#!/bin/bash
#
PID=`ps -eaf grep slapdawk '{print $2}'head -n 1`
case "$1" in
start)
if [ -f /usr/local/var/run/slapd.pid ];then
echo "****"
echo "Openldap running with pid $PID"
else
/usr/local/libexec/slapd
echo "Openldap started"
fi
;;
stop)
if [ -f /usr/local/var/run/slapd.pid ];then
/bin/kill -INT `cat /usr/local/var/run/slapd.pid`
echo "Openldap stopped"
else
echo "Openldap not running"
fi
;;
status)
if [ -f /usr/local/var/run/slapd.pid ];then
echo "****"
echo "Openldap running with pid $PID"
else
echo "Openldap not running"
fi
;;
*)
echo "Usage: $0 { start stop status }"
exit 1
;;
esac
exit 0
Thursday, September 16, 2010
Tuesday, September 14, 2010
Mail Server Setup
(This is a test mail server setup)
We need two servers for mails.
1. Live server.
2. Backup server for emergency.
LIVE SERVER DETAILS.
HDD Partition Details
Root Partition : 3GB.
Home : 5GB
Swap : 2GB
/var/spool/mail : 27GB (Mail file location).
Hostname : - server1.corp.example.com
IP Address : - 10.203.121.100
HARDWARE DETAILS.
Processor : Intel(R) Pentium(R) 4 CPU 1.80GHz
Memory : 1 GB RAM
Hard Disk : 40 GB IDE HDD.
Model : Wipro Super Genius.
OS DETAILS.
OS : RedHat Linux 7.2
Kernel version : 2.4.9-e.24
APPLICATIONS.
SMTP : Postfix 1.1
Postfix rpm : postfix-1.1.11-5
POP3/IMAP : UW-imap
Uw-IMAP rpm : imap-2001a-10.0as
BACKUP SERVER DETAILS.
HDD Partition Details
Root Partition : 8GB.
Home : 8GB
Swap : 2GB
/var/spool/mail : 20GB (Mail file location).
We have selected customize package installation to select only the required packages while installing RHEL. We have removed sendmail package during the time of installation, because we are using Postfix as SMTP server. Here we included webmail also, so we added Apache tomcat and Squirrelmail. For IMAP, we selected Dovecot.
Hostname : - server2. corp.example.com
IP Address : - 10.203.121.101
HARDWARE DETAILS.
Processor : Intel Pentium-4 2.3 GHz.
Memory : 1 GB DDR 266MHz
Hard Disk : 40 GB IDE HDD.
Model : Wipro Super Genius.
OS DETAILS.
OS : RedHat Enterprise Linux 5.3
Kernel version : 2.6.18-128.el5
APPLICATIONS.
SMTP : Postfix 2.3
Postfix rpm : postfix-2.3.3-2.1.el5_2.i386.rpm
POP3/IMAP : Dovecot 1.0
Dovecot rpm : dovecot-1.0.7-7.el5.i386.rpm
Squirrelmail : squirrelmail-1.4.8-4.0.1.el5
Apache : Tomcat Apache (httpd-2.2.3-22.el5)
CONFIGURATION DETAILS OF POP3/SMTP.
SMTP
The below lines are modified or added in main.cf file in postfix configuration.
Configuration file : /etc/postfix/main.cf
---------------------------------------------------------------------------------------------------------------
myhostname = live.example.com
mydomain = example.com
inet_interfaces = all
virtual_alias_maps = hash:/etc/postfix/virtual
relayhost = [smtp.corp.example.com]
--------------------------------------------------------------------
virtual_alias_maps : This is where we are telling postfix to deliver all incoming mails from MS exchage server (currently runner.corp.example.com) mails to our local server (server2.example.com).
Configuration file : /etc/postfix/virtual
After adding virtual_alias_maps you need to run postmap command for generating virutal.db file in /etc/postfix/. Otherwise Postfix will getnerate an error “virtual.db” not found in log file and SMTP service will not function.
$sudo postmap /etc/postfix/virtual
(This will auto create /etc/postfix/virtual.db file.
: file /etc/postfix/virtual.db
Berkeley DB (Hash, version 8, native byte-order)
From /etc/postfix/virtual.
