Install Apache

Apache is the most popular Web HTTP server for a Linux servers.

yum install httpd httpd-devel

We might need the httpd-devel libraries to compile and install other modules from the sources, just to be on the safer side. /etc/httpd/conf/httpd.conf – Apache configuration file location.

/etc/init.d/httpd start

Install MySQL Database Server

MySQL is a widely used open source database server on most Linux servers and can very well integrate to PHP and Apache server on CentOS/RHEL.

yum install mysql mysql-server mysql-devel

If you attempt to type mysql in command prompt, you will be getting this nasty error.

ERROR 2002 (HY000): Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock’

This is because you are not running the mysqld daemon before launching the mysql client. The file /var/lib/mysql/mysql.sock will be automatically created upon running the first instance of mysql.

To fix:

First start the mysql daemon, then type mysql:

/etc/init.d/mysqld start
mysql

Changing MySQL Root Password

By default the root password is empty for the mysql database. It is a good idea to change the mysql root password to a new one from a security point of view.

mysql> USE mysql;
mysql> UPDATE user SET Password=PASSWORD('newpassword') WHERE user='root';
mysql> FLUSH PRIVILEGES;

Once done, check by logging in:

mysql -u root -p
Enter Password:

To Create A New MySQL User

To create a new mysql user ‘guest’ with ‘all privileges’ on the database ‘demo’:

mysql > create database demo
mysql >GRANT ALL PRIVILEGES ON demo.* TO 'guest'@'localhost' IDENTIFIED BY 'guest' WITH GRANT OPTION;
mysql> UPDATE user SET Password=PASSWORD('guest') WHERE user='guest';

That’s it! MySQL is ready! Don’t forget to remember the root password as we might be using it with phpmyadmin.

Install PHP5 Scripting Language

Installing PHP5 with the necessary modules is so easy and can be configured for both the Apache and mysql environment.

yum install php php-mysql php-common php-gd php-mbstring php-mcrypt php-devel php-xml

Don’t forget to install php-gd (gd library). It is very important if we plan to run captcha scripts on our server and so as other which are dependent on mysql and other functions.

Restart Apache to load php.

/etc/init.d/httpd restart

To Test If PHP Is Working Or Not:

Create a file named /var/www/html/test.php with the following phpinfo() function inside php quotes.



Then point your browser to http://ip.address/test.php.

That’s it! You should see a php configuration file displaying all kind of paths and installed modules.

Closely observe the installed configuration on your server.

* PHP Paths (php.ini path)
* Apache paths and Loaded Modules (mod_security, mod_evasive if installed_
* PHP GD Library
* MySQL paths and other information

Install phpMyAdmin

phpMyAdmin is a free web based MySQL database Administration Tool. Without phpMyAdmin it is almost impossible to mysql db operations in the command line. phpMyAdmin has become so convenient and it is absolutely sought by most webmasters to be present along with the mysql server.

yum install phpmyadmin

Point your browser to: http://ip.address/phpmyadmin.

Common Errors

You might encounter the following errors while configuring phpmyadmin.

Forbidden
You don't have permission to access /phpmyadmin/ on this server.

To fix:

Edit the /etc/httpd/conf.d/phpmyadmin.conf and uncomment the line deny from all.

nano /etc/httpd/conf.d/phpmyadmin.conf


Order Deny,Allow
# Deny from all
Allow from 127.0.0.1


Error
The configuration file now needs a secret passphrase (blowfish_secret)

To fix:

nano /usr/share/phpmyadmin/conf.inc.php

Look for a line and enter any password. Just dont leave it empty!

$cfg['blowfish_secret'] = 'mydemopass'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

It worked for me using the above methods!
Log into the phpmyadmin with the mysql root password we changed while installing the mysql database.

Install Webmin

Webmin a free server hosting control panel for Linux. It is a web based hosting administration tool and can be handy to tweak settings in your server if you are a beginner to Linux! You can download webmin here. Since webmin cannot be installed using yum, we can download an RPM package and install it on our server.

wget
rpm - i webmin-1.410-1.noarch.rpm

That should be a pretty easy installation! Remember webmin uses port 10000 and should not be blocked by your firewall.

Point your browser to: http://ip.address:10000

You should see a webmin login. But we don’t know the login and password yet! To set up the webmin password run the script below…

/usr/libexec/webmin/changepass.pl /etc/webmin admin

Log in with the admin username and new webmin password!
To uninstall webmin, just run:

/etc/webmin/uninstall.sh

Final Steps

We want the Apache and mysql to be loaded at every boot so we switch them on using chkconfig:

chkconfig httpd on
chkconfig mysqld on

9 Adimda Centos 5.3 Ustunde Acele VPN Kuralim – POPTOP – pptpd

Centos umuza ilgili programlari kuralim
1– #rpm -Uvh http://poptop.sourceforge.net/yum/beta/rhel5/i386/pptp-release-4-3.rhel5.noarch.rpm
2- yum install pptpd

Simdi conf dosyalarini editleyelim
3-nano /etc/sysctl.conf
net.ipv4.ip_forward = 1
yapalim, sonra
sysctl -p
sysctl yi bastan baslatir.
veya kisa yoldan :
# echo 1 > /proc/sys/net/ipv4/ip_forward

