How to Backup a Windows Server Domain Controller

] How to Backup Windows Server Domain Controller    The domain controller role is central to an Active Directory-based network. Learn how to protect your Windows Server 2016 domain controllers by using first-party backup tools. In the Microsoft technology stack, the domain controller provides core identity services to your business network. As such, the loss of a domain controller can create a denial of service (DoS) and bring your network services to a grinding halt. I've identified three ways you can back up the System State of a Windows Server 2016 domain controller. The good news here is that the process hasn't changed from Windows Server 2012 R2. What is the System State? Windows Server computers (physical or virtual) have a data collection method called the System State that can be backed up specifically by a systems administrator. Depending on the server's infrastructure role, different data may comprise that machine's System State. The System State consists of the following files: Active Directory database (domain controllers) Sysvol shared folder (domain controllers) Certificate Services database (certification authorities) Cluster database (failover cluster nodes) Boot files, system files, and files covered by Windows File Protection Windows Registry Performance Monitor counter configuration data Component Services class registration database Note: the following methods are presented in no particular order. Method #1: Windows PowerShell Open up an elevated Windows PowerShell prompt on your server and run the following command to install the Windows Backup cmdlets: Install-WindowsFeature -Name Windows-Server-Backup -IncludeAllSubfeature -IncludeManagementTools This process won't require a restart. You can enumerate all the backup commands like so: Get-Command -Module WindowsServerBackup The following script will create a System State backup of the local server and save the backup to my F: data volume. You'll notice that I've commented on every line so you can easily see what's going on. NOTE: Here, I focus only on backing up the System State. You can perform other file system (or even system image) backups on your servers. You can also make use of such tools as Task Scheduler or AT.EXE to schedule your backups.   #create the backup policy $policy = New-WBPolicy #back up the System State Add-WBSystemState -Policy $policy #declare the backup location as my F: volume $target = New-WBBackupTarget -VolumePath "F:" #add the backup location to the policy Add-WBBackupTarget -Policy $policy -Target $target #start the backup Start-WBBackup -Policy $policy     Method #2: Windows Backup If you're not a PowerShell fan, then you may want to use the graphical backup utility that has shipped with Windows Server since the very beginning. Follow the procedure in the previous section (no escaping PowerShell completely, I'm afraid) to install the Windows Backup feature. You can then start the Windows Server Backup Microsoft Management Console, as shown in Figure 1. Figure 1. The Windows Server Backup console. Select Local Backup from the Console pane, and then in the Actions pane, click Backup Once to start the Backup Once Wizard. You'll complete the following steps: Choose the Custom backup option Select the System State to back up (shown in Figure 2) Decide whether you're backing up to a local or remote volume Figure 2. Backing up System State in Windows Server Backup. Method #3: Microsoft Azure This procedure will work only if you have an Azure subscription. If so, the first thing you need to do is to log into the Azure Portal (portal.azure.com) and create a Recovery Services vault. Second, you create a Backup object inside your vault, as shown in Figure 3. Figure 3. Creating a Backup object in Microsoft Azure. After specifying to Azure that you want to back up the System State of an on-premises virtual machine, you'll be prompted to download and install the Microsoft Azure Backup agent. The bad news is that this "agent" is actually a full-fledged server, based on Microsoft Data Protection Manager (DPM), whose download comprises 3.2 gigabytes and which requires an SQL Server instance for installation. Final Thoughts After you get the Azure Backup Server installed, you'll need to register your Windows Server 2016 domain controller with your Azure vault. Finally, you'll use the Azure Backup Server user interface to send your System State backups to the Azure cloud.

By | Aug 2

How to Install ClamAV on CentOS 7

How to Install ClamAV on CentOS 7 About ClamAV ClamAV is free open-source antivirus software that is used often and across several platforms. In this tutorial, we are going to teach you how to install ClamAV on CentOS 7. Prerequisites For this tutorial you are going to need: SSH root access to the VPS. Step 1 — Installing ClamAV on CentOS 7 Since Clam does not come with default CentOS software reports, you need to add the additional repository by running yum. yum -y install epel-release yum clean all Now install Clam on CentOS. Simply execute the command below. yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd You have now installed antivirus software on your server. Step 2 — Configuring SELinux SELinux is a security measure whose purpose it is to protect changes to certain files. You will need to perform futher configuration if you would like to use ClamAV with enabled SELinux kernel module. Without this, Clam is not able to read a portion of your files. Simply run the commands below. setsebool -P antivirus_can_scan_system 1 setsebool -P clamd_use_jit 1 To confirm these changes, execute the following command. getsebool -a | grep antivirus You should be receiving the output below or similar. antivirus_can_scan_system --> on antivirus_use_jit --> off Once this output is received, ClamAV is ready to use along with SELinux. Step 3 — Configuring ClamAV Before the Clam Configuration can be enabled, you have to remove the Example string from the configuration file. sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf Now, you will have to specify the server type. Open the configuration file with your favorite editor. In our example, we are going to use nano. If it isn’t currently installed, it must be installed with yum. yum install nano -y Open the configuration file. nano /etc/clamd.d/scan.conf Then, look for the following line. #LocalSocket /var/run/clamd.scan/clamd.sock Replace it with the line below. LocalSocket /var/run/clamd.scan/clamd.sock You may now save the changes by pressing on CTRL + X or COMMAND + X (If you are using a MAC). Before finishing you must delete the Example string from ClamAV’s freshclam update engine configuration file. sed -i -e "s/^Example/#Example/" /etc/freshclam.conf Then, execute the virus definition database update. freshclam You should be receiving the output below or similar. ClamAV update process started at Tue Dec 19 09:30:20 2016 main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer) Trying host database.clamav.net (69.163.100.14)... Downloading daily.cvd [100%] daily.cvd updated (version: 22739, sigs: 1100989, f-level: 63, builder: neo) Downloading bytecode-279.cdiff [100%] Downloading bytecode-280.cdiff [100%] Downloading bytecode-281.cdiff [100%] Downloading bytecode-282.cdiff [100%] Downloading bytecode-283.cdiff [100%] bytecode.cld updated (version: 285, sigs: 57, f-level: 63, builder: bbaker) Database updated (5319836 signatures) from database.clamav.net (IP: 168.143.19.95) Finally, start the Clamd service and run it on boot. systemctl start [email protected] systemctl enable [email protected] Conclusion You now have antivirus software on your server, this will help secure it a lot. Feel free to scan your server for malware and viruses. One more thing... Share this tutorial with your hosting administrators and networking experts' friends.

