May 22, 2018

WordPress Install with 1&1 Hosting

1&1 hosting offers WordPress as a Click & Build application. Which makes it an easy install, but they usually use an older version. I have the 1&1 Linux Hosting package which is required for WordPress on 1&1 to have access to MySQL.

I opted to install the latest version, so I had to manually install it.

You need to setup the MySQL database from 1&1 Control Panel – MySQL Administration.

Click on “New Database”

Enter a description, setup a password, and click on “Set Up”

Once the Database shows a status of “Ready” then go on to the next step.

Now ssh over to you 1&1 shell account using an a shell (Putty). From the 1&1 control panel click on Secure Shell (SSH) Access. This page will provide you with the hostname, username and you can set the password here for ssh.

Now download WordPress from wordpress.org

ssh username@geeklogit.com
wget http://wordpress.org/latest.tar.gz
tar -zxvf latest.tar.gz
mv wordpress geeklogit
cd geeklogit

Now we need to copy and rename the wp-config-sample.php file to wp-config.php.

cp wp-config-sample.php wp-config.php
vi wp-config.php

Change the fields below with your info.

define('DB_NAME', 'username');

/** MySQL database username */
define('DB_USER', 'databasename');

/** MySQL database password */
define('DB_PASSWORD', 'databasepassword');

/** MySQL hostname */
define('DB_HOST', 'databasename.db.1and1.com');

Then save the changes. (ESC then shift ZZ for VI)

Now open up your web browser to the URL of your WordPress blog. Then type in your site and add /wp-admin/install.php to the address (example: www.hostname.com/wp-admin/install.php or www.hostname.com/blog/wp-admin/install.php

For my site, I created a subfolder called geeklogit in the root of shell account. Then in the 1&1 Control Panel under Domains Destinations I put /geeklogit. So for my site it would be http://www.geeklogit.com/wp-admin/install.php.

From this page, WordPress will have you finish setting it up and give you an admin password. Please write this down. You will use this log on and make changes to your blog.

Anuko Time Tracker

My client also needed a free piece of software for time tracking. We found Anuko Time Tracker. I set this up on there CentOS 5.3 server. These instructions are pretty much the same as on Anuko’s website. I added a few things I figured out on my own.

Check Prerequisites, whether you have the following installed, configured, and working properly:

  1. Apache web server
  2. PHP4 or PHP5 (GD with Freetype fonts support included, mbstring included)
  3. MySQL server

Download Time Tracker Distribution

wget http://www.anuko.com/downloads/time_tracker/anuko_time_tracker.zip

Unpack distribution files into a selected directory for Apache web server. If you have a previous deployment of time tracker – backup it, remove it and then deploy the new code.

cd /path/to/DocumentRoot/
unzip anuko_time_tracker.zip
cd timetracker

Set world write file access permissions for directory WEB-INF/templates_c/

chmod 777 WEB-INF/templates_c</pre>
Create MySQL database and MySQL user. Grant SQL permissions.
mysql -h localhost -u root -p
mysql< CREATE DATABASE timetracker;
mysql< GRANT ALL PRIVILEGES ON timetracker.* TO 'ttuser'@'localhost' IDENTIFIED BY 'yourpassword';</pre>

Copy and modify config file

$ cd WEB-INF
$ cp config.php.dist config.php

Change $dsn value to reflect your database connection parameters (user name and password):

define("DSN",'mysql://ttuser:yourpassword@localhost/timetracker');

If you install the time tracker into a sub-directory of your site, make sure this is reflected in the APP_NAME parameter in WEB-INF/config.php. For example, for http://localhost/timetracker/ set
define(“APP_NAME”,’timetracker’);

Install or update MySQL schema and initial data:
http://localhost/timetracker/dbinstall.php

Remove or disable install script:

cd ../..
chmod 000 dbinstall.php

Login to your time tracker site as admin with the password “secret” (without quotes) and change admin password.

http://localhost/timetracker

Click Options menu item.

login: admin
pass: secret

Also make sure the line below is in the mysql.ini file.

/etc/php.d/mysql.ini
extension=mysql.so

You will need to install these as well to the the pie graphs working.

yum install php-mysql
yum install php-mbstring
yum install php-pear-DB
yum install php-gd

Request Tracker Install

Hi all, this is my first post.  I wanted to share my previous and new installs I have done.

I had a client who was starting up a small company abroad in Mexico.  They wanted a free ticketing system.  They purchased a couple of Dell Powerage R710 servers.

Here is what we decided to load on them.

CentOS 5.3. 64bit.

RT 3.8.7 (Request Tracker)

Installed CentOS 5.3 64bit with these options

Installation Type

  • Server

Disk Partitioning Setup

  • Automatically partition
  • Remove all partitions on this system

Network Configuration

  • Use Static IP Address
  • Hostname – enter manually “rt.example.com”
  • Gateway
  • DNS

Firewall Configuration

  • Enable Firewall
  • Enable SSH, HTTP, HTTPS, FTP, SMTP

Language

  • English

Timezone

  • US/Los Angeles

Set Root Password

  • Password

Package Group Selection

  • Web Server
  • Mail Server
  • DNS Name Server
  • FTP Server
  • MYSQL Database

Disable SELINUX

Install
Reboot

yum install mysql-server
yum install php-mysql

Start mysql server service

service mysqld start

Start the mysql service every time the server starts

chkconfig mysqld on

Install Priorities

yum install yum-priorities

Make sure that yum-priorities is enabled by editing the /etc/yum/pluginconf.d/priorities.conf file, and ensuring that it contains the following lines:

[main]
enabled=1

Edit the .repo files in /etc/yum.repos.d/ and set up priorities by adding the line:

priority=N

to a repository entry, where N is an integer number from 1 to 99.

The recommended settings are:

[base], [addons], [updates], [extras] ... priority=1
[centosplus],[contrib] ... priority=2
Third Party Repos such as rpmforge ... priority=N  (where N is > 10 and based on your preference)

Download the rpmforge-release package. Choose one of the two links below, depending on your architecture. If you are unsure of which one to use you can check your architecture with the command uname -i

x86_32 http://apt.sw.be/redhat/el5/en/i386/RPMS.dag/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

x86_64 http://apt.sw.be/redhat/el5/en/x86_64/RPMS.dag/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Type

wget http://apt.sw.be/redhat/el5/en/x86_64/RPMS.dag/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Install DAG’s GPG key

rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt

Verify the package you have downloaded

rpm -K rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Security warning: The rpmforge-release package imports GPG keys into your RPM database. As long as you have verified the package and trust Dag then it should be safe.

Install the package

rpm -i rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

This will add a yum repository config file and import the appropriate GPG keys. At this point, you can set the priority of the RPMForge repository, and also of the CentOS repositories if you have not done so yet.

Test with this command:

yum check-update

It should output these two lines:

Loading "priorities" plugin
...
76 packages excluded due to repository priority protections

The number above may differ, but there should be several packages shown as being excluded.

If so then it looks like things are working so try installing something like this

yum install mplayer

Install Apache and mod_perl:

yum install httpd httpd-devel apr-devel mysql-client mysql-devel mod_perl

…and also some CPAN module dependencies…

yum install freetype-devel gd-devel libjpeg-devel libpng-devel xorg-x11-devel

Install ncftpget, it’s required by some CPAN modules.

http://rpmfind.net/linux/rpm2html/search.php?query=ncftp

rpm –i ftp://rpmfind.net/linux/epel/5/x86_64/ncftp-3.2.2-1.el5.x86_64.rpm

RT Pre-Install: Security

groupadd rt

Change rt:x:500 line in /etc/group to the rt:x:500:apache

Confirm SELinux is disabled. 

/etc/selinux/config to SELINUX=disable

Change permssions on log files.

chmod -Rf 755 /etc/httpd/logs
reboot

RT Pre-Install: Perl Modules

yum install perl-Apache-Session perl-Class-Container perl-Class-Data-Inheritable perl-Crypt-DES perl-Devel-StackTrace perl-Exception-Class perl-GD perl-GD-Graph perl-GD-Text-Util perl-Hook-LexWrap perl-HTML-Mason perl-HTTP-Server-Simple perl-HTTP-Server-Simple-Mason perl-IO-Socket perl-Net-SNMP perl-Params-Validate perl-Socket6 perl-XML-RSS perl-DBD-mysql
perl -MCPAN -e shell
cpan> install Bundle::CPAN
cpan> exit

RT Install

wget http://download.bestpractical.com/pub/rt/release/rt.tar.gz
tar xzf rt.tar.gz
cd rt-*/
./configure --with-web-user=apache --with-web-group=apache --with-web-handler=modperl2 --with-db-type=mysql
perl sbin/rt-test-dependencies --with-mysql --with-modperl2 --install

Check, whether some required modules still missing and install them if needed.

perl sbin/rt-test-dependencies --with-mysql --with-modperl2 --verbose|grep MISSING

If dependencies are missing, install them

perl –MCPAN –e ‘install Calendar::Simple’

Install RT.

