Saturday, December 31, 2005

Have your own Streaming Mp3 Server - edna

Edna - allows you to access your MP3 collection from any networked computer. This software streams your MP3s via HTTP to any MP3 player that supports playing off a remote connection (e.g. Winamp, FreeAmp, Sonique, XMMS).

While any silly web server can do this (serve up MP3s), there are two cool features about edna:

  • The pages are dynamically constructed, adjusting to directory structure and the files in those directories. This is much nicer than using simple directory indexing. While the dynamic file list could be done with various CGI or PHP-like tools, the dynamic directories would be a lot harder.
  • This is the coolest part... Rather than directly serving up an MP3, the software serves up a playlist. This gets passed to your player (e.g. WinAmp) which turns around with an HTTP request to stream the MP3. I must give credit to Geoff for this one :-)
Installation Guide :

Please make sure you have Python installed in your server, I had python-2.3.


1. Create a directory in /home :

mkdir /home/mp3


2. Go to the Directory

wget http://edna.sourceforge.net/edna-0.5.tar.gz


3. Extract the downloaded file

tar -zxvf edna-0.5.tar.gz



4. Go into the fresh directory and edit the edna.conf

#
# edna.conf -- configuration file for edna.py
#

[server]
port = your.port.here

### DOCCO
# ### change these if the defaults don't work...
# template-dir = templates
# template = default.ezt

# If you want id3 tags, use default_complex.ezt
# template = default_complex.ezt
# Enable costly file information if needed (default disabled)
# fileinfo=1

### DOCCO
# binding-hostname = dummy-host.example.com
# binding-hostname = 123.123.123.123


# log can specify "-" for stdout, or a file name. omitting this line
# produces no log.
log = /var/log/edna.log

acl]
### DOCCO
#allow = host1, host2, host3/24, 123.123.123.123, 2.2.2.2/11
#auth = aUser1:aPass1, aUser2:aPass2

#Require password for directories < level ..
# Work around for buggy players that can't send authentication information
# 0 Only check '/'
# 1 Check all levels (default)
# auth_level=0

[sources]
#
# List each source directory (top of the tree). The lines should be of the
# form:
# dirNNN = DIRECTORY = DISPLAY_NAME
#
# WARNING: the DISPLAY-NAME part may *not* have a slash ("/") in it!
# WARNING: each DIRECTORY must exist when edna is started
#
# The NNN part will determine the sort order in the top-level listing.
#

# Windows example:
#dir1 = f:\mp3\transfer = MP3s
#dir2 = f:\bobsmp3 = Bob
#dir3 = g:\MP3's = Bob CD

# Unix example:
#dir1 = /mnt/cdrom = MP3 CDROM
dir1 = /home/mp3/albums = Jukebox

[extra]
# Extra options
#
# You don't need to change this, but maybe you need more
output or want to enable some special features

# Set this to 1 to get more output
debug_level = 0

# Mark all files as new if they are newer than days_new

days_new = 30




5. Create your jukebox dir

mkdir /home/mp3/albums

6. Change back to main /home dir and issue the command

chown -R apache:apache /home/mp3

7. Edit the /etc/rc.local file
vi /etc/rc.local

8. Add

# Starting Edna Jukebox Server
echo "Starting Edna Jukebox Server"
cd /home/mp3/edna ; sudo -u apache python edna.py &


9. Start your server

cd /home/mp3/edna ; sudo - u apache python edna.py &


10. Create dir/s under /home/mp3/albums

Eg. English, Hindi, Tamil etc ...

anc copy all your songs accordingly

11. Access your songs from browser :

http://localhost:8080

8080 is the default port you can change the port to some other in edna.conf


Some points :

Edna is a simple python script

It does not use apache server at all.

Please make sure you do not run it as root, you can use any other normal user to run this.

Thursday, December 29, 2005

Samba Tips

Its been a long time since I have used samba the fie sharing for Linux on Windows.


smbtree --- find windows machines. See also findsmb

nmblookup -A 1.2.3.4 --- find the windows (netbios) name associated with ip address.

smbclient -L windows_box --- list shares on windows machine or samba server.

mount -t smbfs -o fmask=666,guest //windows_box/share /mnt/share ---

The above command mounts a windows share.

echo 'message' | smbclient -M windows_box

Send popup to windows machine (off by default in XP sp2)

networking (Note ifconfig, route, mii-tool, nslookup commands are obsolete

netstat -tupl --- list internet services on a system

netstat -tup --- list active connections to/from system

ip link show --- list interfaces

ethtool interface --- list interface status

ip link set dev eth0 name wan --- ip link set dev eth0 name wan

ip addr add 1.2.3.4/24 brd + dev eth0 --- add ip and mask(255.255.255.0)

ip link set dev interface up --- bring interface up (or down)

host pixelbeat.org --- lookup ip address for name or vice versa

hostname -i --- lookup local ip address (equivalent to host `hostname`)

How to - Rsync

Rsync :

1) rsync -P rsync://rsync.server.com/path/to/file file

Only get diffs. Do multiple times for troublesome downloads

2) rsync --bwlimit=1000 fromfile tofile

Locally copy with rate limit. It's like nice for I/O.

3) rsync -az -e ssh --delete ~/public_html/ remote.com:'~/public_html'

Mirror web site (using compression and encryption)

4) rsync -auz -e ssh remote:/dir/ . && rsync -auz -e ssh . remote:/dir/

Synchronize current directory with remote one



Tuesday, December 27, 2005

Customer Relationship Management

Customer Relationship Management (CRM) software facilitates, captures, and analyzes the varied relationships between a business and its customers. Used as part of an overall business and sales strategy, CRM can boost efficiency, yield more intelligence, shore up weaknesses, and improve what you already do best.

Let’s look at what CRM software can do and investigate a compelling open source solution that suits any budget.

A complete CRM package is likely to include:

Sales force automation to manage prospects, automate workflow, manage accounts, and keep track of events.

Marketing automation to manage ad campaigns, transmit email newsletters, and manage and measure lead conversions.

Information management to control revisions of documentation and to distribute corporate and product literature.

Contract management to securely manage existing contracts, help generate and record new contracts, and alert sales staff when contracts are up for renewal.

Reporting to provide business intelligence, insight, and ad-hoc feedback.

Customer service and support to manage support requests and distribute customer satisfaction surveys and rewards.

Moreover, an effective CRM solution weaves all of these components together. For example, CRM software should index product documentation and make it available to sales to answer a prospect’s questions.

The larger commercial CRM vendors include SAP, Peoplesoft, and Oracle. Recently, Microsoft Business Solutions has also jumped into the CRM fray. Of course, all of these proprietary solutions require good amounts of capital for software licenses and perhaps gobs of hardware.

Another option is to use a third-party, hosted solution, such as SalesForce.com, that charges you a per-user fee for online access to CRM tools. While third-party hosting is perhaps the easiest way to deploy a CRM solution, you might find the thought of hosting core business intelligence on machines outside of your control appalling.

If you want to self-host, yet another alternative is open source software.

One such project is SugarCRM, available at http://www.sugarcrm.com.

