I need a tool for backing up a directories on a server. The problem in Linux it that you have too much solutions for that specific task, and you need a time to research and figure out which one is the best.
I will backup my data on the same server, only on a different disk. CPU utilization is not a problem, and primary goals are small footprint (to be able to have the longest history), and to have reasonable easy way of retrieving data from backup archive.
So, first, let me list all the solutions.

Based on rsync:

• rsnapshot : Written in Perl, using rsync and hard links, it is possible to keep multiple, full backups instantly available
• rsback : Written in Perl, I am not sure what are the differences from rsnapshot
• ccollect : Written in simple sh-script.
• fwbackups : Installable with yum (yum install fwbackups).
• flyback : Python based.
• Dirvish : I believe it is not maintained anymore.
• rsync-backup : Perl script.
• RIBS (Rsync Incremental Backup Script) : Written in PHP.
• rsnap : Python.

Based on rdiff:

• rdiff-backup : Python & C written. Best documentation at this wiki. Can be installed with yum.
• SafeKeep : Python / based on rdiff-backup. Installable on Fedora 9 via yum (–enablerepo=rawhide list safekeep*)
• Backupninja : centralized way to configure and schedule many different backup utilities.
• pybackpack : Python, based on rdiff-backup. Basic usage at howtoforge.com. Can be installed with yum (yum install pybackpack). But, it has a big problem in not possible to start it from the commandline or cron.
• rBackup : Written mainly in PHP. Not in repository.

None of the above:

• Areca : Written in Java, supports everything I need. Not available in any Fedora repository. Good tutorial and manuals, but still the problem that it is not diff-based (the whole file is written). Good solution is because it has a compression.
• RESTORE-EE (Enterprise Edition) : Complicated and nice, but not impressed. Tutorial at howtoforge.
• Duplicity : Very good, only with no GUI or other tool for restoring data. Probably the only viable solution if you backup data is on a public server, because supports encryption right from the start.
• Backerupper : To me, it looks that is not maintained anymore. Written in Lazarus-Freepascal (Delphi for Linux)
• Bacula : Really heavy.
• Amanda : Heavy too.
• Mondo Rescue : Really a recovery solution, but just to mention it.
• afbackup : Written in C. Very odl and mature, but none of the documentation.
• BackupPC : Configuration seemed very strange to me.

BackupPC

BackupPC

	cat /etc/httpd/conf.d/BackupPC.conf</pre><br />htpasswd -c /etc/BackupPC/apache.users backuppc<br /><pre><br /> nano /etc/BackupPC/hostsThat worked http://localhost/BackupPC (note the letter case)<br /><br />chkconfig --list backuppc<br /><br /></pre><br /><br /><h2>rdiffWeb</h2><br /><br />Web interface for retrieving a rdiff-backup data. Two are available (<a target="_blank" href="http://www.rdiffweb.org/">rdiffWeb</a> and <a target="_blank" href="http://rdiffbackupweb.sourceforge.net/">rdiff-backup-web</a>) - with same function. The first one is nicer to me, and installation was the following:<br /><pre><br />yum install python-cherrypy<br />wget http://www.rdiffweb.org/releases/rdiffWeb-0.6.3-1.noarch.rpm<br />yum localinstall --nogpgcheck rdiffWeb-0.6.3-1.noarch.rpm<br />rdiff-web-config<br />service rdiff-web start<br />

And in browser: http://localhost:8080/. Beautifull. To add it permanently, just: chkconfig –add rdiff-web.

Some notes: Somehow, my instict told me that I will be needin a compression file system, and best I found was FuseCompress (the older, perfectly stable version is found here). Btw. it is available in Fedora 9 with yum (–enablerepo=rawhide list fusecompress). The other solution - patched kernel for ext2 called e2compr, was not acceptable because I do not want to patch kernel after every kernel update.

I tried a couple tools.

