Tag: server

Firewall (iptables) rules for Zimbra in CentOS

In my previous posts I have documented how to set up a Raid-5 CentOS system, test that RAID’s reliability, and install Zimbra on said system.

In this post I will go over strengthening the security for your system by editing the default port for SSH access and configuring iptables to only accept traffic on ports required by Zimbra, only from certain IP addresses.

1) To change your SSH server port, edit the following line in /etc/ssh/sshd_config

Port 22

.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, “Courier New”, courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }You can change the number to whichever you prefer (I changed mine to 130). In many cases, this will cut down on outside brute force attacks by as much as 99%.

However, one of Zimbra’s services uses the SSH port for access, so if you do change it, you have to also follow the procedure in step 2 to prevent Zimbra from giving you errors when you try to access some details in Administration Console.

2) From: http://www.zimbra.com/forums/administrators/11796-change-port-22-a.html

1. Check /etc/ssh/sshd_config and be sure it’s set to 130 (or the port you’re using)

2. stop/start/restart sshd

Code:

service sshd restart

3. su zimbra

4. Be sure zimbra’s ssh port is set to 130 (or the port you’re using), and change “server.domain.com” in the following code to your full hostname.

Code:

zmprov ms server.domain.com zimbraRemoteManagementPort 130

5. Generate new ssh keys

Code:

cd /opt/zimbra/bin/
./zmsshkeygen

6. Deploy the keys

Code:

./zmupdateauthkeys

To test this, you can check the admin console mail queues area/servers/certificates. If you don’t get any errors, then the port has been changed successfully.

3) Unfortunately, I was too lazy to figure out how iptables works, but you can read about it here:

http://wiki.centos.org/HowTos/Network/IPTables

So basically what I did was take an existing line for allowing access to a port in my iptables file (/etc/sysconfig/iptables): 

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, “Courier New”, courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }

Then, if you want to limit access to that port (the web server port in this case, which lets you access Zimbra’s web mail client) to a specific network, like my school network, you append –s and the network range like so:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -s 130.245.0.0/16 -j ACCEPT

.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, “Courier New”, courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }

and copy/paste it a whole bunch of times for each port you want to have open for incoming traffic. In nano you can do this by pressing ctrl+k and then ctrl+u a bunch of times, on any line you want to paste.

You can see which ports Zimbra uses here:

http://wiki.zimbra.com/wiki/Ports

It seems to work correctly with just the external access ports enabled in iptables. I’m guessing that’s because all the internal ports are open due to the following line in iptables:

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, “Courier New”, courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }I believe it means that all incoming traffic from the system itself (localhost) is accepted.

Don’t forget to add a rule for the reconfigured SSH port as well, if you happened to change it.

Also, if you want to be able to receive email from anywhere, make sure you don’t add the –s parameter to port 25.

Here’s how my iptables looks after I edited it for Zimbra and SSH access:

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -s 130.245.0.0/16 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -s 130.245.0.0/16 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 130 -s 130.245.0.0/16 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -s 130.245.0.0/16 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -s 130.245.0.0/16 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 993 -s 130.245.0.0/16 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 995 -s 130.245.0.0/16 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7071 -s 130.245.0.0/16 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -s 129.49.0.0/16 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -s 129.49.0.0/16 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 130 -s 129.49.0.0/16 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -s 129.49.0.0/16 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -s 129.49.0.0/16 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 993 -s 129.49.0.0/16 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 995 -s 129.49.0.0/16 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7071 -s 129.49.0.0/16 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 130 -s 71.247.43.111 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -s 71.247.43.111 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, “Courier New”, courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }

.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, “Courier New”, courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }

Install and Setup Zimbra in CentOS

Zimbra is a suite of tools for Unix/Linux/MacOS systems, which includes a secure mail server, web mail, anti-spam/anti-virus controls, a Web management interface, integrated calendaring, mobile device sync, and more. In many ways, Zimbra is the Unix equivalent to Microsoft Exchange.

In this post, I will be installing Zimbra onto a CentOS virtual machine I created in a previous post. The machine will need at least 1024mb of memory to run the default Zimbra services. I was unable to make it run without errors with any less memory.

1) You will need to install some required packages to proceed with the setup and avoid errors further on:

  • wget – download utility we will be using to download the latest version of Zimbra Open Source Edition.
  • postfix – an open-source mail transfer agent (MTA) that routes and delivers electronic mail; installation of Zimbra will fail without this package, according to my professor
  • ntp – a protocol designed to synchronize the clocks of computers over a network

You can install these packages with the following command:

yum install wget postfix ntp

2) Make sure your time and date are set correctly. You can check time/date by running ‘date’.

