BBDD: Dump y Restore PostgreSQL

Hay veces que es necesario hacer un volcado de toda la información de un servidor a otro, o simplemente hacer un copia de seguridad total. Para ello en Postgres igual que en MySQL hay los "dumps" y se exporta y se importa de la siguiente manera.

Dump

pgsqldump=backupPSQL`date +%d%m%Y`.dump
su postgres -c "pg_dumpall > $pgsqldump"

Restore

psql -f infile postgres

Postfix como cliente SMTP SASL

Hay veces que por necesidad hay que autentificar un servidor de correo contra otro servidor. En ese caso, posftix se puede configurar para validarse contra otra servidor y utilizar ese como smarthost.

creamos el fichero: /etc/postfix/password
Y ponemos la información del usuario que va hacer el relay

smtp.isp.com username:password

Asignamos los permisos correctos para mayor seguridad

chown root:root /etc/postfix/password
chmod 0600 /etc/postfix/password
postmap hash:/etc/postfix/password

En el main.cf ponemos
relayhost = smtp.isp.com
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/password
smtp_sasl_security_options =

VSFTPD + SSL TLS

Primero cramos el certificado:

[root@vps] openssl req -x509 -nodes -days 365 -newkey rsa:1024 \
-keyout /etc/vsftpd/vsftpd.pem \
-out /etc/vsftpd/vsftpd.pem

Añadimos las siguientes linias al fichero /etc/vsftpd.conf

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem

QMAIL - RBLS Añade seguridad Antispam

root@$ cat /etc/xinetd.d/smtp_psa

service smtp
{
socket_type = stream
protocol = tcp
wait = no
disable = no
user = root
instances = UNLIMITED
server = /var/qmail/bin/tcp-env
server_args = -Rt0 /usr/sbin/rblsmtpd -r sbl-xbl.spamhaus.org -r bl.spamcop.net /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}

HOWTO: ESXi and SSH

By default this isn’t possible. But there’s a way to get this working, just do the following:

1. Go to the ESXi console and press alt+F1
2. Type: unsupported
3. Enter the root password
4. At the prompt type “vi /etc/inetd.conf”
5. Look for the line that starts with “#ssh” (you can search with pressing “/”)
6. Remove the “#” (press the “x” if the cursor is on the character)
7. Save “/etc/inetd.conf” by typing “:wq!”
8. Restart the management service “/sbin/services.sh restart”

SAMBA Integrado con OpenLDAP

al final de la config en smb.conf
ldap admin dn = cn=Administrator,dc=dominio,dc=com
ldap delete dn = No
ldap group suffix = ou=group
ldap passwd sync = No
ldap replication sleep = 1000
#ldap ssl = Start_tls
ldap suffix = dc=dominio,dc=com
ldap timeout = 5
ldap user suffix = ou=people
passdb backend = ldapsam:ldap://ldap.dominio


fichero entero:

[global]
workgroup = dynamics
#Impresores
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
load printers = yes
use client driver = yes
map to guest = Bad User
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = Yes
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
domain logons = Yes
domain master = Yes
local master = Yes
os level = 65
preferred master = Yes

#FSM - Seguretat i LDAP
security = user
ldap admin dn = cn=Administrator,dc=dynamics-research,dc=com
ldap delete dn = No
ldap group suffix = ou=group
ldap passwd sync = No
ldap replication sleep = 1000
#ldap ssl = Start_tls
ldap suffix = dc=dynamics-research,dc=com
ldap timeout = 5
ldap user suffix = ou=people
passdb backend = ldapsam:ldap://ldap.dynamics-research.com
wins proxy = No
wins support = Yes
netbios name = dynamics

#FSM - PARAMETRES ADDICIONALS
server string = dynamics-PDC
log level = 2
max log size = 50

#Castellanitzacio
dos charset = 850
unix charset = iso-8859-15


[homes]

comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[grups]
comment = grups
inherit acls = Yes
path = /srv/samba/departaments
read only = No
[soft]
comment = software
inherit acls = Yes
path = /srv/samba/software
read only = No


