To start out, download the current version of cgit via git

git clone git://hjemli.net/pub/git/cgit

Next you need to setup the git submodule

cd cgit
git submodule init
git submodule update

Once your done, run get-git

make get-git

Then compile the software

make

And install it

make install

After you have installed cgit, you will need to setup Apache to run cgit. This is pretty easy, just edit your /etc/httpd/conf/httpd.conf file and add the following for the site you wish to run cgit on.

<Directory "/var/www/code.mattrude.com/">
      AllowOverride None
      Options ExecCGI
      Order allow,deny
      Allow from all
</Directory>

Once your done setting up cgit in Apache, you may configure cgit by creating a cgitrc file at /etc/cgitrc. Below is the example config file.

EXAMPLE CGITRC FILE
-------------------

# Enable caching of up to 1000 output entriess
cache-size=1000

# Specify some default clone prefixes
clone-prefix=git://foobar.com ssh://foobar.com/pub/git http://foobar.com/git

# Specify the css url
css=/css/cgit.css

# Show extra links for each repository on the index page
enable-index-links=1

# Show number of affected files per commit on the log pages
enable-log-filecount=1

# Show number of added/removed lines per commit on the log pages
enable-log-linecount=1

# Add a cgit favicon
favicon=/favicon.ico

# Use a custom logo
logo=/img/mylogo.png

# Enable statistics per week, month and quarter
max-stats=quarter

# Set the title and heading of the repository index page
root-title=foobar.com git repositories

# Set a subheading for the repository index page
root-desc=tracking the foobar development

# Include some more info about foobar.com on the index page
root-readme=/var/www/htdocs/about.html

# Allow download of tar.gz, tar.bz2 and zip-files
snapshots=tar.gz tar.bz2 zip

##
## List of common mimetypes
##

mimetype.git=image/git
mimetype.html=text/html
mimetype.jpg=image/jpeg
mimetype.jpeg=image/jpeg
mimetype.pdf=application/pdf
mimetype.png=image/png
mimetype.svg=image/svg+xml

##
## List of repositories.
## PS: Any repositories listed when section is unset will not be
##     displayed under a section heading
## PPS: This list could be kept in a different file (e.g. '/etc/cgitrepos')
##      and included like this:
##        include=/etc/cgitrepos
##

repo.url=foo
repo.path=/pub/git/foo.git
repo.desc=the master foo repository
repo.owner=fooman@foobar.com
repo.readme=info/web/about.html

repo.url=bar
repo.path=/pub/git/bar.git
repo.desc=the bars for your foo
repo.owner=barman@foobar.com
repo.readme=info/web/about.html

# The next repositories will be displayed under the 'extras' heading
section=extras

repo.url=baz
repo.path=/pub/git/baz.git
repo.desc=a set of extensions for bar users

repo.url=wiz
repo.path=/pub/git/wiz.git
repo.desc=the wizard of foo

# Add some mirrored repositories
section=mirrors

repo.url=git
repo.path=/pub/git/git.git
repo.desc=the dscm

repo.url=linux
repo.path=/pub/git/linux.git
repo.desc=the kernel

# Disable adhoc downloads of this repo
repo.snapshots=0

# Disable line-counts for this repo
repo.enable-log-linecount=0

# Restrict the max statistics period for this repo
repo.max-stats=month

Related Posts

1. Installing the GIT Daemon for Read Only Access to Repoistory
2. Creating a secure Git repository server
3. How-To Disable tool-tips in Fedora 12 (while using GNOME)
4. Adding a native WordPress gallery
5. WordPress Themes – Random Image Header

Start out by modifying the new file git-daemon.

vim /etc/xinetd.d/git-daemon

Add the below text to the file.

# description: The git daemon offers anonymous access to git repositories
service git
{
    disable        = no
    type           = UNLISTED
    port           = 9418
    socket_type    = stream
    wait           = no
    user           = git
    server         = /usr/libexec/git-core/git-daemon
    server_args    = --inetd --export-all --base-path=/var/git
    log_on_failure += USERID
}

You may need to change the location of the git-daemon (the above example is from Fedora) and you will need to update the location of your git repository directory.

The above configuration will share ALL the git repositories in the /var/git directory.

If you do not wish for the all repositories to be public, you may remove the --export-all flag and add a empty file named git-daemon-export-ok to the git repository you wish to still share.

Related Posts

1. Creating a secure Git repository server
2. Installing the git, cgit web interface on a Fedora 12 server
3. SSH with no password
4. Run a Secure git Repository on FreeNAS
5. Importing and Syncing a Subversion Repository with Git

To do this first I needed to create a DSA key pair on a different system.  On my Fedora 12 laptop I ran

ssh-keygen -t dsa

The trick here is to not create your new key pair in the default directory of “~/.ssh/” but in a temporary directory instead. So when it asks you.

Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):

Enter a different file in witch to save the key in. Note this is asking for the name of a file, not the name of the directory, it will also create a .pub file, this is the public key for the above private key.

Now that you have a public/private key for the FreeNAS box, if you don’t already you need to create one for the user that you plan on sending the file from.  Just follow the above command, but this time, you may just hit enter all the way threw leaving all options as default.

Next, go to your FreeNAS web-page control panel, If you don’t already have one, you will need to create a user on your FreeNAS box for you to connect to.  You may do this via “Access -> User and Groups” from the black bar on the top of the page.

