virt-manager without root

To be able to execute virt-manager without root privilege,

– create a new group

# group add libvirt

– Add the required users to this group by editing the /etc/groups file

– Edit the libvirtd configurations:

# vi /etc/libvirt/libvirtd.conf

– Add the following configurations.

unix_sock_group = "libvirt"
auth_unix_rw = "none"

– Restart libvirtd,

#service libvirtd restart

– Logout and try to access libvirtd

$ ssh -X <username>@<host> virt-manager


Setup GeoIP (PECL) for piwik geolocation and updating old visits

GeoIP is the recommended way to accurately determine the location of the visitor, by default geolocation settings may provide in accurate result.

To enable GeoIP(PECL) from redhat/centos machines:
# yum install php-pecl-geoip
#apachectl restart
# php -m | grep -i geo

From Piwik, Settings –> Geolocation –> GeoIP (PECL)

To reindex the old visits:
# cd misc/others
# php ./geoipUpdateRows.php
[note] Found working provider: geoip_pecl
90094 rows to process in piwik_log_visit and piwik_log_conversion....
100% done!

Send attachments from command line with mutt

To send e-mails from command line with attachments using mutt.

Set the from address with EMAIL=
-s – Subject
-a – attachment file
recipient name
-c – for CC
-b – for BCC
create a text file (eg: /tmp/testmessage) , with the body of the message.

EMAIL="foo@bar" mutt -s "Subject" -a test.doc foo1@bar -c foo2@bar < /tmp/testmessage

Create bootable USB on OSX

– Identify the disk number for the USB disk inserted, usually you can find it from the “Name” and “Size” field.
Below eg: , We inserted a USB with 4.1 GB size (so as the identified: “disk2”.)
Open terminal and execute the following commands:

sh-3.2$ diskutil list
#:                       TYPE NAME                    SIZE       IDENTIFIER
0:      GUID_partition_scheme                        *120.0 GB   disk0
1:                        EFI EFI                     209.7 MB   disk0s1
2:          Apple_CoreStorage                         119.0 GB   disk0s2
3:                 Apple_Boot Recovery HD             650.0 MB   disk0s3
#:                       TYPE NAME                    SIZE       IDENTIFIER
0:                  Apple_HFS Macintosh HD           *118.7 GB   disk2
#:                       TYPE NAME                    SIZE       IDENTIFIER
0:                            UNTITLED        *4.1 GB     disk2

– Unmount the disk
sh-3.2$ diskutil unmountDisk /dev/disk3
Unmount of all volumes on disk3 was successful

– write the ISO file to USB using dd command
sh-3.2$ sudo dd if=Downloads/ubuntu-12.04.3-desktop-i386.iso of=/dev/disk2 bs=1m
707+0 records in
707+0 records out
741343232 bytes transferred in 139.059398 secs (5331126 bytes/sec)

– Unmount the disk
sh-3.2$ diskutil eject /dev/disk3
Disk /dev/disk3 ejected

Virus scanning for file uploads with clamav/php

Download and install the following packages, in case your repository has those package just use the management tool to install.


# apt-get install clamav clamav-db clamd clamav-devel php-devel


# yum install php-devel
# wget
# wget
# wget
# wget
# rpm -Uvh clam*
# freshclam
# service clamd start

Configure php-clamav

Download php-clamav from from

# wget
# tar xvzf php-clamav_0.15.7.tar.gz
# cd php-clamav-0.15.7/
# phpize
#./configure –with-clamav
# make
# cp modules/ /usr/lib/php/modules/

Add the modules to php.ini if required.

Make sure the module is loaded

# php -i | grep -i clam

Incase you see the following error create a symlink to clamav path
LibClamAV Error: cl_load(): Can’t get status of /var/lib/clamav

# ln -s /var/clamav /var/lib/clamav

Test script
Get the testing virus file from and save it on a file (eg: /tmp/virus.txt)

Create a php script:
cat > check_virus.php

$file = ‘/tmp/testing.txt’;
$retcode = cl_scanfile($file, $virusname);
if ($retcode == CL_VIRUS) {
echo .”Virus found name : “.$virusname;
} else {
echo .cl_pretcode($retcode);

$ php check_virus.php
Virus found name : Eicar-Test-Signature


Create CSR and implement in apache

These steps are used to generate a CSR to get the SSL certificate signed with verisign. The filenames used are just examples.

