Line 31: |
Line 31: |
| or | | or |
| sv t /service/httpd-e-smith | | sv t /service/httpd-e-smith |
| + | |
| + | =====SME10===== |
| + | How do I start, restart, stop, reload and check the status of a service (httpd-e-smith.service) with systemd. |
| + | |
| + | # systemctl start httpd-e-smith.service |
| + | # systemctl restart httpd-e-smith.service |
| + | # systemctl stop httpd-e-smith.service |
| + | # systemctl reload httpd-e-smith.service |
| + | # systemctl status httpd-e-smith.service |
| | | |
| ====Enable AllowOverride All/None==== | | ====Enable AllowOverride All/None==== |
Line 105: |
Line 114: |
| signal-event ibay-modify ibayname | | signal-event ibay-modify ibayname |
| | | |
− | AllowUrlfOpen : enabled/disabled | + | AllowUrlFopen : enabled/disabled |
| MemoryLimit : set a M as unit, eg 64M | | MemoryLimit : set a M as unit, eg 64M |
| UpMaxFileSize : set a M as unit, eg 64M | | UpMaxFileSize : set a M as unit, eg 64M |
| PostMaxSize : set a M as unit, eg 64M | | PostMaxSize : set a M as unit, eg 64M |
| MaxExecTime: unlimited or set time in second without units, eg 60 | | MaxExecTime: unlimited or set time in second without units, eg 60 |
− |
| |
| | | |
| ====PHPinfo==== | | ====PHPinfo==== |
Line 213: |
Line 221: |
| signal-event post-upgrade | | signal-event post-upgrade |
| signal-event reboot | | signal-event reboot |
| + | alternately |
| + | config show modSSL |
| + | config delprop modSSL crt key CertificateChainFile |
| + | signal-event ssl-update |
| | | |
| ==Command-Line Quick Reference Guide== | | ==Command-Line Quick Reference Guide== |
Line 280: |
Line 292: |
| | grep -nsri server-manager.jpg /etc/e-smith/ || search the file server-manager.jpg in the path directory /etc/e-smith | | | grep -nsri server-manager.jpg /etc/e-smith/ || search the file server-manager.jpg in the path directory /etc/e-smith |
| |- | | |- |
− | | grep -P '^www|apache' /etc/group || search after patterns which start by www and/or apache in /etc/group | + | | grep -P '^www |apache' /etc/group || search after patterns which start by www and/or apache in /etc/group |
| |- | | |- |
| | tail -f /var/log/<LOGFILE> || realtime viewing of your log file | | | tail -f /var/log/<LOGFILE> || realtime viewing of your log file |
Line 396: |
Line 408: |
| ‘M’ for Megabytes (units of 1048576 bytes) | | ‘M’ for Megabytes (units of 1048576 bytes) |
| ‘G’ for Gigabytes (units of 1073741824 bytes) | | ‘G’ for Gigabytes (units of 1073741824 bytes) |
| + | |
| + | ====reduce root's user reserved space==== |
| + | as a default, 5% of the disk space is allocated to root user |
| + | |
| + | you can reduce the allocated space to 1% with (for LVM) |
| + | |
| + | tune2fs -m 1 /dev/mapper/main-root |
| + | |
| + | if you're not using LVM, use |
| + | |
| + | df -h |
| + | |
| + | to see where / is mounted |
| | | |
| ====find files by the Name==== | | ====find files by the Name==== |
Line 538: |
Line 563: |
| | yum remove <packagename> || removes packagename | | | yum remove <packagename> || removes packagename |
| |- | | |- |
− | | yum history package-info <packagename> || Shows the installation/removal history of a package and it's Transaction ID [http://yum.baseurl.org/wiki/YumHistory see more commands] | + | | yum history package-info <packagename> || Shows the installation/removal history of a package and it's Transaction ID [http://yum.baseurl.org/wiki/YumHistory see more commands] |
| |- | | |- |
− | | yum history undo <Transaction ID> || Removes all packages from a specific Transaction ID [http://yum.baseurl.org/wiki/YumHistory see more commands] | + | | yum history undo <Transaction ID> || Removes all packages from a specific Transaction ID [http://yum.baseurl.org/wiki/YumHistory see more commands] |
| |- | | |- |
