Fix Zimbra stats graph/cron jobs

If your zimbra scheduled tasks are not running or if you don’t see your stats graphs on admin panel, the first thing that you should check if zimbra’s cronjobs. When you reinstall/move your zimbra installation we normally tend to miss cron job setups required for zimbra.

To fix this, find the Zimbra crontabs directory at /opt/zimbra/zimbramon/crontabs

Now, lets put alwal the cronjob’s to a single file (just to make your job easier) as follows:

[[email protected] crontabs]# cat crontab >> crontab.zimbra
[[email protected] crontabs]# cat crontab.ldap >> crontab.zimbra
[[email protected] crontabs]# cat crontab.logger >> crontab.zimbra
[[email protected] crontabs]# cat crontab.mta >> crontab.zimbra
[[email protected] crontabs]# cat crontab.store >> crontab.zimbra

Finally,Load the crontab.zimbra file to crontab as follows:

[[email protected] crontabs]# crontab crontab.zimbra

Voila, that’s it. Wait for few minutes to start seeings the graphs. You can also verify the cornjobs by using ‘crontab -l’.

Vmware Workstation 10.x patch for Linux kernel 3.13

Vmware Workstation breaks if you try using upcoming Linux kernel release’s and at the same time, VMWare community moves fast to push a quick patches to applied for those who dare to use cutting edge beta OS on their machines.

WoodyZ on https://communities.vmware.com provides a patch which just works for Linux Kernel 3.13.

Here is the patch provided from WoodyZ for your quick reference.

Apply the patch to /usr/lib/vmware/modules/source/vmnet.tar (Extract, apply the patch using patch command, compress the files back to vmnet.tar) and run vmware workstation again.

 

--- vmnet-only/filter.c 2013-10-18 15:11:55.000000000 -0400
+++ vmnet-only/filter.c 2013-12-21 20:15:15.000000000 -0500
@@ -27,6 +27,7 @@
#include "compat_module.h"
#include <linux/mutex.h> #include <linux/netdevice.h> +#include <linux/version.h> #if COMPAT_LINUX_VERSION_CHECK_LT(3, 2, 0)
# include <linux/module.h> #else
@@ -203,7 +204,11 @@
#endif</code>

static unsigned int
+#if LINUX_VERSION_CODE &lt; KERNEL_VERSION(3, 13, 0)
VNetFilterHookFn(unsigned int hooknum, // IN:
+#else
+VNetFilterHookFn(const struct nf_hook_ops *ops, // IN:
+#endif
#ifdef VMW_NFHOOK_USES_SKB
struct sk_buff *skb, // IN:
#else
@@ -252,7 +257,12 @@

/* When the host transmits, hooknum is VMW_NF_INET_POST_ROUTING. */
/* When the host receives, hooknum is VMW_NF_INET_LOCAL_IN. */
- transmit = (hooknum == VMW_NF_INET_POST_ROUTING);
+
+#if LINUX_VERSION_CODE &lt; KERNEL_VERSION(3, 13, 0)
+ transmit = (hooknum == VMW_NF_INET_POST_ROUTING);
+#else
+ transmit = (ops-&gt;hooknum == VMW_NF_INET_POST_ROUTING);
+#endif

packetHeader = compat_skb_network_header(skb);
ip = (struct iphdr*)packetHeader;

Zimbra Admin password reset

To reset the administrative password:

su – zimbra
zmprov sp

To get a list of all administrators:

su – zimbra
zmprov gaaa

To access the admin console:

https://YOURHOST:7071

Remember that the administrative console (sometimes) requires a full email address as the login name, so you may be using the correct password and the wrong login!

Resource: http://wiki.zimbra.com/wiki/Admin_Password_Reset

Fix: openvz, iptables, csf and errors

CSF has been one of the first choice for years now for me to secure server with a easily usable iptables manager. More than that it works as “A Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers”.

While using csf on OpenVZ vps systems we end up facing lots of issues with respect to iptables modules. If you’re a sysadmin managing hardware nodes it might not be easy though it has got to do something quite simple. I’m pasting the similar issue once again here for a reference and let us recheck what we normally oversee.

