str.a fs.a auto_qmail.o

/home/vpopmail/lib/libvpopmail.a(vpopmail.o): In function `mkpasswd3':

/usr/local/src/vpopmail-5.4.4/vpopmail.c:602: undefined reference to `crypt'

/home/vpopmail/lib/libvpopmail.a(vauth.o): In function `vauth_crypt':

/usr/local/src/vpopmail-5.4.4/vauth.c:1118: undefined reference to `crypt'

*** Error code 1

1 error

Do this:

echo "gcc -lcrypt -s" > conf-ld

Should fix everything for you ...

Author: Daniel Urstöger
Last update: 20-07-2011 13:10


General

How to install mplayer on Kubuntu and Ubuntu?

 

  • edit /etc/apt/sources.list and uncomment the lines for universe (remove the "#" in front of the lines)
  • add a line similar to universe see the example:
    deb http://at.archive.ubuntu.com/ubuntu breezy multiverse


    (note I am in Austria, I suggest you get a mirror closer to you)
    the two steps before are only needed if you run breezy, with 9.04 it is already as it should be.
  • cd /tmp
    (change directory to /tmp) 
  • wget http://www.mplayerhq.hu/MPlayer/releases/codecs/essential-20071007.tar.bz2
    (download any extra codecs) 
  • tar -jxf essential-20071007.tar.bz2
    (unpack the codecs) 
  • sudo mkdir /usr/lib/win32
    (create the directory for the codecs) 
  • sudo mv essential-20071007/* /usr/lib/win32
    (move the "codecs" to the new directory) 
  • rm -r essential-20071007*
    (remote the folder) 
  • sudo aptitude update
    (update apt-sources) 
  • sudo aptitude install mplayer smplayer
    (install mplayer) 
SMPlayer is a nice GUI for mplayer by the way, so enjoy!

 

Author: Daniel Urstöger
Last update: 21-07-2009 10:03


What is wget?

wget is a great tool for downloading files from the internet. It does supports resuming (via the -c command switch) and a hell load of other things, like SSL, FTP etc.

Its rock solid, support files bigger 2 GB, etc.

Check it out, it is available for Linux and Windows and it is open source.


Attached you will find version 1.10.2 compiled for Windows.

Author: Daniel Urstöger
Last update: 06-05-2007 04:31


Remote Desktop Client

here you can download the Microsoft Remote Desktopclient..

Author: Daniel Urstöger
Last update: 08-05-2007 14:18


PPTP client installation (with MPPE kernel patch) for Debian Sarge

well, here the steps you have to take (no reboot is necessary):
first we have to make our kernel understand MPPE, for that you can pretty much follow this document:

http://pptpclient.sourceforge.net/howto-debian-dkms.phtml

In step c though you should only add the first entry into /etc/apt/sources, since dell has changed the url to the repository for Etch already and removed the old stuff for Sarge. So still we need fis this, so do that:

  • apt-get install modutils
  • wget "http://linux.dell.com/dkms/debian/dkms_2.0.16.1-1_all.deb"
    ( if Dell ever removes the file, I will attach it here to this article )
  • dpkg -i dkms_2.0.16.1-1_all.deb
  • rm -rf dkms_2.0.16.1-1_all.deb


Right after you have done that, you can carry on with step d and follow the document to the end and you will have MPPE in your kernel!


So now you can install the PPTP client and have fun with it, to achieve that, just follow this document: http://pptpclient.sourceforge.net/howto-debian.phtml#install

Author: Daniel Urstöger
Last update: 31-12-2007 02:14


How do I create a fat32 paritition with Windows XP ( fat32format )?

Hello folks,

well as Microsoft has decided to strip fat32 from the formating tool, you do not have much choice to create a fat32 partition anymore. You could use a partition manager, a Linux CD and some others, but nothing comfortable.

Luckily somebody took care of it and wrote a program which does help you in that case.

Attached to this article you will find fat32format which will do the trick:

fat32format e:

will format the drive "e" with fat32.

Author: Daniel Urstöger
Last update: 17-11-2007 13:23


How do I fix the index of an avi (divx) file?

Hello,

well this problem seems to be pretty common, especially with downloaded files from the internet, so here is how you can fix it:

  • browse to http://www.mplayer.at ( download mplayer + mencoder for your OS, its available for Windows too )
    (there is no installer, you just need to extract the files from the archive to c:/program files/mplayer or similar)
  • put the broken movie into the same directory ( makes things easier for you )
  • now open a command shell ( for our Windows Users: Start -> run -> cmd )
  • change into the directory where you put mplayer and the movie
  • now run one of the following commands (replace the file names accordingly)

    mencoder file.avi -forceidx -oac copy -ovc copy -o fixedfile.avi

    mencoder file.avi -noidx -oac copy -ovc copy -o fixedfile.avi
    ( in some cases the upper one works best, in some the lower one, try both before you give up! )
  • mencoder will now work for a while, after its done the movie should be properly working

Author: Daniel Urstöger
Last update: 31-12-2007 00:42


How to fix iconv: cannot open input file `database.txt': File too large?

Author: Daniel Urstöger
Last update: 17-12-2009 16:19


How to convert a subversion repository to fsfs?

This is actually not that hard, but might be time consuming, depending on your repository size. Anyhow, the bdb database works fine, but in my case, when moving between Debian releases bdb breaks due to compatibility, so fsfs is the prefered way nowadays. if you don´t want to screw around with different bdb releases.

  • svnadmin dump /PATHTOYOURREPO > backup.dump
  • mv /PATHTOYOURREPO /PATHTOYOURREPO.bak
  • svnadmin create --fs-type fsfs /PATHTOYOURREPO
  • svnadmin load /PATHTOYOURREPO < backup.dump
That´s it!
 

Author: Daniel Urstöger
Last update: 06-03-2012 10:42


How to fix "DB_VERSION_MISMATCH: Database environment version mismatch"?

