Ben 的 IT 學習之不歸路網誌

chmod +x /etc/rc.local

The easiest way to restore the old way Kernel/modules/udev rename your ethernet interfaces is supplying these kernel parameters to Fedora 19:

1. net.ifnames=0
2. biosdevname=0

To do so follow this steps:

1. Edit /etc/default/grub
2. At the end of GRUB_CMDLINE_LINUX line append "net.ifnames=0 biosdevname=0"
3. Save the file
4. Type "grub2-mkconfig -o /boot/grub2/grub.cfg"
5. Type "reboot"

If you didn't supply these parameters during the installation, you will probably need to adjust and/or rename interface files at /etc/sysconfig/network-scripts/ifcfg-*.

Up to Fedora 18, just biosdevname=0 was enough.

As an example, in a certain machine, in a exhaustive research, I got:

Or use the following command:
# virsh net-list
Sample outputs:

Name                 State      Autostart
-----------------------------------------
default              active     yes

To disable virbr0, enter:
# virsh net-destroy default
# virsh net-undefine default
# service libvirtd restart
# ifconfig

新的 fedora 已改成由 firewall 這隻程式設定管理 所以如要用以前以 iptables 設定就要這樣做

# systemctl disable firewalld

# systemctl stop firewalld

如題

好呀又專款專用啦!!苦了我!!防火牆規則要重寫

根據以上圖片,應該可以知道要把nat tables 的DROP移到在哪裡了吧

廢話少說,不想用NetworkManager,享用以前的network

 所以下

[root@fc16 ~]# systemctl stop NetworkManager.service
[root@fc16 ~]# systemctl disable NetworkManager.service
rm '/etc/systemd/system/dbus-org.freedesktop.NetworkManager.service'

最近因公司叫不到賽楊E3400 775腳位的cpu,所以公司的第5代的nat server也漸漸走入歷史，取而代之的是1155腳位 H61晶片的主機板，所以nat server 也開始進入下一代,在比較FC14 與 FC16後發現，如果使用FC14公司的nat server改變的並不多,但使用FC16 後實在對FC16配合3.1的核心所產生的整體表現驚豔,在開機時快速像是裝上SSD的表現,但系統架構上卻改變很多,不過我實在太想測試這FC16,所以第六代就用FC16 吧

Fedora 16開始導入GRUB 2作為預設的開機啟動程式--以前的grub 可以丟在一邊了,也就是說你白學了----贛.....是江西的簡稱

沒有 /etc/rc.d/rc.local,需要要自己建也要給必要之權限

從Fedora 15開始，systemd這套全新的系統與服務管理程式便已經整合至Fedora專案內。而Fedora 16仍然持續整合systemd，並且轉換更多的SysV初始描述檔至systemd服務檔案之中。 也就是說 /etc/rc.d/init.d/xxx start  這種啟動服務的指令已有粉多不可行， chkconfig service  多半也會出ㄘㄟˊ ，還是一句老話你白學了----贛..菜也是粉辣的。

既然要用nat server ，基本防火牆功能一定要有

轉載 http://guessi.pixnet.net/blog/post/29720421-%5B%E6%95%99%E5%AD%B8%5D-%E5%8F%96%E6%B6%88fedora-15%E7%B6%B2%E5%8D%A1%E5%91%BD%E5%90%8D%E8%A6%8F%E5%89%87-%E6%81%A2%E5%BE%A9%E5%82%B3%E7%B5%B1ethx

在完成Fedora 15安裝後，設定網路時應該會發現... 咦？eth0呢？怎麼多一個em0的網路裝置？

答案在此：http://fedoraproject.org/wiki/Features/ConsistentNetworkDeviceNaming

為了避免模糊不清的ethX命名方式混淆，故採用了以硬體位置為依據的新式命名規則

好處是可以讓管理者明確知道自己管理的網路裝置到底是哪個介面，但總是有點不習慣

裝完 mailscanner+clamav+sendmail 後啟動mailscanner,  居然啟動失敗,看maillog居然沒有錯誤訊息,只好開始看Maillscanner的啟動程式碼(卡關2小時.....)

最後看到程式碼裡  MailScanner /etc/MailScanner/MailScanner.conf ,嗯可以試試看

[root@mail ~]# MailScanner /etc/MailScanner/MailScanner.conf
Can't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/MailScanner /usr/local/lib/perl5 /usr/local/share/perl5 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl5 /usr/share/perl5 /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl) at /usr/sbin/MailScanner line 91.
BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 91.

/etc/dovecot/dovecot.conf

protocols = imap pop3

/etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = no

/etc/dovecot/conf.d/10-mail.conf

出處:http://i-yow.blogspot.com/2009/07/archive-mailby-mailscanner.html

MailScanner有一個邪惡又好用的功能：『Archive Mail』
這個比Forward還要厲害的功能，當你想要存留(備份)用戶收、發的信件時，用這就就對了~

1.啟動Archive功能

看到 /var/log/freshclam.log 有錯誤

WARNING: getpatch: Can't download daily-XXXXX.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-XXXXX.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-XXXXX.cdiff from database.clamav.net

嗯!應該要處理

錯誤log

May 11 10:58:54 dns dovecot: pop3(ben): Error: chown(/home/ben/mail/.imap/INBOX, -1, 12(mail)) failed: Operation not permitted (egid=500(ben), group based on /var/mail/ben)
May 11 10:58:54 dns dovecot: pop3(ben): Error: mkdir(/home/ben/mail/.imap/INBOX) failed: Operation not permitted

解決方式

mkdir -p /etc/skel/mail/.imap/INBOX

原始連結

http://openwebmail.acatysmoof.com/archive/html/owm-users/owm-users.201011/txt23vScJxEN_.txt

Overview
========
Fedora 14 ships with perl 5.12.2, which no longer directly supports
setuid. OpenWebMail can still run on this operating system with the
use of simple c wrappers to enable setuid, even under SELinux.