• Box Shot 3D v2.9.2: Incredibly simple, but very configurable. My favourite.
• Insofta Cover Commander 2.91 : Great interface. Only, it looks like renderings are of lower quality than in Box Shot 3D.
• True BoxShot (True BoxShot Standalone v1.7, or True BoxShot for Photoshop v.1.1.2, or TBS Cover Editor v.1.1.1) : Cover editor is mora an vector-bitmap editing application, then an simply an “box effect applier” - and it’s very impressive. But, I dont need that. And, the other two are solid, but not spectacular.
• Cover Expert 1.6 : Solid one. Not so versatile collection of objects, but has an unique feature in ability to mix more than one object on a single scene.
• Quick 3D Cover : Bad rendering, but interesting selection of objects - included are computer monitors, mobile phones, etc.
• 3D Real Boxshot v4.0: There are two reasons why I did not test it and I did not installed any demo of this application. The first one is really disappointing screen shots on a badly designed website, and the second one is that company does make a lot of software totally unrelated to one another. And, I don’t like companies that do that (excluding Adobe).
• eCover Engineer v5.5 : The screenshots are not spectacular, so I decided not to try it.

And, I will mention others that are really amateur effort:

• Just BoxShots, 3D Box Shot Maker (freeware), 3D ProductBox

I just had to quote these 16 fantastic simple rules. More practical and more simple than any that I found before. This is copied from Bob Parsons blog which I don’t fancy very much.

1. Get and stay out of your comfort zone. I believe that not much happens of any significance when we’re in our comfort zone. I hear people say, “But I’m concerned about security.” My response to that is simple: “Security is for cadavers.”

2. Never give up. Almost nothing works the first time it’s attempted. Just because what you’re doing does not seem to be working, doesn’t mean it won’t work. It just means that it might not work the way you’re doing it. If it was easy, everyone would be doing it, and you wouldn’t have an opportunity.

3. When you’re ready to quit, you’re closer than you think. There’s an old Chinese saying that I just love, and I believe it is so true. It goes like this: “The temptation to quit will be greatest just before you are about to succeed.”

4. With regard to whatever worries you, not only accept the worst thing that could happen, but make it a point to quantify what the worst thing could be. Very seldom will the worst consequence be anywhere near as bad as a cloud of “undefined consequences.” My father would tell me early on, when I was struggling and losing my shirt trying to get Parsons Technology going, “Well, Robert, if it doesn’t work, they can’t eat you.”

5. Focus on what you want to have happen. Remember that old saying, “As you think, so shall you be.”

6. Take things a day at a time. No matter how difficult your situation is, you can get through it if you don’t look too far into the future, and focus on the present moment. You can get through anything one day at a time.

7. Always be moving forward. Never stop investing. Never stop improving. Never stop doing something new. The moment you stop improving your organization, it starts to die. Make it your goal to be better each and every day, in some small way. Remember the Japanese concept of Kaizen. Small daily improvements eventually result in huge advantages.

8. Be quick to decide. Remember what General George S. Patton said: “A good plan violently executed today is far and away better than a perfect plan tomorrow.”

9. Measure everything of significance. I swear this is true. Anything that is measured and watched, improves.

10. Anything that is not managed will deteriorate. If you want to uncover problems you don’t know about, take a few moments and look closely at the areas you haven’t examined for a while. I guarantee you problems will be there.

11. Pay attention to your competitors, but pay more attention to what you’re doing. When you look at your competitors, remember that everything looks perfect at a distance. Even the planet Earth, if you get far enough into space, looks like a peaceful place.

12. Never let anybody push you around. In our society, with our laws and even playing field, you have just as much right to what you’re doing as anyone else, provided that what you’re doing is legal.

13. Never expect life to be fair. Life isn’t fair. You make your own breaks. You’ll be doing good if the only meaning fair has to you, is something that you pay when you get on a bus (i.e., fare).

14. Solve your own problems. You’ll find that by coming up with your own solutions, you’ll develop a competitive edge. Masura Ibuka, the co-founder of SONY, said it best: “You never succeed in technology, business, or anything by following the others.” There’s also an old Asian saying that I remind myself of frequently. It goes like this: “A wise man keeps his own counsel.”

15. Don’t take yourself too seriously. Lighten up. Often, at least half of what we accomplish is due to luck. None of us are in control as much as we like to think we are.

16. There’s always a reason to smile. Find it. After all, you’re really lucky just to be alive. Life is short. More and more, I agree with my little brother. He always reminds me: “We’re not here for a long time; we’re here for a good time.”