Now from the top (black) bar go to “Services -> SSH”

On your Services|SSH page, first make sure the service is enabled (top right hand corner). Once it is you will be able to change the below options.

• TCP Port: The default (port 22) is fine in most cases, but note if you change it, you must use the new port for all connections.
• Permit root login: My option is that the root account should never be allowed to log in via a remote process.  You should set your system up correctly where this is not needed.
• Password authentication: For now this must be enabled (checked), once you have set “Key Authorization” up, you may disable this option.
• TCP forwarding: Disabled (unchecked)
• Compression: Enabled (checked)
• Private Key: This will be were we put the private key created above.  All you need to do is copy and paste.
• Extra options: Blank

After you have made your changes, “Save and Restart” the service.

On your local system, you need to copy the content of the local users public (~/.ssh/username.pub) key file to a new file named “authorized_keys” (Note: this is not the file we created for FreeNAS but the file we created for your local account).  This is the file that will need to be copied to your FreeNAS box.

Now that you have all the needed bits, we need to log into your FreeNAS server and create a “.ssh” directory to store the “authorized_keys” file.  To log in to the FreeNAS box interactively run a command similar too.

ssh freenasuser@freenasaddress

Or if you changed the “TCP Port” above, your command will look like this:

ssh -P freenasport freenasuser@freenasaddress

Once your logged in, you need to create the directory, by doing.

mkdir ~/.ssh

After you have successfully created your directory, you may exit out of your FreeNAS box for the next step.
Back on your local system you need to copy the “authorized_keys” file created before to the FreeNAS box. Using SCP you can do this by running a command like:

scp -P freenasport authorized_keys freenasuser@freenasaddress:~/.ssh/

This will copy the file to the FreeNAS box. Next, reconnect to the FreeNAS box as you did before and run.

cd ~/.ssh/
chmod 600 authorized_keys

Once your done, you should be able to connect to your FreeNAS box using the private key in the authorized_keys with out a password.

Related Posts

1. SSH with no password
2. Run a Secure git Repository on FreeNAS
3. Creating a secure Git repository server
4. Installing the GIT Daemon for Read Only Access to Repoistory
5. Installing Dovecot with SQLite Support

• See a example here

To start, create a new file named gallery-function.php and add the following code to it, this file should live in the root of your current theme’s directory.

gallery-function.php

<link rel="stylesheet" href="<?php bloginfo('template_url'); ?>gallery-function.css" type="text/css" media="screen" />
<div id="gallerypost-<?php the_ID(); ?>">
    <div id="gallerypost_main-<?php the_ID(); ?>">
	<div id="gallerypost_thumbnail-<?php the_ID(); ?>">
		<?php post_thumbnail(); ?>
	</div>
	<div id="gallerypost_body-<?php the_ID(); ?>">
		<?php $images =& get_children( 'post_type=attachment&post_mime_type=image' ); ?>
		<h2><a rel="bookmark" href="<?php the_permalink(); ?>"><?php the_title(); ?></a></h2>
		<div><small>Posted by <?php the_author_posts_link(); ?> on <?php the_time('F jS, Y') ?></small></div>
		<div>
			<?php the_excerpt(); ?>
		</div>
	</div>
    </div>
    <div id="gallerypost_sub-<?php the_ID(); ?>">
	<div id="gallerypost_sub_left-<?php the_ID(); ?>">
		<p><?php echo get_the_term_list( $post->ID, 'people', 'Who: ', ', ', '<br />' ); ?></p>
		<p><?php echo get_the_term_list( $post->ID, 'events', 'What: ', ', ', '<br />' ); ?></p>
             	<p><?php echo get_the_term_list( $post->ID, 'places', 'Where: ', ', ', '' ); ?></p>
	</div>
	<div id"gallerypost_sub_right-<?php the_ID(); ?>">
		This Album contains <?php echo $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->posts WHERE post_parent = '$post->ID' AND post_type = 'attachment'" ); ?> items.
	</div>
    </div>
</div>

Next create a file named gallery-function.css and also add it to our current theme’s root directory.
gallery-function.css

.gallerypost {
        background-color:#fff;
        display: block;
        hNeight: 300px;
        margin: 0px 0px 10px 0px;
        padding: 20px 10px 10px 10px;
        overflow: hidden;
        border-bottom: 1px solid #D2C4A2;
        }
.gallerypost_body {
        float: right;
        width: 430px;
        margin: 0 20px 0 0;
        }
.gallerypost_body p {
        margin: 50px 0px 0px 0px;
        }
.gallerypost_body .entry p {
        margin: 0px 0px 0px 0px;
        }
.gallerypost_body .entry {
        margin: 0px 0px 0px 0px;
        }
.gallerypost_main {
        width: 690px;
        }
.gallerypost_sub {
        display: block;
        padding: 210px 0px 0px 10px;
        }
.gallerypost_sub {
        display: block;
        padding: 210px 0px 0px 10px;
        }
.gallerypost_sub p {
        vertical-align: bottom;
        margin: 0;
        }
.gallerypost_sub_left {
        width: 220px;
        display: block;
        float: left;
        }
.gallerypost_sub_right {
        width: 220px;
        display: block;
        float: right;
        }
.gallerypost_thumbnail {
        float: left;
        }
.gallerypost_thumbnail img {
        margin: 0 0 0 10px;
        color: #000;
        }

And lastly you will need to add the following to your functions.php file in your current theme’s root directory (you may add it anywhere in functions.php).

add_theme_support('post-thumbnails');
set_post_thumbnail_size(200, 200);

Now that we have our functions built, we need to add some code to your category.php file.

