When you see this message you should check 2 places:
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/udev/rules.d/70-persistent-net.rules
you don’t need restart server, but not in this way: udevadm control –reload-rules
if you are using Centos OS;
start_udev && service network restart
You should run resuce Centos option:
# chroot /mnt/sysimage/ # grub-install /dev/sda /dev/md0 does not have any corresponding BIOS drive # grub-install --recheck /dev/sda /dev/md0 does not have any corresponding BIOS drive #
An error. The md0 mirror, which is composed of sda and sdb, was complicating things. I though maybe I could fudge the device map by adding an entry to /boot/grub/device.map:
(fd0) /dev/fd0 (hd0) /dev/sda (hd1) /dev/sdb (hd2) /dev/md0
# grub-install /dev/sda The file /boot/grub/stage1 not read correctly.
That was no good either. Finally, I had to run grub manually.
# grub grub> root (hd0,0) root (hd0,0) Filesystem type is ext2fs, partition type 0xfd grub> setup (hd0) setup (hd0) Checking if "/boot/grub/stage1" exists... no Checking if "/grub/stage1" exists... yes Checking if "/grub/stage2" exists... yes Checking if "/grub/e2fs_stage1_5" exists... yes Running "embed /grub/e2fs_stage1_5 (hd0)"... 16 sectors are embedded. succeeded Running "install /grub/stage1 (hd0) (hd0)1+16 p (hd0,0)/grub/stage2 /grub/grub.conf"... succeeded Done. grub> quit # reboot
To configure a smart host, create /etc/exim.conf.local on the source server (server1 in this example) and add the following lines. Be sure to change to the hostname or IP of the smart host server.
|
1
2
3
4
5
6
|
@ROUTERSTART@ smart_route: driver = manualroute domains = !+local_domains transport = remote_smtp route_list = * host.name.of.smart.host.server |
Assuming this server (server1) is a cPanel server, next run /scripts/buildeximconf and then /scripts/restartsrv_exim. If not, simply restart your Exim server using normal init scripts.
Assuming you’re installing the yum version of Exim on a CentOS/RHEL server, you’ll need to make two configuration changes. The first is to allow the IP of the mailserver to relay through the smarthost. Open the configuration at /etc/exim/exim.conf, find the line referenced below and edit it replacing x.x.x.x with your mailserver IP.
|
1
|
hostlist relay_from_hosts = 127.0.0.1 : x.x.x.x |
Second, you’ll need to tell Exim not to listen only on the localhost address for incoming mail, which is the default. Again find the configuration line below and add a hash (#) in front of it to comment it out.
|
1
|
local_interfaces = <; 127.0.0.1 ; ::1 |
Save the modified config file and restart Exim on this server.
That’s it; watch the logs for a bit to make sure it’s working! The easiest way is to just tail -f /var/log/exim_mainlog on both servers and then send a message from server1 to a remote host, and watch for the mail to travel out server2!
You should download yumdownloader postgrey the you should extract this rpm and take some files for usage:
rpm2cpio postgrey-1.34-4.fc18.noarch.rpm | cpio -idv
the you can need copy some postgrey configuration and executable files from ./usr/sbin:
./usr/sbin/postgrey
./usr/sbin/postgreyreport
to /usr/local/sbin
./etc/postfix/postgrey_whitelist_clients.local
./etc/postfix/postgrey_whitelist_recipients
./etc/postfix/postgrey_whitelist_clients
to /etc folder
then you need create postgrey working folder for postgrey database
mkdir /var/spool/exim/postgrey && chown mailnull.mail /var/spool/exim/postgrey
to start postgrey you can like this:
/usr/local/sbin/postgrey -d –unix=/var/spool/exim/postgrey/socket –exim –syslog-facility=local6 –user=mailnull –group=mail –dbdir=/var/spool/exim/postgrey –delay=60 –max-age=35 –retry-window=12h –greylist-text=Greylisted. Please, try again later. –whitelist-clients=/etc/postgrey_whitelist_clients –whitelist-recipients=/etc/postgrey_whitelist_recipients –whitelist-clients=/etc/postgrey_whitelist_clients.local –auto-whitelist-clients=5
if you can start, you maybe missing some dependencies like:
yum install perl-BerkeleyDB perl-Net-DNS perl-Net-Server perl-Digest-HMAC perl-IO-Multiplex perl-Digest-SHA1
You should create new ACL rule in your exim.conf
begin acl
# ACL that is used after the RCPT command
check_recipient:
