Monthly Archives: July 2014

SFTP Chroot on CentOS 6.5

This is to ensure a secure file transfer to users.

1. Create a group called “sftponly” or you can name your group to your desired name.

groupadd sftponly

2. Create a user for sftp and assign a password. I will create “user1” as my first user in sftp.

useradd user1
passwd user1

3. Add the user to “sftponly” group.

usermod -aG sftponly user1

4. Modify the SSH daemon configuration to limit a group to sftp only.

vi /etc/ssh/sshd_config
#Locate the subsystem and replace it to the below.
Subsystem       sftp    internal-sftp
#Add the following lines below.
Match Group sftponly
ChrootDirectory %h
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no

5. Reload ssh deamon.

service sshd reload

6. Create a user directory where user1 can upload the files.

sudo -u user1 mkdir -pv /home/user1/upload
chown root. /home/user1
chmod 755 /home/user1
chgrp -R sftponly /home/user1

7. Tell SELinux that we want to upload files via SFTP to a chroot as it is read-only by default.

setsebool -P ssh_chroot_rw_homedirs on

8. Now try to console your sftp server to other linux machine. You can also use filezilla for windows to test.

sftp user1@<yoursftpserver>

postfix-delete.pl scipt

#!/usr/bin/perl

$REGEXP = shift || die “no email-adress given (regexp-style, e.g. bl.*@yahoo.com)!”;

@data = qx</usr/sbin/postqueue -p>;
for (@data) {
if (/^(w+)(*|!)?s/) {
$queue_id = $1;
}
if($queue_id) {
if (/$REGEXP/i) {
$Q{$queue_id} = 1;
$queue_id = “”;
}
}
}

#open(POSTSUPER,”|cat”) || die “couldn’t open postsuper” ;
open(POSTSUPER,”|/usr/sbin/postsuper -d -“) || die “couldn’t open postsuper” ;

foreach (keys %Q) {
print POSTSUPER “$_n”;
};
close(POSTSUPER);

How to troubleshoot spamming activities on postfix mail server.

1. To see the mail queue:

mailq

2. To flush the mail queue:

postfix flush

or

postfix -f

3. To remove all mails from the queue:

postsuper -d ALL

4. To remove all mails in the deferred queue:

postsuper -d ALL deferred

5. To delete all queued messages from or to the domain called webserverpage.com:

./postfix-delete.pl webserverpage.com

Note: You may download the script on the link below.

http://blog.webserverpage.com/?p=541

6. To delete all queued messages that contain the word “virus” in the email.

./postfix-delete.pl virus

7. To know the number of messages sitting in the deferred queue:

find /var/spool/postfix/deferred -type f | wc -l

8. Sort user email accounts with corresponding number(s) of email.

mailq|grep ^[A-F0-9]|cut -c 42-80|sort |uniq -c|sort -n|tail

Plesk 12.0 Installation in Centos 6.5

1. Download the plesk installer from their website.

wget http://autoinstall.plesk.com/plesk-installer

2. Change the permission to executable.

chmod +x plesk-installer

3. Run the script.

./plesk-installer

To start the installation or upgrade, press N and then press Enter.
To quit the installer, press Q and then press Enter.

—— IMPORTANT ——

* Before installing or upgrading Parallels products, be sure to back up your data.

* New installation of product(s) should be performed on clean servers only.
  Only the operating system with the networking option should be
  installed for new installations.
  Parallels will not be held liable for damages resulting from installation
  of products on a server with anything other than a fresh installation of the
  operating system for which the product installation was intended.

By using this Wizard you agree to the terms and conditions described at
http://www.parallels.com/en/company/terms/ and those of the Parallels Panel End User
License Agreement.

N) Next page;  Q) Cancel installing
Select an action [N]:N

Select product software source
===============================================================================

You can install products by using any of the following sources:

 * Local media
 * Official Parallels server
 * Other network site

Current settings:
 Install products from Parallels server
 Install required system packages from Parallels server
Store downloaded files in: /root/parallels

N) Next page; P) Go back;  Q) Cancel installing
S) Change source; T) Change target directory;
Select an action and press ENTER [N]:N

HTTP Proxy Setup
===============================================================================

If you are behind a firewall and use an HTTP proxy, you should specify the proxy server below.
If your proxy requires authentication, select “Use authentication”
and specify the username and password

Current settings:
 Do not use proxy.