This happend to when I switched from Lenny to Squeeze and before, when I switched from Etch to Lenny. You might want to convert your repository to fsfs, so next time you don´t have bdb problems anymore, if so, follow this small tutorial. First you have to fix the repository of course, so here you go:

First make sure you have the correct dbutils installed for yoru bdb version:
(in my case the error message was like this: Program version 4.6 doesn't match environment version 4.4)

 

  • aptitude install db4.4-util db4.6-util 

Once that is done, let´s convert the repository, before doing that, stop everything that accesses the repository, might interefere and also you should create a backup before running these commands!

 

  • cd /PATHTOREPO
  • db4.4_checkpoint -1
  • db4.4_recover
  • db4.4_archive
  • svnlook youngest ..
  • db4.6_archive -d
These commands might take some time to complete, but should work fine.


PS: on the move to squeez the message lookced like this:

svn: Unable to open an ra_local session to URL
svn: Unable to open repository 'file:///PATHTOREPO'
svn: Berkeley DB error for filesystem '/PATHTOREPO/db' while opening environment:
svn: DB_VERSION_MISMATCH: Database environment version mismatch
svn: bdb: Program version 4.6 doesn't match environment version 4.4

 

Author: Daniel Urstöger
Last update: 06-03-2012 10:53


How to checkout a specific git tag?

After you have created a local copy of the repository you can checkout a specif tag, so there you go:

 

git clone http://git.gosi.at/testrepo testrepo
git tag -l
git checkout <tag_name>

 

First command creates the local copy, second command shows you the available tags and the last does the work.

Done!

Author: Daniel Urstöger
Last update: 10-04-2012 00:43


How to test STARTTLS on a mailserver?

You might want to test if STARTTLS works on your setup, or maybe some other server and see the internals.
From a Linux box this is quite easy, just install openssl and run the following command:

openssl s_client -starttls smtp -crlf -connect smtp.gosi.at:25

 

Author: Daniel Urstöger
Last update: 27-07-2012 11:26


How to change encoding of a file with vim? (example: to utf8)

This is actual pretty easy, with vim, you just need to run the following command:

:write ++enc=utf-8 utf8.txt

This will let vim write the same file into utf8.txt with UTF-8 encoding.

As an alternative you can also use iconv:

iconv -f utf-16 -t utf-8 file.txt > utf8.txt

Author: Daniel Urstöger
Last update: 04-10-2013 13:46


Dedicated Servers » Windows

How to convert a parition to NTFS?

  • convert c: /FS:NTFS
    (replace c with the partition name you want to convert to NTFS)

Author: Daniel Urstöger
Last update: 02-07-2009 21:15


General » Mac OS X

How do I install mplayer on Mac OS X?

Hi fellow Mac users,

the problem is that the mplayer builds supplied by the mplayer people themselves are really outdated so it is suggested to stick with the "unoffical" builds or compile the source from the Subversion repository. Since compiling is usually painful, unless you already have set up your development enviroment for another reaseon, we will stick with the unoffical packages, which you can grab from here:
 
http://www.haque.net/software/mplayer/mplayerosx/builds/
 
enjoy!
 
Update 1:
 
there is projected called mplayer extended which has nice improvements for the UI and also comes with very recent mplayer builds, including multi core support (FFMPEG), etc. check it out here:
 
http://mplayerosx.sttz.ch/

Update 2:
mplayer is now available from the Mac Appstore as well. Just search from mplayer and you will find it.

Author: Daniel Urstöger
Last update: 20-07-2011 18:31


How to use suspend to disk in Mac OS X?

Usually your Mac Book does a special thing, that is called "safe suspend", what happens here is that the RAM content gets written on the harddrive, but the Mac Book is not turned off, only put in sleep mode. This is just a safety feature, if the battery would run dry, it still can restore the content from the harddisk, otherwise it will just come back instantly from the sleep mode.

If you travel a lot, it is imho better if your notebook does a "normal" supsend to disk, since this will turn off your laptop completely after the contents of your memory have been written to the harddrive and preserve the battery way better compared to sleep mode. Changing this is easy, but Apple didn´t put a GUI for that into Mac OS X.

So there are two ways to change this: either the console or a UI called SmartSleep (which is freeware): 

(just use the one of this commands that fit your needs best and reboot your Mac Book afterwards) 

 

  • sudo pmset -a hibernatemode 0 
    (always regular sleep (disable safe-sleep))
  • sudo pmset -a hibernatemode 1
    (always safe-sleep (disable regular sleep))
  • sudo pmset -a hibernatemode 3
    (regular sleep first, safe-sleep if the battery is very low on power or is unplugged)
  • sudo pmset -a hibernatemode 5
    (always safe-sleep with secure virtual memory)
  • sudo pmset -a hibernatemode 7
    (regular sleep first then safe-sleep with secure virtual memory)
enjoy!

 

Author: Daniel Urstöger
Last update: 05-07-2009 15:47


How to enable Time Machine on unsupported volumes?

Just run that command in terminal and you can use any device for Time Machine backups:

  • defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1

Author: Daniel Urstöger
Last update: 06-10-2009 13:25


How to run MacFUSE on Snow Leopard 64 bit?

Hi folks,

well, I ran into this problem some time ago and well, you could built it yourself from the google code project, but that is usually quite a hassle! Luckily some guy took care of that already and here you can download the DMG:

Author: Daniel Urstöger
Last update: 17-12-2009 13:06


How to debug "back to my Mac" feature in Mac OS X?

Well, I was kinda amazed that Apple has built in quite some nice console tools for debugging, so open an terminal and run the following command:

echo "show State:/Network/BackToMyMac" | scutil

The output should already give you a raugh idea about what is going on or what isnt. For this feature to work, you have to enable UPNP in your router by the way, otherwise your Mac won´t be able to automagically forward the ports from your router to your Mac. If you use an Appe Airport or similar as a router you won´t be bugged by this matter, but with other vendors like Linksys, NetGear, AVM, etc. you have to check the manual on how to do that, since te default is usually off.

