Dev-mysql-maint error occurred during the installation of VHCS Control panel

Error message:

Can’t connect on ‘DBI:mysql:;localhost’ :Access denied for user ‘debian-sys-maint’@'localhost’ (using password: YES)

The issue occurring due to the absence of grant privilege (to the user dev-mysql-maint) on the databases.

You obtain details of "dev-mysql-maint" from /etc/mysql/debian.cnf.

One example is mentioned below:

# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host = localhost
user = debian-sys-maint
password = 0nQp8g7pmupSbcpg
socket = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
user = debian-sys-maint
password = 0nQp8g7pmupSbcpg
socket = /var/run/mysqld/mysqld.sock
basedir = /usr

You need to grant the privileges to dev-mysql-maint, according to the above information.

grant all privileges to *.* on 'dev-mysql-maint'@'localhost' identified by '0nQp8g7pmupSbcpg' with grant option;

Note: Modify the password according to the information in /etc/mysql/debian.cnf.

File manager login issue with VHCS control panel

Check the /etc/proftpd/modules.conf file and make sure that following LoadModule is mentioned in it.

LoadModule mod_sql.c

Modify the /etc/proftpd/proftpd.conf with the following details:

UseIPv6 off

Also include the following section in /etc/proftpd/proftpd.conf.


SQLBackend mysql
Include /etc/proftpd.conf


You need to disable (comment out) PostgresSQL Module in /etc/proftpd/modules.conf.

LoadModule mod_sql_postgres.c

Restart the proftpd.

KeySize error occurred during the installation of VHCS control panel

Add the following entry in 1887th line of /var/lib/dpkg/info/vhcs.postinst.

keysize => 32,

You need to enter this value before "key => " part.

After this modification run the script:

/var/www/vhcs2/engine/vhcs2-rqst-mngr

You will get another error message saying:

 If specified by -literal_key, then the key length must be equal to the chosen cipher’s key length of 56 bytes at /var/www/vhcs2/engine//vhcs2_common_code.pl line 1443 Compilation failed in require at ./var/www/vhcs2/engine/vhcs2-rqst-mngr line 33. 

You need to add an entry in 1441-th line of /var/www/vhcs2/engine/vhcs2_common_code.pl to fix this issue

modify following code:

my $cipher = Crypt::CBC -> new(
{
‘key’ => $main::db_pass_key,
‘cipher’ => ‘Blowfish’,
‘iv’ => $main::db_pass_iv,
‘regenerate_key’ => 0,
‘padding’ => ’space’,
‘prepend_iv’ => 0
}
);

to

my $cipher = Crypt::CBC -> new(
{
‘keysize’ => 32,
‘key’ => $main::db_pass_key,
‘cipher’ => ‘Blowfish’,
‘iv’ => $main::db_pass_iv,
‘regenerate_key’ => 0,
‘padding’ => ’space’,
‘prepend_iv’ => 0
}
);

This will fix the issue.

Unable to get information from zmcontrol

This issue is mainly occurring due to the incorrect permission of /opt/zimbra/redolog and /opt/zimbra/redolog/redo.log.

Do the following steps:

[root@zimbra bin]# ls -l /opt/zimbra/redolog
total 8
drwxr-x--- 2 root root 4096 Mar 20 13:17 archive
-rw-r----- 1 root root 1292 Apr 11 19:11 redo.log

The chower ship of /opt/zimbra/redolog/redo.log and /opt/zimbra/redolog must be zimbra.

chown -R zimbra.zimbra /opt/zimbra/redolog/

[root@zimbra bin]# ls -l /opt/zimbra/redolog
total 8
drwxr-x--- 2 zimbra zimbra 4096 Mar 20 19:17 archive
-rw-r----- 1 zimbra zimbra 1292 Apr 11 19:59 /opt/zimbra/redolog/redo.log

Now try the "zmcontrol status" and "zmcontrol start". This will work fine now.

Note: If you are facing difficulty in running "zmcontrol status", try the exact path "/opt/zimbra/bin/zmcontrol status".

How to Deploy Zimlet in Zimbra

The Zimbra mail server binaries are located in the location /opt/zimbra/bin. The binary /opt/zimbra/bin/zmzimletctl will help you in implementing or deploying new zimlet.

Zimlet is mainly Integrating the Zimbra Collaboration Suite (ZCS) with third party information systems and content as well as creating "mash-up" user interfaces within the Zimbra suite itself.

Try the following option to list the deplyed Zimlet:

/opt/zimbra/bin/zmzimletctl listZimlets

The deployed zimlets are usually located in the section /opt/zimbra/zimlets. It will be like com_zimbra_email.zip.

