From ISP admin
Command prompt environment
On this spot, the most important commands and propmts for the ISP admin system will be published gradually. The ISP admin is built on the platform of GNU/Linux and a well-proven distribution of Debian 5 Lenny. The following text will thus presuposse at least the basic knowledge of Debian because the system options and management are identical. The purpose of this page is mainly becoming familiar with the specific tasks for the ISP admin system.
Topical instructions for work within the command prompt
Local installation
Local installation of the ISP admin system on soft raid.
Installation configuration
The primary configuration of a newly installed system.
Migration of the system to the new server
The instruction describing the steps during migration of the system from 32bit to 64bit version.
SMS gateway setup
Selecting an SMS gateway, the complex procedure for launching receiving and sending text messages.
Spravá souborů
WinSCP
Prenaseni a uprava souboru mimo prikayovou radku, primo z windows.
http://winscp.net/eng/docs/lang:cs
Textové editory
V dokumentaci je vždy zmíněn textový editor pico. Pokud Vám práce v tomto editoru působí potíže, můžete pro úpravu textových souboru využívat jednoduchý editor mcedit, který je součástí známého konzolového správce souborů mc.
|
mcedit /cesta/k/souboru
|
pico -w /cesta/k/souboru
|
Update systému
Provedení regulérního Update na novou verzi systému.
ispadmin_update
Obnova systému ze zálohy
...priprava clanku a skriptu - nedokonceno.
ispadmin_recovery cesta_k_adresari_salohy
Software raid field management
If your server does not contain raid as a hardware controller, it is rather advisable to install the ISP admin on a software raid. For further familiarization with the issue, you can study these articles:
- Softwarovy raid teoreticky (linuxexpres.cz)
- Softwarovy raid prakticky (linuxexpres.cz)
- Diskové pole - RAID (cs.wikipedia.org)
Creating a new disc field RAID 1 / Mirroring
In case any sw raid is already active, you must deactivate it otherwise it would not be possible to manipulate with the disc compartments. If it is not active, proceed.
mdadm --manage --stop /dev/md0
Now you need to create RAID1 (mirror) from the first compartments of both discs /dev/sda1 and /dev/sdb1, this served by the command of:
mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sda1 /dev/sdb1 mdadm: array /dev/md0 started.
Raid status will be displayed by the command of:
more /proc/mdstat
Personalities : [raid0] [raid1] [raid10] [raid6] [raid5] [raid4] [multipath] [faulty] md0 : active raid1 sdb1[1] sda1[0] 306841344 blocks [2/2] [UU] [=>...................] resync = 5.2% (16186816/306841344) finish=41.2min speed=117548K/sec
unused devices: <none>
Here you can see that the field is titled /dev/md0, is active ( md0 : active raid1 ), is comprised of two discs ( sdb1[1] sda1[0] ), two of two discs ae in the state of “U”, which means UP ( [2/2] [UU] ) and the time of finishing the synchronization is 41 min. After finishing this, the field will be fully redundant. The current speed of mirroring is 117MB/sec.
You can show the detail of the disc field also this way:
mdadm --detail /dev/md0
Version : 00.90.03 Creation Time : Thu Nov 19 03:38:06 2009 Raid Level : raid1 Array Size : 240171648 (229.05 GiB 245.94 GB) Device Size : 240171648 (229.05 GiB 245.94 GB) Raid Devices : 2 Total Devices : 2 Preferred Minor : 0 Persistence : Superblock is persistent
Update Time : Thu Nov 19 04:46:52 2009 State : clean Active Devices : 2 Working Devices : 2 Failed Devices : 0 Spare Devices : 0
UUID : e488aee4:72e58752:7f132997:5ffa538b Events : 0.4
Number Major Minor RaidDevice State 0 8 1 0 active sync /dev/sda1 1 8 17 1 active sync /dev/sdb1
Process management
Better process administrator
For a better view and easier work for the process management, we recommend using the program htop instead of a classical top.
Here you can better watched utilizing of the system means, load, uptime and mainly you can stop the running processes.
Further information may be found for instance in the article htop top na druhou, na serveru root.cz.
Check of the running services
An attempt wishes to display the current statuses of the running service, this command together with the srvice title:
ps ax |grep nazev_sluzby
Launching the processes in the ISP admin
Commands and processes launched at every start of the system:
pico -w /etc/rc.local
The processes launched in relation to the launched runlevel:
pico -w /etc/inittab
Commands and processes launched periodically:
pico -w /etc/crontab
Setting the IP address
A) Permanent setting of the IP address, mask and the default gateway. In this file you will only edit the current addresses to the wanted ones:
pico -w /etc/rc.local
B) Temporary setting of the IP address ( until the first reboot ), enter only these two commands:
ifconfig eth0 192.168.1.100/24 # IP address and mask setting route add default gw 81.13.51.193 # default gateway setting
Dealing with passwords
We strongly recommend to keep to the following policies of sc. strong passwords. Thus you noticeably restrict the possibility to incriminate the system, database as well as of the application itself. Under no circumstances, run the ISP admin system with the default passwords which were contained in the pure installation!
Change in the root password
Change in the root password for the ISP admin system. By means of this password you will be able to run the local login on the consoles, or access the SSH service remotely.
passwd root
Change in passwords for the system database
Change in the root password for the ISP admin system. By means of this password you will be able to run the local login on the consoles, or access the SSH service remotely.
Set the default passwords for the SQL database, the help to be displayed by the command of:
/usr/local/script/ispadmin/ispadmin_change_pass.pl
Change in the user password for the SQL DB "ispadmin":
/usr/local/script/ispadmin/ispadmin_change_pass.pl ispadmin ispadmin new_password
Change in the administrator password SQL DB "root":
/usr/local/script/ispadmin/ispadmin_change_pass.pl mysql_root ispadmin new_password
Service management
:: Monitoring - NAGIOS ::
Restart a service
/etc/init.d/nagios3 restart
Reload a configuration
nagios3 /usr/local/nagios/etc/nagios.cfg
:: WEB server - Apache2 ::
Restart a service
/etc/init.d/apache2 restart
Configuration
/etc/httpd/conf/httpd.conf
/etc/php5/apache2/php.ini
:: Database - MySQL ::
Restart a service
/etc/init.d/mysqld restart
Locating the password for the database
cat /data/support/ispadmin/config/config.php | grep DBPASS
Restore a damaged table
It may happen that during "hard reboot" of the server, some of the files with tables of the system database will be damaged. If you thus happen to encounter the mentioned error notification, login to the command prompt environment and give the command to restore the damaged tables:
- 32bit version
myisamchk –o /data/mysql_db/ispadmin/tabulka.MYI
- 64bit version
myisamchk -o /var/lib/mysql/ispadmin/tabulka.MYI
- Example
myisamchk -o /var/lib/mysql/ispadmin/visited_pages.MYI
:: DNS server - Bind ::
Restart a service
/etc/init.d/bind restart
Cache only DNS server
Caching-only setting is done, you only set the ISP admin as the DNS server, this will thus touch the Internet DNS servers.
If the ISP admin is located in the inner network, the outbound ports 53 UDP and TCP must be allowed on the border router.
/etc/resolf.conf
There are the DNS servers from the Internet set here. These are forwarded once the customers have set the ISP admin as the DNS server.
:: Mailing server - Postfix ::
Restart a service
/etc/init.d/postfix restart
Setting the superordinated mailing server
SMTP server is in default set in such a way that it allows send the mail only from the localhost, so the server may be put on the public IP address without anyone having the possibility to use it for sending mail. The ISP admin thus does not send the mail outside (only locally). Postfix does not allow verification, so the ISP admin must have allowed sending mail without verification to the superordinate SMTP server.
In the configuration file /etc/postfix/main.cf of the mailing server POSTFIX edit the item of relayhost:
pico -w /etc/postfix/main.cf
relayhost = SMTP_SERVER # IP address of the superordinate mailing server
After the edit, you must restart the service:
/etc/init.d/postfix restart
Problems with sending e-mails
As the first thing, check whether the mailing server performs what it gets as a command telnet postovni_server 25, whether the service is avialable at all. It may happen that the server is unavailable due to unclearness of the firewall, due to collision of the domain names, etc....
Wrong setting of the ISP admin
Settings / System settings / Public smtp_restriction. Block the SMTP port 25 The ISPadmin system allows blocking the sending mail by the SMTP protocol on port 25 globally for your whole network. This settings is suitable for using as protection against sending out spam from the infected client computers, when there is a threat of being listed on the world blacklists, or the superordinate provider might even disconnect you. smtp_trust_servers Allowed SMTP servers in the network. Add a trustworthy SMTP servers on the list of allowed ones. These servers will not be restricted while sending out e-mails. The first entry should be your main mailing server. Other addresses are usually company mailing servers of your customers.
Setting the superordinate SMTP server.
The ISP admin does not send out mail (only locally). Postfix does not allow verification so the ISP admin must send out the mail without being checked to the superordinate SMTP server.
Into the configuration file /etc/postfix/main.cf of the POSTFIX mailing server, add the item of:
relayhost = IP_SMTP_SERVER # IP address of the supeordinate mailing server
After editing, you must restart the service:
/etc/init.d/postfix restart
Missing reverse DNS record PTR
The DNS system does not provide only the mechanism of domain names translations onto the IP addresses. It also translates the IP addresses onto the domain names. This is todays used especially for delivering the electronic mail, when the mailing server which receives the message from the client, firtsly translates the IP address of the client onto the name (by means of which you may partly learn who it is) and then the obtaines name translates back to the IP address. If the real and obtained IP address do not correspond, the source of the message may be regarded as unreliable and may be declined.
Locating the existing MX record:
# nslookup > set q=mx > net-service.cz
net-service.cz MX preference = 10, mail exchanger = sentinel.net-service.cz
If the reverse record does not work, the notification appears stating "Unauthorized reply":
# nslookup > set q=mx > net-service.cz
Non-authoritative answer net-service.cz MX preference = 10, mail exchanger = sentinel.net-service.cz
Sent mail check
tail -f /var/log/mail.log mailq
POP3
IMAP4
:: NTP server ::
1/ Time server is not in the pure installation. If you wish the ISP admin to be extended by this service, install the package of ntp:
apt-get install ntp
- Information about the package: http://packages.debian.org/lenny/ntp
- NTP server configuration : http://www.debianadmin.com/ntp-server-and-client-configuration-in-debian.html
2/ Another way how to allow NTP synchronization for routers is to be found on the inside network make UDP port 123 accessible.
3/ If you run linux routers, you can use this settings (does not apply for MikroTiks):
Settings / System settings / Linux
time_server - NTP server for synchronizing routers ntp.cesnet.cz
time_synchronization - Use NTP synchronization of routers 1
:: smsd & gnokii ::
There is a whole article for the SMS gateway: