Difference between revisions of "Useful Commands"

From SME Server
Jump to navigationJump to search
Line 316: Line 316:
 
| rpm -qV <packagename> || reports if permission and ownership are OK
 
| rpm -qV <packagename> || reports if permission and ownership are OK
 
|-
 
|-
| rpm -qpR <packagename>.rpm || Find what dependencies have a  rpm
+
| rpm -qpR <packagename.rpm> || Find what dependencies have a  rpm
 
|-
 
|-
 
|  rpm -qR <packagename> || Find what dependencies have a package name
 
|  rpm -qR <packagename> || Find what dependencies have a package name
Line 329: Line 329:
 
|-
 
|-
 
| rpm -Va ||  capture any damaged/incomplete rpms - but will also show lots of configuration files, which you of course expect to be modified.
 
| rpm -Va ||  capture any damaged/incomplete rpms - but will also show lots of configuration files, which you of course expect to be modified.
|-
 
| rpm -qpl <packagename.rpm> || List all files contained in a rpm which is not installed
 
 
|}
 
|}
  

Revision as of 11:37, 9 June 2014

SME Server locale

By default the sme server 8 locale is ISO-8859-1ldapsear

Apache Related Commands

Apache options to ibay

Expand httpd.conf template

expand-template /etc/httpd/conf/httpd.conf
sv h /service/httpd-e-smith

ou

/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
/usr/bin/sv h /service/httpd-e-smith

Restart httpd

/etc/init.d/httpd-e-smith restart

or

sv t /service/httpd-e-smith

Enable AllowOverride All/None

leave Apache reads the distributed configuration file .htaccess per ibay:

db accounts setprop IBAYNAME AllowOverride All
signal-event ibay-modify IBAYNAME

if you want to remove

db accounts delprop IBAYNAME AllowOverride
signal-event ibay-modify IBAYNAME

enable Symlinks in that iBay

db accounts setprop IBAYNAME FollowSymLinks enabled
signal-event ibay-modify IBAYNAME

if you want to remove

db accounts delprop IBAYNAME FollowSymLinks
signal-event ibay-modify IBAYNAME

disable apache directory indexes per ibay

db accounts setprop IBAYNAME Indexes disabled
signal-event ibay-modify IBAYNAME

if you want to remove

db accounts delprop IBAYNAME Indexes
signal-event ibay-modify IBAYNAME

PHPBaseDir per ibay

the phpbasedir is a "php-jail", if you want that it uses its normal jail and allow it to use also /tmp then :

db accounts setprop IBAYNAME PHPBaseDir /home/e-smith/files/ibays/IBAYNAME/:/tmp/
signal-event ibay-modify IBAYNAME

Allow PHP URL File Open per ibay

For SME9 exclusively see Useful_Commands#PHP_settings_only_for_SME9

Make custom httpd directory if not exist

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf

Create the template name 99allow_url_fopen and put the content

<Directory /home/e-smith/files/ibays/IBAYNAME/html>
php_admin_flag allow_url_fopen on
</Directory>

Save the file

Expand

expand-template /etc/httpd/conf/httpd.conf

Restart httpd.

/etc/init.d/httpd-e-smith restart

Allow PHP URL File Open

This is set with a db command. Use the command here

http://wiki.contribs.org/DB_Variables_Configuration#Php

and replace the variable and value eg

db configuration setprop php AllowUrlFopen On
expand-template /etc/php.ini
/etc/init.d/httpd-e-smith restart

PHP document root

$_SERVER['DOCUMENT_ROOT']

If you set up an application in an ibay you may have some odd results due to the usage of $_SERVER['DOCUMENT_ROOT'] by the application. By default this is set in php.ini to :

/home/e-smith/files/ibays/Primary/html

How to overcome $_SERVER['DOCUMENT_ROOT'] issues in ibays see PHP_document_root

PHP settings only for SME9

Information.png Tip:
These settings modify only the behaviour of one ibay and not at all the whole php settings for the server. Only for sme9, see bugzilla:8239


db accounts setprop ibayname variable value
signal-event ibay-modify ibayname
AllowUrlfOpen : enabled/disabled
MemoryLimit : set a M as unit, eg 64M
UpMaxFileSize : set a M as unit, eg 64M
PostMaxSize : set a M as unit, eg 64M
MaxExecTime: unlimited or set time in second without units, eg 60

https forced redirection using custom template

see Https_redirection

If it does not already exist then create the following directory

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts
cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts
nano 60redir-ibayname1

