Setting Up a Secure Apache 2 Server

http://www.informit.com/articles/article.aspx?p=30115&seqNum=1

Requirements
openssl-0.9.7g-2.12
openssl-devel-0.9.7g-2
httpd-2.0.58

Configuring Apache
#./configure --enable-module=so --enable-ssl --with-ssl=/usr/include/openssl
#make
#make install
#/usr/local/apache2/bin/httpd -l (to list available modules

Creating a Key Pair
#openssl req -new -key www.example.com.key -out www.example.com.csr
#openssl genrsa -des3 -out www.example.com.key 1024

to backup key (optional):
#./usr/local/ssl/bin/openssl rsa -noout -text -in www.example.com.key

Creating a Self-Signed Certificate
#openssl x509 -req -days 30 -in www.example.com.csr -signkey www.example.com.key -out www.example.com.cert

# chmod 400 www.example.com.key

Edit /usr/local/apache2/conf/ssl.conf
Listen 80
Listen 443
ServerName http://www.example.com
SSLEngine on
SSLCertificateFile \
/etc/ssl/certs/www.example.com.cert
SSLCertificateKeyFile \
/etc/ssl/certs/www.example.com.key

Starting the server
#/usr/local/apache2/bin/apachectl startssl

asterisk + mySQL table = refined

You have two options in /usr/src/asterisk-addons:
1. Add CFLAGS+=-DMYSQL_LOGUNIQUEID to the Makefile.
2. Add a #define MYSQL_LOGUNIQUEID to the top of cdr_addon_mysql.c.

- perform the usual make clean, make, make install.

Table definitions for Asterisk cdr_mysql

Create the database
mysql --user=root --password=password -h dbhost

CREATE DATABASE asterisk;

GRANT INSERT
ON asterisk.*
TO asterisk@localhost
IDENTIFIED BY 'yourpassword';

(Remote MySQL server permissions)
GRANT INSERT
ON asterisk.*
TO asterisk@localhost
IDENTIFIED BY 'yourpassword';

USE asterisk;

CREATE TABLE `cdr` (
`calldate` datetime NOT NULL default '0000-00-00 00:00:00',
`clid` varchar(80) NOT NULL default '',
`src` varchar(80) NOT NULL default '',
`dst` varchar(80) NOT NULL default '',
`dcontext` varchar(80) NOT NULL default '',
`channel` varchar(80) NOT NULL default '',
`dstchannel` varchar(80) NOT NULL default '',
`lastapp` varchar(80) NOT NULL default '',
`lastdata` varchar(80) NOT NULL default '',
`duration` int(11) NOT NULL default '0',
`billsec` int(11) NOT NULL default '0',
`disposition` varchar(45) NOT NULL default '',
`amaflags` int(11) NOT NULL default '0',
`accountcode` varchar(20) NOT NULL default '',
`uniqueid` varchar(32) NOT NULL default '',
`userfield` varchar(255) NOT NULL default ''
);

ALTER TABLE `cdr` ADD INDEX ( `calldate` );
ALTER TABLE `cdr` ADD INDEX ( `dst` );
ALTER TABLE `cdr` ADD INDEX ( `accountcode` );

/etc/asterisk/cdr_mysql.conf
[global]
hostname=192.168.10.5
dbname=asterisk
table=cdr
password=asterisk
user=asterisk
port=3306
sock=/var/lib/mysql/mysql.sock
;userfield=1

/etc/asterisk/modules.conf
load => cdr_addon_mysql.so
[global]

genksyms not found on 64bit kernel

http://folk.uio.no/oeysteio/orinoco-usb/building.html

$ cd /lib/modules/$(uname -r)/
$ rm build
$ ln -s source build
$ cd build/
$ su
(root password)
$ make mrproper
$ make cloneconfig
$ make prepare-all

Important: You must change

make prepare-all

to

make prepare scripts


if you get an error similar to:
/bin/sh: scripts/genksyms/genksyms: No such file or directory