I needed to make a fancy signatures for some clients, in RoundCube Webmail. For that, I wanted an inline image in a HTML signature - something that is not possible to achieve in current Roundcube. So i made a some changes, and come up with a solution:

Every change is in

\program\steps\mail\sendmail.inc

and \program\lib\stringstream.php is needed.

I am lazy to write this… Finish whenever you want.

You probably found a lot of online tools to check for DNS Poisoning check. For example, here and here. The second one is a site of Dan Kaminsky - the original researcher that discovered the vulnerability. But, these tools check “My DNS Server” - something that is my ISP server, and not DNS that I am hosting/running. So, after some looking around, a found this one-liner here: just find any Linux box, and type there:

dig @ns1.nameserver.com +short porttest.dns-oarc.net TXT

where ns1.nameserver.com is either IP or name of a DNS server. If the result is GOOD - it’s like that - anything else is a big problem.

Download and unpack Postfwd archive to /usr/local/postfwd:

cd /usr/local/
wget http://postfwd.org/postfwd-1.10pre7c.tar.gz
tar -xf postfwd-1.10pre7c.tar.gz
mv postfwd-1.10pre7c postfwd

Copy the configuration file at its place, and copy the startup script to its place

cp /usr/local/postfwd/etc/postfwd.cf /etc/postfix/
cp /usr/local/postfwd/bin/postfwd-script.sh /etc/init.d/postfwd

Then, if I try to set a daemon to be startet at boot time, with:

chkconfig --add postfwd

But I got an error saying: “service postfwd does not support chkconfig”? Ok. There is a statement in a init script that tells the chkconfig command how to add or delete this daemon to the boot process. This statement looks like this:

# chkconfig: 2345 78 32
# description: Postfwd Policy Server

This means that a script should be started in levels 2,3,4,5 and that its start priority should be 78, and stop pririty 32. Priorities present the order / sequence in which the services are either started and stopped. So if you for instance have Postfix starting and a postfwd application, it is essential that the postfwd is started before Postfix. Having Postfix start value of 80 you need a lower value for the Postfwd (78 for example).

After we added this line to /etc/init.d/postfwd file, lets repeat:

chkconfig –add postfwd

Ok. This worked. But, I had a lot of problems in a supplied default init script of policyfwd. I had to change a startup script a lot. After faunding out that init script is somehow strange, I had to rewrite a script based on postgrey’s init script. Here it is ready to download. So copy this one to /etc/init.d.

Now, start it with:

service postfwd start

It should work. Now to make Postfix aware of it. Open your postfix /etc/postfix/main.cf and insert or edit the following.

127.0.0.1:10040_time_limit	= 3600
smtpd_recipient_restrictions	= ...
				  ...
				  check_policy_service inet:127.0.0.1:10040,
				  permit

smtpd_end_of_data_restrictions =
				  check_policy_service inet:127.0.0.1:10040

The last one is needed because you have to call postfwd at end_of_data state for reliable size checks.

Testing it up

If you want to list the rules, just type:

/usr/local/postfwd/sbin/postfwd -f /etc/postfix/postfwd.cf -C

Finally, if you are satisfied, start postfwd and reload postfix. Then, monitor the log file for lines mentioning postfwd with:

tail -f /var/log/maillog | grep postfwd

There is an example policy request distributed with postfwd, called ‘request.sample’. Simply change it to meet your requirements:

nano /usr/local/postfwd/tools/request.sample
/usr/local/postfwd/sbin/postfwd -f /etc/postfix/postfwd.cf </usr/local/postfwd/tools/request.sample

Thats it.

No - it is not!

Really a bug not counted as one

I spent at least an hour just to find out the bug. No! It is not a bug. I just need to read very, very carefully:

From the Doc’s: “Multiple use of the same item is allowed and will compared as logical OR ”

So macro with this content:

&&LIMITEDS { sender=.*@onedomain.com ; sender~=user@seconddomain.com; };

will work, and the following one will not (only first rule will be accounted):

&&LIMITEDS { sender_domain=onedomain.com ; sender~=user@seconddomain.com; };

Reverse IP tools, in order of quality:

http://whois.webhosting.info/

http://www.yougetsignal.com/tools/web-sites-on-web-server/

http://www.myipneighbors.com/

And, not free ones:

http://www.domaintools.com/reverse-ip/

http://www.securityspace.com/bizintel/reverse-ip.html

If you are using ProFTPD, the uploads can not be resumed, by default. Change this by editing the configuration file (/etc/proftpd.conf) and changing-adding following values:

AllowOverwrite on
AllowStoreRestart on

The first one is probably already enabled in config file. Resumed upload is considered the same as a file overwrite (in ProFTPD). Therefore the file overwriting must be enabled.

