859
edits
Changes
From SME Server
Jump to navigationJump to search→PHP settings only for SME9
==SME Server locale==
==SME Server locale==
By default the sme server 8 locale is ISO-8859-1ldapsear
By default the sme server 8 locale is ISO-8859-1ldapsear
==ACL==
===See ACL===
getfacl /path/2/files/or/folders
===set ACL===
setfacl -P -R -m u:apache:rwX,d:u:apache:rwX /path/2/files/or/folders
-R : recursive<br />
-P : physical, follow symlinks
==Apache Related Commands==
==Apache Related Commands==
or
or
sv t /service/httpd-e-smith
sv t /service/httpd-e-smith
=====SME10=====
How do I start, restart, stop, reload and check the status of a service (httpd-e-smith.service) with systemd.
# systemctl start httpd-e-smith.service
# systemctl restart httpd-e-smith.service
# systemctl stop httpd-e-smith.service
# systemctl reload httpd-e-smith.service
# systemctl status httpd-e-smith.service
====Enable AllowOverride All/None====
====Enable AllowOverride All/None====
signal-event ibay-modify ibayname
signal-event ibay-modify ibayname
AllowUrlFopen : enabled/disabled
MemoryLimit : set a M as unit, eg 64M
MemoryLimit : set a M as unit, eg 64M
UpMaxFileSize : set a M as unit, eg 64M
UpMaxFileSize : set a M as unit, eg 64M
PostMaxSize : set a M as unit, eg 64M
PostMaxSize : set a M as unit, eg 64M
MaxExecTime: unlimited or set time in second without units, eg 60
MaxExecTime: unlimited or set time in second without units, eg 60
====PHPinfo====
====PHPinfo====
signal-event post-upgrade
signal-event post-upgrade
signal-event reboot
signal-event reboot
alternately
config show modSSL
config delprop modSSL crt key CertificateChainFile
signal-event ssl-update
==Command-Line Quick Reference Guide==
==Command-Line Quick Reference Guide==
|-
|-
| httpd -t || verify the syntax of the configuration file of apache
| httpd -t || verify the syntax of the configuration file of apache
|-
| httpd -tf /path/to/config/file || verify the syntax of the specified configuration file of apache
|-
| httpd -t -D DUMP_MODULES || display all loaded modules of apache
|-
|-
| mysql -v || mysql version
| mysql -v || mysql version
|-
|-
| ps -AH || report process status
| ps -AH || report process status
|-
| ps fax || display processes by tree with their pid
|-
|-
| top || shows processes
| top || shows processes
|-
|-
| grep -nsri server-manager.jpg /etc/e-smith/ || search the file server-manager.jpg in the path directory /etc/e-smith
| grep -nsri server-manager.jpg /etc/e-smith/ || search the file server-manager.jpg in the path directory /etc/e-smith
|-
| grep -P '^www |apache' /etc/group || search after patterns which start by www and/or apache in /etc/group
|-
|-
| tail -f /var/log/<LOGFILE> || realtime viewing of your log file
| tail -f /var/log/<LOGFILE> || realtime viewing of your log file
|-
|-
| sed '/abba/Id' file.txt || remove all '''lines''' with the string 'abba' (case sensitive) in the file.txt
| sed '/abba/Id' file.txt || remove all '''lines''' with the string 'abba' (case sensitive) in the file.txt
|-
| sed -n '/^www/p' /etc/group || print all line starting by www in the file /etc/group
|-
|-
| watch mysqladmin process || shows the mysql processes running
| watch mysqladmin process || shows the mysql processes running
|-
|-
| pstree || pstree shows running processes as a tree. The tree is rooted at either pid or init if pid is omitted.
| pstree || pstree shows running processes as a tree. The tree is rooted at either pid or init if pid is omitted.
|-
| clamdtop || clamdtop is a tool to monitor one or multiple clamd(s), that shows the jobs in clamd’s queue, memory usage, and information about the loaded signature database.