# postgrey [TOP]
defer
log_message = greylisted host $sender_host_address
!senders = : postmaster@*
# domains = +local_domains : +relay_to_domains
!hosts = /etc/virtual/domains
!authenticated = *
verify = recipient/callout=20s,use_sender,defer_ok
set acl_m3 = request=smtpd_access_policy\n\
protocol_state=RCPT\n\
protocol_name=${uc:$received_protocol}\n\
instance=${acl_m2}\n\
helo_name=${sender_helo_name}\n\
client_address=${substr_-3:${mask:$sender_host_address/27}}\n\
client_name=${sender_host_name}\n\
sender=${sender_address}\n\
recipient=$local_part@$domain\n\n
set acl_m3 = ${sg{\
${readsocket{ /postgrey/socket/full_address }{$acl_m3}\
{5s}{}{action=DUNNO}}\
}{action=}{}}
message = ${sg{$acl_m3}{^\\w+\\s*}{}}
condition = ${if eq{${uc:${substr{0}{5}{$acl_m3}}}}{DEFER}{true}{false}}
# add “greylisted by ..seconds” header to mail which has successfully
# passed the greylisting.
warn
!senders = : postmaster@*
# domains = +local_domains : +relay_to_domains
!hosts = /etc/virtual/domains
!authenticated = *
message = ${sg{$acl_m3}{^\\w+\\s*}{}}
condition = ${if eq{${uc:${substr_0_7:$acl_m3}}}{PREPEND}{true}{false}}
# postgrey [END]
# to block certain wellknown exploits, Deny for local domains if
# local parts begin with a dot or contain @ % ! / |
deny domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
After this you can restart you exim server and check if you exim use greylisting.
This bash script is useful to create Centos or other new VPS in few seconds. You can download it cr_vm.
Source below:
#!/bin/bash
if [ -z "$2" ]; then
echo usage: $0 ctid ipaddr
echo example: 521 192.168.122.152
exit
fi
if [ -f /vz/template/cache/centos-6-x86_64-20130522.tar.xz ]; then
echo "OK"
else
echo "================================================================"
echo "Download a Centos (6.0) template"
echo "================================================================"
wget http://mirror.duomenucentras.lt/openvz/contrib/template/precreated/centos-6-x86_64-20130522.tar.xz -O /vz/template/cache/centos-6-x86_64-20130522.tar.xz
fi
echo "================================================================"
echo "Create a new container named $1"
echo "================================================================"
vzctl create $1 --ostemplate centos-6-x86_64-20130522
echo "================================================================"
echo "Set the hostname"
echo "================================================================"
vzctl set $1 --hostname $1 --save
echo "================================================================"
echo "Set the IP address"
echo "================================================================"
vzctl set $1 --ipadd $2 --save
echo "================================================================"
echo "Set OpenDNS servers 208.67.222.222 and 208.67.220.220"
echo "================================================================"
vzctl set $1 --nameserver 208.67.222.222 --nameserver 208.67.220.220 --save
echo "================================================================"
echo "Set ROOT user password"
echo "================================================================"
vzctl set $1 --userpasswd root:plainpass
echo "================================================================"
echo "Stop and start the container named $1 and wait 10 secs"
echo "================================================================"
vzctl stop $1 && vzctl start $1 && sleep 10
echo "================================================================"
echo "Ping test to google.com"
echo "================================================================"
vzctl exec $1 ping -c 3 google.com
echo "================================================================"
echo "Restarting the node $1"
echo "================================================================"
vzctl restart $1
echo "================================================================"
echo "Test command 'ps aux' executed in the node $1"
echo "================================================================"
vzctl exec $1 ps aux
You can edit this script for your needs.
If you did default Centos OS installation, you may be missing console access from virsh virtual machine administration.
If you have started VM from virsh like this:
start –console VM and you see only:
Connected to domain VM_NAME
Escape character is ^]
you should change your VM default configuration like this:
vi /etc/init/ttyS0.conf
# ttyS0 – agetty
#
# This script starts a agetty on ttyS0
stop on runlevel [S016]
start on runlevel [23]
respawn
exec agetty -h -L -w /dev/ttyS0 115200 vt102
and finish initctl start ttyS0
you also can change a bit you grub.conf file a bit:
grubby –update-kernel=ALL –args=’console=ttyS0,115200n8 console=tty0′
if you will add this kernel commands, you will see kernel messages when your system is booting, but its not necessary.
If you can access console as root user you should add this:
echo “ttyS0” >> /etc/securetty
This trick wotks on Centos 5/6
dmesg | awk -F ] ‘{“cat /proc/uptime | cut -d \” \” -f 1″ | getline st;a=substr( $1,2, length($1) – 1);print strftime(“%F %H:%M:%S %Z”,systime()-st+a)” -> “$0}’
If you have Fedora and systemd, so:
journalctl -a | less
Quota is useful for limiting the disk usage for users or groups.
Check if usrquota and grpquota are enabled :
mount | grep /home
Create quota files :
quotacheck -cvug /home
This creates /home/aquota.user and /home/aquota.group
Check quota :
#quotacheck -avug
Enable quota for user1 :
edquota user1
Edit soft and hard limits (1000 = 1 MB) or inode values.