SugarCRM runs on PHP, Apache, and MySQL, and is made available under its own license, the SugarCRM Public License (SPL). Under the terms of the SPL, itself a variation of the Mozilla Public License Version 1.1, you can run SugarCRM for your business, make changes, and fix bugs, but cannot sell any core SugarCRM code or any derived works.


Now lets see how to go about implementing this :

Download SUGARCRM from
http://www.sugarcrm.com/crm/download/sugar-suite.html

I downloaded : SugarCRM 4.0 Latest Stable Full (5.93 MB)

Before Installing What you need ?

The host I ran had :

Kernel - 2.4.22-21mdk-i686-up-4GB

Apache - Apache-AdvancedExtranetServer/2.0.47

PHP - 5.0.4

MySQL - 4.0.15

OpenSSL - OpenSSL 0.9.7b

Step 1

Create a directory opencrm in /var/www/html (My Document root)

cd /var/www/html/sugarcrm/SugarSuite-Full-4.0.0

[root@mybox SugarSuite-Full-4.0.0]# mv * ../

[root@mybox sugarcrm]# chmod 706 config.php/

[root@mybox sugarcrm]# chmod 777 cache/

Step 2


Next create a Mysql user for sugarcrm thats able to SELECT,INSERT,UPDATE, DELETE, CREATE and DROP. For example:


mysql> create database sugarcrm;
Query OK, 1 row affected (0.12 sec)

mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON sugarcrm.* TO sugarcrm@localhost IDENTIFIED BY "sugarcrm";
Query OK, 0 rows affected (1.22 sec)


Here I create a database name,user and password as sugarcrm

Step 3


Next, open up your favorite web browser and go to the address

http://localhost/sugarcrm


You will see
____________

Welcome to the SugarCRM 4.0.0
Setup Wizard

This installer creates the SugarCRM database tables and sets the configuration variables that you need to start. The entire process should take about ten minutes.

Click Start, and verify that the system is ready to be installed

Step 1: License Acceptance

Select - I Accept >> Next

Step 2: System Check Acceptance


In order for your SugarCRM installation to function properly, please ensure all
of the system check items listed below are green. If any are red, please take the necessary steps to fix them.

Component Status


PHP version OK (ver 4.3.3)
MySQL Database OK
XML Parsing OK
cURL Library Not found: scheduler will not be functional
Writable SugarCRM Configuration File (config.php) OK
Writable Custom Directory OK
Writable Modules Sub-Directories and Files OK
Writable Data Sub-Directories OK
Writable Cache Sub-Directories OK
Writable Session Save Path (/tmp) OK
PHP Safe Mode Turned Off OK
PHP Allow Call Time Pass Reference Turned On OK
PHP Register Long Arrays On OK
PHP Memory Limit >= 10M OK (100M)


Note: Your php configuration file (php.ini) is located at:
/etc/php.ini


I got the above details in step 2


I did >>> Next

Step 3: Database Configuration

Please enter your database configuration information below. If you are unsure of what to fill in, we suggest that you use the default values.

Database Configuration

Host Name localhost

Database Name sugarcrm

User Name for SugarCRM sugarcrm

Password for SugarCRM sugarcrm

I have unticked Create database and Create user

Populate database with demo data? was unticked


Database account above is a privileged user? was ticked

Step 4: Site Configuration


Please enter your site configuration information below. If you are unsure of the fields, we suggest that you use the default values.

Site Configuration

URL http://mybox.sriram.com/sugarcrm

SugarCRM admin password admin

Caution: This will override admin password of previous veriosn

Re-type SugarCRM admin password admin



Sugar Updates Config

Enable Sugar updates?
When this is enabled your system will periodically send SugarCRM Inc. anonymous
statistics about your installation that will help us understand usage patterns and improve the product. In return for this information, administrators will receive update notices when new versions or updates are available.

The above was ticked

Advanced Site Security

Use defaults? was Ticked




Step 5: Confirm Settings

Please confirm the settings below. If you would like to change any of the values, click "Back" to edit. Otherwise, click "Next" to start the installation

Database Settings

Host Name localhost
Database Name sugarcrm (will not be created)
User Name for SugarCRM sugarcrm (will not be created)
Drop and recreate existing SugarCRM tables? No
Populate database with demo data? No
Priveleged Database User Name sugarcrm


Site Configuration

URL http://mybox.sriram.com/sugarcrm

Enable Sugar Updates

Sugar updates enabled? Yes

Advanced Site Security

Use a Custom Session Directory for SugarCRM? No
Use a Custom Log Directory for SugrCRM? No
Own Application ID Provided? No



Step 6: Perform Setup

In the bottom it should show you

The setup of SugarCRM 4.0.0 is now complete.
Total time: 5.029501 seconds.
Approximate memory used: 9185048 bytes.

Your system is now installed and configured for use. You will need to log in for the first time using the "admin" user name and the password you entered during
setup.


Step 7: Registration

You can bypass this click finish



After you have completed the installation, Delete or move install directory to offline location such as /tmp

mv /usr/local/apache/htdocs/sugarCRM/install /tmp/

Then make sure configuration file cannot be edited by anyone

#chmod 755 /usr/local/apache/htdocs/SugarCRM/config.php

the above can be performed by root to do the trick.

Monday, December 26, 2005

Transparent Proxying with Squid

Taming the Squid

You’ll need to make sure you have IP forwarding enabled.

$ cat /proc/sys/net/ipv4/ip_forward
If that command returns 0, you can enable IP forwarding by putting net.ipv4.ip_forward=1 in your /etc/sysctl.conf. And since that won’t
take effect until you reboot, you can temporarily enable the
feature by running:
# echo 1 > /proc/sys/net/ipv4/ip_forward


After downloading and possibly patching the code, you can build
Squid. Squid has a wide variety of build options, and you should
research all of them carefully, since many can greatly impact
both security and performance. The options shown here are the
minimum for building Squid as a transparent proxy using WCCP.

To compile Squid, run:

$ ./configure ––enable-linux-netfilter ––enable-wccp && make

Next, run make install as root.

With Squid installed, you can configure it to suit your needs.
Edit the squid.conf file, which is located in /usr/local/squid/etc/ by default.

(The squid.conf file is heavily commented and contains a ton of
useful information. Read the entire file when you have time.)

For transparent proxying to work, ensure that the following lines are present:

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Minimally, you’ll also need to adjust the http_access directives to
allow traffic from your IP addresses. Depending on your distribution,
you may also need to create a Linux user and group based on your cache_effective_user and cache_effective_group directives.

Once you’re happy with your configuration, run squid –z to initialize
the cache directories. Then start Squid by running the included
RunCache
script. By default, Squid runs on port 3128. If you’ve
changed that default, remember which port you’ve chosen,
as you’ll need that information in the next step.


Playing Traffic Cop

With Squid up and running, you now need to redirect traffic destined
for port 80 to Squid running on port 3128. (While you can configure
squid to run on port 80, this can cause problems, including endless
loops when Squid tries to contact itself.) Use an iptables rule to
redirect traffic.

