• Home
  • Cisco
  • Exchange
  • Linux
  • Navision
  • Network
  • Virtualization
  • Windows
  • About
  •  

    Set GroupOwner in Proftpd

    September 16th, 2016

    Due to an error in proftpd, you might need an virtual group.

    /etc/proftpd/proftpd.conf:

    GroupOwner www-data
    Umask 002 003

    AllowOverwrite on
    AuthGroupFile /etc/proftpd/ftpd.group

    /etc/proftpd/ftpd.group
    www-data:x:33:testuser
    Same ID and name as the local user.


    Configuring SSL on Debian nginx

    July 20th, 2016

    /etc/nginx/ssl
    openssl req -new -newkey rsa:2048 -nodes -keyout *.mydomain.com.key -out *.mydomain.com.csr

    Inside config:
    /etc/nginx/sites-available/default

    ssl on;
    ssl_certificate /etc/nginx/ssl/*.mydomain.com.crt;
    ssl_certificate_key /etc/nginx/ssl/*.mydomain.com.key;
    ssl_trusted_certificate /etc/nginx/ssl/chain.crt;
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;

    chain.crt:
    AlphaSSL SHA-256 R1 Intermediate Certificates (DER64)

    dhparam.pem:
    openssl dhparam -out dhparam.pem 4096


    Disable greylisting – emails from Office 365

    March 8th, 2016

    Office 365 sends emails from a lot of mailservers. retrys are often from a new IP.
    Then you have delays of 5 min + 5 min etc…

    Office 365 uses this IP’s:
    https://technet.microsoft.com/en-us/library/dn163583

    In your Mailscanner, you can Whitelist Office 365 Exchange IP’s by adding them to this:
    /etc/sqlgrey/clients_ip_whitelist.local

    OR
    /etc/sqlgrey/clients_fqdn_whitelist.local
    *.messageslabs.com
    outbound.protection.outlook.com
    *.outbound.protection.outlook.com
    *.microsoftonline.com
    *.hotmail.com

    /etc/init.d/sqlgrey restart


    Remove specific recipient email from postfix queue

    August 1st, 2014

    postqueue -p | tail -n +2 | awk ‘BEGIN { RS = “” } / refund_of_tax@mycomp\.com/ { print $1 }’ | tr -d ‘*!’ | postsuper -d –

    Script:

    #Bash
    while true; do
    sleep 5
    postqueue -p | tail -n +2 | awk ‘BEGIN { RS = “” } / refund_of_tax@mycomp\.com/ { print $1 }’ | tr -d ‘*!’ | postsuper -d –
    done

    Block the email:

    nano /etc/postfix/recipient_access
    refund_of_tax@mycomp.com REJECT

    postmap /etc/postfix/recipient_access
    /etc/init.d/MailScanner restart


    Extend /var – EFA/ESVA disk

    June 30th, 2014

    Power off the VM and add a virtual disk to the VM.
    This new disk gets the name /dev/sdc
    Now this disk is used to extend the original /var

    lvm pvcreate sdc
    lvm vgextend vg_var /dev/sdc
    lvextend -l +100%FREE /dev/vg_var/lv_var
    resize2fs /dev/vg_var/lv_var


    Find all files older then…

    October 21st, 2013

    find /www/website/www/ -newermt $(date +%Y-%m-%d -d ’10 day ago’) -type f -print

     


    Search text inside files

    October 18th, 2013

    grep -R email@emailtest.local /www/folder/

    This searches for email@emailtest.local inside files in a folder and all sub folders.


    Stop Exim if a lage number of emails are in the queue

    October 16th, 2013

    In this example, Exim4 stops if the queue grows lager then 100

    #!/bin/bash
    TERM=linux
    export TERM
    _limit=100
    clear;
    _queue=”`/usr/sbin/exim -bpc`”
    if [ “$_queue” -ge “$_limit” ]; then
    /etc/init.d/exim4 stop
    fi


    Synology – Speedup RAID rebuild time

    October 3rd, 2013

    A rebuild of a failed disk can by design take two days.
    If you raise the “speed limit” it can go faster.

    /proc/sys/dev/raid
    Have two files:
    speed_limit_min
    speed_limit_max

    Old versions of DSM (Synology firmware) has a limit in “speed_limit_min” of 1000.
    New versions have 10000.
    Remember to use the newest version of DSM, but you can still edit the value by hand.
    echo 20000 > /proc/sys/dev/raid/speed_limit_min


    Joomla filesystem permissions and setup ProFTPd

    July 12th, 2013

    The recommended default permissions of 755 for directories and 644 for files should be reasonably secure.
    Use this two commands to make your www direktory have this setup:

    find /www/wordpress/www/ -type f -print0 | xargs -I {} -0 chmod 0644 {}
    find /www/wordpress/www/ -type d -print0 | xargs -I {} -0 chmod 0755 {}
    

    For joomla you may need FTP to the local database.
    For that, you need to edit the proftp configuration.
    Se below:

    RequireValidShell off
    (/etc/password needs a false shell)

    <VirtualHost 127.0.0.1>
    RequireValidShell 		off
    FactsAdvertise		off
    DefaultRoot			~
    MasqueradeAddress		127.0.0.1
    PassivePorts 64000 65000
    Port 21
    <Directory />
    AllowOverwrite on
    </Directory>
    
    <Directory /www> 
    GroupOwner	www-data
    Umask		002 003
    </Directory>
    </VirtualHost>
    
    <VirtualHost 192.168.55.2>
    RequireValidShell 		off
    FactsAdvertise		off
    DefaultRoot			~
    MasqueradeAddress		80.80.80.80
    PassivePorts 64000 65000
    Port 21
    <Directory />
    AllowOverwrite on
    </Directory>
    <Directory /www> 
    GroupOwner	www-data
    Umask		002 003
    </Directory>
    </VirtualHost>
    

    Force files to download instead of opening – Apache

    June 5th, 2013

    Add this to the .htaccess for every extension:
    AddType application/octet-stream .reg


    ProFTP – set group owner on uploaded files

    May 12th, 2013

    In proftpd.conf, you could have some virtual host’s
    If you have, groupowner is set in this way:

    <VirtualHost 10.0.0.30>
    DefaultRoot ~
    MasqueradeAddress 80.xx.xx.xx
    PassivePorts 64000 65000
    Port 21
    <Directory />
    AllowOverwrite on
    </Directory>
    <Directory /www>
    GroupOwner www-data
    Umask 002 003
    </Directory>
    </VirtualHost>
     
     


    Service unavailable; Client host [xx.xx.xx.xx] blocked using zen.spamhaus.org – fase positive

    February 7th, 2013

    The “list” zen.spamhaus.org combines all spamhaus.org’s filters including the PBL
    PBL is a DNSBL database of end-user IP address ranges and this could give false positivs

    Instead you could use: sbl-xbl.spamhaus.org
    Rumors says, When Zen is used solely as the single test to block spam it could lead to false positives.

    Configuration:
    /etc/postfix/main.cf
    Change:
    smtpd_client_restrictions = permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org
    to:
    smtpd_client_restrictions = permit_sasl_authenticated, reject_rbl_client sbl-xbl.spamhaus.org

    Alternatives:
    xbl.spamhaus.org
    sbl-xbl.spamhaus.org
    zen.spamhaus.org
    bl.spamcop.net

    /etc/Mailscanner/spam.lists.conf

    Restart postfix and Mailscanner


    kernel: lnc0: Missed packet — no receive buffer – VMware BSD and or monowall

    November 16th, 2011

    kernel: lnc0: Missed packet — no receive buffer

    Your virtual hardware is to slow. If an option, try to install vmware-tools or use another network card type instead of vlance.

    add this to the vmx:
    ethernet0.virtualDev=”e1000″
    ethernet1.virtualDev=”e1000″


    Add mime type in htaccess

    August 16th, 2010

    In the .htaccess add this line to support .flv files:
    AddType video/x-flv .flv


