Wired Network Unstable with Ubuntu 13.04

I have installed 13.04 64bit OS in Toshibha laptop. I have connected the Wired network but the issue is that connection is getting drop time to time even Network stayed connected.
I could not ping to the gateway. Then I have restart the network but the problem remain same. After physically unplugged & plugged the cable,the network is back to normal. But the issue is that this can not be done frequently.
So to overcome this issue I have followed the below step.

1. Found out that this issue is due to kernel bug in 3.8 version.
   
2. Then I have gone for a kernel upgrade to version 3.10, to do that use the below commands.
   

wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.10.12-saucy/linux-headers-3.10.12-031012-generic_3.10.12-031012.201309141044_amd64.deb

wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.10.12-saucy/linux-headers-3.10.12-031012_3.10.12-031012.201309141044_all.deb

wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.10.12-saucy/linux-image-3.10.12-031012-generic_3.10.12-031012.201309141044_amd64.deb
sudo dpkg -i linux-headers-3.10.12-*.deb linux-image-3.10.12*.deb

Then Restart the computer.

After the reboot I have make ping to gateway and worked as usual. Continuously for 2 hours able to ping to gateway. So this is the way to solve the instability of network connection issue in Ubuntu 13.04 OS.

Peer to Peer communication in FreePBX

This document pointing out the Direct RTP media or peer to peer communication of RTP.

I have managed to get Asterisk not to proxy media. I am running Freepbx 2.10.1.9 and Asterisk 1.8.12.0 on CentOS Linux 5.7 (Linux 2.6.18-274.3.1.el15.i686 - 32-bit) in Virtual machine. Directly connected to static IP.

It can be done under below conditions.
    --> NAT should be disabled in the FreePBX ( sip.conf, Extension)
    --> Network Devices and Phones should support for peer to peer communication (NO NAT)
    --> In the extensions recording features should be turned off.
    --> Should havedirect internet connection with static IP address

Setting changes in the SIP server, this is should be done via freepbx GUI
    1) Application -> Extensions -> 'canreinvite=yes' and 'nat=no'
    2) Settings -> Asterix SIP settings -> 'NAT=no' and 'IPconfiguratoin=static IP' and 'Reinvite Behavior=yes'
    3) Add below entries to Other SIP Settings
        --> 'directrtpsetup=yes' and
        --> 'keepalive=yes'
    4) Settings -> Advanced Settings -> "SIP canrenivite (directmedia)=yes" and "SIP nat=no"
    5) Settings -> General Settings -> "Asterisk Dial command options:" should be empty


I have used tcpdump tool to monitor the communicatoin between server and SIP phones. Then I were albe to recognized the peer to peer communication.




Reference : http://www.dslreports.com/forum/r27852319-Can-I-get-Asterisk-to-not-proxy-media-

check_mailq not correctly detecting the mail queue -NRPE plugins

I have added nagios NRPE client to check mail queue in CentOS 6 server and running postfix as mail deamon.

Issue : Eventhough there is mailq in the server nagios showed as Empty mailq.


First I checked the below configuration files in the Mail server
--> /usr/local/nagios/libexec/check_mailq : There you can find a variable called
"$mailq = 'sendmail'; # default". I have changed it to postfix. But it didnt resolve the issue.
--> /usr/local/nagios/libexec/utils.pm : There you can find a varialbe called $PATH_TO_MAILQ   = "/usr/bin/mailq";
This is also correct. That can checked by issue /usr/bin/mailq and it will show the actual mailq
--> /usr/local/nagios/etc/nrpe.cfg : There you set check_mailq parameteres
/usr/local/nagios/libexec/check_mailq -w 100 -c 200

Run the below command independantly in the mail server
--> /usr/local/nagios/libexec/check_mailq -w 100 -c 200
But it issues the Mail queue empty though there are several mails in the queue.

