Install SSH Server on Linux (Debian, Ubuntu, Fedora, CentOS, RedHat)

Debian / Ubuntu

sudo apt-get install -y openssh-server

RPM based Distros, Fedora / CentOS / RedHat

sudo dnf install -y openssh-server

or use yum

sudo yum install -y openssh-server

Start ssh service

sudo systemctl start sshd

By default the SSH service should start when the system starts, but if not try the following command to enable the service on boot up.

Debian / Ubuntu

systemctl enable ssh

Fedora, CentOS, RedHat

systemctl enable ssh

Change SSH port

Not necessary, but it is a good idea to change the default ssh port.  To change the port edit the sshd file.

vi /etc/ssh/sshd_config

Moving emails to new host with imapsync

More info about imapsync here

Install imapsync

CentOS 7, Works on cPanel servers too

yum install epel-release && yum install imapsync

Once installed check and make sure it works.

imapsync --version

If it gives you the version number you should be good to go.

Move email account

imapsync --host1 mail.emaildomain.com --user1 username@emaildomain.com --password1  "password1" --host2 mail.exampledomain.com --user2 username@movetodomain.com --password2  "password2"

Example :

imapsync --host1 mail.myemail.com --user1 bob@myemail.com --password1  "password1" --host2 mail.incredigeek.com --user2 bob@incredigeek.com --password2  "password2"

Moving Multiple accounts

Best way to move multiple accounts is to use a script and and a list that contains all the usernames and passwords to the accounts you want to move.

example scripts can be found on the imapsync website here is a script example and here is the example file.txt

Example script.

#!/bin/sh
#
# $Id: sync_loop_unix.sh,v 1.6 2015/11/04 18:23:04 gilles Exp gilles $

# Example for imapsync massive migration on Unix systems.
# See also http://imapsync.lamiral.info/FAQ.d/FAQ.Massive.txt
#
# Data is supposed to be in file.txt in the following format:
# host001_1;user001_1;password001_1;host001_2;user001_2;password001_2;
# ...
# Separator is character semi-colon ";" it can be changed by any character changing IFS=';' 
# in the while loop below.
# # Each line contains 6 columns, columns are parameter values for 
# --host1 --user1 --password1 --host2 --user2 --password2
# and a trailing empty fake column to avaid CR LF part going 
# in the 6th parameter password2. Don't forget the last semicolon.
#
# You can add extra options after the variable "$@" 
# Use character backslash \ at the end of each suplementary line, except for the last one.
# You can also pass extra options via the parameters of this script since
# they will be in "$@"

# The credentials filename "file.txt" used for the loop can be renamed 
# by changing "file.txt" below.


echo Looping on account credentials found in file.txt
echo

{ while IFS=';' read  h1 u1 p1 h2 u2 p2 fake
    do 
        { echo "$h1" | egrep "^#" ; } > /dev/null && continue # this skip commented lines in file.txt
        echo "==== Starting imapsync from host1 $h1 user1 $u1 to host2 $h2 user2 $u2 ===="
        imapsync --host1 "$h1" --user1 "$u1" --password1 "$p1" \
                 --host2 "$h2" --user2 "$u2" --password2 "$p2" \
                 "$@"  
        echo "==== Ended imapsync from host1 $h1 user1 $u1 to host2 $h2 user2 $u2 ===="
        echo
    done 
} < file.txt

Example list of accounts to

mail.maildomain.com;user1@incredigeek.com;password1;mail.incredigeek.com;user2@incredigeek.com;password2;

 

How to use,

You can run these command from a Linux computer

Download script

wget www.incredigeek.com/home/downloads/imapsync/imapsync_loop.sh

Make the script executable

chmod +x imapsync_loop.sh

Create a text file named “imapsync_list.txt”

This file will contain the mail server to transfer from, username, and password, and then the mail server to transfer to, username and password.  Add one line per account.

Example:

mail.servertotransferfrom.com;Username1;Password1;mail.servertomoveto.com;Username2;Password2;
mail.servertotransferfrom.com;testuser;123456;mail.servertomoveto.com;bob;123456;

Execute the script to start moving mail

./imapsync_loop.sh

Troubleshooting

In the username you may need to use the username@domainname.tld, so if the username is bob, and the mail domain is incredigeek.com, use bob@incredigeek.com for the username in the imapsync_list.txt.

How To export private SSH key on Linux

All that needs to be done is the “id_rsa” key needs to be copied to the “new” host.  You can do this with SCP or sftp.

Example with SCP

The following examples are showing how to export a RSA private key, if your using DSA, then replace id_rsa with id_dsa.

Copy private key from remote server to local machine for the local user

scp root@192.168.1.1:~/.ssh/id_rsa ~/.ssh/

Copy private key from localhost to remote host.  This command copies the local users private key to the root user @ 192.168.1.1

scp ~/.ssh/id_rsa root@192.168.1.1:~/.ssh/

 

Allow SSH access from a specific host using hosts.allow and hosts.deny on Linux

This is just a quick write on the hosts.allow and deny files.  You can lookup “spawn” and/or “twist” for some advanced usage.

 

So to limit an IP address, or a IP range access to SSH, do the following

Deny all incoming request for SSH

Edit the “hosts.deny” file

vi /etc/hosts.deny

add the following line

sshd : ALL

Now edit “hosts.allow” and allow the client IP, or IP range to access SSH

vi /etc/hosts.allow

add the following line to allow a single IP

sshd : 192.168.1.182

If you want to allow the whole subnet, then replace the above line with this one

sshd : 192.168.1.

hosts.allow overrides hosts.deny.  So you deny everything and then allow exceptions.

How to Install ZenPack on Zenoss 5.1

To install a ZenPack on Zenoss 5.1 and later, you are going to need to stop the zenoss services, restart a couple services that are needed to install the ZenPack, install the ZenPack, and then restart the Zenoss service.

