If the A record for example.com doesn’t resolve to your server you can still run a server for example.com by pointing DNS SRV records to your server. In fact, you should do this anyway, in the same way that your email will arrive if the A record for your domain points to the mail server, but MX records are still a good idea.

Assuming your Jabber server runs on a machine called jabber.example.com, you’ll want the following scary DNS records:

_xmpp-client._tcp 900 IN SRV 5 0 5222 jabber.example.com.
_xmpp-server._tcp 900 IN SRV 5 0 5269 jabber.example.com.
_jabber._tcp 900 IN SRV 5 0 5269 jabber.example.com.

You can check that they’re been set properly using this excellent tool, but it’ll probably take a while for the DNS updates to propagate. If you have the dig command line tool, you can also try

dig -t srv _xmpp-client._tcp.example.com

to ask your local DNS server for one of the SRV records.

Problem (I had): Wanted to run a VirtualBox on a RHEL 4.7 Linux server which is shared by someothers. But as some other processes took more CPU, the VirtualBox performance was bad. So I wanted to increase the priority given to VirtualBox.

Solution (I found): VirtualBox can be given higher priority using nice command. Also renice command can be used to change the priority of a running process, which will also be useful.

nice -10 VBoxHeadless

Gives the VBoxHeadless process 1.5 times priority than the normal process, calculated as (20 – -10)/20 = 1.5

nice -20 make

Executes make at maximum priority.

renice +20 2222

Changes the priority of process 2222 to +20 (minimum priority).

renice -10 -p 13013

Changes the priority of a running process by specifying its process ID, where priority can be,

1 to 20 :Â Runs the specified processes slower than the base priority.
0 :Â Sets priority of the specified processes to the base scheduling priority.
-20 to -1 :Â Runs the specified processes quicker than the base priority.

stay online
AT+ZOPRT=5

check net-/SIMlock
AT+ZSEC?
answer: ,

< SEC_STATUE >:
0 Initializing the encryption (Insignificant SEC_ITEMS)
1 Network Lock error. (Insignificant SEC_ITEMS)
2 Network Locked
3 Unlocked or correct MCC/MNC

:
0 No action
1 Network lock
2 (U)SIM card lock
3 Network Lock and (U)SIM card Lock

Unlock
+ZNCK= »unlock-code »
+ZNCK?
Unlock residual time 0-5

Report signal strength +ZRSSI
Syntax
+ZRSSI parameter command syntax
Command Possible response(s)
+ZRSSI +ZRSSI:,,
OK

+CME ERROR:

Description
This command is used to report signal strength.. Notice the command is used only in platform
6290 and 6246.
Defined values
3G network（registered to 3G network）
+ZRSSI: rssi,ecio,rscp
The unit of Rscp is 0.5dbm ( in 0.5 dBm step with no sign).
The unit of Ecio is 0.5db ( in 0.5 dB step with no sign).
The relation is: 2*rssi=rscp-ecio
e.g.
+ZRSSI: 49,8,106
Rssidbm = -rssi = -49dbm
Eciodb = -ecio/2= -4db
Rscpdbm = – rscp /2= -53dbm
2G network（there is no ecio and rscp value when registered in 2G network ，so set
value of 1000）
e.g.
+ZRSSI: rssi,1000,1000
No network e.g.
+ZRSSI ：OK
Notice! the command is used only in platform 6290 and 6246.

Set Operational Mode
AT+ZSNT=0,0,0 (Auto) – Default
AT+ZSNT=1,0,0 GPRS Only
AT+ZSNT=2,0,0 3G Only
AT+ZSNT=0,0,1 GPRS Preferred
AT+ZSNT=0,0,2 3G Preferred

Query Operational Mode
AT+ZPAS?
+ZPAS:,OK
: the type of current network
No Service
Limited Service
GPRS
GSM
UMTS
EDGE
HSDPA
: service domain
CS_ONLY: CS domain service available.
PS_ONLY: PS domain service available.
CS_PS: CS&PS domain service available.
CAMPED: camped in a cell.
example
Command: AT+ZPAS?
Response: +ZPAS: « GPRS », »CS_PS »
OK

Set Band Status +ZBANDI
at+zbandi=0 • Automatic (Auto) – Default
at+zbandi=1 • UMTS 850 + GSM 900/1800
at+zbandi=2 • UMTS 2100 + GSM 900/1800 (Europe)
at+zbandi=3 • UMTS 850/2100 + GSM 900/1800
at+zbandi=4 • UMTS 850/1900 + GSM 850/1900
Notice! the command is used only in platform 6290 and 6246.