If you want to dig a bit deeper and you are familias with tcpdump you might want to try the following:

  • open two terminals
    (replace 192.168.178.1 with your routers IP address)

    sudo tcpdump -A -s 0 -i en0 host 192.168.178.1 and not port 53
    dns-sd -X udp 123 456 789
    let that two commands run in a seperate terminal, and kill both after roughly 20 seconds.
  • the captured packets should tell you what is going on...

Author: Daniel Urstöger
Last update: 04-06-2010 23:02


How to remove an entry from the preference pane?

As in most cases with the Mac OS X operating system, those entries are just plain files on your hard drive.
You should look in those those places:

/Library/Preference Panes and ~/Library/Preference Panes

And remove the entries you do not want anymore. Alternatively you also open the preference pane, right click on an entry and select delete. 

Author: Daniel Urstöger
Last update: 05-05-2011 20:09


Cisco VPN client stuck / not working in Mac OS X?

You might try this, it helped me a few times:

sudo kextunload -b com.cisco.nke.ipsec; sudo kextload -b com.cisco.nke.ipsec 

  
This un and reloads the kernel driver for Cisco VPN. Enjoy. 

Author: Daniel Urstöger
Last update: 20-07-2011 13:13


How to fix AFP connections to old server/nas? (Mac OS X Lion)

I ran into this problem with Lion and I am sure more and more people will now, as it was released.
My Thecus NAS was working fine with Mac OX X 10.6 but with Lion more changes came along,
and now it is necessary to change a few things to make it work.

For those who are interessted, this also came up in the Apple Developer Forum here

Open a Terminal and run this commands:

sudo chmod o+w /Library/Preferences
defaults write /Library/Preferences/com.apple.AppleShareClient afp_host_prefs_version -int 1 

 Now restart your computer. Open a Terminal again and run the following commands:

 
sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -array “Cleartxt Passwrd” “MS2.0″ “2-Way Randnum exchange”
sudo chmod o-w /Library/Preferences

Restart your computer again and afterwards it should work again.

Author: Daniel Urstöger
Last update: 20-07-2011 18:29


How to make a bootable Mac OS X Lion USB stick?

Gladly this is actually now quite easy. (Now there is a also a tool available that does most of the work for you, at least if you run on Lion already, click here).

Prequirements:

  • USB stick with => 4GB
  • Mac OS Lion from the Appstore (Install Mac OS X Lion.app)

 

Step 1: Plug in your USB stick
Step 2: Open the Disk Utility 
Step 3: format  the USB stick with "Mac OS Extended (Journaled)"
Step 4: In Finder right click on "Install Mac OS X Lion.app", select "show package content"
Step 5: Open Contents -> SharedSupport, there you should find a file "InstallESD.dmg"
Step 6: Back to the Disk Utility, select your USB stick
Step 7: select "Restore" and drag in "InstallESD.dmg" from Finder

 

This will take some time, but that´s it. To boot from this USB stick, plug it in and while powering up your Mac press the ALT key to boot from it. Enjoy! 

Author: Daniel Urstöger
Last update: 30-04-2012 15:35


How to completely uninstall xcode?

This is actully quite easy and might be necessary from time to time.

Open a Terminal and enter the following command: 

 

sudo /Developer/Library/uninstall-devtools --mode=all

This will take some time (on my system it was between 10 and 30 minutes),
afterwards you can close the Terminal and reinstall xCode. 

Author: Daniel Urstöger
Last update: 05-08-2011 00:46


How to clear DNS cache in Mac OS X (Leopard/Snow Lepard/Lion)?

For Mac OS X 10.4 and below:

lookupd -flushcache

 

For Mac OS X 10.5 and above:

dscacheutil -flushcache

Author: Daniel Urstöger
Last update: 09-04-2012 18:23


How to activate TRIM in Mac OS X?

Owners of Macbooks who upgraded to an SSD might want to use this feature and here are two ways to achieve that:

  • There is a tool called TRIM Enabler, that does this for you the easy way. Click here.
  • For people who want to do it the manual way, here are the shell commands:
    sudo cp /System/Library/Extensions/IOAHCIFamily.kext/Contents/PlugIns/IOAHCIBlockStorage.kext/Contents/MacOS/IOAHCIBlockStorage /System/Library/Extensions/IOAHCIFamily.kext/Contents/PlugIns/IOAHCIBlockStorage.kext/Contents/MacOS/IOAHCIBlockStorage.original
    sudo perl -pi -e 's|(\x52\x6F\x74\x61\x74\x69\x6F\x6E\x61\x6C\x00{1,20})[^\x00]{9}(\x00{1,20}\x51)|$1\x00\x00\x00\x00\x00\x00\x00\x00\x00$2|sg' /System/Library/Extensions/IOAHCIFamily.kext/Contents/PlugIns/IOAHCIBlockStorage.kext/Contents/MacOS/IOAHCIBlockStorage
    sudo kextcache -system-prelinked-kernel
    sudo kextcache -system-caches
     These 4 command should do the trick as well.

Author: Daniel Urstöger
Last update: 30-04-2012 15:18


How to unhide Library folder on Mac OS X?

This one is pretty easy, just run that command in Terminal:

 

chflags nohidden ~/Library

 

Author: Daniel Urstöger
Last update: 30-04-2012 15:22


How to uninstall all unused versions of (mac)ports packages?

This is actually pretty easy, just run the following command:

sudo port uninstall inactive

Author: Daniel Urstöger
Last update: 20-05-2012 20:34


How to run virt-manager on Mac OS X?

There is no easy solution for this at the moment and there is no real alternative on Mac OS X either,
but you can just forward the X output from the server to your Mac OS X via SSH and the -X option:

ssh -l USERNAME -X virt01.ams1.gosi.at

 

After the connection was established, just run virt-manager from the console. The window of virt-manager will popup on your Mac OS X screen.

Author: Daniel Urstöger
Last update: 14-06-2012 15:51


How to restart frozen Dock, Finder or Menubar on Mac OS X?

