Squashbot

From wikiwad
Jump to: navigation, search

This computer is my new Linux server. It's been very reliable so far.

Contents

Goals

  1. Low cost (It cost $362 after shipping)
  2. Reliability (RAID-1)
  3. Plenty of hard drive space
  4. Low power, quiet, small
  5. Simple

Specifications

  • $40 CPU [1]
  • $47 Mobo [2]
  • $9 CPU fan and heatsink [3]
  • $40 case [4]
  • $65 1 GB RAM [5]
  • $18 DVD drive [6]
  • $127 Two 250GB SATA1.5 hard drives (for RAID-1), with cables [7]

I bought everything except the drives on newegg: [8]

UPDATE: turns out I came across a Pentium IV 2.0 GHz CPU that I'm using instead of the Celeron-D I bought for this system.

Links

Setting it up

Here are the notes I made while setting up squashbot to be my new server. Squashbot replaced hulk in this capacity.

- Booted with a Debian etch install CD image.
- Chose only "standard system", no other collections of software, during the installation.
- apt-get install ssh
- edit /etc/network/interfaces to give static ip and gateway.
- apt-get install vim
- mkdir ~wad/.ssh (put public key there)
- edit /etc/hosts to add hulk
- md /root/backups/*
- brought hulk backups /root/backups/hulk/ (need to put them there still)
- add timr group: groupadd -g 1001 timr
- add user timr: useradd -c "Tim Riker" -g timr -m -s /bin/bash -u 1001 timr
- put Tim's key into his account, disabled password
- apt-get install ddclient
- edit /etc/ddclient.conf:
	pid=/var/run/ddclient.pid
	protocol=dyndns2
	use=web
	server=members.dyndns.org
	login=USERNAME_HERE
	password=PASSWORD_HERE
	custom=yes
	wadhome.org,frankfrazetta.org,thisbedandbreakfast.com,alaskacatch.com,alaskafreshcut.com
- Verify with: ddclient -daemon=0 -debug -verbose -noquiet > /root/ddclientoutput
- apt-get install ntpdate (get date at boot time)
- get correct time: ntpdate pool.ntp.org
- sync hardware clock: hwclock --utc --systohc
- apt-get remove ntp-simple (update periodically)
- groupadd -g 1002 eric
- useradd -c "eric@wadhome.org" -g eric -m -p changeme -s /bin/bash -u 1002 eric
- aptitude update
- aptitude upgrade
- bring over ~wad/bin from hulk
- bring over pw from hulk
- apt-get install apache2
- bring over /srv/www/htdocs/* from hulk to /var/www/hulk/*
- apt-get install php5
- apt-get install apache2-mpm-worker (oops, this was wrong.)
- apt-get install apache2-mpm-prefork (fix the previous error.)
- apt-get install php5 (finish fixing the previous error.)
- apt-get install openssl
- apt-get install ssl-cert
- work with web sites, got virtual name hosting up:
	NameVirtualHost *:80 (this only goes in the default file)
	<VirtualHost *:80> (this goes in the rest of the files)
- set permissions on /var/www/* to www-data:www-data
- edit /etc/aps/sources.list and comment out the line for the CDROM drive.
- apt-get install sudo
- added wad and timr to /etc/sudoers
- Enabled some mods: userdir and php5
- all websites work, even frankfrazetta.org (which uses PHP)
- brought over ~wad/public_html from hulk
- brought over /etc/ssl/certs/* and /etc/ssl/private/*
- SSL won't work for wadhome.org. Fix it later. ???
- apt-get install awstats
- update-alternatives --config editor (chose vim basic)
- lots of messing with awstats
	created config files under /etc/awstats/
	created directories under /var/lib/awstats (and set ownership to www-data:www-data)
	looked in /etc/cron.d/awstats
	added this line to /etc/apache2/sites-available/*
		Alias /awstats-icon/ /usr/share/awstats/icon/
	Update stats command works now:
		perl /usr/lib/cgi-bin/awstats.pl -config=wadhome.org -update
	Viewing the stats pages broken with message "Warning: Perl versions before 5.6 cannot handle nested includes".
	Applied patch to awstats.pl fixed it:
====================================================================================
--- awstats.orig/wwwroot/cgi-bin/awstats.pl     2005-11-24 20:11:19.000000000 +0000