Required CPAN Modules for Mon

#perl -MCPAN -e shell
cpan>install Time::Period
cpan>install Time::HiRes
cpan>install Convert::BER
cpan>install Mon::Protocol
cpan>install Mon::SNMP
cpan>install Mon::Client

And, depending upon what you want to monitor, you may also wish to install the following optional modules:
cpan>install Filesys::DiskSpace
cpan>install Net::Telnet
cpan>install Net::LDAPapi
cpan>install Net::DNS
cpan>install SNMP

Creating GSM files with SOX

# sox inputfile.wav -r 8000 -c 1 output.gsm resample -ql

Null Modem for High Availability

Null modem cable pin mapping
This is one very common mapping which will work with software that relies on proper assertion of the CD signal.

Signal Name	DB-25 Pin	DE-9 Pin		DE-9 Pin	DB-25 Pin
FG (Frame Ground)	1	-	X	-	1	FG
TD (Transmit Data)	2	3	-	2	3	RD
RD (Receive Data)	3	2	-	3	2	TD
RTS (Request To Send)	4	7	-	8	5	CTS
CTS (Clear To Send)	5	8	-	7	4	RTS
SG (Signal Ground)	7	5	-	5	7	SG
DSR (Data Set Ready)	6	6	-	4	20	DTR
CD (Carrier Detect)	8	1	-	4	20	DTR
DTR (Data Terminal Ready)	20	4	-	1	8	CD
DTR (Data Terminal Ready)	20	4	-	6	6	DSR

#Use 1-4 & 4-1 for 9 pin HA null modem.

File Descriptors vs Linux Performance

To increase OS system-wide file descriptors limit

http://bloggerdigest.blogspot.com/2006/10/file-descriptors-vs-linux-performance.html

1. Set both the hard limit and soft limit of file descriptors, to as maximum as possible, to either all (the asterisk in first column) or individual user login account (replace the asterisk in the first column to the user login account)
   
   
• Modify /etc/security/limits.conf by appending or amending these line
  
  
@root soft nofile 1024
@root hard nofile 4096
to
@root soft nofile 100000
@root hard nofile 102400

Refer to the topic of Linux ulimit command

Zimbra: Daily mail report always reports "No messages found"

http://www.zimbra.com/forums/installation/3332-daily-mail-report-always-reports-no-messages-found.html
http://www.zimbra.com/forums/27508-post20.html

zmloggerinit is probably not what you wanted to do. In either case you'll most likely need to run it again, but first remove the logger db files.

Code:

% su - zimbra
% rm -rf logger/db
% zmloggerinit

That will get you back to a functioning state.
The logger db was either not competely initialized or the database got corrupted somehow (did your disk fill up?). You can reset it with the above commands or try to recover the raw_logs table by logging into the logger db and running repair table raw_logs; You'll need the logger_root_passwd from zmlocalconfig.

Ghostscript

Most Linux users have Ghostscript, and Ghostscript is supposed to be
able to append PDFs. The way it works is that it "prints" the files in
sequence, but directs them to a loopback type of printer driver that
actually generates a new PDF. Here's the command:

gs -q -sPAPERSIZE=letter -dNOPAUSE -dBATCH -sDEVICE=pdfwrite
-sOutputFile=out.pdf in1.pdf in2.pdf in3.pdf ...

Make appropriate substitutions for different paper sizes (apparently
nobody in North America has ever wanted to do this, because other
examples on the Web invariably specify A4 paper), filenames, etc. I've
found this technique to work quite well. Unfortunately, it caused
Ghostscript to die with a segfault on some of the input I wanted to run
it with, and nothing I could do would get it to process some of those files.