To setup the rule, you’ll need to know which interface the requests
to be proxied will be coming in on (for example eth0) and the
port number for Squid on. Once you have this information,
run the following command:

# iptables –t nat –A PREROUTING –i eth0 –p tcp ––dport 80 –j
REDIRECT ––to-port 3128


Of course, you’ll also need to add this command to the appropriate
init
script so that the rule is recreated on subsequent reboots.

To make https proxied( it is not actually because we can't proxied encrypted packets but they are just forwarded), the command is as below :

#iptables -t nat -I PREROUTING -s 192.168.0.0/24 -p tcp --dport 443
-j REDIRECT --to-port 3128

You can also do the same for ftp (port 21).

There's one more way to handle https connection. Instead of going through squid, you can also NAT it. Drop the above https command and use this :

#iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -p tcp --dport 443
-j SNAT --to 111.222.333.444

Where 111.222.333.444 is your proxy server public IP address.

It is up to you which way you want to use, there's no noticeable difference in
terms of performance.

Build your own Internal Knowledge Base

Imagine you have different sections of people working for you who must have volumes of information, best practices field notes with them. These can be shared among office colleagues among different sections of people all with security.

Lets explore Knowledge Tree Document Management System

KT is written in PHP and made available under the GNU General Public License. Development on KT is ongoing. The latest version 2.02 (dated April 12, 2005) is available on SourceForge at http://kt-dms.sourceforge.net/

Getting Started with KT

KT is an impressive repository system which provides web-based browsing/publishing, a version control system, subscription-based change notification, auto-archiving, document-level discussion forums, full-text search of common file formats and metadata, and internationalization of front-end web interface.

What’s more impressive is its authentication integration with such LDAP servers as OpenLDAP, Sun ONE Directory Server, and the ubiquitous Active Directory. KT also provides access control via group, role or business unit rules, as well as audit trails for change control auditing.


Requirements for KT

Apache 1.3 or greater
PHP 4.3 or greater
MySQL 4.0 or greater with INNODB support.

It is highly recommended that you install SSL capabilities into Apache. The sample installation was running Linux kernel 2.4.20-8, Apache 1.3.28, PHP 4.3.4, Mod_SSL 2.8.15-1.3.28 supported by OpenSSL 0.9.7e, and MySQL 4.0.14-standard.


Installing and Configuring KT

Step 1

Download knowledgeTree-3.0b3.tgz from --- http://kt-dms.sourceforge.net/


Step 2

Unzip in your document root mine was /var/www/html/

I created a directory kb in my DocRoot /var/www/html/kb

Unzip and it will give a directory knowledgeTree.

now do,

#cd knowledgeTree
# mv * .. /

This move all required files to /var/www/html/kb

The idea is to have http://localhost/kb rather knowledgeTree.

Step 3

Create a database dms

mysqladmin create dms -uroot -p

Input the password this will create a database name dms

Step 4

Populate database

- Create and populate the tables:
#cd /var/www/html/kb
# mysql -p dms <>
# mysql -p dms <>


- Create the database users
$ mysql -p dms < style="font-weight: bold;">Check the post-installation checklist:


Go to your knowledgeTree installation is at http://localhost/kb, go to:

http://localhost/kb/setup

And click on "Post-installation checkup".

This allows you to check that your KnowledgeTree configuration is set up correctly. You can run this at any time after configuration to check that things are still set up correctly.


* Login:

http://mybox.sriram.com/kb/

- default user is "admin" with password "admin"



Troubleshooting

Please read the INSTALL.txt located in docs folder as they may have different instructions for different version.

Refer to the Frequently Asked Questions list on the KnowledgeTree Wiki
at http://support.ktdms.com/confluence/

Ask on the KnowledgeTree forums on http://forum.ktdms.com/

Upgrading
---------

Refer to docs/UPGRADE.txt

Command Tips

Creating a list of users :

Create a list of users in a password-like file and run the command

[sriram@mybox sriram] newusers filename


Disable a User account :

passwd -l username


To enabe a User Account :

passwd -u username

Cron tricks
  Instead of the first five fields, one of eight special strings may
appear:

string meaning
------ -------
@reboot Run once, at startup.
@yearly Run once a year, "0 0 1 1 *".
@annually (same as @yearly)
@monthly Run once a month, "0 0 1 * *".
@weekly Run once a week, "0 0 * * 0".
@daily Run once a day, "0 0 * * *".
@midnight (same as @daily)
@hourly Run once an hour, "0 * * * *".

Hmm. @reboot. Isn't that handy. There's an easy way to give users the ability to run something at boot time without root access.


Modes made easy

chmod g+w adds group write without changing other permission.
chmod o-a removes all permissions for others.
chmod u=rw gives read/write file permission to the owner.


Killing Process :


Suppose you want to kill galeon

do a ps -auxwww |grep

and now kill path to the program

For Eg :
[root@mybox sriram]# killall /usr/bin/galeon-bin - This will kill galeon.

Expire Passwords :
[sriram@mybox sriram]passwd -x 30 sriram

Forces sriram to change his password after 30 days.

Directories made easy :
If you want to create multiple directories in /home/sriram

Say a, b, and c.

[sriram@mybox sriram]mkdir -p /home/sriram/a/b/c

To See which all group a user belongs
[sriram@mybox sriram] id -Gn <--- This has effectively replaced groups and whoami To

See machine architecture


[sriram@mybox sriram] arch

i686


Setting up Time Zone

If you want to know the proper name of your current time zone, run the interactive command tzselect. Follow the prompts and use the output in your shell login file.

[root@mybox downloads]# tzselect
Please identify a location so that time zone rules can be set correctly.
Please select a continent or ocean.
1) Africa
2) Americas
3) Antarctica
4) Arctic Ocean
5) Asia
6) Atlantic Ocean
7) Australia
8) Europe
9) Indian Ocean
10) Pacific Ocean
11) none - I want to specify the time zone using the Posix TZ format.
#? 5
Please select a country.
1) Afghanistan 18) Israel 35) Palestine
2) Armenia 19) Japan 36) Philippines
3) Azerbaijan 20) Jordan 37) Qatar
4) Bahrain 21) Kazakhstan 38) Russia
5) Bangladesh 22) Korea (North) 39) Saudi Arabia
6) Bhutan 23) Korea (South) 40) Singapore
7) Brunei 24) Kuwait 41) Sri Lanka
8) Cambodia 25) Kyrgyzstan 42) Syria
9) China 26) Laos 43) Taiwan
10) Cyprus 27) Lebanon 44) Tajikistan
11) East Timor 28) Macau 45) Thailand
12) Georgia 29) Malaysia 46) Turkmenistan
13) Hong Kong 30) Mongolia 47) United Arab Emirates
14) India 31) Myanmar (Burma) 48) Uzbekistan
15) Indonesia 32) Nepal 49) Vietnam
16) Iran 33) Oman 50) Yemen
17) Iraq 34) Pakistan
#? 14

The following information has been given:

India

Therefore TZ='Asia/Calcutta' will be used.
Local time is now: Sun Dec 25 23:42:29 IST 2005.
Universal Time is now: Sun Dec 25 18:12:29 UTC 2005.
Is the above information OK?
1) Yes
2) No
#? 1

You can make this change permanent for yourself by appending the line
TZ='Asia/Calcutta'; export TZ
to the file '.profile' in your home directory; then log out and log in again.