This happens from time to time and if you can either open a Terminal or connect to your Mac OX X machine via SSH you can try the following to get the frozen component running again:

 

killall Dock

 

killall -KILL Finder

 

killall -KILL SystemUIServer

 

Hope it helps :)

Author: Daniel Urstöger
Last update: 14-06-2012 20:05


How to show ip routes in Mac OS X?

Fire up your terminal an enter the following command:

netstat -nr

 

Or you could limit it a bit to this:

netstat -rnf inet

 

Or mabye you are just looking for the default route:

route -n get default

 

For the BSD guys this is easy, but as a Linux user, I was trying route all the time ;)

Author: Daniel Urstöger
Last update: 08-10-2012 14:37


How to delete an ip route in Mac OS X?

sudo route delete 192.168.250.0/24 10.21.0.1

 

Author: Daniel Urstöger
Last update: 02-07-2012 22:26


How to flush DNS cache in OS X El Capitan?

Open a Terminal (in /Applications/Utilities/ or search with Spotlight) and run the following command:

sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder;

 

 

Author: Daniel Urstöger
Last update: 11-06-2016 20:20


Dedicated Servers » Daemon » squid

How to setup a transparent proxy with squid?

There are a few ways to achieve a transparent proxy, the one I am describing here is with the Linux system being the gateway and the proxy on the same machine, of course you can split these functions, but for this tutorial we will go that way. So I presume all your clients are already online via the linux machine and iptables nat/masquerading, additionally the thing you need now is a transparent proxy. So we are going to need is two more things for that: squid itself and some more iptables.

So first of all comes the squid installation:

  • aptitude install squid

(If you are not running Debian/Ubuntu, you have to look some place else to find a proper installation guide)

After squid is installed we have to tweak the configuration file a bit ( /etc/squid/squid.conf ):

for squid prior to 2.6 we add to the end of the file:

  • httpd_accel_host virtual
  • httpd_accel_port 80
  • httpd_accel_with_proxy on
  • httpd_accel_uses_host_header on

for squid 2.6 and later its a bit simpler, just change the entry for http_port so it looks like:

  • http_port 3128 transparent
another thing we need to take of are squids ACLs, look out for the string "acl our_networks src" within your squid.conf and change to fit your needs:
e.g.: acl our_networks src 192.168.2.0/24
after that you have to uncomment the line:  "http_access allow our_networks"
now reload squid:
  • /etc/init.d/squid reload
    ( or /etc/init.d/squid restart )
	
now you can try with a client and setup the proxy manually on the connection settings. If that works, you need only one simple iptable rules to make the rest work:
  • iptables -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
    ( replace eth0 with the interface on which the clients request are received )
Voila, you are done, now the proxy should be transparently working for your clients.

Author: Daniel Urstöger
Last update: 29-01-2008 16:35


Dedicated Servers » Daemon » glusterfs

How to install glusterfs in Debian Lenny?

  • cd /usr/src
  • wget "http://ftp.gluster.com/pub/gluster/glusterfs/2.0/LATEST/glusterfs-2.0.8.tar.gz"
  • wget "http://download.gluster.com/pub/gluster/glusterfs/fuse/fuse-2.7.4glfs11.tar.gz"
  • tar -zxf glusterfs-2.0.8.tar.gz
  • tar -zxf fuse-2.7.4glfs11.tar.gz
  • aptitude install sshfs build-essential flex bison byacc libdb4.6 libdb4.6-dev libfuse-dev
  • cd fuse-2.7.4glfs11
  • ./configure && make && make install
  • cd ../glusterfs-2.0.8
  • ./configure --prefix=/usr && make && make install && ldconfig && glusterfsd --version
  • mkdir /etc/glusterfs/
  • vi /etc/glusterfs/glusterfsd.vol
  • update-rc.d glusterfsd defaults
  • /etc/init.d/glusterfsd start

Author: Daniel Urstöger
Last update: 07-11-2011 09:24


Dedicated Servers » Confixx

How to fix Confixx after perl/CPAN update?

If you encounter errors like this one:

Can't locate loadable object for module Confixx::Filter 
in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.10.0 
/usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5 
/usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at
 /root/confixx/confixx_counterscript.pl line 2Compilation failed in require at
 /root/confixx/confixx_counterscript.pl line 2.BEGIN failed--compilation aborted at 
/root/confixx/confixx_counterscript.pl line 2.

It is usually quite trivial to fix, since the only thing missing is a CPAN module required by Confixx:
You need to find you confixx installation folder, e.g.: /root/confixx, then do the following:

  • cd /root/confixx/admin/CPAN
  • tar -zxf Updater-1.0.6.tar.gz
    (the -1.0.6 might be different, e.g.: 1.0.5, what ever version you have installed of Confixx)
  • cd Updater-1.0.6
  • perl Makefile.PL
  • make install

That should be it.

Author: Daniel Urstöger
Last update: 27-01-2010 13:29


How to fix "SecurityException in Application.cpp:168: Do not have root privileges. Executable not set-uid root?"?

Fixing that was actually quite easy:

  • chmod u+s /usr/lib/suphp/suphp
  • /etc/init.d/apache2 restart
    (or whatever http daemon you are using) 

Enjoy!

Author: Daniel Urstöger
Last update: 14-05-2010 20:04


Dedicated Servers » Daemon » Apache

How to install PHP 5.3 next to 5.2.x or 4.x?

