Partition the stick/hard drive (we assume it is located under /dev/sdb)
fdisk /dev/sdb
Setup the encrypted partition with cryptsetup
cryptsetup -c aes-cbc-essiv:sha256 -s 256 luksFormat /dev/sdb1
Optionally add aditional keys
cryptsetup luksAddKey /dev/sdb1
Open the container
cryptsetup luksOpen /dev/sdb1 some_name
Create the file system
mkfs.ext3 -L label -m 0 /dev/mapper/some_name
Close the container
cryptsetup luksClose some_name
/etc/init.d/ldap.client stop
/etc/init.d/nscd stop
Add “ldap” to “passwd” and “groups” in /etc/nsswitch.conf, modify /etc/pam.conf and install /var/ldap/ldapclientfile. Create /var/ldap/ldapclientcred of the form
NS_LDAP_BINDDN= cn=admin,dc=ifi,dc=uzh,dc=ch
NS_LDAP_BINDPASSWD= {NS1}*****************
After restarting nscd and ldapclient
/etc/init.d/ldap.client start
/etc/init.d/nscd start
ldaplist should already yield a list of users defined in LDAP and “id” should be able to identify them.
All is left is to create the certificate database for ldapclient. Use the certutil to create it and add the RootCA of your LDAP server certificate
certutil -A -n certname.pem -t CT -d /var/ldap -i certname.pem
Now also login should work.
]]>kvm images.
]]> How to enlarge a kvm imageConvert the kvm image to raw format if necessary.
qemu-img convert -O raw original.img raw.img
Make a backup copy of the image.
Enlarge the raw image.
dd if=/dev/zero of=raw.img bs=1 count=0 seek=[size in]GB
Attach the enlarged image to a loop device.
losetup /dev/loop0 raw.img
Use
fdisk /dev/loop0
to create a new partition or enlarge an existing one to accomodate the additional disk capacity.
Boot the machine using the new image.
Log in to the machine and start up lvm. Either add the new partition as a new physical volume (pvcreate) and add it to a volume group (vgextend) or in case an existing partition was enlarges use
lvm> pvresize /dev/vda2
and add the newly available space to logical volumes
lvm> lvresize -L +511.02G /dev/philipp/home
Enlarge the filesystem (ext2/3).
resize2fs /dev/philipp/home
git config --global user.name 'Hanspeter Kunz'
git config --global user.email 'hp@edelkunz.ch'
More to follow…
]]>If you’re you want to help developing logcheck yourself, you probably better read this.
]]> Get or update logcheck from gitBefore starting, get logcheck from git
git clone git://git.debian.org/git/logcheck/logcheck.git
or bring it to current state
git pull --rebase
N.B. Browse the the git repository online.
Develop and test rules
Let’s say we want to filter out message like
Sep 16 23:26:30 seamus deliver(vmail): msgid=3ee0701c9180f$a9da4580$0201a8c0@D9MCN291: saved mail to INBOX
As deliver is part of dovecot, the file were rule has to be added or modified is
rulefiles/linux/ignore.d.server/dovecot
Check README.logcheck-database in case it is not clear where to look for or put the rule. To test if the message is not already filtered (because somebody else wrote a rule) do
egrep -v -f rulefiles/linux/ignore.d.server/dovecot
and paste the message or, alternatively, use
egrep -v "[rule]"
to test the rule directly. If the pasted message is echoed, it is not filtered. Thus, add or modify a rule, until the rule fits.
Add an entry to debian/changelog with
dch -a
(leave out the -a to bump the version number) and commit both the rulefile and the changelog with
git add rulefiles/linux/ignore.d.server/dovecot debian/changelog
debcommit -e
Upload the modifications back to the repository
When satisfied, push the changes to the remote repository
git push
Build an updated debian package
]]>