Home ยป content

Common bugs for RHEL4 update 5 and SLES10

Submitted by saurabh on Thu, 2007-11-15 18:55


This document describes the bugfixes which should be deployed after
installation and licence verification of an Mtracks system. It
contains the bugs for Mtracks 2.6.0 on the RHEL4 update 5 and SLES10
platforms.

  1. Modify /etc/sysconfig/sendmail
    1. # cd /etc/sysconfig
    2. # mkdir -p RCS
    3. # ls -l sendmail
    4. Note down the owner, group and permissions.
    5. The owner should be root, group should be root and
      permissions should be 644.
    6. If owner, group or permissions are other than this then
      escalate to the Merce dev team.
    7. # ci -l sendmail
    8. Enter the following comment
      revision before changing SENDMAIL_ARGS - _your_name_
    9. # cp sendmail /var/tmp
    10. # cd /var/tmp
    11. # vi sendmail
    12. Replace the line
      SENDMAIL_ARGS="-L sendmail -Am -bd -om"
      with
      SENDMAIL_ARGS="-L sendmail -Am -bd -q30m -om"
    13. Save and quit
    14. # diff /var/tmp/sendmail /etc/sysconfig/sendmail
    15. This output show only the difference of the lines that have been
      changed. If it does then go on to the next step else escalate to the
      Merce dev team.
    16. # mv /var/tmp/sendmail /etc/sysconfig/sendmail
    17. # cd /etc/sysconfig
    18. Restore the owner, group noted earlier, using chown command
    19. Restore the permissions noted earlier, using chmod command
    20. Restart sendmail and check via telnet as described here
  2. Create the account 'junkmail'
    1. Go to the administrative interface of Mtracks/Merce master
    2. Go to User database -> employee -> ADD A NEW USER
    3. After creating the administrative user, create an account with the
      following details
      • Intranet ID:junkmail
      • Full Name:junkmail
      • Email Id:junkmail
      • User code:junkmail
      • Location:local
      • Mail Server:FQDN of mail server of the organization
      • Department:IT
      • Rank:Engineer, SE0
      • Password:junkmail
      • Admin or User:User
      • Webaccess:No
      • Email Quota:default
      • Home Directory Quota:default
  3. Modify /etc/amavisd.conf
    1. # cd /etc
    2. # mkdir -p RCS
    3. # ls -l amavisd.conf
    4. Note down the owner, group and permissions.
    5. The owner should be root, group should be root and
      permissions should be 644.
    6. If owner, group or permissions are other than this then
      escalate to the Merce dev team.
    7. # ci -l amavisd.conf
    8. Enter the following comment
      revision before adding $spam_quarantine_to and $TEMPBASE -_your_name_
    9. # cp amavisd.conf /var/tmp/amavisd.conf
    10. # cd /var/tmp
    11. # vi amavisd.conf
    12. Search for '$spam_quarantine_to'
    13. There will be a comment which describes this variable. Below it add the following line:
      $spam_quarantine_to = 'junkmail@DOMAINNAME';
      where DOMAINNAME is the domain name of the organization.
    14. Search for '$TEMPBASE'
    15. Modify the line which initializes '$TEMPBASE' variable to
      $TEMPBASE = "$MYHOME/tmp";
    16. Save and quit
    17. # diff /var/tmp/amavisd.conf /etc/amavisd.conf
    18. This output show only the difference of the lines that have been
      changed. If it does then go on to the next step else escalate to the
      Merce dev team.
    19. # mv /var/tmp/amavisd.conf /etc/amavisd.conf
    20. # cd /etc/
    21. Restore the owner, group noted earlier, using chown command
    22. Restore the permissions noted earlier, using chmod command
    23. Restart amavis and check via telnet as described here
    24. If you face any errors in restarting and checking escalate to
      Merce dev team.
  4. Modify sendmail configuration to add masquerade_envelope
    1. # cd /etc/mail
    2. # mkdir -p RCS
    3. # ls -l merce.mc
    4. Note down the owner, group and permissions.
    5. The owner should be root, group should be root and
      permissions should be 644.
    6. If owner, group or permissions are other than this then