The extra zimlets are located in /opt/zimbra/zimlets-extra/ and /opt/zimbra/zimlets-admin-extra/.

The /opt/zimbra/zimlets-admin-extra/ is mainly used to deploy the functions in Admin - interface and other one (/opt/zimbra/zimlets-extra/) is for Client (webmail) part.

If you want to deploy the Amazone - Zimlet, do the following:

cd /opt/zimbra/zimlets-extra/
/opt/zimbra/bin/zmzimletctl deploy com_zimbra_amzn.zip
/opt/zimbra/bin/zmzimletctl listZimlets

You can also deploy the same using Admin-Zimbra interface.

How to Deploy Zimlet in Zimbra

The Zimbra mail server binaries are located in the location /opt/zimbra/bin. The binary /opt/zimbra/bin/zmzimletctl will help you in implementing or deploying new zimlet.

Zimlet is mainly Integrating the Zimbra Collaboration Suite (ZCS) with third party information systems and content as well as creating "mash-up" user interfaces within the Zimbra suite itself.

Try the following option to list the deplyed Zimlet:

/opt/zimbra/bin/zmzimletctl listZimlets

The deployed zimlets are usually located in the section /opt/zimbra/zimlets. It will be like com_zimbra_email.zip.

The extra zimlets are located in /opt/zimbra/zimlets-extra/ and /opt/zimbra/zimlets-admin-extra/.

The /opt/zimbra/zimlets-admin-extra/ is mainly used to deploy the functions in Admin - interface and other one (/opt/zimbra/zimlets-extra/) is for Client (webmail) part.

If you want to deploy the Amazone - Zimlet, do the following:

cd /opt/zimbra/zimlets-extra/
/opt/zimbra/bin/zmzimletctl deploy com_zimbra_amzn.zip
/opt/zimbra/bin/zmzimletctl listZimlets

You can also deploy the same using Admin-Zimbra interface.

Linux plesk: Unable to restore plesk domain dump using pleskrestore

You need to extract the contents of domain dump first. The dump location can be found from psa.conf file (ex. DUMP_D /var/lib/psa/dumps).

cd /var/lib/psa/dumps/1/12 (here psa domain dump directory is /var/lib/psa/dumps/1/12)
mkdir recover
cd recover
zcat DOMAINNAME_2008.03.25_07-11-10 > DOMAINNAME_DUMP_FILE

The domain contents will be extracted here. You can move the contents to respective directories and give proper permission. If the content size greater than 2GB it will produce errors.

In that case we need to do the following steps:

Create a map file of the domain:

/usr/local/psa/bin/pleskrestore --create-map DOMAINNAME_DUMP_FILE -map map_DOMAINUSER

Find the client name of domain from PSA database.

mysql -uadmin -p`cat /etc/psa/.psa.shadow`
use psa
SELECT clients.login, clients.cname, clients.email, accounts.password FROM domains LEFT JOIN clients ON domains.cl_id = clients.id LEFT JOIN accounts ON clients.account_id = accounts.id WHERE domains.name ='DOMAINNAME';
+-----------+-------------------------+--------------------+----------+
| login | cname | email | password |
+-----------+-------------------------+--------------------+----------+
| mydomains | COMPANY_NAME | EMAIL_ID | jkhasdi |
+-----------+-------------------------+--------------------+----------+

Check the map_DOMAINUSER file. If the client name is empty in map file the domain dump restore will not happen.

Modify the map file map_DOMAINUSER:
Replace [] with client name. Here it is [mydomains]
Make sure that syntax of the mapfile is correct and IP properly mentioned in it.

Now you can restore the domain dump using "pleskrestore".

/usr/local/psa/bin/pleskrestore --restore DOMAINNAME_DUMP_FILE -level domains -filter list:DOMAINNAME -map map_DOMAINUSER

BigSister monitoring Tool Installation

This is for linux

wget http://nchc.dl.sourceforge.net/sourceforge/bigsister/bigsister-1.02-4.noarch.rpm
wget http://downloads.sourceforge.net/bigsister/bigsister-server-1.02-4.noarch.rpm?modtime=1137953182&big_mirror=0
wget http://downloads.sourceforge.net/bigsister/bigsister-agent-1.02-4.noarch.rpm?modtime=1137953111&big_mirror=0
rpm -ivh bigsister-1.02-4.noarch.rpm
rpm -ivh bigsister-server-1.02-4.noarch.rpm
rpm -ivh bigsister-agent-1.02-4.noarch.rpm


yum install libwww-perl snmp snmpd

bsmodule
bsmodule list

Download rrdtool from http://oss.oetiker.ch/rrdtool/download.en.html.

