859
edits
Changes
Jump to navigation
Jump to search
Line 2:
Line 2: + + + + + + + + + + + + + Line 9:
Line 22: − ou+ Line 18:
Line 31: + + + + + + + + + Line 92:
Line 114: − AllowUrlfOpen : enabled/disabled + + + + + + + + + Line 191:
Line 221: + + + + Line 200:
Line 234: − + − + − |- − | man <commandname> || shows more info about a command − + − + − + + + + + + + + + Line 222:
Line 262: − + + + Line 230:
Line 272: − + Line 236:
Line 278: − + + + Line 244:
Line 288: − + + + − + − |- − | hdparm -Tt /dev/mdx (where x is 0,1,2,etc) || shows software raid performance − |- − | mdadm --detail /dev/mdx (where x is 0,1,2,etc) || gives raid info − |- − | cat /proc/mdstat || shows software raid Line 267:
Line 307: + + Line 275:
Line 317: + + + + + + Line 284:
Line 332: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 295:
Line 382: − + + + + + + + + + + + + Line 310:
Line 408: + + + + + + + + + + + + + + + + + + + + + + + + + Line 349:
Line 472: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 379:
Line 533: + + + + + + + + Line 400:
Line 562: + + + + Line 409:
Line 575: − + Line 448:
Line 614: + + + + Line 458:
Line 628: − + Line 468:
Line 638: + + + + Line 475:
Line 649: − + Line 484:
Line 658: − + Line 496:
Line 670: + + + + + + + + + + + + + + − + − + Line 508:
Line 696: + + + + + + + + + + + + + Line 544:
Line 745: − + − + Line 552:
Line 753: + − expand-template /etc/mail/spamassassin/local.cf + − svc -t /service/spamd + + Line 574:
Line 777: + + + + + Line 584:
Line 792: − + − + + + + + + + Line 596:
Line 810: + + + − Replace databasename with the name of the database. Line 723:
Line 939: − + Line 764:
Line 980: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 816:
Line 1,067: + + + − + Line 832:
Line 1,086: − + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + − + − + − + + + + + − + − + + + + + + + + Line 859:
Line 1,163: − + + − All other linux common way to start or stop services are also valuable+ − + − /etc/init.d/servicename start/stop/status + − service servicename start/stop/status + − + − + + + + + + + + + + + + + + Line 873:
Line 1,191: − + − {{Note box| If you want to start a service at boot time, you could be interested by [[Add_a_custom_service|this page also]]}}+ − If your package implements a server or daemon, you will probably want it to be started automatically when the system boots. The SME Server boots in runlevel 7, so you can get an idea of the startup processes by listing the contents of /etc/rc.d/rc7.d. − − These are similar to the init scripts you may be familiar with from other Linux systems, with one important difference. Instead of pointing to scripts within /etc/rc.d/init.d, all of those init entries are links to /etc/rc.d/init.d/e-smith-service. This is a wrapper which checks the configuration database to see if the service is supposed to be running and if so, starts the service from /etc/rc.d/init.d/whatever. − − So for example, you might have: − − S90squid -> /etc/rc.d/init.d/e-smith-service − − The e-smith-service script looks up the name it was invoked with (S90squid), drops the prefix (leaving squid), checks the configuration database for the "squid" service, then if it's supposed to run, does: − − /etc/rc.d/init.d/squid start − − * with this way SME's knows how to/if start the service at startup − − config set '''myapplicationname''' service status enabled − − cd /etc/rc.d/init.d − ln -s /path/to/myinitscript '''myapplicationname''' − − '''We are creating a symlink of the original startup script with a new name (the point is that '''myapplicationname''' must be identical to the service name above)''' − cd /etc/rc7.d+ − ln -s /etc/rc.d/init.d/e-smith-service '''SXXmyapplicationname''' + + + − we create a symlink to e-smith-service startup script with a name where: S tells SME to start XX are numbers − You can decide when to start the service '''myapplicationname''', but you should not start something that need the network before the network itself is up and running. Therefore you can see the content of /etc/rc7.d and see which scripts are needed to execute your new startup script+ + + + − signal-event remoteaccess-update − service '''myapplicationname''' start − ====Creating or deleting a service==== − *Creating and starting service+ + − ln -f -s /etc/rc.d/init.d/e-smith-service /etc/rc7.d/S98popfile − /sbin/e-smith/db configuration set popfile service status enabled − /sbin/e-smith/signal-event remoteaccess-update − service popfile start − *Deleting and unregistering service+ + − service popfile stop − sleep 3 − rm -f /etc/rc7.d/S98popfile − rm -f /etc/rc.d/init.d/popfile − /sbin/e-smith/config delete popfile − /sbin/e-smith/signal-event remoteaccess-update − ====Create a service with db command and set network access====+ − [[DB_Variables_Configuration#Additional_information_on_customizing_iptables]]+ + + + + − Create a custom-named service definition in the configuration database.