Just installed the beta. Watching the install is impressive
I just post every step I did, some of them are no show stopper. ( the mysql changes or the proposal for defaults)
When using the
devbuild,
The first time I cloned in
/root/scripts and got the following error after the packages installed.
error: failed to stat /root/v4/rpmbuild/SPECS/postfix_eFa-3.3.0.spec: No such file or directory
Second try, cloned in /root
[eFa] Generating Apache and postfix self-signed cert
Generating a 2048 bit RSA private key
.......................................+++
....+++
writing new private key to '../private/localhost.key'
-----
Created symlink from /etc/systemd/system/multi-user.target.wants/mailscanner.service to /usr/lib/systemd/system/mailscanner.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/postfix.service to /usr/lib/systemd/system/postfix.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/crond.service to /usr/lib/systemd/system/crond.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/
clamd@scan.service to /usr/lib/systemd/system/
clamd@scan.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/sqlgrey.service to /usr/lib/systemd/system/sqlgrey.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/unbound.service to /usr/lib/systemd/system/unbound.service.
Failed to execute operation: No such file or directory
[eFa] - Error initializing system! Please try again...
error Failed to reload mariadb.service: Job type reload is not applicable for unit mariadb.service.
See system logs and 'systemctl status mariadb.service' for details.
This will not halt the script, but reload should be restart as mariadb doesnt support reload should be
systemctl restart mariadb
/rpmbuild/SOURCES/eFa-base-4.0.0/eFa/eFa-Commit:473:
sed -i "/^\[mysqld\]/ a\tmpdir = /var/lib/mysql/temp" /etc/my.cnf.d/mariadb-server.cnf
systemctl reload mariadb
Change to
sed -i "/^\[mysqld\]/ a\tmpdir = /var/lib/mysql/temp" /etc/my.cnf.d/mariadb-server.cnf
systemctl restart mariadb
==================================
So I switched to inst.ks=http://dl.efa-project.org/build/4/kstesting.cfg
after the init the script crashed. it could not find /etc/sysconfig/network-scripts/ifcfg-ens192
so i copyed the ifcfg ifname to /etc/sysconfig/network-scripts/ifcfg-ens192
cp /etc/sysconfig/network-scripts/ifcfg-eno16780032 /etc/sysconfig/network-scripts/ifcfg-ens192
It can be related to the fact that I use static dhcp for the lan interface. Not sure about that.
As I like the 'normal' eth(x) interface names, all my servers have this enabled in /etc/default/grub
Code: Select all
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
#GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=vg_00/lv_root rd.lvm.lv=vg_00/lv_swap rhgb quiet"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=vg_00/lv_root rd.lvm.lv=vg_00/lv_swap net.ifnames=0 biosdevname=0"
GRUB_DISABLE_RECOVERY="true"
Code: Select all
grub2-mkconfig -o /boot/grub2/grub.cfg
reboot
Mysql: max_open_files to more than 1024
● mariadb.service - MariaDB 10.1 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2019-01-19 23:01:49 CET; 14min ago
Main PID: 5582 (mysqld)
Status: "Taking your SQL requests now..."
CGroup: /system.slice/mariadb.service
└─5582 /usr/libexec/mysqld --basedir=/usr
Jan 19 23:01:45 xx.lan systemd[1]: Starting MariaDB 10.1 database server...
Jan 19 23:01:47 xx.lan mysql-prepare-db-dir[5449]: Database MariaDB is probably initialized in /var/lib/mysql already, nothing is done.
Jan 19 23:01:47 xx.lan mysql-prepare-db-dir[5449]: If this is not the case, make sure the /var/lib/mysql is empty before running mysql-prepare-db-dir.
Jan 19 23:01:47 xx.lan mysqld[5582]: 2019-01-19 23:01:47 139804821674240 [Note] /usr/libexec/mysqld (mysqld 10.1.35-MariaDB) starting as process 5582 ...
Jan 19 23:01:47 xx.lan mysqld[5582]: 2019-01-19 23:01:47 139804821674240 [Warning] Could not increase number of max_open_files to more than 1024 (request: 4182)
Jan 19 23:01:49 xx.lan systemd[1]: Started MariaDB 10.1 database server.
Fix:
Code: Select all
mkdir /etc/systemd/system/mariadb.service.d
vi /etc/systemd/system/mariadb.service.d/limit.conf
To setup mysql I also changed the server.cnf
mariadb will resize automatic, no need for manual actions
Code: Select all
vi /etc/my.cnf.d/mariadb-server.cnf
in section:
[mariadb-10.1]
Code: Select all
bind-address = 127.0.0.1
innodb-defragment = 1
innodb_buffer_pool_instances = 1
innodb_buffer_pool_size = 1G
innodb_file_per_table = 1
innodb_log_buffer_size = 32M
innodb_log_file_size = 125M
join_buffer_size = 512K
key_cache_segments = 4
max_allowed_packet = 16M
max_heap_table_size = 32M
query_cache_size = 0M
query_cache_type = OFF
read_buffer_size = 2M
read_rnd_buffer_size = 1M
skip-external-locking
skip-host-cache
sort_buffer_size = 4M
thread_cache_size = 16
tmp_table_size = 32M
To limit the dcc logfiles from dcc, move maintenance job to daily cron
Copy dcc cron to daily cron ( better move)
Code: Select all
cp -a /etc/cron.monthly/cron-dccd /etc/cron.daily/cron-dccd
proposal: enable software versions by default in Gui
vi /var/www/html/mailscanner/conf.php
Code: Select all
// Show Software Version tab (only Admins can see it).