-x-x-x-x-x--x-x-x-x-x-x-x-x-x-x--x-x-x-x-x-x-x-x-x-x--x-x-x-x-x
drop.corp.example.com accept
@drop.corp.example.com @server2.corp.example.com
-x-x-x-x-x--x-x-x-x-x-x-x-x-x-x--x-x-x-x-x-x-x-x-x-x--x-x-x-x-x
Useful commands : $sudo service postfix (stopstartrestartreload)
$sudo postmap /etc/postfix/virtual (for creating virtual.db file for adding virtual domains)
$sudo postconf message_size_limit
$sudo postconf mailbox_size_limit
POP3/IMAP.
Live server, we are using uw-imap as a POP3 server and we moved to dovecot in backup server, since we don't have proper rpm available for uw-imap. Also RedHat removed this package from there package list.
Dovecot supports all the traditional mbox and maildir formats, so we may not face any problem as of now or future.
Since we are NOT planning for IMAP, this configuration is only about POP3. The same is applicable for IMAP server also, if we are opening the port 143 in iptables.
There is only one line modified for configuring POP3 server.
Configuration file : /etc/dovecot.conf
-------------------------------------------------------------------------------
mail_location = mbox:~/mail:INBOX=/var/mail/%u
-------------------------------------------------------------------------------
INBOX location : /var/spool/main (this location can be changed /etc/dovecot.conf)
Authentication : PAM (as default, dovecot uses PAM)
Log file : /var/log/maillog
Useful Commands : $dovecot -n (reads configuration from /etc/dovecot.conf and display)
$sudo service dovecot (startstoprestart)
$telnet server2.example.com 110 (+OK Dovecot ready.)
SQUIRRELMAIL
We can configure Squirrelmail with $sudo /usr/share/squirrelmail/config/conf.pl script.
From the conf.pl script console the below options are modified..
1. Organization Preferences
1. Organization Name : Example
2. Organization Logo : ../images/sm_logo.png
3. Provider link : http://www.example.com/
4. Provider name : Example
4. Server Settings
1. Domain : corp.example.com
2. Sendmail or SMTP : SMTP
D. Set pre-defined settings for specific IMAP servers
1. dovecot = Dovecot Secure IMAP server
Test your configuration by http://server2/webmail/src/configtest.php
There are some modifications made on /usr/share/squirrelmail/src/login.php file.
[root@server2 src]# diff -u login.php.org login.php
--- login.php.org 2010-09-01 19:55:43.000000000 +0530
+++ login.php 2010-09-01 20:07:43.000000000 +0530
@@ -143,8 +143,7 @@
' />
' . "\n"
: '' ).
( (isset($hide_sm_attributions) && $hide_sm_attributions) ? '' :
- '' . sprintf (_("SquirrelMail version %s"), $version) . '
' ."\n".
- ' ' . _("By the SquirrelMail Project Team") . '
' . "\n" ) .
+ ' ' . _(" Webmail") . '
' . "\n" ) .
html_tag( 'table',
html_tag( 'tr',
html_tag( 'td',
[root@server2 src]#
PLUGINS (Available in /root/plugin)
Squirrelmail uses plugins for additional options and making SM more attractive. We have used below plugins. You can read plugin readme, and INSTALL files for more details about plugin.
change_passwd v3.1 : Change password
user_logo v 1.1 : Example login after login.
compatibility 1.3 : For plugin compatibility.
msg_flags 1.4 : for getting message icons and flags.
MIGRATING UNIX USERS AND MAILS.
Here we are doing this step to avoid any overwriting of system users in backup server. By executing the below steps, we are adding the users which got UID > 500.
User Migration
There are some simple steps we can follow here for user migration. This will not disturb the existing system users.
(Here the location of files using for migration may change depends on the backup location in rsync)
$export UIDLIMIT=500
$awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/backup/passwd > /etc/backup/passwd.mig
$awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /ect/backup/group > /etc/backup/group.mig
$awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534) {print $1}' /etc/backup/passwd tee - egrep -f - /etc/backup/shadow > /etc/backup/shadow.mig
$cat passwd.mig >> /etc/passwd
$cat group.mig >> /etc/group
$cat shadow.mig >> /etc/shadow
MAIL BACKUP.
We have an rsync with existing live server. So backup server's are always have updated mail files in /var/spool/mail.
