Tuesday, September 11, 2012

Installing a SSL on a synology DS

I assume you are running OSX or Linux and have openssl installed.

Follow the steps below to create and install the SSL

1. Open a terminal and type the following commands. The first command will ask for a paraphrase. The same paraphrase will be required by the other commands.

  • openssl genrsa -des3 -out my.key 2048
  • openssl rsa -in my.key -out final.key
  • openssl req -nodes -new -key my.key -out request.csr
  • openssl x509 -req -in request.csr -signkey my.key -out certificate.crt -days 3650

2. The above commands will create the key and the certificate. They will be stored in my.key and certificate.crt respectively.

3. Login to the DSM GUI, go to the control panel, DSM Settings, HTTP Service and click the button marked Import Certificate.

4. For the private key select my.key and for the certificate select certificate.crt. Reboot the NAS.

Syno Community

Good source of synology packages


Disable notifications for a service in nagios

Assuming you are running nagios on a UBuntu box and want to disable notification emails for a particular service, you would follow the steps below.

1. Locate the service configuration file. In my case it happened to be located at /etc/nagios3/conf.d/localhost_nagios2.cfg

2. Edit the file and find the service definition for the service you are interested in. The service definitions all start with 'define service'

3. Add the following configuration inside the service definition

notifications_enabled 0

4. Restart nagios - /etc/init.d/nagios3 restart

Notification would now be disabled for this service.

Sunday, September 9, 2012

Postfix configuration to use SMTP relay, re-write from email address and name

What is postfix?

Postfix is a free and open-source mail transfer agent (MTA) that routes and delivers electronic mail. It is intended as a fast, easier-to-administer, and secure alternative to the widely used Sendmail MTA.

The postfix configuration file usually resides at /etc/postfix/main.cf and uses the following format for configuration parameters.

parameter = value


You should set up a postmaster alias in the aliases table that directs mail to a human person. The postmaster address is required to exist, so that people can report mail delivery problems. While you're updating the aliases table, be sure to direct mail for the super-user to a human person too.

The aliases file is /etc/aliases. A sample configuration is shown below. In this configuration, the postmaster and root emails are delivered to the user john.

postmaster: john
root: john

Execute the command "newaliases" after changing the aliases file. Instead of /etc/aliases, your alias file may be located elsewhere. Use the command "postconf alias_maps" to find out.

Using an external SMTP server as a relay

By default, postfix directly delivers emails to the final email server. For example, if you send an email to user@example.com, postfix will try to lookup the MX record for example.com and directly connect to its mail server to deliver the email.

This can be a problem if your host cannot reach other email servers on the internet or your organization requires all emails to be sent via a SMTP gateway.

The parameter relayhost in the postfix configuration file is used for this purpose. Below is a sample configuration.

relayhost  = smtp.example.com

Restart postfix using '/etc/init.d/postfix restart' for changes to take effect.

Re-writing the from-email address

If you want to re-write the email address from which emails are sent out from, postfix offers generic mapping for smtp. Create a file called '/etc/postfix/generic' and add in a line similar to the following one to rewrite the from address.

root@example.com john@example.com

Modify the main configuration file to add the 'smtp_generic_maps' parameter as follows,

smtp_generic_maps = hash:/etc/postfix/generic

Then build the map generic db file using the command 'postmap /etc/postfix/generic'

Restart postfix using '/etc/init.d/postfix restart' for changes to take effect.

For any errors, check the log files located at /var/log/mail*

Re-writing the from name when sending an email

Although, the from email address is re-written using the process above, the name of the person in the email sent by postfix will still be shown as the local username. For e.g, if you re-write the email address from root@example.com to john@example.com and then you look at the raw headers in the sent email, the following may be seen.

From: root

To fix this, you need to use smtp_header_checks. This parameter allows you to have a regex replace the name used in the email header with the name of your choice. Follow the steps below to get this fixed.

1. Create a file called '/etc/postfix/smtp_header_checks'.
2. Add a regex in the file with the format and save the file.
          /^From:root/ REPLACE From: John
3. Add the following parameter to your mail configuration file.
         smtp_header_checks = regexp:/etc/postfix/smtp_header_checks
4. Check and compile your regex with a sample message using the command.
        postmap -q - regexp:/etc/postfix/smtp_header_checks < /tmp/raw-header-file
5. Restart postfix for changes to take effect.

More info

For more details and updated information, visit the postfix website at http://www.postfix.org/

Thursday, August 30, 2012

Change update frequency of software updates in OSX

sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate ScheduleFrequency

Friday, August 24, 2012

Advanced Linux File Permissions

Advanced File Permissions in Linux

Here we will discuss about the 3 special attributes other than the common read/write/execute.
drwxrwxrwt - Sticky Bits - chmod 1777
drwsrwxrwx - SUID set - chmod 4777
drwxrwsrwx - SGID set - chmod 2777

Sticky bit

Sticky bits are mainly set on directories. If the sticky bit is set for a directory, only the owner of that directory or the owner of a file can delete or rename a file within that directory.

