Monday, March 31, 2008

Showing Spam and Virus graph with qmailmrtg

Maybe some of you already use qmailmrtg to view your mail server statistics, such as spam, virus, queue, etc. But there must be some problem with displaying spam and virus graph.

This is happens because qmailmrtg7 only support multilog log files. To accomodate it, we need to change our spamd and clamav behaviour.

For spamd:
1. Add spamd directory
mkdir -p /var/qmail/supervise/spamd/log

2. Create spamd run files
cd /var/qmail/supervise/spamd
vi run

3. Add the following lines
#!/bin/sh
LANG=en_US; export LANG
exec 2>&1
exec spamd -x -u spamd -H /home/spamd -s /dev/stderr

4. Create log run files and folder
cd /var/qmail/supervise/spamd/log
mkdir -p /var/log/qmail/spamd
vi run

5. Add the following lines
#!/bin/sh
exec multilog t n20 s1048576 /var/log/qmail/spamd

6. Change the file permission
chmod 755 /var/qmail/supervise/spamd/run
chmod 755 /var/qmail/supervise/spamd/log/run

7. Stop spamd and create sym link to /service
/etc/init.d/spamassassin stop
chkconfig --level 3 spamassassin off
ln -s /var/qmail/supervise/spamd/ /service

By adding that line will automatically start spamd service

For Clamav:
Create the clamav directory.
#mkdir -p /usr/local/clamav/bin

Now create a startup/shutdown script for clamd. Copy and paste the script
shown below. This script was written by Jesse D. Guardiani.

#vi /usr/local/clamav/bin/clamdctl

#!/bin/sh

# For Red Hat chkconfig
# chkconfig: - 80 30
# description: the ClamAV clamd daemon

PATH=/usr/local/clamav/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin
export PATH

case "$1" in
start)
echo "Starting clamd"
if svok /service/clamd ; then
svc -u /service/clamd
else
echo clamd supervise not running
fi
if [ -d /var/lock/subsys ]; then
touch /var/lock/subsys/clamd
fi
;;
stop)
echo "Stopping clamd..."
echo " clamd"
svc -d /service/clamd
if [ -f /var/lock/subsys/clamd ]; then
rm /var/lock/subsys/clamd
fi
;;
stat)
svstat /service/clamd
svstat /service/clamd/log
;;
restart)
echo "Restarting clamd:"
echo "* Stopping clamd."
svc -d /service/clamd
echo "* Sending clamd SIGTERM and restarting."
svc -t /service/clamd
echo "* Restarting clamd."
svc -u /service/clamd
;;
hup)
echo "Sending HUP signal to clamd."
svc -h /service/clamd
;;
help)
cat <
stop -- stops clamd service (smtp connections refused, nothing goes out)
start -- starts clamd service (smtp connection accepted, mail can go out)
stat -- displays status of clamd service
restart -- stops and restarts the clamd service
hup -- same as reload
HELP
;;
*)
echo "Usage: $0 {start|stop|stat|restart|hup|help}"
exit 1
;;
esac

exit 0




Make clamdctl an executable and link to path:
#chmod 755 /usr/local/clamav/bin/clamdctl
#chown clamav /usr/local/clamav/bin/clamdctl
#ln -s /usr/local/clamav/bin/clamdctl /usr/local/bin

Create the supervise directories for the clamd service:
#mkdir -p /usr/local/clamav/supervise/clamd/log

Now you must create the /usr/local/clamav/supervise/clamd/run file, or just
copy and paste the script shown below. This script was also created by Jesse
D. Guardiani:
vi /usr/local/clamav/supervise/clamd/run

#!/bin/sh
#
# --------------------------------------------------
# run
#
# Purpose - Start the clamd daemon/service.
#
# Author - Jesse D. Guardiani
# Created - 09/10/03
# Modified - 09/25/03
# --------------------------------------------------
# This script is designed to be run under DJB's
# daemontools package.
#
# ChangeLog
# ---------
#
# 09/25/03 - JDG
# --------------
# - Changed clamd user to qscand in compliance with
# the change to qmail-scanner-1.20rc3
#
# 09/10/03 - JDG
# --------------
# - Created
# --------------------------------------------------
# Copyright (C) 2003 WingNET Internet Services
# Contact: Jesse D. Guardiani (jesse at wingnet dot net)
# --------------------------------------------------

lockfile="/tmp/clamd" # Location of clamd lock file
path_to_clamd="/usr/local/sbin/clamd"
# Location of the clamd binary
BAD_EXIT_CODE=1 # The exit code we use to announce that something bad has happened