+++ awstats/wwwroot/cgi-bin/awstats.pl  2006-05-09 18:14:50.281999180 +0000
@@ -1199,13 +1199,11 @@
                            # Correct relative include files
                                if ($FileConfig =~ /^(.*[\\\/])[^\\\/]*$/) { $includeFile = "$1$includeFile"; }
                        }
-                       if ($level > 1) {
-                               warning("Warning: Perl versions before 5.6 cannot handle nested includes");
-                               next;
-                       }
-                   if ( open( CONFIG_INCLUDE, $includeFile ) ) {
-                               &Parse_Config( *CONFIG_INCLUDE , $level+1, $includeFile);
-                               close( CONFIG_INCLUDE );
+                   use Symbol;
+                   my $confighandle2 = gensym;
+                   if ( open( $confighandle2, $includeFile ) ) {
+                               &Parse_Config( $confighandle2 , $level+1, $includeFile);
+                               close( $confighandle2 );
                    }
                    else {
                                error("Could not open include file: $includeFile" );
====================================================================================
- Do I need to edit /etc/cron.d/awstats ???
- Are stats being updated automatically, or only when I hit the URL:
	http://frankfrazetta.org/cgi-bin/awstats.pl?config=frankfrazetta.org
- Do I need to edit the cron files?
- Figured out how to solve the awstats config problem, I think. Details in Bug#415334
- Edited /etc/cron.d/awstats with lines like this:
	10 2 * * * www-data [ -x /usr/lib/cgi-bin/awstats.pl -config=wadhome.org -update ] > /dev/null
- mirror was down, so edited /etc/apt/sources.list and added these lines:
	deb http://mirrors.kernel.org/debian/ etch main
	deb-src http://mirrors.kernel.org/debian/ etch main
- apt-get update
- apt-get upgrade (nothing upgraded)
- apt-get install postfix (this removed exim4)
	Selected the "Internet site using smarthost" option.
	relayhost = smtp.comcast.net
	Edited /etc/postfix/main.cf:
		mydestination = squashbot.wadhome.org, localhost.wadhome.org, localhost, frankfrazetta.org, alaskafreshcut.com, alaskacatch.com, thisbedandbreakfast.com, wadhome.org
- postfix was working, but didn't properly use Maildir. Turned out to be the lack of /etc/procmailrc, which I added:
		PATH=/usr/bin:/bin:/usr/sbin:/sbin:.
		MAILDIR=$HOME/Maildir
		DEFAULT=$MAILDIR/
		LOGFILE=$MAILDIR/log
		LOG="
		"
		VERBOSE=yes
- added a Maildir director to /etc/skel/
- apt-get install dovecot-imapd
- edit /etc/dovecot/dovecot.conf to match the one from hulk
- remove the dovecot certificates in /etc/ssl/
- fix /etc/dovecot/dovecot.conf some more - works now!
- apt-get install squirrelmail
- ran as root: /usr/sbin/squirrelmail-configure
	Set some things, especially option D from the main menu. Chose "dovecot".
	Turned on server side sorting.
- edit /etc/squirrelmail/apache.conf
- added includes to wadhome.org and wadhome.org-ssl:
	Include /etc/squirrelmail/apache.conf
- edited aliases with data brought from hulk
- Added some groups by directly editing the /etc/group file
- Added these corresponding users
- Bought over password from /etc/shadow from hulk
- Added a public_html directory to /etc/skel/
- Brought user directories over from hulk (except for Maildir directories)
- apt-get install mysql-server
- apt-get install debsums
- apt-get install lynx
- Found that the defines in the wadhome.org-ssl.conf were the problem with SSL. Took them out. SSL works now.
- enabled the rewrite mod (linked to it in mods-enabled from mods-available)
- uncommented the bit about rewriting in /etc/squirrelamil/apache.conf (edited it slightly to show /webmail instead of /squirrelmail). Works now.
- brought from hulk /www/squirrelmail/data to squirrelmail /var/lib/squirrelmail/data

TRANSITION!

