Category: Uncategorized

Install and configure FTP in Centos 6

Description: Install and configure FTP in Centos 7

Procedure:

  • Enable epel repository by using below command

[root@localhost ~] # wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-6.noarch.rpm

[root@localhost ~] # rpm -ivh epel-release-7-6.noarch.rpm

  • Install ftp by using below command

[root@localhost ~] # yum install proftpd proftpd-utils

  • Enable and start service

[root@localhost ~] # systemctl start proftpd
[root@localhost ~] # systemctl enable proftpd

  • Verify Installation of Pureftp

you can access your FTP server using a web browser. Open your favorite web browser and enter the following:
ftp://10.10.0.1

  • Check log files: 

ProFTPD logs many activities so if you like to investigate or debug some problem, you can check the log files which are stored in the /var/log/proftpd/ directory

Install KVM Virtualization on Centos 7 and RHEL 7

Description: KVM is an open source hardware virtualization software through which we can create and run multiple Linux based and windows based virtual machines simultaneously. KVM known as Kernel based Virtual Machine because when we install KVM package then KVM module is loaded into the current kernel and turns our Linux machine into a hyper-visor.
Before installation, we need to check CPU supports Hardware Virtualization. To check use below command:
[root@localhost ~] # grep -E ‘(vmx|svm)’ /proc/cpuinfo
Output should be either vmx or svm, Otherwise CPU does not support Virtualization
Procedure:
First install KVM and its associate packages 
[root@localhost ~] # yum install qemu-kvm qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils
After installation enable and start libvirtd service
[root@localhost ~] # systemctl start libvirtd
[root@localhost ~] # systemctl enable libvirtd 
Verify KVM Installation:
[root@localhost ~] # lsmod | grep -i kvm
kvm_intel             162153  0
kvm                   525409  1 kvm_intel
Configure Bridge Interface: Before start creating VM you need to configure bridge interface is required if you want to access virtual machine from outside of your network
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-eth0 ifcfg-br0
Edit the Interface file and set followings:
[root@localhost network-scripts]# vi ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eth0
ONBOOT=yes
BRIDGE=br0
Edit the Bridge file (ifcfg-br0) and set the followings:

[root@localhost network-scripts] # vi ifcfg-br0
TYPE=Bridge
BOOTPROTO=static
DEVICE=br0
ONBOOT=yes
IPADDR=10.10.10.1
NETMASK=255.255.255.0
GATEWAY=10.10.10.11
DNS1=10.10.10.11
Replace the IP address and DNS server details as per your setup.
After making changes Restart network service 
[root@localhost ~] # systemctl restart network
Check the Bridge interface using below command :
[root@localhost ~] # ip addr show br0
Start creating virtual machine using by ‘virt-install’ or virt-manager [GUI Tool]
Go to file option, Click on “New Virtual Machine”

Specify ISO file location and provide RAM and CPU as per your requirement. 
Click on Finish to create Virtual Machine

Creating a virtual Machine from Command Line:

[root@localhost ~] # virt-install –name=Ubuntu-16-04 –file=/var/lib/libvirt/images/ubuntu16-04.dsk –file-size=20 –nonsparse –graphics spice –vcpus=2 –ram=2048 –cdrom=ubuntu-16.04-server-amd64.iso –network bridge=br0 –os-type=linux –os-variant=generic
Starting install…
Allocating ‘ubuntu16-04.dsk’               | 20 GB 00:00:00
Creating domain…