Then I issued the above command with the mail deamon option as below
--> /usr/local/nagios/libexec/check_mailq -w 100 -c 200 -M postfix
This will show you the correct mail queue and then I chaged the /usr/local/nagios/etc/nrpe.cfg check_mailq parameter with the -M postfix option.
Issue was sorted.

Note : AS far as I found the postfix does not create mailqueue directory under /var/spool/. It has seperate direcotry in /var/spool/postfix/ which maintain mails in seperate directories such as  deferred , bounce , active  etc. So this might be the reason the nagion NRPE plugin could not check the mail queue correctly.

Some of the packages cannot updated. Need to take from old packages.

Ubuntu apt-get install propagate error message “ Some of the packages cannot updated. Need to take from old packages. - Ubuntu OS version is old.”

When you get this kind of error message first you need to backup /etc/apt/souces.list and then follow the below mention steps.

1. vi /etc/apt/sources.list
2. Then find the below lines and replace as mention

• deb <siteurl> karmic main restricted
• replace the <siteurl> with http://old-releases.ubuntu.com/ubuntu

3. Once again find http://security.ubuntu.com/ubuntu and replace with http://old-releases.ubuntu.com/ubuntu

4. Save the changes and issue the below command.

5. apt-get update

Then install the packages as you wish.

SELinux is preventing /sbin/iptables-multi-1.4.7 from read access on the file

Error message :
Check the /var/log/messages to get idea of error

=========================================================================

May 12 04:05:40 mail setroubleshoot: SELinux is preventing /sbin/iptables-multi-1.4.7 from read access on the file . For complete SELinux messages. run

sealert -l 1a33e373-0b4e-4e1c-8cf7-38636b5acbde

May 12 04:05:40 mail setroubleshoot: SELinux is preventing /sbin/iptables-multi-1.4.7 from create access on the rawip_socket . For complete SELinux mes

sages. run sealert -l c2931169-d03b-4758-92d4-f22275f7f391

May 12 04:05:40 mail setroubleshoot: SELinux is preventing /sbin/iptables-multi-1.4.7 from create access on the rawip_socket . For complete SELinux mes

sages. run sealert -l c2931169-d03b-4758-92d4-f22275f7f391

May 12 04:05:40 mail setroubleshoot: SELinux is preventing /sbin/iptables-multi-1.4.7 from read access on the file . For complete SELinux messages. run

sealert -l 1a33e373-0b4e-4e1c-8cf7-38636b5acbde

May 12 04:05:37 mail fail2ban.actions: WARNING [dovecot-pop3imap] Unban 125.19.48.106

May 12 04:05:37 mail fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q 'fail2ban-dovecot-pop3imap[ \t]' returned 100

May 12 04:05:37 mail fail2ban.actions.action: ERROR Invariant check failed. Trying to restore a sane environment

May 12 04:05:37 mail fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports pop3,pop3s,imap,imaps -j fail2ban-dovecot-pop3imap#

012iptables -F fail2ban-dovecot-pop3imap#012iptables -X fail2ban-dovecot-pop3imap returned 300

May 12 04:05:37 mail fail2ban.actions.action: ERROR iptables -N fail2ban-dovecot-pop3imap#012iptables -A fail2ban-dovecot-pop3imap -j RETURN#012iptabl

es -I INPUT -p tcp -m multiport --dports pop3,pop3s,imap,imaps -j fail2ban-dovecot-pop3imap returned 100

May 12 04:05:37 mail fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q 'fail2ban-dovecot-pop3imap[ \t]' returned 100

May 12 04:05:37 mail fail2ban.actions.action: CRITICAL Unable to restore environment

================================================================================

This error propagate with the Selinux, you can run the below command to get fully idea about selinux error.

sealert -l 1a33e373-0b4e-4e1c-8cf7-38636b5acbde

Check the audit.log file and find below deined messages.

type=AVC msg=audit(1368773459.619:3055): avc: denied { read } for pid=6627 comm="iptables" scontext=unconfined_u:system_r:fail2ban_t:s0 tcontext=system_u:object_r:sysctl_modprobe_t:s0 tclass=file

type=AVC msg=audit(1368773459.620:3056): avc: denied { create } for pid=6625 comm="iptables" scontext=unconfined_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:system_r:fail2ban_t:s0 tclass=rawip_socket

type=AVC msg=audit(1368773459.620:3057): avc: denied { read } for pid=6625 comm="iptables" scontext=unconfined_u:system_r:fail2ban_t:s0 tcontext=system_u:object_r:sysctl_modprobe_t:s0 tclass=file

type=AVC msg=audit(1368773459.622:3058): avc: denied { create } for pid=6629 comm="iptables" scontext=unconfined_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:system_r:fail2ban_t:s0

Resolution :

Once I check the context of /sbin/iptables-multi-1.4.7 it will show the incorrect context as below

• ls -lZ /sbin/iptables-multi-1.4.7

output

• -rwxr-xr-x. root root system_u:object_r:bin_t:s0       /sbin/iptables-multi-1.4.7

Run the below command to correct the Selinux context

• restorecon -R -v /sbin/

then run the ls -lZ command which show the correct context

• -rwxr-xr-x. root root system_u:object_r:iptables_exec_t:s0 /sbin/iptables-multi-1.4.7

Then restart the fail2ban service.

Samba Server configuration -CentOS 6.3 with SeLinux

You must installs below packages in order to configure as samba server

yum install cups-libs samba samba-common

Initially you must allow firewall to access to samba server. Below ports should be allowed. In my server I have used iptables as firewall so below rules will allow the samba from firewall

-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 137 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 138 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 139 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 445 -j ACCEPT

you can restrict by source IP from better security.

Then you need to concern about SeLinux values. Since if you not enable boolean value then even home directory not be able to share.

If you want to share the default home directory, type this command:

setsebool -P samba_enable_home_dirs on

If you want samba to be a domain controller:

setsebool -P samba_domain_controller on

If you want to share files/directories other than home directories or standard directory. You should label these files/directories as samba_share_t. For example if you created the directory /home/fileserver, you can label the directory and its contents with the chcon tool.

# chcon -R -t samba_share_t /home/fileserver

To make this label permanent issue the below commands.

# semanage fcontext -a -t samba_share_t ’/home/fileserver(/.*)?’
# restorecon -R -v /home/fileserver

There are two booleans that you can set to allow the sharing of standard directories. If you want to share any standard directory read/only you can set the boolean samba_export_all_ro.
# setsebool -P samba_export_all_ro 1
This boolean will allow Samba to read every file on the system.Similarly if you want to share all files and directories via Samba, you set the samba_export_all_rw
# setsebool -P samba_export_all_rw 1
This boolean would allow Samba to read and write every file on your system.  So a compromised Samba server would be very dangerous.

for more details please refer below link :

http://danwalsh.livejournal.com/14195.html

Then you need to configure the smb.conf file as you want.

I have configured home and other shared directories and my configuration file should be as below.

[Common]

comment = All Users

path = /home/common

valid users =@users

force group = users

create mask = 0765

directory mask = 0775

writable = yes

If you need to enable home directories that users can read and write to it below entry should be included.

[homes]
   comment = Home Directories
   browseable = no
   valid users = %S
   writable = yes
   create mask = 0700
   directory mask = 0700

Now add the user to the Samba user database:

smbpasswd -a tom

Could not load plugin shared object /usr/lib/openvpn/openvpn-auth-ldap.so

When you start openvpn daemon you will get below error message( If your OpenVPN server integrated with LDAP). It's quite interesting error message.

