Ubuntu Server

The following assumes you have not enabled the root user, thus the use of 'sudo'. If you have enabled the root user you can ignore sudo.

Install Options

 * 1) Default Server = Server kernel + "Basic Ubuntu server" task packages
 * 2) Minimal System = Server kernel + no additional packages
 * 3) Minimal Virtual Machine = Virtual kernel + no additional packages

Thanks to0[ http://askubuntu.com/questions/57336/minimal-system-or-minimal-virtual-machine-on-install AskUbuntu].

Downloads
http://releases.ubuntu.com/14.04/

http://releases.ubuntu.com/raring/

Size Swap File Partition - Suggested Sizes

 * 1) Systems with 4GB of ram or less require a minimum of 2GB of swap space
 * 2) Systems with 4GB to 16GB of ram require a minimum of 4GB of swap space
 * 3) Systems with 16GB to 64GB of ram require a minimum of 8GB of swap space
 * 4) Systems with 64GB to 256GB of ram require a minimum of 16GB of swap space

Thanks to Cyberciti.

Message Of The Day (MOTD)
sudo chmod a-x /etc/update-motd.d/*

Thanks - http://askubuntu.com/questions/385072/how-set-the-message-of-the-day-motd-as-ubuntu-server

rtc error
Ubuntu Server tries to load the module 'rtc' on boot. This is no longer needed for newer hardwware.

Check to make sure your clock is correct...

sudo date && sudo hwclock

Just comment out the offending line from the modules configuration file. Might as well stop the printer driver as well!

sudo nano /etc/modules # lp     # rtc

console-kit-daemon
To see how many are running:

sudo aptitude install psmisc pstree -cln

To get rid of the service you will need to first find its process ID:

ps aux| grep console-kit-daemon

Which should return something similar to:

root 1393 0.0  0.1 2091756 3940 ? Sl  11:04   0:00 /usr/sbin/console-kit-daemon --no-daemon

Where 1393 is the ID, to stop and remove it from start up:

pkill 1393 cp /usr/share/dbus-1/system-services/org.freedesktop.ConsoleKit.service org.freedesktop.ConsoleKit.old rm /usr/share/dbus-1/system-services/org.freedesktop.ConsoleKit.service

Thanks to AskUbuntu.

Clear Screen After Boot Before Login
Add --noclear to the getty options for the 1st terminal...

sudo nano /etc/init/tty1.conf exec /sbin/getty -8 38400 --noclear tty1

Console Screen Blanking
sudo setterm -blank 0

To make this change permanent, create a file called 'setterm.start' in the /etc/local.d/ folder.

sudo mkdir /etc/local.d sudo nano /etc/local.d/setterm.start setterm -blank 0 sudo chmod +x /etc/local.d/setterm.start

Control-Alt-Delete
sudo mkdir /root/misc sudo mv -v /etc/init/control-alt-delete.conf /root/

Low Resolution Console
Method One

sudo nano /etc/default/grub GRUB_HIDDEN_TIMEOUT_QUIET=false GRUB_TIMEOUT=10 GRUB_CMDLINE_LINUX_DEFAULT="noquiet nosplash nofb nomodeset" GRUB_TERMINAL=console sudo update-grub

Method Two

sudo dpkg-reconfigure console-setup

Follow the prompts.

IPv6
sudo nano /etc/default/grub GRUB_CMDLINE_LINUX="ipv6.disable=1" sudo update-grub

sudo nano /etc/netconfig #udp6      tpi_clts      v     inet6    udp     -       - #tcp6      tpi_cots_ord  v     inet6    tcp     -       -

sudo netstat -tln

Landscape System Information Banner in MOTD
sudo dpkg-reconfigure landscape-common sudo aptitude -y purge landscape-common

whoopsie
Whoopsie is Ubuntu's Error Reporting daemon, to disable it:

sudo nano /etc/default/whoopsie report_crashes=false

Save and close the file, then test the change:

sudo service whoopsie stop sudo update-rc.d -f whoopsie remove

Service From Automatically Starting By Upstart
sudo echo "manual" | sudo tee /etc/init/SERVICE.override

Thanks - http://askubuntu.com/questions/19320/how-to-enable-or-disable-services

Software RAID
https://help.ubuntu.com/14.04/serverguide/advanced-installation.html

The Urban Penguin - Software Raid Tutorial

Things To Do After Initial Install:
sudo apt-get update sudo apt-get install aptitude sudo aptitude update sudo aptitude install -y bash-completion sudo aptitude install -y nano sudo aptitude safe-upgrade sudo reboot

Problems?