If you need to change them you use the same command followed by the current time and date in the format of MMDDhhmm. So for example, if it’s currently April 30 5:55pm, the command would be:

date 04301755

 

3) Another step that may be important, and that my professor always told the class to complete, is to disable SElinux due to the various errors it may cause considering its stringent security policies. To disable it, use your favorite editor (mine is nano!) and change the SELINUX value in /etc/sysconfig/selinux to the following:

SELINUX=disabled

Then reboot your system.

4) In addition, you may want to turn off your firewall temporarily while installing and setting up Zimbra. I will make a post later about how to configure your firewall so that Zimbra’s required ports are accessible but everything else is secured. To turn off the firewall in CentOS, run:

service iptables stop

 

5) To find the latest version of Zimbra OSE, visit the following link:

http://www.zimbra.com/downloads/os-downloads.html

I will be using the 32bit x86 version, Red Hat Enterprise Linux 5 (as instructed by my professor). Since I’m installing it on a remote machine, I’m going to use wget to download the software:

wget http://files2.zimbra.com/downloads/6.0.6_GA/zcs-6.0.6_GA_2324.RHEL5.20100406144520.tgz

 

6) Extract files from the downloaded archive:

 tar -xf zcs-6.0.6_GA_2324.RHEL5.20100406144520.tgz

7) Run the install script with a platform-override argument (since we’re installing on CentOS and not Red Hat) and then follow the instructions by installing whatever external packages the setup tells you are required and selecting options that correspond to your configuration (I used the default option at practically every step):

cd zcs-6.0.6_GA_2324.RHEL5.20100406144520
./install.sh --platform-override

8) If you had any errors during installation, see step 9. Otherwise, if you’ve reached the configuration menu part of the installation, all you’re required to do is to set up the administrator password, as will be denoted by the many * symbols. There are other options you can tinker with if you have more complex needs, but the defaults worked fine for me.

* If you can’t see all the configuration options because the terminal scrolled down too far, you can usually scroll up with the shift+pageup key combination.

9) During installation, I had the following errors:

a)

ERROR: Installation can not proceed.  Please fix your /etc/hosts file

to contain:

127.0.0.1 localhost.localdomain localhost

Zimbra install grants mysql permissions only to localhost and

localhost.localdomain users.  But Fedora/RH installs leave lines such

as these in /etc/hosts:

127.0.0.1     myhost.mydomain.com myhost localhost.localdomain localhost

This causes MySQL to reject users coming from 127.0.0.1 as users from

myhost.mydomain.com.  You can read more details at:

http://bugs.mysql.com/bug.php?id=11822

This error is self-explanatory. Using an editor like vi or nano, edit /etc/hosts to match the error’s suggested fix. Here’s an example of my /etc/hosts file.

127.0.0.1               localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
130.245.127.62          rsheyd.oslab.cs.sunysb.edu rsheyd

 

b)

Checking for port conflicts
Port conflict detected: 25 (zimbra-mta)
Port conflicts detected! - Any key to continue

That means that some service is using a port Zimbra needs open for one of its services (in this case zimbra-mta). You can proceed with the installation despite the port conflict, but you will need to fix it later to avoid errors.

After you’ve finished Zimbra installation you can check what ports your system is currently using by running:

netstat -tulpn

In my case, postfix, which I installed earlier as per professor’s instruction, was using port 25. According to him it’s needed for Zimbra to function correctly but should be turned off. I’m not exactly sure how that works, but in any case, to turn it off you have to use the following command.

service postfix stop

And to prevent it from starting the next time you reboot your system, run:

chkconfig postfix off

If you don’t clear up the port conflict, there will be MTA-related errors when you try sending emails in Zimbra.

As a side note, postfix is already included in Zimbra-MTA so you may not need to install it separately to begin with, but I haven’t tried installing Zimbra without it.

*Some people may have sendmail blocking port 25 instead. Apply the same steps to sendmail as I did to postfix.

10) Zimbra has pretty basic spam protection as soon as you install it. In addition, its spam protection improves as you receive mail and mark spam as junk mail, due to heuristics and spam-learning algorithms. Google it if you want to know more =).

However, emails that may contain attachments which may be viruses are NOT filtered out by default. In order to filter out attachment formats which may be malicious you have to access the global settings in your administration console, which is accessed using the ‘admin’ account and the password you set during installation, at hostname:7071. In my case, that was: https://rsheyd.oslab.cs.sunysb.edu:7071/.

In Global Settings there should be an attachments tab, which lists all possible malicious attachment formats. I recommend selecting all of them and adding them to the blacklist since none of them are commonly attached files like PDFs, documents, photos, etc. Most are executable files used to infect a client’s computer with viruses.