Cannot Load Zaptel module because crc_ccitt table not found

This is because you are missing the crc_ccitt library routine.
Go to /lib/modules/$(uname -r)/build
type:

#>make menuconfig

In the ncurses utility,
Go to Library routines
Include:
CRC-CCITT functions
(save) and (exit)

to build modules, type:
make modules

This will rebuild all your modules, including crc-ccitt. After you are done, the crc-ccitt module will be located in ./lib

copy the crc-ccitt.ko (for 2.6 kernels) or crc-ccitt.o (for 2.4 kernels)to /lib/modules/$(uname -r)/kernel/lib/

Installing Wanpipe on SuSe

(Only for the version before 10.1)
http://sangoma.editme.com/wanpipe-linux-asterisk-appendix#WanpipeOnSuse

The wanpipe drivers assume the kernel source is located in /lib/modules/$(uname -r)/build. and in SuSe, this symbolic link points to the headers only. There is a symbolic link in /lib/modules/$(uname -r)/source that points to the kernel source.

To compile on SuSe:

1. Apply the current kernel configuration.
Copy .config file from headers to source

#>cp /lib/modules/$(uname -r)/build/.config /lib/modules/$(uname -r)/source/.config

Set the symbolic link in /lib/modules/$(uname -r)/build to point to the kernel source
#>cd /lib/modules/$(uname -r)
#>mv build build_old
Find the location of your source:
#>ls -al source
It will look like this: source -> /usr/src/linux-2.6.11.4-20a (adjust for your current kernel version)
Create a symbolic link toyour kernel source with name build
#>ln -s /usr/src/linux-2.6.11.4-20a build
Update current configurations from the .config file
#>cd build
#>make menuconfig
#>make prepare-all

SIPp

SIPp is a free Open Source test tool / traffic generator for the SIP protocol.
http://sipp.sourceforge.net/

Run:
sipp -sn type -d duration(sec) -s test number SIP Server -l calls -i Local IP
sipp -sn uac -d 30000 -s 500 192.168.10.229 -l 5 -i 192.168.10.5

Building Apache + PHP4

Apache2:
./configure --enable-module=so
make
make install

PHP:
./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-pgsql --with-mysql --with-zlib --enable-calendar
make
make install

Set up environment and apache:
cp php.ini-dist /usr/local/lib/php.ini
cd /usr/local/apache2/conf
vi httpd.conf

add:
AddType application/x-httpd-php .php

Unique ID in asterisk & mySQL

Storing the Unique ID

Q: It would appear that the "uniqueid" field is not being populated in the MySQL CDR DB. Is this an obsolete field or is a bug?

A: You need to define MYSQL_LOGUNIQUEID at compile time for it to use that field.

You have two options in /usr/src/asterisk-addons:
1. Add CFLAGS+=-DMYSQL_LOGUNIQUEID to the Makefile.
2. Add a #define MYSQL_LOGUNIQUEID to the top of cdr_addon_mysql.c.

Finally perform the usual make clean, make, make install. Be sure to check the Makefile for the presence of this flag after having done a CVS update! You will most probably also want to index the uniqueid field in your cdr table to improve performance.

You will also have to add a `uniqueid` column in your mysql database after the `accountcode` column:
ALTER TABLE `cdr` ADD `uniqueid` VARCHAR(32) NOT NULL default '' after `accountcode`;

What would I need all this for? For example you are running an AGI script and would like to be able to related AGI data with the CDR table. The problem is that the AGI script will lose connection to the call as soon as the caller hangs up, so you'll need a way to find the correct cdr entry (that'll also be created only after the call has been completed).

Asterisk + MySQL

http://www.voip-info.org/wiki-Asterisk+cdr+mysql

Asterisk can store CDR records in a MySQL database, as an alternative to CSV text files and other database formats.

Due to Mysql client libraries licensing, the Mysql billing application is no longer an integrated part of the Asterisk standard distribution. It is now located in the asterisk-addons CVS directory.

You must have mysql and mysql-devel packages installed.

Compile

# cd asterisk-addons-1.2
# make clean
# make
# make install


A sample configuration file, can be found on the cdr_mysql.conf page.

Copy the sample configuration file to /etc/asterisk/cdr_mysql.conf and edit it according to your requirements. Then edit your modules.conf to load cdr_addon_mysql.so and finally restart asterisk; before the restart you should, however, check that your cdr table has been created correctly and is accessible to the username and password you specified.