//define('SHOW_SFVERSION', false);
define('SHOW_SFVERSION', true);
- 2019-01-20 00_09_17-MailWatch and MailScanner Version information.png (61.38 KiB) Viewed 2672096 times
default install mysqltuner to check mysq
Code: Select all
mkdir /root/scripts
cd /root/scripts
wget http://mysqltuner.pl/ -O mysqltuner.pl
Create .my.cnf in /root to be able to login without typing password for mysql every time
Code: Select all
[client]
user=root
password=<<EFA MYSQLPASSWORD>>
unbound-1 ( resolv local network)
Need to check unbound, as only external hosts are resolved.
todo: Check log messages
/var/log/maillog
Jan 20 00:28:06 xxpostfix/smtp[6906]: 43hvBF6Lnpzc7bd: to=<
xxr@private.lan>, relay=none, delay=0.25, delays=0.12/0.09/0.04/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=xx.lan type=AAAA: Host not found)
Jan 20 00:28:06 xxpostfix/cleanup[6886]: 43hvBG0lnQzc7bf: message-id=<
43hvBG0lnQzc7bf@xx.lan>
Jan 20 00:28:06 xxpostfix/qmgr[5940]: 43hvBG0lnQzc7bf: from=<>, size=2602, nrcpt=1 (queue active)
Jan 20 00:28:06 xxpostfix/bounce[6927]: 43hvBF6Lnpzc7bd: sender non-delivery notification: 43hvBG0lnQzc7bf
Jan 20 00:28:06 xxpostfix/qmgr[5940]: 43hvBF6Lnpzc7bd: removed
Jan 20 00:28:06 xxpostfix/smtp[6906]: 43hvBG0lnQzc7bf: to=<root@xx.lan>, relay=none, delay=0.04, delays=0.03/0/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=xx.lan type=AAAA: Host not found)
Jan 20 00:31:20 xxpostfix/master[5886]: daemon started -- version 3.3.0, configuration /etc/postfix
Jan 20 00:31:20 xxMSMilter[5526]: MSMilter Daemon starting...
Jan 20 00:31:21 xxMSMilter[5526]: Reading configuration file /etc/MailScanner/MailScanner.conf
Jan 20 00:31:21 xxMSMilter[5526]: Reading configuration file /etc/MailScanner/conf.d/README
Jan 20 00:31:21 xxMSMilter[5526]: Could not read directory /var/spool/MailScanner/incoming/Locks
Jan 20 00:31:21 xxMSMilter[5526]: Error in configuration file line 3142, directory /var/spool/MailScanner/incoming/Locks for lockfiledir does not exist (or is not readable)
Jan 20 00:31:21 xxMSMilter[5526]: Read 868 hostnames from the phishing whitelist
Jan 20 00:31:21 xxMSMilter[5526]: Read 5807 hostnames from the phishing blacklists
[root@xxlog]# ls -la /var/spool/MailScanner/incoming/Locks
total 4
drwxr-xr-x. 2 root postfix 200 Jan 20 00:31 .
drwxrwx---. 9 root mtagroup 220 Jan 20 00:32 ..
-rw-rw----. 1 postfix postfix 0 Jan 19 22:58 avgBusy.lock
-rw-rw----. 1 postfix postfix 0 Jan 19 22:58 bitdefenderBusy.lock
-rw-rw----. 1 postfix postfix 48 Jan 20 00:05 clamavBusy.lock
-rw-rw----. 1 postfix postfix 0 Jan 19 22:58 f-secureBusy.lock
-rw-rw----. 1 postfix postfix 0 Jan 19 22:58 genericBusy.lock
-rw-rw----. 1 postfix postfix 0 Jan 19 22:58 MS.bayes.rebuild.lock
-rw-rw----. 1 postfix postfix 0 Jan 20 00:31 MS.bayes.starting.lock
-rw-rw----. 1 postfix postfix 0 Jan 19 22:58 sophosBusy.lock
/var/log/httpd/error_log
[Sun Jan 20 00:27:28.834271 2019] [mpm_prefork:notice] [pid 5403] AH00163: Apache/2.4.35 (IUS) OpenSSL/1.0.2k-fips PHP/7.2.14 configured -- resuming normal operations
[Sun Jan 20 00:27:28.834322 2019] [core:notice] [pid 5403] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Sun Jan 20 00:30:37.057934 2019] [mpm_prefork:notice] [pid 5403] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Jan 20 00:31:17.773486 2019] [core:notice] [pid 5388] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Sun Jan 20 00:31:17.849310 2019] [suexec:notice] [pid 5388] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Jan 20 00:31:18.017364 2019] [http2:warn] [pid 5388] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
see
http://httpd.apache.org/docs/current/mpm.html
/var/log/httpd/ssl_error_log
[Sun Jan 20 00:31:18.017053 2019] [ssl:warn] [pid 5388] AH01906: xx.lan:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Jan 20 00:31:18.017094 2019] [ssl:warn] [pid 5388] AH01909: xx.lan:443:0 server certificate does NOT include an ID which matches the server name
[Sun Jan 20 01:02:43.246630 2019] [php7:warn] [pid 5668] [client xx.xx.11.220:56193] PHP Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in /var/www/html/mailscanner/logout.php on line 40, referer:
https://xx.lan/mailscanner/sf_version.php
[Sun Jan 20 01:03:46.564369 2019] [php7:warn] [pid 5668] [client xx.xx.11.220:56200] PHP Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in /var/www/html/mailscanner/logout.php on line 40, referer:
https://xx.lan/mailscanner/sf_version.php