configure: error: Unable to find libgd. (a | so)
If you are using ubuntu or debian is very simple, direct sudo apt-get install apache2 libapache2-mod-php5 php5 php5-gd basically get, but still with a lot of trouble installing the source code -
wget HTTP: / / www.boutell.com / gd / HTTP / gd-2.0.11.tar.gz
tar zxvf gd-2.0.11.tar.gz
cd gd-2.0.11
sudo . / configure - prefix = / usr / local / gd2
sudo make
sudo make install PHP again: ~ / :. / configure ... ... - with-gd = / usr / local / gd2 ... ...
The following is based on the yum install or apt-get's.
1)
Configure: error: xml2-config not found. Please check your libxml2 installation.
# Yum install libxml2 libxml2-devel (For Redhat & Fedora)
# aptitude install libxml2-dev (For Ubuntu)
2)
Checking for pkg-config ... / usr / bin / pkg-config configure: Error: Can not Find OpenSSL's < evp.h >
# Yum install openssl openssl-devel
3)
Configure: error: Please reinstall the BZip2 distribution
# Yum install bzip2 bzip2-devel
4)
Configure: Error: Please REINSTALL the libcurl Distribution-easy.h should be in < curl-dir > / include / curl /
# Yum install curl curl-devel (For Redhat & Fedora)
# install libcurl4-GnuTLS-dev (For Ubuntu)
5)
Configure: Error: libjpeg. ( also ) not found.
# Yum install libjpeg libjpeg-devel
6)
Configure: Error: libpng. ( also ) not found.
# Yum install libpng libpng-devel
7)
Configure: error: freetype.h not found.
# Yum install freetype-devel
8)
Configure: Error: Unable to Locate gmp.h
# Yum install gmp-devel
9)
Configure: Error: Can not Find MySQL header Files under / usr. Note that the MySQL Client Library is not bundled anymore !
# Yum install MySQL-devel (For Redhat & Fedora)
# apt-Get install libmysql + +-dev (For Ubuntu)
10)
Configure: error: Please reinstall the ncurses distribution
# Yum install ncurses ncurses-devel
11)
Checking for unixODBC Support ... configure: Error: ODBC header file ' / usr / include / sqlext.h 'not found !
# Yum install unixODBC-devel
12)
Configure: Error: Can not Find pspell
# Yum install pspell-devel
13)
configure: error: mcrypt.h not found. Please reinstall libmcrypt.
# Yum install libmcrypt libmcrypt-devel (For Redhat & Fedora)
# apt-Get install libmcrypt-dev
14)
Configure: error: snmp.h not found. Check your SNMP installation.
# Yum install net-snmp net-snmp-devel
Above is reproduced content
Monday, July 11, 2011
Installing Svn way to integrate Apache
A, Svn independent service installation
ContOS AS 5
installation package for http://www.woaidiannao.com:
wget http://subversion.tigris.org/downloads/subversion-1.6.5.tar.gz
wget http://subversion .tigris.org/downloads/subversion-deps-1.6.5.tar.gz.
Compile:
tar xfvz Subversion-1.6.5.tar.gz
tar-deps-1.6.5.tar.gz xfvz Subversion
subversion-deps package has four directories zlib apr apr-util neon are dependent on these four directories, compile the code necessary to subversion
cd Subversion-1.6.5
. / configure-prefix = / opt / svn-without-Berkeley- DB-with-zlib = / usr
(Note: to run svnserve, apache compile without parameters to fsfs format version of the library does not compile Berkeley-DB)
Clean make
make
make install
Test:
svnserve-Version
if shown below, the installation Success:
svnserve, Version 1.6.5 (r21228)
2. svn configuration
build repository directory, can be built more:
mkdir-P / opt / svndata / repos
set up a repository:
svnadmin create / opt / svndata / repos
changes to a repository configuration file:
vi / opt / svndata / repos / conf / svnserve.conf
[General]
anon-access = none
auth-access = write
password-DB = / opt / svndata / repos / conf / pwd.conf
AuthZ-DB = / opt / svndata / repos / conf / authz.conf
realm = repos
configured to allow access to the user:
vi / opt / svndata / repos / conf / pwd.conf
Note: the user profile changes take effect immediately, without restarting the svn.
File format is as follows:
[users]
=
=
which, [users] is necessary. Listed below to access the svn users, each user line. Example:
[users]
= password Alan
King = Hello
configure user access rights:
vi / opt / svndata / repos / conf / authz.conf
user groups defined in the document repository and directory permissions.
Note:
* permission of the user profile name must appear in the user profile has been defined.
* For permission to modify the configuration file take effect immediately, without restarting the svn.
User Group format:
[groups]
= ,
where a user group can contain one or more users, between users separated by commas.
