IT Procedures

From Gruff Goat Wiki
Jump to: navigation, search

Helpful things to remember.

Apache 2

Operating Systems

  • Windows
    • Windows 98
    • Windows 2000 Server
    • Windows XP
    • Windows 2003 Server
  • Linux
    • Gentoo (DELETED Gentoo info is not maintained and very outdated.)
  • BSD Unix

Archiving / Backup

Duplicity

Duplicity backs directories by producing encrypted tar-format volumes and uploading them to a remote or local file server.

Ports and Packages

  • Determine currently installed ports
 pkg_info                        # Complete list of packages
 pkg_info |grep pkgSearchTerm    # List of packages that match search term
  • Update ports tree
 cvsup -g -L 2 /root/ports-supfile
    OR
 portsnap fetch update           # More efficient and secure than cvsup
                                 # Requires some initialization, see the handbook
  • Update source tree
 cvsup -g -L 2 /root/source-supfile
  • Interactively fix the package registry database
 pkgdb -F
  • Check for securiy vulnerabilities on installed ports and packages
 portaudit -Fda
  • Upgrade a port and those ports dependent on it interactively

NOTE: Before upgrading a port, please read any applicable note on that port from the /usr/ports/UPDATING file. I review this file after running the no-execute test run.

 portupgrade -n -r portname      # No-execute test run
 portupgrade -i -r portname      # Interactive update
    • By default, portupgrade checks the Vulnerabilities database prior to upgrading. If there is a vulnerability, you are asked to update your ports tree. Sometimes, you may need to upgrade a port with still current vulnerabilities.
 setenv DISABLE_VULNERABILITIES yes  # Set environment variable (syntax depends on shell)
 echo DISABLE_VULNERABILITIES
 // Now run portupgrade as always
  • Downgrade a port
 // Install portdowngrade from ports tree
 make DEFAULT_CVS_SERVER="anoncvs@anoncvs1.FreeBSD.org:/home/ncvs" install clean
 // Interactively select version to downgrade to
 portdowngrade yourportname

Mail::Toaster Log Files

View today's sendlog.

 cat /var/log/mail/2005/mm/dd/sendlog |tai64nlocal | less
   or
 tail -F /var/log/mail/2005/mm/dd/sendlog |tai64nlocal

View today's smtplog

 cat /var/log/mail/2005/mm/dd/smtplog |tai64nlocal | less
   or
 tail -F /var/log/mail/2005/mm/dd/smtplog |tai64nlocal

The contents of /var/log/maillog will be anything sent to syslog.mail. Typically this includes vpopmail authentications (pop3, smtp-auth, smtp-submission), courier authentications (imap, imap-ssl, sqwebmail), and SpamAssassin's logs.

 tail -F /var/log/maillog | tai64nlocal  

These are the qmail-send logs. Look here for mail delivery issues.

 tail -F /var/log/mail/send/current | tai64nlocal

These are the qmail-smtpd logs. By default, qmail-smtpd doesn't log anything. However, rblsmtpd and a few of our patches to qmail-smtpd do. In there you'll find all the blocked connections from rblsmtpd, any qregex rejections, chk-user rejections, and simscan rejections. Basically, you want to watch this guy if you are blocking something that you don't want to.

 tail -F /var/log/mail/smtp/current | tai64nlocal

Bind IP Addresses to Network Interface

Add the initial IP address for a NIC

The NIC is represented by em0. It will differ on your computer.

 ifconfig em0 65.23.156.168 netmask 255.255.255.0
 route add default 65.23.156.1

Add to /etc/rc.conf

 ifconfig_em0="inet 65.23.156.168 netmask 255.255.255.0"
 defaultrouter="65.23.156.168"

Add an alias IP address

 ifconfig em0 inet 65.23.156.178 netmask 255.255.255.255 alias

Add to /etc/rc.conf

 ifconfig_em0_alias0="inet 65.23.156.178 netmask 255.255.255.255"
 ifconfig_em0_alias1="inet 65.23.156.179 netmask 255.255.255.255"
 ifconfig_em0_alias2="inet 65.23.156.180 netmask 255.255.255.255"

Remove an alias IP address

 ifconfig em0 inet 65.23.156.178 -alias

Restart the network services

 /etc/rc.d/netif restart

References

IP Aliasing on FreeBSD 2.2.x & 3.0

How to tell a computer to respond to an IP address

Interesting Issue

Story

I requested and received a block of IPs form my service provider. I ran the correct ifconfig commands to add the new IPs as aliases. They did't work. Could ping locallly but not from any other machine (well, I could ping 1 of the IPs but not the rest). Ran some dig and traceroutes on the IPs and they seemed to already be provisioned elsewhere.