RSYNC script running in backup.
30 * * * * /usr/local/sbin/server2-backup.sh > /dev/null 2>&1
-----------------------------
#!/bin/sh
#set -x
>/tmp/errortext
RSYNC=/usr/bin/rsync
# This backups up mail-files and userid from live to live-mail2
MAIL=/var/spool/mail/
$RSYNC -av -e "ssh -l root" /etc/ 10.203.121.101:$MAIL/migrate/backup
$RSYNC -av -e "ssh -l root" $MAIL 10.203.121.101:$MAIL
# Send mail to Ops Wipro
if [ $? -ne 0 ];then
echo "rsync failed" /bin/mail -s "FAILED: backup" user@example.com
echo hello
else
echo " " >/dev/null
fi
The below steps are additional, if you need a manual backup.
(Making a tar bundle will keep the user permissions intact and this can be untar after 'scp' to backup.
Backup mails : $sudo tar -zcvpf /var/spool/mail/mailbkp.tar.gz /var/spool/mail
Untar on server2: $sudo tar -xvf mailbkp.tar.gz
IPTABLES
Rules : Reject All
Accept : PORT (25, 110, 80,) on mail server VIP IP.
: Port 22 open on server2 server IP.
: $sudo service iptables (startstoprestartsaverestore)
[root@server2 ~]# ls -l /root/iptables
-rwxr-xr-x 1 root root 510 Sep 4 13:58 /root/iptables
[charihar@server2 postfix]$ sudo cat /root/iptables
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
/sbin/iptables -A INPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -s 0/0 -i eth0 -d 10.203.121.100 -p TCP --sport 1024:65535 --dport 22
/sbin/iptables -A INPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -s 0/0 -i eth0 -d 10.203.121.101 -p TCP --sport 1024:65535 -m multiport --dports 25,110,80
/sbin/iptables -A INPUT -j ACCEPT -p udp -i eth0 --sport 53 --dport 1024:65535
/sbin/iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i eth0 -p tcp
/sbin/iptables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -o eth0 -p tcp --sport 1024:65535
/sbin/iptables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -o eth0 -p udp --sport 1024:65535
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
[charihar@server2 postfix]$
If you stop iptables for any reason, you can run $ sudo /root/iptables to re-enable.
EMERGENCY FAILOVER
Here we need to consider two things.
1. Update the passwd, shadow, group and gshadow files with latest backup.
2. Mail files in /var/spool/mail will the latest. (This is in place because we have rsync mail files with current server.)
Adding VIP to backup server.
$sudo mv /etc/sysconfig/network-scripts/backup /etc/sysconfig/network-scripts/ifcfg-eth0:1
And restart network service to bringup eth0:1 interfaces
$sudo service network restart
And check eth0:1 interfaces is up.
$sudo ifconfig eth0:1
eth0:1 Link encap:Ethernet HWaddr 08:00:27:0D:88:E6
inet addr:10.203.121.100 Bcast:10.203.121.255 Mask:255.255.255.128
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Base address:0xd010 Memory:f0000000-f0020000
Check POP3, SMTP and HTTP services are running and accessible from outside.
Monday, July 26, 2010
vmstat command -free memory
#vmstat command -free memory
vmstat 5 2|awk '{print $5}'|sort |head -n 1|xargs echo "Free Memory in Kbytes is"
vmstat 5 2|awk '{print $5}'|sort |head -n 1|xargs echo "Free Memory in Kbytes is"
Solaris vmstat command
Fields explained.
kthr || Report the number of kernel threads in each of the three following states:
r || the number of kernel threads in run queue
b || the number of blocked kernel threads that are waiting for
resources I/O, paging, and so forth
w || the number of swapped out light-weight processes (LWPs) that are
waiting for processing resources to finish.
swap || available swap space (Kbytes)
free || size of the free list (Kbytes)
Solaris prstat command
Solaris prstat
Fields explained.
PID :- The process ID of the process.
RSS :- The resident set size of the process
STATE:- The state of the process
PRI :- The priority of the process. Larger numbers mean higher
priority.
NICE :- Nice value used in priority computation.
CPU :- The percentage of recent CPU time used by the process.
Thursday, July 15, 2010
sed command - 's' for Subtitution.
--------------------------------
The most useful `sed` utility is s i think. ie subtitution.