By | Aug 2

How To Mount A Windows NTFS Disk In Linux

How To Mount A Windows NTFS Disk In Linux The New Technology File System (NTFS) is a proprietary file system created by Microsoft and is used extensively in Microsoft’s Windows operating systems.By default, a lot of Linux distributions will not be able to mount NTFS, though it is possible to install a driver which allows us to do this so that we are able to read and write data to an NTFS disk.In the example below, we will attach the VMDK file from a Windows-based virtual machine to a CentOS 7 Linux virtual machine.Once we run ‘fdisk –I’, we can see that the disk is recognized (after a system reboot), but it is not yet mounted for us to access the data. We should be able to see the primary disk for the Linux system /dev/sda, while /dev/sdb is our 1GB NTFS disk, which has the /dev/sdb1 NTFS partition. [[email protected] ~]# fdisk -l Disk /dev/sda: 21.5 GB, 21474836480 bytes, 41943040 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk label type: dos Disk identifier: 0x0004c930 Device Boot Start End Blocks Id System /dev/sda1 * 2048 616447 307200 83 Linux /dev/sda2 616448 4810751 2097152 82 Linux swap / Solaris /dev/sda3 4810752 41943039 18566144 83 Linux Disk /dev/sdb: 1073 MB, 1073741824 bytes, 2097152 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk label type: dos Disk identifier: 0xfc757b2a Device Boot Start End Blocks Id System /dev/sdb1 128 2091135 1045504 7 HPFS/NTFS/exFAT By default, once we attempt to mount the NTFS disk, we will receive the error below: [[email protected] ~]# mkdir /windows [[email protected] ~]# mount /dev/sdb1 /windows/ mount: unknown filesystem type 'ntfs' Install Required Packages If you want to perform the mount, you have to install the NTFS-3G package, which is a Linux NTFS userspace driver. This package will arrive from EPEL if you are using CentOS/RHEL, so if you have not yet configured your system to use the EPEL repository, run the command below: [[email protected] ~]# yum install epel-release -y Now we will be able to install the ntfs-3g package from the EPEL repository. [[email protected] ~]# yum install ntfs-3g -y Otherwise, if you are using Ubuntu/Debian, you will be able to simply run ‘apt-get install ntfs-3g’ straight away. In our Debian 8 installation, it was already available, so we were able to mount NTFS without any issues. Mount The NTFS Disk We can now successfully perform the mount without any errors. [[email protected] ~]# mount /dev/sdb1 /windows/ [[email protected] ~]# blkid /dev/sdb1 /dev/sdb1: LABEL="NTFS" UUID="CA4A1FD94A1FC0DD" TYPE="ntfs" We can confirm that the NTFS disk is seen as mounted by the operating system. [[email protected] ~]# df -h /windows/ Filesystem Size Used Avail Use% Mounted on /dev/sdb1 1021M 11M 1011M 2% /windows At this point, you will be able to read and write data to the mounted NTFS disk. Automatically Mount NTFS We may now create an entry in the /etc/fstab file, so that our NTFS disk will automatically mount on system boot. Below, you’ll see an example of the entry that I have placed in my fstab file. This will mount the disk to the /ntfs directory. /dev/sdb1 /windows ntfs-3g defaults 0 0 After this configuration has been added, the NTFS disk should mount automatically on system boot. Before performing a reboot, it is recommended that you first run the ‘mount –a’ command and confirm that the disk mounts without any issues. If any issues occur during boot, you will be left with a system that does not properly boot, so it’s important to test first. Summary We have seen that it is possible to easily mount an NTFS disk in CentOS 7 Linux once the ntfs-3g package, which provides us with the necessary drivers, has been installed.

By | Aug 6

How to Restore a Deleted File in Linux

 How to Restore a Deleted File in Linux If you have accidentally deleted a file in Linux, no worries; you should be able to restore it, as long as that area of disk has not yet been overwritten. This post will show you how you can easily restore a deleted file in Linux.First, make sure that you are able to search a disk or raw image file to recover files based on their headers, footers, and internal data structures. Install Foremost Foremost is usually available on every distribution of Linux. Mint/Debian/Ubuntu We should be able to install Foremost in Linux Mint, Debian, or Ubuntu by executing the command below: CentOS/RHEL By default, Foremost will not be available in any of the standard CentOS/RHEL repositories, so we are going to be installing it directly from the RPM.This RPM is for el7, while el6 can be found here.Failing these options, you can download the Foremost source here.For instance, we will be using CentOS 7, but after you are done installing Foremost, the rest of the steps will be the same as in any other Linux distribution. Deleting a File Now that Foremost is installed, we will delete a file. It’s worth remembering that Foremost does not have to be installed once the file is removed, it’s just the order that we happen to do things in.In this example, we are going to remove the image.jpg file shown below. file image.jpg image.jpg: JPEG image data, JFIF standard 1.01 md5sum image.jpg f2b6f5c9f3795363cddfd6aae6d1ba0d image.jpg   We are going to use this information later to confirm that the file was successfully restored. Now we are going to remove the file with the rm command. rm -f image.jpg Restore a Deleted File Now, we will be creating a directory to restore our files to. Foremost needs an empty directory for this purpose, so we will create /root/restored/. mkdir /root/restored We should now be ready to run the Foremost command and restore our image file. The –I switch will be used to specify the disk or image file that we would like to search, since –t is used for restoring files of the type specified. Foremost will support a big variation of files; check the foremost man page for the full list. This is needed because Foremost searches the disk based on the headers which the type of file uses. foremost -i /dev/sda3 -t jpg -o /root/restored/ Processing: /dev/sda3 |**************************************************************************************************************************************************************************************|   This should take approximately 2 minutes to finish on an 18gb disk.This is going to find any .jpg files in /dev/sda3 and restore them to the /root/restored directory, as long as the space they are using on the disk has not yet been overwritten by anything else. If we look within our /root/restored directory, we will notice that our image file has successfully been restored. The md5 hash of the file should be the same as it was before we removed it. md5sum /root/restored/jpg/18608472.jpg f2b6f5c9f3795363cddfd6aae6d1ba0d  /root/restored/jpg/18608472.jpg   Since file names will not be stored inside the file itself, it is not possible to restore the file with the original file name; however, the data should still be there. Final Thoughts We installed the Foremost tool on our CentOS 7 machine and used it to restore a deleted file. Using the md5 hash of the file before and after recovery, we can confirm that the exact same file has successfully been recovered.Foremost is a very easy to use tool to perform data carving; we’ve used it before with some success in a number of Capture the Flag (CTF) style challenges.One more thing..Share this tutorial with your hosting administrators and networking experts friends, as it will help them and make my countless hours of work count.Thanks

