Linux | Covax Blog

Category Archives: Linux

Заметки о Linux.

Прозрачная авторизация на Apache в AD

Posted on 19.07.2018 by Covax

Имеем Debian 9.5 и AD Windows 2012.

apt install krb5-user libapache2-mod-auth-kerb msktutil apache2 php ntp ntpdate

1	apt install krb5-user libapache2-mod-auth-kerb msktutil apache2 php ntp ntpdate

mv /etc/krb5.conf /etc/krb5.conf.def

1	mv /etc/krb5.conf /etc/krb5.conf.def

nano /etc/krb5.conf

[libdefaults]
   default_realm = DOMAIN.LOCAL

[realms]
   DOMAIN.LOCAL = {
      kdc = ad1.domain.local
      kdc = ad2.domain.local
      default_domain = domain.local
      admin_server = ad1.domain.local
   }

[domain_realm]
   .domain.local = DOMAIN.LOCAL
   domain.local = DOMAIN.LOCAL

[libdefaults]

default_realm = DOMAIN.LOCAL

[realms]

DOMAIN.LOCAL = {

kdc = ad1.domain.local

kdc = ad2.domain.local

default_domain = domain.local

admin_server = ad1.domain.local

}

[domain_realm]

.domain.local = DOMAIN.LOCAL

domain.local = DOMAIN.LOCAL

Авторизируемся в AD

kinit -V admin@DOMAIN.LOCAL

1	kinit -V admin@DOMAIN.LOCAL

Включаем сервер в AD

msktutil -c -s host -s HTTP -s HTTP/debian --computer-name debian --server ad1.domain.local

1	msktutil -c -s host -s HTTP -s HTTP/debian --computer-name debian --server ad1.domain.local

chown root.www-data /etc/krb5.keytab
chmod 0640 /etc/krb5.keytab

1 2	chown root.www-data /etc/krb5.keytab chmod 0640 /etc/krb5.keytab

nano /etc/apache2/sites-enabled/000-default.conf

<Location />
 AuthType Kerberos
 AuthName "Domain Login"
 KrbMethodK5Passwd off
 Krb5Keytab /etc/krb5.keytab
 KrbServiceName HTTP/debian.domain.local@DOMAIN.LOCAL
 Require valid-user
</Location>

AuthType Kerberos

AuthName "Domain Login"

KrbMethodK5Passwd off

Krb5Keytab /etc/krb5.keytab

KrbServiceName HTTP/debian.domain.local@DOMAIN.LOCAL

Require valid-user

</Location>

Чтобы работало в FF нужно в about:config прописать

network.negotiate-auth.delegation-uris: .domain.local
network.negotiate-auth.trusted-uris: .domain.local

1 2	network.negotiate-auth.delegation-uris: .domain.local network.negotiate-auth.trusted-uris: .domain.local

Ошибка #1698 — Access denied for user ‘root’@’localhost’

Posted on 15.02.2018 by Covax

No Comments

Вариант раз:

mysql -p

mysql -p

use mysql;
update user set plugin='' where User='root';
flush privileges;
exit

use mysql;

update user set plugin='' where User='root';

flush privileges;

exit

Вариант два:

mysql -p mysql

1	mysql -p mysql

CREATE USER 'phpmyadmin'@'localhost' IDENTIFIED BY 'some_pass';
GRANT ALL PRIVILEGES ON *.* TO 'phpmyadmin'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;

CREATE USER 'phpmyadmin'@'localhost' IDENTIFIED BY 'some_pass';

GRANT ALL PRIVILEGES ON *.* TO 'phpmyadmin'@'localhost' WITH GRANT OPTION;

FLUSH PRIVILEGES;

Debian 8 systemd в контейнере LXC

Posted on 08.08.2017 by Covax

No Comments

apt-get update
apt-get install systemd systemd-sysv
reboot

apt-get update

apt-get install systemd systemd-sysv

reboot

Debian 8 + mosquitto + openhab2 + influxdb + grafana

Posted on 01.12.2016 by Covax

No Comments

Установка всего этого добра на Debian 8 Jessie.