Here is that TZ value again, this time on standard output so that you
can use the /usr/bin/tzselect command in shell scripts:
Asia/Calcutta
[root@mybox downloads]# TZ='Asia/Calcutta';
[root@mybox downloads]# export TZ
[root@mybox downloads]# date
Sun Dec 25 23:42:54 IST 2005
[root@mybox downloads]#

Sunday, December 25, 2005

ClamAV: Antivirus for linux

There are only two Linux viruses and neither has been found alive in the wild. On the other hand, there are eighteen bazillion infectious viruses on Windows and that number grows steadily every day, that doesn’t mean you shouldn’t ignore anti-virus software.

unlike some popular commercial anti-virus products for Windows, the Linux equivalents aren’t CPU and memory hogs.One of the best free (as in speech and beer) Linux anti-virus packages is ClamAV. Installing ClamAV is really simple. Most distributions have binaries available, or if you’re distro supports apt-get

just type:
# apt-get install clamav

I have a Mandrake and for installation all i did was :

[root@mybox rkhunter]# urpmi clamav
To satisfy dependencies, the following packages are going to be installed (2 MB):
clamav-0.61-0.20030829.1mdk.i586
clamav-db-0.61-0.20030829.1mdk.i586
libclamav1-0.61-0.20030829.1mdk.i586
Is this OK? (Y/n) y
medium "contrib" uses an invalid list file:
mirror is probably not up-to-date, trying to use alternate method

ftp://ftp.is.co.za/mirror/mandrivalinux/official/9.2/contrib/i586/./clamav-0.61-0.20030829.1mdk.i586.rpm
ftp://ftp.is.co.za/mirror/mandrivalinux/official/9.2/contrib/i586/./clamav-db-0.61-0.20030829.1mdk.i586.rpm
ftp://ftp.is.co.za/mirror/mandrivalinux/official/9.2/contrib/i586/./libclamav1-0.61-0.20030829.1mdk.i586.rpm
The following packages have bad signatures:
/var/cache/urpmi/rpms/clamav-0.61-0.20030829.1mdk.i586.rpm: Invalid signature ((SHA1) DSA sha1 md5 (GPG) (MISSING KEY) GPG#604aa4e4 NOT OK)
/var/cache/urpmi/rpms/clamav-db-0.61-0.20030829.1mdk.i586.rpm: Invalid signature ((SHA1) DSA sha1 md5 (GPG) (MISSING KEY) GPG#604aa4e4 NOT OK)
/var/cache/urpmi/rpms/libclamav1-0.61-0.20030829.1mdk.i586.rpm: Invalid signature ((SHA1) DSA sha1 md5 (GPG) (MISSING KEY) GPG#604aa4e4 NOT OK)
Do you want to continue installation ? (y/N) y
installing /var/cache/urpmi/rpms/clamav-0.61-0.20030829.1mdk.i586.rpm /var/cache/urpmi/rpms/libclamav1-0.61-0.20030829.1mdk.i586.rpm /var/cache/urpmi/rpms/clamav-db-0.61-0.20030829.1mdk.i586.rpm
Preparing... ##################################################
1:libclamav1 ##################################################
2:clamav-db ##################################################
3:clamav ##################################################

Thats it

If you’re lucky enough to use a Debian-based distro, ClamAV sets itself up. If you’re using another distro, you may have to create a new user named clamav, change a few permissions, and set up a few cron jobs. For detailed instructions, see the Clam AntiVirus User Manual at http://www.clamav.net/doc/latest/html/.


No one wants to have to think about anti-virus software once it’s installed. Any good anti-virus package should automatically update itself with new virus definitions, the more often the better. In addition, the anti-virus software should perform a full system scan at a regularly scheduled interval. Finally, integration with email software is vital: the best place to intercept new viruses is at this common point of entry.
ClamAV can handle all of these tasks. ClamAV runs freshclam to check for updates. By default, Debian systems run freshclam runs hourly. If you want to change that number, simply edit the Checks line in /etc/clamav/freshclam.conf.
To check your system, ClamAV uses clamscan. There are a wealth of options available for clamscan; to see them, use man clamscan. A quick and dirty way to scan your home directory is to use clamscan as follows:
[root@mybox rkhunter]# clamscan -ri --move=/tmp/virus /home/sriram/

----------- SCAN SUMMARY -----------
Known viruses: 9586
Scanned directories: 6
Scanned files: 18
Infected files: 0
Data scanned: 0.14 MB
I/O buffer size: 131072 bytes
Time: 0.857 sec (0 m 0 s)

[root@mybox rkhunter]#


The –r option tells ClamAV to recursively scan your directory and every other directory and file in it, while –i makes things a bit quieter, telling ClamAV to only print the names of infected files it finds. If a virus is found in a file, ClamAV moves the file to /tmp/virus/, but that directory must already exist before clamscan starts working. Set up a cron job to create /tmp/virus/ and run clamscan and you have an automated way to keep your system clean and healthy.

Many Linux email clients already support ClamAV directly, including KMail (which allows you to pick the anti-virus program of your choice) and Sylpheed Claws. Others, such as Evolution, require you to manually create filters that pipe email through ClamAV. (C’mon, Evolution (and others)! Let us specify ClamAV or other anti-virus programs directly!)

There are windowed interfaces for ClamAV, if you really want them (check out the enormous list at http://www.clamav.net/3rdparty.html). There are also lots of other programs and libraries that interface with ClamAV, including php-clamav (which allows ClamAV to work with PHP), python-clamav (ditto, but for Python), and clamav-milter (which scans messages processed by sendmail).

If you want to protect your Linux server or desktop from viruses, give ClamAV a look. It’s a powerful, well-supported open source project, and it just keeps getting better and better.

The Rootkit hunter

Finding Rootkits, Infections and files :

Rootkit Hunter, available from http://www.rootkit.nl/, is a scanning tool that consists of one shell script, a few text-based databases, and optional Perl modules. Written by Michael Boelen, it’s licensed under the GPL. Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. It runs a variety of tests to look for default files used by rootkits (using an MD5 hash compare that), incorrect file permissions for binaries, suspected Strings in Linux loadable kernel module.

