backup your kvm vm with dd

September 19, 2015 Leave a comment

The dd utility is a good way to make a backup of your kvm vm image. It
is nice to have a progress indicator so install pv (pipe viewer) to
gain this feature ..ie apt-get install pv.

Here is a backup script:

dd if=org.img | pv | dd of=backup.img bs=1M

On my system it took about 10 minutes to complete a backup of a 50g image.

Categories: sysadmin

Debian Jessie (or previous versions) postfix chroot additions

September 16, 2015 Leave a comment

Postfix runs chrooted by default on most distributions. Jessie is no exception.
There are a couple of crucial modifications that are important and not well documented.

1) If you are running sasl, then this is the correct way to configure the chroot sasl
connection. Test your install first using testsaslauth -u [user] -p [password]. If you
get no connect or some other error you need the following additions.

rm -r /var/run/saslauthd/
mkdir -p /var/spool/postfix/var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /var/run
chgrp sasl /var/spool/postfix/var/run/saslauthd
adduser postfix sasl
service postfix restart
service saslauthd restart

Then retest with testsaslauth you should get OK “Success.”

2) The cache files of postfix are also chrooted into the /var/spool/var/lib/postfix(chroot)
directory. If you do not see the cache files listed below in this directory, then
complete the following to correct the cache file locations.

The cache directory /var/lib/postfix contains:
master.lock, prng_exch, smtpd_scache.db, smtp_scache.db,and verify_cache.db.
To be safe copy these files and restore them to the new chrooted folder.
They will update after restarting postfix.

rm -r /var/lib/postfix
mkdir -p /var/spool/postfix/var/lib/postfix
ln -s /var/spool/postfix/var/lib/postfix /var/lib
chgrp postfix /var/spool/postfix/var/lib/postfix
chown -R postfix:postfix /var/spool/postfix/var/lib/
service postfix restart

You can test by running:
postmap -s btree:/var/lib/postfix/verify_cache
You should see no errors.

Categories: sysadmin

Debian Jessie kvm vm – intel_rapl not found error on boot

August 9, 2015 Leave a comment

Just blacklist this module. Add a .conf file to /etc/modprobe.d

intel.conf
blacklist intel_rapl

or any other .conf blacklist you already have as any .conf file is searched.

reboot

Categories: sysadmin

systemd display-manager.service error kvm vm, Debian Jessie os

August 9, 2015 Leave a comment

If you are receiving this error in dmesg upon boot:

Cannot add dependency job for unit display-manager.service, ignoring: Unit display-manager.service failed to load: No such file or directory.

Execute these commands via cli to fix.

1) systemctl get default (look at result)
2) If the result is graphical display, then continue with 3
3) systemctl set-default multi-user.targetsys
4) systemctl get default (recheck result) should be multi-user.target

reboot your vm and you should no longer see the error in dmesg.

Categories: sysadmin

Using nsd-4 nameserver with Debian Jessie

July 18, 2015 Leave a comment

I have been using nsd nameserver for several years. I upgraded an older box to Jessie and nsd
remained at version 3.2.17 however, after doing a new install of Jessie I found I was running
version 4.1.0. Unfortunately, this version seems to have a problem for me. I use nsd to provide
name service on several hosts. The newest version seems only to function with the host domain
and would not delegate correctly to the other domains hosted on that machine.

I downloaded nsd 4.1.3 from NLnet Labs (www.nlnetlabs.nl) added the necessary libssl-dev and
libevent-dev libraries compiled and installed the newest version. I used the
–bindir=DIR option –bindir=/usr/sbin when running configure.

The newest version corrects the delegation problem I had with the Jessie’s default install version.
I did use the init file supplied with Jessie’s version which works correctly.

Categories: sysadmin

Debian Jessie notes

May 6, 2015 Leave a comment

If you have a system that is booting into X11 and you want to boot into the text mode, none of the grub options seem to work.

A simple work-around is to edit /etc/X11/default-display-manager and change it from /usr/sbin/gdm3 to /bin/true. Reboot and you should have a text console.

Most of the old systemv init scripts work. You can start/stop applications by running them from /etc/init.d.

Samba shares has changed. In order to get a no passwd shares on your local samba server you need to add the following lines:
[global]
….
security = user
map to guest = Bad User

Make sure you have no user in your smbpasswd database ie, pdbedit -L should show no contents.

more later.

