Starting Rescue Mode in Ubuntu 11.10

It’s a little difficult to find the rescue mode in Ubuntu 11.10. Since 11.04 you can press the shift key in startup phase to show up the grub boot menu.

First step is changing the following line in /etc/default/grub


GRUB_HIDDEN_TIMEOUT=0

to


GRUB_HIDDEN_TIMEOUT=1

Activate the changes by running /usr/sbin/upgrade-grub.

Now you can boot up your system and can press the shift key to access the grub menu.

Another important thing is that the file systems are mounted read-only in rescue mode. If you want make changes to the file systems then you must first choose the remount option in the boot menu.

Postfix setup for SSL and TLS

To use SSL and TLS with the postfix mailer daemon you must change settings in the /etc/postfix/main.cf configuration file:

# tls config
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/demoCA/cacert.pem
smtpd_tls_cert_file = /etc/postfix/ssl/server-crt.pem
smtpd_tls_key_file = /etc/postfix/ssl/server-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
tls_random_prng_update_period = 3600s

You also need a SSL certificate for your mail server. Create it with the following commands:

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/

# Create new local certification authority (if not already present)
/usr/share/ssl/misc/CA.pl -newca

# Create RSA certificate
openssl req -new -nodes -keyout server-key.pem -out server-req.pem -days 365
openssl ca -out server-crt.pem -infiles server-req.pem
chmod 644 server-crt.pem demoCA/cacert.pem
chmod 400 server-key.pem

Now you must remove the comment mark “#” for SMTPS and TLS manager in the /etc/postfix/master.cf configuration file:

smtps     inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes
tlsmgr    unix  -       -       n       1000?   1       tlsmgr

IMAP server setup under SuSE Linux

First you must install the UW-Imap daemon with yast. UW-Imap uses the standard mail folder structure from Linux, so no additional configuration is needed.

Create SSL certificates

The certificates are stored in folder /etc/ssl/certs. Change to this directory:

cd /etc/ssl/certs

Now create the certificates for your system with the following command:

openssl req -new -x509 -nodes -out imapd.pem -keyout imapd.pem -days 365

You are asked about country name (2 letter code), state or province Name (full name), locality name (eg, city), organization name (eg, company), organizational unit name (eg, section), common name (eg, your name) and email address.

For «common name» you must enter the full DNS or IP address of your system ! If your system has more than one DNS name or IP addresses you must generate an own certificate for each DNS name or IP address.

Configuration of xinetd

Open the file /etc/xinetd.d/imap with a editor of your choice.

$EDITOR /etc/xinetd.d/imap

Add the section imaps if it doesn’t already exists:

service imaps
{
  disable         = no
  socket_type     = stream
  protocol        = tcp
  wait            = no
  user            = root
  server          = /usr/sbin/imapd
  flags           = IPv4
}

Save the changes and restart xinetd with the command

rcxinetd restart

Make bootable USB stick for Linux installation

You need a Linux installation image, e.g. SUSE-Linux-10.1-Remastered-i386-mini.iso. You can download this from a openSuSE mirror server.

The package syslinux must be installed to make a bootable USB stick. So if you haven’t it installed you must do so now.

Asume your USB stick is accessed with device name /dev/sda1, you can use the following commands to write the image to the stick and make it bootable:

umount /dev/sda1
mount -o loop SUSE-Linux-10.1-Remastered-i386-mini.iso /mnt
/mnt/boot/i386/mkbootdisk --32 --partition /dev/sda1 /mnt