Downloads of BigSister plugins: http://www.joerg.cc/html/bigsis/ch01s05.html
Pluggins listed in : http://www.bigsister.ch/plugins.html

yum install rrdtool.i386 rrdtool-php.i386 rrdtool-perl.i386
yum install rrdtool-perl.i386
++++++++++++++++++++++++++++++
# /etc/init.d/bigsister restart
uxmon: stopped
bbd: stopped
bsmon: stopped
Starting Big Sister ...
Monitor bsmon OK
Server bbd OK
Agent uxmon OK
++++++++++++++++++++++++++++++

Include the /etc/bigsister/httpd.conf in original apache config file.
++++++++++++++++++++++++++++++
/etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [Mon May 05 13:03:59 2008] [warn] module php5_module is already loaded, skipping
[ OK ]
++++++++++++++++++++++++++++++

You can now access the bigsister using http://SERVERNAME/bigsis

Zimbra- Your Open Source Mail Server

My another article regarding the Zimbra mail server installation, setup and integration of third parties can be seen in :
http://bobcares.com/article83.html

Stop your monitoring systems cry "wolf wolf"

Please refer the URL http://bobcares.com/article82.html to get more information about it.
My article is published there.

Linux/FreeBSD Security Related - installation and configuration

1) CSF FIREWALL
-----------------------------------
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar zxf csf.tgz
cd csf
sh install.sh

If you have APF + BFD you will need to disable it, you can use the following to do so:

sh disable_apf_bfd.sh

To configure CSF modify the config files in /etc/csf/ - or if you are running WHM you can modify the CSF settings in there. By default CSF opens the standard cPanel ports.

Also refer http://configserver.com for getting more information.


2) ROOTCHECK
==========
wget http://www.ossec.net/rootcheck/files/rootcheck-0.4.tar.gz
tar -xvzf rootcheck-0.4.tar.gz
cd rootcheck-0.4
./install

Make sure CPAN on your machine because rootcheck requires the Perl Modules IO::Interface.

After the installation the System scanning can be done by:
./rootcheck.pl
You can also use its options if you need.


3) RKHUNTER
===========
Rkhunter is used to check for trojans, rootkits, and other security problems.
wget -c http://downloads.rootkit.nl/rkhunter-1.1.1.tar.gz
tar -zxvf rkhunter-1.1.1.tar.gz
cd rkhunter-1.1.1
./installer.sh

Run the test scan:
/usr/local/bin/rkhunter -c

To setup a cronjob:
create /etc/cron.daily/rkhunter.sh with following contents
#!/bin/bash
(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "Daily Rkhunter Scan Report" EMAIL@DOMAINNAME)

chmod +x /etc/cron.daily/rkhunter.sh

4) CHKROOT KIT
============
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5
md5sum chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
cd chkrootkit*
make sense
./chkrootkit

To setup a cronjob:
edit /etc/cron.daily/chkrootkit.sh

#!/bin/bash
cd /INSTALLPATH/chkrootkit-0.42b/
./chkrootkit | mail -s "Daily chkrootkit from SERVERNAME " EMAIL@DOMAINNAME

Important:
1. Replace 'INSTALLPATH' with the actual path to where you unpacked Chkrootkit.
2. Change 'SERVERNAME' to exact value.
3. Change 'EMAIL@DOMAINNAME' to your email address.

chmod 755 /etc/cron.daily/chkrootkit.sh
cd /etc/cron.daily/
./chkrootkit.sh

5) BDF
==============
cd /root/download
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
tar -xvzf bfd-current.tar.gz
cd bfd-0.2
./install.sh
edit /usr/local/bfd/conf.bfd

Enable brute force hack attempt alerts:
ALERT_USR="0" CHANGE TO: ALERT_USR="1"
EMAIL_USR="root" CHANGE TO: EMAIL_USR="EMAIL@DOMAINNAME"

Edit /usr/local/bfd/ignore.hosts and add trusted IPs including yours

BFD uses APF' cli insert feature.
Run using:
/usr/local/sbin/bfd -s

Zabbix Network Monitoring Tool Installation

First of all make sure that you have the following installed in your machine.
http, mysql, gcc, mysql-server, mysql-devel, net-snmp, net-snmp-utils, net-snmp-devel, net-snmp-libs, curl-devel, mak, ntp, php (php with bcmath,gd and mysql support)

You can install this using "yum -y install PACKAGENAME"

Start up the time server this for syncing the time between devices:
/etc/init.d/ntpd start