Repository directory format:
[: / project / directory]
@ =
=
which box number written in a variety of parts can be:
/, that root and below. The root directory is specified when starting svnserve, we specify / opt / svndata. Thus, / is said to set permissions on all versions of libraries.
repos1: /, that repository a set of permissions
repos2: / abc,, that the repository 2 abc project set permissions
repos2: / abc / aaa,, that the repository 2 abc set permissions aaa directory project
Permissions can be the main user group, user or *, the user group in front of the @, * that all users. Permissions can be w, r, wr, and air, air that does not have any rights.
Example:
[groups]
ADMIN = Alan
[/]
@ ADMIN = rw
[repos1: / abc / AAA]
King = rw
[repos2: / Pass]
King =
3. start svn
svn user to create a boot:
useradd svn
passwd svn
prompted svn set a password for the user
to allow users to access the svn repository:
chown-R svn: svn / opt / svndata
chown-R svn: svn / opt / Data
start svn:
svnserve-d-listen-port 9999-R / opt / svndata
- d is the daemon mode (background) to run
-listen-port 9999 that the use of port 9999, you will need to be replaced by the port.
-R / opt / svndata specify the root directory is / opt / svndata
check:
PS-ef | grep svnserve
if shown below, is a successful start:
svn 6941 1 0 15:07? 00:00:00 svnserve-d-listen- port 9999-r / opt / svndata
two, svn integration of services with apache
apache need to open the webdav functionality
. / configure-prefix = / usr / local / Apache-enable-so-enable-dav-enable-dav = share-FS
tar xfvz Subversion-1.6.5.tar.gz
tar-deps-1.6.5.tar.gz xfvz Subversion
. / configure-prefix = / usr/local/svn1-with-apxs = / usr / local / Apache / bin / apxs
View a dynamic library has not been installed
vi / usr / local / Apache / conf / httpd.conf
LoadModule dav_module modules / mod_dav.so
LoadModule dav_svn_module modules / mod_dav_svn.so
LoadModule authz_svn_module modules / mod_authz_svn.so
configuration http.conf
vi / opt / Apache / conf / httpd.conf
configuration:
DAV svn
SVNParentPath / Data / svn / / / parent directory svn
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile / Data / svn / passwd
AuthzSVNAccessFile / Data / svn / auth
Require valid-user
Build SVN repositories
# mkdir-P / Data / svn / repos
# svnadmin create / Data / svn / repos
SVN repository backup before
# svnadmin dump / data / svn / repos> / root / repos
out of the backup data back to the local
# svnadmin load / data / svn / repos /
set up local access control file
# / usr / local / Apache / bin / htpasswd [-c] / Data / svn / passwd North
/ / first set the user to use -c indicates a new user file.
# / Usr / local / apache / bin / htpasswd passwd username (new users)
to establish a local project control file
touch / data / svn / auth
file content:
[groups]
[repos: /]
# wxy = rw
North = rw
= rw Tom
ContOS AS 5
installation package for http://www.woaidiannao.com:
wget http://subversion.tigris.org/downloads/subversion-1.6.5.tar.gz
wget http://subversion .tigris.org/downloads/subversion-deps-1.6.5.tar.gz.
Compile:
tar xfvz Subversion-1.6.5.tar.gz
tar-deps-1.6.5.tar.gz xfvz Subversion
subversion-deps package has four directories zlib apr apr-util neon are dependent on these four directories, compile the code necessary to subversion
cd Subversion-1.6.5
. / configure-prefix = / opt / svn-without-Berkeley- DB-with-zlib = / usr
(Note: to run svnserve, apache compile without parameters to fsfs format version of the library does not compile Berkeley-DB)
Clean make
make
make install
Test:
svnserve-Version
if shown below, the installation Success:
svnserve, Version 1.6.5 (r21228)
2. svn configuration
build repository directory, can be built more:
mkdir-P / opt / svndata / repos
set up a repository:
svnadmin create / opt / svndata / repos
changes to a repository configuration file:
vi / opt / svndata / repos / conf / svnserve.conf
[General]
anon-access = none
auth-access = write
password-DB = / opt / svndata / repos / conf / pwd.conf
AuthZ-DB = / opt / svndata / repos / conf / authz.conf
realm = repos
configured to allow access to the user:
vi / opt / svndata / repos / conf / pwd.conf
Note: the user profile changes take effect immediately, without restarting the svn.
File format is as follows:
[users]
which, [users] is necessary. Listed below to access the svn users, each user line. Example:
[users]
= password Alan
King = Hello
configure user access rights:
vi / opt / svndata / repos / conf / authz.conf
user groups defined in the document repository and directory permissions.
Note:
* permission of the user profile name must appear in the user profile has been defined.
* For permission to modify the configuration file take effect immediately, without restarting the svn.
User Group format:
[groups]
where a user group can contain one or more users, between users separated by commas.
Repository directory format:
[
@
which box number written in a variety of parts can be:
/, that root and below. The root directory is specified when starting svnserve, we specify / opt / svndata. Thus, / is said to set permissions on all versions of libraries.
repos1: /, that repository a set of permissions
repos2: / abc,, that the repository 2 abc project set permissions
repos2: / abc / aaa,, that the repository 2 abc set permissions aaa directory project
Permissions can be the main user group, user or *, the user group in front of the @, * that all users. Permissions can be w, r, wr, and air, air that does not have any rights.