    Mysql process sleep – wait_timeout

    August 2nd, 2010

    If the DB connections are not closed they can fill your system up with “sleeping” processes.
    Then mysql can be slow but to minimize this behavior
    Add this line to my.cnf

    wait_timeout=60 (1 min)

    max_connections = 2000


    htaccess – Allow from IP

    July 14th, 2010

    Prompt for access, except the allowed IP’s

    AuthUserFile /www/site.com/www/homepage/.htpasswd
    AuthType Basic
    AuthName “Password Protected Area”
    require valid-user
    order deny,allow
    deny from all
    allow from 123.123.123.123 122.122.122.122
    Satisfy Any


    scheduled job in debian – crontab

    June 22nd, 2010

    Show jobs with: crontab -l
    Edit jobs with: crontab -e

    Examples:
    44 13 * * * /etc/webmin/cron/tempdelete.pl
    00 3  * * * /root/restartMySQL.sh
    First line runs script every day at 13:44
    second line runs script every day at 3:00

    restartMySQL.sh
    #! /bin/sh
    /etc/init.d/mysql restart

    Remember execute right
    dos2unix restartMySQL.sh
    apt-get install tofrodos


    Synology – set duplex and speed

    April 8th, 2010

    cd /usr/syno/etc.defaults/rc.d
    touch S99-eth0.sh
    touch S99-eth1.sh

    echo “#!/bin/sh” >> S99-eth0.sh
    echo “ethtool -s eth0 speed 100 duplex full autoneg off” >> S99-eth0.sh

    echo “#!/bin/sh” >> S99-eth1.sh
    echo “ethtool -s eth1 speed 100 duplex full autoneg off” >> S99-eth1.sh

    chmod +x S99-eth*
    ——–
    ethtool eth0 


    iptables on linksys WRT54G – add FTP and RDP rule

    March 23rd, 2010

    How du you configure and allow FTPS and RPD from a specific public IP on a linksys wrt54g router with the dd-wrt firmware?

    iptables -t nat -I PREROUTING -s 85.x.x.2 -p tcp –dport 3389 -j DNAT –to 192.168.1.20
    iptables -I FORWARD -d 192.168.1.20 -p tcp –dport 3389 -j ACCEPT
    iptables -t nat -I PREROUTING -s 85.x.x.2 -p tcp –dport 60000:61000 -j DNAT –to 192.168.1.20
    iptables -I FORWARD -d 192.168.1.20 -p tcp –dport 60000:61000 -j ACCEPT
    iptables -t nat -I PREROUTING -s 85.x.x.2 -p tcp –dport 990 -j DNAT –to 192.168.1.20
    iptables -I FORWARD -d 192.168.1.20 -p tcp –dport 990 -j ACCEPT


    There are problems with the signature – Click the signature button for details

    November 5th, 2009

    You are receiving an email with a digital signature, but it has a warning: “There are problems with the signature.  Click the signature button for details”.

    Something is probably changing the email before delivery, and now it it not valid. An antivirus and/or SPAM scanner could course this. If you are using ESVA Mail scanner this software is insetting a text in the email. This can be disabled.

    ESVA Customization


    ESVA – Change SSL certificate

    August 19th, 2009

    Enter this folder:
    /etc/pki/tls/certs

    openssl genrsa -des3 -out “YOUR-DOMAIN”.key 1024
    openssl genrsa -out “YOUR-DOMAIN”.key 1024
    openssl req -new -key “YOUR-DOMAIN”.key -out “YOUR-DOMAIN”.csr

    openssl req -noout -text -in “YOUR-DOMAIN”.csr
    cat “YOUR-DOMAIN”.csr
    Make a SSL request

    copy the response to a “YOUR-DOMAIN”.crt

    Edit this file:
    /etc/httpd/conf.d/ssl.conf

    Edit these two lines:
    SSLCertificateFile /etc/pki/tls/certs/”YOUR-DOMAIN”.crt
    SSLCertificateKeyFile /etc/pki/tls/certs/”YOUR-DOMAIN”.key

    Restart apache


    ESVA customization

    June 9th, 2009

    ESVA is a pre-built and easily configured email scanning Virtual Appliance (ESVA) that runs on VMware ESX Server. http://www.global-domination.org/ESVA.php

    The central components are Clam antivirus and spam assassin.

    After the basic setup you might want to customize some thing that cannot changed in the wizard or GUI.

