Ubuntu 9.10 Karmic Koala

I finally upgraded my brother’s desktop computer and my desktop computer to Ubuntu 9.10 Karmic Koala. Prior, both had been running Ubuntu 8.04 Hardy Heron, which was stable but was starting to show its age. I’ve always found that bleeding edge works well for desktops and tried and true works better for servers.

Ubuntu 9.10 works well, but I have discovered a few unresolved bugs that have proven to be annoyances. I’ve resigned myself to not being able to burn optical discs under Karmic because of a bug. This extends beyond Brasero to include the Wodim command line burning tool. After I upgraded, I switched from Rhythmbox to Banshee because it has better iPod syncing capabilities. However, those capabilities are a bit flaky, and I had to use this hack to make things work.

Regardless, it was a helpful and necessary upgrade. I look forward to the Ubuntu 10.04 Lucid Lynx update in April.

Finger Daemon on Ubuntu

Since I set up my Ubuntu servers and desktops at home I have wanted to be able to remotely finger the different computers on my network. By default, a remote finger request will look like this:

zac@dakara:~$ finger @athos
[athos.lund]
finger: connect: Connection refused

The solution is to install the required packages:

apt-get install inetutils-inetd fingerd

Then start the Internet super server:

/etc/init.d/inetutils-inetd start

According to the package details: “Inetd is the daemon that listens on various TCP and UDP ports and spawns programs that can’t or won’t do it for themselves.”

Now a remote finger request will look like:

zac@dakara:~$ finger @athos
[athos.lund]
Login     Name           Tty      Idle  Login Time   Office     Office Phone
zac       Zachary Lund   pts/2          May  4 20:12 (dakara.lund)

The contents of the file /etc/inetd.conf show what is necessary for finger:

finger		stream	tcp	nowait	nobody	/usr/sbin/tcpd	/usr/sbin/in.fingerd

It simply takes an incoming finger request and spawns the appropriate process.

Configure SpamAssassin with Postfix on Ubuntu

I’ve been running a mail server for the last year and a half. When I initially set up my Postfix mail server on Ubuntu, I knew that eventually I would need to add a spam filter. I recently decided that SpamAssassin was the best choice to filter email on my mail server.

I now receive on average more than one spam message each day. Interestingly, all of my spam is sent to an email address that I have only given out to Marquette University. I guess that means they have either sold my email address or poorly secured it in their database. Neither would surprise me.

I used the content from two different tutorials to get SpamAssassin up and running on my server.

First, I installed SpamAssassin.

apt-get install spamassassin spamc

Next, I created the spamd user and group. You can specify a specific uid and gid if you want.

groupadd spamd
useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd

Then I created the spamd home directory and set the permissions.

mkdir /var/log/spamassassin
chown spamd:spamd /var/log/spamassassin

Then I set up some configuration for SpamAssassin. You can edit the file directly, but I use Sed so that I can automate the installation process in a script. This enables SpamAssassin, Cron, and some other options.

DEFAULT_SPAMASSASSIN=/etc/default/spamassassin
mv $DEFAULT_SPAMASSASSIN $DEFAULT_SPAMASSASSIN.default
sed '
    s/ENABLED=0/ENABLED=1/
    s/CRON=0/CRON=1/
    s/^OPTIONS.*/SAHOME="\/var\/log\/spamassassin"\nOPTIONS="--create-prefs --max-children 5 --username spamd -H ${SAHOME} -s ${SAHOME}\/spamd.log"/
' $DEFAULT_SPAMASSASSIN.default > $DEFAULT_SPAMASSASSIN

Then I set up the rest of the configuration for SpamAssassin. I initially set the required score to 2.0, but this caused a lot of legitimate emails (ham) to be marked as spam. The following configuration will rewrite subjects of spam messages to identify them as spam.

