Mondoarchive – Full bare metal system restore and data archiving
I am sure as any admin will tell you that unless you can completely restore your server OS and its data, they are completely worthless, well almost. So with this in mind I have been researching the best option to do a bare metal backup restore of the OS in its most current state, along with the precious data that we all cannot live without. I am somewhat new to Linux from the standpoint of System Administration but I think I have found the best of both worlds with this FREE tool called Mondoarchive. The more that I read and used this tool the more that this is the ultimate backup tool to have. This will allow you from command line to execute a command, run this from a cron job and can be stored as an image, burned to disc/dvd, backed up to tape etc etc.
This is a must for any linux user/system admin. Man pages are here
sendmail SMTP-AUTH-TLS How to
This document describes how to install a mail server based on sendmail that is capable of SMTP-AUTH and TLS. It should work (maybe with slight changes concerning paths etc.) on all *nix operating systems. I tested it on Debian Woody so far.This how to is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.
1. Get the sources
We need the following software: openssl, cyrus-sasl2, and sendmail. We will install the software from the /tmp directory.
1 2 3 4 | cd /tmp wget http://www.openssl.org/source/openssl-0.9.7c.tar.gz wget --passive-ftp ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.19.tar.gz wget --passive-ftp ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.14.3.tar.gz |
2. Install Openssl
1 2 3 4 5 6 | tar xvfz openssl-0.9.7c.tar.gz cd openssl-0.9.7c ./config make make install ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl |
3. Install Cyrus-sasl2
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | cd /tmp tar xvfz cyrus-sasl-2.1.19.tar.gz cd cyrus-sasl-2.1.19 ./configure --enable-anon --enable-plain --enable-login --disable-krb4 --with-saslauthd=/var/run/saslauthd --with-pam --with-openssl=/usr/local/ssl --with-plugindir=/usr/local/lib/sasl2 --enable-cram --enable-digest --enable-otp make make install If /usr/lib/sasl2 exists: mv /usr/lib/sasl2 /usr/lib/sasl2_orig echo "pwcheck_method: saslauthd" > /usr/local/lib/sasl2/Sendmail.conf echo "mech_list: login plain" >> /usr/local/lib/sasl2/Sendmail.conf mkdir -p /var/run/saslauthd |
4. Create Certificates for TLS
1 2 3 | mkdir -p /etc/mail/certs cd /etc/mail/certs openssl req -new -x509 -keyout cakey.pem -out cacert.pem -days 365 |
- Enter your password for smtpd.key.
- Enter your Country Name (e.g., “DE”).
- Enter your State or Province Name.
- Enter your City.
- Enter your Organization Name (e.g., the name of your company).
- Enter your Organizational Unit Name (e.g. “IT Department”).
- Enter the Fully Qualified Domain Name of the system (e.g. “server1.example.com”).
- Enter your Email Address.
1 | openssl req -nodes -new -x509 -keyout sendmail.pem -out sendmail.pem -days 365 |
- Again, enter your password for smtpd.key.
- Enter your Country Name (e.g., “DE”).
- Enter your State or Province Name.
- Enter your City.
- Enter your Organization Name (e.g., the name of your company).
- Enter your Organizational Unit Name (e.g. “IT Department”).
- Enter the Fully Qualified Domain Name of the system (e.g. “server1.example.com”).
- Enter your Email Address.