$ /usr/bin/openssl genrsa -rand /dev/urandom -out <web_root>/domain_name.key 2048
$ /usr/bin/openssl req -new -key <web_root>/domain_name.key -out <web_root>/domain_name.csr

Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:<make sure it matches exactly with your domain>
Email Address []:

Create the certificate without passphrase if you dont want passphrase to be prompted for every webserver restart.

Upload the CSR to the Certificate Authority and get the signed certificate and save it as domain_name.crt. If it is from verisign get both intermediate certificates and add it to a file (eg:

In virtual host configuration

SSLEngine on


SSLCertificateFile <web_root>/domain_name.crt

SSLCertificateKeyFile <web_root>/domain_name.key

SSLCACertificateFile <web_root>/

Restart webservice and verify the certificate, you may use the verisign cert checker (

Install rich text editor in mediawiki

The WYSIWYG extension enables a more intuitive editing of pages on a MediaWiki-based site

Download the package suitable for your mediawiki version

$ unzip

$ cp -prf WYSIWYG


$ vi LocalSettings.php added




define permissions as per your requirements.

Upgrade php to 5.3 – directadmin

# cd /usr/local/directadmin/custombuild
# ./build set php5_ver 5.3
# ./build update
# ./build php n
# /etc/init.d/httpd restart

This may break your softaculous, if it cannot load the correct ioncube.

Site error: the file /usr/local/directadmin/plugins/softaculous/images/inc.php requires the ionCube PHP Loader to be installed by the site administrator.

Edit your php.ini to fix it

# vi /usr/local/directadmin/plugins/softaculous/php.ini
zend_extension = "/usr/local/ioncube/" // replace it with correct path
# /etc/init.d/httpd restart

Install Raspbmc media center on RaspberryPi


Eventhoug I am happy with xbian , was just trying Raspbmc as well 🙂

Raspbmc  media center for the Raspberry Pi and is based on Raspbian and XBMC.

All credits go to Sam Nazarko, Thanks for excellent work.


You may use XPi Installer instead of the following method,

Install raspbmc on SDcard from MAC OSX / Linux / Windows ,

Download the raspbmc, change permission and execute. Make sure that you select the correct disk ( verify the info from disk utilities in MAC OS X)

$ curl -O
$ chmod u+x
$ sudo python 
Raspbmc installer for Linux and OS X
Please ensure you've inserted your SD card, and press Enter to continue.
Enter the 'IDENTIFIER' of the device you would like imaged:
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *120.0 GB   disk0
   0:      GUID_partition_scheme                        *500.1 GB   disk1
   0:                  Apple_HFS Macintosh HD           *118.7 GB   disk2
   0:     Apple_partition_scheme                        *17.4 MB    disk3
   0:     FDisk_partition_scheme                        *15.9 GB    disk4
Enter your choice here (e.g. 'disk1', 'disk2'): disk4
It is your own responsibility to ensure there is no data loss! Please backup your system before imaging
You should also ensure you agree with the Raspbmc License Agreeement
Are you sure you want to install Raspbmc to '/dev/disk4' and accept the license agreement? [y/N] y
Downloading, please be patient...
Downloaded 16.35 of 16.35 MiB (100.00%)
Unmounting all partitions...
Unmount of all volumes on disk4 was successful
Please wait while Raspbmc is installed to your SD card...
This may take some time and no progress will be reported until it has finished.
0+1173 records in
0+1173 records out
76800000 bytes transferred in 14.809589 secs (5185829 bytes/sec)
Installation complete.
Would you like to setup your post-installation settings [ADVANCED]? [y/N]N
  • Once the installation is completed, eject it from the system.
  • Insert the sdcard to RaspberryPi.
  • Connect the RaspberryPi using Ethernet cable, continue with the post installation steps.