If you have used the CD to install, and are not able to complete the steps above, because it says you only have the lists on the CD to use, then the fix is below which edits the apt sources list of software...

sudo -i echo "deb http://gb.archive.ubuntu.com/ubuntu trusty main restricted" >/etc/apt/sources.list echo "deb http://gb.archive.ubuntu.com/ubuntu trusty-updates main restricted" >>/etc/apt/sources.list echo "deb http://gb.archive.ubuntu.com/ubuntu trusty universe " >>/etc/apt/sources.list echo "deb http://gb.archive.ubuntu.com/ubuntu trusty-updates universe " >>/etc/apt/sources.list

Now you can continue...

sudo apt-get update sudo apt-get install aptitude sudo aptitude update sudo aptitude install -y bash-completion sudo aptitude install -y nano sudo aptitude safe-upgrade

CPU Stepping
sudo aptitude install -y cpufrequtils sudo update-rc.d cpufrequtils defaults sudo cpufreq-info sudo grep 'MHz' /proc/cpuinfo

Network Time Protocol (NTP)
sudo aptitude -y install ntp ntpdate

To add or remove time servers edit the configuration file:

sudo nano /etc/ntp.conf

Tweak the configuration file. Check at http://www.pool.ntp.org/zone/uk for latest list...

server 0.uk.pool.ntp.org server 1.uk.pool.ntp.org server 2.uk.pool.ntp.org server 3.uk.pool.ntp.org
 * 1) restrict -6 default kod notrap nomodify nopeer noquery
 * 2) restrict ::1

Then reconfigure...

sudo dpkg-reconfigure tzdata sudo service ntp restart

Test...

date

Temperature Sensor Monitoring
sudo aptitude install lm-sensors sudo sensors-detect sudo service kmod start sudo update-rc.d kmod defaults sudo sensors coretemp-isa-0000 Adapter: ISA adapter Core 0:      +41.0°C  (high = +80.0°C, crit = +100.0°C) Core 1:      +41.0°C  (high = +80.0°C, crit = +100.0°C) smsc47b397-isa-0480 Adapter: ISA adapter fan1:       1037 RPM fan2:          0 RPM fan3:          0 RPM fan4:       1017 RPM temp1:       +50.0°C temp2:       +37.0°C temp3:       +21.0°C temp4:      -128.0°C

uptimed
sudo aptitude install uptimed

tuptimed
cd /tmp git clone https://github.com/rfrail3/tuptime.git ls cd tuptime ls chmod +x tuptime-install.sh sudo ./tuptime-install.sh

Thanks to Cyberciti.

Cannot Reboot Or Shutdown Hangs Stops
This is to be used as a last resort... but it may just save your skin.

sudo echo 1 > /proc/sys/kernel/sysrq sudo echo b > /proc/sysrq-trigger

Blank Screen Unsupported Video Options

 * Hold RIGHT SHIFT down during CD boot
 * Press F6 to choose Advanced Options
 * Press ESC
 * Use the arrow keys to move along the Boot line
 * Change the ==vga=== number to ==769==

Thanks to Wikipedia

Failed to connect to system bus ERROR
You may see these error messages in ==/var/log/auth.log==...

Feb 5 15:38:02 hostname proftpd: pam_systemd(proftpd:session): Failed to connect to system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory

To fix it, make sure you add the dbus service to system startup, and then restart the services...

sudo update-rc.d dbus defaults sudo service dbus restart sudo service proftpd restart

Thanks to Gentoo

MEI Kernel Error Messages
"The Intel Management Engine (Intel ME) is an isolated and protected computing resource (Co-processor) residing inside certain Intel chipsets. The Intel ME provides support for computer/IT management features. The feature set depends on the Intel chipset SKU."