Check Mimimum Requirements
==========================
- gcc or cc      (which gcc)
- iconv          (iconv --version)
- Text::Iconv    (perl -MText::Iconv -e '{1}')
- HTML::Template (perl -MHTML::Template -e '{1}')

Quick Install for Fedora 14
==========================
# become root
su -

# make tmp dir to unpack openwebmail
mkdir /tmp/openwebmail
cd /tmp/openwebmail

# download -current version
wget http://openwebmail.acatysmoof.com/download/current/openwebmail-current.tar.gz

# unpack it
tar -xvzBpf openwebmail-current.tar.gz

# put it in the apache area
mv cgi-bin/openwebmail /var/www/cgi-bin/
mv data/openwebmail /var/www/html

# cleanup
cd /var/www/cgi-bin/openwebmail
rm -rf /tmp/openwebmail

# wrap the perl code for setuid
chmod 777 ./misc/tools/wrapsuid/wrapsuid.pl
./misc/tools/wrapsuid/wrapsuid.pl /var/www/cgi-bin/openwebmail/openwebmail*.pl
chmod 660 ./misc/tools/wrapsuid/wrapsuid.pl

# perl code has now been moved to hidden files of the same name
# original perl file: .openwebmail-abook.pl
# c-wrapper file: openwebmail-abook.pl

# make the wrappers setuid
chmod 4755 openwebmail*.pl

# create the logfile
touch /var/log/openwebmail.log
chown root:mail /var/log/openwebmail.log

# update all the openwebmail files to run safely under SELinux
# skip this step if SELinux is disabled on your system
chcon -u system_u /var/log/openwebmail.log
chcon -t httpd_sys_script_rw_t /var/log/openwebmail.log
restorecon -R /var/www/{html,cgi-bin}/openwebmail
chcon -R -t httpd_sys_content_t auth etc lib misc modules quota shares
chcon -t httpd_unconfined_script_exec_t /var/www/cgi-bin/openwebmail/openwebmail*

# ONLY if you do not have an index file - use the provided redirect file
cp -p /var/www/html/openwebmail/redirect.html /var/www/html/index.html

# update openwebmail.conf
vi etc/openwebmail.conf
change:
ow_cgidir               /usr/local/www/cgi-bin/openwebmail
ow_cgiurl               /cgi-bin/openwebmail
ow_htmldir              /usr/local/www/data/openwebmail
ow_htmlurl              /openwebmail

to:
ow_cgidir               /var/www/cgi-bin/openwebmail
ow_cgiurl               /cgi-bin/openwebmail
ow_htmldir              /var/www/html/openwebmail
ow_htmlurl              /openwebmail

# create an auth_unix.conf config file for Fedora
cp etc/defaults/auth_unix.conf etc/

# update the auth_unix.conf file
vi etc/auth_unix.conf
change:
passwdfile_plaintext    /etc/passwd
passwdfile_encrypted    /etc/master.passwd
passwdmkdb              /usr/sbin/pwd_mkdb

to:
passwdfile_plaintext    /etc/passwd
passwdfile_encrypted    /etc/shadow
passwdmkdb              none

# create a dbm.conf file for Fedora
cp etc/defaults/dbm.conf etc/

# update the dbm.conf config file
vi etc/dbm.conf
change:
dbm_ext           .db
dbmopen_ext       none
dbmopen_haslock   no

to:
dbm_ext           .pag
dbmopen_ext       none
dbmopen_haslock   no

# initialize openwebmail
./openwebmail-tool.pl --init

# go to the openwebmail page in your browser
http://your.domain/cgi-bin/openwebmail/openwebmail.pl

Questions?
==========
http://openwebmail.acatysmoof.com/archive

藥單

Tuning FreeBSD

Packet capturing utilizes the BPF device, in general in combination with the libpcap. This device executes a filter on each packet and store the packet afterwards in a double-buffer (see [Sch04de-sep, Sch05en-da] for details). The size of this double-buffer can be adjusted via a sysctl. Setting it to 2×10 Mbytes has proven to be a good choice.

Since FreeBSD 6 you can do this by setting:

sysctl -w net.bpf.bufsize=10485760
sysctl -w net.bpf.maxbufsize=10485760

For older FreeBSD's just use:

sysctl -w debug.bpf_bufsize=10485760
sysctl -w debug.maxbpf_bufsize=10485760

Tuning Linux

Like in FreeBSD Linux offer some possibilities to tune it capturing performance as well. Due to the different capturing stack witch does not have a buffer but a queue of pointers behind the filter, one has to increase the receive buffer for all incomming packets and the queue length. This can be done via the /proc filesystem (with Linux we found that 32 Mbytes is a good amount of memory):