+ − db configuration set <servicename> service+ − Apply your desired firewall restrictions to any existing SME 'service' or to a custom-named service that you have created. Combine a custom-named service with port-forwarding to create customized firewall rules.+ + + + + + − db configuration setprop <servicename> TCPPort <portnumber>+ − db configuration setprop <servicename> TCPPorts <portnumbers> # Ranges of ports are defined with a : not a -+ − db configuration setprop <servicename> UDPPort <portnumber>+ − db configuration setprop <servicename> UDPPorts <portnumbers> # Ranges of ports are defined with a : not a - + − db configuration setprop <servicename> status enabled|disabled+ − db configuration setprop <servicename> access public|private − db configuration setprop <servicename> AllowHosts a.b.c.d,x.y.z.0/24 − db configuration setprop <servicename> DenyHosts e.f.g.h,l.m.n.0/24 + + − Effectuate the changes you have made+ − signal-event remoteaccess-update + Line 1,014:
Line 1,313: −
→PHP settings only for SME9
==SME Server locale==
==SME Server locale==
By default the sme server 8 locale is ISO-8859-1ldapsear
By default the sme server 8 locale is ISO-8859-1ldapsear
==ACL==
===See ACL===
getfacl /path/2/files/or/folders
===set ACL===
setfacl -P -R -m u:apache:rwX,d:u:apache:rwX /path/2/files/or/folders
-R : recursive<br />
-P : physical, follow symlinks
==Apache Related Commands==
==Apache Related Commands==
expand-template /etc/httpd/conf/httpd.conf
expand-template /etc/httpd/conf/httpd.conf
sv h /service/httpd-e-smith
sv h /service/httpd-e-smith
or
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
/usr/bin/sv h /service/httpd-e-smith
/usr/bin/sv h /service/httpd-e-smith
or
or
sv t /service/httpd-e-smith
sv t /service/httpd-e-smith
=====SME10=====
How do I start, restart, stop, reload and check the status of a service (httpd-e-smith.service) with systemd.
# systemctl start httpd-e-smith.service
# systemctl restart httpd-e-smith.service
# systemctl stop httpd-e-smith.service
# systemctl reload httpd-e-smith.service
# systemctl status httpd-e-smith.service
====Enable AllowOverride All/None====
====Enable AllowOverride All/None====
signal-event ibay-modify ibayname
signal-event ibay-modify ibayname
AllowUrlFopen : enabled/disabled
MemoryLimit : set a M as unit, eg 64M
MemoryLimit : set a M as unit, eg 64M
UpMaxFileSize : set a M as unit, eg 64M
UpMaxFileSize : set a M as unit, eg 64M
PostMaxSize : set a M as unit, eg 64M
PostMaxSize : set a M as unit, eg 64M
MaxExecTime: unlimited or set time in second without units, eg 60
MaxExecTime: unlimited or set time in second without units, eg 60
====PHPinfo====
PHPinfo will provide an overview of all PHP related settings. A quick way to get an overview or search for a setting, one could use:
php -r "phpinfo();" | less
or to save to a text file:
php -r "phpinfo();" > phpinfo.txt
or to search for specific values and save to a text file:
php -r "phpinfo();" | grep mysql > phpmysql.txt
===https forced redirection using custom template===
===https forced redirection using custom template===
signal-event post-upgrade
signal-event post-upgrade
signal-event reboot
signal-event reboot
alternately
config show modSSL
config delprop modSSL crt key CertificateChainFile
signal-event ssl-update
==Command-Line Quick Reference Guide==
==Command-Line Quick Reference Guide==
! COMMAND NAME !! DESCRIPTION
! COMMAND NAME !! DESCRIPTION
|-
|-
| du -sh /* || shows your folder sizes by directory in the root (you can adapt to your directory path)
| /usr/sbin/smbd -V || samba version
|-
|-
| df -h || shows disk usage in human readable form
| /usr/sbin/httpd -v || apache version
|-
|-
| uname -a || kernel release version
| httpd -t || verify the syntax of the configuration file of apache
|-
|-
| /usr/sbin/smbd -V || samba version
| httpd -tf /path/to/config/file || verify the syntax of the specified configuration file of apache
|-
|-
| /usr/sbin/httpd -v || apache version
| httpd -t -D DUMP_MODULES || display all loaded modules of apache
|-
|-
