Welcome to Linux Screw! If you're new here, you may want to subscribe our RSS feed.
Few days ago I started configuring corporate mail server that should be deployed on OpenBSD and comprise the following features:
- Easy to configure and powerful MTA (Postfix)
- Virtual domains and user accounts (this information is stored in MySQL database)
- Antispam and antivirus checking for all accounts (spamassassin and clamav via amavis-new)
- Secure access to mailboxes through POP3, IMAP and HTTP (squirellmail)
- Secure SMTP server
- Extremal Stability and Security
Actually OpenBSD 4.2 was chosen because of it’s “security by default”. Thankfully Daniele Mazzocchio from friendly site www.kernel-panic.it wrote an excellent article about how to build such mail server on this operating system:
Offering a reliable and secure email service is probably one of the top priorities of most system administrators; therefore, in the next chapters, we will build a full-featured mail server, based on open-source software and focusing on security. Read more…
The only thing that is not covered by it is mail content filtering with maildrop and vacation messages that users often ask to set while they are out. Working on it! 
Date: April 10, 2008. Categories:
perl and tips.
Sometimes it is necessary to perform UDP flood towards some network device(s) in order to test its behavior in stress… Actually I am sure that every system administrator might use this small perl script for this purpose. Certainly there are many special programs for this but believe me that it is much more easier to do the following:
1. #touch > /tmp/flood.pl
2. #chmod +x /tmp/flood.pl
3. Copy the this code to /tmp/flood.pl:
4. Then /tmp/flood.pl 192.168.0.1 0 0 0, where 192.168.0.1 is IP you would like to flood with huge amount of UDP datagrams.
Thanks to Ivan Pepelnjak from http://ioshints.blogspot.com/.
Date: April 7, 2008. Categories:
tips.
Many systems administrators of LAN and WAN networks, which contain Windows, Mac and Linux hosts, once face the problem on how to securely transmit some data between these systems. It is always possible to use SCP when copying files between two Unix machines but what if you have to move files from Windows PC to Linux server for example? It’s nice to know that there are good guys who created tool for this operation named WinSCP.
Actually WINSCP is an open source free SFTP client and FTP client for Windows as it’s said on their site. The following features are supported:
- Graphical user interface
- Translated into several languages
- Integration with Windows (drag&drop, URL, shortcut icons)
- U3 support
- All common operations with files
- Support for SFTP and SCP protocols over SSH-1 and SSH-2 and plain old FTP protocol
- Batch file scripting and command-line interface
- Directory synchronization in several semi or fully automatic ways
- Integrated text editor
- Support for SSH password, keyboard-interactive, public key and Kerberos (GSS) authentication
- Integrates with Pageant (PuTTY authentication agent) for full support of public key authentication with SSH
- Windows Explorer-like and Norton Commander-like interfaces
- Optionally stores session information
- Optionally supports standalone operation using a configuration file in place of registry entries, suitable for operation from removable media
So, as not every computer runs Linux today yet, you are welcome to use WinSCP meanwhile
There are still many real programmers around the world and that’s why here is SFTP, SCP (any many other protocols) browser for MACs named CYBERDUCK. It makes no sense to list all features it supports here, so just visit their site to get surprised
P.S. Have a good transfer! 
Many Linux newbies think that kernel recompilation is inherent and almost necessary thing to do after OS is just installed or some time later. By the following advices I would try to show these fellows in which situations this really makes sense and what to do if one persists
1. If you don’t know why you should patch/recompile kernel - DO NOT DO THIS.
2. If your running kernel is smart and supports all necessary hardware, technologies and doesn’t contain critical vulnerabilities - DO NOT REBUILD IT.
3. If you don’t know what are kernel patches and why they are used - DO NOT REBUILD KERNEL.
4. If kernel with needed functionality is available as binary package for your distribution (especially in official repositories) - DO NOT BUILD KERNEL.
5. If you insist, certainly read Kernel HOWTO and notes about kernel recompilation in regards to your distribution.
6. Do change kernel config values only if you know what they mean.
7. Don’t forget to build initrd before rebooting your system.
8. Do not remove workable kernel and make it default in boot loader menu (like grub).
9. Don’t panic if something goes wrong - most probably the same situation happened to thousands people earlier. But sometimes shit happens.
10. Rebuilding procedure usually takes hours depending on hardware you use. BE PATIENT!
11 (thanks to Erek Dyskant). Use your distro’s package management system to build kernels whenever possible (like make-kpkg in Debian or rpmbuild in Fedora/RedHat/CentOS)
I really hope this helps and pretty sure you’ll build your “perfect” kernel once
Any further advices are WELCOME!
P.S. Thanks to Stas Kogut for encouraging me to write this post.
Date: January 17, 2008. Categories:
tips and unix.
as usual provides us with excellent article about good habits which would help Unix administrators to improve their command line usage efficiency and break away from bad usage patterns in the process. I was impressed by this article and realized my everyday CLI usage is full of “bad patterns”. Nice point to give up them and pick up good style.
When you use a system often, you tend to fall into set usage patterns. Sometimes, you do not start the habit of doing things in the best possible way. Sometimes, you even pick up bad practices that lead to clutter and clumsiness. One of the best ways to correct such inadequacies is to conscientiously pick up good habits that counteract them. This article suggests 10 UNIX command-line habits worth picking up — good habits that help you break many common usage foibles and make you more productive at the command line in the process. Each habit is described in more detail following the list of good habits.
Those 10 good habits to adopt are:
- Make directory trees in a single swipe.
- Change the path; do not move the archive.
- Combine your commands with control operators.
- Quote variables with caution.
- Use escape sequences to manage long input.
- Group your commands together in a list.
- Use
xargs outside of find.
- Know when
grep should do the counting — and when it should step aside.
- Match certain fields in output, not just lines.
- Stop piping
cats.
Full article is here.
I came across invaluable article on how to make Linux system that runs OpenSSH server to be even more secure. It’s written by 17-year-old (!!!) Peter Upfold from FOSSwire and covers the following simple steps:
Disable SSH protocol 1- Enable key-based logins
- Don’t enable password-based logins
- Don’t run on port 22
- No remote root logins
I found these tips invaluable and sire that there is no doubt SSH-2 protocol remains the most common and safe method to access remote Linux or Unix system. The article is freely available here.
Apturl allows to install Ubuntu packages using apt:pkgname like syntax with any compatible browser like Firefox, Konqueror or other. Let me note that apturl comes with Ubuntu Gutsy 7.10 by default and is very useful while placing links through manuals, howtos etc. For example, to install ntop utility in Ubuntu I’d suggested to run the following command from terminal: sudo apt-get install ntop, but now I can just place the link like this: hey, install ntop by clicking here!
Here is graphical representation of this example:
After you click pressing “ok” button Ubuntu will start installation process of certain package:
I hope this would be useful for bloggers writing manuals for Ubuntu Gutsy users. Real thanks apturl’s author Harsh J (aka Qwerty Maniac).
Recent Ideas