Here is one example.
1)
+$ echo "dim" | sed s/dim/light/
light
+$
if the syntax is wrong;
+$ echo "dim" | sed s/dim/light
sed: command garbled: s/dim/light
2)
+$ cat file1
boy
+$ sed s/boy/girl/ file1 > file2
+$ cat file2
girl
---------------------------------------------------
The most useful `sed` utility is s i think. ie subtitution.
Here is one example.
1)
+$ echo "dim" | sed s/dim/light/
light
+$
if the syntax is wrong;
+$ echo "dim" | sed s/dim/light
sed: command garbled: s/dim/light
2)
+$ cat file1
boy
+$ sed s/boy/girl/ file1 > file2
+$ cat file2
girl
---------------------------------------------------
Wednesday, July 14, 2010
Network Link status Script
#!/bin/bash
#Scrit to check the link status.
#Date
date=`date |awk {'print $3"-"$2"-"$6"-"$4'}`
REPORT="/home/yourhome/network/report/report.log"
SUBJECT="Ping request fails on $date."
EMAILID="yourname@yourdomain.com"
EMAILFILE="/home/yourhome/network/email/email_file"
HOST="172.222.165.1"
#Ping to gateway.
COUNT=`ping -c 9 $HOST -w 10 |grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }'`
if [ $COUNT -gt 6 ]
then
echo "Link is up" >> /dev/null
exit 0
else
echo "Ping request failed on $date IST" >> $REPORT | mail -s "$SUBJECT" $EMAILID < $EMAILFILE
exit 1
fi
echo $?
#Scrit to check the link status.
#Date
date=`date |awk {'print $3"-"$2"-"$6"-"$4'}`
REPORT="/home/yourhome/network/report/report.log"
SUBJECT="Ping request fails on $date."
EMAILID="yourname@yourdomain.com"
EMAILFILE="/home/yourhome/network/email/email_file"
HOST="172.222.165.1"
#Ping to gateway.
COUNT=`ping -c 9 $HOST -w 10 |grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }'`
if [ $COUNT -gt 6 ]
then
echo "Link is up" >> /dev/null
exit 0
else
echo "Ping request failed on $date IST" >> $REPORT | mail -s "$SUBJECT" $EMAILID < $EMAILFILE
exit 1
fi
echo $?
Tuesday, July 13, 2010
Mailx -Sending mails with Attachment.
|Mailx Sending mails with attachment. (Script)|
--------------------------
#!/bin/bash
#Date
DATE=`date |awk '{print $3"-"$2"-"$6}'`
#copy the file for attaching.
/usr/bin/cp /home/yourhome/etc/postfix/tls_policy /tmp/tls_policy
#Here is your lines for attaching files with message body.
#`cat` file you need as a body of message. `uuencode` to attach and mailx to send.
(cat /etc/postfix/tls_plicy_report_mail
/opt/csw/bin/uuencode /tmp/tls_policy tls_policy.report
) | /usr/bin/mailx -s "Quarterly tls_policy Report dated $DATE" yourname@yourdomain.com
exit
####################################
#Where:
#+$ cat /etc/postfix/tls_policy_report_mail
#This is an automated email generated from POSTFIX server.
#Please find attached the tls_policy file from production for your compliance review.
#Regards,
#IT team.
#####################################
___________________________________________________
--------------------------
#!/bin/bash
#Date
DATE=`date |awk '{print $3"-"$2"-"$6}'`
#copy the file for attaching.
/usr/bin/cp /home/yourhome/etc/postfix/tls_policy /tmp/tls_policy
#Here is your lines for attaching files with message body.
#`cat` file you need as a body of message. `uuencode` to attach and mailx to send.
(cat /etc/postfix/tls_plicy_report_mail
/opt/csw/bin/uuencode /tmp/tls_policy tls_policy.report
) | /usr/bin/mailx -s "Quarterly tls_policy Report dated $DATE" yourname@yourdomain.com
exit
####################################
#Where:
#+$ cat /etc/postfix/tls_policy_report_mail
#This is an automated email generated from POSTFIX server.
#Please find attached the tls_policy file from production for your compliance review.
#Regards,
#IT team.
#####################################
___________________________________________________
Subscribe to:
Posts (Atom)