26 Feb 2008 List rpm package content
To list the contents of a package just run the command
# rpm -ql packagename
Example
# rpm -ql nmap /usr/bin/nmap /usr/share/doc/nmap-3.70 /usr/share/doc/nmap-3.70/COPYING /usr/share/doc/nmap-3.70/COPYING.OpenSSL /usr/share/doc/nmap-3.70/README /usr/share/doc/nmap-3.70/nmap-fingerprinting-article.txt /usr/share/doc/nmap-3.70/nmap.deprecated.txt /usr/share/doc/nmap-3.70/nmap.usage.txt /usr/share/doc/nmap-3.70/nmap_doc.html /usr/share/doc/nmap-3.70/nmap_manpage.html /usr/share/man/man1/nmap.1.gz /usr/share/nmap /usr/share/nmap/nmap-mac-prefixes /usr/share/nmap/nmap-os-fingerprints /usr/share/nmap/nmap-protocols /usr/share/nmap/nmap-rpc /usr/share/nmap/nmap-service-probes /usr/share/nmap/nmap-services
Tags: CentOS, Fedora, RedHat, rpm
Posted by Hans-Henry Jakobsen
17 Oct 2007 Enabling Remote Access to the Installation System
You may access either graphical or text interfaces for the Redhat installation system from any other system. Access to a text mode display requires telnet, which is installed by default on Fedora systems. To remotely access the graphical display of an installation system, use client software that supports the VNC (Virtual Network Computing) display protocol. A number of providers offer VNC clients for Microsoft Windows and Mac OS, as well as UNIX-based systems.
The installation system supports two methods of establishing a VNC connection. You may start the installation, and manually login to the graphical display with a VNC client on another system. Alternatively, you may configure the installation system to automatically connect to a VNC client on the network that is running in listening mode.
Enabling Remote Access with VNC
To enable remote graphical access to the installation system, enter two options at the prompt:
linux vnc vncpassword=astrongpassword
The vnc option enables the VNC service. The vncpassword option sets a password for remote access. The example shown above sets the password as astrongpassword. The VNC password must be at least six characters long.
Specify the language, keyboard layout and network settings for the installation system with the screens that follow. You may then access the graphical interface through a VNC client. The installation system displays the correct connection setting for the VNC client:
Starting VNC... The VNC server is now running. Please connect to computer.mydomain.com:1 to begin the install... Starting graphical installation... Press <enter> for a shell
You may then login to the installation system with a VNC client. Start the VNC client Enter the server and display number in the VNC Server dialog. For the example above, the VNC Server is computer.mydomain.com:1.
This is possible on RedHat, Fedora and probably other distributions derived on these distributions like CentOS.
Tags: CentOS, Fedora, installation, RedHat, remote access, vnc
Posted by Hans-Henry Jakobsen
17 May 2007 Courier-IMAP to Dovecot Migration Script
I’ve just migrated a couple of servers from Courier-IMAP to Dovecot, and am very happy with the latter so far. I thought I’d share the courier2dovecot shell script I whipped together (based on the instructions I found in the migration how-to), for converting Courier-IMAP maildirs to Dovecot format.
While the script is rather simple, it can save a fair bit of typing when migrating some hundreds of mail accounts, especially since Courier stores some of its own state files recursively in each folder of the maildir hierarchy, making it a real pain to otherwise manually rename or remove all of them.
Here’s a plain-English summary of what the script currently does, when given a Courier maildir path as an argument:
- Check that the given path is indeed a valid Courier maildir, and exit if not.
- Rename the file ‘courierimapsubscribed’ to ‘subscriptions’, and strip the ‘INBOX.’ prefix from its contents.
- Recursively rename all of files of the name ‘courierimapuiddb’ to ‘dovecot-uidlist’.
- Recursively delete all of files of the name ‘courierimaphieracl’, ‘courierimapacl’ and ‘courierimapkeywords’.
The script will also verbosely print out each action it performs, handy for redirecting the output to a log file for a large migration.
Hopefully people about to jump ship from Courier to Dovecot find this useful. If anyone comes up with improvements to the script, please send them my way.