Consider you have a directory " test ". chmod it to " 777 ". This gives permissions for all the users to read, write and execute.

# chmod +t test

# ls -al
drwxrwxrwt 2 a1 a1 4096 Jun 13 2008 .
-rw-rw-r-- 1 a1 a1 0 Jun 11 17:30 1.txt
-rw-rw-r-- 1 b2 b2 0 Jun 11 22:52 2.txt

From the above example a1 is the owner of the test directory. 
a1 can delete or rename the files 1.txt and 2.txt.
b2 can delete or rename the file 2.txt only.

SUID - [ Set User ID ]

SUID bit is set for files ( mainly for scripts ). The SUID permission makes a script to run as the user who is the owner of the script, rather than the user who started it.

If a1 is the owner of the script and b2 tries to run the same script, the script runs with the ownership of a1.
If the root user wants to give permissions for some scripts to run by different users, he can set the SUID bit for that particular script.
So if any user on the system starts that script, it will run under the root ownership.
root user much be very careful with this.

SGID - [ Set Group ID ]

If a file is SGID, it will run with the privileges of the files group owner, instead of the privileges of the person running the program. This permission set also can make a similar impact. Here the script runs under the groups ownership. You can also set SGID for directories.

Consider you have given 2777 permission for a directory. Any files created by any users under this directory will come as follows.
-rw-rw-r-- 1 b2 a1 0 Jun 11 17:30 1.txt
In the above example you can see that the owner of the file 1.txt is b2 and the group owner is a1.
So both b2 and a1 will have access to the file 1.txt.
Now lets make this more interesting and complicated.

Create a directory "test". Chmod it to 2777. Add sticky bit to it.

mkdir test
# chmod 2777 test
# chmod +t test
# ls -al test
drwxrwsrwt 2 a1 a1 4096 Jun 13 2008 test

From the above permission set you can understand that SGID and sticky bit is set for the folder "test".
Now any user can create files under the test directory.
drwxrwsrwt 2 a1 a1 4096 Jun 13 2008 .
-rw-rw-r-- 1 b2 a1 0 Jun 11 17:30 1.txt
-rw-rw-r-- 1 c3 a1 0 Jun 11 17:30 2.txt
-rw-rw-r-- 1 d4 a1 0 Jun 11 17:30 3.txt
So all the a1 user has access to all the files under the test directory. He can edit, rename or remove the file.
b2 user has access to 1.txt only, c3 has access to 2.txt only...
If sticky bit was not set for the test directory, any user can delete any files from the test directory, since the test directory has 777 permissions.
But now it not possible.
If d4 tries to remove 1.txt
rm -f 1.txt
rm: cannot remove `1.txt': Operation not permitted

Tuesday, August 7, 2012

Mac Software I use

Here's a list of software I use on the Mac. I'll try to keep the list updated as I start/stop using applications.


  • KeepassX
  • Transmission
  • Google Chrome
  • Google Drive
  • Google Notifier
  • Google Earth
  • Picasa
  • Evernote
  • TextWrangler
  • Transmission
  • Cyberduck
  • Adium
  • Cisco Jabber
  • AppCleaner
  • Better Touch Tool
  • CloudApp
  • Dropbox
  • Eclipse
  • Mint Quickview
  • Plex
  • Skype
  • smcFanControl
  • Spotify
  • The Unarchiver
  • InsomniaX
  • Twitter
  • UnrarX
  • VLC
  • XBMC

Paid Software

  • Microsoft Office
  • Omnifocus
  • Carbon Copy Cloner
  • iGetter
  • Vmware Fusion

Apple Apps

  • iPhoto
  • iMovie
  • Safari
  • Mail
  • iCal
  • iTunes
  • Messages
  • Reminders
  • Notes
  • Terminal
  • Facetime

Wednesday, June 27, 2012

Changing default quit key for apps on macos

The following command will change the default key to Command+Shift+Q for Mail and Safari.

defaults write NSGlobalDomain NSUserKeyEquivalents '{"Quit Safari" = "@$Q"; "Quit Mail" = "@$Q";}'

The odd characters before the 'Q' in the previous command, specify the modifiers:
  • @ = Command 
  • $ = Shift 
  • ~ = Option 
  • ^ = Control

Tuesday, June 26, 2012

Copy only the email address in Apple Mail

Use the following command to only copy the email address from Apple Mail.