And, it can be done on Fedora / CentOS in an easy manner.

The best tutorial is this, and a good ones are these and these.

Greylisting is very effective in reducing spam - almost 90% of servers contacting our mail system are illegitimate, and greylisting reduces the noise from them. Some of the best products is milter-greylist (it is still not aware that postfix is milter compatible). For postfix, there is a similar solution called postgrey.

Postgrey - this one I choose.  Best tutorial I found for installing on my CentOS was here.

Milter Greylisting solutions: milter-greylist, milter-gris, Scam-grey milter.

These are only basic limits, that are valid for entire host-domain. These can be set fairly high, if you really need that. Later on, you can impose other limits with some milter filters.

Current values can be seen with:

postconf  | grep 'mailbox_size_limit\|message_size_limit\|virtual_mailbox_limit'

Default values are:

postconf -d | grep 'mailbox_size_limit\|message_size_limit\|virtual_mailbox_limit'

Edit values with:

postconf -e 'message_size_limit = 104857600'

This changes /etc/postfix/main.cf confguration file. Mine values are:

# 100 Mb
message_size_limit = 104857600

# 1 Gb
mailbox_size_limit = 1073741824
virtual_mailbox_limit = 1073741824

Milters I’ve found while looking for mail throttling

Best milters that I found, excluding the ones that provide graylisting functionality, were:

• j-chkmail: Multipurpose mail filtering software.
• Milter-regex: Reject mail matching regular expressions. Simple and can be usefull.
• Mailfromd: General-purpose mail filtering daemon. It looked too complicated for me.
• milter-limit: Limit number of mails, per sender. Looks like it has not enough documentation.
• milter-length: Limiting mails by message size.

But, milters are native for Sendmail, not Postfix (but they work in latest Postfix). Analog solution for Postfix is to use some Policy Daemon:

• postfix_policy: It has a web interface as a plus. This looks logical to me, because it allows a administrator to configure in an easy way.
• postfwd: The configuration looked the simplest to me. S I decided to go with this one.
• ACL Policy Daemon: Apolicyd (Python) does have message size limiting, but does not have message count (rate-limiting or throttling) control. And, according to this post, it is very heavy on the server load. So, it’s out.

These are actively maintained, and Policyd-weight is not active anymore. Finally, I decided to go for Postfwd.

I am surprised that there are so little open-source solution for this very common need in corporate environment.

The first that slips mind are Postfix’s bcc_maps directives (or similar). Alternative mechanism should be pretty straightforward - thru milter system. If someone reading this post finds some other useful utility (open source only), please post a comment about it.

And, my list f sound open-source solutions is:

• Postfix’s recipient_bcc_maps (mails send to some adresses) or sender_bcc_maps (for mails sent by some user addresses)
• Open Mail Archiver (I really like the straightforward idea)
• Scam-archiver
• MailArchiva (Open Source Edition)
• Or maybe some procmail recipes like here or Æmail

Suddently, on my CentOS the Logwatch mails are very big, with huge Postfix “**Unmatched Entries**” section, mostly about messages dropped because they were in RBLs, similar to this:

Service unavailable; Client host [x.x.x.x] blocked using zen.spamhaus.org; ...

My logwatch package is up to date. Problem is - the service and configuration for postfix in that package are not.

You need to update postfix filter portion of logwatch.
It can be updated either from: http://www.mikecappella.com/logwatch or from latest version of logwatch at: www.logwatch.org

For me, the first link was better because it had a fresher scripts. I downloaded the package, and only two files are needed for me (do not install or anything).

Just rename (remove -logwatch part of filename) files

postfix-logwatch
postfix-logwatch.conf

to

postfix
postfix.conf

and copy them to

       /etc/logwatch/scripts/services/postfix (The Logwatch postfix filter)
       /etc/logwatch/conf/services/postfix.conf (The Logwatch postfix filter configuration file)

Files at this location will override default values. And this should fix the problem.