4- # nano /etc/pptpd.conf
en alta yaz ornek:
localip 10.0.0.1
remoteip 10.0.0.101

5- # nano /etc/ppp/options.pptpd
ms-dns 208.66.0.95

6- # nano /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
Haciyatmaz pptpd supergizliparola *

7- service pptpd start

8- Iptables ile acele NAT yapalim

iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE

Linux tarafi bitti ,
———————
Windows tarafinda:
9- Desktop > Network > Properties > Set up a connection or network > connect to a work place >

Islemleri tamam la baglan vpn hazir! 🙂

Asagidaki metin anonim alintidir. Nerede kim yazmistir bilmiyorum. Ancak en altindaki linux dagitimlarindan oldukca eski gozuktugunu soyleyebilirim.

Linux Tarihçesi

Kişisel bilgisayar dünyasında Windows kral iken… Finlandiya’da 21 yaşında bir üniversite öğrencisi çıkmış. Yeni edindiği Intel 386 bilgisayarına kurulu DOS’ u sevmemiş; Helsinki Üniversitesi’nin bilgisayarlarında çalışan Unix’ ten kendi bilgisayarında da olsun istemiş. Ama bilgisayar dünyasını idare eden krallar, PC için Unix satılmasını çok ağır para şartlarına bağlamışlar ve büyük firmalar dışında küçük şahısların Unix edinmesini adeta istemezlermiş.

Linus adli Helsinkili bu genç, düşünmüş, düşünmüş… Ve sonunda krallara para vermektense, kendi işletim sistemini kendisi yazmaya karar vermiş. Çünkü çok zeki ve becerikli bir gençmiş. Ortaya DOS yerine bir PC’ yi çalıştırmaya, BIOS bilgilerini edip, bilgisayarın klavyesi nerede, ekranı nerede anlamasına yeter düzeyde bir işletim sistemi çıkınca, ilk isi bunu, o zaman, yani 1991 yılında ne ölçüde Internet varsa, o ölçüde çevresine yaymaya karar vermiş. Çünkü bu genç çok alçakgönüllüymüş. Arkadaşları “Yahu Linus, bu ne güzel Unix! Gel bunun adi Linux olsun; hem seni hatırlatır, hem de Unix’ i!” demişler.

Böylece yeni işletim sisteminin adi Linux olmuş. Aradan yıllar geçmiş. PC dünyasında işletim sistemi tahtına kurulmak isteyen krallar arasında kavga başlamış. Kral IBM, PC tahtına geçmek üzere ortaya OS/2 diye bir prens sürmüş. Ama kral Windows, bu prensi bir kılıç darbesiyle öldürmüş! Büyük bilgisayar sarayındaki Unix kralları ise arda bir “PC tahtını nasıl ele geçiririz?” diye düşünüyorlarmış, ama “PC krallığının kulları zengin değil, bize büyük firmalar gibi çok para kazandıramazlar!” deyip vazgeçiyorlarmış yarıştan. Fakat PC krallarının kulları arasında Windows’ un hükümdarlığından hoşlanmayanların sayısı da artıyormuş.

O sırada bir taraftan kendi PC’ sini yöneten Linux tabanın dikkatini çekmiş;”Bizim PC’ mizi de yönetir misin?” demişler. Linux, “Tabii yönetirim!” demiş. PC’ler “Peki kaç para?” diye sormuşlar; Linux, “Para istemem, ama bir şartım var! “ demiş. PC’ler o güne kadar hiç böyle bir şey duymamışlar.”Nedir şartın?” diye sormuşlar hayretle! Linux, “Para istemem, ama hiçbiriniz de benim sırtımdan para kazanamazsınız” demiş. Linux, ayrıca kendisinin değiştirilmesine de izin vermiş; ama bu kez şartı kendisinde yapılan değişikliğin herkese açık olmasıymış.

Linux, dünyanın ilk serbest dağıtılan yazılımı değil. “Serbest Yazılım Vakfı” diğer birçok kurum, henüz PC icat edilmeden önce, bilgisayar yazılımının ücretsiz dağıtılması fikrini benimsemiş kişiler yazdığı programları bir araya getiriyor ve dağıtıyordu. Yakin zamana kadar Linux da tamamen ücretsiz edinilebilirdi. Fakat bir bilgisayar işletim sistemi yazılımını kernel adı verilen çekirdek programı kendi donanımına göre “derlemek” tabir edilen işlemden geçirerek kurabilecek çok az kullanıcı bulunduğu için, birçok firma, bir “Linux’u bilgisayara kurma programı” üreterek bunu satıyor. Bu tür Linux kurma programına, “Linux Dağıtımı” (distribution) adi veriliyor. “Dağıtım” paketleri üreten firmalar, kendi paketlerin daha cazip hale getirmek için, sundukları ürünün bir Linux sisteminde bulunması gereken birçok yan ürün içermesine de özen gösteriyorlar.

Serbest Yazılım ruhuyla hareket eden Linux’u kendi yazılımları için en elverişli ortam diye gören birçok bireysel programcı da programını ücretsiz dağıtıyor. Ayrıca Linux’un yayılması fikrini savuna dernekler ve kullanıcı guruplar tarafından ücretsiz verilen “dağıtım” paketleri da var. Bunları Internet’ten indirerek, kurmanız mümkün. Linux’u, ortaya çıkaranın amacına uygun şekilde gerçekten beş kuruş para ödemeden edinmek istiyorsanız, Internet adreslerinde indirebilirsiniz. Ayrıca, Internet’te başka birçok yerden ticari olmayan dağıtım paketi bulmanız da mümkün.

Linux, bir Unix programı mıdır? Bu sorunun cevabını vermek için “ Unix programı nedir?” diye sormak gerekir. Unix sistemini geliştiren bilim adamları ve bilgisayar işletimcileri, bu ad altında çok sayıda işletim sisteminin ortaya çıkması üzerine, oturup birtakım standartlar geliştirmiş, hatta bir “Bir sistemin Unix olduğunu onaylama süreci” belirlemiş bulunuyorlar. Bu ilkeler dikkate alınırsa, Linux bir Unix-türevidir; ama LinusTorvalds programı için hiçbir zaman bu onayı istemediğine göre, Linux bir Unix değildir.

Linux’un ilk kullanım alanı PC, ve ilk kullanıcısı da bilgisayar bilimi öğrencisi iken bugün firmaların ağ yöneten bilgisayarlarında (server) ve hatta üniversite ve araştırma kurumlarının süper-bilgisayarlarında bile bu sisteme rastlamanız mümkün. ISS’ ler firmalar arasında da Linux kullanımı hızla yayılmaktadır. Bir lisans karşılığı dağıtılmadığı için Linux kullanıcılarının kaydı hiçbir yerde tutulmuyor. Ticari dağıtımların yaygınlaşması ile bu firmaların satış rakamları, Internet’ten yapılan indirmelerin sayısı ve çeşitli konferans ve kullanıcı gurupların derlediği verilere bakılırsa, bugün 8 milyon bilgisayar kullanıcısının Linux sistemine sahip olduğu söylenilebilir.

Linux, çekirdek program olarak, DOS gibi, komut satırından yönetilir. Fakat günümüzde birçok kişi, kurum ve kuruluş ücretsiz, ticari firmalar ise ücretli, grafik kullanıcı arabirimi veya Windows benzeri masaüstü programları üretiyor, dağıtıyor ve satıyorlar. Linux sisteminin edindiği ilk kullanıcı arabirimi, “X Windows Sistemi” idi. Bu, Microsoft firmasını Windows işletim sisteminin masaüstü ve her program için bir pencere yaklaşımına benzetilebilir. Kısaca X denilen bu arabirim, daha sonra yaygın olarak kullanılan birçok Linux masa üstünün temeli oldu. Linux, Microsoft Windows, IBM OS/2 ve diğer bir Unix sistemi ile dosya alış verisi yapabilir; bu sistemlerle TCP/IP protokolü ile dosya alışverişinde bulunabilir.

Dolayısıyla bir Linux sistemi, hem Web Server hem de Web Browser için işletim sistemi olabilir. Linux’un bir ağ ortamında, ağ merkezi veya yazıcı veya dosya sistemi paylaşımını sağlayan merkez olarak kullanılması için, diğer sistemlerle iletişimini sağlayan protokolleri vardır. Bugün birçok gönüllü kişilerin katkılarıyla, Linux veri tabanı yönetimi ve dağıtımı yapabilen güvenli ve istikrarlı bir işletim sistemi haline gelmiş bulunuyor.

Linux da diğer birçok işletim sistemi gibi, gelişmekte olan bir yazılımdır; ücretsiz dağıtılan çekirdek kodu ve ücretli-ücretsiz ekleri, arabirimleri, yükleme programları,

Linux Dağıtımlarını Tanıyalım

CALDERA: Özellikle büyük firmaların ve ağ sunucusu ve is istasyonu bilgisayarları için ticari Linux dağıtımı yapmaktadır. Novell ağ yöneticisi programları ve sürücülerinin lisansını alarak, kendi dağıtımı il birlikte vermektedir. Bu firmanın dağıtımında, Windows 3.1 için yazılmış, 16 bit’lik Windows programlarını Linux ortamında çalıştırmayı sağlayan WABI adli grafik kullanıcı arabirimi de bulunmaktadır.

DEBIAN : Birçok gönüllüyü bir araya getiren bir örgüt olan Debian grubunun (www.debian.org) dağıtımı olan Debian GNU/Linux, Internet’ten edinilebileceği gibi, CD-ROM olarak da bulunabilir.

DLX: Erich Boehm tarafından geliştirilmiş, tam bir Linux sistemidir. 3.5 inç’lik bir disketle dağıtılır. Grafik arabirim ve uygulama programı içermez.

DOS LINUX: Kent Robotti tarafından geliştirilmiş bir Linux sistemidir, MSDOS, PCDOS, OPENDOS ve Windows-95’in DOS kipinde çalışır.