- on hulk, rcpostfix stop
- on squashbot, /etc/init.d/postfix stop
- redirect firewall to point at squashbot instead of hulk
- brought over all Maildir directories to squashbot
- Changed passwords for root, wad, eric
- on squashbot, /etc/init.d/postfix start

TRANSITION COMPLETE!

- moved over some more files, to /home/wad/
- check run level with "runlevel" command. Using runlevel 2.
- apt-get install sysv-rc-conf
- turned off exim4 for all run levels. Then:
	rm default/exim4
	rm init.d/exim4
	rm ppp/ip-up.d/exim4
- apt-get install debian-reference
- linked to debian-reference from wadhome.org/special
- moved AWStats documentation into wadhome.org/special
- shut down apache2, and combined access and error logs for everything except for ssl wadhome.org. Stated apache2 again.
- deleted the contents of the directories under /var/lib/awstats/
- created a script to update stats in /root/bin/updatestats.sh
	/usr/lib/cgi-bin/awstats.pl -config=wadhome.org -update
- apt-get install mediawiki (hulk running 1.7.1, debian includes 1:1.7) (mysql on hulk is v4, squashbot v5)
- dumped the mysql tables from hulk, brought them into squashbot
- adjusted /etc/awstats/* files to remove awstats.wadhome.org.conf.local files (put contents into .conf files)
- Did this command to see how the RAID is doing:
	mdadm --monitor --scan -1
- Made a patch for awstat's README.Debian, sent to 
- updated stats for all websites.
	frankfrazetta.org was taking forever, so I did the following:
		CTRL-Z
		bg
		disown
	then I was able to log out, and the process was still running! Cool!
- Set the root password for mysql:
	mysqladmin -u root password 'PASSWORD_HERE'
- On hulk, did this:
	mysqldump -B wikiwad -pPASSWORD_HERE > wikiwad.sql
	mysqldump -B blogwad -pPASSWORD_HERE > blogwad.sql
	mysqldump -B tressablog -pPASSWORD_HERE > tressablog.sql
	mysqldump -B gallery2_wadhome_main -pPASSWORD_HERE > gallery2_wadhome_main.sql
- On squashbot, did this (after brining over the sql file):
	mysql -pPASSWORD_HERE < wikiwad.sql
	mysql -pPASSWORD_HERE < blogwad.sql
	mysql -pPASSWORD_HERE < tressablog.sql
	mysql -pPASSWORD_HERE < gallery2_wadhome_main.sql
- After fooling with mysql for a while, decided I needed a tool that required less training
- apt-get install phpmyadmin
- linked /usr/share/phpmyadmin/ into /var/www/wadhome.org/special
- edited /etc/apache2/sites-available/002... for add a directory directive for wadhome.org that allows symlinks.
- noticed error when "apache2ctl graceful" - it didn't find a fully qualified domain name. I edited /etc/hosts:
	127.0.0.1       localhost
	192.168.0.3     squashbot.wadhome.org squashbot
	192.168.0.4     hulk.wadhome.org hulk
- used phpmyadmin to create a user wikiwad, and give it all permissions on the wikiwad database.
- Sent over LocalSettings.php from hulk to squashbot.
- Fixed default web page (accessed only via direct IP address) to show default IIS website.
- Moved /var/www/wadhome.org/wiki to wiki_from_hulk
- ln -s /var/lib/mediawiki1.7 /var/www/wadhome.org/wikiwad
- browsed to that page, and hit the installation link. Set up a bunch of stuff in the page. Installed mediawiki. Looks great! It wants me to do this:
	Move /var/lib/mediawiki1.7/config/LocalSettings.php to /var/lib/mediawiki1.7/LocalSettings.php for normal install, root of your install for multisite, with rights 640
- Edited LocalSettings to enable uploads. In-line images are still not showing up, though. Checking directory...
- brought over /www/wadhome.org/wiki/images, into /var/lib/mediawiki1.7/upload
- linked from /var/www/wadhhome.org/wikiwad.png to /var/lib/mediawiki1.7/wikiwad.png and adjusted the appropriate variable in LocalSettings.php to show my logo on wikiwad.
- changed ownership of everything in /var/lib/awstats to www-data and re-enabled lines in /etc/cron.d/awstats
- WikiWad is now fully up!
- apt-get install smartmontools. It said:
	Not starting S.M.A.R.T. daemon smartd, disabled via /etc/default/smartmontools
- Edited /etc/default/smartmontools, enabled the daemon.