1 2 | openssl x509 -noout -text -in sendmail.pem chmod 600 ./sendmail.pem |
5. Install Sendmail
1 2 3 | cd /tmp tar xvfz sendmail.8.12.11.tar.gz cd sendmail-8.12.11/devtools/Site/ |
Create the file site.config.m4 (in devtools/Site/):
There should already be a file site.config.m4.sample or something similar simply append this
# SASL2 (smtp authentication) APPENDDEF(`confENVDEF', `-DSASL=2') APPENDDEF(`conf_sendmail_LIBS', `-lsasl2') # # STARTTLS (smtp + tls/ssl) APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS') APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_SMTP_SSL') APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto -L/usr/local/ssl/lib') |
1 2 3 4 5 6 7 | mkdir -p /usr/man mkdir -p /usr/man/man1 mkdir -p /usr/man/man8 cp -pfr /usr/local/lib/sasl2 /usr/lib/sasl2 echo /usr/lib/sasl2 >> /etc/ld.so.conf ldconfig ln -s /usr/local/ssl/include/openssl /usr/include/openssl |
Now we can compile sendmail:
1 2 3 4 5 | cd /tmp/sendmail-8.12.11/ useradd smmsp groupadd smmsp sh Build -c sh Build install |
Let’s create our sendmail.cf:
1 | cd cf/cf/ |
Create the file sendmail.mc with the following contents:
dnl ### do SMTPAUTH
define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
dnl ### do STARTTLS
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/cacert.pem')dnl
define(`confSERVER_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/sendmail.pem')dnl
DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL, M=s')dnl
dnl ###
define(`confDEF_CHAR_SET', `iso-8859-1')dnl
define(`confMAX_MESSAGE_SIZE', `15000000')dnl Denial of Service Attacks
define(`confMAX_DAEMON_CHILDREN', `30')dnl Denial of Service Attacks
define(`confCONNECTION_RATE_THROTTLE', `2')dnl Denial of Service Attacks
define(`confMAXRCPTSPERMESSAGE', `50')dnl Denial of service Attacks
define(`confSINGLE_LINE_FROM_HEADER', `True')dnl
define(`confSMTP_LOGIN_MSG', `$j')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`confTO_INITIAL', `6m')dnl
define(`confTO_CONNECT', `20s')dnl
define(`confTO_HELO', `5m')dnl
define(`confTO_HOSTSTATUS', `2m')dnl
define(`confTO_DATAINIT', `6m')dnl
define(`confTO_DATABLOCK', `35m')dnl
define(`confTO_DATAFINAL', `35m')dnl
define(`confDIAL_DELAY', `20s')dnl
define(`confNO_RCPT_ACTION', `add-apparently-to')dnl
define(`confALIAS_WAIT', `0')dnl
define(`confMAX_HOP', `35')dnl
define(`confQUEUE_LA', `5')dnl
define(`confREFUSE_LA', `12')dnl
define(`confSEPARATE_PROC', `False')dnl
define(`confCON_EXPENSIVE', `true')dnl
define(`confWORK_RECIPIENT_FACTOR', `1000')dnl
define(`confWORK_TIME_FACTOR', `3000')dnl
define(`confQUEUE_SORT_ORDER', `Time')dnl
define(`confPRIVACY_FLAGS', `authwarnings,goaway,restrictmailq,restrictqrun,needmailhelo')dnl
OSTYPE(linux)dnl
FEATURE(`delay_checks')dnl
FEATURE(`generics_entire_domain')dnl
FEATURE(`local_procmail')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`nouucp',`reject')dnl
FEATURE(`redirect')dnl
FEATURE(`relay_entire_domain')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`virtuser_entire_domain')dnl
FEATURE(dnsbl,`blackholes.mail-abuse.org',
` Mail from $&{client_addr} rejected; see http://mail-abuse.org/cgi-bin/lookup?$& {client_addr}')dnl
FEATURE(dnsbl,`dialups.mail-abuse.org',
` Mail from dial-up rejected; see http://mail-abuse.org/dul/enduser.htm')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')dnl
FEATURE(access_db)dnl
FEATURE(lookupdotdomain)dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
|
In order to create /etc/mail/sendmail.cf run the following commands:
1 2 | sh Build sendmail.cf cp sendmail.cf /etc/mail/sendmail.cf |
Finally we have to create some files:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | cd /etc/mail/ touch /etc/mail/local-host-names touch /etc/mail/virtusertable /usr/sbin/makemap hash virtusertable < virtusertable mkdir -p /var/spool/mqueue chmod 700 /var/spool/mqueue chown root:root /var/spool/mqueue chown root:root /etc/mail/sendmail.cf chmod 444 /etc/mail/sendmail.cf chown root:root /etc/mail/submit.cf chmod 444 /etc/mail/submit.cf touch /etc/mail/aliases newaliases touch /etc/mail/access /usr/sbin/makemap hash access < access |
We need an init script for sendmail (this should be copied to /etc/init.d/sendmail):
#! /bin/sh
case "$1" in
start)
echo "Initializing SMTP port. (sendmail)"
/usr/sbin/sendmail -bd -q1h
;;
stop)
echo "Shutting down SMTP port:"
killall /usr/sbin/sendmail
;;
restart|reload)
$0 stop && $0 start
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac
exit 0
|
1 | chmod 755 /etc/init.d/sendmail |
In order to start sendmail at boot time do the following:
1 2 3 4 5 6 7 | ln -s /etc/init.d/sendmail /etc/rc2.d/S20sendmail ln -s /etc/init.d/sendmail /etc/rc3.d/S20sendmail ln -s /etc/init.d/sendmail /etc/rc4.d/S20sendmail ln -s /etc/init.d/sendmail /etc/rc5.d/S20sendmail ln -s /etc/init.d/sendmail /etc/rc0.d/K20sendmail ln -s /etc/init.d/sendmail /etc/rc1.d/K20sendmail ln -s /etc/init.d/sendmail /etc/rc6.d/K20sendmail |
6. Configure Saslauthd
Create /etc/init.d/saslauthd:
#!/bin/sh -e
NAME=saslauthd
DAEMON="/usr/sbin/${NAME}"
DESC="SASL Authentication Daemon"