Example:
[groups]
ADMIN = Alan
[/]
@ ADMIN = rw
[repos1: / abc / AAA]
King = rw
[repos2: / Pass]
King =
3. start svn
svn user to create a boot:
useradd svn
passwd svn
prompted svn set a password for the user
to allow users to access the svn repository:
chown-R svn: svn / opt / svndata
chown-R svn: svn / opt / Data
start svn:
svnserve-d-listen-port 9999-R / opt / svndata
- d is the daemon mode (background) to run
-listen-port 9999 that the use of port 9999, you will need to be replaced by the port.
-R / opt / svndata specify the root directory is / opt / svndata
check:
PS-ef | grep svnserve
if shown below, is a successful start:
svn 6941 1 0 15:07? 00:00:00 svnserve-d-listen- port 9999-r / opt / svndata
two, svn integration of services with apache
apache need to open the webdav functionality
. / configure-prefix = / usr / local / Apache-enable-so-enable-dav-enable-dav = share-FS
tar xfvz Subversion-1.6.5.tar.gz
tar-deps-1.6.5.tar.gz xfvz Subversion
. / configure-prefix = / usr/local/svn1-with-apxs = / usr / local / Apache / bin / apxs
View a dynamic library has not been installed
vi / usr / local / Apache / conf / httpd.conf
LoadModule dav_module modules / mod_dav.so
LoadModule dav_svn_module modules / mod_dav_svn.so
LoadModule authz_svn_module modules / mod_authz_svn.so
configuration http.conf
vi / opt / Apache / conf / httpd.conf
configuration:
DAV svn
SVNParentPath / Data / svn / / / parent directory svn
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile / Data / svn / passwd
AuthzSVNAccessFile / Data / svn / auth
Require valid-user
Build SVN repositories
# mkdir-P / Data / svn / repos
# svnadmin create / Data / svn / repos
SVN repository backup before
# svnadmin dump / data / svn / repos> / root / repos
out of the backup data back to the local
# svnadmin load / data / svn / repos /
set up local access control file
# / usr / local / Apache / bin / htpasswd [-c] / Data / svn / passwd North
/ / first set the user to use -c indicates a new user file.
# / Usr / local / apache / bin / htpasswd passwd username (new users)
to establish a local project control file
touch / data / svn / auth
file content:
[groups]
[repos: /]
# wxy = rw
North = rw
= rw Tom
Install the client TortoiseSVN, access to the server
http://192.168.0.180/svn/repos
Note: SVN is the APACHE configuration when the additions.
Install the end of this basic
Install the end of this basic
Third, routine maintenance commands and arguments
start svn service
svnserve-d - listen-port 20000-r / opt / svndata
create repository
svnadmin create fs-type fsfs / opt / svndata / mark
view a repository of information
svn list file: / / / opt / svndata / Mark
svn List - verbose file: / / / opt / svndata / Mark
into the library directory structure
svn import / tmp / mark / file: / / / opt / svndata / mark / - message "init "(mark folder under the bo)
start svn service
svnserve-d - listen-port 20000-r / opt / svndata
create repository
svnadmin create fs-type fsfs / opt / svndata / mark
view a repository of information
svn list file: / / / opt / svndata / Mark
svn List - verbose file: / / / opt / svndata / Mark
into the library directory structure
svn import / tmp / mark / file: / / / opt / svndata / mark / - message "init "(mark folder under the bo)
Mark delete the repository folder under the bo
DELETE svn svn: / / 192.168.0.180:20000 / opt / svndata / Mark / bo-M "DELETE"
/ / export
$ svnlook youngest oldrepo
$ svnadmin dump oldrepo>; dumpfile
/ / restore
$ svnadmin load newrepo
stop the subversion service
PS-aux | grep svnserve
kill -9 ID No.
DELETE svn svn: / / 192.168.0.180:20000 / opt / svndata / Mark / bo-M "DELETE"
/ / export
$ svnlook youngest oldrepo
$ svnadmin dump oldrepo>; dumpfile
/ / restore
$ svnadmin load newrepo
stop the subversion service
PS-aux | grep svnserve
kill -9 ID No.
Apache achieve a ban on image hotlinking
After the finish http://zlemon.com this image blog traffic is steadily rising, followed by hotlinking problems come, hotlinking is nothing, open for two days, traffic can not stand, so only chain needs to be a friend of external apologize: the
Apache implementation prohibits the use of image hotlinking:
Modify the httpd.conf configuration file:
Apache implementation prohibits the use of image hotlinking:
Modify the httpd.conf configuration file:
This simple application can not only solve the problem of hotlinking images, also slightly modified to prevent hotlinking to download any file problems.
When using the above method specified host from the non-linked picture, the picture will not be displayed, if you want to display a "No hotlinking" of images, we can use mod_rewrite to achieve.