Right after:

<?php while (have_posts()) : the_post(); ?>

Add the following code.  This will display the gallery-function.php code when a post is in the “gallery” category.

<? if ( is_category( 'gallery' )) {
                    include('gallery-index.php');
               } else { ?>

Next Before:

<?php endwhile; ?>

Add the following to close the if statement.

<?php } ?>

And that should do it, you should now see the post image on the gallery category page similar to below.

Related Posts

1. Display EXIF Data on WordPress Gallery Post Image
2. Displaying one category on your WordPress main page
3. Adding a native WordPress gallery
4. wp-Gallery2 Image Block post
5. Next Gallery Image Link in Image Posts

To start out, go to your postfix directory and modify/create your generic file.  Your generic file will map the two addresses to each other.  At the end of your generic file add a space or tab seperated file simmiler to this.

apache@example.com         webmaster@example.com

Once you have added the entries to your generic file, you need to hash the file so postfix may quickly access it.

postmap /etc/postfix/generic

After you map has been created, you will need to add the entry to your main.cf file to tell Postfix to use your generic map.

smtp_generic_maps = hash:/etc/postfix/generic

Once you have updated your main.cf file, you need to reload postfix

postfix reload

Related Posts

1. Postfix: reject an address before queue
2. Postfix: allow select users permission to send to a cretin address
3. Postfix: Archiving Mail when sent from or to the outside world
4. Installing Postfix with SQLite Support
5. Creating Self-signed SSL Certificates for Dovecot & Postfix

Installing the dependences

yum -y install sqlite sqlite-devel gcc make patch db4-devel cyrus-sasl-devel
echo "postfix:x:89:89::/var/spool/postfix:/sbin/nologin" >> /etc/passwd
echo "postdrop:x:90:90::/var/spool/postfix:/sbin/nologin" >> /etc/passwd
echo "postfix:x:89:" >> /etc/group
echo "postdrop:x:90:" >> /etc/group
ln -s /usr/lib/sasl2/ /usr/local/lib/sasl2

Download and Patch Postfix

Download and unpack the current Postfix Version.

wget http://postfix.energybeam.com/source/official/postfix-2.6.5.tar.gz
tar -xzf postfix-2.6.5.tar.gz
cd postfix-2.6.5

Download and Patch Postfix with the SQLite Postfix patch

wget http://www.treibsand.com/postfix-sqlite/postfix-2.6-20080216_sqlite.patch
patch -ul -d . -p1 < postfix-2.6-20080216_sqlite.patch
echo $?

Building Postfix

To Build with SQLite Support

make -f Makefile.init makefiles 'CCARGS=-DHAS_SQLITE -I/usr/local/include' \
'AUXLIBS=-L/usr/local/lib -lsqlite3'
echo $?

Or to Build with SQLite & TLS Support
Requires:

yum -y install openssl-devel
make -f Makefile.init makefiles 'CCARGS=-DHAS_SQLITE -I/usr/local/include -DUSE_TLS' \
'AUXLIBS=-L/usr/local/lib -lsqlite3 -lz -lm -lssl -lcrypto'
echo $?

To Build with SQLite, Dovecot, & TLS Support

yum -y install openssl-devel dovecot-devel
make makefiles 'CCARGS=-DHAS_SQLITE -I/usr/include/sasl/ -DUSE_SASL_AUTH -DUSE_CYRUS_SASL  -DDEF_SERVER_SASL_TYPE=\"dovecot\" -DUSE_TLS' -I/usr/local/include \
   'AUXLIBS=-L/usr/local/lib -lsqlite3 -lz -lm -lssl -lcrypto -lsasl2'
echo $?

Compiling Postfix

Now Compile Postfix

make
echo $?

And Install it

make install

Building the SQLite Database

In order to use the SQLite function, you need a SQLite database. First using SQLite3 run

sqlite3 /etc/postfix/postfix.sqlite

To create the database, then you can copy and past the following scheme into the new database.

CREATE TABLE alias (
  address varchar(255) NOT NULL,
  goto text NOT NULL,
  domain varchar(255) NOT NULL,
  created datetime NOT NULL default '0000-00-00 00:00:00',
  modified datetime NOT NULL default '0000-00-00 00:00:00',
  active tinyint(1) NOT NULL default '1');

CREATE TABLE domain (
  domain varchar(255) NOT NULL,
  description varchar(255) NOT NULL,
  aliases int(10) NOT NULL default '0',
  mailboxes int(10) NOT NULL default '0',
  maxquota bigint(20) NOT NULL default '0',
  quota bigint(20) NOT NULL default '0',
  transport varchar(255) NOT NULL,
  backupmx tinyint(1) NOT NULL default '0',
  created datetime NOT NULL default '0000-00-00 00:00:00',
  modified datetime NOT NULL default '0000-00-00 00:00:00',
  active tinyint(1) NOT NULL default '1' );

CREATE TABLE mailbox (
  username varchar(255) NOT NULL,
  password varchar(255) NOT NULL,
  name varchar(255) NOT NULL,
  maildir varchar(255) NOT NULL,
  quota bigint(20) NOT NULL default '0',
  domain varchar(255) NOT NULL,
  created datetime NOT NULL default '0000-00-00 00:00:00',
  modified datetime NOT NULL default '0000-00-00 00:00:00',
  active tinyint(1) NOT NULL default '1',
  local_part varchar(255) NOT NULL );

Then close the database

.quit

Or you may download mine from below and use the same scheme work.