Le pasamos el password del admin

smbpasswd -w 

Replicación OpenLdap Master -> Slave

Master:

index ...
replogfile /var/lib/ldap/openldap-master-replog
replica host=IP_SLAVE:389 binddn=cn=Administrator,dc=midominio,dc=com bindmethod=simple credentials=password

Tiene que estar arrancado el servicio slurpd

SLAVE:
database bdb
suffix ".."
rootdn ".."
rootpw ".."
updatedn "cn=Administrator,dc=midominio,dc=com"
updateref "ldap://172.26.0.90"

Debian - There is no public key available for the following key IDs

gpg --keyserver subkeys.pgp.net --recv-keys 4D270D06F42584E6
gpg --armor --export 4D270D06F42584E6 apt-key add -

Subversion backup and restore

• Howto backup Subversion and move it to a new machine.
• Back Up Your Data !

• svnadmin dump repo and scp to other machine.
• Do this for each repository you have.

svnadmin dump /path/to/reponame > /tmp/reponame.dump ; scp -rp /tmp/reponame.dump user@server.domain.com:/tmp/

• On other machine install subversion

pacman -Sy subversion

• Make sure you set svnserve in /etc/rc.conf
• Edit the DAEMONS line so it starts on next boot.

DAEMONS=(syslog-ng hotplug !pcmcia network netfs crond sshd svnserve httpd)

• Create the corrisponding repositories.
• Do this for each repository you have.

• Load svn dump into new repo on new machine.
• Do this for each repository you have.

svnadmin load /path/to/reponame < /tmp/repo1.dump

• Setting Permissions.. CRUCIAL
• This is the most common mistake when moving a svn repo.
• Do this for each repository you have.

chown -R svn:svnusers /path/to/reponame ; chmod -R g+w /path/to/reponame/db/

• Sample Permissions:

bash-2.05b# ls -l | grep svn drwxrwxr-x 7 svn svnusers 512 Apr 27 15:06 reponame1 drwxrwxr-x 7 svn svnusers 512 Apr 27 15:06 reponame2 drwxrwxr-x 7 svn svnusers 512 Apr 27 15:06 reponame3 bash-2.05b# ls -l reponame1/ | egrep -i "db" drwxrwsr-x 2 svn svnusers 512 Apr 27 15:07 db bash-2.05b#

• Ok these repos should be allset and ready to rock.. however using svn+ssh:// will not work..
• Note: we have to have a wrapper written for svnserve..

• PLEASE FOLLOW CLOSELY HERE

• check your ENV like:

bash-2.05b# env | egrep "^PATH=" PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:/root/bin bash-2.05b#

• check where the svnserve binary is located:

bash-2.05b# which svnserve /usr/local/bin/svnserve bash-2.05b#

• ok our wrapper is going to have to fall in PATH prior to this location.. /sbin is a good place seeing its our 1st exec path on the system as root.

• create wrapper:

touch /sbin/svnserve ; chmod 755 /sbin/svnserve

• now edit it to look like so:

bash-2.05b# cat /sbin/svnserve #!/bin/sh # wrapper script for svnserve umask 007 /usr/local/bin/svnserve -r /path/to "$@" bash-2.05b#

• NOTE: see the -r /path/to ?? well this is what makes use of the svn co svn+ssh://server.domain.com:/reponame ( SEE THIS :/reponame ).. this sets root PATH.
• you do not need to do: :/path/to/reponame.... this is the big trick here folks.

• Start svnserve with new wrapper script like so:

/sbin/svnserve -d ( start daemon mode )

• check it with ps:

bash-2.05b# ps auxww | grep svn root 66668 0.0 0.1 3608 1868 ?? Is 12:25AM 0:00.00 /usr/local/bin/svnserve -r /path/to -d bash-2.05b#

• we can also check the perms for remote users like this:

cdowns:~ ~$ svn ls svn+ssh://server.domain.com:/reponame ++server.domain.com++ dev/ qa/ release/ cdowns:~ ~$

En pocas palabras...
svnadmin dump /usr/local/svn > /var/dump-svn20090915.dump