Install KVM Virtualization on Centos 7 and RHEL 7

Description: KVM is an open source hardware virtualization software through which we can create and run multiple Linux based and windows based virtual machines simultaneously. KVM known as Kernel based Virtual Machine because when we install KVM package then KVM module is loaded into the current kernel and turns our Linux machine into a hyper-visor.
Before installation, we need to check CPU supports Hardware Virtualization. To check use below command:
[root@localhost ~] # grep -E ‘(vmx|svm)’ /proc/cpuinfo
Output should be either vmx or svm, Otherwise CPU does not support Virtualization
Procedure:
First install KVM and its associate packages 
[root@localhost ~] # yum install qemu-kvm qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils
After installation enable and start libvirtd service
[root@localhost ~] # systemctl start libvirtd
[root@localhost ~] # systemctl enable libvirtd 
Verify KVM Installation:
[root@localhost ~] # lsmod | grep -i kvm
kvm_intel             162153  0
kvm                   525409  1 kvm_intel
Configure Bridge Interface: Before start creating VM you need to configure bridge interface is required if you want to access virtual machine from outside of your network
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-eth0 ifcfg-br0
Edit the Interface file and set followings:
[root@localhost network-scripts]# vi ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eth0
ONBOOT=yes
BRIDGE=br0
Edit the Bridge file (ifcfg-br0) and set the followings:

[root@localhost network-scripts] # vi ifcfg-br0
TYPE=Bridge
BOOTPROTO=static
DEVICE=br0
ONBOOT=yes
IPADDR=10.10.10.1
NETMASK=255.255.255.0
GATEWAY=10.10.10.11
DNS1=10.10.10.11
Replace the IP address and DNS server details as per your setup.
After making changes Restart network service 
[root@localhost ~] # systemctl restart network
Check the Bridge interface using below command :
[root@localhost ~] # ip addr show br0
Start creating virtual machine using by ‘virt-install’ or virt-manager [GUI Tool]
Go to file option, Click on “New Virtual Machine”

Specify ISO file location and provide RAM and CPU as per your requirement. 
Click on Finish to create Virtual Machine

Creating a virtual Machine from Command Line:

[root@localhost ~] # virt-install –name=Ubuntu-16-04 –file=/var/lib/libvirt/images/ubuntu16-04.dsk –file-size=20 –nonsparse –graphics spice –vcpus=2 –ram=2048 –cdrom=ubuntu-16.04-server-amd64.iso –network bridge=br0 –os-type=linux –os-variant=generic
Starting install…
Allocating ‘ubuntu16-04.dsk’               | 20 GB 00:00:00
Creating domain…

SSL Certificate Installation – Tomcat Server

Procedure:


Create a New Keystore:

  • You will be using the keytool command to create and manage your new Keystore file. You may need to add the java /bin/ directory to your PATH before the keytool command is recognized. When you are ready to create your keystore go to the directory where you plan to manage your Keystore and certificates. Enter the following command in command prompt:

           keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore your_site_name.jks

  • You will be prompt to choose a password for your keystore. You will then be prompt to enter your Organization information.
  • When it asks for first and last name, this is NOT your first and last name, but rather it is your Fully Qualified Domain Name for the site you are securing (example: http://www.yourdomain.com). If you are ordering a Wildcard Certificate this must begin with the * character. (example: *.yourdomain.com)
  • After you have completed the required information, confirm that the information is correct by entering ‘y’ or ‘yes’ when prompted. Next, you will be ask for your password to confirm. Make sure to remember the password you choose. Your keystore file named your_site_name.jks is now create in your current working directory.

Generate a CSR from Your New Keystore:

  • Next, you will use keytool to create the Certificate Signing Request (CSR) from your Keystore. Enter the following command:

         keytool -certreq -alias server -file csr.txt -keystore your_site_name.jks

  • Type the keystore password that you chose earlier and hit Enter.
  • Once CSR generated upload it to Certificate Authority and generate SSL certificate.
  • Install Certificate on Tomcat Server
  • Depending on the certificate format in which you received the certificate from the Certificate Authority, there are different ways of importing the files into the keystore. 
PKCS#:   
  • If the certificate you received is in PKCS#7 format (the extension of the certificate file will be .p7b or .cer), it already includes the necessary intermediate and root certificates. Additionally, a certificate with .p7b extension can be download in the user account. Run the following command to import it into the keystore:

         keytool -import -trustcacerts -alias server -keystore example.jks -file example.p7b