Table definitions for Asterisk cdr_mysql

Create the database
mysql --user=root --password=password -h dbhost

CREATE DATABASE asterisk;

GRANT INSERT
ON asterisk.*
TO asterisk@localhost
IDENTIFIED BY 'yourpassword';

(Remote MySQL server permissions)
GRANT INSERT
ON asterisk.*
TO asterisk@localhost
IDENTIFIED BY 'yourpassword';

USE asterisk;

CREATE TABLE `cdr` (
`calldate` datetime NOT NULL default '0000-00-00 00:00:00',
`clid` varchar(80) NOT NULL default '',
`src` varchar(80) NOT NULL default '',
`dst` varchar(80) NOT NULL default '',
`dcontext` varchar(80) NOT NULL default '',
`channel` varchar(80) NOT NULL default '',
`dstchannel` varchar(80) NOT NULL default '',
`lastapp` varchar(80) NOT NULL default '',
`lastdata` varchar(80) NOT NULL default '',
`duration` int(11) NOT NULL default '0',
`billsec` int(11) NOT NULL default '0',
`disposition` varchar(45) NOT NULL default '',
`amaflags` int(11) NOT NULL default '0',
`accountcode` varchar(20) NOT NULL default '',
`userfield` varchar(255) NOT NULL default ''
);

ALTER TABLE `cdr` ADD INDEX ( `calldate` );
ALTER TABLE `cdr` ADD INDEX ( `dst` );
ALTER TABLE `cdr` ADD INDEX ( `accountcode` );

/etc/asterisk/cdr_mysql.conf
[global]
hostname=192.168.10.5
dbname=asterisk
table=cdr
password=asterisk
user=asterisk
port=3306
sock=/var/lib/mysql/mysql.sock
;userfield=1

/etc/asterisk/modules.conf
load => cdr_addon_mysql.so
[global]

SuSE display grub loader

/boot/grub/menu.lst

###Don't change this comment - YaST2 identifier: Original name: linux###
title openSUSE 10.2
root (hd0,1)
kernel /boot/vmlinuz-2.6.18.2-34-default root=/dev/hda2 vga=0x314 resume=/dev/hda1 splash=silent showopts
initrd /boot/initrd-2.6.18.2-34-default

Change to:
vga=0x317

How do I set up my themes to run automatically on startup?

[Desktop Entry]
Exec=superkaramba {location of theme file}.theme
Name={theme name}
Type=Application
X-KDE-StartupNotify=false

Then save it as {theme}.desktop into /home/{user}/.kde/Autostart/.

Backup Solution

Bacula® - The Network Backup Solution
Amanda - The Advanced Maryland Automatic Disk Archiver

Split DNS

Installations of Zimbra behind a firewall often require the creation of some form of split DNS. This is because the Postfix mail system used by Zimbra performs a DNS lookup when attempting to route email to the back-end message store. Frequently, this is the same physical host as Postfix. The DNS server frequently returns the external address of the mail host, not the internal address. Depending on how the firewall and network are configured, the external address may not even be reachable from the mail host, and mail will not be delivered.

A Split DNS avoids this problem by providing an internal DNS server that can be used to resolve the internal address of the server. This guide will detail how to set up a very specific, single-host DNS server that can be installed on the Zimbra host itself so that it can resolve its own address. This should not be used for a multi-node Zimbra installation, and should not be used as the DNS server for any other hosts on your network.

http://wiki.zimbra.com/index.php?title=Split_dns

Zimbra Docs

Wiki
Documentation Links
Forum

Verify Zimbra Server Operation

To verify that the server is running:

1.	Type su - zimbra.

2.	Type zmcontrol status. The services status information is displayed. All services should be running.

Note: If services are not started, type zmcontrol start.