HAL91 FLOPPY : Qyvind Kolas tarafından geliştirilmiş olup, floppy diskete asgari Linux kurulumu yapar. İşletim sisteminden başlangıç ve acil durum disketi olarak yararlıdır.

INFOMAGIC: Kendi Linux dağıtımı olan bu firmanın (www.infomagic.com) piyasaya sürdüğü dağıtımdan bulunan Linux, ağ ortamı için hazırlanmıştır; özellikle Apple firmasının bilgisayarlarının bulunduğu ağlar için sürücüler içerir.

LINUX MANDRAKE: Mandrake firması tarafından geliştirilmiştir. KDE grafik arabirimi, Apache Web Server, Gimp, Netscape Communicator ve diğer birçok programı da içerir.

LINUX PPC: PowerPC Linux Projesi adli grup tarafından PowerPC mimarisindeki bilgisayarlar için geliştirilmiştir.

LINUX PRO: Workgroups Solutions firmasının dağıtımı olup, 7 CD-ROM’luk bir set halinde satılır. İçerdiği programlar arasında Linux Ansiklopedisi, 1600 sayfalık bir kitap, kurma, çekirdek derleme ve ayar konusunda birçok belge içerir. İçerdiği kaynaklar arasında Internet ve Usenet’teki Linux tartışmalarından seçmeler de vardır.

LINUXWARE : Trans-Ameritech firması tarafından geliştirilmiş, esnek, kurulması kolay ve özellikle evde kullanılan PC’ler için geliştirilmiştir. Windows 3.1, Windows 95 veya DOS’ tan yüklenir.

MKLINUX: Apple Bilgisayarları Açık Araştırma Grubu adli bir örgüt tarafından geliştirilmiştir; Macintosh bilgisayarlarına kurulur.

TURBOLINUX: Pacific Hi-Tech tarafından geliştirilmiş olup, Intel, DEC Alpha ve PowerPC bilgisayarlarında çalışır. Japonca ve Çince sürümleri vardır. Bu firma (www.pht.com) diğer Asya ve Avrupa dillerinde de Linux dağıtımları çıkartmaya hazırlandığını bildirmektedir.

REDHAT: Linux dağıtımında öncü firmalardan olan Redhat, Linux Geliştirme Ekibi’ne mensup üç kişi tarafından kurulmuştur. Birçok yazılım ve donanım firmanın yatırım yaptığı bu firmanın (www.Redhat.com) dağıtımının bazı bölümleri ücretsiz edinilebilir; fakat bütün paket için para ödemek gerekir.

S.u.S.e GmbH: Alman şirketidir (www.Suse.com) . Linux’un Almanca ve İngilizce sürümünü içeren paralı bir dağıtımı vardır. CD-ROM’larında diğer kurum ve firmaların dağıtımı da bulunur.

SLACKWARE: Patrik Volkerding tarafından geliştirilen kur programı ile birlikte verilen bu Linux çekirdeği, belki bugün en yaygın olan Linux’tur. Bu dağıtımı, su anda birçok firmadan, örneğin Walnut Creek CDROM firmasının (www.cdrom.com) CD-ROM’larından ve Internet sitesinden edinmek mümkündür.

STAMPEDE: Stampede firması tarafından Linux programcıları hedef alınarak geliştirilmiştir; birçok Unix programı içerir.

http://www.linuxweblog.com/tune-my.cnf

Tuning / Optimizing my.cnf file for MySQL

bu oldukca eski ancak is goruyor.

acik acik yaziyor neyin ne oldugu.

aramak zorunda kalmak pek fena yoksa.

[mysqld]
socket=/path/to/mysql.sock
datadir=/var/lib/mysql
skip-locking
skip-innodb
# MySQL 4.x has query caching available.
# Enable it for vast improvement and it may be all you need to tweak.
query_cache_type=1
query_cache_limit=1M
query_cache_size=32M
# max_connections=500
# Reduced to 200 as memory will not be enough for 500 connections.
# memory=key_buffer+(sort_buffer_size+read_buffer_size)*max_connections
# which is now: 64 + (1 + 1) * 200 = 464 MB
# max_connections = approx. MaxClients setting in httpd.conf file
# Default set to 100.
#max_connections=200
#interactive_timeout=180
interactive_timeout=100
#wait_timeout=180
#wait_timeout=100
# Reduced wait_timeout to prevent idle clients holding connections.
#wait_timeout=30
wait_timeout=15
connect_timeout=10
# max_connect_errors is set to 10 by default
#max_connect_errors=10
#table_cache=256
#table_cache=1024
# Checked opened tables and adjusted accordingly after running for a while.
table_cache=512
#tmp_table_size=32M by default
#thread_cache=128
# Reduced it to 32 to prevent memory hogging. Also, see notes below.
thread_cache=32
# key_buffer=258M
# Reduced it by checking current size of *.MYI files, see notes below.
key_buffer=128M
# Commented out the buffer sizes and keeping the default.
# sort_buffer_size=2M by default.
#sort_buffer_size=1M
# read_buffer_size=128K by default.
#read_buffer_size=1M
# 1Mb of read_rnd_buffer_size for 1GB RAM -- see notes below.
# read_rnd_buffer_size=256K by default.
#read_rnd_buffer_size=1M
# myisam_sort_buffer_size used for ALTER, OPTIMIZE, REPAIR TABLE commands.
# myisam_sort_buffer_size=8M by default.
#myisam_sort_buffer_size=64M
# thread_concurrency = 2 * (no. of CPU)
thread_concurrency=2
# log slow queries is a must. Many queries that take more than 2 seconds. 
# If so, then your tables need enhancement.
log_slow_queries=/var/log/mysqld.slow.log
long_query_time=2

