Nov
08
Recently I started hosting a postgresql database, and found myself worried that I wasn’t sure how to do proper backups of it. I have a BackupPC server I use to make backups of all my MySQL dumps and server configs, data, etc. and decided to try make dumps of the postgresql in a similar manner I did when I wrote about doing MySQL Backups using a PHP script.
This time I wrote a simple shell script to do it with. This script has to be run with the postgres user, also from the crontab, make sure it runs as the postgres user.
This was done on CentOS with postgresql 9.0.
#!/bin/bash
#
# Simple postgresql backup script
# Written by Wayne Swart
db_array="MyDatabase1 MyDatabase2 MyDatabase3 MyDatabase4"
logfile="/tmp/pgsql-backup.log"
cd /var/lib/pgsql/9.0/backups
for db in $db_array
do
/usr/bin/pg_dump $db > "$db.sql" 1>> $logfile 2>> $logfile
tar zcvf "$db.tgz" "$db.sql"
rm -rf "$db.sql"
done
Nov
07
Here is a quick and easy way to block certain senders and domains with a simple acl.
First, create a text file in which you want to add the denied domains and sender addresses:
vi /etc/exim/sender_reject.list
Add the following line of text in the file to block everything from lets say gmail.com:
*@gmail.com
Now add the following line of text to your exim config in the acl_check_content section:
deny senders = /etc/exim/sender_reject.list
Nov
02
I have quite a lot of trixbox machines in the field. Most of the clients using them record all their calls, inbound, as well as outbound. Today I noticed the following error at a client: To many files in /var/spool/asterisk/monitor when accessing the portal to listen to recordings, and not all the calls were ‘playable’.
So after a bit of sniffing around I got the solution:
vi /var/www/html/recordings/includes/bootstrap.php
Look for the line of code that reads as follows:
if ($fileCount>$SETTINGS_MAX_FILES) {
And change it with this:
if ($fileCount>300000000) {
Problem solved.
Sep
23
Over the years exim has been been my MTA of choice, so I was quite disappointed to learn that it has been removed from CentOS 6.
Here is correct way to install it on CentOS 6 using the epel repo.
cd /usr/local/src
wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm
rpm -i epel-release-6-5.noarch.rpm
yum install -y exim-mysql
Jun
20
P2P is such a great tool for sharing files, but it can also be quite a pain to manage. I have found a method on Mikrotik that kinda works ok’sh.
First of I have 2 mangle rules to identify the traffic and place the IP’s in an address list.
Then there are two more rules that mark traffic to and from these hosts so it can be queued during peak time.
The first rule marks all p2p connections as a p2p connection in the prerouting chain, where it isn’t already marked as a p2p connection:
chain=prerouting action=mark-connection new-connection-mark=p2p-connection passthrough=no p2p=all-p2p connection-mark=!p2p-connection
The next rule matches these connections on the outside interface and places the source ip address in an address list called p2p-host. You can refine the outside interface with !my-internal-interface for example. Take caution with this rule so you don’t match your internal subnets or else their traffic will also be queued with the p2p-hosts:
chain=prerouting action=add-src-to-address-list address-list=p2p-host address-list-timeout=1d in-interface=ppp-to-mweb connection-mark=p2p-connection
Jun
20
If you have a web server that hosts many sites, it can be hard to do maintenance on all of them, especially if you use different CMS’ such as WordPress, Joomla!, Drupal etc.
We recently found that one of the sites we host has been compromised by hackers and was sending out large amounts of spam. A search of how to actually find such vulnerabilities led me to a gem of a script originally written by someone called Karen Chun and later modified by by the author of 25yearsofprogramming.com.
This script searches recursively through your top directory of your web server and looks for all kinds of malicious regular expressions, file permissions and more.
Jun
17
I use BackupPC to make off-site backups from our office as well as for a few clients. Today I saw something quite alarming. The version of smbclient installed by BackupPC is unable to mount shares on Windows 7 Machines and gives the following error:
session setup failed: SUCCESS – 0
After searching the Internet for a few hours I saw a post on a forum that encouraged people to remove Windows Live Essentials (Which I was using on the machine in question for its email client).
After removing it the sharing was working properly.
Jun
14
At my company we use Pastel Evolution for our accounting needs. Unfortunately Pastel makes use of Microsoft SQL Server 2008 for its database needs. In the past I found it hard to make backups of the MS SQL databases since you can’t copy the MDF files if the engine is running. So in the past I used to stop the service, then copy all the MDF files to a different folder and then restart the engine service, not a clean way to do it.
Then I spent some time investigating different methods, like using the powershell utility (which is not so easy) and found that MS SQL server ships with a utility called sqlmaint. This handy tool works in a similar fashion to MySQL’s mysqldump utility which I use on all my *nix machines.
Jun
08
I have been reading up trying to find a nice way to have one iptables firewall rule for multiple subnets, something similar to Mikrotik’s address lists.
Here is an easy way to do it using a simple bash for loop:
#!/bin/bash MYSUBNETS = "10.10.0.0/16 172.16.50.0/24 10.10.30.0/27" for i in $MYSUBNETS; do /sbin/iptables -A FORWARD -s $i -j ACCEPT done
This will run through the for loop for each subnet in the MYSUBNET array and add one iptable rule for each.