SA_LOCAL_CF=/etc/spamassassin/local.cf
mv $SA_LOCAL_CF $SA_LOCAL_CF.default
echo "
rewrite_header Subject [***** SPAM _SCORE_ *****]
required_score           5.0
# to be able to use _SCORE_ we need report_safe set to 0
# If this option is set to 0, incoming spam is only 
# modified by adding some \"X-Spam-\" headers and no 
# changes will be made to the body.
report_safe     0

# Enable the Bayes system
use_bayes               1
use_bayes_rules         1
# Enable Bayes auto-learning
bayes_auto_learn        1

# Enable or disable network checks
skip_rbl_checks         0
use_razor2              0
use_dcc                 0
use_pyzor               0
" > $SA_LOCAL_CF

Now that I have been running the spam filter for a couple weeks, I have had to whitelist some email addresses that send me emails with strange headers or get sent from “shady” IP addresses. This goes into the same local.cf file.

whitelist_from *@hq.acm.org

I find it amusing that emails from the ACM keep getting marked as spam. Next I started SpamAssassin.

/etc/init.d/spamassassin start

Next, I modified Postfix to send emails through the SpamAssassin filter.

POSTFIX_MASTER_CF=/etc/postfix/master.cf
mv $POSTFIX_MASTER_CF $POSTFIX_MASTER_CF.default
sed 's/smtp      inet  n       -       -       -       -       smtpd/smtp      inet  n       -       -       -       -       smtpd\n\t-o content_filter=spamassassin/'  \
$POSTFIX_MASTER_CF.default > $POSTFIX_MASTER_CF
echo 'spamassassin unix -     n       n       -       -       pipe
  user=spamd argv=/usr/bin/spamc -f -e    
  /usr/sbin/sendmail -oi -f ${sender} ${recipient}' >> $POSTFIX_MASTER_CF

Next, reload Postfix so it will use SpamAssassin.

/etc/init.d/postfix reload

Once SpamAssassin is running, you can train it by passing it spam and ham emails.

sa-learn -u spamd --spam --mbox /path/to/spam_mbox
sa-learn -u spamd --ham --mbox /path/to/ham_mbox

After adjusting the spam threshold, training the filter with spam messages that I have acquired over the last year, and whitelisting a few problematic senders, my spam filter has been doing a good job of marking spam as spam. At this point it is easy enough to sort through the email manually and confirm that they are spam. In the future, if it ever gets bad enough, I will be able to automatically delete the messages or filter them into a different mailbox on delivery.

Configure a Reverse Proxy with Apache

In a previous post, I discussed the details required to set up Subsonic on Ubuntu Server. The problem with Subsonic is that it runs on Tomcat on a non-standard port. The rest of my web applications run in Apache on port 80. Therefore, it would be nice if instead of having to go to http://athos.zacintosh.com:8180/subsonic/, I could simply go to http://athos.zacintosh.com/subsonic/. The solution is called a reverse proxy. Reverse proxies can do things like load balance between multiple web servers or simply make resources on an internal web server available externally. In this case, I am using a reverse proxy to make a web application available on a different port available on the standard port 80.

The set up is fairly simple. On Ubuntu, it should be as simple as issuing this command (as root) to enable the proxy modules:

a2enmod proxy_http

Next I inserted the following into /etc/apache2/conf.d/subsonic.conf to make it available on all websites running on my server. If you only wanted it to be available for a single website, you could insert this into a site inside of /etc/apache2/sites-available/.

ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
    Order allow,deny
    Allow from all
</Proxy>
ProxyPass /subsonic/ http://localhost:8180/subsonic/
ProxyPassReverse /subsonic/ http://localhost:8180/subsonic/

The configuration above says to not proxy all requests (not act as a forward proxy server). The ProxyPass and ProxyPassReverse set up the actual retrieval of data from Subsonic running on Tomcat. You need to replace the localhost and the port number with the specific items for your configuration. Finally, you need to reload the Apache configuration:

/etc/init.d/apache2 force-reload

Now Subsonic should be available on port 80 just like everything else running on your web server with Apache.

Install Subsonic on Ubuntu Server

Subsonic is a free, web-based media streaming application. After evaluating it alongside Jinzora and Sockso, I selected it for use on my servers. Internally, I have been using Firefly Media Server (previously called mt-daapd) to make music available to different desktop music players. Subsonic had several features that made it a good choice including allowing music from several different directories, Last.fm scrobbling support/integration, and multiple users with passwords and support for LDAP integration.

I installed Subsonic on a server running Ubuntu Hardy Heron Server. I built on a previous tutorial for installing Subsonic on Ubuntu.

First, I install the necessary Java packages, Tomcat, and Lame. I broke it into three installs to be safe. It could probably be done in one.

apt-get install java-common sun-java6-bin sun-java6-jdk sun-java6-jre
apt-get install tomcat5.5
apt-get install lame

Next, I stopped Tomcat before changing the Tomcat configuration and installing the Subsonic web application.