PLUGIN_INIT: could not load plugin shared object /usr/lib/openvpn/openvpn-auth-ldap.so: /usr/lib/openvpn/openvpn-auth-ldap.so: cannot open shared object file: No such file or directory

I have try to locate openvpn-auth-ldap.so library file from VPN server. It was located in

/usr/lib/openvpn/plugin/lib/openvpn-auth-ldap.so

So simply I have created soft link to place where openvpn daemon checking above library by issuing below command.

• ln -s /usr/lib/openvpn/plugin/lib/openvpn-auth-ldap.so /usr/lib/openvpn/openvpn-auth-ldap.so

Then start the VPN daemon.  

Open VPN Error TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) TLS Error: TLS handshake failed

If you getting error message continuously you should check below things

1. Client and Server date/time
2. Client Virus guard or Firewall
3. Common name of the CA certificate
4. Routing entry of the server.conf

Client and server date and time should be corrected and same. Then If your client machine having virus guard then you should disable it and should allowed firewall settings for VPN connection.

If you getting error continuously, either your CA certificate common name have space such as “Technical Division” or incorrect routing pushes to client.

Recreate CA certificate and put common name without space. Then try to connect to VPN server. But if you failed then checked the server configuration file.

There you must push the route which does not include the server IP address.

For ex :

My VPN server IP address 192.168.2.30

If you push below route to client then TLS error will generate

push "route 192.168.2.0 255.255.255.0" This is confusing entry which will generate TLS error.

You must push route without except server IP.

Ex: push "route 192.168.2.0 255.255.255.240"

push "route 192.168.2.33 255.255.255.224"

Like wise you should push route accordingly. But remember not to push route which include server IP address.

This solution has resolved TLS handshake failed for me. Server OS is Cent OS 6.3

Duplicity fails on Too many open files

If you have got any error message like “Too many open files” in Ubuntu machine below are the steps to overcome the error message.

I have faced this error message while restoring Duplicity backup volumes. To restore backup volume I have used Java code.

There is simple solution that I can maximize the Open file Descriptor in Ubuntu OS, to complete that follow the below instructions.

System-wide File Descriptors (FD) Limits

The number of concurrently open file descriptors throughout the system can be changed via /etc/sysctl.conf file under Linux operating systems.

The Number Of Maximum Files Was Reached, How Do I Fix This Problem?

Many application such as Oracle database or Apache web server needs this range quite higher. So you can increase the maximum number of open files by setting a new value in kernel variable /proc/sys/fs/file-max as follows (login as the root):# sysctl -w fs.file-max=100000
Above command forces the limit to 100000 files immediately. You need to edit /etc/sysctl.conf file and put following line so that after reboot the setting will remain as it is:# vi /etc/sysctl.conf
Append a config directive as follows:fs.file-max = 100000
Save and close the file. Users need to log out and log back in again to changes take effect or just type the following command:# sysctl -p
Verify your settings with command:# cat /proc/sys/fs/file-max
OR# sysctl fs.file-max

Source : http://www.cyberciti.biz/faq/linux-increase-the-maximum-number-of-open-files/

Duplicity Backup Restore process

I have used duplicity backup script for backing up user data and also I have used Private and Public keys encryption method for encrypting the backup.

To restore backup used below commands and initially copied Duplicity volume gpg files from Remote location to local Computer.

Then we must issue below commands to decrypt the backup volumes. After the decryption we can view there are two folders created in the backup restore location. Folders are named as “multivol_snapshot” and “snapshot”.