DEFAULTS=/etc/default/saslauthd
test -f "${DAEMON}" || exit 0
# Source defaults file; edit that file to configure this script.
if [ -e "${DEFAULTS}" ]; then
. "${DEFAULTS}"
fi
# If we're not to start the daemon, simply exit
if [ "${START}" != "yes" ]; then
exit 0
fi
# If we have no mechanisms defined
if [ "x${MECHANISMS}" = "x" ]; then
echo "You need to configure ${DEFAULTS} with mechanisms to be used"
exit 0
fi
# Add our mechanimsms with the necessary flag
for i in ${MECHANISMS}; do
PARAMS="${PARAMS} -a ${i}"
done
# Consider our options
case "${1}" in
start)
echo -n "Starting ${DESC}: "
ln -fs /var/spool/postfix/var/run/${NAME} /var/run/${NAME}
${DAEMON} ${PARAMS}
echo "${NAME}."
;;
stop)
echo -n "Stopping ${DESC}: "
PROCS=`ps aux | grep -iw '/usr/sbin/saslauthd' | grep -v 'grep' |awk '{print $2}' | tr '\n' ' '`
if [ "x${PROCS}" != "x" ]; then
kill -15 ${PROCS} &> /dev/null
fi
echo "${NAME}."
;;
restart|force-reload)
$0 stop
sleep 1
$0 start
echo "${NAME}."
;;
*)
echo "Usage: /etc/init.d/${NAME} {start|stop|restart|force-reload}" >&2
exit 1
;;
esac
exit 0
|
1 | chmod 755 /etc/init.d/saslauthd |
In order to start saslauthd at boot time do the following:
1 2 3 4 5 6 7 | ln -s /etc/init.d/saslauthd /etc/rc2.d/S20saslauthd ln -s /etc/init.d/saslauthd /etc/rc3.d/S20saslauthd ln -s /etc/init.d/saslauthd /etc/rc4.d/S20saslauthd ln -s /etc/init.d/saslauthd /etc/rc5.d/S20saslauthd ln -s /etc/init.d/saslauthd /etc/rc0.d/K20saslauthd ln -s /etc/init.d/saslauthd /etc/rc1.d/K20saslauthd ln -s /etc/init.d/saslauthd /etc/rc6.d/K20saslauthd |
Then create /etc/default/saslauthd:
# This needs to be uncommented before saslauthd will be run automatically START=yes # You must specify the authentication mechanisms you wish to use. # This defaults to "pam" for PAM support, but may also include # "shadow" or "sasldb" MECHANISMS=shadow |
If you find out that saslauthd is located in /usr/local/sbin instead of /usr/sbin create a symbolic link:
1 | ln -s /usr/local/sbin/saslauthd /usr/sbin/saslauthd |
Then start saslauthd and sendmail:
1 2 3 | /etc/init.d/saslauthd start /etc/init.d/sendmail start |
7. Test your Configuration
To verify that your sendmail was compiled with the right options type
1 | /usr/sbin/sendmail -d0.1 -bv root |
You should see that sendmail was compiled with SASLv2 and STARTTLS:
To see if SMTP-AUTH and TLS work properly now run the following command:
1 2 | telnet localhost 25
ehlo localhost |
If you see the lines
250-STARTTLS and 250-AUTH
everything is fine.
Reference for this article can be found here: Click Here
Unix File Math – Permissions
I have at times needed to know what the breakdown of this is…..any real programmer worth there salt probably knows this, or has this recorded to memory but I don’t so I have decided to make a post about it and share my nifty table with all who might find this useful, I know that I refer to this from time to time when needed.
| Value | Permission level |
| 400 | Owner Read |
| 200 | Owner Write |
| 100 | Owner Execute |
| 40 | Group Read |
| 20 | Group Write |
| 10 | Group Execute |
| 4 | Global Read |
| 2 | Global Write |
| 1 | Global Execute |
d = what kind it is ( file directory etc )
w
r
x
First set is the owner
w
r
x
Second set is the group
w
r
x
Third set is global
| 400 | Owner Read |
| + 100 | Owner Execute |
| + 20 | Group Write |
| + 4 | Global Read |
| = 524 | Total Permission Value |