Configure static IP on Raspberry Pi


Some access points does not deliver DHCP to the raspberrypi. You could assign the IP statically as follows:

Edit the /etc/network/interfaces file

Comment out the following lines.

> #allow-hotplug wlan0
> #wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
> #iface eth0 inet manual

Add following configs.

auto lo 
iface eth0 inet dhcp
auto wlan0
iface wlan0 inet static
address x.x.x.x
netmask x.x.x.x
gateway x.x.x.x
pre-up wpa_supplicant -Dwext -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf -B

Re-enable the interface.

ifdown wlan0
ifup wlan0

Configure the name server if required.

nameserver x.x.x.x

Upgrade, Restore Drupal 7

Shell script to upgrade and restore Drupal 7 website
This script will take care of the necessary actions required for upgrading drupal to higher versions.


  • Copy the script to your webserver.
  • Edit the script and change the variables to match with your setup
  • Give execute privilege to the owner of the script (chmod u+x
  • Execute the script ./


$ ./ 
 Please enter your choice:
 1. Update drupal
 2. Restore an old installation from backup
 3. Exit
Please enter the new drupal version (eg: 7.15) : 
Downloading drupal-7.18
Downloaded the the drupal version drupal-7.18
Current site backup is created: /home/foo/backups/08-01-2013-0938
Database backup created: /home/foo/backups/08-01-2013-0938.sql
Site is in maintanence mode now
Removed all drupal core files from destination
Copied the new version contents
Drupal updated to drupal-7.18
Site is active again, but please update your database, please visit http://<yourwebsite>/update.php to finalize the process
Removed the source files


$ ./ 
 Please enter your choice:
 1. Update drupal
 2. Restore an old installation from backup
 3. Exit
List of available backups
Please enter the backup file name to restore: (eg: 08-01-2013-0753): 
Site is offline now
Removed production files
Restored the filesystem backup 
Restored the database
Site is restored

View on github

Upgrading Linux Mint 13 (maya) to Linux Mint 14 (nadia).

Linux Mint 14
Linux Mint 14

Take a backup of the current sources.list, preferably make a full backup of the system.

Edit the sources.list file,
replace the occurrences of maya with nadia and precise with quantal.

$ vi /etc/sources.list

Resulting file may look like.

deb nadia main upstream import
deb quantal main restricted universe multiverse
deb quantal-updates main restricted universe multiverse
deb quantal-security main restricted universe multiverse
deb quantal partner
deb quantal free non-free

Update the system

$ sudo apt-get update
$ sudo apt-get dist-upgrade

SAN and Tape backup with bacula

Install and configure bacula for SAN and Tape backup

There is already an excellent document about bacula installation and configurations at bacula website. This article is one way of getting SAN and Tape backup working together with single bacula director installation. It assumes that you already have installed and mounted the SAN and configured the tape device.

This configuration aim at:

  • Incremental daily for 20 days
  • Differential weekly for 3 months
  • Monthly full for 6 months
  • Eject the tape to mailslot after the back and notify admin etc.

customise it based on your requirements.

The configurations are tested with HP MSL 2024 Tape library and MSA SAN array.

Bacula server setup

The configurare are done on Redhat Enterprise linux, likely similar for other Linux distros.

  • Create a user for backup
# useradd -d /home/backup backup
  • Install bacula server and create the database and database users : ref: for installation instructions.
  • Create the necessary directories:
# su - backup
$ mkdir -p /home/backup/bacula/var/lock/subsys
$ mkdir /home/backup/bacula/var/run/
  • Configure the director (bacula-dir.conf)

$ cat ~/bacula-dir.conf

# Define the director, common for SAN and Tape
Director { # define myself
Name = {hostname}-dir # use your hostname
DIRport = 9101 # where we listen for UA connections
QueryFile = "/home/backup/bacula/script/query.sql"
WorkingDirectory = "/home/backup/bacula/wdir"
PidDirectory = "/home/backup/bacula/var/run"
Maximum Concurrent Jobs = 3
Password = "{console_password} # Console password
Messages = Daemon
# List of files to be backed up to SAN
FileSet {
 Name = "File Set"
 Include {
 Options {
 signature = MD5
 File = /