First, when installing apache with-enable-rewrite mod_rewrite module load parameters.
Assuming "No hotlinking" image for the abc.gif, we can be in the httpd.conf configuration:
When using the above method specified host from the non-linked picture, the picture will not be displayed, if you want to display a "No hotlinking" of images, we can use mod_rewrite to achieve.
First, when installing apache with-enable-rewrite mod_rewrite module load parameters.
Assuming "No hotlinking" image for the abc.gif, we can be in the httpd.conf configuration:
ZLEMON configuration is as follows:
Dovecot
一,Mail Retrieval Protocols
Post Office Protocol
All data,including passwords,is passed in cleartext over TCP port 110
Use POP3s to provide SSL encryption of data over TCP port 995
All data,including passwords,is passed in cleartext over TCP port 110
Use POP3s to provide SSL encryption of data over TCP port 995
Internet Mail Access Protocol
All data,including passwords,is passwd in cleartext over TCP port 143
Use IMAP to provide SSL encryption of data over TCP port 993
All data,including passwords,is passwd in cleartext over TCP port 143
Use IMAP to provide SSL encryption of data over TCP port 993
Dovecot supports POP3,POP3s,IMAP,and IMAPs
二,Service Profile:Dovecot
type:systemV-managed service
package:dovecot
daemon:/usr/sbin/dovecot
scritp:/etc/init.d/dovecot
ports:110(pop),995(pop3s),143(imap),993(imaps)
configuration:/etc/devecot.conf
Related:procmail,fetchmail,openssl
package:dovecot
daemon:/usr/sbin/dovecot
scritp:/etc/init.d/dovecot
ports:110(pop),995(pop3s),143(imap),993(imaps)
configuration:/etc/devecot.conf
Related:procmail,fetchmail,openssl
三,Dovecot Configuration
Listens on all IPv6 and IPv4 interfaces by default
Specify protocols in /etc/dovecot.conf
protocols = imap imaps pop3 pop3s
Specify protocols in /etc/dovecot.conf
protocols = imap imaps pop3 pop3s
Make a private key and self-signed certificate before using SSL
1,confirm system time to avoid date issues
2,review /etc/dovecot.conf for key and cert locations
3,Run make -C /etc/pki/tls/certs dovecot.pem
creates a single PEM file containing both the key and the cert
4,copy the new PEM file to both locations
1,confirm system time to avoid date issues
2,review /etc/dovecot.conf for key and cert locations
3,Run make -C /etc/pki/tls/certs dovecot.pem
creates a single PEM file containing both the key and the cert
4,copy the new PEM file to both locations
verifying POP Operation
Verify server operation
Graphical:Thunderbird and Evolution
Text-mode:mutt and Fetchmail
Verify server operation
Graphical:Thunderbird and Evolution
Text-mode:mutt and Fetchmail
mutt -f pop://user@server[:port]
mutt -f pops://user@server[:port]
mutt -f pops://user@server[:port]
Can also use telnet(POP3) or openssl s_client(POP3s)
identify problems with certificate date or permissions
identify problems with certificate date or permissions
verifying IMAP Operation
Verify server operation
Graphical:Thunderbird and Evolution
Text-mode:mutt and Fetchmail
Verify server operation
Graphical:Thunderbird and Evolution
Text-mode:mutt and Fetchmail
mutt -f imap://user@server[:port]
mutt -f imaps://user@server[:port]
mutt -f imaps://user@server[:port]
Can also use telnet(POP3) or openssl s_client(POP3s)
identify problems with certificate date or permissions
identify problems with certificate date or permissions
[root@station10 ~]# yum install -y dovecot
/etc/doveot.conf
protocols = imap imaps pop3 pop3s
protocols = imap imaps pop3 pop3s
[root@station10 ~]# date
Wed Oct 22 09:46:59 CST 2008
[root@station10 ~]#
Wed Oct 22 09:46:59 CST 2008
[root@station10 ~]#
2,
[root@station10 ~]# find /etc/ -name dovecot.pem -exec rm {} ;
[root@station10 ~]# find /etc/ -name dovecot.pem -exec rm {} ;
3,
[root@station10 ~]# make -C /etc/pki/tls/certs dovecot.pem
make: Entering directory `/etc/pki/tls/certs’
umask 77 ;
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ;
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ;
/usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ;
cat $PEM1 > dovecot.pem ;
echo “” >> dovecot.pem ;
cat $PEM2 >> dovecot.pem ;
rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
……++++++
…………………++++++
writing new private key to ‘/tmp/openssl.h10778′
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:China
Locality Name (eg, city) [Newbury]:Guangdong
Organization Name (eg, company) [My Company Ltd]:Example,Inc.