  • If the certificate was imported successfully, you will see the message ‘Certificate reply was installed in keystore’. You can check the details of the certificate that was imported to the keystore with a command:
         keytool -list -keystore example.jks 

PEM: 
  • If you received the certificate in the PEM format ( files will be with the .crt extension), you will need to import the root certificate, intermediate certificates and the certificate issued for your domain name to the keystore separately starting from a root certificate and ending with the certificate for your domain name. To import a root certificate, run the following command

        keytool -import -alias root -keystore example.jks -trustcacerts -file root.crt

  • To import an intermediate certificate

        keytool -import -alias intermediate -keystore example.jks -trustcacerts -file intermediate.crt

  • After the successful import you need to edit Tomcat configuration file. As a rule, it is called server.xml and usually can be found in Home_Directory/conf folder. Please change in configuration file as follow:

        <Connector port="443" protocol="HTTP/1.1"

          SSLEnabled=”true”
          scheme=”https” secure=”true” clientAuth=”false”
          sslProtocol=”TLS” keystoreFile=”/your_path/yourkeystore.jks”
          keystorePass=”password_for_your_key_store” />

  • Save the changes and restart Tomcat web service.

SSRS: Error: The user or group name ‘Domain\SomeUser’ is not recognized

Description: When you install SSRS after restore backup it shows error like as follow:
An error occurred while adding users ‘Domain\SomeUser’,’Domain\SomeUser2′ to the SQL Server Reporting Services DynamicsAXBrowser role in the folder DynamicsAX. The error is: The user or group name ‘Domain\SomeUser’ is not recognized.

Solution: Remove entry of previous SSRS server from SysServerSessions table and then restart AOS service.

Email Best Practices: Setup SPF, DKIM and DMARC in Zimbra Mail Server

Description:  To protect mail server against spoofing and mails not delivered in Junk folder in other platforms like Google Apps, Yahoo, and Outlook etc. We need to setup SPF, DKIM and DMARC in Mail server. Please find the below detail information about SPF, DKIM and DMAC as follow:

1. SPFSender Policy Framework (SPF) is an email validation system, designed to prevent unwanted emails using a spoofing system. To check this common security problem, SPF going to verify the source IP of the email and compare it with a DNS txt record with a SPF content.

  • Mechanisms can be prefixed with one of four qualifiers:
          “+”   Pass
          “-”    Fail
          “~”   SoftFail
          “?”   Neutral
  • If a mechanism results in a hit, its qualifier value is used. The default qualifier is “+”, i.e. “Pass”. For example:
“v=spf1 -all”
“v=spf1 a -all”
“v=spf1 a mx -all”
“v=spf1 +a +mx -all”
“v=spf1 include: yourdomain.net ~all”
2. DKIM [Domain Key Identified Mail]: DKIM is method to associate the domain and the email, allowing to person or company assume the responsibility of the email.
Please generate DKIM key in Zimbra Mail Server using SSH:
 # /opt/zimbra/libexec/zmdkimkeyutil -a -d yourdomain.com
You will receive output as follow:
DKIM Data added to LDAP for domain zimbra.io with selector 25D766CE-CEAC-11E7-B087-020B6DB9DD9A
Public signature to enter into DNS:
25D766CE-CEAC-11E7-B087-020B6DB9DD9A._domainkey IN      TXT     ( “v=DKIM1; k=rsa; “
          “p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwA4vVMiV3/14hRMzbKNnBKNThqxTWLi2E5NqqHLccIJg/P33yqwgGVKKUM9HFfXZ8urz6/dl8oNG3oxs73W1sgWHrFRo3ZayHsuUMe+DLyt8wtyR/RUae0nvd6Z6t0lPwujXWBrRS/FeMg/IGA8ExBKjD+aAYdQfH/lhlDGzumTXgbSB0KMzlpOjcum2Aes69rEiR744GGaPb2”
          “X3MxK8vjpeMIx16n2tADb0wKKP19WTF0at5HCP8F4SFflLUPJMOC1Be9FCWjTjNr1qrRZTwCwC7OC9tnV7SsKKXG+8D6hu39Tm5U1GLzpKvLMIv14b6MWsU9cV/iVKH+hQq4YRowIDAQAB” )  ; —– DKIM key 25D766CE-CEAC-11E7-B087-020B6DB9DD9A for zimbra.io