- Edited /etc/smartd.conf, configured it with these lines:
	/dev/sda -a -o on -S on -s (S/../.././02|L/../../6/03) -m root
	/dev/sdb -a -o on -S on -s (S/../.././02|L/../../6/03) -m root
- Fails to start (enabled it in sysv-rc-conf) (log in /var/log/daemon.log)
- Giving up on smartmontools after reading issues online, with SATA disks:
	apt-get --purge remove smartmontools
- apt-get install gallery2 (squashbot: 2.1.2-2, hulk: 2.1)
- using phpmyadmin, created a new mysql user named gallery2, gave all permission to database gallery2_wadhome_main
- brought over from hulk /www/gallery_data/ as /var/gallery_data/
- linked from /usr/share/gallery2 to /var/www/wadhome.org/gallery2_codebase
- performed a multisite install, via URL: wadhome.org/gallery2_codebase to wadhome.org/photos
- gallery2 works!
- gallery2 captcha broken. Configured the module in gallery2, missing GD stuff in OS.
- apt-get install jhead php5-gd libgd-tools
- apache2ctl graceful - captcha now works!
- set all albums to enable comments:
	From main page, Group Permissions > set "Everybody" > [comment] Add Comments > Add Permissions
- Tim added a line to /etc/apache2/sites-available/001-* to remove index.php from wiki names:
	Alias /wikiwad /var/lib/mediawiki1.7
		and
	removed the link: /var/lib/mediawiki1.7 /var/www/wadhome.org/wikiwad
- Fixed short URLs in wikiwad:
	Removed link to mediwiki's apache.conf from apache2's conf.d
	In LocalSettings.php:
		$wgScriptPath = "/mediawiki";
		$wgArticlePath = "/wikiwad/$1";
	In /etc/mediawiki1.7/apache.conf
		Alias /wikiwad /var/lib/mediawiki1.7/index.php
		Alias /mediawiki /var/lib/mediawiki1.7
	In /etc/apache2/sites-available/001-*
		Include /etc/mediawiki1.7/apache.conf
- apt-get install samba
	workgroup: AT
	WINS via DHCP: no
- apt-get install sambe-client
- dpkg-reconfigure -plow samba samba-common
	Turned on samba's own password management stuff (Use smbpasswd to create user passwords).
- edited /etc/samba/smb.conf
	Allowed home directories browsable, writable
- /etc/init.d/samba restart
- smbpasswd (set to root's password)
- list samba users:
	pdbedit -w -L
- smbpasswd wad (set to squashbot password)
	User accounts work!
- Set (in smb.conf) security = user, and now the open area (/var/share) works. Home access seems broken, though.
- commented out /etc/cron.d/awstats lines (they aren't working)
- apt-get install cupsys cupsys-client
- edited /etc/cups/cups.conf
	Changed localhost to 192.168.0.3 to allow access from any box on the network
	Changed permissions in each section to
		Order allow,deny
		Allow all
- can't add a printer, though (they are both plugged in)
- "lpinfo -v" results in:
	lpinfo: Unknown
- "lsusb" shows a printer
	Bus 001 Device 002: ID 03f0:6004 Hewlett-Packard DeskJet 5550
- was able to print from laser with:
	ls -la > /dev/lp0
- apt-get install printconf
- "printconf -nv" to list detected printers
	Could not detect Laserjet 5L
- I think something is wrong with CUPS' installation. Probably something I screwed up in editing the configuration. Going to backtrack a bit.
- apt-get remove printconf --purge
- apt-get remove cupsys cupsys-client --purge
	rm -rf /usr/share/doc/cups
	rm -rf /etc/cups
- searches on linuxprinting.org said to use these drivers:
	hpijs (already installed)
	ljet4 (couldn't fine)
- apt-get install cupsys cupsys-client
- Now, instead of editing the cups configuration to allow access to the admin page, I made a tunnel and left the file alone:
	ssh -L 9999:127.0.0.1:631 192.168.0.3
	Now just browse to localhost:9999
- Was able to add both printers! However, cannot print test pages, get this error:
	Unsupported format 'application/postscript'!
- A google showed this potential fix (https://launchpad.net/ubuntu/+source/cupsys/+bug/90988), which I applied:
	dpkg --purge --force-all gs-esp
	apt-get install gs-esp
- Yay, printers print test pages now!
- Set config options, via CUPS's web interface, to allow remote admin, and to share printers.
	Couldn't see any printers over samba