• postfix.sqlite

Once you have your database file place it in /etc/postfix/ as something like /etc/postfix/postfix.sqlite then run

chown root:root /etc/postfix/postfix.sqlite
chmod 600 /etc/postfix/postfix.sqlite

Configuring Postfix

Now add the maps to you config.

/etc/postfix/main.cf

relay_domains = sqlite:/etc/postfix/sqlite_relay_domains_maps.cf
relay_recipient_maps = sqlite:/etc/postfix/sqlite_relay_recipient_maps.cf
virtual_alias_maps = sqlite:/etc/postfix/sqlite_virtual_alias_maps.cf
virtual_mailbox_domains = sqlite:/etc/postfix/sqlite_virtual_domains_maps.cf
virtual_mailbox_maps = sqlite:/etc/postfix/sqlite_virtual_mailbox_maps.cf

virtual_mailbox_base = /var/spool/virtualmailboxes
virtual_minimum_uid= 1000
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000

sqlite_relay_domains_maps.cf

dbpath = /etc/postfix/postfix.sqlite
query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '1' AND active = '1'

sqlite_relay_recipient_maps.cf

dbpath = /etc/postfix/postfix.sqlite
query = SELECT goto FROM alias WHERE address='%s' AND active = 1

sqlite_virtual_alias_maps.cf

dbpath = /etc/postfix/postfix.sqlite
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

sqlite_virtual_domains_maps.cf

dbpath = /etc/postfix/postfix.sqlite
query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'

sqlite_virtual_mailbox_maps.cf

dbpath = /etc/postfix/postfix.sqlite
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'

Setting up a fresh install of Postfix

mkdir /var/spool/virtualmailboxes/
echo "virtualmail:x:1000:1000::/var/spool/virtualmailboxes:/sbin/nologin" >> /etc/passwd
echo "virtualmail:x:1000:" >> /etc/group
chmod 700 /var/spool/virtualmailboxes/
chown -R virtualmail:virtualmail /var/spool/virtualmailboxes/
rm -f /usr/lib/sendmail
ln -s /usr/sbin/sendmail /usr/lib/sendmail

Adding SQLite entry’s

First add a Domain

echo "INSERT INTO domain ( domain, description, transport )
VALUES ( 'laptop.mattrude.com', 'laptops domain', 'virtual' );" |sqlite3 /etc/postfix/postfix.sqlite

Then add a user

echo "INSERT INTO mailbox ( username, password, name, maildir, domain, local_part )
VALUES ( 'matt@laptop.mattrude.com', 'password', 'Matt', 'laptop.mattrude.com/matt@laptop.mattrude.com/', 'laptop.mattrude.com', 'matt' );" |sqlite3 /etc/postfix/postfix.sqlite

Last we need to add the mailboxes alias

echo "INSERT INTO alias ( address, goto, domain )
VALUES ( 'matt@laptop.mattrude.com', 'matt@laptop.mattrude.com', 'laptop.mattrude.com' );" |sqlite3 /etc/postfix/postfix.sqlite

Next, contue on to my Dovecot SQLite how-to to finish your email server.

Related Posts

1. Installing Dovecot with SQLite Support
2. Postfix: Archiving Mail when sent from or to the outside world
3. Converting a MediaWiki database from MySQL to SQLite
4. Postfix: reject an address before queue
5. Auto Update Script for MiniMyth

Main Screen

• Read a HTML message from the preview panel
  • Confirm the “View Header” drop down window works with HTML messages
• Read a Plain Text message from the preview panel
  • Confirm the “View Header” drop down window works with Plain Text messages
• Read a HTML message full screen
  • Confirm the “View Header” drop down window works with HTML messages
  • Confirm the “Read Source” button works with HTML messages
• Read a Plain Text message full screen
  • Confirm the “View Header” drop down window works with Plain Text messages
  • Confirm the “Read Source” button works with Plain Text messages
• Change Message pages
• Select All, Unread, None from the bottom center
• Is the quota meter displaying
• Flag (star) a message
• Search for a known message value
• Move a message from Inbox to a folder
• Move a message from a folder to the Inbox
• Send a message to an internal account
• Send a message to an external account
• Add a message via the plus symbol when viewing a message
  • Dose it show up in Personal Settings / Spam / Address Rules

Address Book

• Add an Address Book entry
  • Dose it show up in Personal Settings / Spam / Address Rules
• Change an existing entry
• “Compose Mail To” button, top center
• “Export Contacts in vCard format” button, top center
• “Import Contacts” button, top center
• Delete a contact
  • Dose it delete from Personal Settings / Spam / Address Rules

Personal Settings / Folders

• Subscribe to a folder
• Unsubscribe from a folder
• Add a folder
• Delete a folder

Personal Settings / Identities

• Add a new “Identity”
  • Send a message with this identity
• Modify an existing “Identity”
  • Send a message with this identity
• Delete an Identity
• Change default Identity’s

Personal Settings / Spam

• Add a new white list entry
• Add a new black list entry
• Delete a white list entry
• Delete a black list entry

Related Posts

1. RoundCube Fail2Ban Plugin post
2. Fail2Ban Setup with RoundCube
3. Git Commit eMail Notifications
4. Installing the git, cgit web interface on a Fedora 12 server
5. Restoring a Windows 2000 Profile

In order for this script & config file to work you must disable both log & log-append in the OpenVPN Server Config File.