Thansk to Kernel.org

But this might not be needed if the hardware does not support it, and you will get the following errors in your kernel logs...

kernel: [258168.036048] mei 0000:00:03.0: unexpected reset: dev_state = RESETING

Edit the ==/etc/modprobe.d/blacklist.conf== file and add the following line...

blacklist mei
 * 1) fix unwanted intel kernel messages

...then reboot.

User Is Not In The Sudoers File Stuck Help
http://www.maketecheasier.com/fixing-sudo-error-in-ubuntu/

Samba Error: no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory
sudo pam-auth-update

Untick "SMB password synchronization"

Thanks to Ubuntu Forums.

Recently Installed Packages
sudo cat /var/log/dpkg.log* |grep ' installed' |sort -k1

Running Daemons With IPv4 And IPv6
sudo aptitude -y install lsof sudo lsof -i -n -P

Startup Services
sudo initctl list |sort sudo service --status-all sudo ls -lah /etc/rc*

Better Log Files
Edit the following file to match content below:

sudo nano /etc/rsyslog.d/50-default.conf cron.*                         /var/log/cron.log #mail.info                     -/var/log/mail.info #mail.warn                     -/var/log/mail.warn #mail.err                      /var/log/mail.err #      # Some "catch-all" log files. #      *.=debug;\ auth,authpriv.none;\ news.none;mail.none    -/var/log/debug *.=info;*.=notice;*.=warn;\ auth,authpriv.none;\ cron,daemon.none;\ mail,news.none         -/var/log/messages #daemon.*;mail.*;\ #      news.err;\ #      *.=debug;*.=info;\ #      *.=notice;*.=warn       |/dev/xconsole #

Getty Terminals
cd /etc/init/ sudo rm -rfv tty6.conf tty5.conf tty4.conf tty3.conf

Root User
sudo su sudo passwd root

You will prompted to enter and confirm the password for 'root'. After which you will be able to log in the root user and have full privileges without having to type 'sudo' at the beginning of each line.

Normal User
useradd -c "John Smith" -s /bin/bash -m jsmith passwd jsmith

Elevate User To Root
gpasswd -a jsmith sudo gpasswd -a jsmith adm

Static IP Address
sudo nano /etc/network/interfaces

Edit the file to read (this example uses 192.168.0.100 for the system and Google's DNS servers):

For a single network card system...

auto lo iface lo inet loopback auto em1 iface em1 inet static address 192.168.0.1 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.254 dns-nameservers 8.8.8.8 8.8.4.4
 * 1) ONE CARD
 * 1) The loopback network interface
 * 1) The primary network interface

For a dual network card system, using Shoreline Firewall (Shorewall)...

auto lo iface lo inet loopback auto em2 iface em2 inet static address 192.168.0.1 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 dns-nameservers 127.0.0.1 dns-search domain.com auto em1 iface em1 inet static address 10.0.0.1 netmask 255.255.255.0 network 10.0.0.0 broadcast 10.0.0.255 gateway 10.0.0.2
 * 1) TWO CARDS
 * 1) The loopback network interface
 * 1) The inside network interface
 * 1) The outside network interface

Save and close the file, then restart the network:

sudo /etc/init.d/networking restart

Edit the 'hosts' file:

sudo nano /etc/hosts

Edit the file to read (server2 used for this example):

127.0.0.1 localhost.localdomain localhost 192.168.0.100 server1.example.com server1

Then run:

sudo echo server1.example.com > /etc/hostname sudo /etc/init.d/hostname restart

Check the configuration:

hostname hostname -f

Both of the above commands should return:

server2.example.com

Time Zone And Date
sudo aptitude install ntp sudo dpkg-reconfigure tzdata

Automated Package List Updates But Not Install
Install the software...

sudo aptitude install cron-apt sudo nano /etc/cron-apt/config MAILON="always" MAILTO="me@myemail.com"

Read more about the software in the README...

less /usr/share/doc/cron-apt/README.gz

Thanks to Debian Administration Org.

Command On System Startup As Another User
sudo nano /etc/rc.local # mpdscribble su -c 'mpdscribble' username & # exit (the line below must be the last line in the file) exit 0

Thanks to AskUbuntu.

Force Filesystem Check On Reboot
sudo touch /forcefsck sudo reboot

Install Server
sudo aptitude install ssh openssh-server

Copy Public Key To Server
ssh-copy-id -i ~/.ssh/id_rsa.pub username@192.168.0.x

Secure
To get it "Tight as a duck's a***"...