| mysql -v || mysql version
| mysql -v || mysql version
|-
|-
| php -v || php version
| php -v || php version
|-
| du -sh /* || shows your folder sizes by directory in the root (you can adapt to your directory path)
|-
| df -h || shows disk usage in human readable form
|-
| man <commandname> || shows more info about a command
|-
| uname -a || kernel release version
|-
|-
| mv || moves or renames a file
| mv || moves or renames a file
| rm || removes or deletes a file
| rm || removes or deletes a file
|-
|-
| ps -aux|grep <process> || outputs processes running <process>
| <nowiki>ps -aux|grep <process></nowiki> || outputs processes running <process>
|-
|-
| ps -AH || report process status
| ps -AH || report process status
|-
| ps fax || display processes by tree with their pid
|-
|-
| top || shows processes
| top || shows processes
| top -i || shows only active processes
| top -i || shows only active processes
|-
|-
| htop || shows processes (more versatile than top)
| htop || shows processes (more versatile than top)
|-
|-
| iptraf || shows network info
| iptraf || shows network info
| mc -d || show midnight commander (cli file browser) to navigate through system easily
| mc -d || show midnight commander (cli file browser) to navigate through system easily
|-
|-
| host -t mx aol.com || shows the mx records for aol.com
| host -t mx aol.com || shows the mx records for aol.com
|-
| dig any aol.com || show all dns records for aol.com (you can choose the dns server by adding its IP or hostname : '@8.8.4.4')
|-
|-
| net groupmap list || shows samba mappings to nt groups
| net groupmap list || shows samba mappings to nt groups
| ifconfig || shows detailed info on ethernet ports
| ifconfig || shows detailed info on ethernet ports
|-
|-
| grep -nsr "casesensitivesearch" /path/to/dir || finds all documents containing the criteria in a dir
| grep -nsr "casesensitivesearch" /path/to/dir || finds all documents containing the criteria in a dir (add 'i' to the options for a non sensitive search)
|-
| grep -nsri server-manager.jpg /etc/e-smith/ || search the file server-manager.jpg in the path directory /etc/e-smith
|-
|-
| grep -nsr server-manager.jpg /etc/e-smith/ || search the file server-manager.jpg in the path directory /etc/e-smith
| grep -P '^www |apache' /etc/group || search after patterns which start by www and/or apache in /etc/group
|-
|-
| tail -f /var/log/<LOGFILE> || realtime viewing of your log file
| tail -f /var/log/<LOGFILE> || realtime viewing of your log file
|-
|-
| tar -czvf foo.tar.gz foo || creates a tar/zip file of a directory
| tar -czvf foo.tar.gz foo || creates a tar/zip file of a directory
|-
|-
| sed '/abba/Id' file.txt || remove all '''lines''' with the string 'abba' (case sensitive) in the file.txt
| sed '/abba/Id' file.txt || remove all '''lines''' with the string 'abba' (case sensitive) in the file.txt
|-
| sed -n '/^www/p' /etc/group || print all line starting by www in the file /etc/group
|-
|-
| watch mysqladmin process || shows the mysql processes running
| watch mysqladmin process || shows the mysql processes running
|-
|-
| who -r || see in which runlevel you are running (7 for sme8, 4 for sme9)
| who -r || see in which runlevel you are running (7 for sme8, 4 for sme9)
|-
| findmnt || findmnt will list all mounted filesytems or search for a filesystem.
|-
| pstree || pstree shows running processes as a tree. The tree is rooted at either pid or init if pid is omitted.
|-
| clamdtop || clamdtop is a tool to monitor one or multiple clamd(s), that shows the jobs in clamd’s queue, memory usage, and information about the loaded signature database.
|}
|}
cd /home/e-smith
cd /home/e-smith
du --si --max-depth 1
du --si --max-depth 1
====UID/GID====
* see informations of a user
id USER
*change the uid of a user
usermod -u '''UID''' USER_NAME
* create a group
groupadd -g '''GID''' -o GROUPE_NAME
* modify the GID of a group
groupmod -o -g '''GID''' GROUPE_NAME
* add a principal group to a user
usermod -g '''GROUP_NAME_OR_GID''' USER_NAME
* add a secondary group to a user
usermod -a -G '''GROUP_NAME_OR_GID''' USER_NAME
====usermod====
*change the home directory (-m move files/folders to the new location)
usermod -d /var/lib/jdownloader jdownloader
* change the shell access of a user
usermod --shell /bin/bash jdownloader
====Read a TAI64N timestamp in human readable format====
[http://cr.yp.to/daemontools/tai64nlocal.html tai64nlocal] converts precise TAI64N timestamps to a human-readable format.