There are certain ways to achieve this, since the main reason for me doing that is testing, I choose the way with the least effort and added PHP 5.3 via CGI to Apache, next to the already installed PHP 5.2.x modul.
So here are the steps to get you started:

aptitude install subversion build-essentials
cd /usr/src
svn co http://svn.php.net/repository/pear/ci/phpfarm/trunk/ phpfarm
cd phpfarm/src

  Now you might want to edit config options in options.sh according to your needs, I added mysql and pdo_mysql:

#gcov='--enable-gcov'
configoptions="\
--enable-bcmath \
--with-mysql \
--with-curl \
--with-png \
--with-gd \
--enable-gd-native-ttf \
--with-ttf \
--enable-calendar \
--enable-exif \
--enable-ftp \
--enable-mbstring \
--enable-pcntl \
--enable-soap \
--with-pdo-mysql \
--enable-sockets \
--enable-sqlite-utf8 \
--enable-wddx \
--enable-zip \
--with-zlib \
--with-jpeg-dir=/usr/lib \
--with-xpm-dir=/usr/lib \
--with-freetype-dir=/usr/lib \
--with-gettext \
$gcov"

After you have done this, you can start with the compilation:

./compile.sh 5.3.2

As you already guessed this compiles PHP version 5.3.2, if you need a different version, you just change the line accordingly. Once the compilation completes we now need to tell Apache a few things:

a2enmod actions

This enables the actions module, which we need for our purposes. Next we need to edit a few config files, we start with /etc/apache2/mods-enabled/actions.conf, open it with your favorite editor and add the following lines:

    Options ExecCGI
    AllowOverride None

ScriptAlias /cgi-php532/   /usr/src/phpfarm/inst/bin/
Action php532-cgi /cgi-php532/php532-cgi 

  Now we need to create a wrapper file for php-cgi, so open/created /usr/src/phpfarm/inst/bin/php532-cgi and put that into the file:

#!/bin/sh 
/usr/src/phpfarm/inst/php-5.3.2/bin/php-cgi "${PATH_TRANSLATED}"

The wrapper script needs to be made executeable:

 

chmod +x /usr/src/phpfarm/inst/bin/php532-cgi

That´s already most of the job. As you most certainly already realized you could add more version of PHP next to each other, just by following this steps, e.g. you could also add 5.2.x or any other version you might need.

To activate PHP 5.3.2 for a specific vhost you can either add this to a .htaccess file or the vhost in question:

 

AddHandler php532-cgi .php

done.


So what would you need to do to get another PHP version into the same setup? 

cd /usr/src/phpfarm/src
./compile 5.2.13 

Add the according values into /etc/apache2/mods-enabled/actions.conf:

ScriptAlias /cgi-php5213/   /usr/src/phpfarm/inst/bin/
Action php532-cgi /cgi-php5213/php5213-cgi 

Create the file /usr/src/phpfarm/inst/bin/php5213-cgi:

#!/bin/sh 
/usr/src/phpfarm/inst/php-5.2.13/bin/php-cgi "${PATH_TRANSLATED}"

 Now make that file executable:

chmod +x /usr/src/phpfarm/inst/bin/php5213-cgi

And from here you can now enable PHP 5.2.13 on a vhost just as before via .htaccess or the Apache config like:

AddHandler php5213-cgi .php

Enjoy! 

 




 

Author: Daniel Urstöger
Last update: 05-08-2010 12:31


Monitoring » Nagios

How to monitor MySQL replication with Nagios?

Well, I wrote that script quite a while ago, it worked for me, so here you are:

#!/usr/bin/php -q
<?php
$host = $argv[1];
$user = $argv[2];
$pass = $argv[3];
$link = mysql_connect ( $host, $user, $pass );
$result = mysql_query ( "SHOW SLAVE STATUS" );
$stat = mysql_fetch_assoc($result);
mysql_free_result ( $result );
mysql_close ( $link );
if ( $stat['Seconds_Behind_Master'] < "10" && $stat['Last_Errno'] == "0" && $stat['Slave_IO_Running'] == "Yes" && $stat['Slave_SQL_Running'] == "Yes")
{
        echo "OK Replication Host: " . $stat['Master_Host'] .  " Seconds behind master: " . $stat['Seconds_Behind_Master'] . "s\n";
        exit ( 0 ) ;
}
else if ( $stat['Seconds_Behind_Master'] > 20 && $stat['Seconds_Behind_Master'] < 100 && $stat['Last_Errno'] == "0" && $stat['Slave_IO_Running'] == "Yes" && $stat['Slave_SQL_Running'] == "Yes")
{
        echo "WARNING Replication " . $stat['Master_Host'] .  " Seconds behind master: " . $stat['Seconds_Behind_Master'] . "s\n"; 
        exit ( 1 );
}
else
{
        echo "CRITICAL Replication " . $stat['Master_Host'] .  " Seconds behind master: " . $stat['Seconds_Behind_Master'] . "s | Error: " . $stat['Last_Error'] . "\n";
        exit ( 2 );
}
?>

Just put it in a file like /usr/local/nrpe/libexec/check_mysql_replication.php and run it with the correct parameters:

/usr/local/nrpe/libexec/check_mysql_replication.php SERVERHOST USERNAME PASSWORD

Done. 

 

 

Author: Daniel Urstöger
Last update: 15-06-2010 15:12


General » Windows ( XP / Vista / 7 )

How to format a USB stick with NTFS in Windows XP?

While sadly Microsoft has removed FAT32 support from everything but USB sticks, they also didn´t include the ability to format a USB stick with NTFS. Nowadays you might want NTFS, because it doesn´t have the 2GB file size limitation and comes with a few other nice features. Gladly HP took care of the problem and released a tool (for free), which does the job of formating a USB stick with NTFS:

Sadly HP doesn´t seem to offer it anymore on their website, but you can always just google for it: http://www.google.com/search?q=hp%20usb%20disk%20storage%20format%20tool&ie=utf-8&oe=utf-8

or you can also download it from here, since we attached it to this posting. 

Author: Daniel Urstöger
Last update: 23-10-2010 15:00


Dedicated Servers » Linux » Debian

How to compile a custom kernel in Debian Lenny / Etch?

This is usually quite straight forward, since Debian brings utilities with it to do this:

aptitude install build-essential kernel-package fakeroot libncurses5-dev bzip2
cd /usr/src
wget "http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.36.tar.bz2"
tar -jxf linux-2.6.36.tar.bz2
cd linux-2.6.36
cp /boot/config-`uname -r` ./.config

 

After that you can either run make menuconfig, or just use your favorite editor to change the config accordingly.
This step is optional, so if you do not want to change any parameters, you don´t have too. If there are new values available, which haven´t been within pervious kernels, you will be prompted while building the kernel anyhow.