      escalate to the Merce dev team.
    7. # ci -l merce.mc
    8. Enter the following comment
      revision before adding masquerade_envelope - _your_name_
    9. # cp merce.mc /var/tmp
    10. # cd /var/tmp
    11. # vi merce.mc
    12. Add the following line to this file
    13. FEATURE(`masquerade_envelope')
    14. Save and quit
    15. #diff /var/tmp/merce.mc /etc/mail/merce.mc
    16. This output show only the difference of the lines that have been
      changed. If it does then go on to the next step else escalate to the
      Merce dev team.
    17. # mv /var/tmp/merce.mc /etc/mail/merce.mc
    18. # cd /etc/mail
    19. Restore the owner, group noted earlier, using chown command
    20. Restore the permissions noted earlier, using chmod command
    21. # m4 merce.mc > /var/tmp/sendmail.cf
    22. On SLES10 # diff /etc/sendmail.cf /var/tmp/sendmai.cf
    23. On RHEL4 update 5 # diff /etc/mail/sendmail.cf /var/tmp/sendmail.cf
    24. You should see the following output
            < R$+ $@ $>MasqHdr $1
      ---
      < R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
    25. If you see output other than above then escalate to Merce
      dev team. Otherwise move on to the next step
    26. On RHEL4 update 5 # cd /etc/mail
    27. On SLES10 # cd /etc
    28. # mkdir -p RCS
    29. # ls -l sendmail.cf
    30. Note down the owner, group and permissions.
    31. The owner should be root, group should be root and
      permissions should be 644.
    32. If owner, group or permissions are other than this then
      escalate to the Merce dev team.
    33. # ci -l sendmail.cf
    34. Enter the following comment
      revision before adding masquerade_envelope - _your_name_
    35. # mv /var/tmp/sendmail.cf sendmail.cf
    36. Restore the owner, group noted earlier, using chown command
    37. Restore the permissions noted earlier, using chmod command
    38. Restart and check sendmail via telnet as described here
    39. If you face any errors in restarting and checking escalate to
      Merce dev team.
  5. Create virusmails directory for amavis
    1. On RHEL4 update 5 # cd /var/amavis
    2. On SLES10 # cd /var/spool/amavis
    3. # mv virusmails virusmails.YYYYMMDD
      where YYYY - current year, MM - current month, DD - current day
    4. # mkdir virusmails
    5. # chown vscan.vscan virusmails
    6. # chmod 750 virusmails
    7. Restart and check amavis via telnet as described here
    8. If you face any errors in restarting and checking escalate to
      Merce dev team.
  6. Set variables in sendmail-rx
    1. # cd /etc/mail
    2. # mkdir -p RCS
    3. # ls -l merce-rx.mc
    4. Note down the owner, group and permissions.
    5. The owner should be root, group should be root and
      permissions should be 644.
    6. If owner, group or permissions are other than this then
      escalate to the Merce dev team.
    7. # ci -l merce-rx.mc
    8. Enter the following comment
      revision before changing sendmail variables queue_la,
      refuse_la, max_daemon_children, queuewarn, queuereturn, to_command - _your_name_
    9. # cp merce-rx.mc /var/tmp/
    10. # cd /var/tmp
    11. # vi merce-rx.mc
    12. Search for 'confQUEUE_LA'
    13. If you find a line which is like
      define(`confQUEUE_LA',
    14. Then replace this line with the following line
      define(`confQUEUE_LA',`40')dnl
    15. If you do not find a line which matches the pattern then add
      the following line to the file
      define(`confQUEUE_LA',`40')dnl
    16. Search for 'confREFUSE_LA'
    17. If you find a line which is like
      define(`confREFUSE_LA',
    18. Then replace this line with the following line
      define(`confREFUSE_LA',`60')dnl
    19. If you do not find a line which matches the pattern then add
      the following line to the file
      define(`confREFUSE_LA',`60')dnl
    20. Search for 'confMAX_DAEMON_CHILDREN'
    21. If you find a line which is like
      define(`confMAX_DAEMON_CHILDREN',
    22. Then replace this line with the following line
