linux

Crontab Day of the Week syntax

Jovan Stosic May 23, 2020

0 and 7 both stand for Sunday, you can use the one you want, so writing 0-6 or 1-7 has the same result.

Also, as suggested by @Henrik, it is possible to replace numbers by shortened name of days, such as MON, THU, etc:

0 - Sun      Sunday
1 - Mon      Monday
2 - Tue      Tuesday
3 - Wed      Wednesday
4 - Thu      Thursday
5 - Fri      Friday
6 - Sat      Saturday
7 - Sun      Sunday

Graphically:

 ┌────────── minute (0 - 59)
 │ ┌──────── hour (0 - 23)
 │ │ ┌────── day of month (1 - 31)
 │ │ │ ┌──── month (1 - 12)
 │ │ │ │ ┌── day of week (0 - 6 => Sunday - Saturday, or
 │ │ │ │ │                1 - 7 => Monday - Sunday)
 ↓ ↓ ↓ ↓ ↓
 * * * * * command to be executed

Finally, if you want to specify day by day, you can separate days with commas, for example SUN,MON,THU will exectute the command only on sundays, mondays on thursdays.

https://stackoverflow.com/questions/18919151/crontab-day-of-the-week-syntax

Crontab Day of the Week syntax was last modified: May 23rd, 2020 by Jovan Stosic

How to see time stamps in bash history?

Jovan Stosic May 23, 2020 
HISTTIMEFORMAT="%d/%m/%y %T "  # for e.g. “29/02/99 23:59:59”
HISTTIMEFORMAT="%F %T "        # for e.g. “1999-02-29 23:59:59”

To make the change permanent for the current user run:

echo 'HISTTIMEFORMAT="%d/%m/%y %T "' >> ~/.bashrc  # or respectively
echo 'HISTTIMEFORMAT="%F %T "' >> ~/.bashrc
source ~/.bashrc

To test the effects run:

history

https://askubuntu.com/questions/391082/how-to-see-time-stamps-in-bash-history

How to see time stamps in bash history? was last modified: May 23rd, 2020 by Jovan Stosic

Installing Document Server for Linux on Debian, Ubuntu and derivatives – ONLYOFFICE

Jovan Stosic April 24, 2020

Introduction

Document Server is an online office suite comprising viewers and editors for texts, spreadsheets and presentations, fully compatible with Office Open XML formats: .docx, .xlsx, .pptx and enabling collaborative editing in real time.

Functionality

  • Document Editor
  • Spreadsheet Editor
  • Presentation Editor
  • Documents application for iOS and Android
  • Collaborative editing
  • Hieroglyph support
  • Support for all the popular formats: DOC, DOCX, TXT, ODT, RTF, ODP, EPUB, ODS, XLS, XLSX, CSV, PPTX, HTML

This guide will show you how to install Document Server Linux version to your machine.

System requirements

  • CPU
    dual core 2 GHz or better
  • RAM
    2 GB or more
  • HDD
    at least 40 GB of free space
  • Additional requirements
    at least 4 GB of swap
  • OS
    64-bit DebianUbuntu or other compatible distribution with kernel version 3.13 or later
  • Additional requirements
    • PostgreSQL: version 9.1 or later
    • NGINX: version 1.3.13 or later
    • libstdc++6: version 4.8.4 or later
    • Redis
    • RabbitMQ

Installing Document Server

Installation with Debian based distributives also requires the presence of libstdc++6NGINX and PostgreSQL in the system.

All the necessary instrutions for these components and their dependencies installation can be found at their official websites.

There are other dependencies installed together with Document Server:

  • libcurl3
  • libxml2
  • supervisor
  • fonts-dejavu
  • fonts-liberation
  • ttf-mscorefonts-installer
  • fonts-crosextra-carlito
  • fonts-takao-gothic
  • fonts-opensymbol

These dependencies are installed automatically when you use Ubuntu 14.04 LTS or later. Earlier distributions might require their manual installation.