# The following pipeline is designed to return the pid of each
# clamd process currently running.
get_clam_pids_pipeline=`ps -ax | grep -E "${path_to_clamd}\$" | grep -v grep | awk '{print $1}'`


# --------------------------------------------------
# Generic helper functions
# --------------------------------------------------

# Basic return code error message function
die_rcode() {
EXIT_CODE=$1
ERROR_MSG=$2

if [ $EXIT_CODE -ne '0' ]; then
echo "$ERROR_MSG" 1>&2
echo "Exiting!" 1>&2
exit "$BAD_EXIT_CODE"
fi
}


# --------------------------------------------------
# Main
# --------------------------------------------------

ps_clamd=""
ps_clamd="$get_clam_pids_pipeline"

if [ -n "$ps_clamd" ]; then
pid_count="0"
for pid in $ps_clamd
do
pid_count=`expr $pid_count + 1`
done

die_rcode $BAD_EXIT_CODE "Error: $pid_count clamd process(es) already running!"

fi

if [ -e "$lockfile" ]; then
rm "$lockfile"
exit_code="$?"
die_rcode $exit_code "Error: 'rm $lockfile' call failed."
fi

exec /usr/local/bin/setuidgid qscand $path_to_clamd

# --
# END /usr/local/clamav/supervise/clamd/run file.
# --

Create the /usr/local/clamav/supervise/clamd/log/run file:

#vi /usr/local/clamav/supervise/clamd/log/run

#!/bin/sh
exec /usr/local/bin/setuidgid qscand /usr/local/bin/multilog t /var/log/clamd


Make the run files executable:
#chmod 755 /usr/local/clamav/supervise/clamd/run
#chmod 755 /usr/local/clamav/supervise/clamd/log/run

Now set up the log directories:
#mkdir -p /var/log/clamd
chown qscand /var/log/clamd

Finally, link the supervise directory into /service:
#ln -s /usr/local/clamav/supervise/clamd /service

* Note: The clamd script will start automatically shortly after these links
are created. If you don't want it running, do the following:
#clamdctl stop

To start clamd backup, do the following
#clamdctl start

Reference: http://tldp.org/HOWTO/text/Qmail-ClamAV-HOWTO
Posted by at No comments:

Wednesday, March 19, 2008

Killing Oracle Session

We can kill user session using 3

1. The SQL Plus approach
SELECT s.sid,
      s.serial#,
      s.osuser,
      s.program
FROM   v$session s;

      SID    SERIAL# OSUSER                         PROGRAM
---------- ---------- ------------------------------ ---------------
        1          1 SYSTEM                         ORACLE.EXE
        2          1 SYSTEM                         ORACLE.EXE
        3          1 SYSTEM                         ORACLE.EXE
        4          1 SYSTEM                         ORACLE.EXE
        5          1 SYSTEM                         ORACLE.EXE
        6          1 SYSTEM                         ORACLE.EXE
       20         60 SYSTEM                         DBSNMP.EXE
       43      11215 USER1                          SQLPLUSW.EXE
       33       5337 USER2                          SQLPLUSW.EXE

SQL> ALTER SYSTEM KILL SESSION 'sid,serial#';

or

SQL> ALTER SYSTEM KILL SESSION 'sid,serial#' IMMEDIATE;

2. Using Windows NT Approach

SELECT s.sid,
      p.spid,
      s.osuser,
      s.program
FROM   v$process p,
      v$session s
WHERE  p.addr = s.paddr;

      SID SPID      OSUSER                         PROGRAM
---------- --------- ------------------------------ ---------------
        1 310       SYSTEM                         ORACLE.EXE
        2 300       SYSTEM                         ORACLE.EXE
        3 309       SYSTEM                         ORACLE.EXE
        4 299       SYSTEM                         ORACLE.EXE
        5 302       SYSTEM                         ORACLE.EXE
        6 350       SYSTEM                         ORACLE.EXE
       20 412       SYSTEM                         DBSNMP.EXE
       43 410       USER1                          SQLPLUSW.EXE

C:> orakill ORACLE_SID spid

3. Using Linux/Unix Approach

SELECT s.sid,
      p.spid,
      s.osuser,
      s.program
FROM   v$process p,
      v$session s
WHERE  p.addr = s.paddr;

      SID SPID      OSUSER                         PROGRAM
---------- --------- ------------------------------ ---------------
        1 310       SYSTEM                         ORACLE.EXE
        2 300       SYSTEM                         ORACLE.EXE
        3 309       SYSTEM                         ORACLE.EXE
        4 299       SYSTEM                         ORACLE.EXE
        5 302       SYSTEM                         ORACLE.EXE
        6 350       SYSTEM                         ORACLE.EXE
       20 412       SYSTEM                         DBSNMP.EXE
       43 410       USER1                          SQLPLUSW.EXE

# kill -9 spid
make sure it's worked out with this command
ps -ef | grep ora
       33 364       USER2                          SQLPLUSW.EXE
       33 364       USER2                          SQLPLUSW.EXE
That's all needed steps
Posted by at No comments:

Tuesday, March 11, 2008

Default Homepage Settings on Internet Explorer

You can set a registry entry to lock your IE homepage.

