CentOS. How to upgrade MySQL with yum.

I found a lot of links about how to upgrade MySQL to latest version with many manual operations.
Here is how to update with yum, might be helpful for someone:

Install MySQL repository, you can download it from here.

I will use wget to install it:
wget https://repo.mysql.com//mysql57-community-release-el6-11.noarch.rpm

Then just install this repository:

yum install mysql57-community-release-el6-11.noarch.rpm

And run:
yum update mysql

Now you probably cannot run MySQL daemon because you need to update tables first, to run update you need to start daemon manually with additional options:

[root@web01 ~]# /etc/init.d/mysqld start --skip-grant-tables
[root@web01 ~]# mysql_upgrade
[root@web01 ~]# service mysqld restart

BTW do you know that’s all admins divides in to two commands: who do backups and who doesn’t :)?

Squid. Pop3/SMTP. Firewalld based Linux.

Imagine that you have installed Squid on firewalld based system.
First interface (eth0) connected into internal network and second (eth1) to internet.
To allow client browsing you can use http_access, but if you want to enable client to use for example pop3 or smtp (which squid is not support) the only way is sNAT.

I can find how to enable NAT for all ports (Masquerading, snat) and how to nat port with iptables, but cannot find how to limit it by ports trough firewalld.
Most of Linux admins advice to downgrade to iptables. Here is how to do that with firewalld:

Relay Postfix emails to MS Exchange. SpamAssassin,Postfix,Exchange Step-by-Step. Part 2.

In previous article we’ve installed spamassassin and pair it with Postfix.
It’s time to relay all external filtered emails to our exchange.

From now your Postfix should relay all filtered by spamassassin emails to Microsoft Exchange, you can stop here or you can enable Postfix as Smart Host in Exchange send connector, relay for exchange already configured above.

About Open Source Antispam: SpamAssassin,Postfix,Exchange Step-by-Step. Part 1.

Here is a quick start guide for SpamAssassin that works in pair with PostFix MTA in front and MS Exchange in back end.
We’ll also configure Statistic Analyzer for SpamAssassin and pair Postfix with Microsoft Exchange in next Parts.
This guide has been tested by non-Linux user by copy-pasting this config.
I’ve added description for each command and config file to make article more clear. All comments starts with ‘#’ symbol.

In my lab smtp1.digitalbears.net server will be used as SpamAssassin and Postfix server, cas-n01.digitalbears.net will be act as MS exchange backend. CentOS 7 x64 installed with minimall installation on smtp1.

Past following content:

Execute from smtp1 terminal:

Past following content:

Execute from smtp1 terminal:

Past following content:

From smtp1 terminal:

Now our SA configured and running.

Lets config our Postfix, we should redirect all coming to Postfix emails to SA.
Execute from smtp1 terminal:

Past following content:

Execute from smtp1 terminal:

From now you should be able to connect using telnet to our postfix&spamassassin server via 25 port and check wheather our antispam checks work or not:
Run from any server except smtp1

smtp1 is our antispam server. email queued for delivery, lets check root@smtp1 mailbox:

Execute from smtp1 terminal:

I’ve specify required_hits to 3 and add my network to trusted for testing purpose , as you can see message subject now is [SPAM], we also get a positive point from trusted ip LIST (-1 , more negative is better). Final score for email is 4.5 which is greater than 3, therefore message marked as spam.

SA Log File /usr/local/spamassassin/spamd.log
Postfix Log File /var/log/messages

In the next Part We’ll pair Postfix with MS Exchange.

Used Articles:
https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html
https://wiki.apache.org/spamassassin/ImproveAccuracy

Mount Windows CIFS share to *nix servers using KERBEROS auth. Step-by-Step.

In my example I will use kerberos to authenticate my linux server on Active Directory and use this credentials to get CIFS share.
My lab

dc02.digitalbears.net -Domain controller
lpi2.digitalbears.net -Linux (CentOS 7)

First we need create an object in AD which we will use for authentication. We can create machine account in AD, but you should regenerate key
when your machine changes its password (you can’t set “password never expires” for computer object). To avoid this case, we will create a user
object in AD.

We will use created in AD user lpi@digitalbears.net.
You should add SPN for this account to allow linux server with FQDN lpi2.digitalbears.net (It’s some kind of delegation which will allow your lpi2.digitalbears.net
host to get Kerberos Ticket Granting Service on behalf of lpi@digitalbears.net user account).

To do it run from windows with ad permission:

Now you need to generate keytab file which you will use on centos server. Do it on same cmd.exe\powershell.exe:

Pass: Password for lpi@digitalbears.net
princ: “host”- include many services and CIFS one of them, “lpi2.digitalbears.net”- my linux server fqdn, @digitalbears.net my domain name (must be specified in uppercase)
mapuser: user name which will be used to generate keytab

Now you need to transfer C:\krb.keytab to lpi2.digitalbears.net, then from ssh console:

Past following information, but change digitalbears.net with your domain name in uppercase and digitalbears.net with you domainname in lowercase

Save this changes.
Check that no one kerberos tickets added to system:

Then you need to generate kerberos ticket using your keytab file. (You can remove your ticket by running kdestroy command)

You can see that kerberos ticket is imported and now we are ready to mount:

You are done, you can access this shared folder with permission which admin setup for username lpi@digitalbears.net on this folder.