Weblinks

http://www.zte.com.au/downloads/USB_Modem_Config_Procedure.pdf

Si vous donnez à un utilisateur un dossier home partagé (le dossier appartient à un groupe, et plusieurs utilisateurs peuvent y accéder), et que vous avez le message bad ownership or modes for chroot directory dans les logs de Linux, c’est que, comme dis dans le message, le dossier home n’a pas les bon droits.
Fixé le problème

Pour réparer ce petit soucis, il faut que le propriétaire du dossier (owner) soit root, et que le groupe du dossier soit le groupe que vous voulez utiliser pour liés vos utilisateurs à ce dossier.

Et le tout avec des permissions à 755.
Un exemple

Pour que ce soit plus clair:

Disons que le groupe que vous avez créé pour relier vos utilisateur soit uploaders, et vous voulez donc que les utilisateurs john, jean, et robert puissent envoyer des fichiers dans le dossier /home/uploads.

Les utilisateurs seront donc créé avec la commande suivante:

useradd -b /home/uploads -d /home/uploads -G uploaders -r john

Ensuite vous n’avez qu’a créer le dossier /home/uploads et à lancer ces commandes:

sudo chmod 755 /home/uploads

sudo chown root:uploaders /home/uploads

Et voilà !!!

Increase the speed of Linux Software RAID reconstruction

If you are in a situation where you sit in front of the console (or on a remote ssh connection) waiting for a Linux software RAID to finish rebuilding (either you added a new drive, or you replaced a failed one, etc.) then you might be frustrated by how slow this process is running. You are running cat on /proc/mdstat repeatedly (you should really use watch in this case ), and this seems to never finish… Obviously that there is a logical reason for this ‘slowness‘ and on a production system you should leave it running with the defaults. But in case you want to speed up this process here is how you can do it. This will place a much higher load on the system so you should use it with care.

To see your Linux kernel speed limits imposed on the RAID reconstruction use:

cat /proc/sys/dev/raid/speed_limit_max
200000
cat /proc/sys/dev/raid/speed_limit_min
1000

In the system logs you can see something similar to:
md: minimum _guaranteed_ reconstruction speed: 1000 KB/sec/disc.
md: using maximum available idle IO bandwidth (but not more than 200000 KB/sec) for reconstruction.

This means that the minimum guaranteed speed of the rebuild of the array is approx 1MB/s. The actual speed will be higher and will depend on the system load and what other processes are running at that time.
In case you want to increase this minimum speed you need to enter a higher value in speed_limit_min. For example to set this to approx 50 megabytes per second as minimum use:

echo 50000 >/proc/sys/dev/raid/speed_limit_min

The results are instant… you can return to the watch window to see it running, and hope that this will finish a little faster (this will really depend on the system you are running, the HDDs, controllers, etc.):

watch cat /proc/mdstat

The pre requisition is a shell access on your MySQL machine. Then you have to stop the standard mysql daemon and start the database in safe mode.

/etc/init.d/mysql stop
mysqld_safe –skip-grant-tables &

Then log in as a root and switch to mysql system database.

mysql -u root
mysql> use mysql;

Try to check that the root user is not present in user table:

mysql> select * from user where User=’root’;

If the database return empty record, lets manually insert the root user with empty password and then set all the permissions which he normally needs:

mysql> insert into user (Host, User, Password) values (‘localhost’,'root’, »);
Query OK, 1 rows affected (0.04 sec)
mysql> update user set Select_priv=’Y',Insert_priv=’Y',Update_priv=’Y',Delete_priv=’Y',Create_priv=’Y',Drop_priv=’Y',Reload_priv=’Y',Shutdown_priv=’Y',Process_priv=’Y',File_priv=’Y',Grant_priv=’Y',References_priv=’Y',Index_priv=’Y',Alter_priv=’Y',Show_db_priv=’Y',Super_priv=’Y',Create_tmp_table_priv=’Y',Lock_tables_priv=’Y',Execute_priv=’Y',Repl_slave_priv=’Y',Repl_client_priv=’Y',Create_view_priv=’Y',Show_view_priv=’Y',Create_routine_priv=’Y',Alter_routine_priv=’Y',Create_user_priv=’Y’ where user=’root’;
Query OK, 1 rows affected (0.03 sec)

Then quit the database console, kill the mysqld_safe daemon and start the standard mysql daemon again:

mysql> quit
killall mysqld_safe
/etc/init.d/mysql start

Try to log in into mysql console again with an empty password and for double check, try to run ‘grant’ command to see that the account is fully working:

I’m always concerned about leaving terminal sessions open. I’ve used for many and many years the $TMOUT environment variable to close my sessions if idle for N seconds.