    Change the amount of cashed mails:

    – $days_to_keep = 180; in /etc/cron.daily/clean.quarantine

    – define(QUARANTINE_DAYS_TO_KEEP, 180); in /var/www/html/conf.php

    – INTERVAL 180 DAY in /usr/local/bin/mailwatch/tools/db_clean.php

    /etc/cron.daily/clean.quarantine

    $disabled = 0;

    $days_to_keep   = 14;

    The default signature:

    /etc/MailScanner/rules

    – sig.html.rules

    – sig.text.rules

    Blocked filetypes:

    /etc/MailScanner/filename.rules.conf

    Change the max message size:

    In webmin – postfix – “General resource control”.

    An example is to add a zero.

    Max size of a message: 102400000

    Max size of a mailbox: 512000000

    Or in /etc/postfix/main.cf: message_size_limit = 102400000

    For 100 MB

    Remove the “notify for SPAM”.

    In the file: /etc/MailScanner/MailScanner.conf

    Remove notify in the line:  Spam Actions = store notify

    Disable Graylisting for some IP’s
    /etc/sqlgrey/clients_fqdn_whitlist.local
    /etc/sqlgrey/clients_ip_whitelist.local
    /etc/init.d/sqlgrey restart

    Remove the “MailScanner has detected a possible fraud attempt from…”:

    Highlight Phishing Fraud = no

    Remove the opportunity to read the emails in the Webinterface:

    Edit /var/www/html/detail.php

    Go the end and change the “view email” link.

    // echo ”  <TD><A HREF=\”viewmail.php……………..”</A></TD>\n”;

    echo ” <TD>…</TD>\n”;

    Default SPAM score:

    /etc/MailScanner/MailScanner.conf

    Required SpamAssassin Score = 5

    Remove Inline HTML Signature

    In the file: /etc/MailScanner/MailScanner.conf

    # Add the “Inline HTML Signature” or “Inline Text Signature” to the end

    # of uninfected messages?

    # This can also be the filename of a ruleset.

    Sign Clean Messages = no

    Auto Reply – Out of office

    Treat Invalid Watermarks With No Sender as Spam = 2

    Script in the email

    Allow Script Tags = disarm

    Or yes/no

    Office 2010 Fileformats:

    Microsoft Office 2007/2010 documents (.docx, .xlsx etc) seem to be archived XML documents and MailScanner does not like that by default.

    The solution is to put this in filename.rules.conf

    allow   \.xml\.rel$             –       –

    allow   \.rel$                  –       –

    allow   \.docx$                 –       –

    allow   \.xlsx$                 –       –

    allow   \.xml\d*\.rel$          –       –

    allow   \.x\d+\.rel$            –       –

    allow   \.bin$                  –       –

    allow   \.wmf$                  –       –

    allow   \.dat$                  –       –

    Put this just above the “# Deny all other double file extensions..” line

    allow   .doc$                   –       –

    allow   .xls$                   –       –

    And in MailScanner.conf change Maximum Archive Depth to 3

    Maximum Archive Depth = 3

    This makes MailScanner recognize the Office 2007/2010.

    Disable Fuzzyocr:

    Rename /etc/mail/spamassassin/FuzzyOcr.cf to something else.

    Restart Mailscanner

    Disable SPAM and or AV scan

    /etc/MailScanner/MailScanner.conf

    Spam Checks = no

    Use SpamAssassin = no

    Virus Scanning = no

    In MailScanner.conf
    Spam Checks = /etc/MailScanner/rules/spam.check.rules

    In spam.check.rules:
    FromOrTo:     domain.com      no
    FromOrTo:       default   yes

    Enable Remote ssh login

    /etc/ssh/sshd_config

    PermitRootLogin yes

    Restart sshd

    If running virtual, ESVA might loose time

    Make a file in: /etc/cron.daily

    #!/bin/sh

    #

    /usr/sbin/ntpdate 195.184.96.2

    date +”%D %r `echo Cron completed`” >> /var/log/cron_job.log

    chmod +x ntp.cron

    Remember RAM!