By | Aug 6

How to Install and integrate Rspamd postfix

Install and integrate Rspamd postfix We are going to go through the installation and configuration of the Rspamd postfix spam filtering system and its integration into our mail server, creating DKIM and DMARC DNS records. Install and integrate Rspamd postfix You may wonder why we have chosen to go with Rspamd and not Spamassassin. Rspamd is written in C, and it is much faster then Spamassassin, which is written in Perl, and also, Rspamd is more actively maintained. Another reason is that Rspamd comes with a DKIM signing module, so we will not have to use other software to sign our outgoing emails.If you are not familiar with Rspamd, you can take a look at their official documentation here.Also, here are a few hand-picked guides that must read next: How to speed up WordPress with Redis Caching Install and configure Dovecot and Postfix Install Redis Redis will be used as a storage and caching system by Rspamd. To install it, just run: sudo apt install redis-server Install Unbound Unbound is a very secure validating, recursive, and caching DNS resolver.The main purpose of installing this service is to reduce the number of external DNS requests. This step is optional and can be skipped. sudo apt install unbound The default settings should be sufficient for most servers.Set unbound as your server’s primary DNS resolver: sudo echo "nameserver 127.0.0.1" >> /etc/resolvconf/resolv.conf.d/head sudo resolvconf -u If you are not using resolvconf, then you need to edit the /etc/resolv.conf file manually. Install Rspamd We will install the latest stable version of Rspamd from its official repository: sudo apt install software-properties-common lsb-release sudo apt install lsb-release wget wget -O- https://rspamd.com/apt-stable/gpg.key | sudo apt-key add - echo "deb http://rspamd.com/apt-stable/ $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/rspamd.list sudo apt update sudo apt install rspamd Configure Rspamd Instead of modifying the stock config files, we will create new files in the /etc/rspamd/local.d/local.d/ directory, which will overwrite the default setting.By default, Rspamd’s normal worker, the worker that scans email messages, listens on all interfaces on port 11333. Create the following file to configure the Rspamd normal worker to listen only to localhost interface: /etc/rspamd/local.d/worker-normal.inc bind_socket = "127.0.0.1:11333"; The proxy worker listens on port 11332 and supports the milter protocol. In order for Postfix to communicate with Rspamd, we need to enable milter mode: /etc/rspamd/local.d/worker-proxy.inc bind_socket = "127.0.0.1:11332"; milter = yes; timeout = 120s; upstream "local" { default = yes; self_scan = yes; } Next, we need to set up a password for the controller worker, which provides access to the Rspamd web interface. To generate an encrypted password, run: rspamadm pw --encrypt -p P4ssvv0rD $2$khz7u8nxgggsfay3qta7ousbnmi1skew$zdat4nsm7nd3ctmiigx9kjyo837hcjodn1bob5jaxt7xpkieoctb Don’t forget to change the password (P4ssvv0rD) to something more secure and paste it into the configuration file: /etc/rspamd/local.d/worker-controller.inc password = "$2$khz7u8nxgggsfay3qta7ousbnmi1skew$zdat4nsm7nd3ctmiigx9kjyo837hcjodn1bob5jaxt7xpkieoctb"; In order to access the web interface, we will later configure Nginx as a reverse proxy to the controller worker web server.We will use Redis as a back-end for Rspamd statistics: /etc/rspamd/local.d/classifier-bayes.conf servers = "127.0.0.1"; backend = "redis"; Set the milter headers: /etc/rspamd/local.d/milter_headers.conf You can find more information about the milter headers here.Finally, restart the Rspamd service: sudo systemctl restart rspamd Configure Nginx In the first part of this series, we created an Nginx server block for the PostfixAdmin instance. Open the configuration file and add the following location directives (the ones highlighted in yellow): /etc/nginx/sites-enabled/mail.linuxize.com.conf ... location /rspamd { proxy_pass http://127.0.0.1:11334/; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } ... Reload the Nginx service for changes to take effect: sudo systemctl reload nginx Head over to https://mail.linuxize.com/rspamd/ and enter the password you previously generated with the rspamadm pw command. You will be presented with the Rspamd web interface. Configure Postfix We need to configure Postfix to use the Rspamd milter. Run the following command to update the Postfix main configuration file: sudo postconf -e "milter_protocol = 6" sudo postconf -e "milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}" sudo postconf -e "milter_default_action = accept" sudo postconf -e "smtpd_milters = inet:127.0.0.1:11332" sudo postconf -e "non_smtpd_milters = inet:127.0.0.1:11332" Restart the Postfix service for changes to take effect: sudo systemctl restart postfix Configure Dovecot We already installed and configured Dovecot in the second part of this series, and now we will install the sieve filtering module and integrate Dovecot with Rspamd. sudo apt install dovecot-sieve dovecot-managesieved Open the following files and edit the lines highlighted in yellow. /etc/dovecot/conf.d/20-lmtp.conf ... protocol lmtp { postmaster_address = [email protected] mail_plugins = $mail_plugins sieve } ... Copy /etc/dovecot/conf.d/20-imap.conf ... protocol imap { ... mail_plugins = $mail_plugins imap_quota imap_sieve ... } ... /etc/dovecot/conf.d/20-managesieve.conf ... service managesieve-login { inet_listener sieve { port = 4190 } ... } ... service managesieve { process_limit = 1024 } ... Copy /etc/dovecot/conf.d/90-sieve.conf plugin { ... # sieve = file:~/sieve;active=~/.dovecot.sieve sieve_plugins = sieve_imapsieve sieve_extprograms sieve_before = /var/vmail/mail/sieve/global/spam-global.sieve sieve = file:/var/vmail/mail/sieve/%d/%n/scripts;active=/var/vmail/mail/sieve/%d/%n/active-script.sieve imapsieve_mailbox1_name = Spam imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_before = file:/var/vmail/mail/sieve/global/report-spam.sieve imapsieve_mailbox2_name = * imapsieve_mailbox2_from = Spam imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_before = file:/var/vmail/mail/sieve/global/report-ham.sieve sieve_pipe_bin_dir = /usr/bin sieve_global_extensions = +vnd.dovecot.pipe .... } Create a directory for our sieve scripts: mkdir -p /var/vmail/mail/sieve/global Create a global sieve filter to move emails marked as spam to the Spam directory: /var/vmail/mail/sieve/global/spam-global.sieve require ["fileinto","mailbox"]; if anyof( header :contains ["X-Spam-Flag"] "YES", header :contains ["X-Spam"] "Yes", header :contains ["Subject"] "*** SPAM ***" ) { fileinto :create "Spam"; stop; } The following two sieve scripts will be triggered whenever you move an email in or out of the Spam directory: /var/vmail/mail/sieve/global/report-spam.sieve require ["vnd.dovecot.pipe", "copy", "imapsieve"]; pipe :copy "rspamc" ["learn_spam"]; /var/vmail/mail/sieve/global/report-ham.sieve require ["vnd.dovecot.pipe", "copy", "imapsieve"]; pipe :copy "rspamc" ["learn_ham"]; Restart the Dovecot service for changes to take effect: sudo systemctl restart dovecot Compile sieve scripts and set the correct permissions: sievec /var/vmail/mail/sieve/global/spam-global.sieve sievec /var/vmail/mail/sieve/global/report-spam.sieve sievec /var/vmail/mail/sieve/global/report-ham.sieve sudo chown -R vmail: /var/vmail/mail/sieve/ Create DKIM keys DomainKeys Identified Mail (DKIM) is an email authentication method which adds a cryptographic signature to outbound message headers. It allows the receiver to verify that an email claiming to originate from a specific domain was indeed authorized by the owner of that domain. The main purpose of this is to prevent forged email messages.We can have different DKIM keys for all our domains and even multiple keys for a single domain, but for the simplicity of this article, we’re going to use a single DKIM key which later can be used for all new domains.Create a new directory to store the DKIM key and generate a new DKIM keypair using the rspamadm utility: mkdir /var/lib/rspamd/dkim/ rspamadm dkim_keygen -b 2048 -s mail -k /var/lib/rspamd/dkim/mail.key > /var/lib/rspamd/dkim/mail.pub In the example above, we are using mail as a DKIM selector.You should now have two new files in the /var/lib/rspamd/dkim/ directory, mail.key which is our private key file, and mail.pub, a file which contains the DKIM public key. We will update our DNS zone records later.Set the correct ownership and permissions: chown -R _rspamd: /var/lib/rspamd/dkim chmod 440 /var/lib/rspamd/dkim/* Now we need to tell Rspamd where to look for the DKIM key, the selector name, and the last line, which will enable DKIM signing for alias sender addresses. To do that, create a new file with the following contents: /etc/rspamd/local.d/dkim_signing.conf selector = "mail"; path = "/var/lib/rspamd/dkim/$selector.key"; allow_username_mismatch = true; ARC Rspamd also supports signing for Authenticated Received Chain (ARC) signatures. You can find more information about the ARC specification here. Rspamd uses the DKIM module for dealing with ARC signatures, so we can simply copy the previous configuration: cp /etc/rspamd/local.d/dkim_signing.conf /etc/rspamd/local.d/arc.conf Restart the Rspamd service for changes to take effect. sudo systemctl restart rspamd DNS settings We already created a DKIM key pair, and now we need to update our DNS zone. The DKIM public key is stored in the mail.pub file. The content of the file should look like this:   cat /var/lib/rspamd/dkim/mail.pub mail._domainkey IN TXT ( "v=DKIM1; k=rsa; " "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdBRCqYzshc4LmmkxUkCH/rcIpSe/QdNIVmBrgqZmZ5zzWQi7ShdFOH7V32/VM1VRk2pkjDV7tmfbwslsymsfxgGhVHbU0R3803uRfxAiT2mYu1hCc9351YpZF4WnrdoA3BT5juS3YUo5LsDxvZCxISnep8VqVSAZOmt8wFsZKBXiIjWuoI6XnWrzsAfoaeGaVuUZBmi4ZTg0O4yl" "nVlIz11McdZTRe1FlONOzO7ZkQFb7O6ogFepWLsM9tYJ38TFPteqyO3XBjxHzp1AT0UvsPcauDoeHUXgqbxU7udG1t05f6ab5h/Kih+jisgHHF4ZFK3qRtawhWlA9DtS35DlwIDAQAB" ) ; If you are running your own Bind DNS server, you just need to copy and paste the record directly into your domain zone file. If you are using a DNS web interface, then you need to create a new TXT record with mail._domainkey as a name, and for the value/content, you will need to remove the quotes and concatenate all three lines together. In our case, the value/content of the TXT record should look like this: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdBRCqYzshc4LmmkxUkCH/rcIpSe/QdNIVmBrgqZmZ5zzWQi7ShdFOH7V32/VM1VRk2pkjDV7tmfbwslsymsfxgGhVHbU0R3803uRfxAiT2mYu1hCc9351YpZF4WnrdoA3BT5juS3YUo5LsDxvZCxISnep8VqVSAZOmt8wFsZKBXiIjWuoI6XnWrzsAfoaeGaVuUZBmi4ZTg0O4ylnVlIz11McdZTRe1FlONOzO7ZkQFb7O6ogFepWLsM9tYJ38TFPteqyO3XBjxHzp1AT0UvsPcauDoeHUXgqbxU7udG1t05f6ab5h/Kih+jisgHHF4ZFK3qRtawhWlA9DtS35DlwIDAQAB Domain-based Message Authentication (DMARC) We will also create a Domain-based Message Authentication (DMARC), which is designed to tell the receiving server whether or not to accept an email from a particular sender. Basically, it will protect your domain against direct domain spoofing and improve your domain reputation. If you have followed this series from the beginning, you should already have an SFP record for your domain. To setup a DMARC record, the sending domain needs to have an SPF and DKIM record published. DMARC policy is published as a TXT record and defines how the receiver should treat the mail from your domain when validation fails. In this article, we will implement the following DMARC policy: _dmarc IN TXT "v=DMARC1; p=none; adkim=r; aspf=r;" Let’s break down the above DMARC record: v=DMARC1 - This is the DMARC identifier p=none - This tells the receiver what to do with messages that fail DMARC. In our case, it is set to none, which means take no action if a message fails DMARC. You can also use ‘reject’ or ‘quarantine’. adkim=r and aspf=r - DKIM and SPF alignment, r for Relaxed and s for Strict - in our case, we are using Relaxed Alignment for both DKIM and SPF. Same as before, if you are running your own Bind DNS server, you just need to copy and paste the record into your domain zone file, and if you are using another DNS provider, you need to create a TXT record with _dmarc as a name and v=DMARC1; p=none; adkim=r; aspf=r; as a value/content. It may take a while for the DNS changes to propagate. You can check whether the records have propagated using the dig command: dig mail._domainkey.linuxize.com TXT +short "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdBRCqYzshc4LmmkxUkCH/rcIpSe/QdNIVmBrgqZmZ5zzWQi7ShdFOH7V32/VM1VRk2pkjDV7tmfbwslsymsfxgGhVHbU0R3803uRfxAiT2mYu1hCc9351YpZF4WnrdoA3BT5juS3YUo5LsDxvZCxISnep8VqVSAZOmt8wFsZKBXiIjWuoI6XnWrzsAfoaeGa" "VuUZBmi4ZTg0O4ylnVlIz11McdZTRe1FlONOzO7ZkQFb7O6ogFdepWLsM9tYJ38TFPteqyO3XBjxHzp1AT0UvsPcauDoeHUXgqbxU7udG1t05f6ab5h/Kih+jisgHHF4ZFK3qRtawhWlA9DtS35DlwIDAQAB" dig _dmarc.linuxize.com TXT +short "v=DMARC1; p=none; adkim=r; aspf=r;" You can also inspect your domain’s current DMARC policy or create your own DMARC policy here. Conclusion That’s it for this part of the tutorial. In the next part of this series, we will continue with RoundCube installation and configuration.

