SIMPLE RECIPE FOR ARCH LINUX FULL ENCRYPTED --LVM

Few days later i just want to give a try to arch Linux, since i like to try different things so i came across with Arch and some people love it some people don't so i give it a try and wanted to see if i can just encrypt it all and then play with it

so my first toughs were that it smells like OpenBSD at the installation process i mean set up the disk and then sync over the Internet

the other thing that i notice its that the wiki it huge and usually i like to get things done as quick as possible but i take me some spare time to get things done so this is my personal recipe to start and then move forward in case i want it to, this are all the minimal configuration to install it i use a virtual machine so things may go different in each case

toor# parted -s /dev/sda mklabel msdos
toor# parted -s /dev/sda mkpart primary 2048s 100%
toor# cryptsetup luksFormat /dev/sda1

at the beggining i used to type yes but it is actually 'YES' damm me :|

toor# cryptsetup luksOpen /dev/sda1 lvm

o by the way this is all in LVM setup sorry forget it to tell about it

creating LVM partitions

toor# pvcreate /dev/mapper/lvm
toor# vgcreate vg /dev/mapper/lvm
toor# lvcreate -L 2G vg -n swap
toor# lvcreate -l 100%FREE vg -n root

Formating and activating swap

toor# mkfs.ext4 /dev/mapper/vg-root
toor# mkswap /dev/mapper/vg-swap
toor# mount /dev/mapper/vg-root /mnt
toor# swapon /dev/mapper/vg-swap

preparing boot

toor# mkfs.ext2 /dev/sda1
toor# mkdir /mnt/boot
toor# mount /dev/sda1 /mnt/boot

Basic Install
toor# pacstrap /mnt base
toor# genfstab -U /mnt >> /mnt/etc/fstab
toor# arch-chroot /mnt
toor# ln -s /usr/share/zoneinfo/Region/City /etc/localtime
toor# hwclock --systohc

modifi according the /etc/locale.gen and i like to use joe so

toor# pacman -S joe 

toor# locale-gen

set LANG and KEYMAP

/etc/locale.conf
  LANG=en_US.UTF-8
/etc/vconsole.conf
  KEYMAP=la-latin1

Add hooks

/etc/mkinitcpio.conf
   HOOKS = "... encrypt lvm2 ..."

toor# mkinitcpio -p linux
toor# pacman -S grub

Edit grub
/etc/default/grub
  GRUB_ENABLE_CRYPTODISK=y
  GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda1:lvm"

toor# grup-mkconfig -o /boot/grub/grub.cfg

it will complain with some warning like:
WARNING: failed to connect to lvmetad: No such file or directory. Falling back to internal scanning
no problem at all at least this is what wiki says
https://wiki.archlinux.org/index.php/GRUB#Warning_when_installing_in_chroot

toor# grup-install /dev/sda
toor# passwd
...
toor# ctrl+D
#reboot

here we have installed the system but it needs a little more to have a full system, this is just for the beginnign
references:
https://wiki.archlinux.org/
http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/

ruby openbsd terminal FIX invalid byte sequence in UTF-8 (ArgumentError)

Today i start playing with ruby and an small script that reads a csv file and create users in openbsd os the file was simply username, plain password, comments but the comments also have the ñ letter on it so i did not know that for some reason ruby does not handle this automatically at least in openbsd terminal so when i connect to openbsd with putty terminal and run it i was getting this error

./++++++.rb:6:in `split': invalid byte sequence in UTF-8 (ArgumentError)
        from ./++++++.rb:6:in `block in <main>'
        from ./++++++.rb:5:in `each'
        from ./++++++.rb:5:in `<main>'

so i remember this kind of errors with python, so i searched in google and put the normal encode solution in the script:

#encoding: utf-8

didn't work :\ so in some page said that the problem was not ruby or the encoding in the script but the terminal encoding so i have to put the correct enconding in the profile file and that worked !! 