1. Go to:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel

2. Create an DWORD entry of Homepage with a value of 1

That should lock it up for you (depending on your OS - though it works for Win2K)

You can also create a new Key under
1. HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restriction

2. Then under HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\Restrictions, create a DWORD value called "NoBrowserOptions" with a value of 1.

That will disallow opening IE options from within IE. (You'll have to go to the Control Panel to set IE options after that.)
Posted by at No comments:

Thursday, March 6, 2008

Iptables as Linux main Firewall

Some of us maybe already familiar with this tools (iptables) as a firewall machine. Here is post iptables script that I always used on my server.

I always set the default policy to Drop any packet, and then allow any port that i'm using.

Here is the example of iptables script on my oracle database (using port 8550)


#/bin/bash

iptables -Z
iptables -F -t filter
iptables -F -t nat
iptables -F -t mangle

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

#Allowing ICMP (ping) for testing reason
iptables -A INPUT -s 0/0 -d 0/0 -p icmp -j ACCEPT

#For Localhost
iptables -A INPUT -s 127.0.0.1 -d 0/0 -j ACCEPT

#For Oracle DB
iptables -A INPUT -s 2.2.2.1 -d 2.2.2.2 -p tcp --dport 8550 -j ACCEPT

#For any established or related (fto) connection
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

You can change those script as you needed.
Posted by at No comments:

Update Clamav Antivirus on Fedora Core 3

Here is some steps to update your clamav Antivirus instalation, you can download the latest clamav engine from official site (www.clamav.net)

1. Stop service freshclam dan clamd
#service clamd stop
#service freshclam stop

2. Remove any library used in previous clamav instalation
#rm -f /usr/local/lib/*clam*

3. Install clamav intself, usually i'm using tar ball package and install it on default location. But i've already customize my clamav init script (/etc/init.d/clamd)
#./configure
#make
#make isntall

4. For user using qmail-scanner, follow this step
#setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z or
#setuidgid qscand /var/qmail/bin/qmail-scanner-queue -z

5. For those who is using simscan, follow this step
#/var/qmail/bin/simscanmk
#/var/qmail/bin/simscanmk -g

6. Start clamd and freshclam service again
#service clamd start
#service freshclam start

It's all done, your system is now using the latest clamav core engine
Posted by at No comments:

Monday, March 3, 2008

Linux Dial in Server Setup

Here is tutorial for build a dial in server with Linux machine:
1. Build you network plan configuration
[dial in server : 192.169.169.1]<-- PSTN Tel Line-->[Client 192.169.169.2]

2. Create an account to in dial in server
Host : 192.169.169.1
Account : dialin
Password/Secret : dialin

3. Setup dial in server as a gateway
[root@server]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@server]# ipchains -A forward -j MASQ

4. Plug in you modem in your dial in server

5. Prepare some need package on server
[root@server]# rpm -qa | grep pppd
[root@server]# rpm -qa | grep mgetty

6. Edit /etc/inittab , add these line (ttyS1 for com1 port):
[root@server]# vi /etc/inittab
##------------------
s1:2345:respawn:/sbin/mgetty ttyS1
##------------------

7. Edit /etc/ppp/options, and add these line
[root@server]# vi /etc/ppp/options
##------------------
auth -chap +pap login modem crtscts debug proxyarp lock
ms-dns 192.169.169.1
##------------------


8. Edit /etc/ppp/options.ttyS1
[root@server]# vi /etc/ppp/options.ttyS1
##------------------
##server:host
192.169.169.1:192.169.169.2
##------------------

9. Edit /etc/mgetty+sendfax/login.config and add these line :

[root@server]# vi /etc/mgetty+sendfax/login.config
##------------------
/AutoPPP/ - a_ppp /usr/sbin/pppd
##------------------


10. edit /etc/ppp/pap-secrets :

[root@server]# vi /etc/ppp/pap-secrets
##------------------
# Secrets for authentication using PAP
# client server secret IP addresses
dialin * dialin 192.169.169.2
##------------------

11. Tell init about the changes
init q

12. You are ready to dial in
Posted by at No comments:
Subscribe to: Posts (Atom)