;log          openvpn.log
;log-append   openvpn.log

The Files are:

/etc/logwatch/scripts/openvpn      - Logwatch perl module
/etc/logwatch/conf/openvpn.conf    - Configuration file

/etc/logwatch/scripts/openvpn

#!/usr/bin/perl
##########################################################################
# $Log: openvpn,v $
# Revision 1.0  2005/07/27 17:19:34  hyppo
# Filippo Grassilli http://hyppo.com/email.php
#
# Written and maintained by:
#    Filippo Grassilli http://hyppo.com/email.php
##########################################################################

use Logwatch ':ip';

$Debug = $ENV{'LOGWATCH_DEBUG'};
$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
$DoLookup = $ENV{'openvpn_ip_lookup'};
$Detail = $ENV{'openvpn_detail_level'} || $Detail;

if ( $Debug >= 5 ) {
   print STDERR "\n\nDEBUG: Inside OpenVPN Filter \n\n";
}

while (defined($ThisLine = <STDIN>)) {
   if (  # Ignore...
      ($ThisLine =~ /Control Channel/) or
      ($ThisLine =~ /Data Channel (Decrypt|Encrypt|MTU)/) or
      ($ThisLine =~ /TLS: soft reset/) or
      ($ThisLine =~ /reading client specific options/) or
      ($ThisLine =~ /Expected Remote/) or
      ($ThisLine =~ /LZO compression/) or
      ($ThisLine =~ /killed expiring key/) or
      ($ThisLine =~ /Diffie-Hellman initialized/) or
      ($ThisLine =~ /Local Options hash/) or
      ($ThisLine =~ /Replay\-window backtrack/) or
      ($ThisLine =~ /TLS: Initial packet/) or
      ($ThisLine =~ /ip (addr add|link set) dev/) or
      ($ThisLine =~ /Re\-using SSL/) or
      ($ThisLine =~ /MULTI: Learn/) or
      ($ThisLine =~ /Received control message/) or
      ($ThisLine =~ /(Restart pause|process restarting)/) or
      ($ThisLine =~ /Inactivity timeout/) or
      ($ThisLine =~ /CRL CHECK OK/) or
      ($ThisLine =~ /VERIFY OK: nsCertType/) or
      ($ThisLine =~ /\d+:\d+ SIGUSR1\[.*restart/) or
      ($ThisLine =~ /^TCP\/UDP: Closing socket/) or
      ($ThisLine =~ /^UDPv4 link /) or
      ($ThisLine =~ /^TUN\/TAP device /) or
      ($ThisLine =~ /Closing TUN\/TAP interface/) or
      ($ThisLine =~ /Interrupted system call/) or
      ($ThisLine =~ /^TLS-Auth MTU parms/) or
      ($ThisLine =~ /^MULTI:/) or
      ($ThisLine =~ /^ succeeded$/) or
      ($ThisLine =~ /^IFCONFIG POOL/)
   ) {
      # Don't care about these...
   } elsif ( ($ThisLine =~ /^OpenVPN .* built on .*/) ) {
      # OpenVPN version
      chomp($ThisLine);
      $OpenVPNVersion=$ThisLine;
   } elsif ( ($ThisLine =~ /^Initialization Sequence Completed/) ) {
      $StartOpenVPN++;
   } elsif ( ($ThisLine =~ /^SIGTERM.* process exiting/) ) {
      $ShutdownOpenVPN++;
   } elsif ( ($Host,$Cert) = ( $ThisLine =~ /^([^:]*):\d+ VERIFY OK: depth=\d+, (.*)$/ ) ) {
      ## Successful cert exchange
      $FullHost = LookupIP ($Host);
      $CertVerified{$Cert}{$FullHost}++;
   } elsif ( ($Host,$User) = ( $ThisLine =~ /^([^:]*):\d+ \[([^\]]+)\] Peer Connection Init/ ) ) {
      ## x.x.x.x:y [user] Peer Connection Initiated with x.x.x.x:y
      $FullHost = LookupIP ($Host);
      $ClientConnection{$User}{$FullHost}++;
   } elsif ( ($HostUser,$Param) = ( $ThisLine =~ /^([^:]*):\d+ SENT CONTROL \[.*\]: (.*)/ ) ) {
      ## user/x.x.x.x:y SENT CONTROL [user]: xxxx....
      chomp($Param);
      $ClientParam{$HostUser}{$Param}++;
   } else {
      # Report any unmatched entries...
      chomp($ThisLine);
      $OtherList{$ThisLine}++;
   }
}