Paste or type the following code including the brackets, replacing ibayname with the name of your ibay

{
if ($port ne "443")
{
$OUT .= <<'HERE';
## Redirect Web Address to Secure Address
RewriteEngine on
RewriteRule ^/ibayname https://%{HTTP_HOST}/ibayname

## End Of Redirect
HERE
}
}

Save the file & exit by Ctrl+x

/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
/etc/init.d/httpd restart

Certificates

see http://wiki.contribs.org/Certificates_Concepts

How to change your certificate

Since SME version 7.1.3, the functionality to configure a Common Name in the certificate is included in the main SME packages and can be configured as follows:

config setprop modSSL CommonName www.domain.com
expand-template /home/e-smith/ssl.crt/crt
expand-template /home/e-smith/ssl.key/key
signal-event domain-modify
signal-event email-update 

see this forum thread [1] and bug report [2]

How to set expiration time

The SME self signed certificate is valid for one year, and is automatically renewed on the anniversary of the installation date of the SME server OS. To specify how long your SME certificate will last for, do the following:

cp /etc/e-smith/templates/home/e-smith/ssl.crt /etc/e-smith/templates-custom/home/e-smith/ssl.crt
nano -w /etc/e-smith/templates-custom/home/e-smith/ssl.crt

change the value for KEYLIFEINDAYS on the first line to the number of days the certificate will remain valid for eg 1826 for 5 years.

Save & exit by pressing the following keys at the same time

ctrl o
ctrl x

Create a new self signed certificate, with the longer validity period. Replace the filenames below with the correct file/key names applicable to your server.

rm /home/e-smith/ssl.crt/servername.domain.com.crt
rm /home/e-smith/ssl.key/servername.domain.com.key
rm /home/e-smith/ssl.pem/servername.domain.com.pem
signal-event post-upgrade
signal-event reboot

Install the new certificate into your browser.

Also see http://wiki.contribs.org/Certificates_Concepts


Command-Line Quick Reference Guide

Below is a list of commands that I use all the time & tend to forget.

Generic Linux

COMMAND NAME DESCRIPTION
du -sh /* shows your folder sizes by directory in the root (you can adapt to your directory path)
df -h shows disk usage in human readable form
man <commandname> shows more info about a command
uname -a kernel release version
/usr/sbin/smbd -V samba version
/usr/sbin/httpd -v apache version
mysql -v mysql version
php -v php version
mv moves or renames a file
cp copies or backup a file
rm removes or deletes a file
grep <process> outputs processes running <process>
ps -AH report process status
top shows processes
top -i shows only active processes
htop shows processes (more versatile than top)
iptraf shows network info
mc -d show midnight commander (cli file browser) to navigate through system easily
host -t mx aol.com shows the mx records for aol.com
net groupmap list shows samba mappings to nt groups
telinit 1 changes to single user mode
ifconfig shows detailed info on ethernet ports
grep -nsr "casesensitivesearch" /path/to/dir finds all documents containing the criteria in a dir
grep -nsr server-manager.jpg /etc/e-smith/ search the file server-manager.jpg in the path directory /etc/e-smith
tail -f /var/log/<LOGFILE> realtime viewing of your log file
hdparm -Tt /dev/mdx (where x is 0,1,2,etc) shows software raid performance
mdadm --detail /dev/mdx (where x is 0,1,2,etc) gives raid info
cat /proc/mdstat shows software raid
tar -czvf foo.tar.gz foo creates a tar/zip file of a directory
tar -xvzf foo.tar.gz untar/unzip a tar/zip file
scp -P <ssh_portnumber> foo.tar.gz <user>@<other_server_ipaddress>:/opt transfers file to another server in /opt directory
rsync --progress -te "ssh -p <ssh_portnumber>" foo <other_server_ipaddress>:/opt transfers file to another server
sed -i s/foo/fee/g <FILENAMEORPATHTODIR> replaces foo with fee
watch mysqladmin process shows the mysql processes running
lslbk <ONLY SME9> lsblk lists information about all available or the specified block devices. The lsblk command reads the sysfs filesystem to gather information. The command prints all block devices (except RAM disks) in a tree-like format by default.
find . -type f | xargs rpm -qf | sort | uniq find from which rpm these files come from