Download and install fPing:
wget http://dag.wieers.com/rpm/packages/fping/fping-2.4-1.b2.2.el5.rf.i386.rpm
rpm -Uvh fping-2.4-1.b2.2.el5.rf.i386.rpm
chmod 7555 /usr/sbin/fping


Create Zabbix user.
useradd zabbix
Download zabbix and untar it.
wget http://superb-east.dl.sourceforge.net/sourceforge/zabbix/zzabbix-1.4.4.tar.gz
tar -xzvf zabbix-1.4.4.tar.gz


Grant zabbix database access to corresponding user:
mysql -u root -p
mysql> CREATE DATABASE zabbix;
mysql> GRANT DROP,INDEX,CREATE,SELECT,INSERT,UPDATE,ALTER,DELETE ON zabbix.* TO zabbixmysqluser@localhost IDENTIFIED BY ‘zabbixmysqlpass’;
mysql> quit;

Create the DB Schema
cd zabbix-1.4.4
cat create/schema/mysql.sql | mysql -u zabbixmysqluser -pzabbixmysqlpass zabbix
cat create/data/data.sql | mysql -u zabbixmysqluser -pzabbixmysqlpass zabbix
cat create/data/images_mysql.sql | mysql -u zabbixmysqluser -pzabbixmysqlpass zabbix

configuring zabbix server:
./configure –enable-server –prefix=/usr/local/zabbix –with-mysql –with-net-snmp –with-libcurl
make install
make clean

Compile the zabbix agent:
./configure –enable-agent –prefix=/usr/local/zabbix –enable-static
make install


Add the zabbix server and agent ports to /etc/services file.
echo "zabbix_agent 10050/tcp" >> /etc/services
echo "zabbix_trap 10051/tcp" >> /etc/services

Copy the sample .conf files to /etc/zabbix for server and agentd.
mkdir /etc/zabbix
cp misc/conf/zabbix_agentd.conf /etc/zabbix
cp misc/conf/zabbix_server.conf /etc/zabbix

Modify the .conf files as per the requirement. In /etc/zabbix/zabbix_server.conf, modify:
DBUser=zabbixmysqluser
BPassword=zabbixmysqlpassword
DBSocket=/var/lib/mysql/mysql.sock
FpingLocation=/usr/sbin/fping


In /etc/zabbix/zabbix_agentd.conf, modify:
Server=127.0.0.1,Your.Zabbix.Server.IP
Hostname=EnterTheHostName
cp misc/init.d/redhat/zabbix_agentd_ctl /etc/init.d/zabbix_agentd
cp misc/init.d/redhat/zabbix_server_ctl /etc/init.d/zabbix_server

In /etc/init.d/zabbix_agentd AND /etc/init.d/zabbix_server:
BASEDIR=/usr/local/zabbix

In /etc/init.d/zabbix_agentd, add near the top, just below #!/bin/sh:
# chkconfig: 345 95 95
# description: Zabbix Agentd

In /etc/init.d/zabbix_server, just below #!/bin/sh add the following:
# chkconfig: 345 95 95
# description: Zabbix Server

Automatic starting and stopping of services configuration:
chkconfig –level 345 zabbix_server on
chkconfig –level 345 zabbix_agentd on
chkconfig –level 345 httpd on
chkconfig –level 345 mysqld on
chkconfig –level 0123456 iptables off

Make sure that connection to 10050, and 10051 possible. check the firewall setting also.

Move the zabbix frontend file to relevant DocumentRoot:
cp -r frontends/php /var/www/html/zabbix

in /etc/php.ini, modify:
max_execution_time = 300
date.timezone = Asia/Calcutta

Note: Substitute relevant timezone. You can obtain the timzone name from http://us2.php.net/manual/en/timezones.america.php.

Start the apache for the changes to get effect:
/etc/init.d/httpd start

To execute the LICENSE
chmod 777 /var/www/html/zabbix/conf

Access the URL http://HOSTNAME/zabbix and follow the instrustions.

After the installation do the following:
chmod 755 /var/www/html/zabbix/conf
mv /var/www/html/zabbix/setup.php /var/www/html/zabbix/setup.php.bk
/etc/init.d/zabbix_agentd start
/etc/init.d/zabbix_server start

If you find that http://HOSTNAME/zabbix/ is not displaying, check whether the php-pear module installed or not. Also check the errorlog to get the exact error message. You can install it using "yum -y install php-pear"

Refer the tutorial to get more information regarding its working:
http://www.zabbix.com/manual/v1.1/qs.host.agent.php

You can login into the Admin are using "admin" as user name. There is no password required for it. The password reset can be done after login into it.