Shorewall logcheck pattern
A logcheck ignore pattern to filter out shorewall REJECT and DROP entries (net is defined as eth0). /etc/logwatch/ignore.d.server/shorewall:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? Shorewall:net2([a-z0-9]*):(REJECT|DROP)
Test if the regex works for your config:
sed -e 's/[[:space:]]*$//' /var/log/syslog | egrep '^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? Shorewall:net2([a-z0-9]*):(REJECT|DROP)'
/dev/pts errors on newly created Xen DomUs (Debian Lenny)
Today was the first time I had to create a new DomU after upgrading my Xen setup to Debian Lenny. When I booted the VM and logged in via xm console I got some strange errors when installing packages:
Can not write log, openpty() failed (/dev/pts not mounted?)
Additionally, after setting up SSH, I got the following error when logging in with SSH:
Server refused to allocate pty
Solution: install udev, reboot the VM and you’re good to go.
Repack a .deb-archive with dpkg-deb
I just needed to repack a Debian package to solve this problem. After a quick spin to #debian I got this solution:
$ mkdir -p extract/DEBIAN $ dpkg-deb -x package.deb extract/ $ dpkg-deb -e package.deb extract/DEBIAN [...do something, e.g. edit the control file...] $ mkdir build $ dpkg-deb -b extract/ build/
- -x extracts the package contents
- -e extracts the control files
- -b builds the new package
Done.
Upgrade from Debian Etch/Xen 3.0 to Debian Lenny/Xen 3.2 (AMD64)
I was running a Xen server with Debian Etch as dom0 (Linux 2.6.18-6 with Xen 3.0.3-1 on AMD64) for some time now. Today, I decided to upgrade the dom0 to Debian Lenny (Linux 2.6.26-2 with Xen 3.2.1-2). The domUs are all running a Debian-based OS (3x Lenny, 1x Ubuntu Hardy). The upgrade was quite straightforward, however there were some pitfalls you can avoid in advance.
Set up symfony 1.2 on Debian/Ubuntu
Just wanted to give symfony a try and ran into some issues to set it up the way I wanted. Therefore I’d like to note the required steps.
First, install symfony via PEAR.
pear channel-discover pear.symfony-project.com pear install symfony/symfony-1.2.4
This sould install symfony and make the symfony executable available in your PATH.
~$ symfony -V symfony version 1.2.4 (/usr/share/php/symfony)
Create a directory for your vhost and create a new project.
mkdir /var/www/myproject cd /var/www/myproject symfony generate:project myproject
Create an example application in your project.
symfony generate:app frontend
Link the symfony resources to the project’s document root.
cd web ln -s /usr/share/php/data/symfony/web/sf/
This should get you up and running with symfony. You just need to configure your server for the vhost. For personal preference, I’d like to have my document root directory named public instead of web. The following steps are needed to achive this.
Rename the document root directory.
mv web public
Add this line to config/ProjectConfiguration.class.php:
<?php public function setup() { $this->setWebDir($this->getRootDir() . '/public'); // for compatibility / remove and enable only the plugins you want $this->enableAllPluginsExcept(array('sfDoctrinePlugin', 'sfCompat10Plugin')$ }
Debian logcheck ignore file for sSMTP
On a server, I use logcheck to get an email based on logfile analysis if anything goes wrong and doesn’t fit the usual patterns. In addition, I use sSMTP to forward all sent mails to my mailserver. Unfortunately, this solution ends up in sending a mail like the following every hour because of a bug in logcheck’s ignorefile for sSMTP.
Dec 12 22:02:06 hostname sSMTP[22391]: Sent mail for logcheck@hostname (221 2.0.0 Bye) uid=101 username=logcheck outbytes=639
To fix this, I replaced the contents of the file /etc/logcheck/ignore.d.server/ssmtp with the following lines:
^w{3} [0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2} [a-zA-Z0-9]+ sSMTP[[0-9]+]: Sent mail for logcheck@.*$
^w{3} [0-9] [0-9]{2}:[0-9]{2}:[0-9]{2} [a-zA-Z0-9]+ sSMTP[[0-9]+]: Sent mail for logcheck@.*$
I removed the other lines, because sSMTP shouldn’t do anything else on the system and if it would, I’d like to be informed. If you need more ignore patterns you might have to keep/edit some of the original lines.
Debootstrap a Ubuntu Hardy DomU on a Debian Etch Xen Dom0
Lately, I wanted set up a Ubuntu Hardy DomU on an existing Debian Etch Dom0 box. Usually, setting up Debian-based DomUs is very simple with xen-create-image and debootstrap (there are tons of tutorials out there dealing with this topic), but unfortunately Etch’s version of debootstrap doesn’t support Ubuntu Hardy. I spent a surprisingly long time on searching the net until I found a solution for this problem on a french site: Installer et configurer Xen sur Debian 4.0 Etch (it’s a complete howto for Xen on Debian Etch, but it deals with the Hardy part too). The author created a backport of the debootstrap package, which enables you to debootstrap Hardy.
First, you have to create the hardy.d directory (symlink) for xen-tools.
$ cd /usr/lib/xen-tools $ ln -s ubuntu.d hardy.d
There’s a debian repository holding the backport package, however I got problems to use that repository on an amd64 box, so I downloaded and installed the package manually.
$ wget http://falcon.landure.fr/pool/etch/debootstrap/debootstrap_1.0.10_all.deb $ dpkg -i debootstrap_1.0.10_all.deb
Now you should be able to debootstrap a Hardy DomU.
$ xen-create-image --hostname=hardy --ip=xxx.xxx.xxx.xxx --size=5Gb --memory=256Mb --dist=hardy --mirror=http://archive.ubuntu.com/ubuntu/
Install git 1.6 from source on debian etch
aptitude install build-essential gettext wget http://kernel.org/pub/software/scm/git/git-1.6.0.1.tar.gz tar xvzf git-1.6.0.1.tar.gz cd git-1.6.0.1 ./configure make make install
Fetchmail and Sieve with Virtual Mail on Debian Etch
Update: This post is quite old and does not work out of the box with the current ISPMail tutorials. I posted an update here.
When it comes to mail servers, I really like the setup Christoph Haas describes in his Document Howto: ISP-style Email Server with Debian-Etch and Postfix 2.3. One thing I was missing on a server was the ability to automatically generate config files for fetchmail and sieve from the database in order to get mail from other servers and being able to apply server side filters on incoming mail. This howto is based on the mentioned tutorial.
The additional setup is quite simple: 2 more database tables hold the data for fetchmail and sieve rules and a set of PHP scripts called by cron every few minutes fetches the data and writes it into the appropriate config files. For fetchmail, a script creates a .fetchmailrc file in /home/vmail/. For sieve, another script creates a .dovecot.sieve config file for every user who got sieve rules in the database.