In my next post I will talk about restricting access to Zimbra and your CentOS machine with iptables (firewall).

Helpful links:

http://library.linode.com/email/zimbra/install-zimbra-centos-5

http://www.zimbra.com/docs/ne/latest/single_server_install/

* Post any questions in my comments and I’ll try my best to answer them!

Testing RAID in CentOS

Now that I created a CentOS system with RAID-5 and RAID-1in my previous post, it’s time to test whether the RAID will actually save my system in case of disk failure.

A simple way to simulate a disk failure without actually beating the crap out of one of your disks (which would be especially difficult with the virtual disks in this case) is by using the mdadm utility included in CentOS and other Red Hat-based linux distributions.

1) First, confirm that your RAID includes a spare drive that the system will rebuild the array with and determine which disk is going to “fail” by checking the output of ’cat /proc/mdstat’:

Personalities : [raid6] [raid5] [raid4] [raid1]
md1 : active raid1 sda1[0] sdb1[1] sdc1[2] sdd1[3](S)
      104320 blocks [3/3] [UUU]
 
md0 : active raid5 sdd2[3](S) sdc2[2] sdb2[1] sda2[0]
      20755456 blocks level 5, 256k chunk, algorithm 2 [3/3] [UUU]
 
unused devices: <none>

As you can see, I have split each of the 4 disks in my virtual machine (VM) into 2 partitions each – a small RAID-1 partition for /boot and a large raid-5 partition for / (everything else). The (S) next to some of them signifies that that partition is a Spare, to be used in case of disk/partition failure.

2) To simulate disk failure, we will pass ’fail’ argument to one of the partitions:

mdadm /dev/md0 --manage --fail /dev/sdb2

Make sure the partition you’re marking is part of the correct array, or it will just tell you it can’t find it.

The array should automatically start rebuilding at this point. You can check the progress by checking mdstat again:

[root@rsheyd ~]# cat /proc/mdstat
Personalities : [raid6] [raid5] [raid4] [raid1]
md1 : active raid1 sda1[0] sdb1[1] sdc1[2] sdd1[3](S)
      104320 blocks [3/3] [UUU]
 
md0 : active raid5 sdd2[3] sdc2[2] sdb2[4](F) sda2[0]
      20755456 blocks level 5, 256k chunk, algorithm 2 [3/2] [U_U]
 [>....................]  recovery =  2.6% (278172/10377728) finish=6.0min speed=27817K/sec
unused devices: <none>

.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, “Courier New”, courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }

3) After you have verified that the array rebuild has completed, you now know your system is safe from virtual hammers! To re-add the virtually destroyed partition back, just run:

mdadm /dev/md0 --manage --remove /dev/sdb2
mdadm /dev/md0 --manage --add /dev/sdb2

.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, “Courier New”, courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }

.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, “Courier New”, courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }You might have to reboot before being able to add the partition back into your array.

Installing CentOS 5.4 in VMware

I will be documenting my process in homework #3 for my ISE 311: System Administration class here.

This assignment has three sub-tasks: Linux CentOS and RAID-5 installation, a
Mail and collaboration system setup and configuration, and firewall setup.
They are described in detail below.

The first step is to create a 4-disk virtual machine running CentOS 5.4 in VMware.

1)We will be creating a custom vmware configuration with the following parameters:

  • Hardware compatibility: Workstation 6.5
  • Disk image from which OS will be installed: CentOS-5.4-i386-bin-DVD.iso
  • Guest OS: Linux – Version: Red Hat Enterprise Linux 5 (as instructed by professor)
  • Name: hw3 (up to the user’s preference)
  • Processors: one
  • Memory: 256MB (as instructed by prof)
  • Network Connection: bridged (to obtain an individual public IP)
  • SCSI adapter: LSI Logic
  • Virtual Disk Type/Size: SCSI 10GB
  • USB, Sound, and Floppy controllers removed (as we will not be needing them)
  • 3 more virtual SCSI 10GB disks added in the Virtual Machine Settings post-vm creation wizard.

2) Prior to installation – as a precaution and to have a clean slate in case this VM breaks – I cloned the created configuration with the independent full clone option. You can also take a snapshot to the same effect.

3) Since I am connected to the VMware server over the internet, I will be using CentOS text install option so latency has a lower effect and graphics aren’t taking up as much bandwidth. This process can be accessed by using “linux text” as your boot option. I had to use an additional option “noapic” due to the VMware’s lacking support for APIC at the present time.

