Oct 26 2011

Setting modem Haier CE 210 Ubuntu

Published by admin under Tutorial

Seperti yang saya katakan pada artikel sebelumnya, bahwa setting modem CDMA Haier CE 210 di Linux Ubuntu tidaklah sulit. Untuk Ubuntu/Sabily dengan kernel terbaru sebenarnya modem ini sudah terdeteksi dengan sempurna dalam sistem dan bisa langsung disetting koneksi internetnya melalui network manager bawaan Ubuntu/Sabily.

Berikut akan saya tulis cara setting koneksi internet melalui modem tersebut pada Sistem Operasi tersebut. Continue Reading »

No responses yet

Jan 19 2010

Moving ZCS to Another Server

Published by admin under Uncategorized

Introduction

Either you, or someone you know has been there. Almost out of Disk space, RAM is topped out, and the CPU is constantly running above 80%. It’s time to upgrade the hardware. But how easy and safe is it to move the Zimbra server instance? Well, it’s easier than you might think.In this Zimbra Administrator’s PowerTip, we’ll discuss how to migrate your Zimbra server to another Machine or OS. The one big caveat is that both instances of Zimbra MUST be running the same version. So if your old server is running 4.5.5, then you’ll need to install 4.5.5 on your new server. This wouldn’t be the time to upgrade your ZCS version.

Part 1 : Backing Up

Step by Step:

  1. As zimbra: zmcontrol stop
  2. As root: ps aux | grep zimbra (make sure everything’s stopped)
  3. Mount external disc to location of your choice. ex: /mnt/migration
  4. As root: rsync -avH /opt/zimbra /mnt/migration (this may take a while)

Zimbra Network Edition contains a backup feature, and although it’s useful, we won’t be using it in this tip.

We have an external Hard Disc mounted to /mnt/migration. When rsync’ed, this is now your live copy (although it’s not live), and you should always have a backup of your live data. So, you might want to rsync again to another location to be safe.

Once you’ve rsync’ed all your data, umount the external drive, and put it somewhere safe.

Part 2 : Meet Your New Server

Step by Step:

  1. Install Newer (supported) Operating System
  2. Turn off older ZCS Server
  3. Set up newer ZCS Server’s Network/Hostname is it was on the older server

The only thing that really matters on your new server, is whether or not meets Zimbra’s server Hardware and the Operating System requirements.

It’s also very important that you have resolved any dependency issues. The ZCS installer for your newer OS should check for these.

Setup the newer server with the old server’s networking attributes. Make sure your older server is offline.

If changing the hostname, please see this wiki article: Set zmhostname
Part 3 : Create a “dummy” Install Then Remove It

Step by Step:

  1. Download the version of ZCS (ie 4.5.5 or 4.0) for the new OS you have
  2. As Root: Run the installer with the -s option: ./install.sh -s
  3. As Root: Remove the dummy install: rm -rf /opt/zimbra

The goal of this step is to get the rpm/dpkg databases correct. When you download ZCS, make sure it’s for your newer OS, and the SAME version of ZCS that’s rsync’ed.

Run the installer with the -s option. This tells the installer to only install the software, and not to configure the installation.

Once the installer has completed, delete it by rm -rf /opt/zimbra. This wipes any dummy data you have in that location.
Part 4 : Mount Your Backup HD, rsync, and Install

Step by Step:

  1. Mount external Hard drive
  2. As Root: rsync your backup to the new location: rsync -avH /mnt/migration/zimbra /opt/
  3. Unmount external Hard drive and keep it safe
  4. As Root: run zmfixperms located in /opt/zimbra/libexec
  5. As Root: rerun the installer without the -s option

Connect and mount your external hard drive. Then, rsync the backed up data to its new location (rsync -avH /mnt/migration/zimbra /opt).

Connect and mount your external hard drive. Then, rsync the backed up data to its new location (rsync -avH /mnt/migration/zimbra /opt).
Unmount your backed up copy, and keep it in a safe place.
Now that our data is all in place, we need to fix some permissions. Go into the /opt/zimbra/libexec directory and run zmfixperms. This helps insure that all the files are owned correctly.
Once that has completed, re run the installer that you downloaded. It will detect ZCS already installed, and ask if you want to upgrade. Select Yes.