Just by exporting the TMOUT variable to the number of desired timeout seconds will close your shell (Bash, Ksh, Zsh and some others).

The following example will timeout in 300 seconds (5 minutes)

export TMOUT=300

I am currently reading the book Secure Coding: Principles & Practices and the authors cited this timeout technique as pretty ineffective since it annoys more than it helps. I was obliged to agree. I got pretty mad with it some good times.

So I started looking for alternatives.

I’ve found a console application called vlock. It should be available on most distro’s repositories.

Just invoke vlock and the terminal session will be locked awaiting the user password to unlock. Pretty nice. Locking is definitely better than killing the session.

So I just started to wonder how to integrate vlock with zsh and after some research I’ve discovered that the shell will only be killed within TMOUT if no trap function for signal ALARM is set.

If you set an ALARM trap function, it will be called instead of killing the session. Perfect.

So I ended up with this in my .zshrc:

export TMOUT=600
function TRAPALRM() { vlock }

And now zsh locks my sessions after 10 minutes. It’s working perfectly even within tmux.

First install the necessary packages:
apt-get install postfix-tls libsasl2-modules sasl2-bin

Open the /etc/default/saslauthd for the configuration.

# This needs to be uncommented before saslauthd will be run automatically
START=yes
# You must specify the authentication mechanisms you wish to use.
# This defaults to « pam » for PAM support, but may also include
# « shadow » or « sasldb », like this:
MECHANISMS= »shadow »

PARAMS= »-m /var/spool/postfix/var/run/saslauthd/ »
PIDFILE= »/var/spool/postfix/var/run/${NAME}/saslauthd.pid »

Postfix have to know which authentication mode the daemon will use.
You can define this in the /etc/postfix/sasl/smtpd.conf! (chmod 0644)

saslauthd_path: /var/run/saslauthd/mux
pwcheck_method: saslauthd
mech_list: plain login

Then configure the postfix to ask for a username and password then anybody will send a mail to the server.
Add the following lines to the /etc/postfix/main.cnf

#sasl
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
smtp_sasl_auth_enable = no
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, permit_sasl_authenticated, reject_unauth_destination

For security reason you should change that postfix runs in a chroot environment. You can change that in the /etc/postfix/master.cnf

smtp inet n – y – - smtpd

(Change the – to y!)

Create now the directory for the saslauthd:
mkdir -p /var/spool/postfix/var/run/saslauthd

Set the right directory permission:
chown root.sasl -R /var/spool/postfix/var/

Instead that dpkg change the permission we have to create an override for dpkg!
dpkg-statoverride –add root sasl 710 /var/spool/postfix/var/run/saslauthd

At last postfix musst have the right permission to speak to the saslauthd daemon, add postfix to the sasl group.
adduser postfix sasl

Restart postfix and saslauthd and try to send a mail to the mailserver.

(Don’t forget to set a username and a password in your mailclient for mailsending)

htdigest

htdigest -c /etc/lighttpd/.passwd 'Authorized users only' deimos

Je créer ici l’utilisateur deimos. Le realm (ici ‘Authorized users only’) va nous permettre de différencier les différents fichiers de login/mot de passe que nous allons pouvoir avoir car nous ne pouvons en spécifier qu’un seul pour tout le serveur.

Ensuite on rajoute ces lignes dans la configuration global de lighttpd :

/etc/lighttpd/lighttpd.conf

auth.backend = "htdigest" auth.backend.htdigest.userfile = "/etc/lighttpd/.passwd" auth.debug = 2

Puis je rajoute à l’endroit qui m’intéresse la protection :

/etc/lighttpd/lighttpd.conf

auth.require = ( "/docs/" =>    (       "method" => "digest",       "realm" => "Authorized users only",       "require" => "valid-user"    ) )

On redémarre lighty et c’est bon. L’exemple ci dessus montre comment ajouter la restriction à l’endroit qui nous intéresse, nous allons donc le faire en modifiant notre conf d’awstats :

/etc/lighttpd/conf-available/50-awstats.conf

alias.url = (                 "/awstats-icon" => "/usr/share/awstats/icon/",                 "/awstats/" => "/usr/lib/cgi-bin/",                 "/icon/" => "/usr/share/awstats/icon/"               ) # provide awstats cgi-bin access $HTTP["url"] =~ "/awstats/" {     cgi.assign = ( ".pl" => "/usr/bin/perl" )     auth.require = ( "/awstats/" =>         (         "method" => "digest",         "realm" => "Trusted users only",         "require" => "valid-user"         )     ) }