See the CLI Command appendix in the Administration Guide for more zmcontrol commands.

dvd burning

Burn data file to DVD:
growisofs -Z /dev/dvdrecorder -R -J /home/file-name

Merge a new session to an existing one:
growisofs -M /dev/dvdrecorder -R -J /home/file-name

Blanking a rewritable DVD:
growisofs -Z /dev/dvdrecorder=/dev/zero

enabling xgl

Xgl is not activated automatically when we install it. To turn it on, run the "Desktop Effects" control panel. (Available from the Control Center in GNOME, or by running the command "gnome-xgl-settings" from a terminal or the Run dialog in KDE.)

http://en.opensuse.org/Using_Xgl_on_SUSE_Linux#Using_and_Configuring_Compiz

ISP Server Setup - OpenSUSE 10

http://www.howtoforge.com/perfect_setup_suse_10.0

ISPConfig

ISPConfig is an open source hosting control panel for Linux. ISPConfig is licensed under BSD license.
http://www.ispconfig.org

How do I change my MySQL password?

At the "mysql>" prompt, type:

set password = password("yournewpassword");

How to install perl module

# export LANG=en_US
# perl -MCPAN -e shell
cpan> o conf prerequisites_policy ask
cpan> install Mail::SpamAssassin
cpan> q

MYSQL Installation & Configuration

Taken from : http://www.postfixvirtual.net/mysqlinstall.html

# cd /usr/local/src
#wget -c http://mysql.he.net/Downloads/MySQL-4.0/mysql-4.0.24.tar.gz
Create mysql user and group
#groupadd mysql
#useradd -g mysql mysql
Unpack mysql archive
# tar -zxf mysql-4.0.24.tar.gz
#cd mysql-4.0.24/
Configure mysql with /usr/local/mysql base directory
#./configure --prefix=/usr/local/mysql
Build source files
#make
Install compiled files to the directory specified in prefix
#make install
Mysql uses a configuration file to determine some parameters on startup. It must be modified depending on your machine's capacity. Copy mysql configuration file and startup script for a medium sized system to /etc/my.cnf . Read my-*.cnf files for your own system on the untarred location of MySQL. Those files allow you to chose which file to use for your system.
#mkdir /etc/mysql/
#cp support-files/my-medium.cnf /etc/mysql/my.cnf
#cp support-files/mysql.server /etc/init.d/
#chmod 755 /etc/init.d/mysql.server
Go to base directory and create MySQL grant tables with mysql user (If this MySQL is your second
MySQL installation in your linux, defaults-file variable can be set to your new conf file)
#cd /usr/local/mysql
#bin/mysql_install_db --user=mysql
Change ownership of binaries to root and ownership of data directory to mysql user
#chown -R root .
#chown -R mysql var
#chgrp -R mysql .
Introduce new libraries to our Linux
#echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
#ldconfig Start MySQL daemon
#/etc/init.d/mysql.server start
Connect to the MySQL server and give mysql root password. Since, there is no default root password
Please pay attention to this part, I have seen many who don't give any root password to their servers.
#/usr/local/mysql/bin/mysql -u root

SET MYSQL PASSWORD

mysql> use mysql;
mysql> update user set password=Password('1234') where user='root';
mysql> flush privileges;
mysql>\q

CREATE PATH VARIABLES

#PATH=$PATH:/usr/local/mysql/bin
#export PATH
#echo "PATH=$PATH:/usr/local/mysql/bin" >> /etc/profile
#echo " export PATH" >> /etc/profile

MySQL is ready congratulations...

create multiple directories in one step

#mkdir -p /usr/local/bind/{etc,namedb,dev,var/run}

(The above command creates all necessary directories in one step - You can use curly brackets for this purpose)

Backup and Restore Mysql Database using Mysqldump

Below are mysqldump commands for backup and restore mysql database:

UNIX / LINUX

Backup:
mysqldump --opt --user=username --password database > dumpfile.sql

Restore:
mysqldump --opt --user=username --password database < dumpfile.sql
Notes:
- dumbfile.sql contains SQL command for creating tables and data. (CREATE,INSERT,DROP etc.)

Picasa Web Album

Created web album:

http://picasaweb.google.com/galasura/

1st Entry

I created this blog so I can keep track the things which cross over my mind and works I'm working on.