Check the quota for user1 :
quota user1
Enable quota :
quotaon -avug
In addition :
Through a cron, run everynight when the filesystem is not used :
quotaoff -avug && quotacheck -avug && quotaon –avug
Get quota stats :
repquota -a
directadmin pre-install:
yum install wget screen gcc gcc-c++ flex bison make bind bind-libs bind-utils openssl openssl-devel perl quota libaio libcom_err-devel libcurl-devel gd zlib-devel libcap-devel bzip2 db4-devel cyrus-sasl-devel perl-ExtUtils-Embed autoconf automake libtool
run screen and install:
screen
wget http://www.directadmin.com/setup.sh && chmod 755 setup.sh
begin directadmin installation: ./setup.sh
Install X:
yum -y groupinstall “X Window System”
Install Fluxbox:
yum -y install fluxbox thunar thunar-volman rxvt wget alsa-utils pciutils usbutils xdg-utils fuse fuse-ntfs-3g ntfs-3g ntfsprogs parted udisks gvfs yum-utils bind-utils lsb wireless-tools gdm gtk2-devel zlib-devel glibc glib2 glib2-devel vim-enhanced vim-X11 rpm-build gettext-devel perl-XML-Parser xarchiver p7zip
this will install and gives you a basic desktop with window manager, file manager, text editor and a terminal emulator, also you can add other packets
change inittab 3 to 5
show hidden files: Alt+F2 to run Thunar, check the ‘show hidden files, then you should look for some folders like .fluxbox and there you can found keys file, where you can set some key shortcuts.
F9 : ExecCommand google-chrome or F2 : ExecCommand rxvt
also look for Desktop folder where you can add some shortcuts with linux symlink on your desktop.
wget -P /etc/yum.repos.d/ http://ftp.openvz.org/openvz.repo
rpm --import http://ftp.openvz.org/RPM-GPG-Key-OpenVZ
OpenVZ kernel:
yum install vzkernel
sysctl options:
net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
Disable selinux:
echo "SELINUX=disabled" > /etc/sysconfig/selinux
OpenVZ user level tools: yum install vzctl vzquota ploop
And reboot.
Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.
yum install squid
vi /etc/squid/squid.conf
You should add your IP to ACL.
If you have minimal Centos OS installation you should install perl and wget and screen packages, also disable selinux protection:
yum install wget perl screen
setenforce 0
sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config
screen
cd && wget -N http://httpupdate.cpanel.net/latest && chmod +x ./latest && ./latest
And should wait WHM/cPanel installation about 2 hours.
To create new Centos 6 guest from command line run this:
qemu-kvm -m 512 -drive file=/home/vit/kvm/centos,if=virtio -cdrom /home/vit/kvm/CentOS-6.4-x86_64-minimal.iso -net nic -net tap,ifname=tap0,script=no,downscript=no -smp 4 -cpu host -boot d -daemonize
-m MB
-drive disk image
-net network
-boot d boot from cdrom
LXC isn’t a real Virtualization technique, but is more like a chroot environment, but on “steroids”. Its similar to OpenVZ virtualization, but can use your native kernel version. In some cases its very important.
mkdir /var/lib/libvirt/lxc/centos-6-x86_64/etc/yum.repos.d/ -p cat /etc/yum.repos.d/CentOS-Base.repo |sed s/'$releasever'/6/g > /var/lib/libvirt/lxc/centos-6-x86_64/etc/yum.repos.d/CentOS-Base.repo yum groupinstall core --installroot=/var/lib/libvirt/lxc/centos-6-x86_64/ --nogpgcheck -y yum install plymouth libselinux-python --installroot=/var/lib/libvirt/lxc/centos-6-x86_64/ --nogpgcheck -y
You should crate selinux rule:
module lxc 1.0;
require {
type hald_t;
type virtd_lxc_t;
class dbus send_msg;
}
#============= hald_t ==============
allow hald_t virtd_lxc_t:dbus send_msg;
You should create manually your selinux rule to allow virtd_lxc_t to use dbus daemon. How crate custom selinux rules, you can check in other my article there.
chroot /var/lib/libvirt/lxc/centos-6-x86_64/ echo your_password_there |passwd root --stdin #Fix root login on console echo "pts/0" >>/etc/securetty sed -i s/"session required pam_selinux.so close"/"#session required pam_selinux.so close"/g /etc/pam.d/login sed -i s/"session required pam_selinux.so open"/"#session required pam_selinux.so open"/g /etc/pam.d/login sed -i s/"session required pam_loginuid.so"/"#session required pam_loginuid.so"/g /etc/pam.d/login #Configuring basic networking cat > /etc/sysconfig/network << EOF NETWORKING=yes HOSTNAME=lxc.linux4you.tk EOF cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes EOF #Enabling sshd chkconfig sshd on # Fixing root login for sshd sed -i s/"session required pam_selinux.so close"/"#session required pam_selinux.so close"/g /etc/pam.d/sshd sed -i s/"session required pam_loginuid.so"/"#session required pam_loginuid.so"/g /etc/pam.d/sshd sed -i s/"session required pam_selinux.so open env_params"/"#session required pam_selinux.so open env_params"/g /etc/pam.d/sshd # Leaving the chroot'ed filesystem exit
virt-install --connect lxc:/// --name test --ram 512 --vcpu 1 --filesystem /var/lib/libvirt/lxc/centos-6-x86_64/,/ --noautoconsole