 Exclude {
 File = /proc
 File = /tmp
 File = /.journal
 File = /.fsck
# List of files to be backed up to tape
FileSet {
 Name = "tape Set"
 Include {
 Options {
 signature = MD5
 File = /

 Exclude {
 File = /proc
 File = /tmp
 File = /.journal
 File = /.fsck
# Schedule for SAN backup
Schedule {
 Name = "WeeklyCycle"
 Run = Full 1st sun at 01:00
 Run = Differential 2nd-5th sun at 01:00
 Run = Incremental mon-sat at 01:00
# Schedule for tape backup
Schedule {
 Name = "TapeWeeklyFull"
 Run = Level=Full 1st sun at 03:00
# Definition of file storage (SAN)
Storage {
 Name = File
# Do not use "localhost" here
 Address = {FQDN} # N.B. Use a fully qualified name here
 SDPort = 9103
 Password = "{sdpassword}"
 Device = FileStorage
 Media Type = File
# Define storage (Tape)
Storage {
 Name = msl2024
 Address = {director-address}
 SDPort = 9103
 Password = "{director-password}"
 Device = MSL2024
 Media Type = LTO-4
 Autochanger = yes
 Maximum Concurrent Jobs = 3
# Generic catalog service
Catalog {
 Name = MyCatalog
 dbname = "dbname"; dbuser = "dbuser"; dbpassword = "dbpass"
# Tape catalog
Job {
 Name = "TapeBackupCatalog"
 JobDefs = "{dir-host-name}-tape"
 Level = Full
 Schedule = "CatalogAfterTapeBackup"
 RunBeforeJob = "/home/backup/bacula/script/ MyCatalog"
 RunAfterJob = "/home/backup/bacula/script/delete_catalog_backup"
 Write Bootstrap = "/home/backup/bacula/wdir/%n.bsr"
 Priority = 20 # run after main backup
# Default pool definition
Pool { 
 Name = Default
 Pool Type = Backup 
 Recycle = yes # Bacula can automatically recycle Volumes
 AutoPrune = yes # Prune expired volumes
 Volume Retention = 365 days # one year
# General Tape backup pool
Pool { 
 Name = TapePool
 Pool Type = Backup 
 Recycle = yes # Bacula can automatically recycle Volumes
 AutoPrune = yes # Prune expired volumes
 Volume Retention = 6 months # 6 months
 Recycle Oldest Volume = yes
 Storage = msl2024 
 Volume Use Duration = 4 days
## Do the following configurations for each client
# Job definition, define it for each bacula client, replace clientX_hostname, Fileset accordingly
JobDefs {
Name = "{clientX_hostname}"
Type = Backup
Client = {clientX_hostname}-fd
FileSet = "File Set"
Schedule = "WeeklyCycle"
Storage = File
Messages = Standard
Pool = File
Full Backup Pool = Full-Pool-{clientX_hostname}
Incremental Backup Pool = Inc-Pool-{clientX_hostname}
Differential Backup Pool = Diff-Pool-{clientX_hostname}
Priority = 10
Write Bootstrap = "/home/backup/bacula/wdir/%c.bsr"
# Tape

JobDefs {
 Name = "{clientX_hostname}-tape"
 Type = Backup
 Client = {clientX_hostname}-tape-fd
 FileSet = "tape set"
 Schedule = "TapeWeeklyFull"
 Storage = msl2024
 Messages = Standard
 Pool = TapePool
 Full Backup Pool = TapePool
 Priority = 10
 Write Bootstrap = "/home/backup/bacula/wdir/%c.bsr"
# Define Job, replace clientX_hostname
Job {
 Name = "{clientX_hostname}"
 JobDefs = "{clientX_hostname}"
# Tape
Job {
 Name = "{clientX_hostname}"
 JobDefs = "{clientX_hostname}-tape"