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:station10.example.com
Email Address []:root@station10.example.com
make: Leaving directory `/etc/pki/tls/certs’
[root@station10 ~]#
[root@station10 ~]# make -C /etc/pki/tls/certs dovecot.pem
make: Entering directory `/etc/pki/tls/certs’
umask 77 ;
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ;
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ;
/usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ;
cat $PEM1 > dovecot.pem ;
echo “” >> dovecot.pem ;
cat $PEM2 >> dovecot.pem ;
rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
……++++++
…………………++++++
writing new private key to ‘/tmp/openssl.h10778′
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:China
Locality Name (eg, city) [Newbury]:Guangdong
Organization Name (eg, company) [My Company Ltd]:Example,Inc.
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:station10.example.com
Email Address []:root@station10.example.com
make: Leaving directory `/etc/pki/tls/certs’
[root@station10 ~]#
4,:
[root@station10 ~]# find /etc/pki/ -name dovecot.pem -ls
99026 8 -rw——- 1 root root 2182 Oct 22 09:50 /etc/pki/tls/certs/dovecot.pem
[root@station10 ~]#
[root@station10 ~]# find /etc/pki/ -name dovecot.pem -ls
99026 8 -rw——- 1 root root 2182 Oct 22 09:50 /etc/pki/tls/certs/dovecot.pem
[root@station10 ~]#
5,:
[root@station10 ~]# grep -e ssl_cert -e ssl_key /etc/dovecot.conf
#ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
#ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
#ssl_key_password =
[root@station10 ~]#
[root@station10 ~]# grep -e ssl_cert -e ssl_key /etc/dovecot.conf
#ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
#ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
#ssl_key_password =
[root@station10 ~]#
6,:
[root@station10 ~]# grep -e ssl_cert -e ssl_key /etc/dovecot.conf
ssl_cert_file = /etc/pki/tls/certs/dovecot.pem
ssl_key_file = /etc/pki/tls/certs/dovecot.pem
#ssl_key_password =
[root@station10 ~]#
[root@station10 ~]# grep -e ssl_cert -e ssl_key /etc/dovecot.conf
ssl_cert_file = /etc/pki/tls/certs/dovecot.pem
ssl_key_file = /etc/pki/tls/certs/dovecot.pem
#ssl_key_password =
[root@station10 ~]#
7,:
[root@station10 ~]# service dovecot status
dovecot is stopped
[root@station10 ~]# service dovecot start
Starting Dovecot Imap: [ OK ]
[root@station10 ~]# chkconfig dovecot on
[root@station10 ~]#
[root@station10 ~]# service dovecot status
dovecot is stopped
[root@station10 ~]# service dovecot start
Starting Dovecot Imap: [ OK ]
[root@station10 ~]# chkconfig dovecot on
[root@station10 ~]#
8,:
[root@station10 ~]# netstat -tulpn | grep dovecot
tcp 0 0 :::993 :::* LISTEN 10848/dovecot
tcp 0 0 :::995 :::* LISTEN 10848/dovecot
tcp 0 0 :::110 :::* LISTEN 10848/dovecot
tcp 0 0 :::143 :::* LISTEN 10848/dovecot
[root@station10 ~]#
[root@station10 ~]# netstat -tulpn | grep dovecot
tcp 0 0 :::993 :::* LISTEN 10848/dovecot
tcp 0 0 :::995 :::* LISTEN 10848/dovecot
tcp 0 0 :::110 :::* LISTEN 10848/dovecot
tcp 0 0 :::143 :::* LISTEN 10848/dovecot
[root@station10 ~]#
9,:
[root@station10 ~]# echo ‘this is a test’ | mail -s test root
[root@station10 ~]# echo ‘this is a test’ | mail -s test root
[root@station10 ~]# mutt -f pop://root@station10.example.com
:
Oct 22 10:02:19 station10 dovecot: Logins with UID 0 not permitted (user root)
Oct 22 10:02:19 station10 dovecot: pop3-login: Internal login failure: user=, method=PLAIN, rip=::ffff:192.168.0.10, lip=::ffff:192.168.0.10, secured
Oct 22 10:02:19 station10 dovecot: Logins with UID 0 not permitted (user root)
Oct 22 10:02:19 station10 dovecot: pop3-login: Internal login failure: user=, method=PLAIN, rip=::ffff:192.168.0.10, lip=::ffff:192.168.0.10, secured
/etc/dovcot.conf:
# Note that denying root logins is hardcoded to dovecot binary and can’t
# be done even if first_valid_uid is set to 0.
# Note that denying root logins is hardcoded to dovecot binary and can’t
# be done even if first_valid_uid is set to 0.
:
[root@station10 ~]# useradd student
[root@station10 ~]# passwd student
Changing password for user student.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@station10 ~]# echo ‘this is a test’ | mail -s test student
[root@station10 ~]#
[root@station10 ~]# useradd student
[root@station10 ~]# passwd student
Changing password for user student.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@station10 ~]# echo ‘this is a test’ | mail -s test student
[root@station10 ~]#
[root@station10 ~]# mutt -f pop://student@station10.example.com
,ok.