Estimate file space usage - drill down into directories

cd /
du --si --max-depth 1
cd /home
du --si --max-depth 1
cd /home/e-smith
du --si --max-depth 1

create missing group and set gid

If a specific sme group or linux group is missing, you can create it again. see bugzilla:7932#c48

groupadd -g 102 -o apache
rpm --setugids --setperms rpm1 rpm2

where 102 is the correct gid of apache group, adapt it to the right setting where rpm1 and rpm2 are valid rpm but broken due to the lack of apache group during installation or upgrade

display what are your network interfaces

# perl -Mesmith::ethernet -e "print esmith::ethernet::probeAdapters();"
EthernetDriver1	e1000	08:00:27:23:85:a6	"Intel Corporation 82540EM Gigabit Ethernet Controller (rev 02)"

find files by their size

it could be useful to find large file by the command line

find /home/e-smith -type f -size +200M -exec ls -lh {} \; | awk '{ print $ ":_" $5 }';

use

‘k’    for Kilobytes (units of 1024 bytes)
‘M’    for Megabytes (units of 1048576 bytes)
‘G’    for Gigabytes (units of 1073741824 bytes)


Check file system in case of corruption

If your filesystem is corrupted. That can be a hardware failure, or a software corruption (after a crash). The server won't boot before you manually run fsck to check/repair the filesystem. Note that this might not be possible if the problem is comming from hardware failure (hope you have backups....).

Try this: - when you're prompted to, enter the root password, you'll be dropped on a shell - manually run fsck

e2fsck -D -tt -y /dev/main/root

It can take several minutes/hours depending on the size of your drives and their speed. With some luck, the filesystem will be cleaned, and you'll be able to boot.

RPM's

Command Explanation
rpm -qa shows all rpms installed
rpm -qa --last shows all rpms installed & installation date
rpm -q asks for rpm info
rpm -qi asks for detailed rpm info
rpm -ql <packagename> lists all files in a package
rpm -qpl <packagename.rpm> List all files in a rpm which is not installed
rpm -qf <filename> reports what package a file belongs to
rpm -qV <packagename> reports if permission and ownership are OK
rpm -qpR <packagename.rpm> Find what dependencies have a rpm
rpm -qR <packagename> Find what dependencies have a package name
rpm -q --whatrequires <packagename> find what packages have <packagename> as dependancy
rpm -e --test <packagename> find what packages have <packagename> as dependancy (more verbose as above)
rpm --setugids <packagename> set right ownership to rpm
rpm --setperms <packagename> set right permissions to rpm
rpm -Va capture any damaged/incomplete rpms - but will also show lots of configuration files, which you of course expect to be modified.

Restore all permissions and ownership

If you want to restore all permissions and right ownership of rpm, you can do this in a root terminal. See bugzilla:6851#c15

for f in $(rpm -qa); do echo $f; rpm --setugids $f; done
for f in $(rpm -qa); do echo $f; rpm --setperms $f; done

YUM'ing and repositories

Command Explanation
yum install <packagename> installs packagename & any package it may need
yum remove <packagename> removes packagename
yum list updates list updates to any installed package
yum list available list available packages in all repos not already installed
grep <reponame> list available packages -shows only from repo name
yum search <packagename> lists all packages in all repos matching packagename
yum clean all Is used to clean up various things which accumulate in the yum cache
yum --enablerepo=<reponame> <command> enables a repo not normally enabled
/sbin/e-smith/audittools/newrpms shows all extra packages installed
/sbin/e-smith/audittools/repositories show all repositories and if they are activated or not
db yum_repositories show <reponame> show properties of the repository <reponame> (you may use TAB to auto-complete your command line)
Restoring Default Yum Repositories
Important.png Note:
If you have problems with your yum setup you may have entered incorrect repository values. Remove the current values and restore the original setting with these commands


cd /home/e-smith/db/
mv yum_repositories yum_repositories.po
/etc/e-smith/events/actions/initialize-default-databases

