Posts Tagged ‘vim’

Set up Modsecurity on Debian 7 GNU / Linux to mitigate websites virus infections / Cross Site Scripting and SQL Injects

Friday, September 6th, 2013

mod security raise up your Apache webserver security and protect against cross site scripting javascript hacks and viruses

There are plenty of tutorials around on how to install and configure modsecurity  So This tutorial is nothing new, but I decided to write it since, I had to install mod_security on Debian Wheezy to protect a Debian Linux server websites from being periodically infected with Viruses / XSS / Backdoored Javascripts and Trojan horses.

Everyone who used Debian stable distribution knows the packages included in it are usually about 2 years older than latest available. Situation with latest Debian stable Wheezy  is same, but anyways even a bit outdated my experience so far is mod_security does a great job of protecting Apache sites …

1. Install libapache-mod-security and other libraries (not obligitory), but useful on most Apache + PHP servers

  Run below commands to add xml and rest of useful Apache stuff:


apt-get install libxml2 libxml2-dev libxml2-utils
apt-get install libaprutil1 libaprutil1-dev

Above commands will install a bunch of other dependency packages.

Next install mod-security deb. Run below command, to install and activate modsecurity. Note that installing libapache-mod-security will also automatically restart the Apache server.
 

apt-get install libapache-mod-security

Next to enable all functionality of modsecurity headers Apache module is required as well, activate it with:

 
a2enmod headers
service apache2 restart

2. Make sure mod_security Apache config looks like

 

<IfModule security2_module>
# Default Debian dir for modsecurity's persistent data
SecDataDir /var/cache/modsecurity
# Include all the *.conf files in /etc/modsecurity.
# Keeping your local configuration in that directory
# will allow for an easy upgrade of THIS file and
# make your life easier
Include "/etc/modsecurity/*.conf"
</IfModule>

Important part of conf is  "Include "/etc/modsecurity/*.conf"" line. /etc/modsecurity directory is main place to set up and configure modsecurity. This configuration file, combined with mod-security.load, do everything necessary to load the modsecurity into Apache server.

3.Enable and Load modsecurity default configuration rules:

So far, modsecurity is loaded into the apache server, but isn't stopping any attempts of hack scripts / Viruses / or automated tools to exploit Vulnerabilities in Web Applications. To make modsecurity start filtering requests, should activate  modsecurity specific configuration and load some regular expression rules.
First to do is enable "recommended" modsecurity configuration file:
 

Code:
cd /etc/modsecurity
mv modsecurity.conf-recommended modsecurity.conf

Default configuration from recommended conf enables modsecurity in an "examine only" mode. In order to make full use of the module, we have to make a few changes. With  favorite text editor open modsecurity.conf (mine is vim)and make the following change:

Code:
SecRuleEngine On

This makes modsecurity to block requests based on its (pre-written) developer rules. Other settings in this file that are useful to know about are the debug controls, very useful, whether you have to debug problems with sites not properly opening due to server enabled mod_security.
 

Code:
#SecDebugLog /opt/modsecurity/var/log/debug.log
#SecDebugLogLevel 3

This controls how much information is stored in modsecurity's "audit log as well as keeps track of attacks launched to server. Default debug level of 3 is pretty much and stores "everything". This is dangerous as a huge logs are produces on  busy servers.
 

Code:
SecAuditLogParts ABIJDEFHZ

4. Enable extra modsecurity prevention rules

Modsecurity works by using rules by pre-defined patterns used to recognize when your website/s is being probed or attacked. Once installed modsecurity base package as a dependency modsecurity-crs package is installed. modsecurity-crs contains addition free core rule set. Current Core rule from modsecurity.org are newer than version included with wheezy,  thus rules lack a bit behind but this is only option whether using default debian bundled packge otherwise manual modsecurity recompile is required. We all know how bad it is to custom compile software on production machines, so custom compile experiments are really bad idea.

CRS (Core Rule Set) is installed in /usr/share/modsecurity-crs. This directory contains an "activated_rules" directory present also in /etc/modsecurity

Quickest way to activate rules is by symlinking from the actual config and rule files into the /etc/modsecurity config directory.