# Define restore job
Job {
 Name = "RestoreFiles-{clientX_hostname}"
 Type = Restore
 FileSet="File Set" 
 Storage = File
 Pool = Default
 Messages = Standard
 Where = /home/backup/archive/bacula-restores
# Tape
Job {
 Name = "RestoreFiles-{clientX_hostname}-tape"
 Type = Restore
 FileSet= "tape set"
 Storage = msl2024
 Pool = TapePool
 Messages = Standard
 Where = /home/backup/archive/bacula-restores

# Client (File Services) to backup
Client { 
 Name = {clientX_hostname}-fd
 Address = {client_address}
 FDPort = 9102
 Catalog = MyCatalog
 Password = "{client_password}" # password for FileDaemon
 File Retention = 60 days # 60 days
 Job Retention = 6 months # six months
 AutoPrune = yes # Prune expired Jobs/Files
# Tape
Client {
 Name = {clientX_hostname}-tape-fd
 Address = {client_address}
 FDPort = 9202 # use different port
 Catalog = MyCatalog
 Password = "{client_password}" # password for FileDaemon
 File Retention = 6 months
 Job Retention = 6 months
 AutoPrune = yes
# Pool for each client
Pool {
 Name = Full-Pool-{clientX_hostname}
 Pool Type = Backup
 Recycle = yes
 AutoPrune = yes
 Volume Retention = 6 months
 Maximum Volume Jobs = 1
 Label Format = Full-Pool-{clientX_hostname}-
 Maximum Volumes = 9
Pool { 
 Name = Inc-Pool-{clientX_hostname}
 Pool Type = Backup 
 Recycle = yes # automatically recycle Volumes
 AutoPrune = yes # Prune expired volumes
 Volume Retention = 20 days
 Maximum Volume Jobs = 6
 Label Format = Inc-Pool-{clientX_hostname}-
 Maximum Volumes = 7
Pool { 
 Name = Diff-Pool-{clientX_hostname}
 Pool Type = Backup
 Recycle = yes
 AutoPrune = yes
 Volume Retention = 40 days
 Maximum Volume Jobs = 1
 Label Format = Diff-Pool-{clientX_hostname}-
 Maximum Volumes = 10
# Tape, no extra definition required.

  • Make sure you label the tape and add it to the TapePool, if you tape drive has barcode device available, use
$ bconsole
* label barcode
then select the TapePool

If you have mailslot enabled you could configure the bacula to eject the tape to mailslot after backup finished and will notify.

$ cat /home/backup/bacula/script/delete_catalog_backup
# Unload the tape for storage
mtx -f /dev/sg1 unload 24 # replace 24 with your mailslot
# Send mail
/home/backup/bacula/script/ | mail -s "Tape backup done"

Configure storage daemon

{ # definition of myself
 Name = {director_hostanme}-sd
 SDPort = 9103 # Director's port 
 WorkingDirectory = "/home/backup/bacula/wdir"
 Pid Directory = "/home/backup/bacula/var/run"
 Maximum Concurrent Jobs = 20
# List Directors who are permitted to contact Storage daemon
Director {
 Name = {director_hostname}-dir
 Password = "{director_password}"
Device {
 Name = FileStorage
 Media Type = File
 Archive Device = /media/san/bacula/ # SAN volume
 LabelMedia = yes # lets Bacula label unlabeled media
 Random Access = yes
 AutomaticMount = yes # when device opened, read it
 RemovableMedia = no
 AlwaysOpen = no
# Tape
Autochanger {
 Name = MSL2024
 Device = lto4drive
 Changer Command = "/home/backup/bacula/script/mtx-changer %c %o %S %a %d"
 Changer Device = /dev/sg1 # change it based on your setup
Device {
 Name = lto4drive
 Drive Index = 0
 Media Type = LTO-4
 Archive Device = /dev/nst0
 AutomaticMount = no # when device opened, read it
 AlwaysOpen = no
 RemovableMedia = yes
 RandomAccess = no
 AutoChanger = yes