Download RootKit From :
+++++++++++++++++++++
Step1
-----
http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz

Step 2 :
-------
Untar it in /usr/local/src/

tar -zxvf rkhunter-1.2.7.tar.gz

cd rkhunter

Step 3 :
-------

Now run installer.sh

[root@mybox rkhunter]# ./installer.sh

Rootkit Hunter installer 1.2.4 (Copyright 2003-2005, Michael Boelen)
---------------

Starting installation/update

Checking /usr/local... OK
Checking file retrieval tools... /usr/bin/wget
Checking installation directories...
- Checking /usr/local/rkhunter...Created
- Checking /usr/local/rkhunter/etc...Created
- Checking /usr/local/rkhunter/bin...Created
- Checking /usr/local/rkhunter/lib/rkhunter/db...Created
- Checking /usr/local/rkhunter/lib/rkhunter/docs...Created
- Checking /usr/local/rkhunter/lib/rkhunter/scripts...Created
- Checking /usr/local/rkhunter/lib/rkhunter/tmp...Created
- Checking /usr/local/etc...Exists
- Checking /usr/local/bin...Exists
Checking system settings...
- Perl... OK
Installing files...
Installing Perl module checker... OK
Installing Database updater... OK
Installing Portscanner... OK
Installing MD5 Digest generator... OK
Installing SHA1 Digest generator... OK
Installing Directory viewer... OK
Installing Database Backdoor ports... OK
Installing Database Update mirrors... OK
Installing Database Operating Systems... OK
Installing Database Program versions... OK
Installing Database Program versions... OK
Installing Database Default file hashes... OK
Installing Database MD5 blacklisted files... OK
Installing Changelog... OK
Installing Readme and FAQ... OK
Installing Wishlist and TODO... OK
Installing RK Hunter configuration file... OK
Installing RK Hunter binary... OK
Configuration updated with installation path (/usr/local/rkhunter)

Installation ready.
See /usr/local/rkhunter/lib/rkhunter/docs for more information. Run 'rkhunter' (/usr/local/bin/rkhunter)


Step 4 :
-------
Configuration Files


The installer places a shell script in /usr/local/bin/

The configuration file in /usr/local/etc/

Rest of the files in /usr/local/rkhunter/

You can override /usr/local/ with the --installdir parameter.


With everything installed, you’re ready to run the program. One nice thing about Rootkit Hunter is that it keeps a variety of information such as known good program versions, blacklisted tools and binaries, and MD5 hashes in continually updated databases, much like a virus scanner. The first thing to do is make sure all of the databases are current.
# /usr/local/bin/rkhunter ––update

If anything is out of date, it’s automatically updated. There’s also a quick and easy way to verify that you’re running the latest version of Rootkit Hunter itself:
# /usr/local/bin/rkhunter ––versioncheck
This version: 1.2.7
Latest version: 1.2.7
To run all of the Rootkit Hunter security checks and see a verbose, colorized status report, run:
# /usr/local/bin/rkhunter – – checkall

While the Rootkit Hunter script has extremely sane defaults, you can edit its configuration file if you’d like to whitelist hidden files or directories, change the install directory, or ignore the fact that remote root SSH logins are allowed. As with any software you install, take the time to thoroughly look through the configuration file to learn what the software is capable of and what each option does.
Once you’re confident that everything is installed and working correctly, add Rootkit Hunter to your list of regular system chores in the system cron file. To do that, first create a script with the following:
#!/bin/sh
(
/usr/local/bin/rkhunter ––versioncheck
/usr/local/bin/rkhunter ––update
/usr/local/bin/rkhunter ––cronjob ––report-warnings-only
) | /bin/mail –s ’rkhunter output’ root
This script performs a version check, updates your databases, runs Rootkit Hunter in a mode conducive to cron (––cronjob disables colored output and ––report-warnings-only sets a severity level), and then mails the results to root. You should run this script as root, via cron, at least once a day.

Rootkit Hunter performs a similar function as chkrootkit. However, it works in a different manner and offers some additional features, such as storing information in live databases. Which one should you use? Since both are open source and are free to download and use, install both, see how each one works behind the scenes, and choose the one that best suits your needs and your environment.

Example to check :

[root@mybox rkhunter]# rkhunter --checkall


Rootkit Hunter 1.2.7 is running

Determining OS... Ready


Checking binaries


This will list the complete details..... of binaries, rootkits, torjans, Suspicious files and amlware etc ...








Saturday, December 24, 2005

Content Management System

Why do we need a Content Management System ?

Content management System is nothing but Web Operations Management.

I believe the common term is "Subject Matter Expert"

It Provides a easy way of Managing Content and Publishing.

I'm a firm believer in distributed web authoring and all that, but you have to be sure that your subject matter experts are web-ready.

As you review the need for a content management solution consider some of the following questions:

How long does it take your organization to change a design after you realized a change needed to be made? How will the new design impact the words on the site?

If one section of your site is receiving a major overhaul, can key changes you would like to make to another section of the site be made parallel.

Can you determine who made the last of changes in your site.

When was the last time the site and its various sections were updated.

The above questions can be answered by a CMS.

I have just implemented Joomla on a linux server.

What we need to implement this ?

Apache server (Web Server)
Mysql Server(database)
PHP Support

Some of the Features :

Once u login ...

Edit Web page, links, banner updates based on different sections using a login/password.

Online Forums.

Blogging Tools.

News feeds.

You can conduct online polls.

Users can register on your site, send private messages to each other.

Search Engine etc..

Can mail to all users who have registered at one go.


How Installion and configuation of Joomla :

Step 1

Download Joomla stable version from http://www.joomla.org

Step 2

Untar it in your doc root

For eg. I created a folder joomla in /var/www/html/joomla

Now in your browser open the path for installation

http://localhost/joomla/installation/install.php

This will open a Pre-installation check webpage taking you to 4 steps

- 1st will be agreeing gnu licence, say Next on top right hand corner >>

- Now Step 1 will Installing and configuring Database (Supports MySql)


MySQL database configuration:



Host Name -localhost

MySQL User Name - root ( I had given )

MySQL Password - , This is needed for creating database.

MySQL Database Name - joomla ( I had given)

MySQL Table Prefix - jos_ (It was already there)


There are 3 options below (Checkbox)

Drop Existing Tables - untick since we have not created any tables.(default unticked).

Backup Old Tables - default unticked leave it as it is.

Install Sample Data - It is ticked and should be ticked.

Click Next on top >>



Step 2
_______

Enter the name of your Joomla site:
SUCESS ! (Which means the database is created)

Type in the name of Joomla Site. This name isused in email messages so make it
something meaningful.


You need fill the same in the box - I type > The Home of Sriram


eg. Home of Joomla

Step 3
_______


Confirm the site URL, path, admin e-mail and file/directory chmods

URL http://mybox.sriram.com/joomla (was auto filled)

Path /var/www/html/joomla

Your email - sriram@mybox.sriram.com (Super Administrator)

Admin
Password - joomla





Notes that were given in Step 3 are below
__________________________________________


If URL and Path look correct then please do not change them. If you are not sure then please contact your ISP or administrator. Usually the values displayed will work for your site.

Enter your e-mail address, this will be the e-mail address of the site SuperAdministrator.

The permission settings will be used while installing Joomla itself, by the Joomla addon-installers and by the media manager. If you are unsure what flags shall be set, leave the default settings at the moment. You can still change these flags later in the site global configuration.