As root and from within the rt build directory, type:

make install

Init DB

Now you need to modify the installed [=etc/RT_SiteConfig.pm] to specify the connections to your DBMS engine and then type:

Location /opt/rt3/etc/RT_SiteConfig.pm

RT_SiteConfig.pm  “Start”

Set($rtname, 'www.example.com');
Set($Organization , "example.com");

Set($DatabaseUser , 'rt_user');
Set($DatabasePassword , 'password');
Set($MinimumPasswordLength , "8");

Set($Timezone , 'US/Pacific');

Set($DatabaseType , 'mysql');
Set($DatabaseName , 'rtdb');

Set($OwnerEmail , 'root');
Set($CorrespondAddress , 'support@example.com');
Set($CommentAddress , 'support-comment@example.com');
Set($MaxAttachmentSize , 10000000);
Set($TruncateLongAttachments , undef);

Set($SendmailPath , '/usr/sbin/sendmail');

Set($WebBaseURL, 'http://www.example.com:80');

Set($WebPath, '/rt');

Set(@Plugins,qw(RT::FM));

#Set(@Plugins,(qw(Extension::QuickDelete RT::FM)));

1;

RT_SiteConfig.pm  “END”

make initialize-database
mysql
mysql> USE mysql;
mysql> UPDATE user SET Password=PASSWORD(‘new-password’) Where user=’root’;
mysql> FLUSH PRIVILEGES;

For some database backends (MySQL at least) it is not able to create the database user. So you have to create that user beforehand and you have to give it rights for the database.

For MySQL with the default [=$DatabaseUser], [=$DatabaseName] and [=$DatabasePassword], do this SQL command (as root database user):

mysql> GRANT ALL PRIVILEGES ON rtdb.* TO 'rt_user'@'localhost' IDENTIFIED BY 'rt_pass';

Replace the values ‘rtdb’, ‘rt_user’, ‘localhost’ and ‘rt_pass’ by whatever is appropriate for you.

Drop DB if something goes wrong

If the make fails, type:

make dropdb

fix whatever’s broken, and start over from step “init DB” step

If still failing…

If make install still fails, look in /etc/httpd/httpd.conf, /etc/httpd/conf/httpd.conf or /etc/httpd/conf/commonhttpd.conf (or wherever your httpd.conf is; this may vary by Unix distribution; locate httpd.conf may help)

locate httpd.conf

for a line that reads “Group <something>” and another that reads “User <somebody>”  You can use grep to find words in a file.

grep User httpd.conf

Go to your RT source directory and type (without the brackets, substituting the right Group and User from the file you just looked at):

./configure --with-web-group= --with-web-user=

Apache configuration

Append following lines to the /etc/httpd/conf.d/perl.conf

This setup is for having RT as your main and only site

Listen ip_of_the_rt.example.com:80

 ServerName rt.example.com
 ServerAdmin Email.Address@example.com

 DocumentRoot /opt/rt3/share/html

 AddDefaultCharset UTF-8
 PerlRequire /opt/rt3/bin/webmux.pl

   Order allow,deny
   Allow from all

   SetHandler perl-script
   PerlResponseHandler RT::Mason

To have  RT as a subfolder use this setup

Listen www.example.com:80

 ServerName www.example.com
 ServerAdmin admin@example.com

 # config for your main content
 DocumentRoot /var/www/

  # here and in other places goes config
  # of your main host

 # as RT is out of document root then we want alias
 # and should define directory access

 Alias /rt /opt/rt3/share/html

  Order allow,deny
  Allow from all

 PerlRequire /opt/rt3/bin/webmux.pl

  AddDefaultCharset UTF-8
  SetHandler perl-script
  PerlHandler RT::Mason

 Alias /timetracker /opt/timetracker

  Order allow,deny
  Allow from all

Restart Apache

/sbin/service httpd stop
/sbin/service httpd start

If httpd does not start

Check /etc/httpd/conf/httpd.conf for any Listen commands and disable them

By putting a comment in front of it.