/etc/init.d/tomcat5.5 stop

Next, I disabled the Tomcat security stuff. It’s required for Subsonic to work. You could do this by editing the file directly (/etc/init.d/tomcat5.5), but I use Sed so that I can automate the installation process in a script.

cd /etc/init.d/
mv tomcat5.5 tomcat5.5.bak
sed "s/TOMCAT5_SECURITY=yes/TOMCAT5_SECURITY=no/" tomcat5.5.bak > tomcat5.5
chmod +x tomcat5.5
rm tomcat5.5.bak

Next, I downloaded, decompressed, and installed the subsonic application.

cd /tmp/
wget http://superb-east.dl.sourceforge.net/sourceforge/subsonic/subsonic-3.6-war.zip
unzip subsonic-3.6-war.zip -d subsonic
mv subsonic/subsonic.war /var/lib/tomcat5.5/webapps/

Subsonic expects certain directories to exist. The following creates those directories and sets the permissions.

mkdir /var/subsonic
mkdir /var/subsonic/playlists
mkdir /var/subsonic/transcode
chown -R tomcat55:nogroup /var/subsonic

Subsonic uses Lame to transcode/compress mp3s for streaming. The next two lines make Lame available to Subsonic.

cd /var/subsonic/transcode
ln -s /usr/bin/lame lame

Now we can start Tomcat again.

/etc/init.d/tomcat5.5 start

I always like to clean up after my installs. This removes the files we downloaded and no longer need any more.

rm -R /tmp/subsonic*

Subsonic should now be running and available at http://localhost:8180/subsonic/. The port might vary depending on the installation of Tomcat. Log in. You can change the password by clicking on “Settings” and then “Users” and then selecting the admin account.

Next, I configured LDAP authentication. It was as simple as clicking on “Settings” and then “Advanced” and then “Enable LDAP authentication.” I then filled in the following:

  • LDAP URL: ldap://athos.lund:389/dc=lund
  • LDAP search filter: (uid={0})

I left the “LDAP manager DN” and “Password” blank. I checked “Automatically create users in Subsonic” so that any user in LDAP can automatically log into Subsonic.

If you would like to make Subsonic available on port 80 like most web applications instead of port 8180, check out my post on Reverse Proxies.

Resizing LVM Partitions

My brother Ben has installed quite a few games and other things on his Ubuntu desktop. Because most of these are programs are available as packages, his 6 GB root partition started getting a bit small. He has a 500 GB hard drive partitioned into root, swap, and home. Ben and I decided to transfer 20 GB from his home partition to his root partition. The drive was configured with LVM which is supposed to make this procedure simple. It turns out it was mildly more complicated than simple, but it wasn’t too bad.

The first step is to boot from a CD like GParted. GParted provides the necessary LVM command line tools to resize the partitions. We need to boot from a CD or another drive because we will be modifying the root partition.

Because I was booted from a CD, I did not capture the output from the commands that I used. The first step is to find the name of the LVM volume group:

lvdisplay

On Ben’s computer, the volume group was “loki”. Next, we make that volume group available:

vgchange --available y loki

Then we decrease the size of the home partition. First we resize the EXT3 file system and then we resize the LVM partition. The “e2fsck” commands check and repair the file system as we go. We are resizing the home partition from 440 GB down to 420 GB.

e2fsck -f /dev/loki/home
resize2fs /dev/loki/home 420G
e2fsck -f /dev/loki/home
lvreduce --size 420G /dev/loki/home
e2fsck -f /dev/loki/home

Once the 20 GB is available, we increase the size of the root partition. We do this in reverse order. First we increase the size of the LVM partition and then increase the size of the file system.

e2fsck -f /dev/loki/root
lvextend --size +20.15G /dev/loki/root
e2fsck -f /dev/loki/root
resize2fs /dev/loki/root 26G
e2fsck -f /dev/loki/root

We rebooted Ben’s computer again, and he now had 26 GB root partition.

OWA Sync on Ubuntu

Update: OWA Sync V0.6 (the current version) is not compatible with Exchange 2007. When I set this up, I was connecting to Exchange 2003.