Categories: sysadmin

Upgrading from Debian Wheezy to Jessie

May 4, 2015 1 comment

Upgrading from Wheezy to Jessie on my Linode was fairly simple. I followed the upgrade
guide on linode.com. I had a few surprises..mostly due to my dotdeb updates (which I disabled
during the upgrade). I like to do all this as root. You can add sudo to commands if you
do not like to use root.

To summarize, here are the steps:
1) stop all services.
2) comment out any extra repositories in /etc/apt/sources.list.
3) Edit /etc/apt/sources.list and change all “wheezy” to “jessie”
with vi %s/wheezy/jessie/g
4)update packages list: apt-get update
5)apt-get install apt dpkg aptitude
6)update apache2 sites-available to add .conf extension to all sites.
7)apt-get dist-upgrade
8)Watch the process so you can answer any update questions that occur.

After completion, reboot the system using the Linode manager and login to test.

Debian 8 Jessie is a nice upgrade. I was worried about systemd however, Debian made it
pretty much transparent.

I will update the problems I had and fixes in a future post.

Categories: sysadmin

Openvpn for android (lollipop) using a static key

April 9, 2015 Leave a comment

The simplest openvpn setup uses a static key. I am using Linode to host my Debian linux server.
I have openvpn running on my linode server with this configuration. Just apt-get install openvpn and
created this tun1.conf in the /etc/openvpn folder.
##tun1.conf##
dev tun1
port 1192
proto udp
ifconfig 10.10.10.15 10.10.10.16
# ifconfig 192.168.0.75 192.168.0.76
secret /etc/openvpn/static.key
comp-lzo
keepalive 10 60
daemon

Note the secret line. This is a static key (which you can name anything) generated by this command:
openvpn –genkey –secret static.key

Install openvpn on your android phone (I have it on the 2nd generation Motorola X running Lollipop). Be sure and install the stock openvpn application found in the Google Play Store (https://play.google.com/store/apps/details?id=net.openvpn.openvpn)

After installing, open the app and create a new profile by clicking the + sign.
1) Give your profile a name ie myvpn
2) Check LZO compression
3) With the dropdown menu select static keys.

Proceed to the server tab
1) Add your server (myserver.com)
2) UDP protocol and port 1192 (or whatever port you want. 1192 is the default).

Proceed to the IP and DNS tab
1) add your IPv4 Address 10.10.10.16 10.10.10.15
2) add seacrhDomain google.com (the google dns servers should already be listed 8.8.8.8 and 8.8.4.4)

Proceed to the routing tab and add your custom route if you only want to be able to use the vpn
to contact your server. If you want to use the vpn for all your phone traffic, then see last paragraph.

Custom Routes
10.10.10.0/24 (not necessary..see port forwarding on server)

Proceed to the AUTHENTICATION/ENCRYPTION tab and add
TLS Auth File (You should download the static.key file you created on the server to your android
phone. You can copy it to google drive or dropbox and then store it on your phone under internal storage.

That’s it. Start openvpn on your linode (service start openvpn). Open the adroid app and click the profile
to start the phone client. It should connect in a few seconds to your server and show an icon on the
top tray.

TO forward all your data through your linode, add this firewall script (modify to your system parms)
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i tun1 -j ACCEPT

Categories: sysadmin

Null routing

March 18, 2015 Leave a comment

You can null route an offending IP address by this command:
ip route add blackhole aa.bb.cc.dd where aa.bb.cc.dd is the offending ip address.
To remove the null route use ip route delete aa.bb.cc.dd.

To add a number of IP addresses from a BLACKLIST you can use the script below.

## Null route BLACKLIST
for x in `$BLACKLIST`;
echo “Null routing $x…”
ip route add blackhole $x
done

Categories: sysadmin

Creating Centos 7 live USB stick with linux terminal

January 22, 2015 Leave a comment

Creating a live USB version of Centos can be done by first downloadling Centos 7 live and then using the following command via terminal:

cat CentOS-7-live-GNOME-x86_64.iso >>/dev/sdxxx && sync

where /dev/sdxxx is your usb flash device. Before attempting make sure your usb flash drive has no partitions..ie use fdisk and delete all partitions.

Categories: sysadmin