Levels


 * 1) Port Number
 * 2) Firewall Rules
 * 3) TCP Wrappers
 * 4) SSH Daemon Configuration

User --> Non Standard Port --> Firewall Check --> TCP Wrapper Check --> SSH Configuration Check --> Logged In

Files

==> /etc/hosts <== 127.0.0.1 localhost.localdomain localhost 10.0.0.1 server1.domain.co.uk server1 12.345.678.90 www.domain.co.uk ==> /etc/hosts.allow <== ALL: 10.0.0.0/24 imap: ALL sshd: 123.456.789 ==> /etc/hosts.deny <== ALL: ALL

Testing

tcpdmatch sshd 123.456.789 client:  address  123.456.789 server:  process  sshd access:  granted

Thanks to Bodhizazen Net. & Cyberciti

Speed Up Logins
Server Side

Turn off the DNS lookups...

sudo nano /etc/ssh/sshd_config UseDNS no

Turn off the MOTD (Message Of The Day)...

touch ~/.hushlogin

Client Side

Turn off IPv6...

sudo nano ~/.ssh/config Host * AddressFamily inet

HOWTO: DNS
sudo aptitude install dnsutils dnsmasq service dnsmasq stop sudo nano /etc/default/dnsmasq IGNORE_RESOLVCONF=yes sudo nano /etc/dnsmasq.conf resolv-file=/etc/dnsmasqresolv.conf domain=domain.uk.com sudo nano /etc/dnsmasqresolv.conf nameserver 208.67.222.222 # OpenDNS nameserver 208.67.222.220 # OpenDNS nameserver 8.8.8.8 # Google nameserver 8.8.4.4 # Google sudo nano /etc/hosts # Delete the contents of the file and add the following to match your server details. 127.0.0.1 localhost.localdomain localhost 192.168.0.1 server.domain.uk.com server sudo service dnsmasq restart netstat -nap |grep 'dnsmasq' dig dig @localhost test.domain.uk.com dig @localhost test dig @localhost www.google.co.uk

...as per this page - DNS

HOWTO: DHCP
sudo nano /etc/dnsmasq.conf dhcp-range=192.168.0.50,192.168.0.99,12h dhcp-host=e8:03:9a:ed:65:56,paul-laptop,192.168.0.103,12h dhcp-option=3,192.168.0.1

HOWTO: FILE SERVER: SAMBA
sudo aptitude install samba samba-client sudo service smbd stop sudo service nmbd stop sudo nano -w /etc/samba/smb.conf [global] workgroup = BLOGGS server string = Samba Server %v netbios name = SERVER1 map to guest = Bad User passdb backend = smbpasswd log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No       domain master = No        dns proxy = No        printing = bsd [shared] comment = Shared file space path = /home/samba/shared force user = nobody force group = nogroup read only = No       guest ok = Yes create mask = 0775 force create mode = 0775 directory mask = 0775 force directory mode = 0775 mkdir -p /home/samba/shared chown -R nobody /home/samba/shared chgrp -R nogroup /home/samba/shared touch /etc/printcap smbpasswd -a jbloggs testparm -s service smbd start service nmbd start smbstatus smbtree # You will be asked for root's password, ignore this and just press enter smbclient -U jbloggs -L //SERVER1/

INSTALL: Slim Email Server - Sent To Another Server's Mail Hub
http://wiki.indie-it.com/index.php?title=SSMTP

INSTALL: Basic Email Server - Part I - Procmail + Postfix + Mutt
Set the System Wide Maildir Email Directory...

sudo nano /etc/bash.bashrc MAIL=$HOME/.maildir/

Install the software...

sudo aptitude install procmail postfix mutt

Postfix Configuration > Mailer Type > Internet Site with Smarthost > Domain Name = server1.domain.com > SMTP Relay = auth.smtp.1and1.co.uk

Configure the software...

sudo nano /etc/procmailrc DEFAULT=$HOME/.maildir/ LOGFILE=/var/log/procmail.log LOGABSTRACT=all VERBOSE=no
 * 1) Use maildir-style mailbox in user's home directory
 * 1) Log actions to file
 * 1) Log synopsis of messages
 * 1) Be verbose

sudo nano /etc/postfix/main.cf smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = server2.domain.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = server2.domain.com, server2, domain.com, localhost.localdomain, localhost mynetworks = 127.0.0.0/8 192.168.0.0/24 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = 127.0.0.1, 192.168.0.171 inet_protocols = ipv4 header_checks = regexp:/etc/postfix/header_checks smtp_generic_maps = hash:/etc/postfix/generic smtp_sasl_auth_enable = yes relayhost = [auth.smtp.1and1.co.uk]:587 smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_password smtp_sasl_security_options = noanonymous

Create the SASL password file...

sudo nano /etc/postfix/sasl/sasl_password [my.smtp.host.co.uk] me@myemailaccount.com:passW0rD

Lock down permissions...

sudo chmod 0600 /etc/postfix/sasl/sasl_password

Hash the file...

sudo postmap hash:/etc/postfix/sasl/sasl_password

Create the Postfix generic maps file...

sudo nano /etc/postfix/generic root@myhostname.localdomain me@myemailaccount.com user1@myhostname.localdomain me@myemailaccount.com user2@myhostname.localdomain me@myemailaccount.com

Hash the file...

sudo postmap hash:/etc/postfix/generic

Copy the supporting files to the Postfix working directory...

sudo cp -av /etc/hosts /var/spool/postfix/etc/ sudo cp -av /etc/services /var/spool/postfix/etc/ sudo cp -av /etc/localtime /var/spool/postfix/etc/ sudo cat /etc/resolv.conf > /var/spool/postfix/etc/resolv.conf

Create the header checks file for later (with MailScanner)...

sudo touch /etc/postfix/header_checks

Fix the aliases file for root's email...

sudo nano /etc/aliases root: regularuser sudo newaliases

Restart Postfix...

sudo postfix stop sudo postfix start

Install heirloom-mailx and mutt...

sudo aptitude install -y heirloom-mailx mutt

Configure system wide settings...

sudo nano -w /etc/Muttrc set mbox_type=maildir set editor="nano" set edit_headers=yes set sendmail_wait=-1 set move=no set folder=""
 * 1) tweaks
 * 1) I like to see all my mail headers in my editor:
 * 1) don't wait for sendmail to finish (this runs sendmail in the background)
 * 1) this prevents Mutt from endlessly asking when you quit:
 * 2)     "Move read messages to ~/mbox? ([no]/yes):"
 * 1) this prevents Mutt from endlessly asking:
 * 2)     "~/Mail does not exist. Create it? ([yes]/no):"

Send test email message...

mail me@myemailaccount.com Subject: test Cc: message .

Also, see Postfix and Mutt

INSTALL: Basic Email Server - Part II - Fetchmail
sudo aptitude install fetchmail sudo useradd -c "Server Postman" -d /home/postman -s /bin/bash -m postman sudo passwd postman su - postman nano ~/.fetchmailrc set daemon 600 set logfile /home/postman/fetchmail.log set no bouncemail set postmaster postman poll pop.1and1.co.uk protocol pop3 localdomains domain.com username "mailbox@domain.com" password "mypassword" is root here fetchall preconnect "date >> /home/postman/fetchmail.log"

chmod 0700 ~/.fetchmailrc exit

su - postman cd nano fmcheck # # # EXPRESSION='fetchmail' ps -U postman | grep $EXPRESSION if [ $? -eq 0 ]; then echo "$EXPRESSION process running" else echo "$EXPRESSION process not running" fetchmail --quit sleep 3 fetchmail --limit 30000000 echo "$EXPRESSION process running" fi chmod +x fmcheck
 * 1) !/bin/bash
 * 1)       fmcheck
 * 1)       Script to check if the fetchmail daemon is running

fetchmail --version --check --verbose ./fmcheck

sudo crontab -e -u postman */20 * * * * ~/fmcheck &>/dev/null

INSTALL: Basic Email Server - Part III - MailScanner + ClamAV + SpamAssassin + DCC + Razor + Pyzor
Switch to root first. You have a LOT to do here...

sudo -i

Install Clam AntiVirus and SpamAssassin first...

sudo aptitude install -y -v clamav clamav-daemon spamassassin sudo service spamassassin stop update-rc.d -f spamassassin remove sudo nano /etc/clamav/freshclam.conf DatabaseMirror db.GB.clamav.net sudo freshclam sudo sa-update sudo clamscan --version sudo spamassassin --version

Now switch to root home directory and install the latest MailScanner from the Ubuntu DEB version...

cd mkdir misc cd misc wget https://s3.amazonaws.com/mailscanner/release/v4/deb/MailScanner-4.85.2-3.deb.tar.gz tar -xzvf MailScanner-4.85.2-3.deb.tar.gz  cd MailScanner-install-4.85.2/ ./install.sh

Now add some MailScanner jobs to root's crontab...

crontab -e # mailscanner 0 0 * * * /root/bin/mailscanner_archive.sh &>/dev/null 37     5 * * * /usr/sbin/update_bad_phishing_sites &>/dev/null 07     * * * * /usr/sbin/update_bad_phishing_sites &>/dev/null 42     * * * * /usr/sbin/update_virus_scanners &>/dev/null 3,23,43 * * * * /usr/sbin/check_mailscanner &>/dev/null

Configure the main MailScanner configuration file...

nano /opt/MailScanner/etc/MailScanner.conf %org-name% = mydomain %org-long-name% = Company Name %web-site% = www.mydomain.com Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming Incoming Work Dir = /var/spool/MailScanner/incoming Quarantine Dir = /var/spool/MailScanner/quarantine MTA = postfix Incoming Work User = Incoming Work Group = clamav Incoming Work Permissions = 0640 Virus Scanners = clamd Clamd Port = 3310 Clamd Socket = /var/run/clamav/clamd.ctl Clamd Lock File = # /var/lock/subsys/clamd Clamd Use Threads = no     Mail Header = X-%org-name%-MailScanner-VirusCheck: Information Header = X-%org-name%-MailScanner-Information: Information Header Value = MailScanner Version 4.84.6 Always Include SpamAssassin Report = yes Archive Mail = /home/MailScanner/archive/_DATE_/messages Missing Mail Archive Is = file Use SpamAssassin = yes Required SpamAssassin Score = 5 Log Spam = yes

Install some extra PERL modules...

sudo aptitude install libdbi-perl libdbd-sqlite3-perl libfilesys-df-perl libio-stringy-perl libnet-cidr-perl libsys-sigaction-perl libmime-tools-perl libarchive-zip-perl libole-storage-lite-perl

Check that it works so far...

sudo /opt/MailScanner/bin/MailScanner --version

Create some more directories for ClamAV, Postfix and MailScanner to work together...

mkdir /var/spool/MailScanner/spamassassin/ chown -R postfix:postfix /var/spool/MailScanner/* chmod -R g+w /var/spool/MailScanner/* chgrp -R clamav /var/spool/MailScanner/incoming/ find /var/spool/MailScanner/incoming/ -type d -exec chmod 0770 {} \; find /var/spool/MailScanner/incoming/ -type f -exec chmod 0664 {} \;

Create the MailScanner archiving script...

mkdir /root/bin nano /root/bin/mailscanner_archive.sh    #!/bin/bash ARCHIVE=/home/MailScanner/archive DIRNAME=$( date +%Y%m%d ) MESSAGES=messages /usr/bin/logger -p 'mail.info' Checking for MailScanner message archive... if [ -f $ARCHIVE/$DIRNAME/$MESSAGES ] ; then echo "$ARCHIVE/$DIRNAME/$MESSAGES exists." else mkdir -p $ARCHIVE mkdir -p $ARCHIVE/$DIRNAME touch $ARCHIVE/$DIRNAME/$MESSAGES chown -R postfix:postfix $ARCHIVE/ chmod g+w $ARCHIVE/$DIRNAME/$MESSAGES echo "$ARCHIVE/$DIRNAME/$MESSAGES created." fi chmod 0700 /root/bin/mailscanner_archive.sh

Run the MailScanner archiving script...