|}
|}
cd /home/e-smith
cd /home/e-smith
du --si --max-depth 1
du --si --max-depth 1
====UID/GID====
* see informations of a user
id USER
*change the uid of a user
usermod -u '''UID''' USER_NAME
* create a group
groupadd -g '''GID''' -o GROUPE_NAME
* modify the GID of a group
groupmod -o -g '''GID''' GROUPE_NAME
* add a principal group to a user
usermod -g '''GROUP_NAME_OR_GID''' USER_NAME
* add a secondary group to a user
usermod -a -G '''GROUP_NAME_OR_GID''' USER_NAME
====usermod====
*change the home directory (-m move files/folders to the new location)
usermod -d /var/lib/jdownloader jdownloader
* change the shell access of a user
usermod --shell /bin/bash jdownloader
====Read a TAI64N timestamp in human readable format====
====Read a TAI64N timestamp in human readable format====
Eg
Eg
cat /var/log/qpsmtpd/current |tai64nlocal|less
cat /var/log/qpsmtpd/current |tai64nlocal|less
Or
tailf /var/log/sshd/current | tai64nlocal
====adjust the ntp time====
====adjust the ntp time====
# perl -Mesmith::ethernet -e "print esmith::ethernet::probeAdapters();"
# perl -Mesmith::ethernet -e "print esmith::ethernet::probeAdapters();"
EthernetDriver1 e1000 08:00:27:23:85:a6 "Intel Corporation 82540EM Gigabit Ethernet Controller (rev 02)"
EthernetDriver1 e1000 08:00:27:23:85:a6 "Intel Corporation 82540EM Gigabit Ethernet Controller (rev 02)"
alternatively, and only for SME9 or greater, you can use
# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether AA:BB:CC:DD:EE:FF brd ff:ff:ff:ff:ff:ff
inet 11.22.22.44/XY brd 11.22.33.255 scope global eth0
3: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 10:00:01:02:03:04 brd ff:ff:ff:ff:ff:ff
inet 192.168.45.1/24 brd 192.168.45.255 scope global dummy0
====find files by their size====
====find files by their size====
‘M’ for Megabytes (units of 1048576 bytes)
‘M’ for Megabytes (units of 1048576 bytes)
‘G’ for Gigabytes (units of 1073741824 bytes)
‘G’ for Gigabytes (units of 1073741824 bytes)
====reduce root's user reserved space====
as a default, 5% of the disk space is allocated to root user
you can reduce the allocated space to 1% with (for LVM)
tune2fs -m 1 /dev/mapper/main-root
if you're not using LVM, use
df -h
to see where / is mounted
====find files by the Name====
====find files by the Name====
the history command can be useful in combination with added comments to shell commands for more precise analysis or (automatic) reporting based on a shell script and cron.
the history command can be useful in combination with added comments to shell commands for more precise analysis or (automatic) reporting based on a shell script and cron.
====Find open ports====
* netstat
# netstat -anp|grep 5232
tcp 0 0 192.168.12.233:5232 0.0.0.0:* LISTEN 2028/python
* nmap
nmap can specify if a port is closed or not
yum install nmap
nmap localhost -p 5232
===Raid===
===Raid===
when you install the smeserver with one drive and in a degraded raid, you will see a 'U_' state but without warnings. If you want to leave just one 'U'
when you install the smeserver with one drive and in a degraded raid, you will see a 'U_' state but without warnings. If you want to leave just one 'U'
mdadm --grow /dev/md0 --force --raid-devices=1
mdadm --grow /dev/md0 --force --raid-devices=1
mdadm --grow /dev/md1 --force --raid-devices=1
===RPM's===
===RPM's===
|-
|-
| yum remove <packagename> || removes packagename
| yum remove <packagename> || removes packagename
|-
| yum history package-info <packagename> || Shows the installation/removal history of a package and it's Transaction ID [http://yum.baseurl.org/wiki/YumHistory see more commands]
|-
| yum history undo <Transaction ID> || Removes all packages from a specific Transaction ID [http://yum.baseurl.org/wiki/YumHistory see more commands]
|-
|-
| yum list updates || list updates to any installed package
| yum list updates || list updates to any installed package
| yum search <packagename> || lists all packages in all repos matching packagename
| yum search <packagename> || lists all packages in all repos matching packagename
|-
|-
| yum clean all || Is used to clean up various things which accumulate in the yum cache
| yum clean all --enablerepo=* || Is used to clean up various things which accumulate in the yum cache (includes disabled repos)
|-
|-
| yum --enablerepo=<reponame> <command> || enables a repo not normally enabled
| yum --enablerepo=<reponame> <command> || enables a repo not normally enabled
===namingContexts===
===namingContexts===
we can conduct a simple search of the naming context to see our directory information you can display 'dn' LDAP parameters, either by the [[SME_Server:Documentation:Administration_Manual:Chapter13#Directory|server-manager]] or by the command line :