#######################################

if ( ( $Detail >= 5 ) and ($StartOpenVPN) ) {
   if ($OpenVPNVersion) { print "$OpenVPNVersion\n"; }
   print "OpenVPN started/reloaded: $StartOpenVPN Time(s)\n";
}
if ( ( $Detail >= 5 ) and ($ShutdownOpenVPN) ) {
   print "OpenVPN shutdown: $ShutdownOpenVPN Time(s)\n";
}

if ( ( $Detail >= 5 ) and (keys %ClientConnection) ) {
   print "\nOpenVPN Client Connections:\n";
   foreach $ThisOne (sort {$a cmp $b} keys %ClientConnection) {
      print "   $ThisOne:\n";
      foreach $Message (sort {$a cmp $b} keys %{$ClientConnection{$ThisOne}}) {
         print "       $Message: $ClientConnection{$ThisOne}{$Message} Time(s)\n";
      }
   }
}
if ( ( $Detail >= 5 ) and (keys %ClientParam) ) {
   print "\nOpenVPN Client Connection Parameters:\n";
   foreach $ThisOne (sort {$a cmp $b} keys %ClientParam) {
      print "   $ThisOne:\n";
      foreach $Message (sort {$a cmp $b} keys %{$ClientParam{$ThisOne}}) {
         print "       $Message: $ClientParam{$ThisOne}{$Message} Time(s)\n";
      }
   }
}
if ( ( $Detail >= 5 ) and (keys %CertVerified) ) {
   print "\nCertificates verified:\n";
   foreach $ThisOne (sort {$a cmp $b} keys %CertVerified) {
      ($Crt1,$Crt2) = ( $ThisOne =~ /^\/(.*)\/OU=(.*)$/ );
      # print " $ThisOne:\n";
      print " $Crt1\n OU=$Crt2:\n";
      foreach $Client (sort {$a cmp $b} keys %{$CertVerified{$ThisOne}}) {
         print "       $Client: $CertVerified{$ThisOne}{$Client} Time(s)\n";
      }
   }
}

if (keys %OtherList) {
   print "\n**Unmatched Entries**\n";
   foreach $line (sort {$a cmp $b} keys %OtherList) {
      print "   $line: $OtherList{$line} Time(s)\n";
   }
}

exit(0);

/etc/logwatch/conf/openvpn.conf

###########################################################################
# $Id: openvpn.conf,v 1.0 2005/07/27 17:08:09 hyppo Exp $
# Written and maintained by:
#    Filippo Grassilli <http://hyppo.com/email.php>
###########################################################################

Title = "OpenVPN"

# Which logfile group...
LogFile = messages

# Whether or not to lookup the IPs into hostnames...
# Setting this to Yes will significantly increase runtime
$openvpn_ip_lookup = Yes
$openvpn_detail_level = 5

# Only give lines pertaining to the named service...
*OnlyService = openvpn
*RemoveHeaders

Related Posts

1. Tuning the number of processes on MacOS X
2. Creating Self-signed SSL Certificates for Dovecot & Postfix
3. RoundCube Regression Testing

After you have gotten your categories ID number, you will next need to change your index.php file.  In your index.php file look for the line with “have_post” and add the below code after.

<?php if (have_posts()) : ?>; \\Look for this line and add below
<?php query_posts('showposts=10&amp;;cat=23'); ?>;
<?php while (have_posts()) : the_post(); ?>;

Last, change “cat” to the category id from above. “showposts” is the number of posts to display on the page.

Related Posts

1. Adding a native WordPress gallery
2. WordPress 2.9 Post Thumbnail Function
3. Display EXIF Data on WordPress Gallery Post Image
4. WordPress Themes – Random Image Header
5. Postfix: remap from addresses with a generic map

Similar to how you may create a new SVN directory from a remote repo with svn, by running a command similar too:

svn checkout https://svn.example.com/svn/project_name

You may run the following to command to download the same remote repository, but then create an git repository and import the data from the svn repo.

git svn clone https://svn.example.com/svn/project_name

This will create a new directory named project_name with all your svn history.

Git is vary fast, but when it’s slow, it’s slow. The above process can take quite a bit of time (wordpress.org’s current trunk will take hours) to complete on an older (more comments not slower) repository since it checks in each comment at a time. If you don’t need the all the history of the project but just need a way to keep your self up to date as you code, you may just download the current revision tag.  So to  download SVN version 1234 and clone it into git, run:

git svn clone -r 1234 https://svn.example.com/svn/project_name

If you would like some of the history you can get that also, so if you would like say the last 234 commits run:

git svn clone -r 1000:1234 https://svn.example.com/svn/project_name

Then, to update your git repo once the SVN repository has been committed to, run

git svn fetch

That should ouput something like:

r1235 = 340621340d856d805714e9bd86fdb11777f710fe (git-svn)
 M    includes/deprecated.php
 M    includes/functions.php

You may now follow the Creating a secure git repository how-to and create a remote server.

Related Posts

1. Creating a secure Git repository server
2. Git Cheat Sheet
3. Run a Secure git Repository on FreeNAS
4. Installing the git, cgit web interface on a Fedora 12 server
5. SSH with no password

Start out by create a public & private key.

ssh-keygen -t dsa

You will now be prompted for a location and a few other options, the best anwser is the default, so just enter threw these.  You will also be asked to create a password, creating a password at this step will require you to enter the password every time you wish to use the key, so best bet is to just enter threw those questions also.  After you have created your new key, go into your “.ssh” folder (note the . before ssh) and copy your public key to remote servers.

cd .ssh

Next we want to rename the public key so we wont confuse it after sending it to the world.

cp id_dsa.pub matt_dsa.pub

Wonderful, now all we need to do is copy the public key to a remote server

scp matt_dsa.pub remote_server.example.com:~/.ssh

Note, the above example copies the public into the remote server’s .ssh folder, if the server dose not have a .ssh folder, you may need to create it.  After the public key has been copied, we need to put it into the “authorized_keys” file.

cat matt_dsa.pub >> authorized_keys

and that’s it, just exit out of your remote server, and try to connect again, it should not ask you for a password, but just now connect.  If you are using this your git account, just copy this key into the git’s users authorized_keys file.