Sent an email to my provider indicating the above. They replied saying that the IPs were unencumbered and the results of my dig and traceroute were just ghosts in the DNS.

Struggled and struggled. Tried all kinds of different combinations and tricks. Still got nowhere. Finally, asked my provider to setup the IPs on my server using one of their technicians at $XXX/hour.

After working on my machine for about an hour, the technician issued a different block of IPs and set those up instead. Of course those worked fine. The technician sent me an email stating that the original block was still encumbered in a VLAN that was not properly documented.

Moral

Trust your skills!

Creating a Virtual Web Host

Creating a Virtual Email Host

How-to: HTML Newsletters With Ezmlm-idx

Commands

Find

Find is a utility for finding all items that match your specifications in a directory tree. This command has many advanced options and may easily be used with xargs to perform actions on the found files.

# Find all files and chmod them
find ./ -type f |xargs chmod a-x   # chokes when filename contains spaces
# Find all files, terminate the filename with '\0', and chmod them
find ./ -type f -print0 |xargs -0 chmod a-x

Dump

Dump is used to backup complete filesystems.

# Dump the /var filesystem to a file
dump -0uLa -f /usr/dumpvar /var

See Dump Usage for more examples. Also see my shell script for periodic dumps. Gruff Goat's Script Collection and Ggis dump.sh

Restore

Restore is used to restore filessytems backed up with dump.

# Interactively restore files from the dumpfile
restore -if /backup/dumpfile

See Restore Usage for more examples

Tar

Tar is used to create archives, usually compressed. Some of the command strings may get rather complex. Here it is in its simplest form.

# Create a compressed archive name myarchive from the entire directory branch /home
tar -czf myarchive /home

# Extract myarchive to the current directory
tar -xzf myarchive

See Tar Usage for more complex examples

pwd_mkdb

pwd_mkdb creates db style password databases from a correctly formatted master.passwd file.

# Verify master.passwd format
pwd_mkdb -C /etc/master.passwd

# Update the databases
pwd_mkdb /etc/master.passwd
 

SMTP Using Telnet

prompt:/> 
telnet smtpdomain.com 25
   Connecting to smtpdomain.com.
   Escape character is '^]'.
   220 smtpdomain.com
helo mydomain.com
   250 smtpdomain.com Hello mydomain.com
mail from: me@mydomain.com
   250 OK
rcpt to: you@yourdomain.com
   250 Accepted
   data
   354 Enter message, ending with "." on a line by itself
Subject:Test Message
This is a test message.
.
   250 OK id=10156jh
quit
   221 smtpdomain.com closing connection
   Connection closed by foreign host

Connect to USB Harddrive

 mkdir /mnt/usb                         # Create dir unless already exists
 
 # Using a FAT32 formatted disk
 mount -t msdos /dev/da0s1 /mnt/usb
 
 # Using a UFS formatted disk
 mount -t ufs /dev/da0s1 /mnt/usb

Connect to NFS Drive

 mkidr /mnt/mountname
 mount -t nfs -o -r=1024 192.168.1.2:/exportname /mnt/mountname

Test for Listening Ports

 lsof -i

Misc

 grep -hilnr 65.34.156.178 *
   h - suppress filename on multiple filename results
   i - ignore case
   l - print first filename match, then stop
   n - line numbers
   r - recurse directories
 /etc/rc.d/netif
   allows one to start or stop a specific interface
 /etc/rc.d/routing
 route -a
 route -n show
 route -n get 128.6.60.6
 /etc/rc.d/routed

Convert between UNIX and DOS style text files.

 unix2dos filename     # Convert Unix style newlines to DOS style
 dos2unix filename     # Convert DOS style newlines to Unix style

See the 10 largest files on a directory or partition.

 du /partition_or_directory_name | sort -rn | head

Links