- Edited /etc/samba/smb.conf and uncommented some stuff under the printer section.
- restarted samba - printing works!!!
- apt-get install wordpress
- Set a section in /etc/apache2/sites-available/001* to provide an alias and directory:
	Alias /blogs/tressa /usr/share/wordpress
	<Directory /usr/share/wordpress>
		Options FollowSymLinks
		AllowOverride Limit Options FileInfo
		DirectoryIndex index.php
	</Directory>
- Create a mysql user with these settings:
	define('DB_NAME', 'tressablog');
	define('DB_USER', 'tressablog');
	define('DB_PASSWORD', 'PASSWORD_HERE');
- Grant all privs for the tressablog database
- Set link to tressablog in wadhome.org's index.html
- cp /usr/share/wordpress/wp-config-sample.php /etc/wordpress/config-wadhome.org.php and edited
- edited config-wadhome.org.php to point to the ABSPATH file
- blog works!
- apt-get install make
- apt-get install unzip
- apt-get install gcc
- apt-get install ncftp
- perl -MCPAN -e shell
	set it up
	install Mail::SpamAssassin
	Missing the following:
		REQUIRED module missing: Digest::SHA1
		REQUIRED module missing: HTML::Parser
		optional module missing: Net::DNS
		optional module missing: Mail::SPF::Query
		optional module missing: IP::Country
		optional module missing: Razor2
		optional module missing: Net::Ident
		optional module missing: IO::Socket::INET6
		optional module missing: IO::Socket::SSL
		optional module missing: LWP::UserAgent
		optional module missing: HTTP::Date
		optional module missing: Archive::Tar
		optional module missing: IO::Zlib
	In cpan shell, remove configuration: O CONF INIT
	install LWP::UserAgent
		lots of dependencies, some failed. not ok.
	install Net::Ident
	Compress::Raw::Zlib is busted...
		clean Compress::Raw::Zlib
		make Compress::Raw::Zlib
	still busted... grrrrrrrr!
- Heard about debian's sa-update (sa-update allows you to get rules from anywhere, saupdate.openprotect.com is one external source). Ditching idea of using CPAN to keep SA up to date. Debian only...
- apt-get install spamassassin
	to enable, see /etc/default/spamassassin
- apt-get install libnet-dns-perl
- apt-get install libmail-spf-query-perl
- Want to integrate with amavis for antivirus
- following guide here: http://flakshack.com/anti-spam/wiki/index.php?page=Debian
- apt-get install libmd5-perl
- apt-get install liblwp-protocol-http-socketunix-perl
- apt-get install amavisd-new
- apt-get install razor
- apt-get install pyzor
- apt-get install dcc-client
- apt-get install clamav clamav-daemon
- apt-get install lzop
- apt-get install arc
- apt-get install zoo
- Seems like amavisd-new is the important glue. Starting with these docs first.
	To enable spamassassin, edit /etc/amavis/conf.d/15-content_filter_mode
	To enable clam-av:
		If you use clamav-daemon, make sure that it is configured to init supplementary
		groups when it drops priviledges, and that you add the clamav user to the
		amavis group: add AllowSupplementaryGroups to /etc/clamav/clamd.conf if it is
		not there yet, and run "adduser clamav amavis" as root.
- added wad to the www-data group in /etc/group
- added amavis to the clamav group in /etc/group
- added this line to /etc/dcc/map.txt
	IPv6 off
- fixed awstats cron, with lines like this:
	10 2 * * * www-data /usr/lib/cgi-bin/awstats.pl -config=wadhome.org -update >/dev/null
- Added this line to /etc/awstats/awstats.conf.local to get full year graphs and stuff.
	AllowFullYearView=3
- Edited /etc/dovecot/dovecot.conf with this line:
	ssl_listen = *:993
- restarted dovecot
- apt-get install telnet-ssl
- telnet -z verbose -z ssl localhost 993 (works!)
- Now that receiving email via a client should work, time to get sending email working...
- apt-get install libsasl2-modules sasl2-bin
- edited /etc/default/saslauthd like this:
	START=yes
	MECHANISMS="shadow"
	MECH_OPTIONS=""
	THREADS=5
	OPTIONS="-c"
- copied contents of /usr/share/postfix/main.cf.tls into /etc/postfix/main.cf, added these lines:
	smtpd_sasl_auth_enable = yes
	broken_sasl_auth_clients = yes
	smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
	smtpd_tls_cert_file=/etc/ssl/certs/wadhome.org.pem
	smtpd_tls_key_file=/etc/ssl/private/wadhome.org.pem
	smtpd_use_tls=yes
	smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
	smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
- put stuff into /etc/postfix/sasl/smtpd.conf:
	pwcheck_method: saslauthd
	mech_list: plain login
- Fixed problems with postfix ownership of the pipe:
	mkdir -p /var/spool/postfix/var/run/saslauthd
	Added this to /etc/fstab
		/var/run/saslauthd /var/spool/postfix/var/run/saslauthd none bind 0 0
	mount /var/spool/postfix/var/run/saslauthd
	chmod 755 /var/spool/postfix/var/run/saslauthd
- /etc/init.d/saslauthd start
- /etc/init.d/postfix restart
- External sending of email works! Yay!
- apt-get install fail2ban (inhibit hack attempts on sshd)
	works!
- Moved backups directory to /backups
- Created a backup script:
	#!/bin/bash
	rm -rf /backups/squashbot
	mkdir /backups/squashbot
	rm -rf /backups/tmp/squashbot
	mkdir /backups/tmp/squashbot
	mkdir /backups/tmp/squashbot/backup_mysql
	tar -czf /backups/squashbot/etc.tgz /etc
	tar -czf /backups/squashbot/home.tgz /home
	tar -czf /backups/squashbot/root.tgz /root
	tar -czf /backups/squashbot/usr.tgz /usr
	tar -cz --exclude-from=/root/bin/skip_from_backup_var -f /backups/squashbot/var.tgz /var
	mysqlhotcopy --password PASSWORD_HERE mysql /backups/tmp/squashbot/backup_mysql
	mysqlhotcopy --password PASSWORD_HERE wikiwad /backups/tmp/squashbot/backup_mysql
	mysqlhotcopy --password PASSWORD_HERE blogwad /backups/tmp/squashbot/backup_mysql
	mysqlhotcopy --password PASSWORD_HERE tressablog /backups/tmp/squashbot/backup_mysql
	mysqlhotcopy --password PASSWORD_HERE gallery2_wadhome_main /backups/tmp/squashbot/backup_mysql
	tar -czf /backups/squashbot/mysql.tgz /backups/tmp/squashbot/backup_mysql
- apt-get install screen
- learned about using screen
	"screen vi abc"
	"^A^D" to detatch
	"screen -r" to re-attach
- following directions on getting spam and virus filtering working... (http://wadhome.org/special/spam/)
- apt-get install arc arj autoconf automake1.7 bzip2 cabextract db4.3-util libarchive-tar-perl libarchive-zip-perl libauthen-sasl-perl libberkeleydb-perl libconvert-binhex-perl libconvert-tnef-perl libconvert-uulib-perl libdb4.3-dev libdbd-mysql-perl libdbi-perl libdigest-hmac-perl libdigest-sha1-perl libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl libio-multiplex-perl libio-socket-ssl-perl libio-string-perl arj
	(many of those were already there, but 14 were added)
- apt-get install libio-stringy-perl libio-zlib-perl libldap2 libmail-spf-query-perl libmailtools-perl libmime-perl libnet-dns-perl libnet-ldap-perl libnet-ph-perl libnet-server-perl libnet-snpp-perl libnet-telnet-perl libsocket6-perl libtimedate-perl libtool libunix-syslog-perl liburi-perl libwww-perl lsof lynx lzop make ncftp nomarch pax perl-doc rblcheck unzip unzoo zip zlib1g-dev zoo pyzor razor libcompress-zlib-perl psmisc
	(many of those were already there, but 15 were added)
- remove amavis-d (according to the instructions!)
	"apt-get -s remove amavisd-new" (simulate it first)
	"apt-get remove amavisd-new"
- sent an email to the author of that document, asking about just using amavisd-new as provided by debian.
- apt-get install bittorrent
	created /var/bittorrent
	excluded from backup script
- apt-get install wakeonlan
- ETCH WAS RELEASED!!
- updated sources.list to look like this
	deb http://security.debian.org/ etch/updates main contrib
	deb http://mirrors.kernel.org/debian/ etch main
- apt-get dist-upgrade (this did nothing)
- (hulk's MAC: 00:D0:B7:A7:60:CE)
- As for email, going back to a simple spamassassin configuration, with no amavis.
- apt-get remove --purge razor
- apt-get remove --purge pyzor
- apt-get remove --purge dcc-client
- apt-get remove --purge clamav clamav-daemon
- edited /etc/defaults/spamassassin and enabled it.
- restarted postfix
- sa-update
- added spamd group (id:111)
- useradd -c "Spam Killer" -g spamd -m -s /bin/false -u 108 spamd