Client configuration

  • Install the bacula package on the client machines, except use –enable-client-only
  • Remove the director and storage daemon startup scripts
rm /etc/init.d/bacula-dir
rm /etc/init.d/bacula-sd
  • Create necessary directories
mkdir -p /home/backup/bacula/wdir /home/backup/bacula/var/run  /home/backup/bacula/var/lock/subsys/
  • Create bacula-filedeamon configuration for tape and san seperately

SAN (bacula-fd.conf)

FileDaemon { # this is me
 Name = {clientX_hostname}-fd
 FDport = 9102 # where we listen for the director
 WorkingDirectory = /home/backup/bacula/wdir
 Pid Directory = /home/backup/bacula/var/run
 Maximum Concurrent Jobs = 20

Tape  (bacula-fd-tape.conf)

FileDaemon { # this is me
 Name = {clientX_hostname}-tape-fd
 FDport = 9102 # different port than the san
 WorkingDirectory = /home/backup/bacula/wdir
 Pid Directory = /home/backup/bacula/var/run
 Maximum Concurrent Jobs = 20
  • Edit the bacula-fd startup script and add the extra line to start the tape file daemon
daemon /home/backup/bacula/sbin/bacula-fd $2 ${FD_OPTIONS} -c /home/backup/bacula/etc/bacula-fd-tape.conf


Host group based access restriction – Nagios

This is useful especially when you have different host groups belongs to different entities and you need to have access separation.

The basic idea is to use the same login user name in the contact groups. I assume that you have Apache htaccess authentication or LDAP authentication in place.

You may create new contact group of use the already existing one , just make sure your username and contact_name matches.

- Create a contact group
define contactgroup {
 contactgroup_name customer1
 alias Customer1 Servers
 members customer1
- Create the contact
define contact {
 contact_name customer1 #make sure this matches with the username
 alias Customer1 Contact
 service_notification_period 24x7
 host_notifications_enabled 0
 host_notification_period 24x7
 service_notification_options w,u,c,r
 host_notification_options d,u,r
 service_notification_commands notify-by-email
 host_notification_commands host-notify-by-email
- Use this contact group in host definition
define host {
 use generic-alerted-host
 host_name customer1-host
 contact_groups customer1 # make sure this matches with the contactgroup_name
 max_check_attempts 3

Just restart nagios and try to login with the new user account. You may give more privileges to this user if required from cgi.cfg


Detected bug in an extension! Hook FCKeditor_MediaWiki

Detected bug in an extension! Hook FCKeditor_MediaWiki::onCustomEditor failed to return a value; should return true to continue hook processing or false to abort.


#0 mediawiki/includes/Wiki.php(497): wfRunHooks('CustomEditor', Array)
 #1 mediawiki/includes/Wiki.php(63): MediaWiki->performAction(Object(OutputPage), Object(Article), 
Object(Title), Object(User), Object(WebRequest))
 #2 mediawiki/index.php(114): MediaWiki->initialize(Object(Title), Object(Article), Object(OutputPage), 
Object(User), Object(WebRequest))
 #3 {main}

Edit the following file to fix this issue:

 -- public function onCustomEditor(&$article, &$user) {
 ++ public function onCustomEditor($article, $user) {


svn: Can’t convert string from ‘UTF-8’ to native encoding:

"svn: Can't convert string from 'UTF-8' to native encoding:"

This usually happens with special characters in the file name, which the client cannot understand.

Just set proper locale in the client to fix this issues,

$ export LC_CTYPE=en_US.UTF-8
// make sure the locale is properly set.
$ locale


Fix categories and tags in wordpress custom post_type

By default word press does not look in to custom post_types for categories and tags, even though the category names are visible you get a NOT FOUND page when you click on the category.

A work around found for this issue is :

Edit : functions.php

add_filter('pre_get_posts', 'query_post_type');
function query_post_type($query) {
if(is_category() || is_tag()) {
$post_type = get_query_var('post_type');
$post_type = $post_type;
$post_type = array('post','custom_post_type_name','nav_menu_item'); // replace custom_post_type_name with your post_type, and keep nav_menu_item to display menu in category page.
return $query;


Thanks to paranoid  for guiding to the fix . 😉