we can conduct a simple search of the naming context to see our directory information you can display 'dn' LDAP parameters, either by the [[SME_Server:Documentation:Administration_Manual:Chapter13#Directory|server-manager]] or by the command line :
ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts''
or you can do
or you can do
ldapsearch -x -h localhost -s base |grep 'dn'
ldapsearch -x -h localhost -s base |grep 'dn'
===Bind with a specific user on LDAP===
===Bind with a specific user on LDAP===
Try to connect to ldap with credentials of a specific user and see the LDAP catalogue. Find the ''''dc'''' by the chapter [[Useful_Commands#namingContexts|above]]
Try to connect to ldap with credentials of a specific user and see the LDAP catalogue. Find the '<nowiki/>'''dc'''' by the chapter [[Useful_Commands#namingContexts|above]]
===Check a specific user in LDAP catalogue===
===Check a specific user in LDAP catalogue===
display informations on the user requested. Find the ''''dc'''' by the chapter [[Useful_Commands#namingContexts|above]]
display informations on the user requested. Find the '<nowiki/>'''dc'''' by the chapter [[Useful_Commands#namingContexts|above]]
'''for sme9'''
'''for sme9'''
* directly in bash
* directly in a terminal
perl -Mesmith::util -e 'print esmith::util::LdapPassword();'
perl -Mesmith::util -e 'print esmith::util::LdapPassword();'
* in a template
* in a template
==Log==
==Log==
===Parse Log files to search for errors===
===Parse Log files to search for errors===
When you want to test the SME Product it can be useful to see what it occurs
When you want to test the SME Product it can be useful to see what it occurs.
This CL can help you, but you should read the entire log
This CL can help you, but you should read the entire log
grep -iE "uninitialized|WARNING|ERROR" /var/log/messages
grep -iE "uninitialized|WARNING|ERROR" /var/log/messages
{{Note box| you have now a tool in your hand to parse logfile : [[Audit_Tools#logcheck]]. You should be aware that tool is here to help to find errors in the development side of the SME Server and thus you could have a lot of false positive}}
{{Note box| you have now a tool in your hand to parse logfile : [[Audit_Tools#logcheck]]. You should be aware that tool is here to help to find errors in the development side of the SME Server and thus you could have a lot of false positive}}
=== '''Parse log for hack / phishing for missing files''' ===
<syntaxhighlight lang="bash">
EXTIP=`curl -s ifconfig.me/ip`
grep "File does not exist" /var/log/httpd/error_log | sed -e 's#\: /#\n#' | grep "home" | sort -u | sed -e "s#$EXTIP#\<IP\>#g" > dict_err.txt
# grep "File does not exist" /var/log/httpd/admin_error_log | sed -e 's#\: /#\n#' | grep "home" | sort -u | sed -e "s#$EXTIP#\<IP\>#g" > dict_admin_err.txt
</syntaxhighlight>
* verbose output
* verbose output
db spamassassin setprop wbl.global user@domain3.com White
db spamassassin setprop wbl.global user@domain3.com White
db spamassassin setprop wbl.global spammer@spamdomain.com Black
db spamassassin setprop wbl.global spammer@spamdomain.com Black
expland template and save the configuration to the database
expland template and save the configuration to the database
signal-event email-update
You can view the lists with this command:
You can view the lists with this command:
'''do not modify these files.'''
'''do not modify these files.'''
* directly in bash
* directly in a terminal
perl -Mesmith::util -e 'print esmith::util::LdapPassword();'
perl -Mesmith::util -e 'print esmith::util::LdapPassword();'
* in a template
* in a template
mysql
mysql
create database '''databasename''';
create database '''databasename''';
grant all privileges on '''databasename'''.* to '''username''' identified by ''''password'''';
grant all privileges on '''databasename'''.* to '''username''' identified by '<nowiki/>'''password'''';
flush privileges;
flush privileges;
exit
exit
mysql -e "create database '''databasename''';"
mysql -e "create database '''databasename''';"
mysql -e "grant all privileges on '''databasename'''.* to '''username''' identified by ''''password'''';"
mysql -e "grant all privileges on '''databasename'''.* to '''username''' identified by '<nowiki/>'''password'''';"
mysql -e "flush privileges;"
mysql -e "flush privileges;"
===Configure <b><u>PHP Basedir</u></B> Restriction per ibay===
===Configure <b><u>PHP Basedir</u></b> Restriction per ibay===
db accounts setprop IBAYNAME PHPBaseDir DIR1:DIR2:DIRn
db accounts setprop IBAYNAME PHPBaseDir DIR1:DIR2:DIRn
For SME9 exclusively see [[Useful_Commands#PHP_settings_only_for_SME9]]<br />
For SME9 exclusively see [[Useful_Commands#PHP_settings_only_for_SME9]]<br />
Not secure. Instead use per ibay or directory.
Not secure. Instead use per ibay or directory.
==SAMBA==
===shows samba mappings to nt groups===
net groupmap list
===manage the SAM database(Database of Samba Users)===
The pdbedit program is used to manage the users accounts stored in the sam database and can only be run by root.
pdbedit -u USER -v
for example
pdbedit -u stephane -v
===check an smb.conf configuration===
testparm - check an smb.conf configuration file for internal correctness
testparm -vs
===The Trust Relationship Failure===
Using Samba 3 sometimes some Windows computers fall off the domain, resulting in a trust relationship failure.
The trust relationship between this workstation and the primary domain failed.
This is generally caused by mis-matched work-station and domain controller account passwords. To reset this you must un-join/re-join the domain.
===enable samba audit logs for ibays===
Samba audit logging can be enabled for ibays using db variables.
Samba activity is logged in /var/log/samba/samba_audit
To enable audit logging for an ibay named "fileshare":
<nowiki>db accounts setprop fileshare Audit enabled
signal-event ibay-modify fileshare</nowiki>
To enable audit logging for every ibay on your server:
<nowiki>for ibay in $(db accounts show |grep \=ibay |cut -d= -f1); do db accounts setprop $ibay Audit enabled; done
signal-event ibay-modify</nowiki>
The details of what gets logged are controlled by /etc/e-smith/templates/etc/smb.conf/ibays/10smbaudit
==SME Server specific==
==SME Server specific==
=== General Service Handling ===
=== General Service Handling ===
====SME9====
SME Server uses [http://smarden.org/runit/ runit], a UNIX init scheme with service supervision. See the man page of [http://smarden.org/runit/sv.8.html the 'sv' command]
SME Server uses [http://smarden.org/runit/ runit], a UNIX init scheme with service supervision. See the man page of [http://smarden.org/runit/sv.8.html the 'sv' command]
{{tip box|you may use TAB to auto-complete your command line}}
{{tip box|you may use TAB to auto-complete your command line}}
you have some shortcuts
down => 'd',
====Example====
stop => 'd',
up => 'u',
start => 'u',
restart => 't',
sigterm => 't',
adjust => 'h',
reload => 'h',
sighup => 'h',
sigusr1 => '1',
sigusr2 => '2',
once => 'o',
pause => 'p',
alarm => 'a',
interrupt => 'i',
quit => 'q',
kill => 'k',
exit => 'x',
Restarting:
Restarting:
sv t /service/httpd-e-smith
sv t /service/httpd-e-smith
===chkconfig and runlevel information===
====SME10====
'''Systemctl''' is a '''systemd''' utility that is responsible for Controlling the '''systemd''' system and service manager. '''Systemd''' is a collection of system management daemons, utilities, and libraries which serves as a replacement of '''System V init''' daemon. Systemd functions as central management and configuration platform
To list all loaded services on your system (whether active; running, exited or failed, use the '''list-units''' subcommand and <code>--type</code> switch with a value of service.
# systemctl list-units --type=service
OR
# systemctl --type=service
But to get a quick glance of all running services (i.e all loaded and actively running services), run the following command.
# systemctl list-units --type=service --state=running
OR
# systemctl --type=service --state=running
List all failed units.
# systemctl --failed
Check whether a Unit or Service is running or not?.
# systemctl status httpd-e-smith
How do I start, restart, stop, reload and check the status of a service ('''httpd.service''') in Linux.
# systemctl start httpd-e-smith.service
# systemctl restart httpd-e-smith.service
# systemctl stop httpd-e-smith.service
# systemctl reload httpd-e-smith.service
# systemctl status httpd-e-smith.service
===Add a custom service===
see this [[Add_a_custom_service |page]]
[[DB_Variables_Configuration#Additional_information_on_customizing_iptables]]
==SSL==
==SSL==
*on a remote host
*on a remote host
openssl s_client -connect yourdomain:993
openssl s_client -connect yourdomain:993
===SSL Signature algorithm===
you can verify the algorithm signature of your certificate<br />
for example
openssl x509 -noout -text -in /home/e-smith/ssl.pem/sme9dev2.mycompany.local.pem
== SSH ==
== SSH ==
https://localhost:9443/server-manager
https://localhost:9443/server-manager