Now you have a clean install, you can re-add 3rd party repos as described above

signal-event yum-modify

and check if you can update your server

yum update

LDAP

Display LDAP parameters

you can display LDAP parameters, either by the server-manager or by the command line :

ldapsearch -x -h localhost -s base |grep 'dn'

Log

Parse Log to find errors

When you want to test the SME Product it can be useful to see what it occurs This CL can help you, but you should read the entire log

grep -iE "uninitialized|WARNING|ERROR" /var/log/messages

of course this is for the /var/log/messages

or if you want to parse all log

grep -iE "uninitialized|WARNING|ERROR" /var/log/*


Important.png Note:
you have now a tool in your hand to parse logfile : Audit_Tools#logcheck. You should be aware that tool is here to help to find errors in the development side of the SME Server and thus you could have a lot of false positive


Mail

see Email

check blocked email address by the server

grep -i 'blocked email address' /var/log/qpsmtpd/current

maximum email size

Email#Set_max_email_size

Spam filter with Server-Manager

Using the Server-Manager Configuration/E-Mail panel, adjust the settings to these reasonable defaults.

  • Virus scanning Enabled
  • Spam filtering Enabled
  • Spam sensitivity Custom
  • Custom spam tagging level 4
  • Custom spam rejection level 12
  • Sort spam into junkmail folder Enabled
  • Modify subject of spam messages Enabled

spam retention in junk mailbox

The server will automatically delete old spam in the junkmail folders after 90 days. You can control the number of days old spam is kept with the following commands. Where 15 is the number of days you want to keep messages, do...

db configuration setprop spamassassin MessageRetentionTime 15
signal-event email-update
svc -t /service/qpsmtpd

then config show spamassassin

Mail Statistics

See Mailstats for details on the mailstats package.

yum install --enablerepo=smecontribs smeserver-mailstats

Whitelist and Blacklist

If mail comes in and it is misclassified as spam, you can add the sender to the whitelist so that future messages coming in from that sender are not filtered. Conversely, you can add a spammer to the blacklist so you never see their spam again. Add senders (or their entire domains) to the global whitelist (or blacklist) with commands similar to these (as root):

db spamassassin setprop wbl.global *@vonage.com White
db spamassassin setprop wbl.global *domain2.com White
db spamassassin setprop wbl.global user@domain3.com White
db spamassassin setprop wbl.global spammer@spamdomain.com Black

expland template and save the configuration to the database

expand-template /etc/mail/spamassassin/local.cf
svc -t /service/spamd

You can view the lists with this command:

db spamassassin show

MySQL

There appears to be no password set for the MySQL root password, but this is not true. If you are logged in to the SME Server shell a special mechanism is in place to log you in with MySQL root privileges without prompting you for the password.

The MySQL root password for SME Server is a 72 character random string generated during installation of SME Server. You should never change the MySQL root password as this will break your SME Server configuration. How to login as MySQL root user? describes how to access MySQL with root privileges on SME Server.

For more informations you can see the MySQL page

Login as MySQL root user

To login as MySQL root user, simply type 'mysql' at the SME Server shell, this will log you in with root privileges. the mysql admin password is a random password generated which can be find

  • /root/.my.cnf
  • /etc/ldap.secret

do not modify these files.

if you need to call the mysql password in a script you can invoke this bash variable

PWD=$(cat /etc/ldap.secret)

Create a Database and its User

Create a new MySQL database (In this example the database name is databasename. Change databasename, username and password with your own choices as required)

Login as root and issue the following command:

mysql
create database databasename;
grant all privileges on databasename.* to username identified by 'password';
flush privileges;
exit

Remove a database

Get access to the SME Server shell and MySQL and issue the following command:

drop database databasename;

Replace databasename with the name of the database.

Remove a user

Get access to the SME Server shell and MySQL and issue the following command:

USE mysql;
DELETE FROM user WHERE user = 'username';
FLUSH PRIVILEGES;

Replace username with the username you wish to delete.


Information.png Tip:
mysql_setpermission is a command line menu driven utility that can assist in MySQL administration.


Other useful MySQL commands:

show databases;

list all available database.

SELECT user FROM mysql.user;

display a list of the MySQL users

DROP USER 'jeffrey'@'localhost';

remove the user jeffrey

SHOW GRANTS FOR 'user'@'localhost';

list the privileges granted to the account user

GRANT ALL PRIVILEGES ON *.* TO 'new_dba'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
FLUSH PRIVILEGES;

give all rights on all databases for new_dba user

GRANT SELECT, UPDATE, INSERT, DELETE ON database.* TO 'new_user'@'localhost' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;

give all rights on database for new_user

mysqladmin drop databasename;

will let you destroy a database. Use with care. Use 'mysqladmin --help' for all available options.

Password

Password strength

First a warning - Far too many systems out there have weak passwords and they will be broken into. Educating your users on the necessity of strong passwords is the best option. If that fails, here is how you change the password strength checking from 'strong' to 'normal', which was the setting in previous versions of SME. Be careful to use the exact capitalization.

config setprop passwordstrength Admin normal
config setprop passwordstrength Users normal
config setprop passwordstrength Ibays normal

It is also possible, but strongly discouraged, to disable password strength checking by setting to 'none'

none   : no check is performed on the password
normal : the password must be composed of at least seven characters with uppercase and lowercase letters, numbers and non-alphanumeric characters
strong : the restrictions are the same as for the normal level, but in addition, the password is verified by cryptlib which ensures its actual complexity

Change Password Users by the command line

If you want to change password to your users by the command Line instead of the user panel of SME Server you can do it like this.

perl -e "use esmith::util;esmith::util::setUserPassword( 'username', 'password');";  /sbin/e-smith/signal-event  password-modify username

run it for each user separately and replace

username

and

password

with the appropriate values for each of your users.

Signalling events : Signal-event

The signal-event program takes an event name as an argument, and executes all of the actions in that event, providing the event name as the first parameter and directing all output to the system log. It works by listing the entries in the event directory and executing them in sequence. So for example, the command:

signal-event console-save

will perform all the actions associated with the console-save event, which is defined by the contents of the /etc/e-smith/events/console-save/ directory. This is exactly what the console user interface does when you select save at the end of the console configuration wizard.

see all options

PHP Related Commands

Show current php settings

config show php

Expand php.ini template

expand-template /etc/php.ini


Configure PHP Basedir Restriction per ibay

db accounts setprop IBAYNAME PHPBaseDir DIR1:DIR2:DIRn
signal-event ibay-modify IBAYNAME

Example

db accounts setprop Primary PHPBaseDir /home/e-smith/files/ibays/Primary:/tmp
signal-event ibay-modify Primary

Execution Time

For SME9 exclusively see Useful_Commands#PHP_settings_only_for_SME9

db configuration setprop php MaxExecutionTime ZZ
expand-template /etc/php.ini
/etc/init.d/httpd-e-smith restart

where ZZ is the time in seconds.

Memory Limit

For SME9 exclusively see Useful_Commands#PHP_settings_only_for_SME9

db configuration setprop php MemoryLimit XXM
expand-template /etc/php.ini
/etc/init.d/httpd-e-smith restart

where XX is the amount of memory in Mb.

Upload Max File Size

For SME9 exclusively see Useful_Commands#PHP_settings_only_for_SME9

db configuration setprop php UploadMaxFilesize WW
expand-template /etc/php.ini
/etc/init.d/httpd-e-smith restart

where WW is the file size in Mb.

Post Maximum Size

For SME9 exclusively see Useful_Commands#PHP_settings_only_for_SME9

db configuration setprop php PostMaxSize  WW
expand-template /etc/php.ini
/etc/init.d/httpd-e-smith restart

where WW is the file size in Mb.

Allow URL FOpen

For SME9 exclusively see Useful_Commands#PHP_settings_only_for_SME9
Not secure. Instead use per ibay or directory.