tai64nlocal reads lines from stdin. If a line does not begin with @, tai64nlocal writes it to stdout without change. If a line begins with @, tai64nlocal looks for a timestamp after the @, in the format printed by tai64n, and writes the line to stdout with the timestamp converted to local time in ISO format: YYYY-MM-DD HH:MM:SS.SSSSSSSSS. <br />
Eg
cat /var/log/qpsmtpd/current |tai64nlocal|less
Or
tailf /var/log/sshd/current | tai64nlocal
====adjust the ntp time====
if you want to set the correct time via ntpd without restarting the server<br />
in a root terminal
/etc/init.d/ntpd stop
ntpdate pool.ntp.org
/etc/init.d/ntpd start
and to verify
date
====create missing group and set gid====
====create missing group and set gid====
if the group apache exists but with the wrong gid (example 48) you can set the 102 gid
if the group apache exists but with the wrong gid (example 48) you can set the 102 gid
groupmod -g 102 apache
groupmod -o -g 102 apache
====display what are your network interfaces====
====display what are your network interfaces====
# perl -Mesmith::ethernet -e "print esmith::ethernet::probeAdapters();"
# perl -Mesmith::ethernet -e "print esmith::ethernet::probeAdapters();"
EthernetDriver1 e1000 08:00:27:23:85:a6 "Intel Corporation 82540EM Gigabit Ethernet Controller (rev 02)"
EthernetDriver1 e1000 08:00:27:23:85:a6 "Intel Corporation 82540EM Gigabit Ethernet Controller (rev 02)"
alternatively, and only for SME9 or greater, you can use
# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether AA:BB:CC:DD:EE:FF brd ff:ff:ff:ff:ff:ff
inet 11.22.22.44/XY brd 11.22.33.255 scope global eth0
3: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 10:00:01:02:03:04 brd ff:ff:ff:ff:ff:ff
inet 192.168.45.1/24 brd 192.168.45.255 scope global dummy0
====find files by their size====
====find files by their size====
‘M’ for Megabytes (units of 1048576 bytes)
‘M’ for Megabytes (units of 1048576 bytes)
‘G’ for Gigabytes (units of 1073741824 bytes)
‘G’ for Gigabytes (units of 1073741824 bytes)
====reduce root's user reserved space====
as a default, 5% of the disk space is allocated to root user
you can reduce the allocated space to 1% with (for LVM)
tune2fs -m 1 /dev/mapper/main-root
if you're not using LVM, use
df -h
to see where / is mounted
====find files by the Name====
find ~/smeserver/ -name 'e-smith-backup-2.4.0*'
or use (updatedb is launched every night)
updatedb
locate e-smith-backup-2.4.0
====how much mail data per user is stored on the server====
You can adapt that command line to your needs, here we can see the used disk spaceof all emails stored by your users on your SME Server.
du -s /home/e-smith/files/users/*/Maildir | sort -rn | cut -f2- | xargs -d "\n" du -sh
====Replace a chain of characters====
====Replace a chain of characters====
Replace a chain of characters chaine1 by chaine2 in all files of the current directory with '.txt'
Replace a chain of characters chaine1 by chaine2 in all files of the current directory with '.txt'
the history command can be useful in combination with added comments to shell commands for more precise analysis or (automatic) reporting based on a shell script and cron.
the history command can be useful in combination with added comments to shell commands for more precise analysis or (automatic) reporting based on a shell script and cron.
====Find open ports====
* netstat
# netstat -anp|grep 5232
tcp 0 0 192.168.12.233:5232 0.0.0.0:* LISTEN 2028/python
* nmap
nmap can specify if a port is closed or not
yum install nmap
nmap localhost -p 5232
===Raid===
You have a lot of interesting tutorial [http://wiki.contribs.org/Category:Administration:Storage concerning the Raid]
==== shows software raid performance ====
hdparm -Tt /dev/mdX
(where X is 0,1,2,etc)
==== gives raid info ====
mdadm --detail /dev/mdX
(where X is 0,1,2,etc)
==== shows software raid ====
cat /proc/mdstat
==== remove the degraded raid ====
when you install the smeserver with one drive and in a degraded raid, you will see a 'U_' state but without warnings. If you want to leave just one 'U'
mdadm --grow /dev/md0 --force --raid-devices=1
mdadm --grow /dev/md1 --force --raid-devices=1
===RPM's===
===RPM's===
|-
|-
|rpm -e --test <packagename> || find what packages have <packagename> as dependancy (more verbose as above)
|rpm -e --test <packagename> || find what packages have <packagename> as dependancy (more verbose as above)
|-
| rpm -e --nodeps <packagename> || remove packagename without removing dependencies
|-
|-
| rpm --setugids <packagename> || set right ownership to rpm
| rpm --setugids <packagename> || set right ownership to rpm
|-
|-
| rpm --setperms <packagename> || set right permissions to rpm
| rpm --setperms <packagename> || set right permissions to rpm
|-
| rpm -e --noscripts <packagename> || remove packagename without executing sciptlets (%pre, %post, %preun, %postun)
|-
|-
| rpm -Va || capture any damaged/incomplete rpms - but will also show lots of configuration files, which you of course expect to be modified.