export LC_CTYPE=xy_XY.ISO8859-1

how did i get the encoding type

$locale -a

Fixing VMWare WorkStation no ping from guest

Yesterday i try to start all again some projects that i have not been used for some months, first problem i faced was to remember the passwords that i have in the VMs i solved the problem and the tree of it has to be bridged but
no ping     (:{0

so in the internet i found that the problem is related in the way VMware try to hook the VMs to the Nework in the automatic configuration

               
so in the Virtual Network Editor ( you have to give administrator rights to change the settings) we have it like this:

the automatic is the problem since i have two network cards this problem were not present months ago but in those days i was using the WIFI and it has DHCP on it activated

even if the WIFI its not connected so to solve it we have to change the VMware settings to point manually

in my case i choose the Ethernet Card connected to he LAN that solve the problem, finally!

OpenBSD root Partition on 99%

well this post is related to a problem that i have with postfix, where the daemon did not work correctly but i found the solution but the problem with the root partition where not fixed at all, so i have to dig and search asking myself why it i have partition the disk correctly, i saw and saw the partitions and the answer where not revealed.

i even check out the virtual machine in my laptop and could see that the root partition where just using 40 % of the space and not growing up, here is the actual partition layout

Filesystem     Size    Used   Avail Capacity  Mounted on
---------------------------------------------------------------------
/dev/sd0a       2.0G      1.9G       97M    99%    /
/dev/sd0i      98.4G    14.0G    79.4G    15%    /home
/dev/sd0d       3.9G    24.0K      3.7G      0%    /tmp
/dev/sd0e       2.9G     1.4G       1.4G    49%    /usr
/dev/sd0f        9.8G    777M       8.6G      8%    /usr/local
/dev/sd0h       2.0G     1.1G      762M    60%    /usr/obj
/dev/sd0g       2.0G    863M       1.0G    45%    /usr/src
/dev/sd0k      497G    257G       215G    54%    /var/mail
/dev/sd0j       298G   10.1G       273G     4%    /var/www

so can you see the problem, good for you but i could not, so after some times i saw my mistake there is no /var partition so all on var but var/{mail,www} belog to root partion /, and that include:

account/, amavisd/, arpwatch/,audit/,...named/,mysql/, you got it and yes damm!!!

since it is more difficult to resize and create partitions i decide to move mysql from /var/mysql to /var/www/mysql i know that this maybe not desired but what can i do i am lazy and do not have too much time and of course first i need to set up a similar situation over my virtual test machine to avoid myself headaches :p

so i copied the content in /var/mysql to /var/www/mysql set up permissions and indicate mysql where to start

# mkdir /var/www/mysql
# chown -R _mysql:_mysql /var/www/mysql
# cp -R /var/mysql/* /var/www/mysql (i forget to use -p :p )
# /usr/local/bin/mysqld_safe --datadir=/var/www/mysql --open-files-limit=8192&

and of course it complains and did not start why because i forget the -p parameter on the cp and the files belongs to root 
...
-rw-r-----  1 root  _mysql      19760 Jan 11 19:08 mysql-bin.000001
-rw-r-----  1 root  _mysql     765307 Jan 11 19:08 mysql-bin.000002
...

# chwon -R _mysql: /var/www/mysql
# /usr/local/bin/mysqld_safe --datadir=/var/www/mysql --open-files-limit=8192&

no more mysql complains and work ok ill do the resize latter sure ill :0

Postfix Error [ warning: not enough free space in mail queue ]

The last days i have face an awkward problem with postfix, queue related 
here is the log 

... postfix/smtpd[x]: NOQUEUE: reject: MAIL from unknown[y.y.y.y]: 452 4.3.1 Insufficient system storage; proto=ESMTP helo=<domain.com>
... postfix/smtpd[x]: warning: not enough free space in mail queue: 123852800 bytes < 1.5*message size limit

so this is the first time this happen never seen before in my years working with postfix, so i dig in the main.cf and see if the message_size_limit were the resposable.