We'll be making links from the /usr/share/modsecurity location into /etc/modsecurity to activate some other useful modsec useful rules. First link main crs config file:
 

ln -s /usr/share/modsecurity-crs/modsecurity_crs_10_setup.conf /etc/modsecurity/modsecurity_crs_10_setup.conf

This file provides some basic configuration directives for crs.

Futher on, link each rule file in the base_rules and optional_rules directories using 2 tiny bash loops.
 

 
cd /usr/share/modsecurity-crs/base_rules
for f in * ; do sudo ln -s /usr/share/modsecurity-crs/base_rules/$f /etc/modsecurity/$f ; done
cd /usr/share/modsecurity-crs/optional_rules
for f in * ; do sudo ln -s /usr/share/modsecurity-crs/optional_rules/$f /etc/modsecurity/$f ; done

With that done, there's one more edit to check if modsecurity blocking works as expected. Open the /etc/modsecurity/modsecurity.conf file and add the following lines at the end (this is from the free, modsecurity pdf book, link provided below)
 

 
SecRule ARGS "MY_UNIQUE_TEST_STRING"\
"phase:1,log,deny,status:503"

Finally after all configuration rules are loaded to modsec, Usual Apache restart is required:

 
/etc/init.d/apache2 restart

Whether no fatal errors pop up and Apache starts normally, now modsecurity should be properly running.

5. Verify if modsecurity is set-up and kicking ass

To verify installation, open a browser and access some of hosted websites  like this:
http://www.your-server-domain.com/?test=MY_UNIQUE_TEST_STRING

A sure sign that modsec works is  503 "Service Temporarily Unavailable" message from Apache. Alternatively  examine server's modsec audit log file (default location in /var/log/apache2/modsec_audit.log) (grep the string MY_UNIQUE_TEST_STRING. You should see full transcript of the communication between your browser and server logged. Depending on amount of site traffic gets make sure to monitor  size of file for some minutes to make sure it doesn't grow too big and it doesn't fill up quickly your HDD.

Well now all fine your Apache server security is better for sure and by God's grace you should not have to deal with hundreds of hours of sites recovery after a bunch of client's websites are hacked.

Feedback and comments are mostly welcome. Enjoy 😉

How to tune MySQL Server to increase MySQL performance using mysqltuner.pl and Tuning-primer.sh

Tuesday, August 9th, 2011

MySQL Easy performance tuning with mysqltuner.pl and Tuning-primer.sh scripts

Improving MySQL performance is crucial for improving a website responce times, reduce server load and improve overall work efficiency of a mysql database server.

I’ve seen however many Linux System administrators who does belittle or completely miss the significance of tuning a newly installed MySQL server installation.
The reason behind that is probably caused by fact that many people think MySQL config variables, would not significantly improve performance and does not pay back for optimization efforts. Moreover there are a bunch of system admins who has to take care for numerous services so they don’t have time to get good knowledge to optimize MySQL servers.
Thus many admins and webmasters nowdays, think optimizations depend mostly on the side of the website programmers.
It’s also sometimes falsely believed that optimizing a MySQL server could reduce the overall server stability.

With the boom of Internet website building and internet marketing, many webmasters emerged and almost anybody with almost no knowledge on GNU/Linux or minimal or no knowledge on PHP can start his Online store, open a blog or create a website powered by some CMS like joomla.
Thus nowdays many servers even doesn’t have a hired system administrators but are managed by people whose knowledge on *Nix is almost next to zero, this is another reason why dozens of MySQL installations online are a default ones and are not taking a good advantage of the server hardware.

The incrase of website visitors leads people servers expectations for hardware also to grow, thus many companies simply buy a new hardware instead of taking the few time to investigate on how current server hardware can be utilized better.
In that manner of thought I though it will be a good idea to write this small article on Tuning mysql servers with two scripts Tuning-primer.sh and mysqltuner.pl.
The scripts are ultra easy to use and does not require only a minimal knowledge on MySQL, Linux or (*BSD *nix if sql is running on BSD).
Tuning-primer.sh and mysqltuner.pl are therefore suitable for a quick MySQL server optimizations to even people who are no computer experts.