      define(`confMAX_DAEMON_CHILDREN',`200')dnl
    23. If you do not find a line which matches the pattern then add
      the following line to the file
      define(`confMAX_DAEMON_CHILDREN',`200')dnl
    24. After adding this line add the following line below it:
      define(`confTO_QUEUEWARN', `36h')dnl
    25. After adding this line add the following line below it:
      define(`confTO_QUEUERETURN', `2d')dnl
    26. Save and quit.
    27. # diff /etc/mail/merce-rx.mc /var/tmp/merce-rx.mc
    28. This output show only the difference of the lines that have been
      changed. If it does then go on to the next step else escalate to the
      Merce dev team.
    29. # mv /var/tmp/merce-rx.mc /etc/mail/merce-rx.mc
    30. # cd /etc/mail
    31. Restore the owner, group noted earlier, using chown command
    32. Restore the permissions noted earlier, using chmod command
    33. # m4 merce-rx.mc > /var/tmp/sendmail-rx.cf
    34. # diff sendmail-rx.cf /var/tmp/sendmail-rx.cf
    35. The output should show you the change in the values of the
      above parameters which have been set.
    36. If you see an output which shows other differences then
      escalate to the Merce dev team otherwise move on to the next step.
    37. # cd /etc/mail
    38. # mkdir -p RCS
    39. # ls -l sendmail-rx.cf
    40. Note down the owner, group and permissions.
    41. The owner should be root, group should be root and
      permissions should be 644.
    42. If owner, group or permissions are other than this then
      escalate to the Merce dev team.
    43. # ci -l sendmail-rx.cf
    44. Enter the following comment
      revision before changing sendmail variables queue_la,
      refuse_la, max_daemon_children, queuewarn, queuereturn, to_command - _your_name_
    45. # mv /var/tmp/sendmail-rx.cf sendmail-rx.cf
    46. Restore the owner, group noted earlier, using chown command
    47. Restore the permissions noted earlier, using chmod command
    48. Restart and check sendmail-rx via telnet as described here
    49. If you face any errors in restarting and checking escalate to
      Merce dev team.
  7. Set variables for submit.cf
    1. # cd /etc/mail
    2. # mkdir -p RCS
    3. # ls -l submit.cf
    4. Note down the owner, group and permissions.
    5. The owner should be root, group should be root and
      permissions should be 644.
    6. If owner, group or permissions are other than this then
      escalate to the Merce dev team.
    7. # ci -l submit.cf
    8. Enter the following comment
      revision before changing variables queuereturn, queuewarn - _your_name_
    9. # cp submit.cf /var/tmp
    10. # cd /var/tmp
    11. # vi submit.cf
    12. Search for 'Timeout.queuereturn'
    13. If you find a line which is like
      O Timeout.queuereturn
    14. Then replace this line with the following line
      O Timeout.queuereturn=2d
    15. If you do not find a line which matches the pattern then add
      the following line to the file
      O Timeout.queuereturn=2d
    16. Search for 'Timeout.queuewarn'
    17. If you find a line which is like
      O Timeout.queuewarn
    18. Then replace this line with the following line
      O Timeout.queuewarn=36h
    19. If you do not find a line which matches the pattern then add
      the following line to the file
      O Timeout.queuewarn=36h
    20. Search for 'O QueueLA'
    21. If you find a line which is like
      #O QueueLA=8
    22. Then replace this line with the following line
      O QueueLA=40
    23. If you do not find a line which matches the pattern then add
      the following line to the file
      O QueueLA=40
    24. Search for 'O RefuseLA'
    25. If you find a line which is like
      #O RefuseLA=12
    26. Then replace this line with the following line
      O RefuseLA=60
    27. If you do not find a line which matches the pattern then add
      the following line to the file
      O RefuseLA=60
    28. Save and quit
    29. # diff /var/tmp/submit.cf /etc/mail/submit.cf
    30. This output show only the difference of the lines that have been
      changed. If it does then go on to the next step else escalate to the
      Merce dev team.
    31. # mv /var/tmp/submit.cf /etc/mail/submit.cf
    32. # cd /etc/mail
    33. Restore the owner, group noted earlier, using chown command
    34. Restore the permissions noted earlier, using chmod command
    35. Restart sendmail, sendmail-rx and check via telnet as described here
    36. If you face any errors in restarting and checking escalate to
      Merce dev team.
  8. Correct the ownership and permissions for the following
    directories
    1. # chown merce.merce /var/lib/merce/home/merce
    2. # chmod 550 /var/lib/merce/home/merce
    3. # chown merce.merce /var/lib/merce/home/merce/.ssh
    4. # chmod 550 /var/lib/merce/home/merce/.ssh
    5. # chown mercexfr.mercexfr /var/lib/merce/home/mercexfr
    6. # chmod 550 /var/lib/merce/home/mercexfr
    7. # chown mercexfr.mercexfr /var/lib/merce/home/mercexfr/.ssh
    8. # chmod 550 /var/lib/merce/home/mercexfr/.ssh
  9. Modify /etc/passwd for uucp user.
    1. # cd /etc
    2. # mkdir -p RCS
    3. # ls -l passwd
    4. Note down the owner, group and permissions.
    5. The owner should be root, group should be root and
      permissions should be 644.
    6. If owner, group or permissions are other than this then
      escalate to the Merce dev team.
    7. # ci -l passwd
    8. Enter the following comment
      revision before changing uucp shell - _your_name_
    9. # cp /etc/passwd /var/tmp
    10. # cd /var/tmp
    11. # vi passwd
    12. Search for 'uucp'
    13. You will see a line similar to this line
      uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
    14. The last column of this line needs to be changed. Change the
      last column of the line /sbin/nologin to /bin/bash
      Thus the above line should now look like this
      uucp:x:10:14:uucp:/var/spool/uucp:/bin/bash
    15. Please note that you need to change only the last column and
      nothing else in this line.
    16. Save and quit
    17. # diff /etc/passwd /var/tmp/passwd
    18. This output show only the difference of the lines that have been
      changed. If it does then go on to the next step else escalate to the
      Merce dev team.
    19. # mv /var/tmp/passwd /etc/passwd
    20. Restore the owner, group noted earlier, using chown command
    21. Restore the permissions noted earlier, using chmod command
  10. Change value of MAXCONN in /etc/mail/mfilter.cf
    1. # cd /etc/mail/
    2. # mkdir -p RCS
    3. # ls -l mfilter.cf
    4. Note down the owner, group and permissions.
    5. The owner should be root, group should be root and
      permissions should be 644.
    6. If owner, group or permissions are other than this then
      escalate to the Merce dev team.
    7. # ci -l mfilter.cf
    8. Enter the following comment
      revision before changing MAXCONN - _your_name_
    9. # cp mfilter.cf /var/tmp
    10. # cd /var/tmp
    11. # vi mfilter.cf
    12. Search for 'MAXCONN'
    13. You should see a line which is
      MAXCONN: 40
    14. Replace this line with the following line
      MAXCONN: 225
    15. #diff /var/tmp/mfilter.cf /etc/mail/mfilter.cf
    16. This output show only the difference of the lines that have been
      changed. If it does then go on to the next step else escalate to the
      Merce dev team.
    17. #mv /var/tmp/mfilter.cf /etc/mail/mfilter.cf
    18. # cd /etc/mail
    19. Restore the owner, group noted earlier, using chown command
    20. Restore the permissions noted earlier, using chmod command
    21. Restart mfilter and check via telnet as described here
  11. Edit /etc/openldap/slapd.conf
    1. # grep Netldaporg /etc/merce/Siteconfig.sh
    2. Note down the value of the variable Netldaporg. for eg.
      Netldaporg="VAV"
      means that the variable Netldaporg has the value VAV.
    3. # cd /etc/openldap
    4. # ls -l slapd.conf
    5. Note down the owner, group and permissions.
    6. The owner should be root, group should be ldap and
      permissions should be 640.
    7. If owner, group or permissions are other than this then
      escalate to the Merce dev team.
    8. # ci -l slapd.conf
    9. Enter the following comment
      revision before replacing starcom with organization name - _your_name_
    10. # cp slapd.conf /var/tmp
    11. # cd /var/tmp
    12. # vi slapd.conf
    13. Search for the pattern 'starcom'
    14. Replace all the values of 'starcom' with the value of Netldaporg
      that you had obtained from /etc/merce/Siteconfig.sh
    15. # diff /var/tmp/slapd.conf /etc/openldap/slapd.conf
    16. This output show only the difference of the line that has been
      changed. If it does then go on to the next step else escalate to the
      Merce dev team.
    17. # mv /var/tmp/slapd.conf /etc/openldap/slapd.conf
    18. Restore the owner, group noted earlier, using chown command
    19. Restore the permissions noted earlier, using chmod command
    20. Restart ldap and check via telnet as described here
  12. Change the memory limit of php.ini
    1. On RHEL4 update 5 # cd /etc
    2. On SLES10 # cd /etc/php5/apache2
    3. # mkdir -p RCS
    4. # ls -l php.ini
    5. Note down the owner, group and permissions.
    6. The owner should be root, group should be root and
      permissions should be 644.
    7. If owner, group or permissions are other than this then
      escalate to the Merce dev team.
    8. # cp php.ini /var/tmp
    9. # cd /var/tmp
    10. Search for the pattern 'memory_limit'
    11. You should see a line which is
      memory_limit = 8M ; Maximum amount of memory a script may consume (8MB)
    12. Replace the above line by
      memory_limit = 64M ; Maximum amount of memory a script may consume (8MB)
    13. On SLES10 #diff /etc/php5/apache2/php.ini /var/tmp/php.ini
    14. On RHEL4 update 5 #diff /etc/php.ini /var/tmp/php.ini
    15. This output show only the difference of the line that has been
      changed. If it does then go on to the next step else escalate to the
      Merce dev team.
    16. On SLES10 #mv /var/tmp/php.ini /etc/php5/apache2/php.ini
    17. On RHEL4 update 5 #mv /var/tmp/php.ini /etc/php.ini
    18. Restore the owner, group noted earlier, using chown command
    19. Restore the permissions noted earlier, using chmod command
    20. Reload apache2 and check via telnet as described here
  13. Change the attachment size of php.ini
    1. On RHEL4 update 5 # cd /etc
    2. On SLES10 # cd /etc/php5/apache2
    3. # mkdir -p RCS
    4. # ls -l php.ini
    5. Note down the owner, group and permissions.
    6. The owner should be root, group should be root and
      permissions should be 644.
    7. If owner, group or permissions are other than this then
      escalate to the Merce dev team.
    8. # cp php.ini /var/tmp
    9. # cd /var/tmp
    10. Search for the pattern 'upload_max_filesize'
    11. You should see a line which is
      upload_max_filesize = 2M
    12. Replace the above line by
      upload_max_filesize = 10M
    13. On SLES10 #diff /etc/php5/apache2/php.ini /var/tmp/php.ini
    14. On RHEL4 update 5 #diff /etc/php.ini /var/tmp/php.ini
    15. This output show only the difference of the line that has been
      changed. If it does then go on to the next step else escalate to the
      Merce dev team.
    16. On SLES10 #mv /var/tmp/php.ini /etc/php5/apache2/php.ini
    17. On RHEL4 update 5 #mv /var/tmp/php.ini /etc/php.ini
    18. Restore the owner, group noted earlier, using chown command
    19. Restore the permissions noted earlier, using chmod command
    20. Reload apache2 and check via telnet as described here
  14. Remove the contents of the file proxyblock.conf
    1. On RHEL 4 update 5, # cd /etc/httpd/
    2. On SLES10, # cd /etc/apache2
    3. # mkdir -p RCS
    4. # ci -l proxyblock.conf
    5. Enter the comment "before removing hotmail and naukri"
    6. # vi proxyblock.conf
    7. Remove both the lines which are
            ProxyBlock hotmail.com
      ProxyBlock naukri.com
    8. Save and quit.
    9. On RHEL4 update 4, # /etc/init.d/apache2 reload
    10. On SLES10, # /etc/init.d/httpd reload