| rpm -Va || capture any damaged/incomplete rpms - but will also show lots of configuration files, which you of course expect to be modified.
|}
|}
====Find upstream rpms patched by contribs.org====
For the need of the distribution we ought to patch some upstream rpms, this is the list
rpm -qa --qf "%{name} %{BuildHost}\n" | grep -P 'build64\-1|builder.koozali.org' | awk '{print $1}' | grep -vP '^smeserver|e\-smith' | sort
====Restore all permissions and ownership====
====Restore all permissions and ownership====
|-
|-
| yum remove <packagename> || removes packagename
| yum remove <packagename> || removes packagename
|-
| yum history package-info <packagename> || Shows the installation/removal history of a package and it's Transaction ID [http://yum.baseurl.org/wiki/YumHistory see more commands]
|-
| yum history undo <Transaction ID> || Removes all packages from a specific Transaction ID [http://yum.baseurl.org/wiki/YumHistory see more commands]
|-
|-
| yum list updates || list updates to any installed package
| yum list updates || list updates to any installed package
| yum search <packagename> || lists all packages in all repos matching packagename
| yum search <packagename> || lists all packages in all repos matching packagename
|-
|-
| yum clean all || Is used to clean up various things which accumulate in the yum cache
| yum clean all --enablerepo=* || Is used to clean up various things which accumulate in the yum cache (includes disabled repos)
|-
|-
| yum --enablerepo=<reponame> <command> || enables a repo not normally enabled
| yum --enablerepo=<reponame> <command> || enables a repo not normally enabled
See the ownership of LDAP database (must be owned ldap:ldap)
See the ownership of LDAP database (must be owned ldap:ldap)
ll /var/lib/ldap/
ll /var/lib/ldap/
===ldif-fix===
it just prints what changes are needed in the ldap tree. With -u instead of -d, those changes are applied
/var/service/ldap/ldif-fix -d
===Parse the ldap catalogue===
===Parse the ldap catalogue===
===namingContexts===
===namingContexts===
we can conduct a simple search of the naming context to see our directory information you can display 'dn' LDAP parameters, either by the [[SME_Server:Documentation:Administration_Manual:Chapter13#Directory|server-manager]] or by the command line :
we can conduct a simple search of the naming context to see our directory information you can display 'dn' LDAP parameters, either by the [[SME_Server:Documentation:Administration_Manual:Chapter13#Directory|server-manager]] or by the command line :
ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts''
or you can do
or you can do
ldapsearch -x -h localhost -s base |grep 'dn'
ldapsearch -x -h localhost -s base |grep 'dn'
# stephane.dtdns.net
# stephane.dtdns.net
'''dn: dc=mycompany,dc=local'''
'''dn: dc=mycompany,dc=local'''
====Retrieve the ldap base====
in a template you can do
baseDN = "ou=Users,{ esmith::util::ldapBase($DomainName); }";
===request a listing of all entries===
===request a listing of all entries===
===Bind with a specific user on LDAP===
===Bind with a specific user on LDAP===
Try to connect to ldap with credentials of a specific user and see the LDAP catalogue. Find the ''''dc'''' by the chapter [[Useful_Commands#namingContexts|above]]
Try to connect to ldap with credentials of a specific user and see the LDAP catalogue. Find the '<nowiki/>'''dc'''' by the chapter [[Useful_Commands#namingContexts|above]]
===Check a specific user in LDAP catalogue===
===Check a specific user in LDAP catalogue===
display informations on the user requested. Find the ''''dc'''' by the chapter [[Useful_Commands#namingContexts|above]]
display informations on the user requested. Find the '<nowiki/>'''dc'''' by the chapter [[Useful_Commands#namingContexts|above]]
'''for sme9'''
'''for sme9'''
'''for sme8'''
'''for sme8'''
ldapsearch -x -D cn=root,dc=mycompany,dc=local -w $(cat /etc/ldap.secret) -b ou=Users,dc=mycompany,dc=local "uid=stephane"
ldapsearch -x -D cn=root,dc=mycompany,dc=local -w $(cat /etc/ldap.secret) -b ou=Users,dc=mycompany,dc=local "uid=stephane"
===Retrieve the ldap password===
* directly in a terminal
perl -Mesmith::util -e 'print esmith::util::LdapPassword();'
* in a template
my $pwd = esmith::util::LdapPassword();
if you need to call the ldap password in a script you can invoke this bash variable
* for sme8
PWD=$(cat /etc/ldap.secret)
* for sme9
PWD=$(cat /etc/pam_ldap.secret)
==Log==
==Log==
===Parse Log to find errors===
===Parse Log files to search for errors===
When you want to test the SME Product it can be useful to see what it occurs
When you want to test the SME Product it can be useful to see what it occurs.