File Permissions (I left to default )
____________________________________

Dont CHMOD files (use server defaults) - This was checked

CHMOD files to:

Directory Permissions
_____________________

Dont CHMOD directories (use server defaults) - This was checked

CHMOD directories to:



Now I do next >>
_________________



STEP 4

+++++++++


Congratulations! Joomla is installed

Click the "View Site" button to start Joomla site or "Administration" to take you to administrator login.


PLEASE REMEMBER TO COMPLETELY
REMOVE THE INSTALLATION DIRECTORY

Administration Login Details

Username : admin
Password : joomla



Your configuration file or directory is not writeable, or there was a problem creating the configuration file. You'll have to upload the following code by hand. Click in the textarea to highlight all of the code.

I got this php saying I need to manually upload

Please check back again soon.';
$mosConfig_error_message = 'This site is temporarily unavailable.
Please
notify the System Administrator';
$mosConfig_debug = '0';
$mosConfig_lifetime = '900';
$mosConfig_MetaDesc = 'Joomla - the dynamic portal engine and content management system';
$mosConfig_MetaKeys = 'Joomla, joomla';
$mosConfig_MetaTitle = '1';
$mosConfig_MetaAuthor = '1';
$mosConfig_locale = 'en_GB';
$mosConfig_offset = '0';
$mosConfig_offset_user = '0';
$mosConfig_hideAuthor = '0';
$mosConfig_hideCreateDate = '0';
$mosConfig_hideModifyDate = '0';
$mosConfig_hidePdf = '0';
$mosConfig_hidePrint = '0';
$mosConfig_hideEmail = '0';
$mosConfig_enable_log_items = '0';
$mosConfig_enable_log_searches = '0';
$mosConfig_enable_stats = '0';
$mosConfig_sef = '0';
$mosConfig_vote = '0';
$mosConfig_gzip = '0';
$mosConfig_multipage_toc = '1';
$mosConfig_allowUserRegistration = '1';
$mosConfig_link_titles = '0';
$mosConfig_error_reporting = -1;
$mosConfig_list_limit = '30';
$mosConfig_caching = '0';
$mosConfig_cachepath = '/var/www/html/joomla/cache';
$mosConfig_cachetime = '900';
$mosConfig_mailer = 'mail';
$mosConfig_mailfrom = 'jomla@mybox.sriram.com';
$mosConfig_fromname = 'The home of Sriram';
$mosConfig_sendmail = '/usr/sbin/sendmail';
$mosConfig_smtpauth = '0';
$mosConfig_smtpuser = '';
$mosConfig_smtppass = '';
$mosConfig_smtphost = 'localhost';
$mosConfig_back_button = '1';
$mosConfig_item_navigation = '1';
$mosConfig_secret = '2ZcHGz2ULgJLwC4A';
$mosConfig_pagetitles = '1';
$mosConfig_readmore = '1';
$mosConfig_hits = '1';
$mosConfig_icons = '1';
$mosConfig_favicon = 'favicon.ico';
$mosConfig_fileperms = '';
$mosConfig_dirperms = '';
$mosConfig_helpurl = 'http://help.joomla.org';
$mosConfig_mbf_content = '0';
$mosConfig_editor = 'tinymce';
setlocale (LC_TIME, $mosConfig_locale);
?>



Now I created a file configuration.php under /var/www/html/joomla
and pasted the above php code


Now when I do recheck I get a page

Joomla

The home of Sriram
For your security please completely remove the installation directory including all files and sub-folders - then refresh this page



I now rename the installation directory in /var/www/html/joomla to
installation.orignal

Also move INSTALL.ph from /var/www/html/joomla to /var/www/html/installation.orignal


mv INSTALL.php installation.orignal/






Administration Page URL

http://mybox.sriram.com/joomla/administrator/index.php



Administration Login Details

Username : admin
Password : joomla


Faq

After creating the configuration.php and copying the contents

I got errors while openning the url http://mybox.sriram.com/joomla/index.php



Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/joomla/configuration.php:70) in /var/www/html/joomla/index.php on line 218

Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/joomla/configuration.php:70) in /var/www/html/joomla/index.php on line 219

Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/joomla/configuration.php:70) in /var/www/html/joomla/index.php on line 220

Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/joomla/configuration.php:70) in /var/www/html/joomla/inde--More--x.php on line 222

I was not even able to login as admin

Solution :
+++++++++++++++++++++

There was space after last line ?> I deleted the last space and saved the configuration file and things started working



























Thursday, December 22, 2005

Monitor Network Activity using IPAudit



What does IPAudit do?

IPAudit monitors network activity on a network by host, protocol and port.

IPAudit listens to a network device in promiscuous mode, and records every connection between two ip addresses. A unique connection is determined by the ip addresses of the two machines, the protocol used between them, and the port numbers (if they are communicating via udp or tcp).

IPAudit can be used to monitor network activity for a variety of purposes. It has proved useful for monitoring intrusion detection, bandwith consumption and denial of service attacks. It can be used with IPAudit-Web to provide web based network reports.

Installation and Configuration

Step 1 - Become root on your system and create a user called "ipaudit". It will need a valid shell and home directory (typically /home/ipaudit, which will be used in this article for simplicity). Now switch to the newly created "ipaudit" user.

Step 2 - Download and unpack the ipaudit-web tarball in /home/ipaudit.

[root@mybox ipaudit]$ tar zxvf ipaudit-web-1.0BETA9.tar.gz

Now you will need a few things installed before compiling or else it will throw
errors

Make sure you have these installed

1) libpcap - (I installed libpcap0-0.7.2-3mdk urpmi way)

2) yacc - (This is needed, again I did a urpmi yacc - byacc-1.9-14mdk)

3) gnuplot - (This is not required now, later to create png files)

4) gcc compiler.

5) perl (To enable the scripts to run.)


Optional : Perl module Time :: ParseDate for the cgi-scripts
SearchIpauditData to work ( can omit if necessry).



Now lets complie ,

Step 3 - Change to the compile directory:


[ipaudit@mybox ipaudit]$cd ipaudit-web-1.0BETA9/compile

Step 4 - Execute the configure script and run make:

[ipaudit@mybox ipaudit]$ ./configure
[ipaudit@mybox ipaudit]$ make

Step 5 - Become root and execute the make install commands:

[ipaudit@mybox ipaudit]$ su -
Password:
[ipaudit@mybox ipaudit] # make install
[ipaudit@mybox ipaudit] # make install-cron
[ipaudit@mybox ipaudit] # exit (Leave root and become ipaudit user again)
[ipaudit@mybox ipaudit] $

Step 6 - Now you will need to edit /home/ipaudit/ipaudit-web.conf

LOCALRANGE="10.10.93.0/24"

My network is on 10.10.93.0 range ... Place it accordingly.

INTERFACE=eth0

I have only one ethernet card eth0 connected to my ISP Provider.

If you have 2 ethernet cards and eth1 connected to your ISP provider then you may mention that.

Step 7 - Add the following lines to your Apache httpd.conf file if they do not already exist:


Directory /home/ipaudit/public_html
AllowOverride All
Options MultiViews Indexes Includes FollowSymLinks
Order allow,deny
Allow from all
/Directory

Directory /home/ipaudit/public_html/cgi-bin
Options +ExecCGI -Includes -Indexes
SetHandler cgi-script
/Directory



Note : I am having problems posting blogs with <> and < / > signs so you may have embed that on the above Directory lines.