    Do you see this error in the maillog:

    “too big for available disk space in /var/spool/MailScanner/incoming, skipping it”

    Mailscanner is using this directory temporality to unpack files before scanning.

    By default ESVA have 1024 MB of RAM. Half of that size is used to the RAM-based filesystem.

    Maybe 512 MB for unpacking is to small.

    See FSTAB and change the size here

    tmpfs /dev/shm tmpfs defaults,size=1024m

    The easy way (if you have RAM enough), is to just give ESVA more RAM.

    Allow EXE in zipped attachments

    /etc/MailScanner/archives.filename.rules.conf

    allow \.exe$ Windows/DOS Executable

    /etc/MailScanner/archives.filetype.rules.conf

    #deny executable No executables

    Remember to update resolv.conf

    If this file does not contain a IP of an vallid DNS, you might get this error in the log: “Recipient address rejected: Domain not found”

    This is an exaple with openDNS

    /etc/resolv.conf

    search localdom.local

    nameserver 208.67.222.222

    Block destination email address
    /etc/postfix/recipient_access
    Example:
    refund_of_tax@testdom.com REJECT
    skatdk@testdom.com REJECT

    postmap /etc/postfix/recipient_access

    Remember to add the file to postfix’s Main.cf:
    Example:
    smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_policy_service inet:127.0.0.1:2501, check_recipient_access hash:/etc/postfix/recipient_access

    Show ClamAV version
    /usr/sbin/clamd -V

    Remove mails from queue
    List queue: mailq
    Remove specific email: postsuper -d -3EFE828621

    Exchange – Duplicate deliver
    If you release a message that already have been delivered, it will not end up in the mailbox.
    You can see what email that have “hit” this rule/functionality in the “EMC –> email tracking or powershell
    Get-MessageTrackingLog -EventId DUPLICATEDELIVER

    Block email baced on subject – postfix
    main.cf
    header_checks = regexp:/etc/postfix/header_checks

    header_checks
    /^Subject: Spam subject/ DISCARD

    Restart postfix

    Block email baced on subject – Mailscanner
    /etc/MailScanner/mcp
    Eksample:
    header P2 Subject =~ /new Message/i
    describe P2 Banned Subject
    score P2 10

    header P3 Subject =~ /new2 for you/i
    describe P3 Banned Subject
    score P3 10

    Disable ahbl.org
    /var/lib/spamassassin/3.004000/updates_spamassassin_org/20_dnsbl_tests.cf
    # another domain-based blacklist
    #header DNS_FROM_AHBL_RHSBL eval:check_rbl_envfrom(‘ahbl’, ‘rhsbl.ahbl.org.’)
    #describe DNS_FROM_AHBL_RHSBL Envelope sender listed in dnsbl.ahbl.org
    #tflags DNS_FROM_AHBL_RHSBL net
    #reuse DNS_FROM_AHBL_RHSBL

    Throttling too many connections from new source
    edit:
    /etc/sqlgrey/sqlgrey.conf
    connect_src_throttle = 5
    0 = Disable

    /etc/init.d/sqlgrey restart

    Allow password protected ZIP from one or more email/domains
    Allow Password-Protected Archives = no
    to:
    Allow Password-Protected Archives = %rules-dir%/pp.archives.rules
    pp.archives.rules:
    FromOrTo: test@mydomain.com yes
    FromOrTo: mydomain2.com yes
    FromOrTo: default no

    MailScanner restart


    Shell command in monowall upon boot

    October 8th, 2008

    How do I start vmware-tools everytime monowall starts?

    1)
    login to the webinterface.
    2)
    Make a backup of the configuration, the output is a XML file.
    3)
    Edit the XML file in a texteditor. Make the changes and upload it to the firewall.
    4)
    monowall reboots

    Configuration file:
    You can insert the shell command inside <shellcmd and </shellcmd>
    The whole thing has to be placed after </webgui> and before </system>

    Se the example below:

    </webgui>
    <dnsserver>10.0.0.100</dnsserver>
    <dnsserver>10.0.0.101</dnsserver>
    <shellcmd>vmware-guestd –background /var/run/guestd.pid</shellcmd>
    </system>


    Remove the Debian copyright message

    May 13th, 2008

    Every time you log on a debian this copyright message is displayed:

    The programs included with the Debian GNU/Linux system are free software;
    the exact distribution terms for each program are described in the
    individual files in /usr/share/doc/*/copyright.

    Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
    permitted by applicable law.

    It can be removed by edit this file: /etc/motd.tail


    Install vmware-tools in debian

    May 11th, 2008

    apt-get install binutils cpp gcc make psmisc linux-headers-$(uname -r)
    mount /dev/cdrom /mnt/
    tar -C /tmp -zxvf /mnt/VMwareTools-xxx.tar.gz
    umount /mnt
    cd /tmp/vmware-tools-distrib ./vmware-install.pl
    reboot


    SSL in Debian Etch

    March 8th, 2008

    Install and setup apache2:
    apt-get install apache2
    apt-get install openssl ssl-cert
    apt-get install libapache2-mod-php5 php5-cli php5-common php5-cgi

    create a certificate:
    openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem
    chmod 600 /etc/apache2/apache.pem

    a2enmod ssl
    /etc/init.d/apache2 restart

    Edit the conf files:
    NameVirtualHost *:80
    NameVirtualHost *:443

    SSLEngine on
    SSLCertificateFile /etc/apache2/apache.pem

    /etc/init.d/apache2 restart


    Recover GRUB on Debian after (re)installing Windows

    February 26th, 2008

    Boot knoppix and start the root console.
    Type:
    grub
    root (hd0,0)
    setup (hd0)
    quit

    Reboot

    ———————————-

    If you use Ubuntu

    sudo -i -u root
    grub
    find /boot/grub/stage1 (remember the output)
    root (hdx,x)
    setup (hd0)
    quit

    Reboot


    Small usefull Linux commands

    August 19th, 2007

    Compress a folder to a file with timestamp
    tar cfvz /fil-$TIMESTAMP.tgz /etc

    Postfix
    If changed mail.cf, do a /etc/init.d/postfix reload
    If changed /etc/postfix/virtual run this command: postmap hash:/etc/postfix/virtual
    postmap /etc/postfix/transport

    Copy a hard-drive
    dd if=/dev/hd_originaldisk-partition of=/dev/hd_nydisk-partition

    MySQL Backup
    /usr/bin/mysqldump -A -uroot -p[myCode] > /andet/backup.sql

    Delete a folder containing files
    rm -rf /remove/this

    Create an empty file
    touch file-name

    Disk-use of an folder
    du -sh folder

    Format disk
    cfdisk /dev/hda

    Extract tar.bz2 to a folder
    tar xzf file.tar.bz2

    NMAP scan to a file
    nmap -sS -PT -PI -O -T 3 10.0.0.*>file.txt

    Change file and folder rights
    chown martin filename
    chown -R martin:martin FileAndSubFolders

    chmod
    – user group other
    – 4 2 1 4 2 1 4 2 1
    – r w x r w x r w x

    Boot script in Debian
    /etc/rc.boot/
    Remember: #!/bin/bash
    on top of the text files.

    Set date and time
    ntpdate

    Search inside files
    find /www/test.local/www/ -name * | grep -lir VALID_AZ09 *

    Create sources.list
    http://debgen.simplylinux.ch/index.php

    Show 30 largest folders
    du -m /FOLDER | sort -nr | head -n 30
    Size is in Megabyte


    /etc/network/interfaces configuration example

    August 18th, 2007

    Example 1 – Static IP

    # This file describes the network interfaces available on your system
    # and how to activate them. For more information, see interfaces(5).

    # The loopback network interface
    auto lo
    iface lo inet loopback

    # The primary network interface
    auto eth0
    iface eth0 inet static
    address 10.0.0.40
    netmask 255.255.255.0
    gateway 10.0.0.1

    Example 2 – DHCP
    auto eth0 iface eth0 inet dhcp

    Remember the DNS configuration in /etc/resolv.conf
    nameserver 195.184.96.2
    nameserver 213.173.225.86

    Tips
    Change (spoof) the MAC
    ifconfig eth0 hw ether 01:23:45:67:89:AB


    Exit mobile version