This CL can help you, but you should read the entire log
This CL can help you, but you should read the entire log
grep -iE "uninitialized|WARNING|ERROR" /var/log/messages
grep -iE "uninitialized|WARNING|ERROR" /var/log/messages
{{Note box| you have now a tool in your hand to parse logfile : [[Audit_Tools#logcheck]]. You should be aware that tool is here to help to find errors in the development side of the SME Server and thus you could have a lot of false positive}}
{{Note box| you have now a tool in your hand to parse logfile : [[Audit_Tools#logcheck]]. You should be aware that tool is here to help to find errors in the development side of the SME Server and thus you could have a lot of false positive}}
=== '''Parse log for hack / phishing for missing files''' ===
<syntaxhighlight lang="bash">
EXTIP=`curl -s ifconfig.me/ip`
grep "File does not exist" /var/log/httpd/error_log | sed -e 's#\: /#\n#' | grep "home" | sort -u | sed -e "s#$EXTIP#\<IP\>#g" > dict_err.txt
# grep "File does not exist" /var/log/httpd/admin_error_log | sed -e 's#\: /#\n#' | grep "home" | sort -u | sed -e "s#$EXTIP#\<IP\>#g" > dict_admin_err.txt
</syntaxhighlight>
* verbose output
less /var/log/messages| grep -iE "useless|uninitialized|warn|fail|error|disable|unable|exit"
* search all logs with verbose output
less /var/log/* | grep -iE "useless|uninitialized|warn|fail|error|disable|unable|exit"
==Mail==
==Mail==
===Whitelist and Blacklist===
===Whitelist and Blacklist===
If mail comes in and it is misclassified as spam, you can add the sender to the whitelist so that future messages coming in from that sender are not filtered.
If mail comes in and it is misclassified as spam by Spamasassin, you can add the sender to the Spamassassin whitelist so that future messages coming in from that sender are not filtered.
Conversely, you can add a spammer to the blacklist so you never see their spam again.
Conversely, you can add a spammer to the Spamassassin blacklist so you never see their spam again.
Add senders (or their entire domains) to the global whitelist (or blacklist) with commands similar to these (as root):
Add senders (or their entire domains) to the global whitelist (or blacklist) with commands similar to these (as root):
db spamassassin setprop wbl.global user@domain3.com White
db spamassassin setprop wbl.global user@domain3.com White
db spamassassin setprop wbl.global spammer@spamdomain.com Black
db spamassassin setprop wbl.global spammer@spamdomain.com Black
expland template and save the configuration to the database
expland template and save the configuration to the database
signal-event email-update
You can view the lists with this command:
You can view the lists with this command:
db spamassassin show
db spamassassin show
These lists can be also controlled by the server-manager with the wbl contrib http://wiki.contribs.org/Email_Whitelist-Blacklist_Control
==MySQL==
==MySQL==
'''do not modify these files.'''
'''do not modify these files.'''
* directly in a terminal
perl -Mesmith::util -e 'print esmith::util::LdapPassword();'
* in a template
my $pwd = esmith::util::LdapPassword();
if you need to call the mysql password in a script you can invoke this bash variable
if you need to call the mysql password in a script you can invoke this bash variable
Create a new MySQL database (In this example the database name is databasename. Change '''databasename''', '''username''' and '''password''' with your own choices as required)
Create a new MySQL database (In this example the database name is databasename. Change '''databasename''', '''username''' and '''password''' with your own choices as required)
Login as root and issue the following command:
Login as root and issue the following command to enter the MySQL CLI and create the database:
mysql
mysql
create database '''databasename''';
create database '''databasename''';
grant all privileges on '''databasename'''.* to '''username''' identified by ''''password'''';
grant all privileges on '''databasename'''.* to '''username''' identified by '<nowiki/>'''password'''';
flush privileges;
flush privileges;
exit
exit
or directly from the shell or script:
mysql -e "create database '''databasename''';"
mysql -e "grant all privileges on '''databasename'''.* to '''username''' identified by '<nowiki/>'''password'''';"
mysql -e "flush privileges;"
===Remove a database===
===Remove a database===
drop database databasename;
drop database databasename;
or from the shell. Confirmation will be asked.
mysqladmin drop databasename
Replace databasename with the name of the database.