If you encrypted your backup, first you must decrypt the volume by using your private key. Say you have duplicity-full.20110127T131352Z.vol1.difftar.gpg:

gpg --output duplicity-full.20110127T131352Z.vol1.difftar --decrypt duplicity-full.20110127T131352Z.vol1.difftar.gpg

Or to do all at once (This is the easiest way to do ...):

gpg --multifile --decrypt duplicity-*.*.*.difftar.gpg

Now you have either a .difftar or a .difftar.gz volume (depending on whether you had to decrypt it or not). Use tar on whichever one you have to extract the individual patch files:

tar xvf duplicity-full.20110127T131352Z.vol1.difftar

Or again, to do all at once:

for t in duplicity-*.*.*.difftar; do tar xf $t; done

If your file is in snapshot/ then you're done. Otherwise find the directory in multivol_snapshot/ at the path where your file used to be: you need to join together all the files in this directory to recreate the original file. The files are numbered, and can be joined together using the cat command. Depending on how large the original was, there may be many parts.

cat * > rescued-file

Problem with original instructions
The directions linked above suggest using cat * > rescued-file. Unfortunately this simple approach fails if you have more than 9 parts. Since * expands in dictionary order, not numeric order, 10 would be listed before 2, and the file would be reconstructed in the wrong order.
Workaround
One simple approach is to remember that dictionary order does work when numbers are the same length, and that ? matches a single character. So if your largest file has three digits, you can manually enter:

cat ? ?? ??? > rescued-file

Add or remove ? patterns as necessary, depending on the largest file number.

If there are more than 9 parts then you should go for scripting to recover the data. There you can use either shell scripting or Java code which include below.

But there is major limitation that it won't work with Incremental backups.

If you have a lot of files to recover and don't fancy typing that for all of them, you might prefer to use a script such as this. It lists the containing directory for every file, removes duplicates from the list, then goes to each directory and creates a content file from the fragments there. (spacer is just to make$1 work.)

find multivol_snapshot/ -type f -printf '%h\0' | \ sort -uz | \ xargs -0 -n 1 sh -c 'cd "$1" ; cat $(ls | sort -n) > content' spacer

Now you just have to add /content to the end of any filename you were looking for, and you should find it.

Or you can use below Java code to restore backup without issue. (No need to change single letter of the code it works fantastically for me.)

import java.io.File; import java.io.FileFilter; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.util.Arrays; import java.util.Comparator; import java.util.ListIterator; import java.util.Vector; import org.apache.commons.io.filefilter.DirectoryFileFilter; public class DeFrankensteiner { static String untaredRoot = "/media/big5wf/untared2test"; static Vector<File> resultDirs = new Vector<File>(); public static void main(String[] args) { if (args.length>0) { if (args[0] != null) { untaredRoot = args[0]; if(!new File(untaredRoot).exists()){ System.err.println("Directory does not exist"); } } } else { System.out.println("Program takes two arguments: root folder of the backup and an optional target folder"); System.out .println("Please rerun and specifiy the root of your untared duplicity backup"); System.out .println("The directory contains two folders, 'snapshot' and 'multivol_snapshot'"); System.exit(0); } getLeafDirectories(new File(untaredRoot + System.getProperty("file.separator") + "multivol_snapshot")); ListIterator iter = resultDirs.listIterator(); while (iter.hasNext()) { File sourceDir = (File) iter.next(); File[] the64KbBlocks = sourceDir.listFiles(); // We need a non alphabetic, simple higher is better sort Arrays.sort(the64KbBlocks, new IntValueComparator()); String targetFileName = sourceDir.getAbsolutePath().replace( "multivol_snapshot", "snapshot"); System.out.println("Will save file to " + targetFileName + " after merging " + the64KbBlocks.length + " blocks."); // instead of /bin/bash try to use java onboard methods try { File targe = new File(targetFileName); if(targe.exists())targe.delete(); FileOutputStream fos = new FileOutputStream(targetFileName, true); int i = 0; for (File file : the64KbBlocks) { i++; FileInputStream fis = new FileInputStream(file); byte[] bytesOfA64KbBlock = bytesOfA64KbBlock = getBytesFromFile(file); fos.write(bytesOfA64KbBlock); fis.close(); } System.err.println("Written file file://" + targetFileName); fos.close(); } catch (IOException e) { e.printStackTrace(); } } } public static byte[] getBytesFromFile(File file) throws IOException { InputStream is = new FileInputStream(file); // Get the size of the file long length = file.length(); // Create the byte array to hold the data byte[] bytes = new byte[(int) length]; // Read in the bytes int offset = 0; int numRead = 0; while (offset < bytes.length && (numRead = is.read(bytes, offset, bytes.length - offset)) >= 0) { offset += numRead; } // Ensure all the bytes have been read in if (offset < bytes.length) { throw new IOException("Could not completely read file " + file.getName()); } // Close the input stream and return bytes is.close(); return bytes; } public static class IntValueComparator implements Comparator<File> { public int compare(final File file1, final File file2) { int res = 0; try { res = (Integer.valueOf(file1.getName()) - Integer.valueOf(file2 .getName())); } catch (NumberFormatException e) { System.err.println("Something is here that shouldnt be here: " + e.getMessage()); System.err.println(file1.getAbsolutePath()); System.err.println(file2.getAbsolutePath()); // e.printStackTrace(); System.exit(-1); } return res; } } public static void getLeafDirectories(File dir) { File listFile[] = dir.listFiles(); if (listFile != null) { for (int i = 0; i < listFile.length; i++) { if (listFile[i].isDirectory()) { File[] subdirs = listFile[i] .listFiles((FileFilter) DirectoryFileFilter.DIRECTORY); if (subdirs.length == 0) resultDirs.add(listFile[i]); getLeafDirectories(listFile[i]); } } } } }