After generate DKIM test key using below site:
Selector: 25D766CE-CEAC-11E7-B087-020B6DB9DD9A
Domain:  yourdomain.com
Key: “p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD4sp8nBr2CqtNJJVYJte+TaX5E4rrRPB2P
ICp/AnkaTsA6J7NADJz21JA+supRZ1VzaGVuHL2vKzTFM7YjR/9pdSNuCLTzpAr3uuqzwna89G
eb5kcz4ICzLt5XoxfEmEtnAz43DidZ/JXDOD/iRprPl+B9k15XHbPVjatmuLReSQIDAQAB”
Add DKIM and SPF in DNS as following screen shot:
3. DMARC: Domain-based Message Authentication, Reporting & Conformance (DMARC) is a technical specification created by a group of organizations that want to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols. 
DMARC standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms. This means that senders will experience consistent authentication results for their messages at AOL, Gmail, Hotmail, Yahoo! and any other email receiver implementing DMARC. We hope this will encourage senders to more broadly authenticate their outbound email which can make email a more reliable way to communicate. 
Add DMARC record as follow:
Type: TXT
Host/Name: _DMARC.yourdomain.com
Value: v=DMARC1; p=none; rua=mailto:spam-reports@yourdomain.com; ruf=mailto:spam-reports@yourdomain.com

Migrate Emails from Gmail to Zimbra

Description: Here I have explained how to migrate emails from google apps account to zimbra server. For migration I have used imapsync utility.

  • Install imapsync in destination Zimbra server using yum 

          # yum install imapsync

  • Login user in gmail and allow Imap from account settings as follow:
  • Create Email Account in Zimbra Mail Server
  • Run below command in zimbra as root:

   # imapsync –host1 74.125.133.108 –user1 user@googleaccount.co.in –password1 password –host2 hostname.zimbradomain.com –user2 user@zimbradomain.com –password2 password –syncinternaldates –ssl1 -ssl2 –noauthmd5  –exclude All Mail –useheader ‘Message-ID’

Mass email migration from Google Apps to using imapsync
  • ·         Create one user.txt file which contains source and destination users and their passwords like as follow:
          user1@source.tld;user1sourcepassword;user1@destination.tld;user1destinationpassword
          user2@source.tld;user2sourcepassword;user2@destination.tld;user2destinationpassword
          user3@source.tld;user3sourcepassword;user3@destination.tld;user3destinationpassword
  • ·         Create shell script in same location and paste below content in it.
#!/bin/bash
#Configure servers
SERVER1= imap.gmail.com
SERVER2=imap.destination.com
#Uncomment to hide folder sizes
#FAST=”–nofoldersizes”
#Uncomment to do a dry run (no actual changes)
#DRY=”–dry”
#Uncomment to just sync folders (no messages)
#JUSTFOLDERS=”–justfolders”
#Uncomment to just connect (no syncs at all)
#JUSTCONNECT=”–justconnect”
#Set the path to your imapsync binary
imapsync=imapsync
#Users file
if [ -z “$1” ]
then
echo “No users text file given.”
exit
fi
if [ ! -f “$1” ]
then
echo “Given users text file \”$1\” does not exist”
exit
fi
{ while IFS=’;’ read  u1 p1 u2 p2; do
$imapsync –usecache –tmpdir /var/tmp \
–host1 ${SERVER1} –user1 “$u1” \
–password1 “$p1” –ssl1 \
–host2 ${SERVER2} \
–port2 993 –user2 “$u2” \
–password2 “$p2” –ssl2 \
${FAST} ${DRY} ${JUSTFOLDERS} ${JUSTCONNECT} \
–regextrans2 ‘s{Sent$}{[Gmail]/Sent Mail}’ \
–regextrans2 ‘s{Sent Items$}{[Gmail]/Sent Mail}’ \
–regextrans2 ‘s{Sent Messages$}{[Gmail]/Sent Mail}’ \
–regextrans2 ‘s{Drafts$}{[Gmail]/Drafts}’ \
–exclude ‘INBOX.Trash|INBOX.spam|INBOX.Apple Mail To Do’
done ; } < $1
Note:  Change as Source and Destination server.
  • ·         Run script using below comman

