ufw installation and configuration (Uncomplicated Firewall)

Leave a comment

#apt-get install ufw

Some commands

#ufw allow ssh/tcp
#ufw logging on
#ufw status
#ufw enable

You can get configuration file in the following:
/etc/default/ufw: high level configuration, such as default policies, IPv6 support and kernel modules to use

/etc/ufw/before[6].rules: rules in these files are evaluated before any rules added via the ufw command

/etc/ufw/after[6].rules: rules in these files are evaluated after any rules added via the ufw command

/etc/ufw/sysctl.conf: kernel network tunables

/var/lib/ufw/user[6].rules or /lib/ufw/user[6].rules (0.28 and later): rules added via the ufw command (should not normally be edited by hand)

/etc/ufw/ufw.conf: sets whether or not ufw is enabled on boot, and in 9.04 (ufw 0.27) and later, sets the LOGLEVEL

After modifying any of the above files, activate the new settings with:
#ufw disable
#ufw enable

How to Upgrade koha

Leave a comment

Extract your desired koha package
#tar zxvf koha.02.01.tar.gz
# cd koha.02.01
cheek how many perl dependencies are missing
#./koha_perl_deps.pl -u -m
If you need to upgrade perl dependency, run these command
#cpan
#upgrade perl_module name
After Installing new dependencies run the following command
#perl Makefile.PL –prev-install-log /usr/share/koha/misc/koha-install-log
#make
#make test
#make upgrade

To enable search do these
#/etc/init.d/koha-zebra-daemon start
#/etc/init.d/koha-zebraqueue-daemon start
#KOHA_CONF=/etc/koha/koha-conf.xml PERL5LIB=/usr/share/koha/lib /usr/share/koha/bin/migration_tools/rebuild_zebra.pl -b -r -v

Some Important Settings for koha

Leave a comment

To use zebra search: go system preference> NoZebr= use 
To enable data entry in author name field: System preference> biblioaddauthorities> allow
For calculating fine:system preference> finesMod> calculate and charge
For sending E-mail from library:

Cronjob setting for koha
http://git.koha-community.org/gitweb/?p=koha.git;a=blob;f=misc/cronjobs/crontab.example;h=b43d377280e2e0643021f8fd0a1a105acba8f243;hb=HEAD

Installing and configuring Postfix and Squirrel

Leave a comment

For installing postfix, run the following command

#apt-get install postfix or aptitude install postfix

For configuring read the comments and change accordingly

#nano /etc/postfix/main.cf

smtpd_banner = $myhostname ESMTP $mail_name (example.com)
biff = no
append_dot_mydomain = no

### your hostname here
myhostname = server

mydomain = example.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $mydomain, localhost.$mydomain, localhost

### your allowed networks
mynetworks = 127.0.0.0/8,192.168.1.0/24

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

home_mailbox = Maildir/
alias_maps = hash:/etc/aliases

### your ISP SMTP relay
relayhost = relay.yourisp.net

smtpd_recipient_limit = 250

readme_directory = /usr/share/doc/postfix
html_directory = /usr/share/doc/postfix/html

Or do the following

#dpkg-reconfigure postfix

Insert the following details when asked (replacing server1.example.com with your domain name if you have one):
  • General type of mail configuration: Internet Site

  • NONE doesn't appear to be requested in current config

  • System mail name: server1.example.com

  • Root and postmaster mail recipient: <admin_user_name>

  • Other destinations for mail: server1.example.com, example.com, localhost.example.com, localhost

  • Force synchronous updates on mail queue?: No

  • Local networks: 127.0.0.0/8

  • Yes doesn't appear to be requested in current config

  • Mialbox size limit (bytes): 0

  • Local address extension character: +

  • Internet protocols to use: all


To configure the mailbox format for Maildir:
#postconf -e 'home_mailbox = Maildir/'
You may need to issue this as well:
#postconf -e 'mailbox_command ='


Note: This will place new mail in /home/username/Maildir so you will need to configure your Mail Delivery Agent to use the same path.

Configure Postfix to do SMTP AUTH using SASL (saslauthd):

#postconf -e 'smtpd_sasl_local_domain ='
#postconf -e 'smtpd_sasl_auth_enable = yes'
#postconf -e 'smtpd_sasl_security_options = noanonymous'
#postconf -e 'broken_sasl_auth_clients = yes'
#postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
sudo postconf -e 'inet_interfaces = all'


Then append the following lines in /etc/postfix/sasl/smtpd.conf

pwcheck_method: saslauthd
mech_list: plain login


Generate certificates to be used for TLS encryption and/or certificate Authentication:

touch smtpd.key
chmod 600 smtpd.key
openssl genrsa 1024 > smtpd.key
openssl req -new -key smtpd.key -x509 -days 3650 -out smtpd.crt # has prompts
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 # has prompts
sudo mv smtpd.key /etc/ssl/private/
sudo mv smtpd.crt /etc/ssl/certs/
sudo mv cakey.pem /etc/ssl/private/
sudo mv cacert.pem /etc/ssl/certs/


Configure Postfix to do TLS encryption for both incoming and outgoing mail:

sudo postconf -e 'smtp_tls_security_level = may'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtpd_tls_auth_only = no'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/smtpd.key'
sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt'
sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
sudo postconf -e 'smtpd_tls_loglevel = 1'
sudo postconf -e 'smtpd_tls_received_header = yes'
sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
sudo postconf -e 'tls_random_source = dev:/dev/urandom'
sudo postconf -e 'myhostname = server1.example.com' # remember to change this to yours


Now  /etc/postfix/main.cf  file should have the following

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname = server1.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server1.example.com, example.com, localhost.example.com, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
#Use these on Postfix 2.2.x only
#smtp_use_tls = yes
#smtpd_use_tls = yes
#For Postfix 2.3 or above use:
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom



#/etc/init.d/postfix restart





Setup Postfix SASL Authentication

#nano /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
 
 
 
 
 
 
https://help.ubuntu.com/community/Postfix
https://help.ubuntu.com/community/PostfixBasicSetupHowto 

https://help.ubuntu.com/community/PostfixCompleteVirtualMailSystemHowto

http://www.postfix.org/TLS_README.html


%d bloggers like this: