Linux.com

Community Blogs



Testing mail servers with swaks

Article Source: http://www.cmdln.org
Date: April 16th 2009

 I hadn’t seen this tool before so I figured I would share. Swaks is the swiss army knife SMTP according to the homepage.

Full Entry

 

Perl : Creating a compiled daemon

One of the more exciting techniques I learned while working on my server project for the last year was how to create a daemon in Perl and then compile it.

Yes Perl can be compiled. I had no idea, but its a wonderful thing. Combine this with a fork statement, a while loop and your all set to have a daemon.
Read more... Comment (0)
 

Improving debians nginx init script

Article Source: http://www.cmdln.org
Date: April 27th 2009

nginx is a high performance HTTP and mail proxy server written by Igor Sysoev.

I’m not sure what the init scripts do for other distros but it seems a bit of an oversight to leave out checking the config file when running the init script

Full Entry

 

Project Review: eBox Platform

eBox Logo

The eBox Platform is a suite of software for managing networking and other features.  I stumbled onto eBox a few years ago and have since used it in many locations including my home network.  The project was and still is hosted in Spain by some very capable folks.  Community involvement and grants have supported some of the developers.

Read more... Comment (0)
 

Puppet, what was I doing?!?

Been busy today setting up puppet on a Xen virtual environment. 5 virtual machines in my lab managed by puppet.

Puppet is a system that enabled you to manage configuration files and information across multiple hosts.

I really dont know what I've been doing without it. Basicly you can setup your configuration profile and all machines current and future consume that configuration set.

Today I have been trying it with distributiong sudoers, ldap authentication, nfs configuration, firewall.. It's really usefull.

I definiently recomend this for anyone that wants a "standardized multinode environment".

 

tc - show / manipulate traffic control settings

Since I've spent the last year learning a lot of little things about Linux I thought I'd share some fun stuff for anyone who's interested.

This was a good one. There is a LOT more information then I could ever explain on the topic found at http://lartc.org

If you've ever wondered how to rate limit users on your network, this tutorial will save you a lot of research time. I've done most of the leg work for you and can say that this method has been tested and shown to work on medium sized networks with 1-50 users. The only downfall is that it will only rate limit the users download speed. I have not found a way to do upload speeds.

Read more... Comment (0)
 

Qwiki : Ping an IP Address in HEX

Did you know you can ping an IP Address in HEX?

Read more... Comment (0)
 

Deploying a Linux based vm from VMware template

Deploying a Linux based virtual machine from a VMware template can be a bit difficult when you don't know the ins and outs, the tiny tweaks. 

In this blog post I'll explain how you can get past the problems that might occur.

Read more... Comment (0)
 

SSH Tunnel between two machines

Here's another nice and short post about SSH and tunnels

Here's something I did in the past for working through DMZ machines, let me explain this scenario:
Immagine you've an UNIX machine inside a DMZ and you'd like to get some data from another host located inside the dmz green area, you've two options for it:

  1. Make a pinhole in the firewall (bad bad bad)
  2. Create a tunnel from the green area to the host inside the DMZ so the dmz machine can use that tunnel to remote forwarding ports from green machine

Obviously we'll discuss option number two :-)

Let's place an example for a quick and dirty explaination

Protected machine inside the dmz green area (protected) : lets' call it "green"
Machine inside dmz yellow area, used for web services from outside/inside: let's call it "yellow"
Service port to tunnel: 3306 from green to 6033 to yellow.
Yes, I'd like to transport MySQL (everything else works as well) from green to yellow so applications on yellow can normally open the database located on green.
Green also decides when and how to handle and keep the connection in order to preserve its data.