#Listen 80

Now open web browser and go to.

http://rt.example.com

Default username= root

Default password= password

Then Change Password

RTFM

Installation is a fairly straightforward process (this process assumes that you already have a fully functional instance of RT3 installed and that you are not upgrading a previous installation of RTFM) :

cd /usr/local/src
wget http://download.bestpractical.com/pub/rt/release/RTFM-2.4.1.tar.gz
tar zxf RTFM-2.4.1.tar.gz
cd RTFM-2.4.1
perl Makefile.PL
make install
make initdb

Then edit your RT_SiteConfig (or RT_Config) to include this line:

Set(@Plugins,qw(RT::FM));

Finally, restart your web server:

/etc/init.d/httpd stop
/etc/init.d/httpd start

In the web interface, I went to RTFM / Configuration /Create  Custom

Fields for RTFM Articles.

Name: Body

Description: Body of FAQ

Type: Fill in One Wikitext area

Applies to: RTFM Articles

Create New Class

Name: Body

check enabled

, then selected the body CF.  At this point I was at

the “Editing CustomField Body” page.  I clicked on the

“Applies To” link, selected objects, check Body.

Create folder: /opt/rt3/local/plugins/RT-FM/html/Elements/

cp /opt/rt3/share/html/Elements/EditCustomFieldWikitext /opt/rt3/local/plugins/RT-FM/html/Elements/EditCustomFieldWikitext
chmod u+w EditCustomFieldWikitext

Edit: /opt/rt3/local/plugins/RT-FM/html/Elements/EditCustomFieldWikitext

Add before “% while”:

% my $wiki_textarea_value = $NamePrefix .$CustomField->id .'-Values';
% my $wiki_format_toolbar = qq(
%</pre>
<div>% <input style="font-weight: bold;" onclick="javascript:lbc(event,'$wiki_textarea_value','bold');" type="button" value="B" />
% <input style="font-style: italic;" onclick="javascript:lbc(event,'$wiki_textarea_value','italic');" type="button" value="I" />
% <input style="font-weight: bold; font-style: italic;" onclick="javascript:lbc(event,'$wiki_textarea_value','bold_italic');" type="button" value="BI" />
% <input onclick="javascript:lbc(event,'$wiki_textarea_value','heading');" type="button" value="H1" />
% <input onclick="javascript:lbc(event,'$wiki_textarea_value','subheading');" type="button" value="H2" />
% <input onclick="javascript:lbc(event,'$wiki_textarea_value','subsubheading');" type="button" value="H3" />
% <input onclick="javascript:lbc(event,'$wiki_textarea_value','list');" type="button" value="List" />
% <input onclick="javascript:lbc(event,'$wiki_textarea_value','link');" type="button" value="Link" />
% <input style="font-weight: bold; color: red;" onclick="javascript:lbc(event,'$wiki_textarea_value','highlight');" type="button" value="!" />
% <input onclick="javascript:lbc(event,'$wiki_textarea_value','code');" type="button" value="Code" />
% <input onclick="javascript:lbc(event,'$wiki_textarea_value','image');" type="button" value="Image" />
%</div>
<pre>% );
% print $wiki_format_toolbar;

Add in both “textarea” tags: <textarea … id=”<%$NamePrefix%><%$CustomField->Id%>-Values”…</textarea> Regarding the textarea tags, the section id=”…-Values” needs to be added to the 2 existing textarea tags. For me they were on lines 66 and 69 of the EditCustomFieldWikitext file. I inserted the id section after Rows and before Name.

chmod u+w /opt/rt3/local/plugins/RT-FM/html/RTFM/Article/Edit.html

Edit: /opt/rt3/local/plugins/RT-FM/html/RTFM/Article/Edit.html Add before “form”:

