ramblings of an administrator
Posts tagged debian
Backup a Linux server to Amazon S3 on Debian 6/Ubuntu 10.04
0I have several servers powering syslog including it's Raspberry Pi mirror, load balancer and email servers. All of my servers are hosted using Linode in their London data centre and have Linode's back-up system doing both daily and weekly snapshots.
For the app and database servers I do server-side backups storing each website and it's database in it's own folder within /backup in case I require a quick back-up to fix something, rather than the server has died.
This is all well and good but I like having an off-site backup too and for that I use S3...
S3Amazon's S3 is pretty cheap and very More >
Automatic/Unattended updates on Debian 6 (Squeeze)
2All commands prefixed with a # need to be run as sudo or root
The unattended-upgrades package used on Debian is based on the one from Ubuntu. It is generally pretty safe in my opinion but I only ever enable it for security upgrades.
Installation# apt-get install unattended-upgrades apticron
unattended-upgrades handles the actual updates, apticron is used for emailing you of available updates - it is not required but I like it.
Configuring unattended-upgradesOpen up /etc/apt/apt.conf.d/50unattended-upgrades and change it to the content below.
APT::Periodic::Enable More >
Running your own PGP keyserver with SKS on Debian 6/Ubuntu 10.04
0Commands prefixed with # need to be run as a sudo or root.
InstallationTo install we need to run the following command:
# apt-get install -y sks
Now we build the key database:
# sks build
And change the permissions for the sks user:
# chown -R debian-sks:debian-sks /var/lib/sks/DB
Next we need to make sks start from init, open up /etc/default/sks in your favourite editor and initstart to look like below:
initstart=yes
Now we can start the service with:
# /etc/init.d/sks start
Your keyserver will now be up and running on port 11371.
Web interfaceWe'll need to create a web folder within sks More >
Host git repositories with git, gitosis and gitweb on Debian 6/Ubuntu 10.04
5
Installation
First up we'll need to install git and some Python tools to get Gitosis installed.
Where # is used it means you need to either run the command as a superuser with sudo or as root.
# apt-get install -y git-core gitweb python-setuptools
Next we have to clone gitosis from it's git repository and install it.
Adding your git usercd /tmp
git clone git://eagain.net/gitosis.git
cd gitosis
# python setup.py install
# adduser --system --shell /bin/sh --gecos 'git version control' --group --disabled-password --home /home/git git
The above command creates a new system user with /bin/sh as More >
Postfix spam protection with greylisting using Postgrey on Debian 6/Ubuntu
4A simple yet effective method for protecting your mail server from spam is to use greylisting. In simple terms, when an email is received the server will temporarily reject it with a 450 response code claiming that the server is busy, the sending server should then attempt to try to deliver at a later point in time, if enough time has passed the recipient server will then accept the incoming mail and whitelist the send address for a period of time.
This is effective because most spam servers are configured not to retry the send whereas real mail servers generally will retry. This sadly does More >
Debian/Ubuntu upgrade security packages only – a better way to do it
0I have created a scripts that handle these tasks for you, available here.
First thing we need to do is create an sources list specifically for security.
sudo grep "-security" /etc/apt/sources.list | sudo grep -v "#" > /etc/apt/security.sources.list
Now that this is done we can simply continue to use the command below to trigger security-only upgrades
Notesudo apt-get upgrade -o Dir::Etc::SourceList=/etc/apt/security.sources.list
This will work until you upgrade your distro (e.g. 10.04 -> 12.04), at which point you will need to re-run the first command to regenerate the security.sources.list More >
Postfix + DK (DomainKeys) + DKIM + SPF on Debian 6/Ubuntu
51This is part 3 of my guide to getting a mail server configured with all the sexy bits to improve deliverability, spam and virus protection.
Part 1 can be found here and part 2 here.
The key pairWe need to create a key pair to sign emails with
openssl genrsa -out private.key 1024
openssl rsa -in private.key -out public.key -pubout -outform PEM
mkdir /etc/dk/
cp private.key /etc/dk/dk.key
Now we can move on to DK and DKIM signing, make sure you keep the public key for later.
DKIMFirst we'll need to install an application to sign our emails.
apt-get install dkim-filter
Once installed we need More >
Postfix + SpamAssassin + ClamAV + Procmail on Debian 6/Ubuntu
11This is part 2 of my series on mail servers on Debian 6/Ubuntu 10.04, it should work on other versions of each though. For part 1, go here.
SpamAssassinFirst off we'll get SpamAssassin installed and configured.
apt-get install spamassassin
We'll be configuring SpamAssassin as a daemon that Postfix interfaces with using spamc.
SpamAssassin on Debian and Ubuntu runs as root which is NOT a good thing so we'll need to make some changes.
We'll add a group called spamd with GID 5001.
groupadd -g 5001 spamd
Next we add a user spamd with UID 5001 and add it to the spamd group, as well as set it's More >
Postfix + Dovecot (IMAP/IMAPS) + SASL + Maildir on Debian 6/Ubuntu
2This guide is part 1 of what I plan will be a couple of guides that take you through installing a base mail system, SpamAssassin, DKIM and much more. Stay tuned.
This guide was written for Debian 6 but should be the same or similar for Debian 5 and Ubuntu 10.04 and above.
The installationapt-get install dovecot-imapd postfix sasl2-bin libsasl2-2 libsasl2-modules
Choose "Internet site" when prompted and enter the fully qualified name of your server.
Once all this is done installing we'll need to make some changes, first off will be Postfix.
PostfixOpen up /etc/postfix/main.cf and add the More >
Installing kernel headers for current kernel version with ease on Debian/Ubuntu
0This is a simple one but I found out that there are people out there that don't know about it, so here we go.
apt-get install linux-headers-$(uname -r)
This will install kernel headers for your current active kernel on Debian/Ubuntu.
Dan Burns
I'm getting:
/usr/sbin/postconf: fatal: file /etc/postfix/master.cf: line 30: bad field countpostfix/postfix-script: fatal: cannot execute […]
3 days ago
Μανώλης Καμηλάκης
thnx for that, just what I needed for a basic www service, and private ssh
1 week ago
Kura
What version of Postfix?
2 weeks ago