So, what's next ?
Let me assume you can ssh from green to yellow without passwords, you've already exported ssh rsa public/private keys from a machine to another (or maybe it could be a good argument for the next post :-) ), so all you have to do is open a tunnel in this way:

REMOTE_HOST=yellow
REMOTE_PORT=6033
LOCAL_HOST=green
LOCAL_PORT=3306

ssh -2 -f -q -T -N -R $REMOTE_PORT:$LOCAL_HOST:$LOCAL_PORT$REMOTE_HOST &

Issue this command on green machine and you'll have 6033 port opened on yellow, try to use mysql command line utility to open a database on green and see what happens.

Hope it helps someone, I've used it in the past to transport data from a db to another but you can even use for something else: JSON on HTTPD (80) and so on

 

**** UPDATE ****
See SSH Tunnel between two machines (part two) for an automatic script and use it easily
**** ****

 

Cheers

Andrea (Ben) Benini

 

SSH Tunnel between two machines (part two)

Here's a script for using SSH Tunnel between two machines discussed before, this script automates tunnel creation and if you add it in your cron you can even check for existence and restore it when broken, let's see the script first:

#!/bin/bash
# Description : SSH Tunnel between two machines for forwarding remote MySQL port
# Author: Andrea Benini (Ben)
# See configuration for details on ports

# Configuration
REMOTE_HOST=yellow
REMOTE_PORT=6033
LOCAL_HOST=green
LOCAL_PORT=3306

# No changes needed below this line
COMMAND_LINE="ssh -2 -f -q -T -N -R $REMOTE_PORT:$LOCAL_HOST:$LOCAL_PORT $REMOTE_HOST &"
COMMAND_SEARCH=`ps x -o args|grep "^$COMMAND_LINE"`

if [ "$COMMAND_SEARCH" == "" ]; then
echo "Restarting Tunnel to $REMOTE_HOST"
$COMMAND_LINE
exit
fi

The script restarts the tunnel by itself when broken, not active, shutdown or else
You can insert it into cron to check for it every 5 minutes or to enable it at the end of the day (you say "two db sync at 20pm" ? yes it is !)

Edit your cron by inserting:

# every 10 minutes
# check tunnel availability
*/10 * * * * $HOME/cmd/ssh.tunnel.support 1>/dev/null 2>&1

and here it is !

Hope it help someone

Andrea Ben Benini

 

SSH to server without password using RSA key

I came across a requirement for automatically logging into the server without entering password, This can done using the RSA

Simple Way (Better to try this)

1.Run the following command on the client (from where you want to access the
server)
#ssh-keygen -t rsa

2.id_rsa and id_rsa.pub files will be created inside $HOME/.ssh

3.Copy id_rsa.pub to the server's .ssh directory

#mkdir $HOME/.ssh
#scp $HOME/.ssh/id_rsa.pub user@server:/home/user/.ssh

4.Change to /root/.ssh and create file authorized_keys containing id_rsa content
#cd /home/user/.ssh
#cat id_rsa >> authorized_keys

5.You can try ssh to the server from the client and no password will be needed
#ssh user@server

6.enable rsa authentication in /etc/ssh/sshd_config in both the servers
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

7.Restart sshd service ( service sshd restart)

A much more complex way

In the server where you want to give access
#ssh-keygen -t rsa

Give password

This will create two files Private key and public key in $HOME/.ssh/id_rsa.pub and $HOME/.ssh/id_rsa

#scp /root/.ssh/id_rsa.pub This e-mail address is being protected from spambots. You need JavaScript enabled to view it .*.*:/home/test/.ssh/
# scp /root/.ssh/id_rsa This e-mail address is being protected from spambots. You need JavaScript enabled to view it .*.*:/home/test/.ssh/
#exec ssh-agent bash
#ssh-add /root/.ssh/id_rsa

Remote Side

Create a user
#Useradd test
#Passwd test
#su - test

$mkdir /home/test/.ssh
$chmod 700 .ssh
$cat /home/test/.ssh/id_rsa >> /home/test/.ssh/ authorized_keys (if ssh2 then use authorized_keys2)

$ exec ssh-agent bash
$ssh-add /root/.ssh/id_rsa

 
Page 7 of 8

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board