Related Posts

1. Enable SSH Key Authorization on FreeNAS
2. Creating a secure Git repository server
3. Run a Secure git Repository on FreeNAS
4. Importing and Syncing a Subversion Repository with Git
5. Git Cheat Sheet

On your server, from a privileged account, create a user (were going to use git).

adduser git
passwd git

The configuration we will be setting up will store the actual repositories in the git users home directory.  If you don’t like it’s current location, you may modify the /etc/passwd file for your user.

Once we have the user setup, in it’s home directory we need to create our first repository.  Start out by creating the folder, then well go into it and create the git repository files.

mkdir new-project.git
cd new-project.git
git init --bare

With the repository now setup go back to your desktop/laptop system (linux/unix).

From your desktop system, create a empty repository or go to an existing git repo. If you are going to be adding an existing repo, it may not be connected to any other remote repository. if you clone it from a remote source (a directory on the same system counts as a remote source) you will need to modify the repository’s config file and remove those entry’s, look in the config file under the .git (note the ‘dot’) directory.

To create an empty repository, create a directory for the repository, go into it and init the repo.

mkdir new-project.git
cd new-project.git
git init

Since you need something in your repo, and git likes having a readme file (or gitweb dose) let’s create a readme file and commit it.

touch README
git add README
git commit -m 'Added README file, first commit'

Now that we have a commit in our repo, we can add the newly created git repo server and push our new repo to it.

We will start by adding the server to the repo’s configuration.

git remote add origin git@new-git-server.example.com:new-project.git

The above example assumes you’re server’s name is “new-git-server.example.com” and your using a project named “new-project.git” for the user “git”. But it also assumes that your repo is directly in the user git’s home directory. If you store your repo’s in a different directory, you will need to add the list folders after the colon.

After you have successfully added the server, push your new repository to the server.

git push origin master

You may now be asked for the git user’s password, enter it, and your repository should be transferred.

Also check out how to setup a ssh public/private key where no password is required, only the private key on your client system.

The above may look like a lot, but it’s really pretty simple to setup. If you have any problems or questions abut this How-To, please leave a comment or contact me.

Related Posts

1. Git Cheat Sheet
2. Importing and Syncing a Subversion Repository with Git
3. Run a Secure git Repository on FreeNAS
4. Installing the git, cgit web interface on a Fedora 12 server
5. SSH with no password

Matt wrote a small, fast script that will look at the content of a directory, then randomly returns the a image’s URI.

In Matt’s own words:

This is your standard random image script that takes a slightly different approach than most, namely using standard HTTP headers instead of reading the file through the script.

So to integrate this script into your page, all you need to do is change the images name to random.php, see below.

<img title="<?php bloginfo('name'); ?> Random Header Image" src="<?php bloginfo('template_url'); ?>/header1.jpg" alt=""/>

Change too:

<img title="<?php bloginfo('name'); ?> Random Header Image" src="<?php bloginfo('template_url'); ?>/rotate.php" alt="">

Matt Mullenweg’s script may be found at: http://ma.tt/scripts/randomimage

Related Posts

1. WordPress 2.9 Post Thumbnail Function
2. Display EXIF Data on WordPress Gallery Post Image
3. Displaying one category on your WordPress main page
4. Next Gallery Image Link in Image Posts
5. Adding a native WordPress gallery

• The first time the client connects to the server, it sees the certificate and asks the user whether to trust it. The user of course doesn’t really bother verifying the certificate’s fingerprint, so a man-in-the-middle attack can easily bypass all the SSL security, steal the user’s password and so on.
• If the client was lucky enough not to get attacked the first time it connected, the following connections will be secure as long as the client had permanently saved the certificate. Some clients do this, while others have to be manually configured to accept the certificate.

The only way to be fully secure is to import the SSL certificate to client’s (or operating system’s) list of trusted CA certificates prior to first connection. See SSL/CertificateClientImporting how to do it for different clients.

Building Dovcot’s Self-Signed Certificates

Dovecot includes a script to build self-signed SSL certificates using OpenSSL. First you need to find the dovecot-openssl.cnf file.

• Configuring the Certificate Config File

The best way on Fedora to do this is via the locate command.

locate dovecot-openssl.cnf

Mine was located at /etc/pki/dovecot/dovecot-openssl.cnf. Now that you have found the file you need to add your server information to it, like this:

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
# country (2 letter code)
C=US

# State or Province Name (full name)
ST=MN

# Locality Name (eg. city)
L=SaintPaul

# Organization (eg. company)
O=example.com

# Organizational Unit Name (eg. section)
OU=IMAP server

# Common Name (*.example.com is also possible)
CN=*.example.com

# E-mail contact
emailAddress=postmaster@example.com

[ cert_type ]
nsCertType = server

• Build the Certificates

/usr/libexec/dovecot/mkcert.sh

• Modifying Dovecot

You will need to add the following to your /etc/dovecot.conf file:

ssl_listen = 993
ssl_disable = no
ssl_cert_file = /etc/postfix/smtpd.pem
ssl_key_file = /etc/postfix/smtpd.pem
auth_cache_size = 128