You must have installed Java run time and IDE for compile Java code. I have installed NetBeans IDE and then create Public class called “DeFrankensteiner” and added above code to that class and compile it.

You should take “<name>.jar” file from the comlied location which is under “dist” folder. Then issue the below commands to Recover the “multivol_snapshot” folder.

Go into the dist folder Ex : - cd /user/Desktop/java/backuprestore/dist Run the jar file with the source directory and Destination directory arguments. Ex:- java -jar Backuprestore.jar /root/Documents/Test/ /root/restoreddata

Limitations

This doesn't restore any of the original file permissions or ownership. It also doesn't deal with incremental backups, but then the inked instructions also hit a bit of a dead end on this point — they just suggest using rdiff to stitch the files together' and refer the reader to man rdiff.

Sources : http://serverfault.com/questions/249709/how-to-manually-extract-a-backup-set-made-by-duplicity https://live.gnome.org/DejaDup/Help/Restore/WorstCase#Restoring_by_Hand https://gist.github.com/1365425 https://answers.launchpad.net/ubuntu/+source/duplicity/+question/186098

My SQL error jos_session' is marked as crashed and should be repaired SQL=INSERT INTO `jos_session`

This is one of the most common error in Joomla and it only means that the table jos_session has crashed or is damage. This table stores your session and you can easily fix this via cPanel or phpmyadmin.

Before you do anything you should backup the database which is located in /var/lib/mysql and then tar the related database. After that you are totally fine for table repair.

Using phpMyAdmin;

First take phpMyAdmin and then place that phpMyAdmin into apache document root. (ex : /var/www/html)
Then using your web browser access the phpMyAdmin interface and login using related Database credentials. Then issue the command “REPAIR TABLE `tbl_name`"
That's it. It will fix the issue.

Or you can use command line and use below commands to repair the table.

• mysql -u root -p
  

Enter database password.

• use “database_name”
  
• show tables ; This will show you all the tables name under particular database.
  
• Then run either truncate table jos_session or repair table jos_session

This will fix the table crashed issue.

Allowing Calling user to Transfer Call in FREEPBX

Even though you have allowed Call Transfer, Calling user unable to Transfer the Call with Free PBX and Grandstream phones.

There is way to enable that facility as well.

If you want to transfer calls you have made then in the outbound dial rules on FreePBX general settings check that there is a "T".

Follow the Screen shot for configure Calling user transfer option.

Then Save the changes and Submit it, then enjoyed VOIP with FreePBX.