Note that your Apache server may already contain configuration similar to the above for the "/home/*/public_html" directory. If you do not plan to use the Userdir module for anything other than IPAudit, it is suggested that you comment out the original configuration and replacing it with the configuration above.

Your Apache server will need to support SUEXEC, Mod_Perl, and Mod_Userdir. Once you have modified the Apache configuration restart your Apache server. For more details on the IPAudit-Web installation, refer to the INSTALL file located in the installation directory of that package. It contains more information about the required Perl module Time::ParseDate, SUEXEC, and password protecting your IPADUIT-Web installation. Since is requires just moderate Google hacking skills to find other peoples IPAudit installations, protecting IPAudit with a password would be a very good idea.

Step 8 - Check your installation

Open a web browser and go to:

http://localhost/~ipaudit/

If your installation was successful you should now see a screen like the one shown with a Sample page and later after 30 mins look like above.


Please make sure the below are in the location mentioned.

If not change the settings in /home/ipaudit/ipaudit-web.conf to their locations

AWK=/bin/gawk
GZIP=/bin/gzip
ZCAT=/bin/zcat
ZGREP=/usr/bin/zgrep
GNUPLOT="nice -19 /usr/bin/gnuplot"


I have also made one more change in /home/ipaudit/ipaudit-web.conf

#CGI_BIN=/home/ipaudit/public_html/cgi-bin

Previously it was

#CGI_BIN=/~ipaudit/cgi-bin ( I have hashed it)

Make sure your pearl is located in /us/bin/perl or else change it accordingly in all all files in /home/ipaudit.



Additionally you may also check this and this for more info.


Wednesday, December 21, 2005

Snap of PhpGroupware INBOX




On the previous posts I have explained How to Install and Configure PhpGroupware.

PhpGroupware - Setting up Email Account



In the previous post I have written on how-to implement the Phpgroupware.

Here I will discuss on Setting up Email Accounts for Users.

What we will do is Fetch Users Mail From External domain.
I have created two users on www.bluebottle.com

1) sriramsreedhar@bluebottle.com


2) rakeshsreedhar@bluebottle.com

Note : Bluebottle offers Pop/Imap and Smtp Access

Pop/Imap - mail.bluebottle.com

Smtp - smtp.bluebottle.com


First login to Setup/Config Admin Login
http://mybox.sriram.com/phpgroupware/setup/index.php Under Step 2 -

Configuration


Click here to setup an admin account and (optionally) 3 demo accounts.

Create Accounts (This will be your Virtual Login Names)

Details of Admin Account
Admin username - rakesh
Admin first name - Rakesh
Admin last name - Sreedhar
Admin password
Re-enter password

Now login to

http://mybox.sriram.com/phpgroupware/index.php

Click Preferences - Change your Settings

Interface Template Selection - Idots

Theme (color/fonts) selection - Idots

Click Save

Now Again Click Preference > Email Preference

In the last Menu

First 6 options are Important

Custom Email Preference

Use custom settings
Email Account Name
E-Mail password (hidden)
E-Mail address
Mail Server
Mail Server type
IMAP Server Type - If Applicable
U-Wash Mail Folder - If Applicable
" value="">


Click Submit

Now on the top Left Click Admin > 2nd Option Email > Site Configuration

Here you can POP/IMAP and SMTP Details
Note : Smtp Auth option is not available here

Admin
Site configuration

Mail settings
Enter your POP/IMAP mail server hostname or IP address:
Select your mail server type:
IMAP Server Type:
Enter your default mail domain ( From: user@domain ):
Mail server login type:
Enter your SMTP server hostname or IP address:
Enter your SMTP server port:



Some additional PhpGroupware Information - FAQ

How To set up smtp-auth ? Note : you don't have a web based for this

Solution: phpGroupware as basic support for SMTP Auth in that you can set a single username and password so the whole phpGroupWare install to use when sending email.

  1. Edit /var/www/html/phpgroupware/email/inc/class.mail_send.inc.php
  2. Search for "$smtp_auth_login_required". Should be around line 209.
  3. Change False to True and set the username and password in the $mylogin and $mypassword variables respectivly.
  4. Save the file and send an email. The changes will take effect immediatly for all phpGroupWare users.

How to use a different port for imap instead of default 143 ?

open file > /var/www/html/email/inc/class.mail_msg_base.inc.php

$mail_port = 143


Change it to whatever your non standard port is

eg.
$mail_port = 8143



When is it scheduled to check mails ?

Default is 4 minutes .. I am told this will come in user preference until then

Step 1.

In email/inc/class.boindex.inc.php delete the ,240000 in the $this->xi['auto_refresh_widget'] line (line 368). That number forces the default to be 4 minutes (240000 milliseconds)

Step 2.

In email/inc/class.html_widgets.inc.php find:

function auto_refresh($reload_me=, $feed_refresh_ms=)

{

and add

$GLOBALS['phpgw']->msg->set_pref_value('refresh_ms', 10*60*1000 );

// change the number to your desired refresh time in milliseconds (example is 10 minutes)

// use 0 (zero) to disable the refresh

You're done.

By the way, if you want to manually refresh the INBOX contents, you can just click on the email icon in the navbar.







Tuesday, December 20, 2005

Deploying PHPGroupware ...


PhpGroupware Features

Web Based Email Interface(Supports IMAP/POP/IMAPs/POPs).

Calendar.
Global Address Book.
Task Management / Delegation.
Adding Notes Private/Public
To-do List.
News Reader.
File Sharing among Users


How to Implement it ?

First I download phpgroupware-0.9.16.010.tar

and untarred it in /var/www/html which is document root directory


set the permission of directory to 755

chmod -R 755 /var/www/html/phpgroupware

Create database phpgroupware
mysql> create database phpgroupware;
Query OK, 1 row affected (0.01 sec)

Created user/pass phpgroupware along with giving permission to access database phpgroupware :

mysql> grant all on phpgroupware.* to phpgroupware@localhost identified by "phpgroupware";
Query OK, 0 rows affected (0.23 sec)

Type the below in your browser
http://localhost/phpgroupware/setup

once i do this

Analysis
You appear to have MySQL support enabled
No Postgres-DB support found. Disabling
No Microsoft SQL Server support found. Disabling
No Oracle-DB support found. Disabling
No ODBC/SAPDB support found. Disabling
You appear to be using PHP4. Enabling PHP4 sessions support
It appears that you do not have IMAP Supprt. Imap Suuport has been disabled ###
Sample configuration not found. using built in defaults
Now guessing better values for defaults...