- /etc/init.d/spamassassin start
- Edit /etc/postfix/master.cf:
	Changed first line to be:
		smtp inet n - - - - smtpd -o content_filter=spamassassin
	Added this line:
		spamassassin unix - n n - - pipe user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
- apt-get install spamc
- restart postfix --- INCOMING SPAM IS NOW MARKED!!
- added this stuff to /etc/procmailrc
	:0:
	* ^X-Spam-Flag: Yes
	.Spam/
- Incoming spam is now sorted, but permissions are wrong on the mails and .Spam folder.
	Added DROPPRIVS=yes to /etc/procmailrc
- YAY! spam filtering is now working!
- OUCH! Comcast shut down outgoing email, saying I was sending too many of them.
- apt-get install pflogsumm
	generate a report of sent emails:
		cat /var/log/mail.log | grep 'relay=smtp.comcast.net' | pflogsumm | less
	report shows I sent 801 emails on April 9. Seems to be coming from elsewhere, going to www.wadhome.org, via comcast! Not good!
		Apr  8 06:42:16 squashbot postfix/smtpd[9120]: connect from pool-71-116-59-235.eriepa.dsl-w.verizon.net[71.116.59.235]
		Apr  8 06:42:16 squashbot postfix/smtpd[9120]: BE8881A1C53B: client=pool-71-116-59-235.eriepa.dsl-w.verizon.net[71.116.59.235]
		Apr  8 06:42:17 squashbot postfix/cleanup[9121]: BE8881A1C53B: message-id=<01c779da$caf984d0$6c822ecf@snitchescorruptible>
		Apr  8 06:42:17 squashbot postfix/qmgr[2155]: BE8881A1C53B: from=<snitchescorruptible@mmoffice.com>, size=3199, nrcpt=1 (queue active)
		Apr  8 06:42:17 squashbot postfix/smtpd[9120]: disconnect from pool-71-116-59-235.eriepa.dsl-w.verizon.net[71.116.59.235]
		Apr  8 06:42:18 squashbot postfix/smtp[9122]: BE8881A1C53B: to=<sasa@www.wadhome.org>, relay=smtp.comcast.net[206.18.177.17]:25, delay=1.3, delays=0.8/0 .01/0.2/0.26, dsn=2.0.0, status=sent (250 ok ; id=20070408124217b1500sle8ge)
		Apr  8 06:42:18 squashbot postfix/qmgr[2155]: BE8881A1C53B: removed
- Edited /etc/postifx/main.cf
	added www.wadhome.org as a myDestination
	temporarily set relayhost = 127.0.0.127 to prevent outgoing email from being discarded
- Comcast allowing outgoing email again. Fixed main.cf.
- Clean up clam and amavis users, got them out of logrotate stuff, password files, etc.
- Fixing spam rules updates:
	as root, made /root/spamTools
	Followed these rules: http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt
		wget http://daryl.dostech.ca/sa-update/sare/GPG.KEY
		sa-update --import GPG.KEY
		sa-update --channelfile /root/spamTools/sare-sa-update-channels.txt --gpgkey 856AA88A --gpgkey 265FA05B
	Put that last command into /etc/cron.daily/local-sa-update
- turn off anonymous edits on wikiwad. Editing /var/lib/mediawiki/LocalSettings.php
	# Don't force captials in first letter of links
	$wgCapitalLinks = false;
	# This snippet prevents editing from anonymous users
	$wgGroupPermissions['*']['edit'] = false;
- sa-update not working in cron. Moved it to /root/bin/spam to be run manually.
- some email accounts not working with maildir. Emails are getting to /var/mail instead. Made sure each directory had an empty Maildir directory in it. Deleted /var/mail/*
- apt-get install was failing due to amavis user stuck somewhere. Delted all amavis stuff I could find. "dpkg-statoverride --list" showed a list. Used "dpkg-statoverride --remove" on them, then "rm -rf /var/lib/amavis" and "rm -rf /var/run/amavis". Works now.
- apt-get install tcpdump
- apt-get install hexer
- .forward file in users directory was also forwarding spam. Fixed it by removing the .forward file, and replace it with .procmailrc with these contents:
		PATH=/usr/bin:/bin:/usr/sbin:/sbin:.
		MAILDIR=$HOME/Maildir
		DEFAULT=$MAILDIR/
		LOGFILE=/home/doug/procmail.log
		LOG="
		"
		VERBOSE=yes
		DROPPRIVS=no
		:0
		*
		! [email address to forward to]
- edited /etc/fail2ban/jail.conf to increase ban time.
- "hostname --fqdn" returned "localhost". Wrong! changed /etc/hosts and put squashbot and squashbot.wadhome.org on the 192.168.0.3 line, instead of the 127.0.0.1 line to fix it. Works.
- apt-get install squid

