fully_encrypted_debian

anonymous@undisclosed.example.com (Anonymous) — Sat, 23 Sep 2017 22:25:30 +0000

Full disk encryption with LUKS (inklusive /boot) Referenzen: * * * * * *

hardware

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:46:57 +0000

2014-06-17 zuerst „Debian OS-Basis-Installation auf Blech“ durchfuehren!!! zusaetzlich „auf dem Blech“: ### Proxy der UKBW fuer die Installations-Shellsitzung setzen: export http_proxy="http://proxy01.ukbw.de:3128/" ### LiHAS GPG-Key importieren:

packliste

anonymous@undisclosed.example.com (Anonymous) — Sun, 07 Apr 2024 11:57:27 +0000

Packliste Liste der zu erledigenden Dinge, zum Packen und Tipps für die Teilnahme an einem Kongress, einer Konferenz oder einer anderen Veranstaltung, wie den Chemnitzer Linux Tagen (CLT), oder der Gulasch Programmiernacht (GPN) in Karlsruhe. ❤️ Danke ✨ Diese Packliste basiert ursprünglich auf der Liste von CongressChecklist von MacLemon, Vienna/Austria

all

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:46:38 +0000

2014-08-08 zuerst „Debian OS-Basis-Installation auf Blech“ durchfuehren!!! auf allen Server-Instanzen („Blech“, Linux VServer, LXC): ### Proxy der UKBW fuer die Installations-Shellsitzung setzen: export http_proxy=„“ ### LiHAS GPG-Key importieren: wget -O -

paketverwaltung

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:47:19 +0000

Debian-Paketverwaltung: Debian-Paket selbst bauen: ---------- \ß Anzeige aller installierten Pakete ---------- (

tipps

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 15:00:06 +0000

SED-Tipps Kommentare mit # und Leerzeilen herausfiltern: sed -e '/^#/d' -e '/^$/d' Kommentar entfernen, bei dem ausschliesslich Leerzeichen oder Tabulatoren vor der Raute stehen: sed -e '/^*#/d' -e '/^$/d' Eingabe-Datei > Ausgabedatei Löschen aller Zeilen, die höchstens Leerzeichen beinhalten:

syntax

anonymous@undisclosed.example.com (Anonymous) — Sat, 06 Apr 2024 16:45:31 +0000

Formatting Syntax DokuWiki supports some simple markup language, which tries to make the datafiles to be as readable as possible. This page contains all possible syntax you may use when editing the pages. Simply have a look at the source of this page by pressing

config

anonymous@undisclosed.example.com (Anonymous) — Mon, 27 Dec 2010 16:20:41 +0000

eGroupWare Version 1.4.001 pre-requisites: * required PHP version 4.3+ (recommended 5+) * php.ini: safe_mode = Off * php.ini: magic_quotes_runtime = Off * php.ini: register_globals = Off * php.ini: memory_limit >= 16M * php.ini: max_execution_time >= 30

cookie-banner

anonymous@undisclosed.example.com (Anonymous) — Fri, 03 Jan 2020 21:12:03 +0000

Rechtskonforme Cookie-Banner zu implementieren ist nicht einfach. Denn nach Ansicht des LfDI-BW benötigen Cookies, die ein Nutzertracking über Seiten- und Gerätegrenzen hinweg ermöglichen die: * aktive, * ausdrückliche, * informierte, *

config

anonymous@undisclosed.example.com (Anonymous) — Mon, 27 Dec 2010 16:20:43 +0000

PHP5 configuration for GOsa and eGroupWare eGroupWare When I added about 250 users to a group in GOsa or in eGroupWare, I encountered the following problem with (open)SUSE 10.2, which I did not encounter with SUSE 10.0: station7: suhosin[373]: ALERT - configured request variable limit exceeded - dropped variable \ 'account_user[]' (attacker '172.16.130.9', file '/srv/www/htdocs/egroupware/index.php')

datenschutzerklaerung

anonymous@undisclosed.example.com (Anonymous) — Wed, 01 Jan 2020 20:42:15 +0000

Datenschutzerklärung 1. Einleitung Vielen Dank für den Besuch auf unseren Internetseiten. Diese Datenschutzerklärung informiert Sie über den Schutz Ihrer personenbezogenen Daten. Wir nehmen den Schutz Ihrer Daten ernst und möchten, dass Sie sich beim Besuch unserer Internetseiten sicher fühlen. Grundsätzlich gilt, dass alle von uns erhobenen personenbezogenen Daten den Bestimmungen der Europäischen Datenschutzgrundverordnung (DSGVO) unterliegen.