:
mutt -f pops://student@station10.example.com
mutt -f pops://student@station10.example.com
mutt -f imap://student@station10.example.com
mutt -f imaps://student@station10.example.com
Saturday, July 9, 2011
Linux Distribution Step By Step Booting
BIOS-MBR-BOOT LOADER– KERNEL-INIT -RUN LEVEL
1) BIOS IT WILL LOAD THE MBR INTO THE MEMORY FROM THE BOOT SECTOR ( BOOT SECTOR IT WILL BE FLOPPY ,HARD DISK , CDROM. THESE BOOT LOAD PRIORITY IT WILL BE CHANGE FROM THE BIOS SETUP)
2)THEN BOOT LOADER IT WILL TAKE THE CONTROL OF THE SYSTEM FROM THE FOLLOWING FILE /ETC/LILO.CONF /ETC/GRUB.CONF (LILO IS MOST LINUX DISTRIBUTION DEFAULT BOOT LOADER) [LINUX IT WILL LOAD THE IMAGE WINDOWS IT WILL LOAD THE DOS].
3)IT WILL SHOW THE LIST OF OPERATING SYSTEM WHICH ONE NEED TO BOOT. IT WILL IDENTIFY WHICH KERNEL NEEDS TO BOOT.
SYSTEM STARTUB
LINUX LOADS THE KERNEL & INITIAL RAM DISK IMAGE INTO SYSTEM MEMORY TO BOOT THE SYSTEM .
4)THEN KERNEL RUN INIT (INITIALIZATION) PROGRAM ACCORDING TO THE /ETC/INITTAB.
UNDER THE /ETC/INITTAB FILE IT HAS RUN LEVEL SCRIPT
EXAMPLE : /ETC/RC.D/RC0.D
JUST LIKE IT HAS THE LINUX SIX RUN LEVEL
UNDER THE RUN LEVEL
IF FILE START WITH
K-SHUTDOWN SCRIPT
S-START UP SCRIPT
5)BASED ON THE DEFAULT RUN LEVEL IT WILL EXECUTED THE PROCESS.STUDY ABOUT RUN LEVEL REFER THESE LINK
IMPORTANT FILES FOR LINUX BOOT SEQUENCE
BOOT LOADER
/ETC/GRUB/GRUB.CONF
/ETC/LILO.CONF
SYSTEM INSTILLATION IT WILL REFER TO THE THE MOUNT PARTITION TABLE FROM THE /ETC/FSTAB FILE
RUN LEVEL IT WILL REFERS TO THE /ETC/INITTAB FILE
Friday, July 8, 2011
How to Disable or Enable open relay in sendmail
Sendmail 8.9 and above will disallows relaying by default. By default this will allow relaying from localhost only.
You can edit the sendmail access database ( /etc/mail/access) and enable or disable open relay.
Default Configuration:
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
You can use host name or ip address in the access database
youordomain.com RELAY
spam@buyme.com 550 Spammers not allowed
virus@virusdomain.com DISCARD
10.10.10 REJECT
To Reject Mail Form Particular Hoste
Open Relay:
Open Relay servers will be configured to relay all ip range
By adding the *.* entry in /etc/mail/access you can enable relay for all
Now a days most of the mail servers will not allow mails from open relay servers.
To Disable OPEN Relay:
By allowing relay from only your local ip range and localhost, you can disable the open relay.
127.0.0.1 RELAY
192.168.1 RELAY
If your server is configured with smtp auth or POP-before-SMTP, then you can remove all the relay entries (Even local ip range) in the access database.
It is always better to configure your server with smtp auth or POP-before-SMTP . This will be useful for roaming users also.
Also check /etc/mail/relay-domains and remove all the relay domains
In some cases relaying is allowed even though it isn't intended. This is because of the use of FEATURE(relay_entire_domain) which allows relaying for every system in class m. If class m is wrong, then the system may open up relaying for other hosts in that domain. You have to verify this
echo '$=m' | sendmail -bt -d0.4
Sometimes class m is set wrong to be just a TLD (e.g., com). In this case, fix your hostname to be host.sld.tld instead of sld.tld or change $m, or remove FEATURE(relay_entire_domain) and use other means instead
Open Relay Testing Websites:
http://www.abuse.net/relay.html
http://www.mob.net/~ted/tools/relaytester.php3
http://www.checkor.com/
MX Tool
http://www.mxtoolbox.com/
smtp authentication vs. pop before smtp
You can edit the sendmail access database ( /etc/mail/access) and enable or disable open relay.
Default Configuration:
#vim /etc/mail/access
Connect:localhost.localdomain RELAYConnect:localhost RELAY
Connect:127.0.0.1 RELAY
You can use host name or ip address in the access database
youordomain.com RELAY
spam@buyme.com 550 Spammers not allowed
virus@virusdomain.com DISCARD
10.10.10 REJECT
To Reject Mail Form Particular Hoste
rejectserver.com REJECT
10.10.2.2 REJECTOpen Relay:
Open Relay servers will be configured to relay all ip range
By adding the *.* entry in /etc/mail/access you can enable relay for all
*.* RELAY
Also by adding your domain name in the /etc/mail/relay-domains you can enable relay form particular domain server.Now a days most of the mail servers will not allow mails from open relay servers.