defaults write com.apple.mail AddressesIncludeNameOnPasteboard -boolean No

To undo this action, use

defaults write com.apple.mail AddressesIncludeNameOnPasteboard -boolean Yes

Saturday, June 23, 2012

Cisco Jabber Saving Chat History

1. Create a folder in Documents called 'CiscoJabber-ChatTranscripts'
2. Quite the Jabber Client
3. Run the following commands
cp ~/Library/Preferences/com.cisco.Jabber.plist ~/Library/Preferences/com.cisco.Jabber.plist.backup
defaults read com.cisco.Jabber ARXUserDefaultsChatTranscriptsDirectory
defaults write com.cisco.Jabber ARXUserDefaultsChatTranscriptsDirectory "~/Documents/CiscoJabber-ChatTranscripts"
defaults read com.cisco.Jabber ARXUserDefaultsDeveloperChatArchivePolicyKey
defaults write com.cisco.Jabber ARXUserDefaultsDeveloperChatArchivePolicyKey -int 1
defaults read com.cisco.Jabber ARXUserDefaultsShouldSaveChatTranscriptsKey
defaults write com.cisco.Jabber ARXUserDefaultsShouldSaveChatTranscriptsKey -bool true
defaults read com.cisco.Jabber ARXUserDefaultsShowCommHistoryInSeparateTabsKey
defaults write com.cisco.Jabber ARXUserDefaultsShowCommHistoryInSeparateTabsKey -bool true

4. Start the Jabber Client

Friday, June 22, 2012

Speed up Mission Control Animation

The following command will speed up the animation for the mission control so your laptop appears to be working fast.

defaults write com.apple.dock expose-animation-duration -float 0.15;killall Dock

Monday, April 23, 2012

Disable Credant Mobile Guardian

Since we all used to have laptops, the company had asked us to install a new software, Credant mobile guardian, for encrypting data on the hard disk. After installing it, the restart dialog kept coming as many times as it was rebooted. Finally, frustrated, I renamed the file name in c:\Windows\System32\CmgShieldUI.exe to CmgShieldUI_.exe and CmgShieldSvc.exe to CmgShieldSvc_.exe

Then, kill CmgShieldUI.exe from task manager (For n00bs out there, 'kill' means 'End process').
Hover over the tray icon & it disappears!

Also it might be a good idea to remove these from startup (msconfig).

Monday, April 9, 2012

Use options,

--trace-ascii (Use - for stdout)

Monday, April 2, 2012

Permanent Redirect in Apache

If you would like to redirect all traffic to an apache web server to the server's FQDN, e.g. redirecting http://myserver/ to http://myserver.example.com, you can easily achieve this using a two VirtualHost entries in your Apache config file.

On Ubuntu, the file to edit is /etc/apache2/sites-enabled/000-default. Find your original declaration, and add a ServerName field with the server's FQDN (fully qualified domain name):

        ServerAdmin webmaster@localhost
        ServerName myserver.example.com
        # rest of real config

 Now create another VirtualHost entry below this one, with the local name of the server (e.g. myserver) and a Redirect statement that redirects to the FQDN:

        ServerName myserver
        Redirect permanent / http://myserver.example.com/

After applying these changes, restart apache using service apache2 restart. Now when visiting http://myserver you should be automatically redirected to http://myserver.example.com.

Webcal timezone fix

When using web cal 1.2.x, events were all showing in Eastern time. Events previously scheduled at 9am PT were now showing up as 12n ET. Even when you change the timezone in the WebUI settings page, web cal always shows the current GMT offset as -4. 

The problem is that there are two variables 'TIMEZONE' and 'SERVER_TIMEZONE'.Only one is changed using the WebUI. So you need to login the database manually using phomyadmin and set the timezone correctly on both variables.

mysql> update webcal_config set cal_value="America/Los_Angeles" where cal_setting="TIMEZONE";
mysql> update webcal_config set cal_value="America/Los_Angeles" where cal_setting="SERVER_TIMEZONE";

Tuesday, March 13, 2012

Google Search shortcut in Safari

To do a Google search in Firefox, you can simply press Command-K. I really like that. The default keyboard settings in Safari, on the other hand, are a bit more annoying. To do a Google search you must press Command-Option-F — quite a complicated keystroke for something you may commonly do. Pressing Command-K toggles popup blocking on and off — something I’d never want to do.
Here is how you can make Command-K the keystroke for doing a Google search in Safari, killing two birds with one stone:
1. Open System Preferences.
2. Click on Keyboard & Mouse.
3. Click on Keyboard Shortcuts.
4. Click the “+” to add a new shortcut.
5. Choose “Safari” from the Application menu.
6. Type “Google Search…” (without the quotes) into the Menu Title field. Those three dots are an ellipses, formed by typing Option-semicolon (not three periods).
7. Press Command-K in the Keyboard Shortcut field.
8. Click “Add”.
9. Close and reopen Safari.
Pressing Command-K will now cause the cursor to move to the Google search box!

Wednesday, February 1, 2012

Apple Mail move down the list after deleting email

open terminal and type:
defaults write com.apple.mail IgnoreSortOrderWhenSelectingAfterDelete 1

This causes Apple Mail to move to the next email down in the list instead of up.