          ./migration.sh users.txt

  • ·         The script can take a long time to run, so I suggest using nohup and redirecting the output to a log file:

          nohup ./migration.sh users.txt > migrationlog.txt 2>&1 &

Change IP Address Of Zimbra Mail Server

How to Change IP Address Of Zimbra Mail Server:

  •  Check current IP address configuration in postconf

[root@mail /]# su zimbra

[zimbra@mail /]$ postconf mynetworks
mynetworks = 127.0.0.0/8 192.168.1.0/24 [::1]/128 [fe80::]/64
[zimbra@mail /]$
  • In this case our postfix will reply for all machines with 192.168.1.X serious all IP address
  • Change or Modify IP address using below:
[zimbra@mail /]$ hostname
mail.server.local
[zimbra@mail /]$ zmprov ms mail.server.local zimbraMtaMyNetworks ‘127.0.0.1/8 192.168.1.200/24’
[zimbra@mail /]$ postfix reload
  •  Verify configuration after changes

[zimbra@mail /]$ postconf mynetworks

mynetworks = 127.0.0.1/8 192.168.1.200/24

LVM [Logical Volume Manager]

Description:


LVM is a tool for logical volume management, which includes allocating disks, striping, mirroring and resizing logical volumes. LVM allow you to manage disk space more effectively. With LVM, we can create logical partitions that can span across one or more physical hard drives. First, the hard drives are divided into physical volumes, then those physical volumes are combined together to create the volume group and finally the logical volumes are created from volume group.

Configure Logical Volume:


First create three partitions using fdisk or gdisk. In this example I have create 3 partition /dev/sda5, /dev/sdb1 and /dev/sdc1
After create partition need to convert to physical volume using below command:
        # pvcreate /dev/sda5 /dev/sdb1 /dev/sdc1
            Physical volume “/dev/sda5” successfully created
            Physical volume “/dev/sdb1” successfully created
            Physical volume “/dev/sdc1” successfully created
Once physical volume created you need to create volume group of all three partition using below command:
       # vgcreate vg0 /dev/sda5 /dev/sdb1 /dev/sdc1
           Volume group “vg0” successfully created
           You can use the vgs command to display the attributes of the new volume group
Now you can create logical volume  from volume group using below command:
      # lvcreate –L  100 G –n lv0 vg0
          Logical volume “lv0” created
          Note :  lv0 is logical volume name
Create a file system on the logical volume using below command
      # mkfs –t ext4 /dev/vg0/lv0
Mount logical volume to directory
      # mount /dev/vg0/lv0 /storage

Extending a logical volume:

Extend logical volume using below command.
     # lvextend -L12G /dev/vg0/lv0
        lvextend — extending logical volume “/dev/vg0/lv0” to 12 GB
        lvextend — doing automatic backup of volume group “vg0”
        lvextend — logical volume “/dev/vg0/lv0” successfully extended
    # lvextend -L+1G /dev/vg0/lv0
       lvextend — extending logical volume “/dev/vg0/lv0” to 13 GB
       lvextend — doing automatic backup of volume group “vg0”
       lvextend — logical volume “/dev/vg0/lv0” successfully extended
After you have extended the logical volume, it is necessary to increase the file system size to match.
     # umount /dev/vg0/lv0
     # resize2fs /dev/vg0/lv0
     # mount /dev/vg0/lv0 /storage