SME Server specific

Command Line

Command Explanation
signal-event post-upgrade performs SME Server to go regenerate all templates
signal-event reboot reboots the server
signal-event <event> performs SME Server to go regenerate event template (you may use TAB to auto-complete your command line)
signal-event console-save Expands templates and reconfigures services which can be changed from the text-mode console and which do not require a reboot
signal-event dns-update refreshes the DNS cache, useful for when you know a domain has changed IP and the TTL is too long to wait
/etc/e-smith/events/actions/navigation-conf recreates server-manager navigation panel
config show display the internal configuration of the server
config show <service name> show the service configuration (you may use TAB to auto-complete your command line)
db shows the syntax of the db command
db configuration show shows the entire server configuration
db configuration setprop <record> <property> <value> sets or changes a property in the configuration database
db accounts show shows all account details
db accounts show <accountname> shows the account details
/etc/e-smith/events/actions/initialize-default-databases action for initializing the default database values

Refresh DNS cache

signal-event dns-update 	

refreshes the DNS cache, useful for when you know a domain has changed IP and the TTL is too long to wait

Refresh Squid Cache

Extracted from: http://forums.contribs.org/index.php?topic=38848.msg176737#msg176737

Flush and Restart

sv d /service/squid
echo "" > /var/spool/squid/swap.state
sv u /service/squid

& to check it's running

sv s /service/squid

db command

Important.png Note:
SME Server comes with the most used parameters set as variables in its internal configuration databases. These variables are used to store values to be used in the final configuration files. Please, read the SME_Server:Documentation:Developers_Manual:Section2 to understand the template and database process.


you can see this page of the wiki DB_Variables_Configuration

Setting db variables to default values

Important.png Note:
Use of 'config' is a shorthand version for 'db configuration' and therefore only works with the configuration database


Any db variable that has a default value can be reset to the default by deleting the variable entirely, then re-initializing the default database values as follows:

config delprop <key> <prop>
/etc/e-smith/events/actions/initialize-default-databases

Delete a property value

To delete the property

db accounts delprop <key> <prop>

Reset a property value

To reset to an empty value

db accounts setprop <key> <prop> ''


Warning.png Warning:
Database parameters are case sensitive so take great care when typing at the server shell because no error messages are given should you make a mistake.


Give a shell access to "user"

db accounts setprop user Shell /bin/bash
signal-event user-modify user

General Service Handling

  • start
sv u /service/servicename
  • stop
sv d /service/servicename
  • restart
sv t /service/servicename


Information.png Tip:
you may use TAB to auto-complete your command line


All other linux common way to start or stop services are also valuable

/etc/init.d/servicename start/stop/status
service servicename start/stop/status

Example

Restarting:

sv t /service/httpd-e-smith

allow a service to start for a particular time

If your package implements a server or daemon, you will probably want it to be started automatically when the system boots. The SME Server boots in runlevel 7, so you can get an idea of the startup processes by listing the contents of /etc/rc.d/rc7.d.

These are similar to the init scripts you may be familiar with from other Linux systems, with one important difference. Instead of pointing to scripts within /etc/rc.d/init.d, all of those init entries are links to /etc/rc.d/init.d/e-smith-service. This is a wrapper which checks the configuration database to see if the service is supposed to be running and if so, starts the service from /etc/rc.d/init.d/whatever.

So for example, you might have:

S90squid -> /etc/rc.d/init.d/e-smith-service

The e-smith-service script looks up the name it was invoked with (S90squid), drops the prefix (leaving squid), checks the configuration database for the "squid" service, then if it's supposed to run, does:

/etc/rc.d/init.d/squid start
  • with this way SME's knows how to/if start the service at startup
config set myapplicationname service status enabled
cd /etc/rc.d/init.d
ln -s /path/to/myinitscript myapplicationname

We are creating a symlink of the original startup script with a new name (the point is that myapplicationname must be identical to the service name above)

cd /etc/rc7.d
ln -s  /etc/rc.d/init.d/e-smith-service SXXmyapplicationname

we create a symlink to e-smith-service startup script with a name where: S tells SME to start XX are numbers