Installing dependencies

Document Server uses NGINX and PostgreSQL as database. Dependencies found in the system repository will be installed automatically at Document Server installation using the apt-get install command.

Installing and configuring PostgreSQL:

Install the PostgreSQL version included in your version of Ubuntu:

sudo apt-get install postgresql
If you want to install some other PostgreSQL version from the PostgreSQL Repository, please see the official PostgreSQL documentation for more detail on that.

After PostgreSQL is installed, create the PostgreSQL database and user:

The created database must have onlyoffice both for user and password.
sudo -i -u postgres psql -c "CREATE DATABASE onlyoffice;"
sudo -i -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';"
sudo -i -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;"

Installing redis:

sudo apt-get install redis-server

Installing rabbitmq:

sudo apt-get install rabbitmq-server
Ubuntu distributives prior to 14.04 LTS might require some other dependencies to be installed.

Ubuntu 18.04 will require to install nginx-extras. This is done using the command:

sudo apt-get install nginx-extras
Changing the default Document Server port

By default Document Server listens to the incoming connections using port 80. Starting with version 4.3 you can change the port for Document Server if you plan to use it instead of the default one.

If you are going to change the default port, make sure that it is open for the incoming/outgoing connections. See the complete list of the ports used by Document Server.

To do that you will need to change the default port for the debconf system, running the command:

echo onlyoffice-documentserver onlyoffice/ds-port select <PORT_NUMBER> | sudo debconf-set-selections

Please write the port number instead of the <PORT_NUMBER> in the above command.

WarningIf you want to change the Document Server protocol to HTTPS, do not change the port to 443, but use this instruction instead.

There are additional options which can be used for Document Server installation. Please read this section for more information on them.

After that you can continue with Document Server installation.

Installing Document Server

Add GPG key:

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CB2DE8E5

Add Document Server repository:

sudo echo "deb https://download.onlyoffice.com/repo/debian squeeze main" | sudo tee /etc/apt/sources.list.d/onlyoffice.list
While the APT package is built against Debian Squeeze, it is compatible with a number of Debian derivatives (including Ubuntu) which means you can use the same repository across all these distributions.

Update the package manager cache:

sudo apt-get update

Install Document Server

sudo apt-get install onlyoffice-documentserver
During the installation process, you will be asked to provide a password for the onlyoffice PostgreSQL user. Please enter the onlyoffice password that you have specified when configuring PostgreSQL.

After that Document Server will be run as a process. The package will be updated just like any other deb package.

Now you can connect Document Server to Community Server or integrate it into your own document management system using the provided API.

Running Document Server using HTTPS

In most cases accessing the portal via HTTPS protocol is much more secure than via HTTP which is used by default. You can easily run Document Server using secure connection. Please see the details here to learn more on how this can be done.

Additional information: more options for Document Server installation

The installation of Document Server allows the use of more debconf options which might be very helpful in case you plan installing it to more than one server or in some other cases.

These options include:

  • PostgreSQL database options
    • Set PostgreSQL database host address (replacing <DB_HOST> with the actual address of the PostgreSQL server installed): 
      echo onlyoffice-documentserver onlyoffice/db-host string <DB_HOST> | sudo debconf-set-selections
    • Set PostgreSQL database user name (replacing <DB_USER> with the actual name of the user with the appropriate PostgreSQL database rights): 
      echo onlyoffice-documentserver onlyoffice/db-user string <DB_USER> | sudo debconf-set-selections
    • Set PostgreSQL database user password (replacing <DB_PASSWORD> with the actual password of the user with the appropriate PostgreSQL database rights): 
      echo onlyoffice-documentserver onlyoffice/db-pwd password <DB_PASSWORD> | debconf-set-selections
    • Set PostgreSQL database name (replacing <DB_NAME> with the actual PostgreSQL database name): 
      echo onlyoffice-documentserver onlyoffice/db-name string <DB_NAME> | sudo debconf-set-selections
  • Redis options
    • Set Redis host address (replacing <REDIS_HOST> with the actual address of Redis installed): 
      echo onlyoffice-documentserver onlyoffice/redis-host string <REDIS_HOST> | sudo debconf-set-selections
  • RabbitMQ options
    • Set RabbitMQ host address (replacing <RABBITMQ_HOST> with the actual address of RabbitMQ installed): 
      echo onlyoffice-documentserver onlyoffice/rabbitmq-host string <RABBITMQ_HOST> | sudo debconf-set-selections
    • Set RabbitMQ user name (replacing <RABBITMQ_USER> with the actual name of the user with the appropriate RabbitMQ rights): 
      echo onlyoffice-documentserver onlyoffice/rabbitmq-user string <RABBITMQ_USER> | sudo debconf-set-selections
    • Set RabbitMQ user password (replacing <RABBITMQ_PWD> with the actual password of the user with the appropriate RabbitMQ rights): 
      echo onlyoffice-documentserver onlyoffice/rabbitmq-pwd password <RABBITMQ_PWD> | sudo debconf-set-selections

Source: Installing Document Server for Linux on Debian, Ubuntu and derivatives – ONLYOFFICE

Installing Document Server for Linux on Debian, Ubuntu and derivatives – ONLYOFFICE was last modified: April 24th, 2020 by Jovan Stosic

OpenLDAP N-Way MultiMaster Replication

Jovan Stosic April 16, 2020 
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcSuffix
olcSuffix: dc=test,dc=local
-
add: olcRootDN
olcRootDN: cn=admin,dc=test,dc=local
-
add: olcRootPW
olcRootPW: {SSHA}SGq737yNactRCyMY70TDTQs6V1wzMRD6
-
add: olcSyncRepl
olcSyncRepl: rid=004 provider=ldap://ldap1.test.local binddn="cn=admin,dc=test,dc=local" bindmethod=simple
  credentials=test searchbase="dc=test,dc=local" type=refreshOnly
  interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcSyncRepl: rid=005 provider=ldap://ldap2.test.local binddn="cn=admin,dc=test,dc=local" bindmethod=simple
  credentials=test searchbase="dc=test,dc=local" type=refreshOnly
  interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcSyncRepl: rid=006 provider=ldap://ldap3.test.local binddn="cn=admin,dc=test,dc=local" bindmethod=simple
  credentials=test searchbase="dc=test,dc=local" type=refreshOnly
  interval=00:00:00:10 retry="5 5 300 5" timeout=1
-
add: olcMirrorMode
olcMirrorMode: TRUE

Source: linuxlasse.net :: OpenLDAP N-Way MultiMaster Replication

OpenLDAP N-Way MultiMaster Replication was last modified: April 16th, 2020 by Jovan Stosic

How To Install and Configure OpenLDAP and phpLDAPadmin on an Ubuntu 14.04 Server

Jovan Stosic April 12, 2020

We also want to password protect our phpLDAPadmin location. Even though phpLDAPadmin has password authentication, this will provide an extra level of protection.

The utility that we need is contained in an Apache utility package. Get it by typing:

sudo apt-get install apache2-utils

Now that you have the utility available, you can create a password file that will contain a username that you choose and the associated hashed password.

We will keep this in the /etc/apache2 directory. Create the file and specify the username you want to use by typing:

sudo htpasswd -c /etc/apache2/htpasswd demo_user

Now, we are ready to modify Apache to take advantage of our security upgrades.

 

Modify the phpLDAPadmin Apache Configuration

The first thing we will do is modify the alias that is set up to serve our phpLDAPadmin files.

Open the file with root privileges in your text editor:

sudo nano /etc/phpldapadmin/apache.conf

This is the place where we need to decide on the URL location where we want to access our interface. The default is /phpldapadmin, but we want to change this to cut down on random login attempts by bots and malicious parties.

For this guide, we’re going to use the location /superldap, but you should choose your own value.

We need to modify the line that specifies the Alias. This should be in an IfModule mod_alias.c block. When you are finished, it should look like this:

<IfModule mod_alias.c>
    Alias /superldap /usr/share/phpldapadmin/htdocs
</IfModule>

When you are finished, safe and close the file.

Configure the HTTP Virtual Host

Next, we need to modify our current Virtual Hosts file. Open it with root privileges in your editor:

sudo nano /etc/apache2/sites-enabled/000-default.conf

Inside, you’ll see a rather bare configuration file that looks like this:

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

We want to add information about our domain name or IP address to define our server name and we want to set up our redirect to point all HTTP requests to the HTTPS interface. This will match the alias we configured in the last section.

The changes we discussed will end up looking like this. Modify the items in red with your own values:

<VirtualHost *:80>
    ServerAdmin webmaster@server_domain_or_IP
    DocumentRoot /var/www/html
    ServerName server_domain_or_IP
    Redirect permanent /superldap https://server_domain_or_IP/superldap
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Save and close the file when you are finished.

The last thing we need to do is set up the location block that will implement our password protection for the entire phpLDAPadmin installation.

We do this by referencing the location where we are serving the phpLDAPadmin and setting up authentication using the file we generated. We will require anyone attempting to access this content to authenticate as a valid user:

<Location /superldap>
    AuthType Basic
    AuthName "Restricted Files"
    AuthUserFile /etc/apache2/htpasswd
    Require valid-user
</Location>

Save and close the file when you are finished.

Restart Apache to implement all of the changes that we have made:

sudo service apache2 restart

Source: How To Install and Configure OpenLDAP and phpLDAPadmin on an Ubuntu 14.04 Server | DigitalOcean

How To Install and Configure OpenLDAP and phpLDAPadmin on an Ubuntu 14.04 Server was last modified: April 19th, 2020 by Jovan Stosic

Owncloud/Nextcloud – Migration of database to LDAP users

Jovan Stosic April 12, 2020

1) In owncloud database change the table : oc_accounts
For the existing owncloud user in the column backend put: OC\User_LDAP\User_Proxy instead of OC\User\Database. For example:

UPDATE oc_accounts SET backend=’OCA\\User_LDAP\\User_Proxy’ WHERE user_id=’my_user’;

2) In table oc_ldap_user_mapping add the LDAP user. For example:

insert into oc_ldap_user_mapping (owncloud_name, ldap_dn, directory_uuid) values(‘my_user’,’cn=User_Name User_Surname,ou=users,dc=ris,dc=mk’,’user_uuid_from_LDAP’);

3) Delete the existing user from oc_users

delete from oc_users where uid=”my_user”;

Owncloud/Nextcloud – Migration of database to LDAP users was last modified: April 12th, 2020 by Jovan Stosic

xinetd

Jovan Stosic March 23, 2020

In computer networkingxinetd (Extended Internet Service Daemon) is an open-source super-server daemon, runs on many Unix-like systems and manages Internet-based connectivity.

It offers a more secure alternative to the older inetd (“the Internet daemon”), which most modern Linux distributions have deprecated.

Description

xinetd listens for incoming requests over a network and launches the appropriate service for that request. Requests are made using port numbers as identifiers and xinetd usually launches another daemon to handle the request. It can be used to start services with both privileged and non-privileged port numbers.

xinetd features access control mechanisms such as TCP Wrapper ACLs, extensive logging capabilities, and the ability to make services available based on time. It can place limits on the number of servers that the system can start, and has deployable defense mechanisms to protect against port scanners, among other things.

On some implementations of Mac OS X, this daemon starts and maintains various Internet-related services, including FTP and telnet. As an extended form of inetd, it offers enhanced security. It replaced inetd in Mac OS X v10.3, and subsequently launchd replaced it in Mac OS X v10.4. However, Apple has retained inetd for compatibility purposes.

 

Source: xinetd – Wikipedia

xinetd was last modified: March 23rd, 2020 by Jovan Stosic