| | yum list updates || list updates to any installed package | | | yum list updates || list updates to any installed package |
Line 603: |
Line 628: |
| ===namingContexts=== | | ===namingContexts=== |
| we can conduct a simple search of the naming context to see our directory information you can display 'dn' LDAP parameters, either by the [[SME_Server:Documentation:Administration_Manual:Chapter13#Directory|server-manager]] or by the command line : | | we can conduct a simple search of the naming context to see our directory information you can display 'dn' LDAP parameters, either by the [[SME_Server:Documentation:Administration_Manual:Chapter13#Directory|server-manager]] or by the command line : |
− | ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts | + | ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts'' |
| or you can do | | or you can do |
| ldapsearch -x -h localhost -s base |grep 'dn' | | ldapsearch -x -h localhost -s base |grep 'dn' |
Line 624: |
Line 649: |
| | | |
| ===Bind with a specific user on LDAP=== | | ===Bind with a specific user on LDAP=== |
− | Try to connect to ldap with credentials of a specific user and see the LDAP catalogue. Find the ''''dc'''' by the chapter [[Useful_Commands#namingContexts|above]] | + | Try to connect to ldap with credentials of a specific user and see the LDAP catalogue. Find the '<nowiki/>'''dc'''' by the chapter [[Useful_Commands#namingContexts|above]] |
| | | |
| | | |
Line 633: |
Line 658: |
| | | |
| ===Check a specific user in LDAP catalogue=== | | ===Check a specific user in LDAP catalogue=== |
− | display informations on the user requested. Find the ''''dc'''' by the chapter [[Useful_Commands#namingContexts|above]] | + | display informations on the user requested. Find the '<nowiki/>'''dc'''' by the chapter [[Useful_Commands#namingContexts|above]] |
| | | |
| '''for sme9''' | | '''for sme9''' |
Line 672: |
Line 697: |
| {{Note box| you have now a tool in your hand to parse logfile : [[Audit_Tools#logcheck]]. You should be aware that tool is here to help to find errors in the development side of the SME Server and thus you could have a lot of false positive}} | | {{Note box| you have now a tool in your hand to parse logfile : [[Audit_Tools#logcheck]]. You should be aware that tool is here to help to find errors in the development side of the SME Server and thus you could have a lot of false positive}} |
| | | |
| + | === '''Parse log for hack / phishing for missing files''' === |
| + | <syntaxhighlight lang="bash"> |
| + | EXTIP=`curl -s ifconfig.me/ip` |
| + | grep "File does not exist" /var/log/httpd/error_log | sed -e 's#\: /#\n#' | grep "home" | sort -u | sed -e "s#$EXTIP#\<IP\>#g" > dict_err.txt |
| + | # grep "File does not exist" /var/log/httpd/admin_error_log | sed -e 's#\: /#\n#' | grep "home" | sort -u | sed -e "s#$EXTIP#\<IP\>#g" > dict_admin_err.txt |
| + | </syntaxhighlight> |
| * verbose output | | * verbose output |
| | | |
Line 765: |
Line 796: |
| mysql | | mysql |
| create database '''databasename'''; | | create database '''databasename'''; |
− | grant all privileges on '''databasename'''.* to '''username''' identified by ''''password''''; | + | grant all privileges on '''databasename'''.* to '''username''' identified by '<nowiki/>'''password''''; |
| flush privileges; | | flush privileges; |
| exit | | exit |
Line 772: |
Line 803: |
| | | |
| mysql -e "create database '''databasename''';" | | mysql -e "create database '''databasename''';" |
− | mysql -e "grant all privileges on '''databasename'''.* to '''username''' identified by ''''password'''';" | + | mysql -e "grant all privileges on '''databasename'''.* to '''username''' identified by '<nowiki/>'''password'''';" |
| mysql -e "flush privileges;" | | mysql -e "flush privileges;" |
| | | |
Line 908: |
Line 939: |
| | | |
| | | |
− | ===Configure <b><u>PHP Basedir</u></B> Restriction per ibay=== | + | ===Configure <b><u>PHP Basedir</u></b> Restriction per ibay=== |
| | | |
| db accounts setprop IBAYNAME PHPBaseDir DIR1:DIR2:DIRn | | db accounts setprop IBAYNAME PHPBaseDir DIR1:DIR2:DIRn |
Line 969: |
Line 1,000: |
| | | |
| This is generally caused by mis-matched work-station and domain controller account passwords. To reset this you must un-join/re-join the domain. | | This is generally caused by mis-matched work-station and domain controller account passwords. To reset this you must un-join/re-join the domain. |
| + | |
| + | ===enable samba audit logs for ibays=== |
| + | Samba audit logging can be enabled for ibays using db variables. |
| + | |
| + | Samba activity is logged in /var/log/samba/samba_audit |
| + | |
| + | To enable audit logging for an ibay named "fileshare": |
| + | <nowiki>db accounts setprop fileshare Audit enabled |
| + | signal-event ibay-modify fileshare</nowiki> |
| + | |
| + | To enable audit logging for every ibay on your server: |
| + | <nowiki>for ibay in $(db accounts show |grep \=ibay |cut -d= -f1); do db accounts setprop $ibay Audit enabled; done |
| + | signal-event ibay-modify</nowiki> |
| + | |
| + | The details of what gets logged are controlled by /etc/e-smith/templates/etc/smb.conf/ibays/10smbaudit |
| | | |
| ==SME Server specific== | | ==SME Server specific== |
Line 1,103: |
Line 1,149: |
| | | |
| === General Service Handling === | | === General Service Handling === |
| + | ====SME9==== |
| SME Server uses [http://smarden.org/runit/ runit], a UNIX init scheme with service supervision. See the man page of [http://smarden.org/runit/sv.8.html the 'sv' command] | | SME Server uses [http://smarden.org/runit/ runit], a UNIX init scheme with service supervision. See the man page of [http://smarden.org/runit/sv.8.html the 'sv' command] |
| | | |
Line 1,139: |
Line 1,186: |
| kill => 'k', | | kill => 'k', |
| exit => 'x', | | exit => 'x', |
− |
| |
− | ====Example====
| |
| | | |
| Restarting: | | Restarting: |
| | | |
| sv t /service/httpd-e-smith | | sv t /service/httpd-e-smith |
| + | |
| + | ====SME10==== |
| + | '''Systemctl''' is a '''systemd''' utility that is responsible for Controlling the '''systemd''' system and service manager. '''Systemd''' is a collection of system management daemons, utilities, and libraries which serves as a replacement of '''System V init''' daemon. Systemd functions as central management and configuration platform |
| + | |
| + | To list all loaded services on your system (whether active; running, exited or failed, use the '''list-units''' subcommand and <code>--type</code> switch with a value of service. |
| + | # systemctl list-units --type=service |
| + | OR |
| + | # systemctl --type=service |
| + | |
| + | |
| + | But to get a quick glance of all running services (i.e all loaded and actively running services), run the following command. |
| + | # systemctl list-units --type=service --state=running |
| + | OR |
| + | # systemctl --type=service --state=running |
| + | |
| + | |
| + | List all failed units. |
| + | # systemctl --failed |
| + | |
| + | |
| + | Check whether a Unit or Service is running or not?. |
| + | # systemctl status httpd-e-smith |
| + | |
| + | |
| + | How do I start, restart, stop, reload and check the status of a service ('''httpd.service''') in Linux. |
| + | # systemctl start httpd-e-smith.service |
| + | # systemctl restart httpd-e-smith.service |
| + | # systemctl stop httpd-e-smith.service |
| + | # systemctl reload httpd-e-smith.service |
| + | # systemctl status httpd-e-smith.service |
| | | |
| ===Add a custom service=== | | ===Add a custom service=== |
Line 1,238: |
Line 1,313: |
| | | |
| https://localhost:9443/server-manager | | https://localhost:9443/server-manager |
− |
| |
| | | |
| | | |