/root/bin/mailscanner_archive.sh

Fix the AppArmor bug for ClamAV...

sudo usermod -a -G www-data clamav sudo nano /etc/apparmor.d/usr.sbin.clamd # mailscanner /var/spool/MailScanner/** rw, /var/spool/MailScanner/incoming/** rw, sudo /etc/init.d/apparmor reload

Change SpamAssassin settings...

nano /opt/MailScanner/etc/spam.assassin.prefs.conf # use_auto_whitelist 0 bayes_ignore_header X-mydomain-MailScanner bayes_ignore_header X-mydomain-MailScanner-VirusCheck bayes_ignore_header X-mydomain-MailScanner-SpamCheck bayes_ignore_header X-mydomain-MailScanner-SpamScore bayes_ignore_header X-mydomain-MailScanner-Information envelope_sender_header X-mydomain-MailScanner-From bayes_path /var/spool/MailScanner/spamassassin/bayes bayes_file_mode 0660

Initialise the Bayes databases...

cd /tmp/ sudo -u postfix -g postfix sa-learn --sync

Check that they are being used...

cd /tmp/ sudo -u postfix -g postfix sa-learn -D --dump magic Mar 4 17:49:50.258 [10827] dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_toks Mar 4 17:49:50.259 [10827] dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_seen Mar 4 17:49:50.259 [10827] dbg: bayes: found bayes db version 3 0.000         0          3          0  non-token data: bayes db version 0.000         0          0          0  non-token data: nspam 0.000         0          0          0  non-token data: nham 0.000         0          0          0  non-token data: ntokens 0.000         0          0          0  non-token data: oldest atime 0.000         0          0          0  non-token data: newest atime 0.000         0          0          0  non-token data: last journal sync atime 0.000         0          0          0  non-token data: last expiry atime 0.000         0          0          0  non-token data: last expire atime delta 0.000         0          0          0  non-token data: last expire reduction count

ls -lah /var/spool/MailScanner/spamassassin/ -rw-rw 1 postfix postfix  12 2015-03-04 17:47 bayes.mutex -rw-rw 1 postfix postfix 12K 2015-03-04 17:47 bayes_seen -rw-rw 1 postfix postfix 12K 2015-03-04 17:47 bayes_toks

Tweak MailScanner virus scanning settings for ClamAV...

nano /opt/MailScanner/etc/virus.scanners.conf clamav         /opt/MailScanner/lib/clamav-wrapper     /usr #generic nano /opt/MailScanner/lib/clamav-autoupdate $PackageDir = shift || "/usr";

Another tweak for Postfix file locking from unix to fifo...

nano /etc/postfix/master.cf     pickup    fifo  n      qmgr      fifo  n

Important setting for Postfix and MailScanner...

nano /etc/postfix/header_checks /^Received:/ HOLD

Final tweaks to users and groups...

usermod -a -G postfix clamav usermod -a -G clamav postfix usermod -a -G www-data postfix groups clamav groups postfix

Restart services...

service postfix restart service clamav-daemon restart

Final testing...

pkill MailScanner cd /tmp/ sudo -u postfix -g postfix /opt/MailScanner/bin/MailScanner --lint

Add the boot startup script...

sudo nano /etc/rc.local # mailscanner /root/bin/mailscanner_archive.sh      /opt/MailScanner/bin/check_mailscanner exit 0

Go for launch...

service postfix restart pkill -HUP MailScanner /opt/MailScanner/bin/check_mailscanner

Now, DCC. Download and install...

sudo -i cd /root/misc/ mkdir dcc cd dcc/ wget http://www.dcc-servers.net/dcc/source/dcc.tar.Z tar -xzvf dcc.tar.Z  cd dcc-1.3.155/ ./configure make make install

Configure to use the always running daemon...

nano /var/dcc/dcc_conf DCCIFD_ENABLE=on

Create the automatic startup links and start dccifd...

cp /var/dcc/libexec/rcDCC /etc/init.d/adcc update-rc.d adcc defaults /etc/init.d/adcc start

Test if dccifd is running...

netstat -nap |grep 'dcc' udp       0      0 0.0.0.0:52926           0.0.0.0:*                           2599/dccifd unix 2      [ ACC ]     STREAM     LISTENING     70691    2598/dccifd         /var/dcc/dccifd unix 2      [ ]         DGRAM                    70144    2599/dccifd

Enable the SpamAssassin DCC plugin...

nano /etc/mail/spamassassin/v310.pre loadplugin Mail::SpamAssassin::Plugin::DCC nano /etc/mail/spamassassin/mailscanner.cf     ifplugin Mail::SpamAssassin::Plugin::DCC dcc_home /var/dcc dcc_dccifd_path /var/dcc/dccifd dcc_path /usr/local/bin/dccproc endif

Download a test spam email message and train spamassassin...

cd /root/misc/dcc wget http://www200.pair.com/mecham/spam/sample-spam.txt sa-learn --spam sample-spam.txt spamassassin -D dcc <sample-spam.txt

It should show...

dbg: dcc: connected to local socket /var/dcc/dccifd

All is good. Now restart MailScanner to use DCC...

pkill MailScanner /opt/MailScanner/bin/check_mailscanner

Next, Razor...

cd sudo aptitude install -y razor rm /etc/razor/razor-agent.conf razor-admin -create razor-admin -register sed -i 's/= 3/= 0/' /root/.razor/razor-agent.conf cp -av .razor /var/spool/postfix/ chown -R postfix:postfix /var/spool/postfix/.razor/ chmod g+w /var/spool/postfix/.razor/ nano /etc/mail/spamassassin/v310.pre loadplugin Mail::SpamAssassin::Plugin::Razor2 cd /tmp/ sudo -u postfix -g postfix /opt/MailScanner/bin/MailScanner --lint wget http://www200.pair.com/mecham/spam/sample-spam.txt spamassassin -D razor2 <sample-spam.txt cd pkill MailScanner /opt/MailScanner/bin/check_mailscanner

Next, Pyzor...

sudo aptitude install -y pyzor pyzor discover cp -av .pyzor /var/spool/postfix/ chown -R postfix:postfix /var/spool/postfix/.pyzor/ chown postfix /var/spool/postfix/ which pyzor nano /etc/mail/spamassassin/v310.pre loadplugin Mail::SpamAssassin::Plugin::Pyzor nano /etc/mail/spamassassin/mailscanner.cf      ifplugin Mail::SpamAssassin::Plugin::Pyzor pyzor_path /usr/bin/pyzor endif cd /tmp/ sudo -u postfix -g postfix /opt/MailScanner/bin/MailScanner --lint wget http://www200.pair.com/mecham/spam/sample-spam.txt spamassassin -D pyzor <sample-spam.txt

Now restart MailScanner...

cd pkill MailScanner /opt/MailScanner/bin/check_mailscanner

TWEAK: Sendmail (DEPRECATED)
sudo nano /etc/mail/sendmail.cf     PrivacyOptions=noetrn DeliveryMode=queueonly QueueDirectory=/var/spool/mqueue.in

http://www.mailscanner.info/sendmail.html

SET: System Wide Maildir Email Directory
sudo nano /etc/bash.bashrc MAIL=$HOME/.maildir/

FIX: Dovecot Startup Script
cd /etc/init.d/ sudo ln -s /lib/init/upstart-job dovecot sudo update-rc.d dovecot defaults sudo service dovecot start

HOWTO: LAMP:
Linux, Apache, MySQL, PHP

sudo aptitude install apache2 sudo aptitude install mysql-server mysql-client sudo service mysql status sudo aptitude install php5 php5-mysql libapache2-mod-php5 sudo aptitude install phpmyadmin

Thanks to Unixmen.

HOWTO: NAGIOS 3:
Also see the dedicated wiki page Nagios3.

sudo aptitude install nagios3 nagios-nrpe-plugin sudo usermod -a -G nagios www-data sudo chmod -R +x /var/lib/nagios3/ sudo nano /etc/nagios3/nagios.cfg check_external_commands=1 sudo /etc/init.d/nagios3 restart sudo aptitude install nagios-nrpe-server nagios-plugins sudo nano /etc/nagios/nrpe.cfg allowed_hosts=127.0.0.1 192.168.0.171

Thanks to Unixmen.

Stress Testing
sudo aptitude install stress sudo stress --cpu 2 --io 1 --vm 1 --vm-bytes 128M --hdd 1 --timeout 10s

Thanks Cyberciti.

Backup Whole Entire System (less /home)
sudo -i cd / tar -cvpzf backup.tar.gz --exclude=/backup.tar.gz --exclude=/home --one-file-system /

Documentation
http://vwiki.co.uk/Configuration_%28Ubuntu%29