To Disable OPEN Relay:
By allowing relay from only your local ip range and localhost, you can disable the open relay.
127.0.0.1 RELAY
192.168.1 RELAY
If your server is configured with smtp auth or POP-before-SMTP, then you can remove all the relay entries (Even local ip range) in the access database.
It is always better to configure your server with smtp auth or POP-before-SMTP . This will be useful for roaming users also.
Also check /etc/mail/relay-domains and remove all the relay domains
In some cases relaying is allowed even though it isn't intended. This is because of the use of FEATURE(relay_entire_domain) which allows relaying for every system in class m. If class m is wrong, then the system may open up relaying for other hosts in that domain. You have to verify this
echo '$=m' | sendmail -bt -d0.4
Sometimes class m is set wrong to be just a TLD (e.g., com). In this case, fix your hostname to be host.sld.tld instead of sld.tld or change $m, or remove FEATURE(relay_entire_domain) and use other means instead
Open Relay Testing Websites:
http://www.abuse.net/relay.html
http://www.mob.net/~ted/tools/relaytester.php3
http://www.checkor.com/
MX Tool
http://www.mxtoolbox.com/
smtp authentication vs. pop before smtp
Sendmail configuration file location in linux
Sendmail Configuration files are saved in /etc/mail directory by default.
/etc/mail/access - sendmail access database file
/etc/mail/aliases - Mailbox aliases
/etc/mail/local-host-names- Lists of hosts sendmail accepts mail for
/etc/mail/mailer.conf - Mailer program configuration
/etc/mail/mailertable - Mailer delivery table
/etc/mail/sendmail.cf - sendmail master configuration file
/etc/mail/virtusertable - Virtual users and domain tables
/etc/mail/access - sendmail access database file
/etc/mail/aliases - Mailbox aliases
/etc/mail/local-host-names- Lists of hosts sendmail accepts mail for
/etc/mail/mailer.conf - Mailer program configuration
/etc/mail/mailertable - Mailer delivery table
/etc/mail/sendmail.cf - sendmail master configuration file
/etc/mail/virtusertable - Virtual users and domain tables
Open Source Migration
Here I have listed out the Open Source products which are replacing the commercial products
1) Mail Server
Linux Sendmail with cyrus-imap is the good opensource replace for other commercial mailing solutions like Microsoft Exchange , Lotus Notes etc. We can integrate MailScanner and Clam-AV with Sendmail.
2) Web Server
Apache web server can be used as a Replace for Microsoft IIS
3) Active Directory
Fedora DS Replace Microsoft AD
4) Proxy Server
Squid Proxy server is one of the best proxy server. Squid can be configured with lots of Access controls. Content filter, Upload & Download Limit, User Base access, time based access, block list, are the key features.
5) UTM
Untangle , pfsense
6) Database
Mysql,
7) FTP Server
vsftpd
8) Network Monitoring Tools
Cacti, zabbix,
9) Asset Management
GLPI
10) Bug Tracking
Bugzilla
11) Web Mail
Ilohamail, roundcube
12) Other Open source Web based Applications
1) Mail Server
Linux Sendmail with cyrus-imap is the good opensource replace for other commercial mailing solutions like Microsoft Exchange , Lotus Notes etc. We can integrate MailScanner and Clam-AV with Sendmail.
2) Web Server
Apache web server can be used as a Replace for Microsoft IIS
3) Active Directory
Fedora DS Replace Microsoft AD
4) Proxy Server
Squid Proxy server is one of the best proxy server. Squid can be configured with lots of Access controls. Content filter, Upload & Download Limit, User Base access, time based access, block list, are the key features.
5) UTM
Untangle , pfsense
6) Database
Mysql,
7) FTP Server
vsftpd
8) Network Monitoring Tools
Cacti, zabbix,
9) Asset Management
GLPI
10) Bug Tracking
Bugzilla
11) Web Mail
Ilohamail, roundcube
12) Other Open source Web based Applications
Mysqld error while starting
After upgrading my fedora11 to fedora 12, mysqld server stopped working and I gets the following error at start up
100702 14:52:37 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended
100702 14:53:28 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
100702 14:53:28 [Note] Plugin 'ndbcluster' is disabled.
/usr/libexec/mysqld: Table 'mysql.plugin' doesn't exist
100702 14:53:28 [ERROR] Can't open the mysql.plugin table. Please run mysql_upgrade to create it.
100702 14:53:29 InnoDB: Started; log sequence number 0 44233
100702 14:53:29 [ERROR] /usr/libexec/mysqld: unknown option '--skip-bdb'
100702 14:53:29 [ERROR] Aborting
Fix:
After removing the following config entries I was able to start mysqld
and run mysql_upgrade.