===Remove a user===
===Remove a user===
Get access to the SME Server shell and MySQL and issue the following command:
Get access to the SME Server shell and MySQL and issue the following command:
===Configure <b><u>PHP Basedir</u></B> Restriction per ibay===
===Configure <b><u>PHP Basedir</u></b> Restriction per ibay===
db accounts setprop IBAYNAME PHPBaseDir DIR1:DIR2:DIRn
db accounts setprop IBAYNAME PHPBaseDir DIR1:DIR2:DIRn
For SME9 exclusively see [[Useful_Commands#PHP_settings_only_for_SME9]]<br />
For SME9 exclusively see [[Useful_Commands#PHP_settings_only_for_SME9]]<br />
Not secure. Instead use per ibay or directory.
Not secure. Instead use per ibay or directory.
==SAMBA==
===shows samba mappings to nt groups===
net groupmap list
===manage the SAM database(Database of Samba Users)===
The pdbedit program is used to manage the users accounts stored in the sam database and can only be run by root.
pdbedit -u USER -v
for example
pdbedit -u stephane -v
===check an smb.conf configuration===
testparm - check an smb.conf configuration file for internal correctness
testparm -vs
===The Trust Relationship Failure===
Using Samba 3 sometimes some Windows computers fall off the domain, resulting in a trust relationship failure.
The trust relationship between this workstation and the primary domain failed.
This is generally caused by mis-matched work-station and domain controller account passwords. To reset this you must un-join/re-join the domain.
===enable samba audit logs for ibays===
Samba audit logging can be enabled for ibays using db variables.
Samba activity is logged in /var/log/samba/samba_audit
To enable audit logging for an ibay named "fileshare":
<nowiki>db accounts setprop fileshare Audit enabled
signal-event ibay-modify fileshare</nowiki>
To enable audit logging for every ibay on your server:
<nowiki>for ibay in $(db accounts show |grep \=ibay |cut -d= -f1); do db accounts setprop $ibay Audit enabled; done
signal-event ibay-modify</nowiki>
The details of what gets logged are controlled by /etc/e-smith/templates/etc/smb.conf/ibays/10smbaudit
==SME Server specific==
==SME Server specific==
& to check it's running
& to check it's running
sv s /service/squid
sv s /service/squid
===SystemConfig===
Some relative Informations to your system are recorded in the configuration database
config show sysconfig
===db command===
===db command===
{{note box|SME Server comes with the most used parameters set as variables in its internal configuration databases. These variables are used to store values to be used in the final configuration files. Please, read the [[SME_Server:Documentation:Developers_Manual:Section2]] to understand the template and database process.}}
{{note box|SME Server comes with the most used parameters set as variables in its internal configuration databases. These variables are used to store values to be used in the final configuration files. Please, read the [[SME_Server:Documentation:Developers_Manual:Section2]] to understand the template and database process.}}
you can see this page of the wiki [[DB_Variables_Configuration]]
you can see this page of the wiki [[DB_Variables_Configuration]] and the [[Db_command_tutorial]]
==== Setting db variables to default values ====
==== Setting db variables to default values ====
db accounts delprop <key> <prop>
db accounts delprop <key> <prop>
==== Reset a property value ====
==== Reset a property to an empty value ====
To reset to an empty value
To reset to an empty value
db accounts setprop <key> <prop> <nowiki>''</nowiki>
db accounts setprop <key> <prop> <nowiki>''</nowiki>
{{Warning box|Database parameters are case sensitive so take great care when typing at the server shell because no error messages are given should you make a mistake.}}
{{Warning box|Database parameters are case sensitive so take great care when typing at the server shell because no error messages are given should you make a mistake.}}
====Create DB key manually by a script====
An example on how create by hand some db with contents in a script. all these db can not be erased because for every 'post-upgrade signal-event; signal-event reboot', the default values set manually below will return.
mkdir -p /etc/e-smith/db/accounts/defaults/wordpress
echo "reserved" > /etc/e-smith/db/accounts/defaults/wordpress/type
mkdir -p /etc/e-smith/db/configuration/defaults/wordpress
echo "configuration" > /etc/e-smith/db/configuration/defaults/wordpress/type
echo "Wordpress weblog" > /etc/e-smith/db/configuration/defaults/wordpress/Name
echo "global" > /etc/e-smith/db/configuration/defaults/wordpress/PublicAccess
echo "enabled" > /etc/e-smith/db/configuration/defaults/wordpress/status
echo "wordpress" > /etc/e-smith/db/configuration/defaults/wordpress/DbName
echo "wordpress" > /etc/e-smith/db/configuration/defaults/wordpress/DbUser
echo "en" > /etc/e-smith/db/configuration/defaults/wordpress/WpLang
in order to initialize all db settings
/etc/e-smith/events/actions/initialize-default-databases
====Create DB key manually by 'config'====
If you want to create a key entry manually you can use the 'config' command and save properties in the '''configuration database'''. For your information, once deleted you cannot retrieve default values as above.