[mysql.server]
user=mysql
basedir=/var/lib

[safe_mysqld]
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
open_files_limit=8192

[mysqldump]
quick
max_allowed_packet=16M

[mysql]
no-auto-rehash
# Remove the next comment character if you are not familiar with SQL
#safe-updates

[isamchk]
key_buffer=64M
sort_buffer=64M
read_buffer=16M
write_buffer=16M

[myisamchk]
key_buffer=64M
sort_buffer=64M
read_buffer=16M
write_buffer=16M

[mysqlhotcopy]
interactive-timeout 

[client]
socket=/path/to/mysql.sock

Below are notes on some of the important variables, I took down while tuning the config file.

  1. query_cache_size:
    • MySQL 4 provides one feature that can prove very handy – a query cache. In a situation where the database has to repeatedly run the same queries on the same data set, returning the same results each time, MySQL can cache the result set, avoiding the overhead of running through the data over and over and is extremely helpful on busy servers.
  2. key_buffer_size:
    • The value of key_buffer_size is the size of the buffer used with indexes. The larger the buffer, the faster the SQL command will finish and a result will be returned. The rule-of-thumb is to set the key_buffer_size to at least a quarter, but no more than half, of the total amount of memory on the server. Ideally, it will be large enough to contain all the indexes (the total size of all .MYI files on the server).
    • A simple way to check the actual performance of the buffer is to examine four additional variables: key_read_requests, key_reads, key_write_requests, and key_writes.
    • If you divide the value of key_read by the value of key_reads_requests, the result should be less than 0.01. Also, if you divide the value of key_write by the value of key_writes_requests, the result should be less than 1.
  3. table_cache:
    • The default is 64. Each time MySQL accesses a table, it places it in the cache. If the system accesses many tables, it is faster to have these in the cache. MySQL, being multi-threaded, may be running many queries on the table at one time, and each of these will open a table. Examine the value of open_tables at peak times. If you find it stays at the same value as your table_cache value, and then the number of opened_tables starts rapidly increasing, you should increase the table_cache if you have enough memory.
  4. sort_buffer:
    • The sort_buffer is very useful for speeding up myisamchk operations (which is why it is set much higher for that purpose in the default configuration files), but it can also be useful everyday when performing large numbers of sorts.
  5. read_rnd_buffer_size:
    • The read_rnd_buffer_size is used after a sort, when reading rows in sorted order. If you use many queries with ORDER BY, upping this can improve performance. Remember that, unlike key_buffer_size and table_cache, this buffer is allocated for each thread. This variable was renamed from record_rnd_buffer in MySQL 4.0.3. It defaults to the same size as the read_buffer_size. A rule-of-thumb is to allocate 1KB for each 1MB of memory on the server, for example 1MB on a machine with 1GB memory.
  6. thread_cache:
    • If you have a busy server that’s getting a lot of quick connections, set your thread cache high enough that the Threads_created value in SHOW STATUS stops increasing. This should take some of the load off of the CPU.
  7. tmp_table_size:
    • “Created_tmp_disk_tables” are the number of implicit temporary tables on disk created while executing statements and “created_tmp_tables” are memory-based. Obviously it is bad if you have to go to disk instead of memory all the time.

This howto is about making ProFTPD work with CLAMAV to scan all files uploaded by users using a FTP client.
Recently our customers are having real difficulty with Iframe viruses, Php shells and other kind of windows viruses are also a headache always.
ClamAV is already working with exim mail server in our servers for years. Why not make it also scan incoming FTP uploads.This will add more CPU Time to our servers, but preventing users to upload any kind of virus data makes sense.

How will this work? :
-we will add ClamAV support to ProFTPD using mod_clamav module.
-when a user uploads a file using FTP, ClamAV will scan incoming file after upload finishes.
-if any kind of virus like signature found by ClamAV, uploaded file will be deleted from server, notifying the FTP client.

1- we will need a working ClamAV installation on server before this. I prefer not to tell how to install ClamAV to server this time, because there is already a very handy script called update.script which can install ClamAV and tons of other stuff. I take portions of this script to automate my process. Thanks to original update.script creator!

If ClamAV is already installed and updating itself regularly please skip this step.

-INSTALL CLAMAV-

Code:
mkdir /usr/local/updatescript
cd /usr/local/updatescript
wget http://tools.web4host.net/update.script
chmod 755 update.script

Run it once.

Code:
./update.script

Install Clamav

Code:
./update.script CLAMAV

Clamav Installation Done!

2- Update ProFTPD with current version. And patch it using mod_clamav for ClamAV usage.

Code:
cd ~
wget http://www.serverdirekt.com/DA/FTPAV/ftpantivirus
chmod +x ftpantivirus
./ftpantivirus

-this script will download ProFTPD, download mod_clamav latest version, patch ProFTPD with mod_clamav, compile and install new ProFTPD package with ClamAV support.

3- We need to edit our clamav.conf file to allow TCPSocket connections to port 3310

Code:
nano /etc/clamd.conf

find #TCPSocket 3310 line and comment it out.
find #TCPAddr 127.0.0.1 line and comment it out.
Final file will look like this:

Code:
....................
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /tmp/clamd

# Remove stale socket after unclean shutdown.
# Default: no
FixStaleSocket yes

# TCP port address.
# Default: no
TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: no
TCPAddr 127.0.0.1
....................

4- Finally we need to edit proftpd.conf to use our new mod_clamav module.

Code:
nano /etc/proftpd.conf

inside <Global></Global> tags at the end add:

Code:
<IfModule mod_clamav.c>
   ClamAV on
   ClamServer localhost
   ClamPort 3310
   ClamMaxSize 5 Mb
</IfModule>

we do not want to scan files bigger than 5 Mb to save some CPU time.

5- Restart ClamAv and ProFTPD to test this out!

Code:
service clamd restart
service proftpd restart

6- Finally go to http://www.eicar.org/anti_virus_test_file.htm to download eicar test virus and upload it to your ftp server with your favorite FTP client.

If you see something like that on your FTP client logs, well done!

Code:
Command:	STOR eicar_com.zip
Response:	150 Opening BINARY mode data connection for eicar_com.zip
Response:	550 Virus Detected and Removed: Eicar-Test-Signature
Status:	Retrieving directory listing...

7- IF something goes wrong and your ClamAV enabled ftp server is not scanning files as it should.

first check ProFTPD if mod_clamav is activated

Code:
proftpd -vv

If you see mod_clamav.c under Loaded modules:
you have mod_clamav ready.

For further investigation we can run our ProFTPD server in debug mode to see what’s going on:

Code:
service proftpd stop
proftpd -n -d 10

Try to login and upload eicar test virus to your FTP now, you will see what’s going on under the hood in good detail…

FINAL NOTE: I tested this only on Centos 5.x i386 and X86_64 servers. So there is no guarantee that it will work on any other O/S.

microzoftun spf duzenleyicisi:

1- http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/default.aspx

hotmail spf spf diye tutturursa buna bakiyoruz

2- bu linkdeki amca cok ugrasmis helal olsun
cozmus olayi

http://www.innovation-station.net/archives/2007/03/29/hotmail-and-my-spf-nightmare/

Hatta icerigide su sekilde yazdiklarinin:

Do you know what a SPF record is?

No?

Neither did I until Microsoft decided to class me as a spammer, and if you read on you might just save yourself from loosing several days of your life trying to implement one.

Me Sir, a ’spammer’?

Anyway, to understand what I’m rambling on about we need a bit of background, and why this ‘SPF Record’ is getting me so wound up.

I, unlike the majority of people with common sense, use Hotmail as my primary email provider, and have done since I first starting using the Internet. In fact I had my Hotmail address before it became part of the Microsoft empire. One thing that annoys me however, is that I am now having to put up with more and more spam, despite efforts to curtail it.

We all know the stress of sorting through spam, and thank the people who work on solutions to filter out or just stop that crap coming through. However, I am sure you will understand my annoyance when I found out that thanks to the configuration of my (dv) dedicated-virtual server I have in fact been branded a ’spammer’ by Microsoft, and as a result they appear to be black holing any mail sent to a Hotmail account from my (dv).

Before I go any further I would just like to clarify that this is in fact nothing to do with the (dv) server as a product or Media Temple, but rather the way in which a virtual server environment works. I have found dozens of references via Google of people complaining of the same problems, and interestingly most seem to refer to people running VPS environments using Plesk.

As with all things, when something goes wrong, you have to learn how it works to be able to fix it, and thus I have been learning some of the ins and outs of running mail servers and the DNS system.

Disclaimer: At this point I would just like to say I only have a (very) basic idea about how either work, so don’t take anything I say as gospel, but rather use it as a loose guide and reference to where you may find further help.

Where is my mail going!?

After getting in touch with the guys at (mt) I decided that I needed to find where my bloody mail was going. I wasn’t getting a bounceback mail from the Hotmail server, and Thunderbird told me that the mail was delivered. Thankfully due to the fact that the (dv) allows you to delve into the OS to see what’s going off, I thought I would interview the SMTP log and see what was going off. The SMTP server in Plesk’s case is called “Qmail’ and the logs are located at # /usr/local/psa/var/log/maillog and can be read in a number of ways. In this case I found the easiest way to track what was going off was to use the tail -f command which spurts out the log information for events as they are happening, and this is what I got when I tried to send an email to my Hotmail account:


Mar 22 17:32:23 as qmail: 1174584743.517414 delivery 437: success: 65.54.244.168_accepted_message./Remote_host_said:_250_ <4602BEEF.1080905@helloian.com>_Queued_mail_for_delivery/

So it would seem that the Hotmail server is accepting the mail, queuing it, but never actually delivering it, due to their spam filtering technology. A quick search on Google showed that plenty people seemed to have experienced the same problem. Interestingly most were using Plesk, and virtually all of them were using Qmail as their SMTP server. Clicking the seemingly never ending list of results, I realised that not one had any comments regarding a working solution, but the acronym SPF kept popping up a lot, so I decided it was worth a look.

The Sender Policy Framework

The Sender Policy Framework allows a domain owner to specify which machines are allowed to send email on its behalf. This kind of mechanism is unfortunately not present in the Simple Mail Transfer Protocol, a fact that allows spammers to send e-mail from forged addresses relatively easily, as there is no inbuilt validation when an email is sent and then received.

Fortunately the remedy is relatively straight forward to implement. The SPF record is applied as a TXT type entry in the domain’s DNS record, and it’s as simple as that. Now, when you send an email, the receiving mail server can use this SPF record to verify that the origin of the email is legitimate. To help illustrate what is happening, below is a MIME header from an email I sent between two accounts on my (dv).

Return-Path:
Delivered-To: 3-sayhello@helloian.com
Received: (qmail 32062 invoked from network);
29 Mar 2007 17:59:58 +0100
Received: from 85-211-13-70.dyn.gotadsl.co.uk 

(HELO ?192.168.1.5?) (85.211.13.70)
  by distillate-hosting.net with (DHE-RSA-AES256-SHA encrypted)
  SMTP; 29 Mar 2007 17:59:58 +0100
Message-ID: <460BF1EE.4020508@distillate.co.uk>
Date: Thu, 29 Mar 2007 18:05:50 +0100
From: Ian Halliday
User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)
MIME-Version: 1.0

The confusion arises when the receiving machine reads the email is claiming to be from the domain ‘distillate.co.uk’ but has been sent via the server ‘distillate-hosting.net’. As far as the machine is concerned, there is no link between the claimed sender and the machine it originated from. There is no way to tell if this information is legitimate or not.

The reason that my initial searches on Google seemed to show that it was mostly VPS users with multiple domains that were suffering from this problem is that by its very nature, a VPS server running by multiple domains will send mail from the mail server of any given domain (in my case distillate.co.uk) through the SMTP server of the host VPS platform (distillate-hosting.net in my case). Unfortunately emails sent using this setup look very similar to ’spam’ messages, and the Hotmail spam filter (known as ‘SmartScreen’) is quick to step in and black hole the email, meaning it never reaches its destination, despite the Hotmail server notifying the sender that the email has been received and delivered.

Fortunately, this is where the SPF record steps in to clear matters up. The SPF record tells the receiving machine that the server ‘distillate-hosting.net’ sends mail on behalf of the mail exchanger for the domain ‘distillate.co.uk’ and this is written as:

v=spf1 mx ip4:XXX.XXX.XXX.XXX mx:mail.YYYYYY.YYY ?all

Where:

  • v=spf1 Denotes the following as a SPF record.
  • mx States that the Mail Exchanger sends outbound mail for server as stated in the next segment<./li>
  • ip4:XXX.XXX.XXX.XXX Is the IPv4 formatted IP address of the (dv) server.
  • mx:mail.YYYYYY.YYY States that the Mail Exchanger of the domain specified (YYYYYY.YYY) sends mail through the IP previously specified.
  • ?all States that any IP’s that fail to meet any of the listed ‘mechanisms’ will return “neutral”, thus will be treated as if a record does not exist.

To clarify, the SPF record for my domain distillate.co.uk is entered in the DNS zone file as:

v=spf1 mx ip4:216.70.127.122 mx:mail.distillate-hosting.net ?all

The Open SPF website explains the above is more detail, and offers a tool to help you set up your SPF record. Microsoft also have a similar tool available which after being referred to by Hotmail technical support, turned out to be more of a hindrance than a help. The Microsoft tool, and many other references recommend that a PTR mechanism is included in the SPF record. The PTR record allows reverse lookup of an IP address; that is identify the domain of an IP address. The reverse lookup is used to verify that the domain name and IP address in the email MIME header actually correlate and have not been faked. Whilst this sounds like a good idea, actually processing a reverse look up takes a considerable amount of time and it is not generally a method employed by large email providers like Hotmail. In fact Hotmail refused my initial SPF record as it included this PTR mechanism. To quote Hotmail technical support:

The specification for SPF records (RFC 4408) discourages use of “ptr” for performance and reliability reasons. This is especially important for Windows Live Mail, Hotmail and other large ISPs as a result of the very high volume of mail we receive each day. We highly recommend you remove the “ptr” mechanism from your SPF record and, if necessary, replace it with other SPF mechanisms that do not require a reverse DNS lookup, such as “a”, “mx”, “ip4″ and “include.”

Troubleshooting

The very nature of the DNS system made this problem a very frustrating one to tackle, as you don’t see instant results from your implementation, but of course have to wait anywhere up to 48 hours for the information to propagate throughout the internet. You can however use some of the tools on the Open SPF website to check your record is configured properly. Once you have confirmed that your record is set up correctly you can also send a blank email to check-auth@verifier.port25.com which will test your SPF record, and email you back the results.

I also found dnstuff.com invaluable in testing my DNS set-up. Whilst it doesn’t check the functionality of your SPF record (it only checks that you have one), then DNS Report tool on dnsstuff.com gives you feedback on all aspects of your DNS configuration and can be an excellent tool for troubleshooting.

SPF Works!

Finally I can email Hotmail users without worrying if it will go through, and if you are running a (dv) or similar setup then I strongly suggest you use a SPF record, even if you are having no problems at the moment. One way of making life even easier for yourself in the future if you use Plesk would be to use your Plesk server as the nameserver for all domains residing on it, and set up a SPF record in the main server DNS page, accessible from the main server configuration page. By doing this all new domains will automatically have the correct SPF record setup for them. If you are only running a few domains, just make the changes in (mt)’s account center and continue to use the (mt) nameservers.

If the above doesn’t work for you, get in touch with your hosting provider and make sure you have run all the tests I mentioned. Unfortunately in the end there is no substitute for really understanding what is going wrong, so I suggest you familiarise yourself with how the DNS system works. Wikipedia has an excellent article and Media Temple’s Knowledgebase has a more concise article available, either of which should put you on the right track.

Update:Well I may have spoken slightly too soon regarding everything being fine. It turns out that my emails are still not guaranteed to go straight through to any given Hotmail inbox, but rather the Hotmail spam filter will take a while to learn that my domains are trustworthy and that the SPF records check out. At the moment some emails go through okay, some go to the Junk folder.

I have been informed by Microsoft that over time (approximately a month) more of my emails should go straight through to the inbox. If anyone gets an email that lands in their junk mail (by subscribing to comment updates for example) you would be doing us both a great favour by checking ‘this is not junk’, which will ensure all mail from my server reaches your inbox in future, and that I will look better in the eyes of the Hotmail spam filter.

Avira antivirus kullaniyorum.
Cokda memnunum
Norton, kaspersky, nod32 derken simdi avira
her 2 yilda 1 antivirus programimi degistiriyorum. Su andaki yeni gozdem avira.

http://www.avira.com/en/downloads/avira_antivir_premium.html

Bu adresden aviranin guncel surumunu indiriyorum

http://dlpe.antivir.com/package/wks_avira/win32/en/pepr/avira_antivir_premium_en.exe

sonra asagidaki 2 linkden birinden 3 aylik bir key aliyorum.
ilk link 6 aylik key veriyor olabilir denemedim.
1- https://license.avira.com/en/promotion-t0q1aatr05zwftftgnqr
2- https://license.avira.com/en/promotion-6dl7vtc3unbw2mzefr1b?id=5xJVVxx5Os&sid=rXF6uB

gule gule kullaniyorum 🙂
baska key linkleri
30gun vs

denemedim lazim olursa diye koyuyorum.

https://license.avira.com/en/promotion-t0q1aatr05zwftftgnqr

https://license.avira.com/de/promotion-6788wuyfuyluz7c2sa7z

https://license.avira.com/en/promotion-t0q1aatr05zwftftgnqr

http://www1.avira.com/en/evaluate/chip.php

(ya da http://www1.avira.com/de/evaluate/welt.php)

……………………………………………………………………………………………………………………..

Avira Antivir Premium Security Suite için Key Aşağıdaki linklerde :

https://license.avira.com/en/promotion-cj0ptfb6eh8cmw6a101r

http://www.antivir.com.tr/chip/

www.avira.com/en/evaluate/vnu.php

En olmadi

ac google

yada bu linke tiklayayim lazim olunca acil

http://www.google.com.tr/search?q=avira+promotional+license&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

rpm -e –justdb –nodeps packagename

——

Some explanation is needed.

–justdb will only update the installed lists in the rpmdb, and not remove any files.

–nodeps will not process dependencies. I normally consider –nodeps to be evil as it can seriously break things by forcing their removal.

yum will never do the equivalent of either of these operations because yum doesn’t force things. You only need to force things if they are seriously broken.

When replacing packages in place, I much prefer to use rpm’s –force. It will install over even if the same package is installed, without leaving it uninstalled

———-

I am running windows server 2008 64 bit. I had 8.8 i guess. installed 8.9 to fix my 60 fps max problems on CS source. 8.9 driver fixed the problem (probably was locking vsync). But the CCC kept crashing. One would think when you installed the package the new drivers for the display adapater would be updated. Trying to revert back to older packages like 8.8, 8.7 produced the same errors on CCC.

FIX: Install the 8.9 cat set, then go to device manager, uninstall the display adapter from there and redetect, then run CCC again from start->programs->Catalyst Control Center->Restart runtime

Error Message:

————
The features in the ATI Catalyst Control Center Basic View do not support the currently active graphic processor.

To launch the Advanced View, click on the Advanced View button. Otherwise, click Exit to close this dialog.
————
“the catalyst control center is not supported by the driver version of your enabled graphics adapter “