But, there was a problem with  file services/postfix where I had to remove the first line for logwatch to work. Now, when I execute /etc/cron.daily/0logwatch, I do get an reasonable sized email with email statistics.

I just got tired of looking at lot of these messages in my Apache log (or similar ones in ssh log)

[error] [client xx.121.146.224] File does not exist: /var/www/sharedip/ads
[error] [client xx.121.146.224] File does not exist: /var/www/sharedip/thisdoesnotexistahaha.php
[error] [client xx.121.146.224] File does not exist: /var/www/sharedip/drupal
[error] [client xx.121.146.224] File does not exist: /var/www/sharedip/adserver
[error] [client xx.121.146.224] File does not exist: /var/www/sharedip/adxmlrpc.php
[error] [client xx.121.146.224] File does not exist: /var/www/sharedip/xmlrpc.php

These robots are constantly trying to exploit vunerabilities. I want to stop them.

There are couple of solutions, but after researching, I concluded that for me the best one is Fail2Ban (compared to DenyHosts or BlockHosts), specially because it can analyze log files for Apache, SSH, FTP and Postfix (and I have it in repository). BTW, there was some vulnerabilities with it, in the past.

All the configuration is done in /etc/fail2ban/jail.conf.

To find out what IP addresses are most active in accessing your webistes, just execute this line against Apache access log.

awk '{print $1}' access_log | sort | uniq -c | sort -n | tail -20 | awk '{print $2,$2,$1}' | logresolve | awk '{printf "%6d %s (%s)\n",$3,$1,$2}'

where access_log is filename for Apache  access log file, and -20 means that I want to see a first 20 addresses. Great resource of information can be found at the-art-of-web.com.

Very good source that I did not use: http://www.howtoforge.com/mail_statistics_mailgraph_pflogsumm

I setup AWStats package on my server using instructions on this DjTremors site.

And everything worked, besides the fact that I must disable suexec in ISPConfig (Management / Server - Settings / Web / suexec Checkbox).

At first, I tried adding this statistics inside a ISPConfig’s http server. Just to remember, whenever I need something to be an option in ISPConfig, under the Tools menu. This is done by creating a subdirectory in  /home/admispconfig/ispconfig/web/tools/tools, and creating a nav.inc.php file there

But the problem arises because Perl can not be enabled without larger modifications in a /root/ispconfig/httpd/conf/httpd.conf. I always got an error

mod_perl.so: undefined symbol: apr_bucket_shared_split

So I made a Tools link, but pointing to a main Apache server (where I have Perl enabled).

File: nav.inc.php

<? if($go_api->auth->check_admin(0,1)) {
/*
   Only Admin can see this
   Copyright (c) 2008, cvladan.com, Vladan Colovic - All rights reserved.
*/
?>
<!-- Mail AWStats for all domains //-->

menuDaten.neu(new LinkEintrag('root','<? echo $go_api->lng("Mail Server Statistics")?>','http://www.duplonucleo.com/ispcstats/awstats.pl?config=mail','_blank','email.gif','Ma
il Server Stats','n',''));

<? } ?>

Let me explain important files in AWStats for ISPConfig. There is /root/ispconfig/scripts/shell/awstats.php file that periodically recreates .conf files in /etc/awstats, based on virtual domains created in web home /var/www. There is no need to change this file. Another important file is/home/admispconfig/ispconfig/web/ispc.awstats/awstats_updateall.pl which is executed periodically too. This file launches update process for all AWStats config files, except awstats.model.conf found in a particular directory (in our case /etc/awstats), so you can easily setup.

As we see, there is no need to change anything. It will automaticly update our mail statistics. So, lets go there…

First, I needed to add a script  maillogconvert.pl  where it sould be in a first place - in: /home/admispconfig/ispconfig/web/ispc.awstats

Then edit the /etc/awstats/awstats.mail.conf and … Not so good link, and much better (original).

And do not be shooked with the amount of mails recieved by admispconfig@. Thats ok. The admispconfig mailbox is a script that generates your mail statistics. The emails that go to admispconfig contain the size of the original email sent to one of your users in bytes.