slapd_conf

anonymous@undisclosed.example.com (Anonymous) — Mon, 27 Dec 2010 16:20:43 +0000

/etc/openldap/slapd.conf # The database configuration parameters must appear *after* the "database" # directive, as DB_CONFIG files are 'per backend'. dbconfig set_cachesize 4 0 1 dbconfig set_lg_regionmax 262144 dbconfig set_lg_bsize 2097152 dbconfig set_lg_dir /var/log # Automatically remove log files that are no longer needed. dbconfig set_flags DB_LOG_AUTOREMOVE # # Setting set_tas_spins reduces resour…

amavisd

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:57:55 +0000

AmaVisd-new /etc/amavis/amavisd.conf: use strict; # a minimalistic configuration file for amavisd-new with all necessary settings # # see amavisd.conf-default for a list of all variables with their defaults; # see amavisd.conf-sample for a traditional-style commented file; # for more details see documentation in INSTALL, README_FILES/* # and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html # COMMONLY ADJUSTED SETTINGS: # @bypass_virus_checks_maps = (1); # uncomment to DI…

spamassassin

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:58:39 +0000

SpamAssassin SA-config-genarator: /etc/mail/spamassassin/local.cf: # SpamAssassin config file for version 3.x # NOTE: NOT COMPATIBLE WITH VERSIONS 2.5 or 2.6 # See http://www.yrex.com/spam/spamconfig25.php for earlier versions # Generated by http://www.yrex.com/spam/spamconfig.php (version 1.50) # How many hits before a message is considered spam. required_score 5.0 # Encapsulate spam in an attachment (0=no, 1=yes, 2=safe) report_safe …

door-access

anonymous@undisclosed.example.com (Anonymous) — Wed, 07 Jan 2015 19:57:26 +0000

Tür-Zutrittskontrolle Am Anfang stand der Wunsch unserer grossen Tochter einen sicheren Zutritt ins Haus nach der Schule zu ermmöglichen. Sollte Sie den „Schlüssel“ verlieren, sollte dieser mit einfachen Mittel sperrbar und durch ein kostengünstiges Nachfolge-Exemplar ersetzt werden können.

config

anonymous@undisclosed.example.com (Anonymous) — Fri, 15 Aug 2014 20:44:51 +0000

Squid configuration */etc/squid/squid.conf: icp_port 0 htcp_port 0 hierarchy_stoplist cgi-bin ? cache_swap_low 90 cache_swap_high 95 maximum_object_size 4096 KB ipcache_size 1024 ipcache_low 90 ipcache_high 95 fqdncache_size 1024 cache_access_log /var/log/squid/access.log cache_dir ufs /var/cache/squid 240000 32 256 cache_log /var/log/squid/cache.log cache_mem 3000 MB cache_store_log /var/log/squid/store.log emulate_httpd_log off mime_table /etc/squid/mime.conf log_mime_hdrs off useragent_log…

ca

anonymous@undisclosed.example.com (Anonymous) — Mon, 27 Dec 2010 16:20:44 +0000

Certificate Authority generate certificate and key-files using e.g. one of the follwing * simple OpenSSL CA * Tiny CA * phpki CA trusting your Certificate Authority Ensure there's only one CA certificate in the file from your CA. Normally there is, but ocassionally several are stored in the same file. To list the number of certificates in a file, use the command below. If you get an answer of more than one, then see the section on multiple certificates in one file. The command to ch…

pear_makerpm

anonymous@undisclosed.example.com (Anonymous) — Mon, 27 Dec 2010 16:20:41 +0000

PEAR and PECL What is PECL? PECL is a repository for PHP Extensions, providing a directory of all known extensions and hosting facilities for downloading and development of PHP extensions. The packaging and distribution system used by PECL is shared with its sister, PEAR.

config

anonymous@undisclosed.example.com (Anonymous) — Mon, 27 Dec 2010 16:20:43 +0000

GOsa GOsa is a GPL'ed PHP based administration tool for managing accounts and systems in LDAP databases. It administers users and groups, mail distribution lists, thin clients, applications, phones and faxes. Get GOsa from: Project homepage:

commserv

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 15:00:45 +0000

This documentation is work in progress, no liability for correctness can be given! Communications-Server Motivation Because I had to look for a log time around the Internet, asking a lot of questions on mailing-lists, reading books and talking to friends for configuring my commserv, thus having quite a bit of hassle getting things working, I'd like give my experiences back to the comunity.