Reducing a Logical Volume:

First, unmount partition using below command
# umount /storage
Check file system for error using e2fsck command
# e2fsck –f /dev/vg0/lv0
Note: In the above command e2fsck, we use the option ‘-f’ to forcefully check the file system, even if the file system is clean.
Reduce or Shrink the size of /storage to desire size
# resize2fs /dev/vg0/lv0 10G
Now reduce the size using lvreduce command.
# lvreduce -L 10G /dev/vg0/lv0
For the safer side, now check the reduced file system for errors
# e2fsck -f /dev/vg0/lv0
Mount the file system and verify its size.
# mount /dev/vg0/lv0 /storage

LVM [Logical Volume Manager]

Description:


LVM is a tool for logical volume management, which includes allocating disks, striping, mirroring and resizing logical volumes. LVM allow you to manage disk space more effectively. With LVM, we can create logical partitions that can span across one or more physical hard drives. First, the hard drives are divided into physical volumes, then those physical volumes are combined together to create the volume group and finally the logical volumes are created from volume group.

Configure Logical Volume:


First create three partitions using fdisk or gdisk. In this example I have create 3 partition /dev/sda5, /dev/sdb1 and /dev/sdc1
After create partition need to convert to physical volume using below command:
        # pvcreate /dev/sda5 /dev/sdb1 /dev/sdc1
            Physical volume “/dev/sda5” successfully created
            Physical volume “/dev/sdb1” successfully created
            Physical volume “/dev/sdc1” successfully created
Once physical volume created you need to create volume group of all three partition using below command:
       # vgcreate vg0 /dev/sda5 /dev/sdb1 /dev/sdc1
           Volume group “vg0” successfully created
           You can use the vgs command to display the attributes of the new volume group
Now you can create logical volume  from volume group using below command:
      # lvcreate –L  100 G –n lv0 vg0
          Logical volume “lv0” created
          Note :  lv0 is logical volume name
Create a file system on the logical volume using below command
      # mkfs –t ext4 /dev/vg0/lv0
Mount logical volume to directory
      # mount /dev/vg0/lv0 /storage

Extending a logical volume:

Extend logical volume using below command.
     # lvextend -L12G /dev/vg0/lv0
        lvextend — extending logical volume “/dev/vg0/lv0” to 12 GB
        lvextend — doing automatic backup of volume group “vg0”
        lvextend — logical volume “/dev/vg0/lv0” successfully extended
    # lvextend -L+1G /dev/vg0/lv0
       lvextend — extending logical volume “/dev/vg0/lv0” to 13 GB
       lvextend — doing automatic backup of volume group “vg0”
       lvextend — logical volume “/dev/vg0/lv0” successfully extended
After you have extended the logical volume, it is necessary to increase the file system size to match.
     # umount /dev/vg0/lv0
     # resize2fs /dev/vg0/lv0
     # mount /dev/vg0/lv0 /storage

Reducing a Logical Volume:

First, unmount partition using below command
# umount /storage
Check file system for error using e2fsck command
# e2fsck –f /dev/vg0/lv0
Note: In the above command e2fsck, we use the option ‘-f’ to forcefully check the file system, even if the file system is clean.
Reduce or Shrink the size of /storage to desire size
# resize2fs /dev/vg0/lv0 10G
Now reduce the size using lvreduce command.
# lvreduce -L 10G /dev/vg0/lv0
For the safer side, now check the reduced file system for errors
# e2fsck -f /dev/vg0/lv0
Mount the file system and verify its size.
# mount /dev/vg0/lv0 /storage