message_size_limit=83886080

but this was the limit i put on years ago because some users complains that the messages with big attachments did not pass the server, so i increase it, but recently i have to redo the server because of a failure of the HDD some other thing that i notice it were that the root partition of the server where 99% and not very much mails in the queue.

anyway i have to say that the postfix that were used were old compared to this one and the version of openbsd were different too, so i come back to the default configuration to

message_size_limit=10240000

and bang the problems go away, but this let me with one question, why my root partion where in 99% ?? i found the answer and this is something to have in account, i will post it in other entry

OpenBSD basic Configuration SYMON

recently i have to install symon on the server so we can see the load of the system and here are the steps with a basic configuration and auth over the web server

first installed the packages
symon-2.82          active monitoring tool
syweb-0.60          web frontend to symon

then the configuration

/etc/symon.conf
monitor { cpu(0),  mem,
          if(lo0),if(bge0),if(re0),
          pf,
          mbuf,
          proc(lighttpd),
          proc(mysqld),
          proc(named),
          proc(pure-ftpd),
          io(sd0a), io(sd0j)
} stream to 127.0.0.1 2100

/etc/symux.conf

mux 127.0.0.1 2100

source 127.0.0.1 {
          accept {
                cpu(0), 
                mem,
                if(lo0),
                if(bge0),
                if(re0),
                pf,
                mbuf,
                proc(lighttpd),
                proc(mysqld),
                proc(named),
                proc(pure-ftpd),
                io(sd0a),
                io(sd0j)
        }
        datadir "/var/www/symon/rrds/localhost"
}

/etc/rc.local
...
if [ "$symon_flags" != "NO" -a -x /usr/local/libexec/symon ];then
printf ' symon -->'; /usr/local/libexec/symon && echo "\t\t [OK]" || echo "\t\t [Failed]" ;fi

if [ "$symux_flags" != "NO" -a -x /usr/local/libexec/symux ];then
printf ' symux -->'; /usr/local/libexec/symux && echo  "\t\t [OK]" || echo "\t\t [Failed]" ;fi

$ sudo mkdir -p -m 0755 /var/www/symon/rrds/localhost
$ sudo /usr/local/share/symon/c_smrrds.sh all

configuration on the lighttpd for the auth
 ...
"mod_auth", 
...
auth.backend                = "plain"
auth.backend.plain.userfile = "/etc/lighttpd/lighttpd.user"
auth.require                = ( "/syweb" =>
                               (
                                 "method"  => "digest",
                                 "realm"   => "Authorization",
                                 "require" => "user=sax|user=moxi"
                               )
                              )
...

dont forget to put the credentials for the users on lighttpd.user file!

OpenWebmail sending slow not as i guess

Lately i have seen that openwebmail were behaving slow so i change it to speedy_cgi as openwebmail support this one and the problem goes away but at the moment for compose some times takes more than 20s to sending it and some times just take 3s around so why not seeing actually the code for the sendmail wich it is openwebmail-send.pl and ther i see that it actually use the module SMTP so BINGo why not check out postfix if it doint their job well so guess what the answer its not at all.

when i connect to localhost it takes around 20 s to answer
$ telnet localhost 25
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
...
22 sec after
...
220 Postfix EsMtP
quit
221 2.0.0 Bye
Connection closed by foreign host.
$ ????? so i check out the maillog and just see this when the slow answer comes
...
Dec 10 12:28:21 websrv postfix/smtpd[21048]: connect from unknown[127.0.0.1]
Dec 10 12:28:50 websrv postfix/smtpd[21048]: warning: 1.0.0.127.dnsbl.njabl.org: RBL lookup error: Host or domain name not found. Name service error for name=1.0.0.127.dnsbl.njabl.org type=A: Host not found, try again
...
so the problem did not come from openwebmail or apache or lighttpd or cgi or speedy_cgi it comes from my smtp server which it is postfix so for some reason this rbl list its taking too long to answer and just change the order and add permit_mynetworks so the problem goes away after a postfix reload