Stop Zenoss.Core :

serviced service stop 

Make sure the service is stopped by running the following command.  When it reports back the Zenoss is Stopped, then continue.

 if ( serviced service status Zenoss.Core | awk '{print $3}' | grep -q Stopped) ; then echo "Zenoss is not running!" ; else echo "Zenoss is not Stopped!" ; fi

Or you can run this command, just make sure it says it is stopped.

serviced service status zenoss.core

Create a Snapshot

serviced service snapshot Zenoss.core

Start the following three services

serviced service start Infrastructure
zeneventserver
Zope


serviced service start Infrastructure
serviced service start zeneventserver
serviced service start Zope

Change directory to tmp, make sure you put the zenpack in /tmp

cd /tmp

Install the Zenpack

serviced service run zope zenpack-manager install *.egg

Example:

serviced service run zope zenpack-manager install ZenPacks.zenoss.MikroTik-1.1.1.egg

Restart the Zenoss Service

serviced service restart zenoss.core

Log into Zenoss and check it.

Zenoss 5 RabbitMQ not starting

The following is some commands to try and troubleshoot RabbitMQ not starting in Zenoss 5.

Connecting to the RabbitMQ container

serviced service attach $(serviced service list | grep -i rabbitmq | awk '{print $2}')

Check the service

You can check the RabbitMQ service by running “rabbitmqctl status”

[root@764399e5hhba /]# rabbitmqctl status
Status of node rabbit@rbt0 ...
Error: unable to connect to node rabbit@rbt0: nodedown

DIAGNOSTICS
===========

attempted to contact: [rabbit@rbt0]

rabbit@rbt0:
  * unable to connect to epmd (port 4369) on rbt0: nxdomain (non-existing domain)


current node details:
- node name: rabbitmqct22222@764399e5hhba
- home dir: /var/lib/rabbitmq
- cookie hash: yy3+awwOpeaaaa12wdf42ff==

[root@764399e5hhba /]# 

As you can see the node is down so RabbitMQ is not able to start.

Try to ping rbt0 (RabbitMQ connects to rbt0 so if it can’t resolve, then it can’t start)

ping rbt0

If you get a “ping: unknown host rbt0” then add the following to /etc/hosts.  Change the IP address to the IP address of the container.  You can run “ip addr” or ifconfig to get the IP.

172.20.0.11  rbt0

Or if your interface is eth0, you can run this command.

echo "$(ifconfig eth0 | grep "inet " | awk '{print $2}')  rbt0"  >> /etc/hosts

Then run “rabbitmqctl status” again.  The service auto starts, so it may take a minute, but you should see something similar to the following. (Not that I cut some of the text out.)

[root@764399e5hhba /]# rabbitmqctl status
 Status of node rabbit@rbt0 ...
 [{pid,4629},
 {running_applications,
 ... CUT TEXT ...
 {uptime,5}]
 ...done.
 [root@764399e5hhba /]#

 

Checking vhost

List the RabbitMQ vhosts with “rabbitmqcl list_vhosts”

[root@764399e5hhba /]# rabbitmqctl list_vhosts
 Listing vhosts ...
 /
 /zenoss
 ...done.

If you run rabbitmqctl list_vhosts and don’t see /zenoss, then add it

rabbitmqctl add_vhost /zenoss
rabbitmqctl set_permissions -p /zenoss zenoss '.*' '.*' '.*'

If the vhost is up then you can try deleting the zenoss vhosts and readding it.

[root@764399e5hhba /]#
rabbitmqctl delete_vhost /zenoss
rabbitmqctl add_vhost /zenoss
rabbitmqctl set_permissions -p /zenoss zenoss '.*' '.*' '.*'

The only downside to theses changes is that once the service gets restarted the changes you made inside the container will be lost, There should be a way to update the container so that the changes are persistent.

Setting up MySQL for FreeRadius

Install Mysql

yum install mariadb mariadb-server freeradius-mysql

Setup MySQL database.

mysql -u root -p
CREATE DATABASE radius;
GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "RadiusPassword";
exit

Import the schema.sql file into the db.

mysql -u radius -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql

Should be good to go.

Setting up SNMP V3 on CentOS

Install SNMP.

yum install net-snmp net-snmp-utils

Configure the SNMP V3 user by running the following command and then following the prompts it gives you.

net-snmp-create-v3-user

Example: The username is “snmpadmin” and the password is”r123456″

[root@localhost ~]# net-snmp-create-v3-user
Enter a SNMPv3 user name to create:
snmpadmin
Enter authentication pass-phrase:
r123456
Enter encryption pass-phrase:
  [press return to reuse the authentication pass-phrase]

adding the following line to /var/lib/net-snmp/snmpd.conf:
   createUser snmpadmin MD5 "r123456" DES
adding the following line to /etc/snmp/snmpd.conf:
   rwuser snmpadmin
[root@localhost ~]#

 

Start snmpd service

service snmpd start

configure snmp to start on system boot.

chkconfig snmpd on

 

Test and make sure snmp is working

replace “password” and “username” with the ones you setup when you created the SNMP V3 user.

snmpwalk -v 3 -a MD5 -A password -l authNoPriv -u username localhost

If you receive something like “snmpwalk: Timeout” then something is not working correctly.  Check to make sure the service is started, and make sure that your firewall is not blocking SNMP.

If you are running a firewall, run the following commands to allow it through.

firewall-cmd --zone=public --add-port=161/udp --permanent
semanage port -a -t snmp_port_t -p udp 161
firewall-cmd --reload

On iptables you should be able to do

 iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 161 -j ACCEPT

or add it to /etc/sysconfig/iptables and then restart iptables