Source: www.zimbrablog.com

No responses yet

Jan 19 2010

AppArmor

Published by admin under Uncategorized

AppArmor is a Linux Security Module implementation of name-based mandatory access controls. AppArmor confines individual programs to a set of listed files and posix 1003.1e draft capabilities.

AppArmor is installed and loaded by default. It uses profiles of an application to determine what files and permissions the application requires. Some packages will install their own profiles, and additional profiles can be found in the apparmor-profiles package.

To install the apparmor-profiles package from a terminal prompt:

sudo apt-get install apparmor-profiles

AppArmor profiles have two modes of execution:

  • Complaining/Learning: profile violations are permitted and logged. Useful for testing and developing new profiles.
  • Enforced/Confined: enforces profile policy as well as logging the violation.

Using AppArmor

The apparmor-utils package contains command line utilities that you can use to change the AppArmor execution mode, find the status of a profile, create new profiles, etc.

  • apparmor_status is used to view the current status of AppArmor profiles. 
    sudo apparmor_status
  • aa-complain places a profile into complain mode. 
    sudo aa-complain /path/to/bin
  • aa-enforce places a profile into enforce mode. 
    sudo aa-enforce /path/to/bin
  • The /etc/apparmor.d directory is where the AppArmor profiles are located. It can be used to manipulate the mode of all profiles.Enter the following to place all profiles into complain mode: 
    sudo aa-complain /etc/apparmor.d/*

    To place all profiles in enforce mode:

    sudo aa-enforce /etc/apparmor.d/*
  • apparmor_parser is used to load a profile into the kernel. It can also be used to reload a currently loaded profile using the -r option. To load a profile: 
    cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a

    To reload a profile:

    cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r
  • /etc/init.d/apparmor can be used to reload all profiles: 
    sudo /etc/init.d/apparmor reload
  • The /etc/apparmor.d/disable directory can be used along with the apparmor_parser -R option to disable a profile. 
    sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/
sudo apparmor_parser -R /etc/apparmor.d/profile.name

    To re-enable a disabled profile remove the symbolic link to the profile in /etc/apparmor.d/disable/. Then load the profile using the -a option.

    sudo rm /etc/apparmor.d/disable/profile.name
cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a
  • AppArmor can be disabled, and the kernel module unloaded by entering the following: 
    sudo /etc/init.d/apparmor stop
sudo update-rc.d -f apparmor remove
  • To re-enable AppArmor enter: 
    sudo /etc/init.d/apparmor start
sudo update-rc.d apparmor defaults
[Note]
Replace profile.name with the name of the profile you want to manipulate. Also, replace /path/to/bin/ with the actual executable file path. For example for the ping command use /bin/ping

Profiles

AppArmor profiles are simple text files located in /etc/apparmor.d/. The files are named after the full path to the executable they profile replacing the “/” with “.”. For example /etc/apparmor.d/bin.ping is the AppArmor profile for the /bin/ping command.

There are two main type of rules used in profiles:

  • Path entries: which detail which files an application can access in the file system.
  • Capability entries: determine what privileges a confined process is allowed to use.

As an example take a look at /etc/apparmor.d/bin.ping:

#include <tunables/global>
/bin/ping flags=(complain) {
  #include <abstractions/base>
  #include <abstractions/consoles>
  #include <abstractions/nameservice>

  capability net_raw,
  capability setuid,
  network inet raw,

  /bin/ping mixr,
  /etc/modules.conf r,
}
  • #include <tunables/global>: include statements from other files. This allows statements pertaining to multiple applications to be placed in a common file.
  • /bin/ping flags=(complain): path to the profiled program, also setting the mode to complain.
  • capability net_raw,: allows the application access to the CAP_NET_RAW Posix.1e capability.
  • /bin/ping mixr,: allows the application read and execute access to the file.
[Note]
After editing a profile file the profile must be reloaded. See the section called “Using AppArmor” for details.

Creating a Profile

  • Design a test plan: Try to think about how the application should be exercised. The test plan should be divided into small test cases. Each test case should have a small description and list the steps to follow.Some standard test cases are:
    • Starting the program.
    • Stopping the program.
    • Reloading the program.
    • Testing all the commands supported by the init script.
  • Generate the new profile: Use aa-genprof to generate a new profile. From a terminal: 
    sudo aa-genprof executable

    For example:

    sudo aa-genprof slapd
  • To get your new profile included in the apparmor-profiles package, file a bug in Launchpad against the AppArmor package:
    • Include your test plan and test cases.
    • Attach your new profile to the bug.