Imap support needs to be enabled as per their documentation

So I installed php-imap module using urpmi

[root@mybox html]# urpmi php-imap
medium "contrib" uses an invalid list file:
mirror is probably not up-to-date, trying to use alternate method

ftp://ftp.is.co.za/mirror/mandrivalinux/official/9.2/i586/Mandrake/RPMS/php-imap-4.3.2-3mdk.i586.rpm
installing /var/cache/urpmi/rpms/php-imap-4.3.2-3mdk.i586.rpm
Preparing... ##################################################
1:php-imap ##################################################

After installing I checked the modules under
[root@mybox apache2]# pwd
/usr/lib/apache2

It listed mod_imap.so*

To have IMAP support enabled

I added the module to apaches's httpd.conf /etc/httpd/conf/httpd.conf

LoadModule access_module modules/mod_imap.so


Now I refresh http://mybox.sriram.com//phpgroupware/setup/ in the browser and it shows Imap Support Enabled... you can see that below

Analysis
You appear to have MySQL support enabled
No Postgres-DB support found. Disabling
No Microsoft SQL Server support found. Disabling
No Oracle-DB support found. Disabling
No ODBC/SAPDB support found. Disabling
You appear to be using PHP4. Enabling PHP4 sessions support
You appear to have IMAP support enabled
Sample configuration not found. using built in defaults
Now guessing better values for defaults...


Just give chmod 777 permission to phpgroupware in /var/www/html/phpgroupware and it will add write button Just refresh the above url... since we need to add the file header.inc.php

There are 3 ways to add header.inc.php 1)Click Write Button2)click download button 3) view button copy and paste in the file header.inc.php

We choose write after giving 777 permission to directory /var/www/html/phpgroupware

Note it points to http://mybox.sriram.com//phpgroupware/setup/manageheader.php


Now Lets fill the phpGroupWare version Setup details :


Settings

Server Root
/var/www/html/phpgroupware

Include Root (this should be the same as Server Root unless you know what you are doing)
/var/www/html/phpgroupware

Admin password to header manager
header123


Persistent connections
True Do you want persistent connections (higher performance, but consumes more resources)

Sessions Type
PHP4 What type of sessions management do you want to use (PHP4 session management may perform better)?

Enable Mcrypt
False

MCrypt version
Set this to "old" for versions <>JPG->PNG


Host information

Enter the hostname of the machine on which this server is running: mybox.sriram.com

Enter your default FTP server:

Attempt to use correct mimetype for FTP instead of default 'application/octet-stream': No


Datetime port.
If using port 13, please set firewall rules appropriately before submitting this page.
(Port: 13 / Host: 129.6.15.28) 00(disable/recommended)



Enter your HTTP proxy server Blank

Enter your HTTP proxy server port: Blank

Enter the site username for peer servers. Blank

Enter the site password for peer servers. Blank




Authentication / Accounts SQL
Select which type of authentication you are using: SQL
Select where you want to store/retrieve user accounts:
Minimum account id (e.g. 500 or 1000, etc.)*:
Maximum account id (e.g. 65535 or 1000000):
Minimum group id (e.g. 100 or 500, etc.) - should not overlap with account ids*}:

Maximum group id (e.g. 499 or 999) - should not overlap with account ids*:
Auto create account records for authenticated users: No
Auto-created user accounts expire: One Week
Add auto-created users to this group ('Default' will be attempted if this is empty.):
If no ACL records for user or any group the user is a member of: Deny Access


Note : whereever I have not filled Information is all blank



If using LDAP:
Do you want to manage homedirectory and loginshell attributes?: No
LDAP Default homedirectory prefix (e.g. /home for /home/username):
LDAP Default shell (e.g. /bin/bash):
LDAP host:
LDAP accounts context:
LDAP groups context:
LDAP rootdn:
LDAP root password:
LDAP encryption type: DES





Mcrypt Settings (requires mcrypt PHP extension)
Enter some random text for app session encryption:
Mcrypt algorithm (default TRIPLEDES): TRIPLEDES
Mcrypt mode (default CBC): CBC

Additional settings
Select where you want to store/retrieve filesystem information:
(file type, size, version, etc.) SQL
Select where you want to store/retrieve file contents:
(Recommended: Filesystem) Filesystem

Click Here to setup an admin account and (optionally) 3 demo accounts.
This will delete all existing accounts




Step 3 - Language Management

Click Manage Languages

Select Delete all old languages and install new ones - Click Install

Step 4 - Advanced Application Management

This is needed if you need to remove/add appalications later.

Please Note All the 4 steps should have a tick which means you have completed their instructions.

Click Logout




Now


2) Header Admin Login

This will have same settings that we configured in the beginning

http://mybox.sriram.com/phpgroupware/setup/manageheader.php


Analysis
You appear to have MySQL support enabled
No Postgres-DB support found. Disabling
No Microsoft SQL Server support found. Disabling
No Oracle-DB support found. Disabling
No ODBC/SAPDB support found. Disabling
You appear to be using PHP4. Enabling PHP4 sessions support
It appears that you do not have IMAP Supprt. Imap Suuport has been disabled ###
Sample configuration not found. using built in defaults
Now guessing better values for defaults...


ETC ....


One important I also changed the /etc/php.ini

register_globals = On

In the beginning I had set it to off and now back to On after faing some problems

Anytime you forgetor face any problem I recommend changing the

[root@mybox phpgroupware]# pwd
/var/www/html/phpgroupware
[root@mybox phpgroupware]#

[root@mybox phpgroupware]# mv header.inc.php header.inc.php.old

and running http://mybox.sriram.com/phpgroupware/setup in the browser for new setup

You might have forgot to add or missed some details.



Please Take care of the permissions Later once you familiar with all this.

Now you can login with the account created :

http://mybox.sriram.com/phpgroupware/login.php
srirams
srirams

Once you Implement this make sure you have set up the Email settings for it to work.


Some additional PhpGroupware Information - FAQ

How To set up smtp-auth ? Note : you don't have a web based for this

Solution: phpGroupware as basic support for SMTP Auth in that you can set a single username and password so the whole phpGroupWare install to use when sending email.

  1. Edit /var/www/html/phpgroupware/email/inc/class.mail_send.inc.php
  2. Search for "$smtp_auth_login_required". Should be around line 209.
  3. Change False to True and set the username and password in the $mylogin and $mypassword variables respectivly.
  4. Save the file and send an email. The changes will take effect immediatly for all phpGroupWare users.

How to use a different port for imap instead of default 143 ?

open file > /var/www/html/email/inc/class.mail_msg_base.inc.php

$mail_port = 143


Change it to whatever your non standard port is

eg.
$mail_port = 8143



When is it scheduled to check mails ?

Default is 4 minutes .. I am told this will come in user preference until then

Step 1.

In email/inc/class.boindex.inc.php delete the ,240000 in the $this->xi['auto_refresh_widget'] line (line 368). That number forces the default to be 4 minutes (240000 milliseconds)

Step 2.

In email/inc/class.html_widgets.inc.php find:

function auto_refresh($reload_me=, $feed_refresh_ms=)

{

and add

$GLOBALS['phpgw']->msg->set_pref_value('refresh_ms', 10*60*1000 );

// change the number to your desired refresh time in milliseconds (example is 10 minutes)

// use 0 (zero) to disable the refresh

You're done.

By the way, if you want to manually refresh the INBOX contents, you can just click on the email icon in the navbar.