 

fakeroot make-kpkg clean
fakeroot make-kpkg --append-to-version=.gosi1 kernel_image

 

 The kernel build will take a while, afterwards you just need to install it using dpkg -i and do not forget to update the initrd:

 

update-initramfs -c -k 2.6.36.gosi1
update-grub

Notes:

You might encounter a few problems, here are the solutions for some of them:

Error Message Solution
”error: zlib.h: No such file or directory” aptitude install zlib1g-dev
lguest.c:21:25: error: sys/eventfd.h: No such file or directory disable the pravirtualized guest support in the kernel config: “Processor type and features”: “Paravirtualized guest support” = N
(this needs to be done in Lenny because it comes with older libc6 which omits sys/eventfd.h)
The UTS Release version in include/linux/version.h does not match current version Download this and install it, even if you run Lenny..

Author: Daniel Urstöger
Last update: 15-12-2010 21:14


How to disable screen blank(ing) in Debian?

This is easy to achieve to just edit this file with your favorite editor:

vi /etc/console-tools/config
 change BLANK_TIME and POWERDOWN_TIME to 0:

BLANK_TIME=0
POWERDOWN_TIME=0
 reboot, done! 

Author: Daniel Urstöger
Last update: 06-12-2010 10:41


How to install awstats 7.0 on Debian Lenny/Squeeze?

Even Squeeze comes with an outdated version of awstats, with Lenny it is even worse. So here a few steps to update your installation to awstats 7.0:

aptitude install build-essential sharutils git-core ant openjdk-6-jdk cdbs debhelper
cd /usr/lib/jvm/
ln -s java-6-openjdk/ default-java
cd /usr/src
git clone git://git.debian.org/git/collab-maint/awstats.git
wget "http://prdownloads.sourceforge.net/awstats/awstats-7.0.tar.gz"
tar -zxf awstats-7.0.tar.gz
cp -R awstats/debian awstats-7.0/
cd awstats-7.0/

 We are almost done, now you need to comment this line "include /usr/share/cdbs/1/rules/upstream-tarball.mk" in debian/rules. This is only needed on Lenny, with Squeeze you are good to go.

./debian/rules binary

 
Done! Your deb package should be in /usr/src 

 

Author: Daniel Urstöger
Last update: 26-04-2011 14:22


How to install ruby / rubygems / passenger on Debian Squeeze / Lenny?

Here are a few steps to get you started:

aptitude update
aptitude install ruby ruby1.8-dev irb rdoc build-essential mysql-client libmysql-ruby libmysqlclient15-dev

 
The enviroment is setup, now we need to install rubygems:

cd /usr/src/
wget http://rubyforge.org/frs/download.php/74619/rubygems-1.7.2.tgz
tar -zxf rubygems-1.7.2.tgz
cd rubygems-1.7.2
ruby setup.rb 

 Setup complete!

gem -v 

 To verfiy the installation has worked so far. If not, you might want to try this:

ln -s /usr/bin/gem1.8 /usr/local/bin/gem 

 Next step is to integrate gem with ruby and install the module for your webserver:

gem install rails -v 2.1
gem install passenger passenger-install-apache2-module

 as alternative for lighttpd:

passenger-install-nginx-module

  For apache we now need to update the module configuration:

vi /etc/apache2/mods-available/passenger.load

add the following line and exit the editor:

LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-3.0.7/ext/apache2/mod_passenger.so

same here:

vi /etc/apache/mods-available/passenger.conf
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.1
PassengerRuby /usr/bin/ruby1.8

Depending on the current version, the path might of course be different, but you get the picture, right?
a2enmod passenger

 Now Apache is all set up, you might want to setup a virtualhost with ruby and have fun...

 

Author: Daniel Urstöger
Last update: 26-04-2011 16:03


How to install Openfire server on Debian Lenny / Squeeze?

This isn´t that hard, so here we go:

edit /etc/apt/sources.list to make the entries look like this one:

deb http://ftp.at.debian.org/debian/ lenny main contrib non-free

 

  
After that run the following commands:

aptitude update
aptitude install sun-java6-jre sun-java6-fonts

 Now download the Debian package from the openfire website and install it:

wget "http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire_3.7.1_all.deb"
mv downloadServlet\?filename\=openfire%2Fopenfire_3.7.1_all.deb openfire_3.7.1_all.deb
dpkg -i openfire_3.7.1_all.deb

 

Enjoy!

Update: This solution has one downside: the start/stop script will give warnings on Lenny / Squeeze, you can fix that by editing the /etc/init.d/openfire file and add this lines just after #!/bin/bash:

### BEGIN INIT INFO
# Provides:          openfire
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start daemon at boot time
# Description:       Enable service provided by daemon.
### END INIT INFO

 

Author: Daniel Urstöger
Last update: 02-05-2012 11:41


How to fix "Failed to fetch Packages 404 Not Found"?

Depending on which Debian mirror you are using, the error message looks like this:

W: Failed to fetch http://ftp.debian.org/debian/dists/lenny/main/binary-i386/Packages 404 Not Found
W: Failed to fetch http://ftp.debian.org/debian/dists/lenny/main/binary-amd64/Packages 404 Not Found
W: Failed to fetch http://ftp.debian.org/debian/dists/etch/main/binary-i386/Packages 404 Not Found
W: Failed to fetch http://ftp.debian.org/debian/dists/etch/main/binary-amd64/Packages 404 Not Found W: Failed to fetch http://ftp.debian.org/debian/dists/lenny/main/source/Sources 404 Not Found E: Some index files failed to download, they have been ignored, or old ones used instead.

 

 

This usually happens when your installation is already a bit outdated and the proper way to fix this is to upgrade to the next release, but in an emergency you can still access the deb files from the offical mirrors, but the location has moved. So edit /etc/apt/source.list and change the path to this:

deb http://ftp.at.debian.org/debian-archive/debian/ lenny main
deb-src http://ftp.at.debian.org/debian-archive/debian/ lenny main

 

Author: Daniel Urstöger
Last update: 09-07-2012 21:19


How to setup framebuffer in grub / console in Debian Wheezy?