By | Aug 6

How to create an SSL Certificate on Apache for CentOS

SSL Certificate on Apache for CentOS About Self-Signed Certificates An SSL certificate is a way to encrypt a site’s information in order to create a more secure connection to your VPS.Additionally, the certificate is able to show the web hosting’s identification information to any site visitor.Certificate Authorities can issue SSL certificates which confirm the virtual server’s details as a self-signed certificate that holds no 3rd party corroboration. Step 1 - Install Mod SSL In order to set up a self-assigned SSL certificate, we will need to ensure that first the Apache and Mod SSL are installed on our VPS. You can install both using one command. yum install mod_ssl Step 2 - Create a New Directory Now, you will have to create a new directory in which you will store the vps server key and certificate. mkdir /etc/httpd/ssl Step 3 - Create a Self-Signed Certificate While you ask for a new certificate, you will specify how long the certificate will remain valid for by changing the ‘365’ to the number of days you wish. This is because the default the certificate will expire after one year. openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt With the command, you are going to be creating both the self-assigned SSL certificate and the vps server key which protects it before putting both of them inside the new directory.The command should prompt a terminal to present a list of fields that have to be filled in. This is the most important line, “Common Name”. Type your official vps server domain name here or, if you don’t have one yet, then use your site’s IP address. into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. You'll have a couple fields but you may leave some blank. For a few fields there will be a default value, If you enter '.', the field will be left blank. -----Country Name (2 letter code) [AU]:USState or Province Name (full name) [Some-State]:New York Locality Name (eg, city) []:NYCOrganization Name (eg, company)[Internet Widgits Pty Ltd]: Awesome IncOrganizational Unit Name (eg, section) []:Dept of MerrimentCommon Name (e.g. server FQDN or YOUR name) []:domain.com Email Address []:[email protected] Step 4 - Set Up the Certificate After you have all of the needed components for the finished certificate, what you need to do next is set up the virtual host to present the new certificate.Open up the SSL config file. vi /etc/httpd/conf.d/ssl.conf Search for the section that starts with ‘<VirtualHost_default_:443>' and then make some quick changes.Now uncomment the ‘DocumentRoot’ and ‘ServerName’ line. Then, replace ‘domain.com' with your own DNS approved vps server domain name or server IP address, it should be the same as the common name on the certificate. ServerName domaincom:443 Look for the following three lines and then ensure they match the extensions shown below. SSLEngine onSSLCertificateFile /etc/httpd/ssl/apache.crtSSLCertificateKeyFile /etc/httpd/ssl/apache.key You are now done. After restarting the Apache server, it will be reloaded along with every change in place. Step 5 - Restart Apache You are now done. After restarting the Apache server it will be reloaded along with every change in place.  /etc/init.d/httpd restart Go over to your web browser and type ‘https://yourdomain.ltd' to see the new certificate.

By | Aug 6

How to Change Permissions and Owners via Command Line

How to Change Permissions and Owners via Command Line Introduction In this tutorial, we will teach you how to change file or folder permissions and owners using a command line on Linux or Unix systems. There are two simple commands that can be used to accomplish this task; they are Chmod and Chown.   Change Permissions and Owners via Command Line For this guide you will require the following:– Access to the command line Step 1 — Changing file and folder permissions via command line Chmod is a command that is used to change the permissions of a file or a folder.Simply put, each file has three types of users who can interact with it: Owner – The user who made and owns the file or directory. Group – Each user who is also a member of the group. Others – Every other user on the system who are neither a member or an owner of the group. The command ‘ls -1’ can be used to view file permissions and owners of a file or folder. For example, ‘1s and -1 file1.txt’ will display: -rwxr–rw- 1 user user 0 Jan 19 12:59 file1.txt ‘-rwxr–rw-‘ - This is the part of the line which shows permissions. There are 4 main letters which you will usually see in this part of the line: r,w,x,d. The letter ‘d’ means that the type of the file is a directory.1 –  This is the number of hard links. A hard link is just an extra name for a file which already exists.User user – This helps you view who the owner and group owner of the file is.0 – This shows how big the file is.Jan 19 12:59 – This is the date of the last edit.File1.txt – This shows the name of the file or folder.Let’s return to the command ‘Chmod’. This command grants us the ability to change the permissions of a file or  folder. We will show you how to do this by simply appending numbers. Each permission type will have its own number: r(read) – 4 w(write) – 2 x(execute) – 1 For example, if we would like to set the permissions of ‘file1.txt’ to those: -rwxr–rw- 1 user user 0 Jan 19 12:59 file1.txt We would have to type the command: chmod 746 file1.txt User Permissions Every number in the command represents a permission for one of the user types, such as the owner, group owner, or others.‘chmod 777 file2.txt’ is a different example, this command will grant every permission for every type of user (owner, group, or other).This is a list of the most common permissions for files:  -rw——- 600 Owner can read and write.  -rw-r–r– 644 Owner can read and write, the group and others can read.  -rw-rw-rw- 666 Owner, group and others can read and write.  -rwx—— 700 Owner can read, write and execute, group and others cannot do anything with the file.  -rwx–x–x 711 Owner can read, write and execute, the group and others can execute.  -rwxr-xr-x 755 Owner can read, write and execute, the group and others can read and execute. rwxrwxrwx 777 Owner, group and others can read, write and execute. The usual permissions for directories: drwx—— 700 Only owner can read and write in this directory. drwxr-xr-x 755 Owner, group and others can read the directory, but only owner can change its contents. There are plenty of ways to change permissions of a file using the chmod command. However, our suggestion is to learn one of them and use it each time; in this situation, the numbering way. Step 2 — Changing file and folder owners via command line Chown is a command that is used to change the owners of a file or a folder. The most basic syntax of the Chown command is this: chown [owner/group owner] [file name] Usually, if we have a file called ‘demo.txt’ and would like to set the owner and group owner of the file to ‘Jerry’ and ‘clients’ respectively, we would use the command below: chown jerry:clients demo.txt As you can see, the owner and group owner are separated using a colon symbol ‘:’. If the goal was to change the owner of the file only, then we would use the command below: chown jerry demo.txt In the command above, we left out the group owner, instead only typing in the new owner of the file; in this way, the group owner will stay unchanged.If we wanted to change the group owner of the file but not the owner, then we would use the command below: chown :clients demo.txt In this case, only the group owner has been changed to ‘clients’, leaving the owner unchanged. Step 3 — Using additional options with chmod and chown commands There’s one way which should work with both commands, it is ‘–R’ in which the R stands for recursive.This option allows you to replace the permissions or owners in the given directory and all other files and folders within that directory. Different options for “chmod” and “chown”: “-f” – Silent, stealthy, and simple. Force is not going to show most error messages. “-v” – Will provide you with a diagnostic of every file which has been affected by the command. “-c” – This is similar to ‘-v’. However, it will only provide information in a case where changes were actually made. Conclusion Using the skills we have taught you in this guide, you will be able to manage your Server or VPS in a more simple manner by changing permissions and owners of files and folders with a command line.