The generic Command line is :
config configuration set key type [prop1 val1] [prop2 val2] ...
for example you can do
config set plop configuration Name wordpress PublicAccess private status enabled DbName wordpress DbUser wordpress WpLang en
you can see the result
config show plop
plop=configuration
DbName=wordpress
DbUser=wordpress
Name=wordpress
PublicAccess=private
WpLang=en
status=enabled
===Modify Hidden settings of users===
===Modify Hidden settings of users===
====Give a shell access to "user"====
====Grant bash access to a "user"====
db accounts setprop '''user''' Shell /bin/bash
db accounts setprop '''user''' Shell /bin/bash
signal-event user-modify user
signal-event user-modify '''user'''
====Give a Sudo access to "user"====
====Grant vpn access to a "user"====
db accounts setprop '''user''' VPNClientAccess yes
signal-event user-modify '''user'''
====Grant sudo access to a "user"====
db accounts setprop '''user''' Sudoer yes
db accounts setprop '''user''' Sudoer yes
signal-event user-modify user
signal-event user-modify '''user'''
====Chroot "user" on FTP usage====
====Chroot "user" on FTP usage====
db accounts setprop '''user''' ChrootDir /home/e-smith/files/users/user/home
db accounts setprop '''user''' ChrootDir /home/e-smith/files/users/user/home
signal-event user-modify user
signal-event user-modify '''user'''
=== General Service Handling ===
=== General Service Handling ===
====SME9====
SME Server uses [http://smarden.org/runit/ runit], a UNIX init scheme with service supervision. See the man page of [http://smarden.org/runit/sv.8.html the 'sv' command]
All other linux common way to start or stop services are also valuable
/etc/init.d/servicename start/stop/status
service servicename start/stop/status
*start
*start
*restart
*restart
sv t /service/servicename
sv t /service/servicename
* status
sv s /service/servicename
{{tip box|you may use TAB to auto-complete your command line}}
{{tip box|you may use TAB to auto-complete your command line}}
you have some shortcuts
down => 'd',
stop => 'd',
up => 'u',
start => 'u',
====Example====
restart => 't',
sigterm => 't',
adjust => 'h',
reload => 'h',
sighup => 'h',
sigusr1 => '1',
sigusr2 => '2',
once => 'o',
pause => 'p',
alarm => 'a',
interrupt => 'i',
quit => 'q',
kill => 'k',
exit => 'x',
Restarting:
Restarting:
sv t /service/httpd-e-smith
sv t /service/httpd-e-smith
===allow a service to start for a particular time===
====SME10====
'''Systemctl''' is a '''systemd''' utility that is responsible for Controlling the '''systemd''' system and service manager. '''Systemd''' is a collection of system management daemons, utilities, and libraries which serves as a replacement of '''System V init''' daemon. Systemd functions as central management and configuration platform
To list all loaded services on your system (whether active; running, exited or failed, use the '''list-units''' subcommand and <code>--type</code> switch with a value of service.
# systemctl list-units --type=service
OR
# systemctl --type=service
But to get a quick glance of all running services (i.e all loaded and actively running services), run the following command.
# systemctl list-units --type=service --state=running
OR
# systemctl --type=service --state=running
List all failed units.
# systemctl --failed
Check whether a Unit or Service is running or not?.
# systemctl status httpd-e-smith
How do I start, restart, stop, reload and check the status of a service ('''httpd.service''') in Linux.
# systemctl start httpd-e-smith.service
# systemctl restart httpd-e-smith.service
# systemctl stop httpd-e-smith.service
# systemctl reload httpd-e-smith.service
# systemctl status httpd-e-smith.service
===Add a custom service===
see this [[Add_a_custom_service |page]]
==SSL==
===Test SSL certificate===
This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.
https://www.ssllabs.com/ssltest/
===SSL diagnostic===
The s_client command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS. It is a very useful diagnostic tool for SSL servers.<br />
[https://www.openssl.org/docs/apps/s_client.html openssl s_client] Documentation
*on sme
openssl s_client -connect localhost:993
*on a remote host
openssl s_client -connect yourdomain:993
===SSL Signature algorithm===
you can verify the algorithm signature of your certificate<br />
for example
openssl x509 -noout -text -in /home/e-smith/ssl.pem/sme9dev2.mycompany.local.pem
== SSH ==
== SSH ==
https://localhost:9443/server-manager
https://localhost:9443/server-manager