Error received during csf test:

:~# /etc/csf/csftest.pl
Testing ip_tables/iptable_filter…OK
Testing ipt_LOG…OK
Testing ipt_multiport/xt_multiport…OK
Testing ipt_REJECT…OK
Testing ipt_state/xt_state…OK
Testing ipt_limit/xt_limit…OK
Testing ipt_recent…FAILED [Error: iptables: No chain/target/match by that name.] – Required for PORTFLOOD and PORTKNOCKING features
Testing xt_connlimit…FAILED [Error: iptables: No chain/target/match by that name.] – Required for CONNLIMIT feature
Testing ipt_owner/xt_owner…FAILED [Error: iptables: No chain/target/match by that name.] – Required for SMTP_BLOCK and UID/GID blocking features
Testing iptable_nat/ipt_REDIRECT…OK
Testing iptable_nat/ipt_DNAT…OK

RESULT: csf will function on this server but some features will not work due to some missing iptable modules

Now, the quick remedy that we get to resolve this issue is to enable all the iptable modules in /etc/vz/vz.conf of the OpenVZ hardware node as follows:

IPTABLES=”ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp ipt_recent ipt_owner ipt_conntrack ipt_helper ipt_REDIRECT ipt_recent ipt_owner”

and restart all VM’s etc using  “service vz restart” to activate all modules to all VPS systems.

The other options we have is to enable these modules for a specific VPS/VM as follows: (PS: here 100 is a VPS id)

vzctl set 100 –iptables ipt_REJECT –iptables ipt_tos –iptables ipt_TOS –iptables ipt_LOG –iptables ip_conntrack –iptables ipt_limit –iptables ipt_multiport –iptables iptable_filter –iptables iptable_mangle –iptables ipt_TCPMSS –iptables ipt_tcpmss –iptables ipt_ttl –iptables ipt_length –iptables ipt_state –iptables iptable_nat –iptables ip_nat_ftp –iptables ipt_owner –iptables ipt_recent –save

If you run the above command with –setmode option, the modules will be applied.

Or you can add the IPTABLES line mentioned earlier (vz.conf entry) to VPS configuration file  (/etc/vz/conf/100.conf for the above example VPS) and restart VPS with the following command to make it effective.

vzctl restart 100

This was quite simple and known answer. But I have always found that it doesn’t go so smooth. This might be because of one simple reason that I quote here:

We keep removing OLD kernel packages etc and install the new ones to ensure that we have secure system with latest kernel and packages. During this process we end up loosing kernel modules required for the new modules. I figure this out once again while working on my hardware node just by typing the find command as follows under /lib

find /lib –name *ipt*

I was expecting the iptables modules to be listed under my current kernel but to my surprise I didn’t find them. I found them in one of the very old kernel that was installed on the box. Crazy. So, I decided to jump in and reinstall iptables packages quickly on the machine:

yum reinstall iptables-devel.i686 iptables-devel.x86_64 iptables-ipv6.x86_64 iptables.i686 iptables.x86_64

Here is the final output of my csf test after restarting my VM.

~# /etc/csf/csftest.pl
Testing ip_tables/iptable_filter…OK
Testing ipt_LOG…OK
Testing ipt_multiport/xt_multiport…OK
Testing ipt_REJECT…OK
Testing ipt_state/xt_state…OK
Testing ipt_limit/xt_limit…OK
Testing ipt_recent…OK
Testing xt_connlimit…OK
Testing ipt_owner/xt_owner…OK
Testing iptable_nat/ipt_REDIRECT…OK
Testing iptable_nat/ipt_DNAT…OK

RESULT: csf should function on this server

That’s it. Now you know why iptables doesn’t work even if you had not changed anything recently on hardware node (and forgotten that you restarted your system with a new kernel). Verify the iptables modules with lsmod and reinstall the packages if required.

Fix: VMWare No 3d Support will be available from this host

VMWare Workstation no 3d Support

You might get to see the above error while booting your VM’s on VMWare Workstation 9.x on Ubuntu.
This issue might get sorted by adding the following line to .vmx line of the VM.

mks.gl.allowBlacklistedDrivers = TRUE

Read the further discussion on this topic at vmware forum.