Updating Profiles

When the program is misbehaving, audit messages are sent to the log files. The program aa-logprof can be used to scan log files for AppArmor audit messages, review them and update the profiles. From a terminal:

sudo aa-logprof

Sorcce: help.ubuntu.com

No responses yet

Jan 19 2010

SCPonly chroot with Ubuntu Hardy 8.04 64-bit

Published by admin under Uncategorized

howto how to scponly ubuntu server

This is a quick howto for installing SCPonly on Ubuntu Hardy 64-bit.

Step 1

Firstly, install scponly through apt.

sudo aptitude install scponly

Then, use dpkg-reconfigure to enable the chrooted version, “scponlyc”. Answer yes to the rather ominous sounding security message.

sudo dpkg-reconfigure -plow scponly

Then extract and make executable the script to setup the chroot.

cd /usr/share/doc/scponly/setup_chroot
sudo gunzip setup_chroot.sh.gz
sudo chmod +x setup_chroot.sh

This script is fine for 32-bit users, but broken for us 64-bit types, so you’ll need to change it slightly. Open it up in your text editor, find the line starting LDSO_LIST and modify as follows.

sudo vim /usr/share/doc/scponly/setup_chroot/setup_chroot.sh

LDSO_LIST=”/lib/ld.so /libexec/ld-elf.so /libexec/ld-elf.so.1 /usr/libexec/ld.so /lib/ld-linux.so.2 /usr/libexec/ld-elf.so.1″

Add “/lib/ld-2.7.so”, which should result in

LDSO_LIST=”/lib/ld-2.7.so /lib/ld.so /libexec/ld-elf.so /libexec/ld-elf.so.1 /usr/libexec/ld.so /lib/ld-linux.so.2 /usr/libexec/ld-elf.so.1″

The script should now run fine. Enter details relevant to you (the defaults are sensible) and change the script to be unexecutable when you’ve finished.

sudo ./setup_chroot.sh
sudo chmod -x setup_chroot.sh

There used to be a bug to do with the chrooted /dev/null, I didn’t find this to be a problem, but in case, you might need to run the following (this assumes you installed your chroot in the default location).

sudo mknod -m 666 /home/scponly/dev/null c 1 3

If you’re using a 32-bit system, skip to Step 2

Step 1.1 - fixes for 64-bit

The problem is that some library files needed for a chroot on a 64-bit system aren’t included by the setup_chroot.sh script and you’ll get errors in /var/log/auth.log like “failed: /usr/lib/sftp-server with error No such file or directory”

You’ll need to copy the following files to remedy this.

(This assumes you’re still in your scponly chroot directory!)

sudo cp -p /lib/libncurses.so.5 lib/
sudo cp -p /lib/libncurses.so.5 lib/
sudo cp -p /lib/libdl.so.2 lib/
sudo cp -p /lib/libc.so.6 lib/
sudo mkdir lib64
sudo cp -p /lib64/ld-linux-x86-64.so.2 lib64/

Just for the sake of security, edit /etc/shells and remove the line “/usr/bin/scponly”, which allows un-chrooted scponly users.
Your chroot should now have everything it needs to run correctly, next you need modify/setup scponly users.

Step 2

To add a user and make their home dir in the chroot.

sudo useradd -d /home/scponly//exampleuser -m -s /usr/sbin/scponlyc exampleuser

Note: The double forward slash is meant to be there!

Then get the users line from /etc/passwd and add it to the chroot passwd file.

tail -n 1 /etc/passwd
sudo vim /home/scponly/etc/passwd

Paste the line in and you should be all set!

Source: www.quae.co.uk

No responses yet

Jan 19 2010

How to install PHP GD2 library on Ubuntu

Published by admin under Uncategorized

I needed to install the PHP GD2 library to support the WordPress captcha plugin SI CAPTCHA Anti-Spam.  I found the right library and installed it with this apt-get command:

view source

print?

1.sudo apt-get install php5-gd

But SI CAPTCHA Anti-Spam test page still said GD Support: No.  The fix?  I had to restart apache:

view source

print?

1.sudo /etc/init.d/apache2 restart

I tried the SI CAPTCHA Anti-Spam test again, and I got a big smiley face.  It worked!

Source: lifeonubuntu.com

No responses yet

Next »