Linux Administration

sudo -u postgres createuser USER sudo -u postgres createdb DB sudo -u postgres psql alter user USER with encrypted password 'PASS'; alter database DB owner to USER;

When I get some spare time I would like to make rsyslogd write its contents to database, and parse it through a web interface. In the meantime I’ll just collect some guides here. Writing syslog messages to MySQL, PostgreSQL or any other supported Database Handling a massive syslog database insert rate with Rsyslog Elasticsearch Elasticsearch - Logstash Elasticsearch - Kibana

Extending the certificate to also cover www.iix.se sudo certbot certonly --standalone -d iix.se,www.iix.se,monit.iix.se,test.iix.se Sat Nov 04 11:14 W44 Saving debug log to /var/log/letsencrypt/letsencrypt.log Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org ------------------------------------------------------------------------------- You have an existing certificate that contains a portion of the domains you requested (ref: /etc/letsencrypt/renewal/iix.se.conf) It contains these names: iix.se, monit.iix.se, test.iix.se You requested these names for the new certificate: iix.se, www.iix.se, monit.iix.se, test.iix.se. Do you want to expand and replace this existing certificate with the new certificate?...

# Restart single instance and refresh image sudo docker-compose up -d --build backend

This is an example of doing a quick and dirty restore of a database. Typically happens after doing something stupid, like running UPDATE without a WHERE (oops). In this case, we restore database iix-notes (which by pure coincidence is the same name as this site) from a daily backup. The database is hosted on a postgresql docker container, but it should work the same regardless. Fetch a backup and copy it to the docker container cd $HOME gpg -o iix-notes....

Backing up stuff to the cloud is all the rage, and I wanted to give it a try. Since I don’t really want to spend any money on it, I decided to go with the best free provider I could find. I haven’t done too much research, but MEGA’s 50 free GB seems to be the best offer around. They also have a simple CLI tool called megatools (manual). Since I couldn’t find megatools in the official debian repo, I decided to use it from docker....

location ~ ^/(data|html|css|js)/ { try_files $uri $uri/ =404; } location / { try_files $uri $uri/ /index.html; }

Implementation: Login on server as root Install spamassassin through aptitude In /etc/default/spamassassin: Set ENABLED=1 Add/uncomment in /etc/spamassassin/local.cf: rewrite_header Subject *****SPAM***** report_safe 0 In /etc/postfix/master.cf: smtp inet n - - - - smtpd -o content_filter=spamassassin spamassassin unix - n n - - pipe user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} Restart services service spamassassin start service postfix reload Verification: Email sent to server with body XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X should have subject rewritten to ****SPAM**** $header

Description: Add greylisting to postfix through postgrey Implementation: Login to server as root Install postgrey through aptitude Append to /etc/postgrey/whitelist-clients: d4.sysinst.ida.liu.se Restart service: service postgrey reload Add to/edit in /etc/postfix/main.cf: smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination check_policy_service inet:127.0.0.1:10023 Restart service: service postfix reload Verification: Email from any local host should not be greylisted Email from unknown address should be greylisted

Description: Criterias: Accept mail from any SMTP server in the world. Be able to send mail to any SMTP server in the world. Not accept mail for any other destinations than your domain. Meet the requirements of RFC 2821, section 4.5.1 concerning the postmaster address. Should rewrite local usernames to real names through LDAP lookups Forwarded email from satellite systems should have their FQDN rewritten to this server’s Implementation (Main server): Login on server as root: Install postfix through aptitude Select type Internet Site Set System Mail Name to d4....