First install the frame buffer console

aptitude install fbterm

 

edit the following file: vi /etc/default/grub and change the following lines to the resolution you would like:

GRUB_GFXMODE=1920x1080
GRUB_GFXPAYLOAD_LINUX=1920x1080x32

 

reboot and that should do the trick! Don´t mess up the resolution or your system might not be able to boot proberly anymore. Either be save or keep a recovery boot media close.

Author: Daniel Urstöger
Last update: 21-06-2013 19:08


How to install djbdns / tinydns / dnscache in Debian Squeeze/Wheezy?

Sadly there is no deb packages provided in Squeeze, so we have to build them ourselves. Luckily on the other hand, in SID there are are deb packages available + sources so we will start from there:

 

First step is adding the SID source to /etc/apt/sources.list

deb-src http://cdn.debian.net/debian/ sid main non-free contrib

After that update your sources and the the packages:

aptitude update
aptitude install build-essential
cd /usr/src
apt-get source djbdns


After that there should be a folder called djbdns..... in /usr/src, change into that directory and run the following command:

dpkg-buildpackage -uc -rfakeroot

This will build the package, once that is done, go one diectory up and do a ls -l and you will find the generated .deb package. Install that and you are one.

Author: Daniel Urstöger
Last update: 21-06-2013 19:17


How do I send an email with attachment from commandline?

Well this is easy with mutt, so first we install mutt:

aptitude install mutt

After that we run the following command:

echo "message body" | mutt -a "/path/to/file.jpg" -s "subject" -- recipient@example.com

Author: Daniel Urstöger
Last update: 31-07-2013 18:00


How to interpret the status of dpkg (–list) or dpkg-query?

This is actually a quite usefull thing, the documentation is available in the man pages of dpkg-query. In the list view of dpkg -l and dpkg-query the first three characters are relevant.

First character:

Desired action:
u = Unknown
i = Install
h = Hold
r = Remove
p = Purge

Second character:

Package status:
n = Not-installed
c = Config-files
H = Half-installed
U = Unpacked
F = Half-configured
W = Triggers-awaiting
t = Triggers-pending
i = Installed

Third character:

Error flags:
<empty> = (none)
R = Reinst-required

Enjoy!

Author: Daniel Urstöger
Last update: 12-08-2013 17:03


General » Photoshop

Where does Photoshop store its plugins?

For Windows you will find the plugins here:

c:\Program Files\Adobe\Adobe Photoshop CS5.1\Plug-Ins 


For Mac OS X you have to look here: 
/Applications/Adobe Photoshop CS5.1/Plug-Ins/
 
Paths may vary a bit, depending on which version of Photoshop you run, but you get the idea, right? 

Author: Daniel Urstöger
Last update: 05-05-2011 20:12


Dedicated Servers » Amazon EC2

How to configure vsftpd for active and passive data connections on Amazon EC2?

This was causing me some headaches so here is the proper solution:

First of all: you need to open the firewall so FTP is not blocked anymore, besides port 20 and 21 you need also a lot more for passive connections, so either you open the firewall for all TCP connections, which isn´t a good idea, but you can limit the ports used by vsftpd with the following config parameters:

pasv_min_port=10000
pasv_max_port=10024

After that open port 10000 till 10024 in the instance security configuration.
And last but not least you need to add this directive and replace x.x.x.x with your external IP:

pasv_address=x.x.x.x

Author: Daniel Urstöger
Last update: 23-11-2011 22:01


General » Android

How to transfer files between your Samsung Galaxy Nexus (i9250) and your Mac?

Most Android phones have the mass storage mode, but in the Samung Galaxy Nexus (i9250) it is missing,
so to download/ access media files and others you need a little helper tool.

Google / Android calls it File Transfer, you can grab it here:

http://www.android.com/filetransfer/ 

Author: Daniel Urstöger
Last update: 10-04-2012 00:27


How to hide TabWidget of tabhost?

Or how to hide the tabbar, tabgroup, whatever you may call it :)

First of all, there are different ways to achieve this, I will only show the one that worked for me.

 

tabhost.setVisibility( View.INVISIBLE );


Thats already it, to sum things up, here some more information:

There are a three different visibilities available in Android:
 

  1. tabhost.setVisibility( View.VISIBLE );
  2. tabhost.setVisibility( View.INVISIBLE );
  3. tabhost.setVisibility( View.GONE );

Explaination:

  • visible: visible on screen; the default value.
  • invisible: not displayed, but taken into account during layout (space is left for it).
  • gone: completely hidden, as if the view had not been added.

 

Author: Daniel Urstöger
Last update: 10-04-2012 00:35


How to use the ZXing scanning library in portrait mode?

Author: Daniel Urstöger
Last update: 10-04-2012 00:38


Virtualization » KVM

How to start a virtual machine (guest) at boot time?

This is pretty simple:

virsh autostart VMNAME

 

Just replace VMNAME with the name you have given your instance and running the command should output a message like this:

"Domain VMNAME marked as autostarted"

you can reboot your host, but if you see the message you should be fine. 

Author: Daniel Urstöger
Last update: 14-06-2012 20:02


Virtualization » VMWare

How do I resize a Virtual VMware Disk?

Also that isn´t really hard, there is a tool for this, called vmware-vdiskmanager.

 

  • shut down the VM machine
  • locate the regarding disk image (in Debian: /var/lib/vmware/Virtual Machines/VMNAME/*.vmdk)
    and change to that directory
  • create a backup of the virtual disk you are about to resize
  • vmware-vdiskmanage -x 10GB mydisk.vmdk
    (this resizes the disk mydisk.vmdk to 10GB)
    this works, no matter if the disk was split in 2GB files or not, and should not corrupt anything, but make a backup, better safe then sorry!
  • after that you need to create a new parition in that virtual disk or resize the partition within the disk, whatever you prefer
 
Enjoy! 

 

Author: Daniel Urstöger
Last update: 14-06-2012 19:57


Development

How do I check syntax of a bash script?