By | Aug 6

Step by step Mongo DB sharded cluster deployment

Step by step Mongo DB sharded cluster deployment   Mongo db shard cluster deployment In this tutorial, we will teach you step by step how to deploy a sharded MongoDB cluster. The Mongo DB version used was 3.2. We will also assume the OS to be Ubuntu. Commands might vary from OS to OS, but the concept should remain the same. Prerequisites Basics of Mongo DB sharding. Architecture http://codingmiles.com/content/images/uploads/2016/02/mongo-db-arch-1024x711.pngIn the diagram above you will be able to learn which architecture we are going to be using while deploying the cluster.The table will explain the servers: **Machine Type** **Components Installed** **Description** **IP Address** **Hostname** App Server 1 Application, Mongos This server will server dual role of app server as well as the mongos server 10.10.10.10 appserver01 App Server 2 Application, Mongos This server will server dual role of app server as well as the mongos server 10.10.10.11 appserver02 Mongo Config 1 Mongo Config Server Used as mongodb config server 10.10.10.12 mongoconfig01 Mongo Config 2 Mongo Config Server Used as mongodb config server 10.10.10.13 mongoconfig02 Mongo Config 3 Mongo Config Server Used as mongodb config server 10.10.10.14 mongoconfig03 Shard 1 Primary Mongo DB Used as primary DB server in shard 1 10.10.10.15 mongosh01db01 Shard 1 Secondary Mongo DB Used as secondary DB server in shard 1 10.10.10.16 mongosh01db02 Shard 1 Secondary Mongo DB Used as secondary DB server in shard 1 10.10.10.17 mongosh01db03 Shard 2 Primary Mongo DB Used as primary DB server in shard 2 10.10.10.18 mongosh02db01 Shard 2 Secondary Mongo DB Used as secondary DB server in shard 2 10.10.10.19 mongosh02db02 Shard 2 Secondary Mongo DB Used as secondary DB server in shard 2     Steps Begin by logging in as the root user to each server or ensure that you have sudo rights. Every command is made without sudo. Make sure to use sudo if you aren’t a root user. Step 1: Configure hostname of each server Configure the hostname of every server as per the above table. You could select another hostname, however, ensure that you use the same hostnames in every step. Update the hostnames in the following spots: /etc/hostname /etc/hosts Step 2: Install mongo DB on all servers To install mongo DB on all 11 servers, use the steps mentioned in the link below: https://docs.mongodb.org/manual/tutorial/install-mongodb-on-ubuntu/ Step 3: Configure Shard 1 replica set Let’s begin by starting up with a replica set of 3 nodes with 1 primary and 2 secondary.We are going to name the replicaSet “rs0”. Step 3.1: Add host entries for members in replica set Modify /etc/hosts and append the entries below: 10.10.10.15 mongosh01db01 10.10.10.16 mongosh01db02 10.10.10.17 mongosh01db03 Step 3.2: Edit configuration file for each node in replica set Modify /etc/mongod.conf and update the following entries:   Add the configuration for replica set **rs0 replication: replSetName: rs0   The overall configuration file should look like the following: storage: dbPath: /var/lib/mongodb journal: enabled: true systemLog: destination: file logAppend: true path: /var/log/mongodb/mongod.log net: port: 27017 bindIp: 0.0.0.0 replication: replSetName: rs0 Restart mongo db service after the changes sudo service mongod restart   Step 3.3: Configure the replica set Follow the steps below to configure the replica set. Connect to mongo db using command: mongo rs.initiate() rs.add("mongosh01db02") rs.add("mongosh01db03") Confirm the replica set status with rs.status(). It should list one of the servers as primary whilst the others are secondary. Step 4: Configure Shard 2 replica set Follow the steps shown in Step 3 with the following servers with the replica set name as rs1: mongosh02db01 mongosh02db02 mongosh02db03 Step 5: Configure Mongo config servers We will have to set up the mongo config servers as a replica set, too. Step 5.1: Add host entries for members in replica set Config servers should know everything about the servers in the cluster. Append the host entries for all the servers in the /etc/hosts file. 10.10.10.10 appserver01 10.10.10.11 appserver02 10.10.10.12 mongoconfig01 10.10.10.13 mongoconfig02 10.10.10.14 mongoconfig03 10.10.10.15 mongosh01db01 10.10.10.16 mongosh01db02 10.10.10.17 mongosh01db03 10.10.10.18 mongosh02db01 10.10.10.19 mongosh02db02 10.10.10.20 mongosh02db03   Step 5.2: Edit configuration file for each node in replica set Modify /etc/mongod.conf**** then update the following entries. change bindIp to 0.0.0.0bindIp: 0.0.0.0 Change port number to 27019port: 27019 Add the configuration for replica set with name **configReplSet replication: replSetName: configReplSet Configure the server as a config server**sharding: clusterRole: "configsvr" Your overall configuration file should look like storage: dbPath: /var/lib/mongodb journal: enabled: true systemLog: destination: file logAppend: true path: /var/log/mongodb/mongod.log net: port: 27019 bindIp: 0.0.0.0 replication: replSetName: rs0 sharding: clusterRole: "configsvr" Restart mongo db service after the changes sudo service mongod restart   Step 5.3: Configure the config server replica set For any of the config server nodes, follow the steps below in order to configure the replica set. Connect to mongo db using command (note the change in port number): mongo mongoconfig01:27019 Add the other config server nodes in the replica set using: initiate( { _id: "configReplSet", configsvr: true, members: [ { _id: 0, host: "mongoconfig01:27019" }, { _id: 1, host: "mongoconfig02:27019" }, { _id: 2, host: "mongoconfig03:27019" } ] } ) **Check the config replica set status using rs.status(). It should list one of the servers as **primary while other two as secondary. Step 6: Configure Mongos servers The steps below will be for both the mongos servers. Step 6.1: Add host entries for members in replica set Mongos servers need to know everything about the servers in the cluster. Append the host entries for every server in the /etc/hosts file. 10.10.10.10 appserver01 10.10.10.11 appserver02 10.10.10.12 mongoconfig01 10.10.10.13 mongoconfig02 10.10.10.14 mongoconfig03 10.10.10.15 mongosh01db01 10.10.10.16 mongosh01db02 10.10.10.17 mongosh01db03 10.10.10.18 mongosh02db01 10.10.10.19 mongosh02db02 10.10.10.20 mongosh02db03   Step 6.2: Edit configuration file for each mongos Modify /etc/mongod.conf then update the following entries: change bindIp to 0.0.0.0bindIp: 0.0.0.0 Delete storage section from the config file Add the configuration for config servers under sharding sharding: configDB:configReplSet/mongoconfig01:27019,mongoconfig02:27019,mongoconfig03:27019 Your overall configuration file should look like systemLog: destination: file logAppend: true path: /var/log/mongodb/mongod.log net: port: 27017 bindIp: 0.0.0.0 sharding: configDB: configReplSet/mongoconfig01:27019,mongoconfig02:27019,mongoconfig03:27019 Setup mongos as a service cp /etc/init/mongod.conf /etc/init/mongos.conf edit /etc/init/mongos.conf Update DAEMON=/usr/bin/mongod to DAEMON=/usr/bin/mongos Update if [ -f /etc/default/mongod ]; then . /etc/default/mongod; fi to if [ -f /etc/default/mongos ]; then . /etc/default/mongos; fi Restart mongo db service after the changes (note mongos instead of mongod) sudo service mongos restart Step 6.3: Configure the shards Connect to mongos using command: mongo appserver01:27017   Add the replica sets as shards. Adding any one of the servers in a replica set will add all the servers. sh.addShard( "rs0/mongosh01db01:27017") sh.addShard( "rs1/mongosh02db01:27017" ) Verify the status with the sh.status() command, which will list the shard servers in the cluster. You could also use the shardMap command to retrieve the complete shard map as follows: use admin; db.runCommand("getShardMap"); Conclusion The setup of the mongo DB is now finished, feel free to connect the app to the mongos query router with localhost:27017. Reminder that you have to enable sharding for every database and shard the collection you intent to shard.