N) Next page; P) Go back;  Q) Cancel installing;
S) Select proxy server; A) Use authentication;
Select the required action [N]:N

Select the desired products and their versions
===============================================================================

The following product versions are available:

1. [ ] Parallels Plesk Panel

N) Go to the next page; P) Go to the previous page; Q) Cancel installing
To select a version, type the respective number;
Select an action [N]:1

Select the desired products and their versions
===============================================================================

The following product versions are available:

1. [*] Parallels Plesk Panel
  2. (*) Parallels Plesk Panel 12.0.18
  3. ( ) Parallels Plesk Panel 11.5.30

N) Go to the next page; P) Go to the previous page; Q) Cancel installing
To select a version, type the respective number;
Select an action [N]:2

Would you like to help Parallels make better products by sending information
about installation, upgrade, and other problems? [Yes]: Yes

Select the installation type for Parallels Plesk Panel
===============================================================================

Installation types for the product:

 1. (*) Typical
       Install typically used components. Recommended for general use.

 2. ( ) Without DNS server
       Install typically used components without DNS server (BIND).

 3. ( ) Full
       Install all available components.

 4. ( ) Custom
       Custom components selection. Recommended only for experienced users.

N) Continue installation with selected type; P) Go the previous page; Q) Cancel installing;
L) View or change components marked for installation;
To select an installation type or choose another product, type the respective number;
Select an action [N]: N

Determining the amount of free disk space
===============================================================================

Following amount of diskpace required in directories:
/usr/local: 1200.00 Mb.
Total required: 1200.00 Mb, available 867684.00 Mb.

N) Next page; P) Go back; Q) Cancel installing
Select an action [N]: N

4. Once the installation is finish, you can now browse your new plesk server by typing your server IP to the browser.

https://<YourServerIP>:8443

Replacing A Failed Hard Drive In A Software RAID1 Array

Note: In this example I have two hard drives, /dev/sda and /dev/sdb with partitions /dev/sda1 and /dev/sdb1 as well as /dev/sda3 and /dev/sdb3.

1. Check raid health by typing this command “cat proc/mdstat” in terminal.

[root@linuxbox /]# cat proc/mdstat
Personalities : [raid1]
md1 : active raid1 sda3[0]
459025152 blocks [2/1] [U_]

md0 : active raid1 sdb1[1] sda1[0]
20972736 blocks [2/2] [UU]

In the result above, your will noticed there is “_” or underline which means, sdb2 partition failed at md1.
In this case we have to change sdb device.

2. Install hdparm to look for the serial number of the faulty disk.

[root@linuxbox /]# yum install hdparm -y

[root@linuxbox /]# hdparm -i /dev/sdb

/dev/sdb:

Model=ST3500320NS   , FwRev=SN05    , SerialNo=   123HF45

 

Note: Take note on the serial number (mine is 123HF45), you need this serial to determine which HDD should be take off later.

In the sticker of the HDD there will be a serial number indicated. This is to make sure that you have taken out the correct faulty HDD.

3. We will set /dev/sdb device to fail. Follow the command below.

[root@linuxbox /]# mdadm –manage /dev/md0 –fail /dev/sdb1
mdadm: set /dev/sdb1 faulty in /dev/md0

[root@linuxbox /]# mdadm –manage /dev/md1 –fail /dev/sdb3
mdadm: set device faulty failed for /dev/sdb3:  No such device #In this case it will show a message “No such device” cause /dev/sdb3 failed already.

The output should be the same as below.

[root@linuxbox /]# cat /proc/mdstat
Personalities : [raid1]
md1 : active raid1 sda3[0]
459025152 blocks [2/1] [U_]

md0 : active raid1 sdb1[2](F) sda1[0]
20972736 blocks [2/1] [U_]

unused devices: <none>
You have new mail in /var/spool/mail/root

4. We will then now set /dev/sdb1 and /dev/sdb3 to remove from the raid arrays.

[root@linuxbox /]# mdadm –manage /dev/md0 –remove /dev/sdb1
mdadm: hot removed /dev/sdb1

[root@linuxbox /]# mdadm –manage /dev/md1 –remove /dev/sdb3
mdadm: hot removed /dev/sdb3

[root@linuxbox /]# cat proc/mdstat
Personalities : [raid1]
md1 : active raid1 sda3[0]
md0 : active raid1 sda1[0]

5. Shutdown the server and add the new hard disk.

Adding The New Hard Disk

The first thing we must do now is to create the exact same partitioning as on /dev/sda.

[root@linuxbox /]# sfdisk -d /dev/sda | sfdisk /dev/sdb

After run the command below to check if both hard drives have the same partitioning now.

[root@linuxbox /]# fdisk -l

If both disk have same partition then you may proceed to step 5.

6. Next is to add /dev/sdb1 to /dev/md0 and /dev/sdb3 to /dev/md1.

root@linuxbox /]# mdadm –manage /dev/md0 –add /dev/sdb1
mdadm: re-added /dev/sdb1

root@linuxbox /]# mdadm –manage /dev/md1 –add /dev/sdb3
mdadm: re-added /dev/sdb2

It will automatically sync, you may type this command cat /proc/mdstat and you will see the output below.

That would be all, you have successfully replace /dev/sdb!