This is also quite easy:

bash -n ./test.sh

Author: Daniel Urstöger
Last update: 12-08-2013 16:54


Development » git

How to fix error: RPC failed; result=56, HTTP code = 0?

This happend to me when pushing bigger changes to my git server. The usual size is 2MB,
so what I did is just set the limit to 2MB and it ran through fine:

 

git config --global http.postBuffer 2M

 

 

Here some addtional technical information:

     http.postBuffer
           Maximum size in bytes of the buffer used by smart HTTP transports
           when POSTing data to the remote system. For requests larger than
           this buffer size, HTTP/1.1 and Transfer-Encoding: chunked is used
           to avoid creating a massive pack file locally. Default is 1 MiB,
           which is sufficient for most requests.

Author: Daniel Urstöger
Last update: 13-07-2021 22:49


How to fix "/bin/sh: msgfmt: not found"?

This is a compilation caused because a tool is missing, which is easy to fix in Debian:
(this happend to me while compiling git)

aptitude install gettext

Author: Daniel Urstöger
Last update: 18-07-2013 12:52


Raspberry Pi

How to add a custom splashscreen to Raspberry Pi / Raspbian?

First step is to create a PNG that matches your screens resolution as good as possible. After you have that you login to your Raspberry Pi and install a tool called fbi:

aptitude install fbi

After that move the splashscreen png to /etc/splashscreen.png, after you have that, create this init script with your editor in /etc/init.d/asplashscreen

#! /bin/sh
### BEGIN INIT INFO
# Provides:          asplashscreen
# Required-Start:
# Required-Stop:
# Should-Start:      
# Default-Start:     S
# Default-Stop:
# Short-Description: Show custom splashscreen
# Description:       Show custom splashscreen
### END INIT INFO

do_start () {
    /usr/bin/fbi -T 1 -noverbose -a /etc/splash.png    
    exit 0
}
case "$1" in
  start|"")
    do_start
    ;;
  restart|reload|force-reload)
    echo "Error: argument '$1' not supported" >&2
    exit 3
    ;;
  stop)
    # No-op
    ;;
  status)
    exit 0
    ;;
  *)
    echo "Usage: asplashscreen [start|stop]" >&2
    exit 3
    ;;
esac
:

After that we activate the init script and reboot the box:

chmod a+x /etc/init.d/asplashscreen
insserv /etc/init.d/asplashscreen
reboot

That should do the trick, enjoy!

Author: Daniel Urstöger
Last update: 18-07-2013 15:25


How to fix "COMXAudio::Decode timeout" in omxplayer?

This is a common problem with default settings on the Raspberry Pi.

The issue is a result of too little GPU memory, to fix this, you can adjust that value to 128MB.

 

You can find that value: /boot/config.txt

gpu_mem=128

Author: Daniel Urstöger
Last update: 11-06-2016 20:01


How to boot Raspberry Pi without starting x-server?

You can set this in the raspi-config:

sudo raspi-config

Under 3, "Boot Options", you can set to only load console without X.

Alternatively this command should also do the trick:

sudo update-rc.d lightdm disable

Author: Daniel Urstöger
Last update: 11-06-2016 20:17


Whats the default username / password for Raspbian Wheezy / Jessie?


Username: pi
Password: raspberry

Author: Daniel Urstöger
Last update: 11-06-2016 20:32


General » Microsoft

How to migrate your Microsoft Account (Live ID) to a different country?

This was not possible for quite a while and gladly Microsoft took care of it:

Log in to http://xbox.com and choose “My Account”
On the bottom right, choose  “Change Xbox account region”
Choose “Next” and select your country
Choose “I agree”

Author: Daniel Urstöger
Last update: 25-07-2013 11:36


Dedicated Servers » Daemon » nginx

How to get list of user-agents from nginx log?

This is actually easy to do and works with our precious cli tools:

awk -F'"' '/GET/ {print $6}' /var/log/nginx/access.log | cut -d' ' -f1 | sort | uniq -c | sort -rn

And here is what happens in detail:

awk - selecting full User-Agent string of GET requests
cut - fetching only the first word of that string
sort - sorting
uniq - counting
sort - sorting by count, reversed

Here is an alternative version that is faster on bigger log files:

sed -n 's!.* "GET.* "\([[:alnum:].]\+/*[[:digit:].]*\)[^"]*"$!\1!p' /var/log/nginx/access.log | sort | uniq -c | sort -rfg

Author: Daniel Urstöger
Last update: 31-07-2013 17:53


How to rate limiting nginx with X-Forwarded-For header?

If you run nginx behind a load balancer, the external IP of the client will not reach your nginx daemon anymore, so instead of $binary_remote_addr you have to use $http_x_forwarded_for in your rate limit statement.

Also make sure your load balancer provides this variable!

limit_req_zone $http_x_forwarded_for zone=zone:10m rate=1r/s;

Author: Daniel Urstöger
Last update: 31-07-2013 17:57


How do I configure nginx to return 429 http code when rate limiting?

Well this is actually what you want, because usually nginx would just send out error 503 and that is simply a server error when instead you are trying to tell the client that the access rate is too high. So we tell nginx to use return code 429 instead of 503:

Put this into nginx.conf in http {}

limit_req_status 429;
limit_conn_status 429;

Author: Daniel Urstöger
Last update: 31-07-2013 18:03


Dedicated Servers » Daemon » vpopmail

How to disable vpopmail (email) user?

This is pretty easy:

vmoduser -d -p -w -i user@domain.com

Author: Daniel Urstöger
Last update: 11-06-2016 20:11


Dedicated Servers » Daemon » dovecot

How to fix “Unknown database driver ‘mysql'"?

If you didn´t compile dovecot from source, you need to install the dovecot-mysql package:

RedHat/CentOS/Fedora:

yum install dovecot-mysql

Debian:

apt-get install dovecot-mysql

If you compiled dovecot from source, you need to add mysql to your compile options.

Author: Daniel Urstöger
Last update: 11-06-2016 20:25