I use this two scripts for MySQL server optimizations on almost every new configured GNU/Linux with a MySQL backend.
Use of the script comes to simply download with wget, lynx, curl or some other web client and execute it on the server host which is already running the MySQL server.

Here is an example of how simple it is to run the scripts to Optimize MySQL:

debian:~# perl mysqltuner.pl
>> MySQLTuner 1.2.0 - Major Hayden >major@mhtx.net<
>> Bug reports, feature requests, and downloads at http://mysqltuner.com/
>> Run with '--help' for additional options and output filtering

——– General Statistics ————————————————–
[–] Skipped version check for MySQLTuner script
[OK] Currently running supported MySQL version 5.1.49-3
[OK] Operating on 64-bit architecture

——– Storage Engine Statistics ——————————————-
[–] Status: +Archive -BDB -Federated +InnoDB -ISAM -NDBCluster
[–] Data in MyISAM tables: 6G (Tables: 952)
[!!] InnoDB is enabled but isn’t being used
[!!] Total fragmented tables: 12

——– Security Recommendations ——————————————-
[OK] All database users have passwords assigned

——– Performance Metrics ————————————————-
[–] Up for: 1d 2h 3m 35s (68M q [732.193 qps], 610K conn, TX: 49B, RX: 11B)
[–] Reads / Writes: 76% / 24%
[–] Total buffers: 512.0M global + 2.8M per thread (2000 max threads)
[OK] Maximum possible memory usage: 6.0G (25% of installed RAM)
[OK] Slow queries: 0% (3K/68M)
[OK] Highest usage of available connections: 7% (159/2000)
[OK] Key buffer size / total MyISAM indexes: 230.0M/1.7G
[OK] Key buffer hit rate: 97.8% (11B cached / 257M reads)
[OK] Query cache efficiency: 76.6% (46M cached / 61M selects)
[!!] Query cache prunes per day: 1822075
[OK] Sorts requiring temporary tables: 0% (1K temp sorts / 2M sorts)
[!!] Joins performed without indexes: 63635
[OK] Temporary tables created on disk: 1% (26K on disk / 2M total)
[OK] Thread cache hit rate: 99% (159 created / 610K connections)
[!!] Table cache hit rate: 4% (1K open / 43K opened)
[OK] Open file limit used: 17% (2K/16K)
[OK] Table locks acquired immediately: 99% (36M immediate / 36M locks)

——– Recommendations —————————————————–
General recommendations:
Add skip-innodb to MySQL configuration to disable InnoDB
Run OPTIMIZE TABLE to defragment tables for better performance
Enable the slow query log to troubleshoot bad queries
Increasing the query_cache size over 128M may reduce performance
Adjust your join queries to always utilize indexes
Increase table_cache gradually to avoid file descriptor limits
Variables to adjust:
query_cache_size (> 256M) [see warning above] join_buffer_size (> 256.0K, or always use indexes with joins) table_cache (> 7200)

You see there are plenty of things, the script reports, for the unexperienced most of the information can be happily skipped without need to know the cryptic output, the section of importance here is Recommendations for some clarity, I’ve made this section to show up bold.

The most imporant things from the Recommendations script output is actually the lines who give suggestions for incrase of certain variables for MySQL.In this example case this are the last three variables:
query_cache_size,
join_buffer_size and
table_cache

All of these variables are tuned from /etc/mysql/my.cnf (on Debian) and derivatives distros and from /etc/my.cnf on RHEL, CentOS, Fedora and the other RPM based Linux distributions.

On some custom server installs my.cnf is also located in /usr/local/mysql/etc/ or some other a bit more unstandard location 😉

Anyways now having the Recommendation from the script, it’s necessery to edit my.cnf and try to double the values for the suggested variables.

First, I check if all the suggested variables are existent in my config with grep , if they’re not then I’ll simply add the variable with doubled size of the suggested values.
P.S: One note here is sometimes some values which are configured, are the default value for the MySQL server and does not have a record in my.cnf

debian:~# grep -E 'query_cache_size|join_buffer_size|table_cache' /etc/mysql/my.cnf table_cache = 7200
query_cache_size = 256M
join_buffer_size = 262144

All of my variables are in the config so, now edit my.cnf and set values to:
table_cache = 14400
query_cache_size = 512M
join_buffer_size = 524288

I always, however preserve the old variable’s value, because sometimes raising the value might create problem and the MySql server might be unable to restart properly.
Thus before going with adding the new values make sure the old ones are commented with # , e.g.:
#table_cache = 7200
#query_cache_size = 256M
#join_buffer_size = 262144

I would recommend vim as editor of choice while editing my.cnf as vim completely rox 😉 If you’re not acquainted to vim use nano or mcedit or your editor of choice 😉 :

debian:~# vim /etc/mysql/my.cnf
...

Assuming that the changes are made, it’s time to restart MySQL to make sure the new values are read by the SQL server.

debian:~# /etc/init.d/mysql restart
* Stopping MySQL database server mysqld [ OK ]
* Starting MySQL database server mysqld [ OK ]
Checking for tables which need an upgrade, are corrupt or were not closed cleanly.

If mysql server fails, however to restart, make sure immediately you reverse back the changed variables to the commented values and restart once again via mysql init script to make server load.

Afterwards start adding the values one by one until find out which one is causing the mysqld to fail.

Now the second script (Tuning-primer.sh) is also really nice for MySQL performance optimizations are necessery. However it’s less portable (as it’s written in bash scripting language).
Consider running this script among different GNU/Linux distributious (especially the newer ones) might produce errors.
Tuning-primer.sh requires some minor code changes to be able to run on FreeBSD, NetBSD and OpenBSD *nices.

The way Tuning-primer.sh works is precisely like mysqltuner.pl , one runs it it gives some info about current running MySQL server and based on certain factors gives suggestions on how increasing or decresing certain my.cnf variables could reduce sql query bottlenecks, solve table locking issues as well as generally improve INSERT, UPDATE query times.

Here is an example output from tuning-primer.sh run on another server:

server:~# wget https://www.pc-freak.net/files/Tuning-primer.sh
...
server:~# sh Tuning-primer.sh
-- MYSQL PERFORMANCE TUNING PRIMER --
- By: Matthew Montgomery -

MySQL Version 5.0.51a-24+lenny5 x86_64

Uptime = 8 days 10 hrs 19 min 8 sec
Avg. qps = 179
Total Questions = 130851322
Threads Connected = 1

Server has been running for over 48hrs.
It should be safe to follow these recommendations

To find out more information on how each of these
runtime variables effects performance visit:
http://dev.mysql.com/doc/refman/5.0/en/server-system-variables.html

SLOW QUERIES
Current long_query_time = 1 sec.
You have 16498 out of 130851322 that take longer than 1 sec. to complete
The slow query log is NOT enabled.
Your long_query_time seems to be fine

MAX CONNECTIONS
Current max_connections = 2000
Current threads_connected = 1
Historic max_used_connections = 85
The number of used connections is 4% of the configured maximum.
Your max_connections variable seems to be fine.

WORKER THREADS
Current thread_cache_size = 128
Current threads_cached = 84
Current threads_per_sec = 0
Historic threads_per_sec = 0
Your thread_cache_size is fine

MEMORY USAGE
Tuning-primer.sh: line 994: let: expression expected
Max Memory Ever Allocated : 741 M
Configured Max Memory Limit : 5049 M
Total System Memory : 23640 M

KEY BUFFER
Current MyISAM index space = 1646 M
Current key_buffer_size = 476 M
Key cache miss rate is 1 / 56
Key buffer fill ratio = 90.00 %
You could increase key_buffer_size
It is safe to raise this up to 1/4 of total system memory;
assuming this is a dedicated database server.

QUERY CACHE
Query cache is enabled
Current query_cache_size = 64 M
Current query_cache_used = 38 M
Current Query cache fill ratio = 59.90 %

SORT OPERATIONS
Current sort_buffer_size = 2 M
Current record/read_rnd_buffer_size = 256.00 K
Sort buffer seems to be fine

JOINS
Current join_buffer_size = 128.00 K
You have had 111560 queries where a join could not use an index properly
You have had 91 joins without keys that check for key usage after each row
You should enable “log-queries-not-using-indexes”
Then look for non indexed joins in the slow query log.
If you are unable to optimize your queries you may want to increase your
join_buffer_size to accommodate larger joins in one pass.

TABLE CACHE
Current table_cache value = 3600 tables
You have a total of 798 tables
You have 1904 open tables.
The table_cache value seems to be fine

TEMP TABLES
Current tmp_table_size = 128 M
1% of tmp tables created were disk based
Created disk tmp tables ratio seems fine

TABLE SCANS
Current read_buffer_size = 128.00 K
Current table scan ratio = 797 : 1
read_buffer_size seems to be fine

TABLE LOCKING
Current Lock Wait ratio = 1 : 1782
You may benefit from selective use of InnoDB.

As seen from script output, there are certain variables which might be increased a bit for better SQL performance, one such variable as suggested is key_buffer_size(You could increase key_buffer_size)

Now the steps to make the tunings to my.cnf are precisely the same as with mysqltuner.pl, e.g.:
1. Preserve old config variables which will be changed by commenting them
2. Double value of current variables in my.cnf suggested by script
3. Restart Mysql server via /etc/init.d/mysql restart cmd.
4. If mysql runs fine monitor mysql performance with mtop or mytop for at least 15 mins / half an hour.

if all is fine run once again the tuning scripts to see if there are no further improvement suggestions, if there are more follow the 4 steps described procedure once again.

It’s also a good idea that these scripts are periodically re-run on the server like once per few months as changes in SQL queries amounts and types will require changes in MySQL operational variables.
The authors of these nice scripts has done great job and have saved us a tons of nerves time, downtimes and money spend on meaningless hardware. So big thanks for the awesome scripts guys 😉
Finally after hopefully succesful deployment of changes, enjoy the incresed SQL server performance 😉

How to configure manually static IP address on Debian GNU/Linux / How to fix eth0 interface not brought up with error (networking restart is deprecated)

Friday, July 29th, 2011

I’ve recently had to manually assign a static IP address on one of the servers I manage, here is how I did it:             

debian:~# vim /etc/network/interfaces

Inside the file I placed:

# The primary network interface
allow-hotplug eth0
auto eth0
iface eth0 inet static address 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.0 gateway 192.168.0.1 dns-nameservers 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220

The broadcast and gateway configuration lines are not obligitory.
dns-nameservers would re-create /etc/resolv.conf file with the nameserver values specified which in these case are Google Public DNS servers and OpenDNS servers.

Very important variable is allow-hotplug eth0
If these variable with eth0 lan interface is omitted or missing (due to some some weird reason), the result would be the output you see from the command below:

debian:~# /etc/init.d/networking restart
Running /etc/init.d/networking restart is deprecated because it may not enable again some interfaces ... (warning).
Reconfiguring network interfaces...

Besides the /etc/init.d/networking restart is deprecated because it may not enable again some interfaces … (warning). , if the allow-hotplug eth0 variable is omitted the eth0 interface would not be brough up on next server boot or via the networking start/stop/restart init script.

My first reaction when I saw the message was that probably I’ll have to use invoke-rc.d, e.g.:
debian:~# invoke-rc.d networking restart
Running invoke-rc.d networking restart is deprecated because it may not enable again some interfaces ... (warning).

However as you see from above’s command output, running invoke-rc.d helped neither.

I was quite surprised with the inability to bring my network up for a while with the networking init script.
Interestingly using the command:

debian:~# ifup eth0

was able to succesfully bring up the network interface, whether still invoke-rc.d networking start failed.

After some wondering I finally figured out that the eth0 was not brought up by networking init script, because auto eth0 or allow-hotplug eth0 (which by the way are completely interchangable variables) were missing.

I added allow-hotplug eth0 and afterwards the networking script worked like a charm 😉

How to add sidebar to single.php (Single Posts) to your wordpress blog default theme

Tuesday, April 12th, 2011

Until recently, I have used a default wordpress theme which historically is a bit old and used to be a default theme to the older versions of wordpress.
Since however, I’ve went to many updates and on the other hand I do like and enjoy the template I have decided to continue use it for my blog until this very day.

However this nice theme’s default behaviour is a bit weird, since by default the Single opened posts are configured in a way that the usual index page sidebar is missing.
As in the sidebar there are plenty of navigation buttons and search in the blog button, at a certain moment I have realized it’s probably not a good idea that the single.php (single blog posts) open up with the right sidebar missing.

Thus I’ve decided to put back the missing sidebar in the single posts, with a hope that this will be helpful to my readers and hence have positive impact on the overall blog user experience.

Doing so prooved to be rather easy, here is how I added back the right sidebar to my wordpress single posts :

1. Edit blog/wp-content/themes/default/single.php

debian:~# vim /var/www/blog/wp-content/themes/default/single.php

2. In the single.php look up for the code:

<div id="content" class="widecolumn">

Substitute this html code with:

<div id="content" class="narrowcolumn">

3. Next find the code: <?php get_footer(); ?>

Right before the get_footer(); php function add in the function;

<?php get_sidebar(); ?>

Tadam! Refresh a single post in Firefox and you should see your blog index.php sidebar to show up.

How to compile latest qmailadmin (qmailadmin 1.2.15) on Debian Squeeze Linux

Thursday, August 11th, 2011

I’ve completed a qmail installation few days ago on a fresh installed Debian Squeeze 64 bit server. All is configured and works fine, except qmailadmin and vqadmin.
As the mail server was missing any kind of web mail administration panel, I needed to make at least one of the two above to make with qmail.

I decided to concentrate on qmailadmin and took the time to make it work. I used the following command lines and got the compile failure during make compilation:

debian:/usr/local/src/qmailadmin-1.2.15# ./configure --enable-cgibindir=/usr/lib/cgi-bin --enable-htmldir=/var/www/qmailadmin/ --enable-modify-quota
...
debian:/usr/local/src/qmailadmin-1.2.15# make
...

The source make failed with the following error:

In file included from template.c:45:
qmailadmin.h:37:1: warning: "MAX_FILE_NAME" redefined
In file included from template.c:28:
/home/vpopmail/include/vpopmail.h:146:1: warning: this is the location of the previous definition
template.c: In function "send_template_now":
template.c:505: error: "VERSION" undeclared (first use in this function)
template.c:505: error: (Each undeclared identifier is reported only once
template.c:505: error: for each function it appears in.)
make[1]: *** [template.o] Error 1
make[1]: Leaving directory `/usr/local/src/qmailadmin-1.2.15'
make: *** [all] Error 2

To workaround these compile issues, I’ve had to modify the C source file belonging to qmailadmin ( template.c ), e.g.:

debian:/usr/local/src/qmailadmin-1.2.15# vim template.c

In the file I had to add besides the line:

#include "util.h"

The code:

#define VERSION ""

Aterwards qmailadmin’s compile and install via make && make install-strip succeeded and now works perfectly fine 😉

How to set up Qmail auto reply (Out of the Office), vacation message manually using .qmail message processing file

Tuesday, February 14th, 2012

Qmail Logo Auto reply message / how to setup qmail auto reply out of the office vacation message

I had to setup a QMAIL auto reply (Out of the Office) message on 5 email addresses and since I haven't done it for a long time it took me a couple 20 minutes to consult Qmail (Life With Qmail http://lifewithqmail.org (great website!) documentation and read a couple of online forum threads until I finally remembered, how I used to be setting up a vacation message manually via qmail's .qmail file.

Of course Setting qmail auto reply can always be done via QmailAdmin or VQadmin ..Qmail Vpopmail web frontends however on many Qmail mail servers Qmailadmin or/and VQadmin is absent due to some reason or even on a big mail servers the server doesn't run Apache at all. Hence it is good to know how to set qmail vacation message directly via plain SSH terminal connection and this is why how this article got born.

So here is how I enable qmail auto reply "manually", through .qmail for my email address info@my-email-domain.com:

1. Set a /var/vpopmail/domains/my-email-domain.com/info/.qmail file with the following content:

| /usr/bin/autorespond 86400 3 /home/vpopmail/domains/my-email-domain.com/info/vacation/message /home/vpopmail/domains/my-email-domain.com/info/vacation

2. Create /home/vpopmail/domains/my-email-domain.com/info/vacation directory

linux:~# mkdir -p /home/vpopmail/domains/my-email-domain.com/info/vacation/

3. Create /home/vpopmail/domains/my-email-domain.com/info/vacation/message file with auto reply message

First create the message file with touch command:

linux:~# touch /home/vpopmail/domains/my-email-domain.com/info/vacation/message

Then put with vim or mcedit etc. an auto-reply vacation message similar to the sample below:

From: info@cadiainsurance.com
Subject: We have received your message. Thank you!

Dear Customer, we thank you for the interest in our services.
A member of our team will reply promptly to your enquiry shortly.

4. Set proper permissions for vacation/message and .qmail files

/home/vpopmail/domains/my-email-domain.com/info/vacation/message and /home/vpopmail/domains/my-email-domain.com/info/.qmail files has to be owned by user/group vpopmail:vchkpw, e.g.:

linux:~# chown -R vpopmail:vchkpw /home/vpopmail/domains/my-email-domain.com/info/vacation
linux:~# chown vpopmail:vchkpw /home/vpopmail/domains/my-email-domain.com/info/.qmail

If you are a qmail administration with the requirement to create auto reply message for employees going on a holiday often (in a middle sized company office), setting up the out of the office auto reply manually one by one is a time consuming, annoying task and "crazy" task. Therefore some time ago while still I was employed in a Bulgarian mid-sized company called Design.BG, I've written a tiny shell script which creates qmail email users vacation messages by passing few arguments.

Here is my create_vpopmail_vacation.sh shell script
Note that this script might have a lot of bugs and is not much tested, so read it carefully and test it before you put it for daily use 😉
Happy Hacking! 😉

Solve ALSA audio and mic issues on Lenovo Thinkpads on Debian and Ubuntu Linux

Wednesday, January 11th, 2012

Since I've blogged about my recent skype issues. I've played a lot with pulseaudio, alsa, alsa-oss to experimented a lot until I figured out why Skype was failing to properly delivery sound and record via my embedded laptop mic.

Anyways, while researching on the cause of my Thinkpad r61 mic issues, I've red a bunch of blog posts by people experiencing microphone oddities with Lenovo Thinkpads

Throughout the search I come across one very good article, which explained that in many cases the Thinkpad sound problems are caused by the snd-hda-intel alsa kernel module. snd-hda-intel fails to automatically set proper sb model type argument during Linux install when the soundcard is initialized with some argument like options snd-hda-intel model=auto

Hence, the suggested fix which should resolve this on many Thinkpad notebooks is up to passing the right module argument:

To fix its neceessery to edit /etc/modprobe.d/alsa-base.conf .

debian:~# vim /etc/modprobe.d/alsa-base.conf

Find the line in the file starting with:
options snd-hda-intel model=

and substitute with:

options snd-hda-intel model=thinkpad

Finally a restart of Advaned Linux Sound Architecture (alsa) is required:

debian:~# /etc/init.d/alsa restart
...

At most cases just restarting the alsa via its init script is not enough, since the ssnd-hda-intel kernel module is already in use by some program or something, so its best to do a reboot to make sure the module is loaded with the new model=thinkpad argument.

My exact laptop sound card model is:

debian:~# lspci |grep -i audio
00:1b.0 Audio device: Intel Corporation 82801H (ICH8 Family) HD Audio Controller (rev 03)

After changing the module and using alsamixer and aumix to make sure mic is unmuted and its volume is high enough, mic sound rec works fine.

How to convert SVG to PNG graphic formats (using GUI and console) on GNU / Linux and FreeBSD

Wednesday, December 7th, 2011

SVG to PNG Convert on GNU / Linux FreeBSD using command and GUI

I’ve playing trying to learn InkScapeThe Open Source vector graphic editor .By so far I’m quite impressed on how easy this program is learned and how easy graphical manipulation with this nifty program can be done.
The default format in which InkScape saves its files is SVG (Scalable Vectors Graphics). For all those unfamiliar with SVG – SVG is an open (free format) format developed in 1999 which insetad of containing binary data like PNG or JPEG does contain plain XML content. SVG being consisted of plain XML has multiple advantageous, the most important one makes it easy for text and visual data to be displayed among different program svg readers in absolutely identical way. Besides that the format if read with plain text editor like vim or emacs can be altered directly via the source.
Being multi system interoperable makes SVG as a great format for text and visual data storage in HTML5, actually SVG is already a part of the HTML5 html coding standard. And most probably its adoption rate will raise up drastically as soon as HTML5 starts substitute HTML4 and lower web standards.

Anyways I’m slipping away from the aim of this post so I’ll stop blabbering on how great SVG is and let people check it out for themselves (if not already).

Going back to the aim of my article to show How to convert SVG to PNG graphical extension on GNU / Linux and FreeBSD

After producing a bunch of files with InkScape I realized the default format in which Inkscape stores its files is SVG , this was okay with me but since I wanted to have my experimental produced content in PNG I needed a way to convert SVG to
My first logical guess was that The Gimp will be able to handle the situation and after opening my SVG file with GIMP and used the gimp File -> Save As option and give the SVGfile an extension of PNG , Gimp succesfully converted the file to PNG.

However I wanted to dig further and check out what is the standard accepted way to convert SVG files using a plain command. This will possibly be handy to me if I had to do something online (let’s say a website) which will accept SVG and will require the SVG files to be converted and also stored in PNG or other Graphic file formats.

After checking online, I’ve found a post which pointed me to librsvg2 which contains RSVG(Turn SVG files into raster images.)

librsvg is available as a package in most mainstream Linux distributions nowdays, Fedora, Debian etc., as well as contains a port inside the FreeBSD ports system. Since I’m using Debian on my notebook where I installed and tested the command line SVG to PNG convertion the way I did it is:

noah:/home/hipo/Desktop# apt-get --yes install librsvg2-bin
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
librsvg2-bin
0 upgraded, 1 newly installed, 0 to remove and 16 not upgraded.
Need to get 72.5 kB of archives.
After this operation, 180 kB of additional disk space will be used.
Get:1 http://ftp.nl.debian.org/debian/ squeeze/main librsvg2-bin amd64 2.26.3-1 [72.5 kB]
Fetched 72.5 kB in 0s (184 kB/s)
Selecting previously deselected package librsvg2-bin.
(Reading database ... 376046 files and directories currently installed.)
Unpacking librsvg2-bin (from .../librsvg2-bin_2.26.3-1_amd64.deb) ...
Processing triggers for man-db ...
Setting up librsvg2-bin (2.26.3-1) ...

Afterwards the exact convertion of my Inscape SVG file drawing.svg to drawing.png using rsvg I’ve done like so:

hipo@noah:~/Desktop$ rsvg drawing.svg drawing.png

The convertion results for me was 100% uniqueness between the file converted and the output PNG. Some people might wonder why I didn’t used Inkscape’s Export to Bitmap function and then use convert command part of ImageMagick in order to convert the produced Inkscape bitmap to PNG.

 

One other thing worthy to mention is on  Debian,  librsvg2-bin contains 2 more executable besides rsvg. One is the rsvg-view command which allows one to view SVG files using command line or Graphic enviroment, the other one is rsvg-convert which supports again SVG convertion to PDF and to PNG

Before proceeding with the other described ways to convert SVG to PNG earlier in this article, I give a try to Inkscape’s Export to Bitmap embedded function but the produced bitmap did not resembled the original SVG file so I decided to completely abandon this method
Maybe there is some particular reason of the chaotic way I’ve tested Inkscape to place random images sometimes going out of the field of a paper etc. which influenced the improper generation of Bitmap using Inkscape, despite that it seems InkScape needs some more development until the bugs in Bitmap producing get fixed and it can be freely used to produce Bitmaps.

Maybe there is some particular reason for the failure of Inkscape to produce a good BMP file, like for example the chaotic way I’ve tested Inkscape to place random images sometimes going out of the field of a paper borders etc.This should have influenced the improper generation of Bitmap using Inkscape, anyhow it seems InkScape needs some more development until the bugs in Bitmap creation get fixed.

By the way if you’re wondering how to convert PNG to bitmap BMP after, once having converted SVG to PNG this is easily doable with convert command, like so:

hipo@noah:~/Desktop$ convert drawing.png drawing.bmp

Maybe in future releases it will be a good idea if InkScape developers integrate a convertion to other formats this will make it handy and make surely these nice program more popular among users. Hope this is helpful. Cheers and as RMS likes to say Happy Hacking 😉