todo list:
* sa-update in cron
* weekly email reports in cron
* mdadm to get alerts about RAID (there is something in /etc/cron.d)
* fix samba file server to allow access to home directories.

On November 7, 2007, Tim and I switched me from Comcast to XMission as ISP. I plugged in a Cisco 678 DSL modem in bridging mode using pppoe, as follows:

pppoe setup

apt-get install pppoe
Talk to modem via management interface
	set web disabled (to turn off web interface)
	set bridging enabled (turn on bridging)
	show running
pppoeconf
	it modified pap-secrets, chap-secrets, dsl-providers
	eth0
	accept defaults
	enter username and password
	use peers DNS
	DHCP client to get IP address

Edit the /etc/network/interfaces to be as follows:
auto lo
iface lo inet loopback
auto ppp0
iface ppp0 inet ppp
   pre-up ip link set eth0 up
   provider dsl-provider
auto eth1
iface eth1 inet static
   address 192.168.182.1
   netmask 255.255.255.0

Changed /etc/dhcp3/dhcpd.conf:
  option domain-name-servers 198.60.22.2, 198.60.22.22;

/etc/init.d/rc.firewall-iptables
changed eth0 to use the variable they should have been using: extif (external interface)
Changed the definition of the variable to be ppp0 instead of eth0. Restarted.

restarted squid
Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox