Sunday, July 30, 2006

TWiki 4.0.4 setup on debian stable (sarge) HowTo.

Step by step guide for TWiki 4.0.4 setup on debian stable (sarge) 3.1-r2 - Fresh Install.

-- Pre Install --

Start by downloading and installing debian stable.
I recommend you select linux26, it just sounds better.
Select "Web Server" from server roles during d-i.

# -- Post Install --

# We'll be installing some packages required by TWiki to run in apache2 cgi mode.
aptitude install libalgorithm-diff-perl
aptitude install libdigest-sha1-perl
aptitude install libmime-base64-perl
aptitude install libnet-perl
aptitude install libtext-diff-perl
aptitude install libcgi-session-perl

# Disable unneeded apache2 modules to increase security
cd /etc/apache2/mods-enabled && rm perl.* php4.* mod_python.load

# Configure your exim MTA to use smarthost (no local delivery)
dpkg-reconfigure -plow exim4-config

# Now looks like a good time create the soon to be twiki setup dir
mkdir /var/www/twiki

# -- TWiki setup --

cd /var/www/twiki
tar xzvf TWiki-4.0.4.tgz

# Save original setup for future reference, good safty-net in case something borks.
mkdir /root/nondeb_install
mv TWiki-4.0.4.tgz /root/nondeb_install

# Set some config files, "the debian way". Well... almost
cd /var/www/twiki
mv root-htaccess.txt .htaccess
mkdir /etc/twiki && cd /etc/twiki
mv /var/www/twiki/twiki_httpd_conf.txt twiki.conf
sed -i -e 's@/home/httpd@/var/www@' /etc/twiki/twiki.conf

# Set proper permissions on twiki cgi runtime files.
chown -R root:www-data /var/www/twiki
chmod -R 750 /var/www/twiki/
chown -R www-data:www-data /var/www/twiki/pub/
chown -R www-data:www-data /var/www/twiki/data/

# Cool, lets link twiki.conf to apache2 main config
cd /etc/apache2/conf.d
ln -s /etc/twiki/twiki.conf twiki.conf

# -- TWiki configurations --

# Time to edit some config files.
# use either vi(m), gedit, nano, pico, emacs, ed or check Debian Reference - Editors
# I use sed to speed things up, this allows this whole HowTo to be step-by-step copy & run.

# Tell twiki script where it should look for his perl modules
mv LocalLib.cfg.txt LocalLib.cfg
sed -i -e '/twikiLibPath/ { s@/absolute/path/to/your/lib@/var/www/twiki/lib@ }' LocalLib.cfg

# And set apache to "by default" redirect to our twiki
# (This replaces the string "apache2-default" with "/twiki/bin/view/")
sed -i -e '/RedirectMatch/ { s@/apache2-default/@/twiki/bin/view/@ }' /etc/apache2/sites-available/default

# -- TWiki Security --

# Lets set apache and twiki to use basic authentication
htpasswd -c /var/www/twiki/data/.htpasswd USERNAME
chown www-data:root /var/www/twiki/data/.htpasswd
chmod 750 /var/www/twiki/data/.htpasswd

# We'll add a few lines to twiki.conf, making the server require valid-user

sed -i '/<Directory "\/var\/www\/twiki\/bin">/ a AuthType Basic\nAuthName "TWiki - Knowledge is Power"\nAuthUserFile /var/www/twiki/data/.htpasswd' /etc/twiki/twiki.conf

# -- Twiki web configurations --

# Let's access the web interface and configure the wiki

Things to pay attention to :

Security Setup >> Authentication >> {LoginManager} =TWiki::Client::ApacheLogin
Security Setup >> Passwords >> {PasswordManager} =TWiki::Users::HtPasswdUser
Security Setup >> Passwords >> {Htpasswd}{FileName} =/var/www/twiki/data/.htpasswd

# -- System cron --

# Let's have twiki mailing us at 2AM

echo '0 2 * * * root (cd /path/to/twiki/bin; ./mailnotify -q)' >> /etc/crontab

# -- User Setup --

We're almost there, the last thing you should do is educate yourself.

1. Read
2. Check
3. Play with the system before you take it into production.

My 2cent's :
1. The system uses rcs to store it's data (no rational db such as mysql & co.)
2. All system configurations are done from within the wiki itself, a somewhat new but interesting concept : You use the same interface to edit both the wiki pages & the wiki configuration files. Once you hit the "Save" button the change is applied, and the cherry on the cake is you get to use the same revision system to revert back if you mess something up with the config.

That's about all, enjoy your new wiki.
I hope this helps someone.
Maxim V.

Comments are welcome.

Friday, June 30, 2006

Block Device copying over LAN (Using Linux LiveCD)

To copy an entire block device or a single partition from one machine to the other over the network, use the following procedure :

  • Make sure the ssh daemon is running on the target machine.
  • Make sure the ssh daemon is running on the source machine.
  • Execute the following dd (1) command on the source machine.
dd if=/dev/hda bs=1k conv=sync,noerror | gzip -c | ssh -c blowfish user@hostname "gzip -d | dd of=/dev/hda bs=1k"

You can also use the great g4u (2) project that is based on BSD and is amazing in it's simplicity and usefulness.

Good for 1-to-1 copy of server machines, great for rapid restore in case of a crash.
Also can be used for intrusion detection analyses: Just copy the hard drive and use all the the data analyzing software you want on the clone, knowing that the original hard drive is still intact.

Reference :


Friday, May 26, 2006

Quick and dirty NIS+NFS+AutoFS configuration for RH (RedHat) based distributions.
This will allow your Linux users to work in a distributed environment and have the warm roaming profile feeling.

~~ NOTE: Careful, work in progress. I'm editing the post from time to time ~~

On the server you go like this :
1. yum install ypserv
2. set nis domain in /etc/sysconfig/network
3. make -C /var/yp

Where as on the client side, this is what you do :

1. yum install autofs
2. yum install ypbind
3. yum install portmap
4. Set nis domain in /etc/sysconfig/network
5. Make your autofs config file(s) to look like this :

cat /etc/auto.master
/home/exports /etc/auto.home

cat /etc/auto.home
* NFS_SERVER_ADDRESS:/home/exports/&

6. Tell the system where to look for user info :

cat /etc/nsswitch.conf
passwd: nis files
shadow: nis files
group: nis files

7. Make sure the needed network daemons awake on boot :
chkconfig --level 345 autofs on
chkconfig --level 345 ypbind on
chkconfig --level 345 portmap on

8. Set your NIS server
cat /etc/yp.conf

You're done.
Reboot and witness the magic of the ages (; (NIS has been with us since the 80's).

Reference :

Saturday, April 29, 2006

For Debian system administrators that are looking for a way to globally alter the default application associated with various mime types, the file to edit is /etc/mailcap

This way you could have your default pdf viewer be Evince instead of that awful gpdf.
Hi everyone.

So? What do we have here? Well... not much actually.

Sorry for getting you all over exited, this blog is sole purpose in life is being a textbox for my random bits from the IT world. Technical and Social alike. Nice to read, not much of a value.

OTOH, From time to time I do have some useful tips I gather around that would be very nice to remember (for future reference of course). A Blog just seems like the right textbox at the right place at the right time.

What, and you really thought I'm doing this for your entertainment? Ha.
Here we go, stick around if you like.

Love you all.