apt-get update
apt-get upgrade

wget -qO - 'http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key' | apt-key add -
wget -qO - 'https://bintray.com/user/downloadSubjectPublicKey?username=openhab' | apt-key add -
wget -qO - 'https://repos.influxdata.com/influxdb.key' | apt-key add -
wget -qO - 'https://packagecloud.io/grafana/stable/gpgkey' | apt-key add -
echo "deb http://repo.mosquitto.org/debian jessie main" | tee /etc/apt/sources.list.d/mosquitto.list
echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee /etc/apt/sources.list.d/webupd8team-java.list
echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee -a /etc/apt/sources.list.d/webupd8team-java.list
echo 'deb https://dl.bintray.com/openhab/apt-repo2 stable main' | tee /etc/apt/sources.list.d/openhab2.list
echo "deb https://repos.influxdata.com/debian jessie stable" | tee /etc/apt/sources.list.d/influxdb.list
echo "deb https://packagecloud.io/grafana/stable/debian/ jessie main" | tee /etc/apt/sources.list.d/grafana_stable.list
echo "deb-src https://packagecloud.io/grafana/stable/debian/ jessie main" | tee -a /etc/apt/sources.list.d/grafana_stable.list
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886

apt-get install apt-transport-https
apt-get update
apt-get install mosquitto oracle-java8-installer openhab2 openhab2-addons influxdb grafana

systemctl start openhab2.service
systemctl status openhab2.service

systemctl daemon-reload
systemctl enable openhab2.service

apt-get update

apt-get upgrade

wget -qO - 'http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key' | apt-key add -

wget -qO - 'https://bintray.com/user/downloadSubjectPublicKey?username=openhab' | apt-key add -

wget -qO - 'https://repos.influxdata.com/influxdb.key' | apt-key add -

wget -qO - 'https://packagecloud.io/grafana/stable/gpgkey' | apt-key add -

echo "deb http://repo.mosquitto.org/debian jessie main" | tee /etc/apt/sources.list.d/mosquitto.list

echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee /etc/apt/sources.list.d/webupd8team-java.list

echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee -a /etc/apt/sources.list.d/webupd8team-java.list

echo 'deb https://dl.bintray.com/openhab/apt-repo2 stable main' | tee /etc/apt/sources.list.d/openhab2.list

echo "deb https://repos.influxdata.com/debian jessie stable" | tee /etc/apt/sources.list.d/influxdb.list

echo "deb https://packagecloud.io/grafana/stable/debian/ jessie main" | tee /etc/apt/sources.list.d/grafana_stable.list

echo "deb-src https://packagecloud.io/grafana/stable/debian/ jessie main" | tee -a /etc/apt/sources.list.d/grafana_stable.list

apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886

apt-get install apt-transport-https

apt-get update

apt-get install mosquitto oracle-java8-installer openhab2 openhab2-addons influxdb grafana

systemctl start openhab2.service

systemctl status openhab2.service

systemctl daemon-reload

systemctl enable openhab2.service

Debian 9 Stretch.

apt update
apt upgrade
apt install apt-transport-https dirmngr

wget -qO - 'http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key' | apt-key add -
wget -qO - 'https://bintray.com/user/downloadSubjectPublicKey?username=openhab' | apt-key add -
wget -qO - 'https://repos.influxdata.com/influxdb.key' | apt-key add -
wget -qO - 'https://packagecloud.io/grafana/stable/gpgkey' | apt-key add -
echo "deb http://repo.mosquitto.org/debian stretch main" | tee /etc/apt/sources.list.d/mosquitto.list
echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee /etc/apt/sources.list.d/webupd8team-java.list
echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee -a /etc/apt/sources.list.d/webupd8team-java.list
echo 'deb https://dl.bintray.com/openhab/apt-repo2 stable main' | tee /etc/apt/sources.list.d/openhab2.list
echo "deb https://repos.influxdata.com/debian stretch stable" | tee /etc/apt/sources.list.d/influxdb.list
echo "deb https://packagecloud.io/grafana/stable/debian/ stretch main" | tee /etc/apt/sources.list.d/grafana_stable.list
echo "deb-src https://packagecloud.io/grafana/stable/debian/ stretch main" | tee -a /etc/apt/sources.list.d/grafana_stable.list
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886

apt update
apt install mosquitto oracle-java8-installer openhab2 openhab2-addons influxdb grafana

systemctl start openhab2.service
systemctl status openhab2.service

systemctl daemon-reload
systemctl enable openhab2.service

apt update

apt upgrade

apt install apt-transport-https dirmngr

wget -qO - 'http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key' | apt-key add -

wget -qO - 'https://bintray.com/user/downloadSubjectPublicKey?username=openhab' | apt-key add -

wget -qO - 'https://repos.influxdata.com/influxdb.key' | apt-key add -

wget -qO - 'https://packagecloud.io/grafana/stable/gpgkey' | apt-key add -

echo "deb http://repo.mosquitto.org/debian stretch main" | tee /etc/apt/sources.list.d/mosquitto.list

echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee /etc/apt/sources.list.d/webupd8team-java.list

echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee -a /etc/apt/sources.list.d/webupd8team-java.list