By | Aug 6

How to install LDAP on CentOS 7

How to install LDAP on CentOS 7 In this tutorial, we will teach you how to install LDAP on CentOS 7. What is LDAP client LDAP is short for Lightweight Directory Access Protocol, it is an open, vendor-neutral, industry standard application protocol which helps access and maintains any distributed directory information services over an Internet Protocol (IP) network.LDAP is used to store any type of information and it is generally used as one component of a centralized authentication system. Installing LDAP on CentOS 7 Installing and configuring an OpenLDAP server on CentOS 7 is a simple task, follow the instructions below and you should get it installed in less than 10 minutes. Step 1: Updating the System Before you start installing any new software, you need to update your system packages to the latest available versions. # yum update   Step 2: Installing OpenLDAP Now, you have to install the packages OpenLDAP needs for its functionality. # yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel   Next, you need to initiate and enable it on boot. # systemctl start slapd.service # systemctl enable slapd.service  Execute the ‘slappasswd’ command to set a LDAP root password and save the output since we will be requiring it to configure OpenLDAP. # slappasswd   Configuring OpenLDAP server You can now start configuring the OpenLDAP server. First, create a couple of LDIF files and then execute the ‘ldapmodify' command to deploy the configuration to the server. The files are going to be stored in ‘/etc/openldap/slapd.d’ which should not be modified manually. OlcSuffix Variable The ‘db.ldif’ file is going to update the ‘olcSuffix’ variable and will append the distinguished name to queries which will be passed to the backend database. After this, it will configure the domain name and your LDAP server to provide account information as well as updating the ‘olcRootDN’ variable which specifies the root distinguished name user which will have administrator access to the LDAP server. Main Domain Our domain is going to be ‘field.dreamvps.com' and written within the ‘dbldif’ file. It should be like this: ‘dc=field,dc=dreamvps,dc=com’ and our root distinguished name is ‘cn=ldapadm,dc=field,dc=dreamvps,dc=com’. Step 3: Configuring OpenLDAP Create the ‘db.ldif’ file with nano or a text editor of your preference and enter in the content below in. # nano db.ldif dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcSuffix olcSuffix: dc=field,dc=dreamvps,dc=com dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcRootDN olcRootDN: cn=ldapadm,dc=field,dc=dreamvps,dc=com dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcRootPW olcRootPW: hashed_output_from_the_slappasswd_command Next, deploy the configuration with ldapmodify. # ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif Now restrict monitor access only to the ldapadm user. # nano monitor.ldif dn: olcDatabase={1}monitor,cn=config changetype: modify replace: olcAccess olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=field,dc=dreamvps,dc=com" read by * none Deploy the configuration change once more. # ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif You have to generate a certificate and a private key so that you can communicate securely with the OPenLDAP server.  Run the following command to do it. openssl req -new -x509 -nodes -out \ /etc/openldap/certs/myldap.field.dreamvps.com.cert \ -keyout /etc/openldap/certs/myldap.field.dreamvps.com.key \ -days 365 Now change the owner and group permissions so OpenLDAP is able to read the files. # chown -R ldap:ldap /etc/openldap/certs Next, you will have to create ‘certs.ldif’ to configure OpenLDAP to use the LDAPS protocol. # nano certs.ldif dn: cn=config changetype: modify replace: olcTLSCertificateFile olcTLSCertificateFile: /etc/openldap/certs/myldap.field.dreamvps.com.cert dn: cn=config changetype: modify replace: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/openldap/certs/myldap.field.dreamvps.com.key We may now deploy the configuration again. # ldapmodify -Y EXTERNAL -H ldapi:/// -f certs.ldif Now try out the configuration by executing the command below. # slaptest -u   Step 4: Setting up the OpenLDAP database You may now set up the LDAP database, begin by copying the sample database configuration file to ‘/var/lib/ldap’ and replacing the file permissions. # cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG # chown -R ldap:ldap /var/lib/ldap Append the LDAP schemas. # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif Now make the ‘base.ldif’ file for your domain. # nano base.ldif dn: dc=field,dc=dreamvps,dc=com dc: field objectClass: top objectClass: domain dn: cn=ldapadm,dc=field,dc=dreamvps,dc=com objectClass: organizationalRole cn: ldapadm description: LDAP Manager dn: ou=People,dc=field,dc=dreamvps,dc=com objectClass: organizationalUnit ou: People dn: ou=Group,dc=field,dc=dreamvps,dc=com objectClass: organizationalUnit ou: Group You now need to deploy those configuration changes to the OpenLDAP by using the ldapadm user: # ldapadd -x -W -D "cn=ldapadm,dc=field,dc=linuxhostsupport,dc=com" -f base.ldif Put in the root password once prompted.If you want to add users, it is simpler to append them using a GUI; we suggest using Apache Directory Studio or JXplorer for this.This is it, LDAP should now be installed on your CentOS 7 VPS.  