I use OWA Sync to get all of my calendar information onto my Ubuntu desktop. I recently rediscovered the Little Brother’s Database and decided to make my OWA contacts available in Mutt on my Ubuntu desktop, too. (I used lbdb to make my contacts in Apple Address Book available to Mutt when I was still using Mac OS X as my primary operating system.)

The OWA Sync website has a decent explanation of creating a owaSyncrc file. After I created that, I wrote a script that runs as a cron job.

#! /bin/bash

export PATH=$PATH:/usr/local/bin/

/usr/local/bin/owaSync.kit -update

cat $HOME/.owa/Calendar/*.ics > $HOME/.calendar.ics
cat $HOME/.owa/Contacts/*.vcf > $HOME/.contacts.vcf

After a bit of trial and error, I figured out that “/usr/local/bin/” needed to be in the path for the owaSync.kit script to run. After the synchronization is complete, I then concatenate all of the calendar events into a single file and all of the contact cards into a single file. I now have a single calendar file that I can use with PHP iCalendar and a single contacts file that I can use with lbdb. It requires a fairly simple rc file that looks something like this:

METHODS="$METHODS m_vcf m_muttalias"

VCF_FILES="$HOME/.contacts.vcf"
MUTTALIAS_FILES="$HOME/.mutt/aliases"

I add “m_vcf” and “m_muttaliases” to the “METHODS” and then I specify the locations of my OWA contacts and my Mutt aliases. Now when I launch Mutt, I can query for addresses that I downloaded from OWA.

Adobe Flash 10 on Ubuntu Hardy Heron

I finally got sick of having to use Hulu on my MacBook Pro instead of my Ubuntu desktop and decided to see if I could fix the Flash player problems. It turns out that the fix was simple. This article from Ubuntu Geek makes it easy. Since I am running a 64-bit OS, I used the 64-bit instructions:

wget http://queleimporta.com/downloads/flash10_en.sh
chmod +x flash10_en.sh
sudo bash ./flash10_en.sh

Now Hulu works just fine in Firefox on Ubuntu.

Advanced Bash Completion

Ubuntu has a lot of advanced bash completion features that simplify using the shell. For example, when using the ssh command, I can tab complete server names based on my host file and my ssh config file. It turns out that most of this is accomplished with one bash_completion script. This page has a lot of useful information about the Bash shell and also the very useful script. I’ve found that when I use Fedora in the Xinu lab, I am left typing a lot of this stuff myself. Since I use the same bashrc file on both Dakara and my lab machine (Kastria), I didn’t want to always resource the file so I added this to my bashrc:

# Source global definitions
[ -f /etc/bashrc ]      && source /etc/bashrc
[ -f /etc/bash.bashrc ] && source /etc/bash.bashrc
# enable programmable completion features
if [ -z "$BASH_COMPLETION" \
    -a -r ~/.configuration/bash/bash_completion.caliban ]; then
    BASH_COMPLETION=~/.configuration/bash/bash_completion.caliban
    source $BASH_COMPLETION
fi

First, I source the global definitions, Ubuntu uses /etc/bashrc, and Fedora uses /etc/bash.bashrc. After that, if the bash_completion script was already sourced, $BASH_COMPLETION will be set. I check to see if it is zero length (-z) and then source my own copy of it if it is. Now I have advanced bash completion on both Ubuntu and Fedora.

Grub Boot Issues

A while back, I updated one of my servers (Abydos) from Ubuntu 8.0.4 Server to Ubuntu 8.10 Server. That process was pretty easy, but when I rebooted, it failed to boot. I simply selected another kernel version from the boot menu and forgot about it. Then Ben ran into the same issue when he updated his desktop (Loki). I decided to learn a little bit about Grub.

It turns out that fixing the problem is pretty simple. The file to change is /boot/grub/menu.lst, and it contains a default line:

default         0

and a bunch of title lines:

title           Ubuntu 8.10, kernel 2.6.27-9-generic
title           Ubuntu 8.10, kernel 2.6.27-9-generic (recovery mode)
title           Ubuntu 8.10, kernel 2.6.24-19-generic
title           Ubuntu 8.10, kernel 2.6.24-19-generic (recovery mode)
title           Ubuntu 8.10, memtest86+

Grub uses zero based indexing, so I changed default from 0 to 2. It’s as simple as that.