Teamspeak 3 Beta1 is out and there are some problems running it under Linux. I wrote a step by step howto to set up a ts3 server on linux.

HowTo:

First you have to create a user which runs the ts3 server (root is a bad idea):

useradd ts3

After this change to the user and move to his home directory:

su ts3
cd ~

Download and extract the Teamspeak 3 server (this is the 64bit version):

wget http://ftp.4players.de/pub/hosted/ts3/releases/beta-1/teamspeak3-server_linux-amd64-3.0.0-beta1.tar.gz
tar zxvf teamspeak3-server_linux-amd64-3.0.0-beta1.tar.gz

Now move to the extracted folder and start the Teamspeak 3 server:

cd teamspeak3-server_linux-amd64
./ts3server_linux_amd64 &

Write down the user name and password which is shown on the screen for server admin rights. The first log file under /logs in the ts3 server folder contains the admin token. This token can be used once to register a user with admin rights.

Problems:

2009-12-20 10:49:39.852960|INFO    |ServerLibPriv |   | Server Version: 3.0.0-beta1 [Build: 9366]
2009-12-20 10:49:39.890852|INFO    |DatabaseQuery |   | dbPlugin name:    SQLite3 plugin, (c)TeamSpeak Systems GmbH
2009-12-20 10:49:39.891284|INFO    |DatabaseQuery |   | dbPlugin version: 3.6.4
2009-12-20 10:49:39.971083|WARNING |Accounting    |   | Unable to find valid license key, falling back to limited functionality
2009-12-20 10:49:40.312599|ERROR   |Accounting    |   | failed to register accounting service
2009-12-20 10:49:40.318183|ERROR   |ServerLibPriv |   | Server() error while starting servermanager, error: instance check error

If you are not able to start the ts3 server (after you started is with root rights or with another users), empty the /tmp server. Teamspeak 3 creates a lock file to check if the service runs.

[strace error information]
...
unlink("/tmp/7gbhujb54g8z9hu43jre8")    = -1 EPERM (Operation not permitted)
open("/tmp/7gbhujb54g8z9hu43jre8", O_RDWR|O_CREAT|O_EXCL|O_NOFOLLOW, 0777) = -1 EEXIST (File exists)
...

Today I had a problem while committing to a subversion repository.

I get following error in my eclipse log:

Can't open activity db: APR does not understand this error code

The apache2 error log shows that the apache dav module have no rights to create/edit a file:

[Sun Oct 12 17:17:38 2008] [error] [client] could not open dbm files.
[Sun Oct 12 17:17:38 2008] [error] [client] Can't open activity db: APR does not understand this error code
[Sun Oct 12 17:21:46 2008] [error] [client] Could not create activity /svn/rep/!svn/act...

Following changes fixed the problem:

chmod 770 /var/svn/rep
chmod 755 /var/svn/rep/dav/activities
chown www-data:www-data /var/svn/rep/dav/activities

Sometimes you have to create first the dav folder in your repository.

Our backup system is now running and tested.

For the backup we are using duplicity and ftplicity. Ftplicity is a script to simplify the usage of duplicity with a ftp-server.

The backups will be encrypted with GnuPG before transmission to the server. We are using the newest versions (not debian stable) from duplicity and ftplicity because of transmission timeout problems.

Now mailman is also available over the https protocol.
Also the informations of the web server and php will be hidden.

Mailman (SSL)

Munin and ntop now available under new URL´s for security reasons.
Authentication is required and SSL is used for communication.

• munin
• ntop

To support the presence plugin from Openfire behind firewalls which only allows port 80 requests, setup a reverse proxy with apache2.

(more…)

Falls einer sich etwas über GnuPG informieren möchte und dem Englischen nicht ganz mächtig ist,
empfehle ich die Deutsche GnuPG Anleitung.

Neben der Verwendung von GnuPG wird auch auf die einzelnen Features der Schlüssel eingegangen.
Mehr dazu in unserer Howto für GnuPG, welche einiges aus der Seite zusammenfasst.

For Squirrelmail below 1.5 there exists a session hijacking vulnerability because of unsafe cookies.
Detailed informations: SecurityFocus

So I generated a fix for our Squirrelmail 1.4.9 installation.
This fix only works if you use PHP 5.2 because of the http-only flag.

The changes are to use secure and http only feature for php session cookies.

(more…)

Now its possible to check for each vserver the network traffic.\
Therefore munin supports network traffic logging over IPTables.

Also each vserver with apache2 running will now support status
logging for his http-server port 80.

How this logging is activates is referred in our wiki.

Because of security problems in the calm theme of WebSVN
I had to edit some templates file and includes following tags:

[websvn-test:noaccess]
[lang:NOACCESS]
[websvn-else]
...
[websvn-endtest]

This bug is already known by the developers. Issue #126