By | Aug 6

How to install SquirrelMail on CentOS 7

How to install SquirrelMail on CentOS 7 In this tutorial, we will teach you how to install SquirrelMail on CentOS 7. SquirrelMail SquirrelMail is one of the most popular Web-based email clients made in PHP. It has a built-in pure PHP support for IMAP and SMTP. Moreover, it's being made to render every page in pure HTML 4.0 without JavaScript needed for maximum compatibility across browsers. How to install SquirrelMail The installation and configuration of SquirrelMail is an easy and simple task. Remember that, if you have a VPS with WHM/cPanel or DirectAdmin, SquirrelMail will come pre-installed and ready to use with those control panels. SquirrelMail has only two requirements: A web server with PHP installed. PHP needs to be at least 4.1.0. PHP 4, PHP 5 and PHP 6 are all supported. Access to an IMAP server which supports IMAP 4 rev 1. Step 1: Login via SSH. To begin with, the SquirrelMail Installation, log into your CentOS 7 VPS via SSH as user root. ssh [email protected]_address -p PORT_NUMBER   Step 2: Updating every package installed. You need to ensure that every package installed on your server is up-to-date. yum -y update Step 3: Enabling EPEL repository. SquirrelMail package will not be available in the official CentOS 7 repository. Therefore, you will need to enable the EPEL repository using the command below. yum -y install epel-release Step 4: Installing SquirrelMail for CentOS 7. Next, start installing SquirrelMail which should be easy; it can be installed through CentOS package manager using the following command. yum -y install squirrelmail Step 5: Configuring SquirrelMail. After the webmail client is installed, you may configure it according to your needs by executing the configuration script.   cd /usr/share/squirrelmail/config/ ./conf.pl   SquirrelMail Configuration : Read: config.php (1.4.0)   ---------------------------------------------------------Main Menu -- Organization Preferences Server Settings Folder Defaults General Options Themes Address Books Message of the Day (MOTD) Plugins Database Languages Set pre-defined settings for specific IMAP servers C Turn color offS Save dataQ Quit Command >>   Step 6: Other Configurations. There are various other settings in the configuration file, however, the main things that need to be checked and configured are as follows: Set your default domain name (2. Server settings > 1. Domain) Addresses of IMAP and SMTP servers. Type of IMAP server I will also suggest that  you edit the organization preferences such as organization name, logo, title, and others. Step 7: Alternative Installation. Alternatively, you can install SquirrelMail by downloading its files from the official website and placing them in the document root directory of the web server. wget http://downloads.sourceforge.net/project/squirrelmail/stable/1.4.22/squirrelmail-webmail-1.4.22.zip unzip squirrelmail-webmail-1.4.22.zip -d /var/www/html/ mv /var/www/html/squirrelmail-webmail-1.4.22/ /var/www/html/squirrelmail After everything is installed and properly configured, you should be able to access SquirrelMail at 'SquirrelMail'. Login using your email account and begin managing your emails from a web browser.One more thing...Share this tutorial with your hosting administrators and networking experts friends.Thanks!

By | Aug 9

How To Compress And Decompress Files In Linux

How To Compress And Decompress Files In Linux Compression How to Compress and decompress files in Linux...Compressing is a very useful process when backing up important files as well as sending large files over the internet.Remember that compressing an already compressed file adds extra overhead, hence, you will receive a slightly bigger file. For this reason, do not compress a compressed filed. There are lots of programs that you can use to compress and decompress files in GNU/Linux. In this tutorial, we will teach you about two applications only. Compress and decompress files in Linux The most common programs that are used to compress files in Unix-like systems are: gzip bzip2 Compress and decompress files using Gzip program ‘gzip’ is a utility which will help you compress and decompress files with ‘Lemepel-Ziv’ coding (LZ277 algorithm. 1.1 Compress files To compress a file called ‘dreamvps.txt’, replacing it with a gzipped compressed version, execute the following command. $ gzip dreamvps.txt Gzip should replace the original file ‘dreamvps.txt’ with a gzipped compressed version called ‘dreamvps.txt.gz'.You can also use the ‘gzip’ command in different ways.One good example is that we can create a compressed version of a particular command’s output. Look at the command below. $ ls -l Downloads/ | gzip > dreamvps.txt.gz The command above will create a compressed version of the directory listing of Downloads folder. 1.2 Compress files and write the output to different files (Don’t replace the original file) By default, the ‘gzip’ program will compress any given file, replacing it with a gzipped compressed version. You can, however, keep the original file and enter the output to standard output. For instance, the command below will compress ‘dreamvps.txt’ and will also enter the output to ‘output.txt.gz’. $ gzip -c dreamvps.txt > output.txt.gz Similarly, to decompress a gzipped file specifying the output filename. $ gzip -c -d output.txt.gz > dreamvps1.txt The command above will decompress the ‘output.txt.gz' file and will enter the output to ‘dreamvps1.txt’ file. In both cases, it will not delete the original file. 1.3 Decompress files In order to decompress the file ‘dreamvps.txt.gz’, you will need to replace it with the original uncompressed version; our example will use the following. $ gzip -d dreamvps.txt.gz You can also use gunzip to decompress the files. $ gunzip dreamvps.txt.gz 1.4 View contents of compressed files without decompressing them If you want to view the contents of the compressed file using gzip with out decompressing it, use ‘–c’ flag like shown below. $ gunzip -c dreamvps1.txt.gz Alternatively, you can also use the ‘zcat’ utility like in the following. $ zcat dreamvps.txt.gz You could also pipe the output to ‘less’ command to view the output page by page like below. $ gunzip -c dreamvps1.txt.gz | less $ zcat dreamvps.txt.gz | less Alternatively, there is a ‘zless’ program which will do the same function as the pipeline above. $ zless dreamvps1.txt.gz   1.5 Compress file with gzip by specifying compression level Another notable advantage of ‘gzip’ is; it will support compression level. It will support 3 compression levels like shown below: 1– Fastest (Worst) 9– Slowest (Best) 6– Default level To compress a file called ‘dreamvps.txt’, you will need to replace it with a gzipped compressed version with ‘best’ compression level, you will need to use the following. $ gzip -9 dreamvps.txt   1.6 Concatenate multiple compressed files It is also possible to concatenate several compressed files into one. You can see how by looking at the examples below. $ gzip -c dreamvps1.txt > output.txt.gz $ gzip -c dreamvps2.txt >> output.txt.gz The two commands above will compress ‘dreamvps1.txt’ and ‘dreamvps2.txt’ then will save them in one file called ‘output.txt.gz’.You may view the contents of both files (‘dreamvps1.txt’ and ‘dreamvps2.txt’) without extracting them using any one of the following commands. $ gunzip -c output.txt.gz $ gunzip -c output.txt $ zcat output.txt.gz $ zcat output.txt The ‘bzip2’ is quite similar to the gzip program, however, it uses a different compression algorithm called the ‘Burrow-Wheeler block sorting text compression’ algorithm, and Huffman coding. The files compressed using ‘bzip2’ will end with a ‘.bz2’ extension.As we have stated, the usage of ‘bzip2’ is almost the exact same as gzip. Simply replace ‘gzip’ in the example above with ‘bzip2’, ‘gunzip’ with ‘bunzip2’, ‘zcat’ with ‘bzcat' and so on.To compress a file with ‘bzip2’, replace it with a compressed version, run the below. $ man gzip In the case that you do not want to replace the original file, use the ‘–c’ flag and enter the output to a new file. $ bzip2 dreamvps.txt To decompress a compressed file, use the below. $ bzip2 -c dreamvps.txt > output.txt.bz2 Or the below. $ bzip2 -d dreamvps.txt.bz2 To view the contents of a compressed file without having to decompresses it, the below. $ bunzip2 -c dreamvps.txt.bz2 Or the below. $ bzcat dreamvps.txt.bz2 For more details, refer man pages. $ man bzip2 Final Thoughts: In this tutorial, we have taught you about gzip and bzip2 programs and how to use them to compress and decompress files with some examples in GNU/Linux. Cheers!

By | Aug 9