4) CentOS 5.4 setup:

  • Pick your preferred language and input methods.
  • Setup may ask you to initialize the hard disks to create new partition tables which would in turn erase all data on them – this is fine as I am working with empty disks to begin with.
  • Since I am making a RAID-5 (RAID-1 for /boot partition) system, during the partitioning step I will be creating a custom layout.
    • I will be using sda1, sdb1, sdc1, and sdd1 for a 100MB /boot ext3 RAID-1 partition, with 1 acting as a spare.
    • I will be using sda2, sdb2, sdc2, and sdd2 for a 20GB / ext3 RAID-5 partition, with 1 acting as a spare.
  • GRUB will be my boot loader.
  • For most steps the default option suffices.
  • I configured my eth0 network interface as well, with ‘activate on boot’ and ‘IPv4 support’. I left IPv6 disabled since I wont be using it for anything and there’s no reason to make my system any more complicated than it has to be. All students are assigned their own hostname based on their username. I checked the IP set for my username by pinging the hostname on the VMware server, and used that to manually configure eth0. Running ‘ifconfig’ showed me some of the other network attributes I needed in the setup.
  • While many packages would be useful in my system, the size of my system is one of the details graded in the homework, so I deselected all the software to make for a quicker install and a smaller system. I can install all required packages individually later.

5) That’s it! Once the newly installed CentOS boots, configure your networking interface (for most that involves editing /etc/sysconfig/network-scripts/ifcfg-eth0 if you haven’t configured the networking interface during the installation process) and run ‘yum update’ to make sure the system is up to date.

* From this point on, I recommend using SSH to connect to your virtual machine as it should both be more responsive than running VMware workstation remotely, and allow for clipboard functionality. My SSH client of choice is putty (since I run Windows).

* To see how to test if RAID is working correctly, see my next post about this homework.

contrib/.htaccess… error installing Bugzilla

I ran into a very annoying problem while working on hw2 for my System Administration class, specifically during installation of Bugzilla on a barebones Fedora 12 virtual machine.

After running ./checksetup.pl in /usr/share/bugzilla, the following error sprung up:

.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, “Courier New”, courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; } 

Creating contrib/.htaccess...
No such file or directory at Bugzilla/Install/Filesystem.pm line 485, <DATA> line 228.

I was unable to find anything about it online, but it turned out to be a very simple solution of either creating a contrib directory in /usr/share/bugzilla:

mkdir contrib

.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, “Courier New”, courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }Or creating a symbolic link as my professor suggested on the mailing list:

ln -s . contrib

.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, “Courier New”, courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }And then re-running the checksetup.pl script. I didn’t try the symbolic link but I have no reason to believe my professor is wrong =).

Home Multimedia Server

I’m currently running a slim Dell Vostro 220s in my apartment as a low-power 24/7 home server of sorts. It’s also connected to the TV so that my mom could watch Russian movies and TV shows.

Currently it serves only a few functions:

  • File Server for photos, backups, downloads, and installation files for software and OS
  • Bittorrent Server

I’ve installed some extra utilities too:

  • DynDNS updater, for remote access without using dynamic IPs
  • Windows 7 Concurrent Sessions enabler (so I can administrate the server without interrupting mom’s TV shows/movies)
  • SyncToy

What I would really like to do though is have it download Windows Updates for all the Windows machines I have running at home, and the computers I set up, troubleshoot, and order for other people. Unfortunately, it seems that requires WSUS, which doesn’t work on Windows 7 Profession (the OS my server is running). If anyone knows how I can make it work on Windows 7 or another way to serve Windows Updates locally, please comment below and you will receive endless amounts of gratitude from me =).

I could reinstall with Windows Server 2008, but last I tried, it did not play well with ATi’s video card control panel at all, so I was unable to achieve TV-out, and I’m guessing Server 2008 wouldn’t be a good fit for a lot of multimedia uses.

Something else that would be really cool is for me set up scheduling so that it would go to sleep/shutdown and wake up/turn on on its own, to cut down on power usage without interrupting the tasks it currently serves. The only problem is setting up a system in which the photos on my desktop PC can be available so my mom could browse them whenever she wants to, while not having to have my computer on, and also download files at night when no one’s internet browsing experience would be interrupted.

For photos I currently use SyncToy on the server to check for changes in my Photos folder on my desktop PC every hour, whether it’s on or not. On my mom’s computer the server folder with the photos is set as a network drive which is scanned by Picasa.

For downloads I use uTorrent’s scheduler to fully use my bandwidth at night, and is very limited during the day – although that’s not as necessary.

So the dilemma is the current system requires the server to be running 24/7. Perhaps I can somehow make it sleep during the day until mom accesses Picasa and sends a request to the server.

Any ideas?