And, after everything, I just updated AWStats from 6.5 to version 6.8 (latest one)

The easiest way to check if WAN load balancing is working to go to the different sites that show IP, and check that all IP addresses are different. In my case, I had to get 3 different IP’s. So, use these sites: whatismyip.net, whatismyip.org, whatismyip.com, ipnow.org

I just stumbled on a post that I just had to contribute mine photos. Here they are…

Great tool - everything that I wanted. So check out the http://www.intodns.com/

One month after, the server is out of reach. Just in case - I found another comparable one: http://dnssy.com/

I am using PuTTY to *remotely* access my server via ssh. Recently, I started using a Norton Commander clone called Midnight Commander, wich is incredibly usefull. But, decorative elements (line drawings) are displayed wrongwith some wierd characters. The solution in PuTTY is to change the folowing options:

Window > Translation >  Received data assumed to be in which character set: UTF-8
Window > Translation >  Handling of line drawing characters: Use Unicode line drawing code points
Connection > Data > Terminal details > Terminal-type string: linux
Terminal > Keyboard > The Function keys and keypad: Linux

The commander is now working as it was supposed to. Source of information.

Besides this, when we are already in PuTTY, to mention couple of configuration settings:

Connection > SSH > Enable compression: on
Connection > SSH > Preffered SSH protocol version: 2 only

If you want PuTTY to open some session when you start it, just create a shortcut and add a suffix

-load "Session-Name"

For example: C:\Program Files\Putty\putty.exe -load "MySession"

Find in history

Don’t search history by grepping ~/.bash_history, or repeatedly hitting the up arrow, instead use CTRL+r (or ‘/’ in vi-mode) for search-as-you type. You can immediately run the command by pressing Enter.

Changing file extensions

Rename replaces string X in a set of file names with string Y.

rename 's/.html$/.php/' *.html

This will change the extension of every .html file in your CWD to .php.Selected Keystrokes:
Ctrl-U - Cuts everything to the left
Ctrl-W - Cuts the word to the left
Ctrl-Y - Pastes what’s in the buffer
Ctrl-A - Go to beginning of line
Ctrl-E - Go to end of line

Use && to run a second command if and only if a first command succeeds:

cd tmp/a/b/c && tar xvf ~/archive.tar

Use || to run a second command if and only if a first command fails:
cd /tmp/a/b || mkdir -p /tmp/a/b

See your favorite commands

Use the following to see the commands you use most often based on your shell history:

history | awk '{print $2}' | sort | uniq -c | sort -rn | head

Sum up your HDD space

Longish oneliner (I actually wrote it in one line first) for giving you somewhat (mount list is never good enough) accurate sum of your file systems’ totals.

df | egrep -v “(Filesystem|\/dev$|shm$|dvd|cdrom)” | awk ‘{totalu += $2 ; totalf += $4} END {print “Total space in devices: ” (totalu/1024/1024) ” GB\nFree space total: ” (totalf/1024/1024) ” GB”}’

Argument list too long

ls | xargs rm

Sometime there are so many files in a directory than the rm command doesn’t work

[root@server logs]# rm *
bash: /bin/rm: Argument list too long

On this case the best option is to use ls in conjuntion with xargs

[root@server logs]# ls | xargs rm

http://en.wikipedia.org/wiki/Xargs

Get your IP address

lynx -dump http://whatismyip.com | awk '/^Your/ {print $5}'

Run commands on logout

If a file named $HOME/.logout (a file named .logout in your home directory) exists, and the following trap statement is in your .profile, .logout is executed when you logout.

Add this to .profile:

trap "$HOME/.logout" 0

Remove comments and blank lines

sed ‘/ *#/d; /^ *$/d’ file
Remove comments and blank lines from file

Remove empty directories

To remove empty directories (even if filenames or dirnames contain spaces or weird characters) from a tree you can do:

find . -type d -empty -print0 | xargs -0 rmdir

Duplicate directory tree

The following command creates in the /usr/project directory, a copy of the current working directory structure:

find . -type d -print|sed ’s@^\.\{0,1\}@/usr/project@’ | sed ’s/ /\\ /’ | xargs mkdir -p