ramblings of an administrator
debian
General posts that involve the Debian operating system. This’ll range from configuration, installing programs, and much more
Mount Amazon S3 bucket locally on Debian 5 & 6/Ubuntu 10.04
0I've recently been toying with my Raspberry Pi mirror including moving it out on to Amazon's S3. I've written an article on how to back up to S3 here, but that isn't enough when it comes to serving data from S3.
I needed the ability to RSYNC data from the official Raspberry Pi servers on to mine and then in to S3 and for that I used s3fs and FUSE.
FUSEYou can actually do this successfully without requiring FUSE, just by installing the s3fs binary on to your system, but this only allows the user who mounted to access the mounted bucket and also is not possible via /etc/fstab.
FUSE allows you More >
Backup a Linux server to Amazon S3 on Debian 6/Ubuntu 10.04
0I have several servers powering syslog including it's Raspberry Pi mirror, load balancer and email servers. All of my servers are hosted using Linode in their London data centre and have Linode's back-up system doing both daily and weekly snapshots.
For the app and database servers I do server-side backups storing each website and it's database in it's own folder within /backup in case I require a quick back-up to fix something, rather than the server has died.
This is all well and good but I like having an off-site backup too and for that I use S3...
S3Amazon's S3 is pretty cheap and very More >
Automatic/Unattended updates on Debian 6 (Squeeze)
2All commands prefixed with a # need to be run as sudo or root
The unattended-upgrades package used on Debian is based on the one from Ubuntu. It is generally pretty safe in my opinion but I only ever enable it for security upgrades.
Installation# apt-get install unattended-upgrades apticron
unattended-upgrades handles the actual updates, apticron is used for emailing you of available updates - it is not required but I like it.
Configuring unattended-upgradesOpen up /etc/apt/apt.conf.d/50unattended-upgrades and change it to the content below.
APT::Periodic::Enable More >
Running your own PGP keyserver with SKS on Debian 6/Ubuntu 10.04
0Commands prefixed with # need to be run as a sudo or root.
InstallationTo install we need to run the following command:
# apt-get install -y sks
Now we build the key database:
# sks build
And change the permissions for the sks user:
# chown -R debian-sks:debian-sks /var/lib/sks/DB
Next we need to make sks start from init, open up /etc/default/sks in your favourite editor and initstart to look like below:
initstart=yes
Now we can start the service with:
# /etc/init.d/sks start
Your keyserver will now be up and running on port 11371.
Web interfaceWe'll need to create a web folder within sks More >
Rebooting on OOM
2I would generally not advise using this unless you have skill at debugging why OOM has spawned and also debugging kernel panics after they happen, from logs.
It is possible to configure your kernel to panic when OOM is spawned, which in itself is not useful but, coupled with a kernel option for auto-rebooting a system when the kernel panics it can be a very useful tool.
Think before implementing this and use at your own risk, I take zero responsibility for you using this.
sysctl vm.panic_on_oom=1
sysctl kernel.panic=X # X is the amount of seconds to wait before rebooting
DO NOT FORGET TO More >
Nagios3 + MK Livestatus + xinetd on Debian 6/Ubuntu
0
Preparation
First we need to make sure we have all the stuff we need to compile mk livestatus and run it
MK Livestatusapt-get install make build-essential xinetd ucspi-unix
Grab the mk livestatus source from here, currently it's version 1.1.10p3 but update the commands below to match your version.
Xinetdwget http://mathias-kettner.de/download/mk-livestatus-1.1.10p3.tar.gz
tar -xvzf mk-livestatus-1.1.10p3.tar.gz
cd mk-livestatus-1.1.10p3
./configure
make && make install
Now that it's compiled we need to write a xinetd config for it, create a new file called /etc/xinetd.d/livestatus and put More >
Load balancing HTTP/HTTPS with Pound on Debian 6/Ubuntu
0Pound is a great little load balancer, it's fast, opensource and supports SSL termination, which is great!
InstallConfigurationapt-get install pound
The default configuration should be pretty good for most purposes, but feel free to tweak as you require.
HTTPWe'll first look at load balancing HTTP, in case you don't want or need HTTPS load balancing.
We'll need delete all the content within ListenHTTP block, once done it should look like this
ListenHTTP
End
Now we add an address and port to listen on and finally a line to remove an HTTP header
ListenHTTP
Address 0.0.0.0 # all More >
Postfix spam protection with greylisting using Postgrey on Debian 6/Ubuntu
4A simple yet effective method for protecting your mail server from spam is to use greylisting. In simple terms, when an email is received the server will temporarily reject it with a 450 response code claiming that the server is busy, the sending server should then attempt to try to deliver at a later point in time, if enough time has passed the recipient server will then accept the incoming mail and whitelist the send address for a period of time.
This is effective because most spam servers are configured not to retry the send whereas real mail servers generally will retry. This sadly does More >
SpamAssassin + Razor + Pyzor on Debian 6/Ubuntu
4This is part 4 of my series on configuring a mail server, please see part one, part two and part three if you're not familiar with them.
The content of this article was written to work with the previous three articles but should work on any SpamAssassin set-up.
RazorFirst off we need to install Razor.
apt-get install razor
Now we need to run three commands to register and configure Razor.
razor-admin -home=/etc/spamassassin/.razor -register razor-admin -home=/etc/spamassassin/.razor -create razor-admin -home=/etc/spamassassin/.razor -discover
These 3 commands should be pretty self More >
Debian/Ubuntu upgrade security packages only – a better way to do it
0I have created a scripts that handle these tasks for you, available here.
First thing we need to do is create an sources list specifically for security.
sudo grep "-security" /etc/apt/sources.list | sudo grep -v "#" > /etc/apt/security.sources.list
Now that this is done we can simply continue to use the command below to trigger security-only upgrades
Notesudo apt-get upgrade -o Dir::Etc::SourceList=/etc/apt/security.sources.list
This will work until you upgrade your distro (e.g. 10.04 -> 12.04), at which point you will need to re-run the first command to regenerate the security.sources.list More >
Dan Burns
I'm getting:
/usr/sbin/postconf: fatal: file /etc/postfix/master.cf: line 30: bad field countpostfix/postfix-script: fatal: cannot execute […]
3 days ago
Μανώλης Καμηλάκης
thnx for that, just what I needed for a basic www service, and private ssh
1 week ago
Kura
What version of Postfix?
2 weeks ago