#!/bin/sh # # courier2dovecot -- Converts a Courier maildir to Dovecot format. # Copyright (c) 2005 Arto Bendiken. Released under the GNU GPL. # Newest version available from http://bendiken.net/scripts/ # # 2005-10-21 initial version for Dovecot 1.0. # dir="$1" if [ -z "$dir" ] || [ "$dir" = "-?" ] || [ "$dir" = "-h" ] || [ "$dir" = "--help" ]; then echo "Usage: $0 maildirpath" exit 1 fi if [ ! -d "$dir" ] || [ ! -e "$dir/courierimapsubscribed" ]; then echo "$dir is not a path to a Courier maildir" exit 1 fi find $dir -name courierimapsubscribed -print0 | xargs -0r rename -v 's/courierimapsubscribed/subscriptions/' find $dir -name subscriptions -print0 | xargs -0r sed -i 's/INBOX\.//' find $dir -name courierimapuiddb -print0 | xargs -0r rename -v 's/courierimapuiddb/dovecot-uidlist/' find $dir -name courierimaphieracl -print0 | xargs -0r rm -vrf find $dir -name courierimapacl -print0 | xargs -0r rm -vf find $dir -name courierimapkeywords -print0 | xargs -0r rm -vrf
Comment to the script:
Hey Arto & everyone using this script:
Be careful when trying to run this on Red Hat Enterprise Linux or CentOS 4 systems. These operating systems ship with a different rename command than the Debian systems. You can also tell them apart based on the output when running ‘rename’ with no arguments.
This is the perl version which works:
Usage: rename [-v] [-n] [-f] perlexpr [filenames]
This is the RHEL/CentOS version that doesn’t:
call: rename.orig from to files…
Hope this helps someone out there, and thanks for the script Arto!
Source: http://bendiken.net/2005/11/03/courier-imap-to-dovecot-migration-script
Tags: CentOS, Courier-imap, Debian, Dovecot, Fedora, find, maildir, perl, RedHat, SMTP, xargs
Posted by Hans-Henry Jakobsen
24 Jan 2007 How do I turn enforcing SELinux on/off at boot?
You can specify the SELinux mode using the configuration file /etc/sysconfig/selinux.
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted
Setting the value to enforcing is the same as adding enforcing=1 to your command line when booting the kernel to turn enforcing on, while setting the value to permissive is the same as adding enforcing=0 to turn enforcing off. Note that the command line kernel parameter overrides the configuration file.
However, setting the value to disabled is not the same as the selinux=0 kernel boot parameter. Rather than fully disabling SELinux in the kernel, the disabled setting instead turns enforcing off and skips loading a policy.
Source: http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id2825945
Tags: CentOS, Fedora, RedHat, selinux
Posted by Hans-Henry Jakobsen
22 Jan 2007 How do I make a user public_html directory work under SELinux?
This process presumes that you have enabled user public HTML directories in your Apache configuration file, /etc/httpd/conf/httpd.conf. This process only covers serving static Web content. For more information about Apache HTTP and SELinux, refer to http://fedora.redhat.com/docs/selinux-apache-fc3/.
If you do not already have a ~/public_html directory, create it and populate it with the files and folders to be served.
# cd ~ # mkdir public_html # cp /path/to/content ~/public_html
At this point, httpd is configured to serve the contents, but you still receive a 403 forbidden error. This is because httpd is not allowed to read the security type for the directory and files as they are created in the user’s home directory. Change the security context of the folder and its contents recursively using the -R option:
#ls -Z -d public_html/ drwxrwxr-x auser auser user_u:object_r:user_home_t public_html # chcon -R -t httpd_user_content_t public_html/ # ls -Z -d public_html/ drwxrwxr-x auser auser user_u:object_r:httpd_user_content_t public_html/ # ls -Z public_html/ -rw-rw-r-- auser auser user_u:object_r:httpd_user_content_t bar.html -rw-rw-r-- auser auser user_u:object_r:httpd_user_content_t baz.html -rw-rw-r-- auser auser user_u:object_r:httpd_user_content_t foo.html
You may notice at a later date that the user field, set here to user_u, is changed to system_u. This does not affect how the targeted policy works. The field that matters is the type field.
Your static webpages should now be served correctly. If you continue to have errors, ensure that the Boolean which enables user home directories is enabled. You can set it using system-config-securitylevel. Select the SELinux tab, and then select the Modify SELinux Policy area. Select Allow HTTPD to read home directories. The changes take effect immediately.
Tags: Apache, CentOS, chcon, Fedora, RedHat, selinux
Posted by Hans-Henry Jakobsen