echo 'deb https://dl.bintray.com/openhab/apt-repo2 stable main' | tee /etc/apt/sources.list.d/openhab2.list

echo "deb https://repos.influxdata.com/debian stretch stable" | tee /etc/apt/sources.list.d/influxdb.list

echo "deb https://packagecloud.io/grafana/stable/debian/ stretch main" | tee /etc/apt/sources.list.d/grafana_stable.list

echo "deb-src https://packagecloud.io/grafana/stable/debian/ stretch main" | tee -a /etc/apt/sources.list.d/grafana_stable.list

apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886

apt update

apt install mosquitto oracle-java8-installer openhab2 openhab2-addons influxdb grafana

systemctl start openhab2.service

systemctl status openhab2.service

systemctl daemon-reload

systemctl enable openhab2.service

Связка openhab, influxdb, grafana.

$ influx
Connected to http://localhost:8086 version 1.3.1
InfluxDB shell version: 1.3.1
> CREATE DATABASE openhab_db
> CREATE USER admin WITH PASSWORD 'SuperPassword' WITH ALL PRIVILEGES
> CREATE USER openhab WITH PASSWORD 'Password1'
> CREATE USER grafana WITH PASSWORD 'Password'
> GRANT ALL ON openhab_db TO openhab
> GRANT READ ON openhab_db TO grafana
> exit

$ influx

Connected to http://localhost:8086 version 1.3.1

InfluxDB shell version: 1.3.1

> CREATE DATABASE openhab_db

> CREATE USER admin WITH PASSWORD 'SuperPassword' WITH ALL PRIVILEGES

> CREATE USER openhab WITH PASSWORD 'Password1'

> CREATE USER grafana WITH PASSWORD 'Password'

> GRANT ALL ON openhab_db TO openhab

> GRANT READ ON openhab_db TO grafana

> exit

nano /etc/influxdb/influxdb.conf

1	nano /etc/influxdb/influxdb.conf

[http]  
enabled = true  
bind-address = ":8086"
auth-enabled = true
...

[http]

enabled = true

bind-address = ":8086"

auth-enabled = true

...

nano /etc/grafana/grafana.ini

1	nano /etc/grafana/grafana.ini

[users]
# disable user signup / registration
allow_sign_up = false
...
[auth.anonymous]
# enable anonymous access
enabled = true

[users]

# disable user signup / registration

allow_sign_up = false

...

[auth.anonymous]

# enable anonymous access

enabled = true

Отключение принтеров в samba

Posted on 22.02.2015 by Covax

No Comments

load printers = no
show add printer wizard = no
printcap name = /dev/null
disable spoolss = yes

load printers = no

show add printer wizard = no

printcap name = /dev/null

disable spoolss = yes

vhost_alias проблемы c $_SERVER[DOCUMENT_ROOT] и .htaccess

Posted on 24.08.2014 by Covax

No Comments

Статей по настройке vhost_alias много, но почти никто не упоминает о проблемах.
Я пока нашёл две. Первая — это некорректно начинает работать $_SERVER[DOCUMENT_ROOT] и вторая тоже самое с .htaccess.
Начну с .htaccess. При обычных настройках apache при записи в .htaccess:

RewriteEngine On
RewriteRule ^img/(.*)$ images/$1 [L,QSA]

1 2	RewriteEngine On RewriteRule ^img/(.*)$ images/$1 [L,QSA]

строка
http://domen.ru/img/picture.jpg
заменится на
http://domen.ru/images/picture.jpg.
При включении vhost_alias произойдёт следующее чудо:
http://domen.ru/domen.ru/images/picture.jpg
и естественно ничего работать не будет.
Решается это легко, добавление записи в .htaccess:

RewriteBase /

1	RewriteBase /

С $_SERVER[DOCUMENT_ROOT] чуть сложнее, но решаемо.
При включении vhost_alias на всех сайтах $_SERVER[DOCUMENT_ROOT] начинает отдавать /var/www, ни или какой корень настроен.
Вариантов решения два. Правильный это использовать dirname(__FILE__) вместо $_SERVER[DOCUMENT_ROOT].
Второй, если уже всё написано и лень исправлять, то рядом с настройкой vhost_alias допишем:

VirtualDocumentRoot "/var/www/%0"
php_admin_value auto_prepend_file /var/www/fix_docroot.php

1 2	VirtualDocumentRoot "/var/www/%0" php_admin_value auto_prepend_file /var/www/fix_docroot.php

В корне создадим файл fix_docroot.php с таким содержанием:

<?php
$_SERVER["OLD_DOCUMENT_ROOT"] = $_SERVER["DOCUMENT_ROOT"];
$_SERVER["DOCUMENT_ROOT"] = str_replace($_SERVER["SCRIPT_NAME"], '',$_SERVER["SCRIPT_FILENAME"]);
?>

<?php

$_SERVER["OLD_DOCUMENT_ROOT"] = $_SERVER["DOCUMENT_ROOT"];

$_SERVER["DOCUMENT_ROOT"] = str_replace($_SERVER["SCRIPT_NAME"], '',$_SERVER["SCRIPT_FILENAME"]);

Строчка $_SERVER[«OLD_DOCUMENT_ROOT»] нужна только для сохранения старого $_SERVER[«DOCUMENT_ROOT»], мало ли понадобится.
Ну и всё, рестартим apache и провераем.

Установка pptpd на debian в openvz

Posted on 28.06.2014 by Covax

No Comments

Загружаем модули:

modprobe ppp_mppe
modprobe ppp_deflate
modprobe zlib_deflate
modprobe ppp_async
modprobe ppp_generic
modprobe slhc
modprobe crc_ccitt

modprobe ppp_mppe

modprobe ppp_deflate

modprobe zlib_deflate

modprobe ppp_async

modprobe ppp_generic

modprobe slhc

modprobe crc_ccitt

И добавляем их в автозагрузку в /etc/modules.

Затем в ноде:

vzctl set 100 --features ppp:on --save
vzctl start 100
vzctl set 100 --devices c:108:0:rw --save
vzctl exec 100 mknod /dev/ppp c 108 0
vzctl exec 100 chmod 600 /dev/ppp

vzctl set 100 --features ppp:on --save

vzctl start 100

vzctl set 100 --devices c:108:0:rw --save

vzctl exec 100 mknod /dev/ppp c 108 0

vzctl exec 100 chmod 600 /dev/ppp

В виртуалке стандартно настраиваем pptpd.

Цвет в консоли

Posted on 28.06.2014 by Covax

No Comments

Всё делаем в .bashrc.
Строка приглашения. Правится переменная окружения PS1 и PROMPT_COMMAND. PS1 отвечает за внешний вид строки приглашения, а PROMPT_COMMAND за ее содержимое.

По умолчанию переменная PS1=»\u@\h: «. Символы u и h при отображении консоли будут заменены на имя текущего пользователя и имя машины.

PROMPT_COMMAND="date +%H:%M:%S"
PS1="\u@\h: "

1 2	PROMPT_COMMAND="date +%H:%M:%S" PS1="\u@\h: "

Благодаря специальным непечатаемым escape-последовательностям мы имеем возможность изменить цвет символов а также их фона. Стоит отметить что все escape-последовательности должны быть заключены в \[\033[ и \], а после кода цвета должна стоять буква «m«.

Таблица цветовых кодов:

Black 0;30
Blue 0;34
Green 0;32
Cyan0;36
Red 0;31
Purple 0;35
Brown 0;33
Light Gray 0;37
Dark Gray 1;30
Light Blue 1;34
Light Green 1;32
Light Cyan 1;36
Light Red 1;31
Light Purple 1;35
Yellow 1;33
White 1;37
NoColor 0

Покрасим нашу строку в красный и желтый цвета:

PROMPT_COMMAND="date +%H:%M:%S"
PS1="\[\033[1;31m\]\u@\h:\[\033[1;33m\](\w)\[\033[0m\]\[\033[0m\]"

1 2	PROMPT_COMMAND="date +%H:%M:%S" PS1="\[\033[1;31m\]\u@\h:\[\033[1;33m\](\w)\[\033[0m\]\[\033[0m\]"

или

PS1="\[\033[1;30m\]\t-\[\033[1;31m\]\u@\h:\[\033[1;33m\](\w)\[\033[0m\]\[\033[0m\]"

1	PS1="\[\033[1;30m\]\t-\[\033[1;31m\]\u@\h:\[\033[1;33m\](\w)\[\033[0m\]\[\033[0m\]"

Отправка почты с вложением из консоли

Posted on 10.11.2012 by Covax

No Comments

Устанавливаем mpack

Mpack and munpack are utilities for encoding and decoding (respectively) binary files in MIME (Multipurpose Internet Mail Extensions) format mail messages. For compatibility with older forms of transferring binary files, the munpack program can also decode messages in split-uuencoded format.

1	Mpack and munpack are utilities for encoding and decoding (respectively) binary files in MIME (Multipurpose Internet Mail Extensions) format mail messages. For compatibility with older forms of transferring binary files, the munpack program can also decode messages in split-uuencoded format.

Из консоли отправляем так:

mpack -s "Тема письма" file.txt email@domain.ru

1	mpack -s "Тема письма" file.txt email@domain.ru