<script type="text/javascript">// <![CDATA[
    function lbc(e, objname, theTag) { var el = document.getElementById(objname); var enclosingTag; var spaceTag = '\ '; if(theTag == 'bold'){         startTag = '\'\'\'';         endTag = '\'\'\'';         spaceTag = ''; } if(theTag == 'italic'){         startTag = '\'\'';         endTag = '\'\'';         spaceTag = ''; } if(theTag == 'bold_italic'){         startTag = '\'\'\'\'\'';         endTag = '\'\'\'\'\'';         spaceTag = ''; } if(theTag == 'heading'){         startTag = '=';         endTag = '='; } if(theTag == 'subheading'){         startTag = '==';         endTag = '=='; } if(theTag == 'subsubheading'){         startTag = '=====';         endTag = '====='; } if(theTag == 'link'){         startTag = '[';         endTag = ']'; } if(theTag == 'list'){         startTag = '\ \ \ \ *\ ';         endTag = ''; } if(theTag == 'highlight'){         startTag = '!';         endTag = '!';         spaceTag = ''; } if(theTag == 'code'){         startTag = '%code%';         endTag = '%/code%'; } if(theTag == 'image'){         startTag = '%image%';         endTag = '%/image%'; } if (el.setSelectionRange) { //Mozilla or FireFox Code         var st = el.scrollTop;         var ss = el.selectionStart;         var se = e.selectionEnd;         el.value = el.value.substring(0,el.selectionStart) + startTag + spaceTag + el.value.substring(el.selectionStart,el.selectionEnd) + spaceTag + endTag + el.value.substring(el.selectionEnd,el.value.length);         el.selectionStart = ss;         el.selectionEnd = ss;         el.scrollTop = st; } else if (document.selection && document.selection.createRange) {         //Internet Explorer Code         el.focus(); //Makes sure tags are being added to the textarea         var range = document.selection.createRange();         range.text = startTag + spaceTag + range.text + spaceTag + endTag; //Adds beginning and end tags. } el.focus(); }
// ]]></script>

chmod u-w /opt/rt3/local/plugins/RT-FM/html/RTFM/Article/Edit.html
chmod u+w /usr/lib/perl5/site_perl/5.8.8/Text/WikiFormat.pm

Edit : /usr/lib/perl5/site_perl/5.8.8/Text/WikiFormat.pm Add the following to the %tags declaration:

code_html_start	=> sub { "</pre>
<table width="\&quot;90%\&quot;" border="\&quot;0\&quot;" cellspacing="\&quot;1\&quot;" cellpadding="\&quot;3\&quot;" align="\&quot;center\&quot;">
<tbody>
<tr>
<td><span><strong>Code:</strong></span></td>
</tr>
<tr>
<td><code>$_[0]" }, code_html_end => sub { "$_[0]</code></td>
</tr>
</tbody>
</table>
<pre>" },
code_tag_start        => qr/\%code\%(.*?)/,
code_tag_end        => qr/(.*?)\%\/code\%/,

image_html_start	=> sub { "</pre>
<img src="\&quot;$_[0]&quot;" alt="" />
<pre> sub { "$_[0]\" alt=\"Uploaded Image\" border=\"0\" />" },
image_tag_start        => qr/\%image\%(.*?)/,
image_tag_end        => qr/(.*?)\%\/image\%/,

Add the following to the format_line definition:

$text =~ s!$tags->{code_tag_start}!$tags->{code_html_start}->($1, $opts)!eg;
$text =~ s!$tags->{code_tag_end}!$tags->{code_html_end}->($1, $opts)!eg;

$text =~ s!$tags->{image_tag_start}!$tags->{image_html_start}->($1, $opts)!eg;
$text =~ s!$tags->{image_tag_end}!$tags->{image_html_end}->($1, $opts)!eg;
chmod u-w /usr/lib/perl5/site_perl/5.8.8/Text/WikiFormat.pm

Modification to sendmail’s mc file (/etc/mail/sendmail.mc):

define(`SMART_HOST',`smtp.gmail.com')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl

If you don’t have an /etc/mail/auth directory, as root, create one like this:

mkdir -p /etc/mail/auth
chmod 700 /etc/mail/auth

You won’t have the next client-info files so you’ll have to create it (with you favorite Unix editor). Change the permissions on the client-info file like this:

chmod 600 client-info

So using my user_id@gmail.com email ID and password I made the following entry in /etc/mail/auth/client-info:

cat /etc/mail/auth/client-info

 

AuthInfo:smtp.gmail.com "U:smmsp" "I:user_id" "P:password" "M:PLAIN"
AuthInfo:smtp.gmail.com:587 "U:smmsp" "I:user_id" "P:password" "M:PLAIN"

Yes, the password is plain text. Remember to replace user_id with your Gmail email ID (your email addresse without the @gmail.com) and password with your email password. Also make sure that the client-info file has right permissions so nobody can read your password. How to compile it into a db file:

cd /etc/mail/auth
makemap -r hash client-info.db client-info
m4 sendmail.mc > sendmail.cf

Then restart sendmail service

service sendmail restart

First You need to uncomment the local loopback line to look as follows:

vi /etc/mail/sendmail.mc
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')

To finalize your changes run:

m4 /etc/mail/sendmail.mc /etc/mail/sendmail.cf

You also need to add your mail server to the access list to be able to relay mail to your rt server:

vi /etc/mail/access
smtp.gmail.com       RELAY

You then need to rewrite the access DB:

makemap hash /etc/mail/access.db < /etc/mail/access

Now add an entry for the rt server alias:

vi /etc/mail/local-host-names
rt.example.com

If smrsh is used (it is by default usually)

ln -s /opt/rt3/bin/rt-mailgate /etc/smrsh/rt-mailgate

Finally restart Sendmail

service sendmail restart

Setting up mail retrieval via shell command

yum install openssl-perl

Gmail configured to allow pop3 mail downloading for your account: Settings => Forwarding and POP in your Gmail web account. Turn on POP

mkdir ~/.certs

Now we retrieve the Gmail certificate provided by the Gmail pop server:

openssl s_client -connect pop.gmail.com:995 -showcerts

Copy everything from (and including) the —–BEGIN CERTIFICATE—– to the —–END CERTIFICATE—–, and save it in your new .certs directory as ‘gmail.pem’. Now we also need a copy of the certificate of the issuer, in google’s case Equifax Secure Certificate Authority.

wget -O Equifax_Secure_Certificate_Authority.pem \ https://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.cer
chmod 644 Equifax_Secure_Certificate_Authority.pem
chmod 644 gmail.pem

Now that we have both certificates stored in ~/.certs we just need to rehash them so SSL (and fetchmail) can read and use them:

c_rehash ~/.certs/
Doing /home/user5/.certs/
gmail.pem => 7f549ca4.0

Testing certificates To confirm we have the correct and working certificates, let us make an SSL connection to the Gmail server testing our 2 new certificates:

$ openssl s_client -connect pop.gmail.com:995 -CApath ~/.certs/
... ...
---
+OK Gpop ready for requests from ....

There should be much more data in between, however the important thing to note is the final (or similar) +OK Gpop ready for requests from …. If not, please retrace the above steps to confirm you have it correct. Create .fetchmailrc in home folder of user Enter this in file

set syslog
set daemon 300
poll pop.gmail.com with proto POP3 and options no dns
user 'support@example.com'    pass "password"   mda "/opt/rt3/bin/rt-mailgate --url http://www.example.com/rt --queue General --action correspond"
ssl sslcertck sslcertpath /home/jsmith/.certs/
user ‘support-comment@example.com’   pass “password”   mda "/opt/rt3/bin/rt-mailgate --url http://www.example.com/rt --queue General --action comment"
ssl sslcertck sslcertpath /home/jsmith/.certs/

At the prompt type

fetchmail

Setting up mail retrieval via fetchmail daemon

yum install openssl-perl

Gmail configured to allow pop3 mail downloading for your account: Settings => Forwarding and POP in your Gmail web account. Turn on POP

adduser –r –m fetchmail
cd /etc/init.d
touch fetchmail
vi fetchmail

Enter text below in vi

*** FILE : /etc/init.d/fetchmail ***

#!/bin/sh
#
# chkconfig: - 91 35
# description: Starts and stops fetchmail in daemon mode
#
# Source function library.
if [ -f /etc/init.d/functions ] ; then
  . /etc/init.d/functions
elif [ -f /etc/rc.d/init.d/functions ] ; then
  . /etc/rc.d/init.d/functions
else
  exit 1
fi

# Avoid using root's TMPDIR
unset TMPDIR

# Check that fetchmailrc exists.

[ -f /etc/fetchmailrc ] || exit 6

RETVAL=0

start() {
        KIND="fetchmail"
        echo -n $"Starting $KIND services: "
        daemon --user fetchmail fetchmail -f /etc/fetchmailrc --syslog
        RETVAL=$?
        echo
        return $RETVAL
}

stop() {
        KIND="fetchmail"
       echo -n $"Shutting down $KIND services: "
       runuser fetchmail -c 'fetchmail --syslog --quit >dev/null 2>&1'
     RETVAL=$?
[ "$RETVAL" -eq 0 ] && success $"$base startup" || failure $"$base startup"
echo
return $RETVAL
}

restart() {
       stop
       start

}

reload() {
          echo -n $"Reloading fetchmailrc file: "
          RETVAL=$?
          echo
          return $RETVAL
}

rhstatus() {
        status fetchmail
        RETVAL=$?
}

# Allow status as non-root.
if [ "$1" = status ]; then
       rhstatus
       exit $?
fi

# Check that we can write to it... so non-root users stop here
[ -w /etc/fetchmailrc ] || exit 4

case "$1" in
  start)
       start
       ;;
  stop)
       stop
       ;;
  restart)
       restart
       ;;
  reload)
       reload
       ;;
  status)
       rhstatus
       ;;
*)
       echo $"Usage: $0 {start|stop|restart|reload|status}"
       exit 2
esac
exit $?

*** EOF : /etc/init.d/fetchmail ***

Then press ESC to switch into vi command mode. Then press Shift  ZZ to save and close the file.

chmod 755 fetchmail
su root
cd /home/fetchmail
mkdir .certs

Now we retrieve the Gmail certificate provided by the Gmail pop server:

openssl s_client -connect pop.gmail.com:995 -showcerts


Copy everything from (and including) the -----BEGIN CERTIFICATE----- to the -----END CERTIFICATE-----, and save it in your new .certs directory as 'gmail.pem'. Now we also need a copy of the certificate of the issuer, in google's case Equifax Secure Certificate Authority.


wget -O Equifax_Secure_Certificate_Authority.pem \ https://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.cer
chmod 644 Equifax_Secure_Certificate_Authority.pem
chmod 644 gmail.pem

Now that we have both certificates stored in /.certs we just need to rehash them so SSL (and fetchmail) can read and use them:

c_rehash .certs/
Doing /home/user5/.certs/
gmail.pem => 7f549ca4.0

Testing certificates

To confirm we have the correct and working certificates, let us make an SSL connection to the Gmail server testing our 2 new certificates:

openssl s_client -connect pop.gmail.com:995 -CApath ~/.certs/
... ...
---
+OK Gpop ready for requests from ....

There should be much more data in between, however the important thing to note is the final (or similar) +OK Gpop ready for requests from .... If not, please retrace the above steps to confirm you have it correct.

Create Fetchmail config

cd /etc
touch fetchmailrc
vi fetchmailrc

Enter this into the file fetchmailrc

*** FILE : /etc/fetchmailrc ***

set syslog
set daemon 300
poll pop.gmail.com with proto POP3 and options no dns
user 'support@example.com'    pass "password"   mda "/opt/rt3/bin/rt-mailgate --url http://www.example/rt --queue General --action correspond"

ssl sslcertck sslcertpath /home/fetchmail/.certs/

user ‘support-comment@example.com’   pass “password”   mda "/opt/rt3/bin/rt-mailgate --url http://www.example.com/rt --queue General --action comment"

ssl sslcertck sslcertpath /home/fetchmail/.certs/

*** EOF : /etc/fetchmailrc ***

Press ESC to switch into vi command mode.
Press Shift ZZ to save and close the file.

chown fetchmail /etc/fetchmailrc
chmod 710 fetchmailrc
service fetchmail start
service fetchmail stop

Add the fetchmail service to the server

chkconfig -add fetchmail

Set the service to start automatically

chkconfig fetchmail on

How to upgrade RT

Download latest version from

wget http://download.bestpractical.com/pub/rt/release/rt.tar.gz
tar xzf rt.tar.gz
cd rt-*/
./configure --with-web-user=apache --with-web-group=apache --with-web-handler=modperl2 --with-db-type=mysql
make upgrade
/opt/rt3/sbin/rt-setup-database --dba root --prompt-for-dba-password --action upgrade

Enter myql root password: password

Enter current RT version

Restart Apache

/sbin/service httpd stop
/sbin/service httpd start

How to backup the Databases

To backup MYSQL we can use mysqldump, ssh in as root and run these commands. When it asks for a password use password

This is to backup the RT mysql database

mysqldump -u root -p password > rtdbback.sql

This is to backup the Time Tracker mysql database

mysqldump -u root -p password > ttback.sql

These commands will create these two files rtdbback.sql & ttback.sql

Then just ftp those files to some other location for safe keeping or setup RSYNC to copy them to your desired location.

How to setup RSYNCD

Setup /etc/rsyncd.conf

touch /etc/rsyncd.conf
chmod 644 /etc/rsyncd.conf
vi /etc/rsyncd.conf

*** FILE : /etc/rsyncd.conf ***

motd file = /etc/rsyncd.motd
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock

[an_identifier]
  path = /home/a_username/public_html
  use chroot = no
  max connections = 10
  auth users = a_username
  hosts allow = www1.producttoweb.com www2.yoursite.com www3.yoursite.com
  secrets file = /etc/rsyncd.secrets
  uid = a_username
  gid = a_groupname
  list = yes
  read only = no

*** EOF : /etc/rsyncd.conf ***

Setup your secrets file
- Passwords are in plain-text so make sure you change the permissions on the
file /etc/rsyncd.secrets to disallow all but the root user to view the file.
- This file can be named anything and located pretty much anywhere, but I
suggest /etc/rsyncd.secrets so that I can find it easily when I obtain root
access to your system.
- On some systems your username and password may need to be 8 characters or less.

touch /etc/rsyncd.secrets
chmod 600 /etc/rsyncd.secrets
vi /etc/rsyncd.secrets

*** FILE : /etc/rsyncd.secrets ***

a_username:a_password

*** EOF : /etc/rsyncd.secrets ***

Setup your iptables firewall to allow traffic on port 873
- You'll need to add the following line into your iptables firewall setup.
Note that the location of this entry can be important.

-- Example of restrictive (by ip address) iptables setup --
-A INPUT -j ACCEPT -p tcp -s [allowed host's ip address 1] --dport 873
-A INPUT -j ACCEPT -p tcp -s [allowed host's ip address 2] --dport 873
-A INPUT -j ACCEPT -p tcp -s [allowed host's ip address 3] --dport 873
-A INPUT -j DROP -p tcp --dport 873

-- Example of wide open iptables setup --
# Notice : I'm opening my port 873 to all traffic, but just during the testing process
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 873 -j ACCEPT

Linux commands

cp /etc/sysconfig/iptables /etc/sysconfig/iptables_backup
vi /etc/sysconfig/iptables # see contents file below
service iptables restart # restart your filewall

*** FILE : /etc/sysconfig/iptables ***

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT

# HTTP(S) -  2011.8.1
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 443 -j ACCEPT

# RSYNCD -  2011.8.1
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 873 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

*** EOF : /etc/sysconfig/iptables ***

Setup rsyncd to run as a stand-alone daemon

touch /etc/rc.d/init.d/rsyncd
chmod 755 /etc/rc.d/init.d/rsyncd
vi /etc/rc.d/init.d/rsyncd
ln -s /etc/rc.d/init.d/rsyncd /etc/rc.d/rc2.d/S85rsyncd
ln -s /etc/rc.d/init.d/rsyncd /etc/rc.d/rc3.d/S85rsyncd
ln -s /etc/rc.d/init.d/rsyncd /etc/rc.d/rc5.d/S85rsyncd
ln -s /etc/rc.d/init.d/rsyncd /etc/rc.d/rc0.d/K15rsyncd
ln -s /etc/rc.d/init.d/rsyncd /etc/rc.d/rc1.d/K15rsyncd
ln -s /etc/rc.d/init.d/rsyncd /etc/rc.d/rc6.d/K15rsyncd
service rsyncd start

*** FILE : /etc/rc.d/init.d/rsyncd ***

#!/bin/sh
# Thanks To : http://www.fredshack.com/docs/rsync.html
# Rsyncd This shell script takes care of starting and stopping the rsync daemon
# description: Rsync is an awesome replication tool.
# Source function library.
. /etc/rc.d/init.d/functions

[ -f /usr/bin/rsync ] || exit 0

case "$1" in
start)
action "Starting rsyncd: " /usr/bin/rsync --daemon
;;
stop)
action "Stopping rsyncd: " killall rsync
;;
*)
echo "Usage: rsyncd {start|stop}"
exit 1
esac
exit 0

*** EOF : /etc/rc.d/init.d/rsyncd ***

Setup crons for backup

crontab –e

 

5 0 * * *  /usr/bin/mysqldump -u root --password=password rtdb  > /backup/rtdbback_`date +%F`.sql
10 0 * * * /usr/bin/mysqldump -u root --password=password timetracker  > /backup/ttback_`date +%F`.sql
15 0 * * * /bin/tar -pczf /backup/cyberwebsite_`date +%F`.tar.gz /var/www
25 0 * * * /bin/tar -pczf /backup/rt3_`date +%F`.tar.gz /opt/rt3
30 0 * * * /bin/tar -pczf /backup/timetracker_`date +%F`.tar.gz /opt/timetracker
35 0 * * * /bin/tar -pczf /backup/etc_`date +%F`.tar.gz /etc
40 0 * * * /bin/tar -pczf /backup/root_`date +%F`.tar.gz /root