#skip-innodb
#skip-bdb
#skip-federated
So I commented out:
#skip-locking
#skip-innodb
#skip-bdb
Now i started MySQL
#service mysqld start
Starting MySQL: [ OK ]
Then I run mysql_upgrade
#mysql_upgrade -uroot -p
#service mysqld restart
And now everything is working fine
100702 14:52:37 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended
100702 14:53:28 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
100702 14:53:28 [Note] Plugin 'ndbcluster' is disabled.
/usr/libexec/mysqld: Table 'mysql.plugin' doesn't exist
100702 14:53:28 [ERROR] Can't open the mysql.plugin table. Please run mysql_upgrade to create it.
100702 14:53:29 InnoDB: Started; log sequence number 0 44233
100702 14:53:29 [ERROR] /usr/libexec/mysqld: unknown option '--skip-bdb'
100702 14:53:29 [ERROR] Aborting
Fix:
After removing the following config entries I was able to start mysqld
and run mysql_upgrade.
#skip-innodb
#skip-bdb
#skip-federated
So I commented out:
#skip-locking
#skip-innodb
#skip-bdb
Now i started MySQL
#service mysqld start
Starting MySQL: [ OK ]
Then I run mysql_upgrade
#mysql_upgrade -uroot -p
#service mysqld restart
And now everything is working fine
How To Install Mysql On Linux
There are multiple ways to install mysql on Linux machine
Installing through Yum:
If your server is on internet and yum repository is enabled, then you can install directly by runing the below command on linux console.
Installing from RPM:
Download the latest mysql-server rpm from rpm.pbone.net
You may need to download and install the dependency packages (mysql-libs, mysql, perl-DBD-MySQL, perl-DBD )before installing mysql-server
Transfer the downloaded file to the server using winscp or some other file transfer method
Initial Configurations:
After installing the mysql using one of the above method, you can start mysql with the default my.cnf settings
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
/usr/bin/mysqladmin -u root password 'new-password'
Alternatively you can run:
/usr/bin/mysql_secure_installation
Default my.cnf file
[ndb_mgm]
# connection string for MySQL Cluster management tool
connect-string="host=localhost:1186"
How to Set mysql root password:
By default there will be no password set for mysql admin (root). Now you can set root password using the below command
#/usr/bin/mysqladmin -u root password 'new-password'
#mysqladmin -u root password mysqlpasswd
Now you can login to mysql server using the below commands
#mysql -u root -p
Installing through Yum:
If your server is on internet and yum repository is enabled, then you can install directly by runing the below command on linux console.
#yum install -y mysql-server
Installing:
mysql-server x86_64 5.1.47-2.fc12
Installing for dependencies:
perl-DBD-MySQL x86_64 4.016-1.fc12
perl-DBI x86_64 1.609-3.fc12
Updating for dependencies:
mysql x86_64 5.1.47-2.fc12
mysql-libs x86_64 5.1.47-2.fc12Installing from RPM:
Download the latest mysql-server rpm from rpm.pbone.net
You may need to download and install the dependency packages (mysql-libs, mysql, perl-DBD-MySQL, perl-DBD )before installing mysql-server
Transfer the downloaded file to the server using winscp or some other file transfer method
#rpm -ivh mysql-libs* mysql* perl-DBD-MySQL* perl-DBD*
#rpm -ivh mysql-server*
Initial Configurations:
After installing the mysql using one of the above method, you can start mysql with the default my.cnf settings
#service mysqld start
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
/usr/bin/mysqladmin -u root password 'new-password'
Alternatively you can run:
/usr/bin/mysql_secure_installation
Default my.cnf file
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
# Disabling symbolic-links is recommended to prevent assorted security risks;
# to do so, uncomment this line:
# symbolic-links=0
# To allow mysqld to connect to a MySQL Cluster management daemon, uncomment
# these lines and adjust the connectstring as needed.
#ndbcluster
#ndb-connectstring="nodeid=4;host=localhost:1186"
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[ndbd]
# If you are running a MySQL Cluster storage daemon (ndbd) on this machine,
# adjust its connection to the management daemon here.
# Note: ndbd init script requires this to include nodeid!
connect-string="nodeid=2;host=localhost:1186"
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
# Disabling symbolic-links is recommended to prevent assorted security risks;
# to do so, uncomment this line:
# symbolic-links=0
# To allow mysqld to connect to a MySQL Cluster management daemon, uncomment
# these lines and adjust the connectstring as needed.
#ndbcluster
#ndb-connectstring="nodeid=4;host=localhost:1186"
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[ndbd]
# If you are running a MySQL Cluster storage daemon (ndbd) on this machine,
# adjust its connection to the management daemon here.
# Note: ndbd init script requires this to include nodeid!
connect-string="nodeid=2;host=localhost:1186"
[ndb_mgm]
# connection string for MySQL Cluster management tool
connect-string="host=localhost:1186"
How to Set mysql root password:
By default there will be no password set for mysql admin (root). Now you can set root password using the below command
#/usr/bin/mysqladmin -u root password 'new-password'
#mysqladmin -u root password mysqlpasswd
Now you can login to mysql server using the below commands
#mysql -u root -p
Subscribe to:
Posts (Atom)