»

http reload is too slow after installation

Submitted by saurabh on Sun, 2007-12-30 13:30.

Sometimes the command
/etc/init.d/httpd reload
takes a lot of time to reload. This is due to DNS resolution failure for the sites in /etc/httpd/proxyblock.conf. By default mtracks installation creates the file /etc/httpd/proxyblock.conf with the following entries

ProxyBlock hotmail.com
ProxyBlock naukri.com

There should not be any entries in this file. The sites should be added from the UI when required.

»

Proxy misconfigured in apache

Submitted by saurabh on Fri, 2007-11-23 20:08.


apache2 has the following configuration in proxy.conf

 <Proxy *>
        AuthType Basic
        AuthName "MercE Proxy Server External"
        AuthDBMType "DB"
    AuthBasicProvider dbm
        AuthDBMUserFile "/opt/merce/adm/passwd/users.db"
        Allow from 127.0.0.1
        Allow from 10.1.2
        Deny from all
        Satisfy all
        <Limit GET POST CONNECT>
            require valid-user
        </Limit>
    </Proxy>

    <Proxy *.lab.starcomsoftware.com>
        AuthType Basic
        AuthDBMType "DB"
    AuthBasicProvider dbm
        AuthDBMUserFile "/opt/merce/adm/passwd/allusers.db"
        Allow from 127.0.0.1
        Allow from 10.1.2
        Deny from all
        Satisfy all
        <Limit GET POST CONNECT>
            require valid-user
        </Limit>
    </Proxy>

According to the above block, if someone tries to access http://server.lab.starcomsoftware.com he should get into the block <Proxy *.lab.starcomsoftware.com>. But this does not happen, he gets into the <Proxy *> block. If we want to use regex we should use it with <ProxyMatch>. The problem that this bug will create is that, if a user does not have web access but he tries to access an internal site of .lab.starcomsoftware.com he will be asked a username and password for <Proxy *> block which does authentication through /opt/merce/adm/passwd/users.db. Hence, he will not be able to view the internal site.

Fix:

   <Proxy *.lab.starcomsoftware.com>
        AuthType Basic
        AuthDBMType "DB"
    AuthBasicProvider dbm
        AuthDBMUserFile "/opt/merce/adm/passwd/allusers.db"
        Allow from 127.0.0.1
        Allow from 10.1.2
        Deny from all
        Satisfy all
        <Limit GET POST CONNECT>
            require valid-user
        </Limit>
    </Proxy>

with

    <ProxyMatch .*.lab.starcomsoftware.com>
        AuthType Basic
        AuthDBMType "DB"
    AuthBasicProvider dbm
        AuthDBMUserFile "/opt/merce/adm/passwd/allusers.db"
        Allow from 127.0.0.1
        Allow from 10.1.2
        Deny from all
        Satisfy all
        <Limit GET POST CONNECT>
            require valid-user
        </Limit>
    </ProxyMatch>

»

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.