You can decide when to start the service myapplicationname, but you should not start something that need the network before the network itself is up and running. Therefore you can see the content of /etc/rc7.d and see which scripts are needed to execute your new startup script

signal-event remoteaccess-update
service myapplicationname start

Creating or deleting a service

  • Creating and starting service
ln -f -s /etc/rc.d/init.d/e-smith-service /etc/rc7.d/S98popfile
/sbin/e-smith/db configuration set popfile service status enabled
/sbin/e-smith/signal-event remoteaccess-update
service popfile start
  • Deleting and unregistering service
service popfile stop
sleep 3
rm -f /etc/rc7.d/S98popfile
rm -f /etc/rc.d/init.d/popfile
/sbin/e-smith/config delete popfile
/sbin/e-smith/signal-event remoteaccess-update

Create a service with db command and set network access

DB_Variables_Configuration#Additional_information_on_customizing_iptables

Create a custom-named service definition in the configuration database.

db configuration set <servicename> service

Apply your desired firewall restrictions to any existing SME 'service' or to a custom-named service that you have created. Combine a custom-named service with port-forwarding to create customized firewall rules.

db configuration setprop <servicename> TCPPort <portnumber>
db configuration setprop <servicename> TCPPorts <portnumbers> # Ranges of ports are defined with a : not a -
db configuration setprop <servicename> UDPPort <portnumber>
db configuration setprop <servicename> UDPPorts <portnumbers> # Ranges of ports are defined with a : not a -
db configuration setprop <servicename> status enabled|disabled
db configuration setprop <servicename> access public|private
db configuration setprop <servicename> AllowHosts a.b.c.d,x.y.z.0/24
db configuration setprop <servicename> DenyHosts e.f.g.h,l.m.n.0/24


Effectuate the changes you have made

signal-event remoteaccess-update

SSH

Enable SSH

  • Enable ssh access (the lazy not-so-secure way, but I am assuming for this testing/dev scenario that your external IP is really a local address behind a router)
db configuration setprop sshd status enabled
db configuration setprop sshd PermitRootLogin yes
db configuration setprop sshd acccess public
db configuration setprop sshd PasswordAuthentication yes
/sbin/e-smith/signal-event remoteaccess-update


  • Allow ssh in public or private mode : public= all internet private= only your network
db configuration sshd access public
signal-event remoteaccess-update

Access to the terminal of your remote sme

ssh root@ip-sme-or-remote-hostname

or

ssh -pX root@ip-sme-or-remote-host (X is the port listened by ssh service)


Important.png Note:
you need to forward in your router the port 22 (or whatever you decide) to your internal sme's ip and allow ssh in the server-manager with the root login and Password Authentication (Security/Remote Access menu). You can enhance security by disabling the root connection : Allow administrative command line access over secure shell NO

Keep in mind that you need to set the service to public access (entire internet) if you want to be accessible by ssh outside of you network (see the Denyhosts contrib for banning hosts which failed too many login attempts to your ssh deamon.)


Execute or run a command over ssh to a remote server and auto disconnect after quit

ssh -t root@ip-sme-or-remote-hostname command


where 'command' is the program or command to run. An example could be:


ssh -t root@192.168.1.5 top


Access to the server-manager through SSH

We can access to the server-manager of your remote SME Server by SSH with a tunneling protocol initiated by "ssh -L". This command has to be done by a superuser in a Terminal like if you want to be connected to your SME Server by SSH.

Important.png Note:
We assume that ports are forwarded in your router to your sme internal IP (443 and 22) and the root user is allowed to access by ssh to the server.


Do this in a root terminal of your Linux computer outside of your network

ssh -L 443:localhost:443 root@your-static-external-network-IP-or-host.dyndsn.org

host.dyndsn.org could be a free service as dyndns.org or noip.com

Keep the terminal open, Then you need to use this specific URL in your WEB Browser to go to the server-manager

https://localhost/server-manager


Information.png Tip:
It is possible to use putty if you are afraid about some commands in a terminal, you can find a lot of examples by typing this in google tunneling by putty


Access with non standard ports

In certain cases which you are not root on the local computer, you can not redirect port < 1024, so you have to use port > 1024 as the example below.

ssh -L 9443:localhost:443 root@your-remote-ip -p 22
9443 : local port
443 : remote https port
your-remote-ip : the remote host (could be an ip or a domain name)
22 : this is the port where the ssh server is listening, you can change it in accordance with the remote server

Keep the terminal open, Then you need to use this specific URL in your WEB Browser to go to the server-manager

https://localhost:9443/server-manager