Then restart Dovecot

/sbin/service dovecot restart

gutter='0'

Related Posts

1. Installing Dovecot with SQLite Support
2. Installing Postfix with SQLite Support
3. Creating a secure Git repository server
4. Postfix: remap from addresses with a generic map
5. Installing the GIT Daemon for Read Only Access to Repoistory

/etc/sysctl.conf:

kern.maxproc=2048kern.maxprocperuid=2048

Unfortunately these can’t simply be set on the fly with sysctl -w. You also have to set the following in /etc/launchd.conf so that the root user after boot will have the right process limit (2048). Otherwise you have to always run ulimit -u 2048 as root, then start a user shell, and then start processes for things to take effect.

/etc/launchd.conf:

limit maxproc 2048

Once these are in place, reboot the system. After that, the
limits will stay in place.

Related Posts

1. How-To Disable tool-tips in Fedora 12 (while using GNOME)
2. Fail2Ban Setup with RoundCube
3. Allow Logwatch to collect data from OpenVPN’s logs
4. Restoring a Windows 2000 Profile
5. Creating a secure Git repository server

Use sender_bcc_maps or recipient_bcc_maps. Configure them so that the archive copy is made when the sender is remote OR the receiver is remote.

/etc/postfix/main.cf:

sender_bcc_maps = pcre:/etc/postfix/archive-check
recipient_bcc_maps = pcre:/etc/postfix/archive-check

/etc/postfix/archive-check:

!/@example\.com$/        archive@example.com

This is a predicate transformation, from (NOT (local AND local)), what you asked for, into ((NOT local) OR (NOT local)), shown above.

Related Posts

1. Postfix: remap from addresses with a generic map
2. Postfix: allow select users permission to send to a cretin address
3. Postfix: reject an address before queue
4. Installing Postfix with SQLite Support
5. Creating Self-signed SSL Certificates for Dovecot & Postfix

bad_sender@example.com    REJECT

This will be an hashed map table, so we need to create the hash

postmap /etc/postfix/rejected_addresses

Next we need to add the map to our /etc/postfix/main.cffile. We will be adding this to the smtpd_recipient_restrictions section.

smtpd_recipient_restrictions =
  ...
  check_sender_access hash:/etc/postfix/rejected_addresses,
  ...
  reject_unauth_destination

Once complete reload postfix

postfix reload

Related Posts

1. Postfix: allow select users permission to send to a cretin address
2. Postfix: remap from addresses with a generic map
3. Installing Postfix with SQLite Support
4. Postfix: Archiving Mail when sent from or to the outside world
5. Creating Self-signed SSL Certificates for Dovecot & Postfix

The next time that you log on to the computer, Windows will use your restored user profile.

Related Posts

1. Creating a secure Git repository server
2. Installing the GIT Daemon for Read Only Access to Repoistory
3. Converting a MediaWiki database from MySQL to SQLite
4. Displaying one category on your WordPress main page
5. Installing the git, cgit web interface on a Fedora 12 server

In /etc/postfix/main.cf add the following:

smtpd_restrictions_classes =  restricted_recipient

• note: This is in smtpd_SENDER_restrictions to avoid becoming an open relay because of the “OK” below.

smtpd_sender_restrictions =
  check_recipient_access hash:/etc/postfix/restricted_recipient

restricted_recipient =
  check_sender_access hash:/etc/postfix/privileged_sender
  reject

restricted_recipient:

all@example.com         restricted_recipient

privileged_sender:

abc@example.com         OK

Related Posts

1. Postfix: reject an address before queue
2. Postfix: remap from addresses with a generic map
3. Postfix: Archiving Mail when sent from or to the outside world
4. Installing Postfix with SQLite Support
5. Creating Self-signed SSL Certificates for Dovecot & Postfix

program/lib/imap.inc

Index: program/lib/imap.inc
============================================================
--- program/lib/imap.inc        (revision 2446)
+++ program/lib/imap.inc        (working copy)
@@ -428,7 +428,7 @@
<br />
if ($result == -3) fclose($conn->fp); // BYE response
<br />
-    $conn->error    .= 'Authentication for ' . $user . ' failed (AUTH): "';
+    $conn->error    .= 'Authentication for ' . $user . ' (' . getenv("REMOTE_ADDR") . ') failed (AUTH): "';
$conn->error    .= htmlspecialchars($line) . '"';
$conn->errorNum  = $result;

Once you have RoundCube patched, you may use the below config and filter in Fail2Ban to block the IP address from RoundCube’s logs.

/etc/fail2ban/jail.conf:

[roundcube]
enabled  = true
port     = http,https
filter   = roundcube
action   = iptables-multiport[name=roundcube, port="http,https"]
logpath  = /var/logs/httpd/errors

/etc/fail2ban/filter.d/roundcube.conf:

[Definition]
failregex = IMAP Error: Authentication for .* \(<HOST≶\) failed \((?:LOGIN|AUTH)\):
ignoreregex =

Related Posts

1. RoundCube Fail2Ban Plugin post
2. RoundCube Regression Testing
3. Installing Dovecot with SQLite Support
4. Allow Logwatch to collect data from OpenVPN’s logs
5. Tuning the number of processes on MacOS X