spf

anonymous@undisclosed.example.com (Anonymous) — Tue, 16 Apr 2024 03:02:52 +0000

SPF Standards für das „Sender Policy Framework (SPF)“: RFC 7208 und RFC 7372 v SPF-Version Kennzeichen das einen TXT-Eintrag als SPF-Eintrag identifiziert. z.B. v=spf1 Mechanismen (immer am Ende des Eintrags aufführen!) a: DNS-A-Eintrag z.B. a:example.com ptr: DNS-PTR-Eintrag (reverse Zone) z.B. ptr:example.com all alle zur Domain gehörigen Hostst z.B. -all mx: abweichender Mailexchanger z.B. mx:mail.example-abc.com ip4: Angabe einer oder mehrerer IPv4-Adressen z.B. ip4:192.100.1…

basis

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:47:41 +0000

2014-04-11 Debian OS-Basis-Installation auf Blech 1. bei Partitionierung: 2. dann muss die "debconf priority" auf "low" gesetzt werden!!! 3. Partitionierung: auf _jeder_ HDD eine leere Partition anlegen Typ: "gpt" 4. zusaetzlich auf jeder HDD eine

start

anonymous@undisclosed.example.com (Anonymous) — Sat, 06 Apr 2024 17:26:44 +0000

hackerbruecke.net [Hackerbrücke mit Christoph] Warum Hackerbücke? Die Hackerbrücke ist für mich Symbol und Inbegriff meines Einstiegs in die Computerwelt. Schon 1984 faszinierten mich Erhard Thomas' (a.k.a. n0by) Glossen „Die Hackerbrücke“ in der Zeitschrift „DOS International

debian

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 15:00:54 +0000

GNU/Debian installieren * Grundinstallation auf Hardware * Installation auf Hardware * Nur im Linux VServer / LXC * Installation auf allen Plattformen * Zusatz-Installation auf Desktops Sonstiges: * zweite Netzwerkkarte mit wechselnder Konfiguration * Debian Paket-Verwaltung * Alarm bei ROOT-Login * GRUB2: einmalig, beim nächsten Start anderen Eintrag starten <- zurück

dokuwiki

anonymous@undisclosed.example.com (Anonymous) — Mon, 15 May 2023 17:13:12 +0000

DokuWiki wiki:dokuwiki DokuWiki is a simple to use and highly versatile Open Source wiki software that doesn't require a database. It is loved by users for its clean and readable syntax. The ease of maintenance, backup and integration makes it an administrator's favorite. Built in

sarg

anonymous@undisclosed.example.com (Anonymous) — Fri, 15 Aug 2014 20:46:20 +0000

SARG /etc/crontab: ### SQUID-Monitoring via Sarg: 00 06-19/1 * * * root /usr/local/chhaas-skripts/sarg-reports.sh today > /dev/nul 00 00 * * * root /usr/local/chhaas-skripts/sarg-reports.sh daily > /dev/nul 00 01 * * 1 root /usr/local/chhaas-skripts/sarg-reports.sh weekly > /dev/nul 30 02 1 * * root /usr/local/chhaas-skripts/sarg-reports.sh monthly > /dev/nul

sieve

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:52:56 +0000

Sieve * * * * Sieve and SSL / TLS timsieved allows for SSL on connect (like https, imaps, or pop3s), only STARTTLS. So you have to wrap it in an stunnel (www.stunnel.org), which is a another story ... Have a look at this: Testi…

monitoring

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:58:04 +0000

Monitoring email-monitoring * create „/var/lib/rrd“ Mailgraph mailgraph is a very simple mail statistics RRDtool frontend for Postfix that produces daily, weekly, monthly and yearly graphs of received/sent and bounced/rejected mail (SMTP traffic).

relayhost

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:56:33 +0000

Postfix configuration for a relayhost (MX) / Anti-SPAM-/UCE-settings smtpd (smtp + daemon) = server = Postfix receives mail from a client smtp = client = Postfix sends mail to another mailserver used Ports: 10023/tcp: postgrey 10024/tcp: amavisd-new 10025/tcp: policyd-weight

erweiterung_mit_bilder-galerie_erstellen

anonymous@undisclosed.example.com (Anonymous) — Fri, 16 Jan 2015 10:27:34 +0000

LibreOffice Bilder-Galerie als Erweiterung erstellen * Bilder in eine neue, leere Galerie einfügen: Zuerst muss ein „Neues Thema“ in der Galerie angelegt werden. Dann müssen die einzelen Bilder mit gedrückter Maustaste in die leere Galerie gezogen werden. Mit einem Klick der rechten Maustaste können die Eigenschaften des nun in der Galerie befindlichen Zeichnungsobjekts angepasst werden. Ebenso können die Eigenschaften der galerie mit einem Klick der rechten Maustaste im linken Fenster auf d…

reset_admin_password

anonymous@undisclosed.example.com (Anonymous) — Fri, 22 Aug 2014 11:29:06 +0000

Typo3 Admin-Passwort zurücksetzen * In der Datenbank direkt: UPDATE be_users SET password=md5('neues_Passwort') WHERE username = 'admin'; * Über das Typo3-Install-Tool: * Im Root-Verzeichnis der Typo3-Instanz das Install-Tool aktivieren:

vmware

anonymous@undisclosed.example.com (Anonymous) — Mon, 27 Dec 2010 16:20:40 +0000

Endian Firewall 2.12 Community Edition VMware-image Thanks to Peter Warasin and Raphael Vallazza from endian, I put together some minimal docu for the VMware-image. Standard users and passwords: * Web-interface: admin, pwd.: endian * Console: root, pwd: endian

dnssec

anonymous@undisclosed.example.com (Anonymous) — Tue, 16 Apr 2024 03:00:36 +0000

DNSsec mit Bind9 Standards für die „Domain Name System Security Extensions (DNSSEC)“: RFC 4033, RFC 4034, RFC 4035, RFC 5011 und RFC 5155. Entropie zur Schlüsselgenerierung Um genügend Entropie für die Erzeugung der Schlüssel zur Verfügung zu haben, sollte z.B.

linux

anonymous@undisclosed.example.com (Anonymous) — Sat, 11 May 2024 11:50:33 +0000

Debian-Installation * Installation von GNU/Debian auf Hardware oder virtueller Instanz * zweite Netzwerkkarte mit wechselnder Konfiguration securing DNS and Mail * Domain Name System Security Extensions (DNSSEC) mit Bind9 * DNS-based Authentication of Named Entities (DANE) und TLS Authentication record (TLSA) * Sender Policy Framework (SPF) * DomainKeys Identified Mail (DKIM) * Domain-based Message Authentication, Reporting and Conformance (DMARC) * Authenticated Received…

avast-ssl

anonymous@undisclosed.example.com (Anonymous) — Mon, 27 Dec 2010 16:20:44 +0000

Thunderbird - SpamPal - Avast with SSL 1. Installing and preparing STUNNEL: Download OPENSSL for Windows from: Download STUNNEL for WIndows from: and install both. In the folder where you have installed stunnel (e.g. C:\Programme\stunnel), you will create its configuration file.

custom-image

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:59:56 +0000

OpenWRT Custom Image erzeugen Für D-Link 825 B1/C1: Barrier Breaker for ar71xx architecture cd ~ mkdir openwrt && cd openwrt wget http://downloads.openwrt.org/snapshots/trunk/ar71xx/OpenWrt-ImageBuilder-ar71xx_generic-for-linux-x86_64.tar.bz2 tar -xvjf OpenWrt-ImageBuilder-ar71xx_generic-for-linux-x86_64.tar.bz2 cd OpenWrt-ImageBuilder-ar71xx_generic-for-linux-x86_64

cpan2rpm

anonymous@undisclosed.example.com (Anonymous) — Mon, 27 Dec 2010 16:20:41 +0000

cpan2rpm At you can download a RPM-builder for CPAN-Perl-modules. The man-page stats: cpan2rpm [options] The syntax for cpan2rpm requires a single distribution name, which can take one of four different forms: * a CPAN module name (e.g. XML::Simple) - When a module name is passed, the script will ``walk'' search.cpan.org to determine the latest distribution. If an exact match is not found, the CPAN module i…

cyrus_secure

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:52:44 +0000

TLS, IMAP over SSL (imaps) and pop3 over SSL (pop3s) TLS Modify / append the TLS-settings in /etc/imap.conf: #--- SSL/TLS setting ---# tls_ca_path: /etc/ssl/certs tls_ca_file: /etc/ssl/certs/ca_cert.pem tls_cert_file: /etc/ssl/certs/station7_cert.pem tls_key_file: /etc/ssl/private/station7_key.pem

postgrey

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 16:02:27 +0000

Greylisting For a overview what greylisting does, have a look at www.greylisting.org/ There are several greylisting daemons for Postfix available. I stick to David Schweikert's Postgrey or to Lionel Bouton's SQLgrey in combination with it's web-interface http://www.vanheusden.com/sgwi/ Postgrey Postgrey greylisting daemon

gnarwl

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:50:23 +0000

Gnarwl Download GNARWL software from and download package named gnarwl-3.3.tgz Compile GNARWL for LDAP vacations # tar xzvf gnarwl-3.3.tgz # cd gnarwl-3.3 # ./configure # make # make install # make perm Adjust File /usr/local/etc/gnarwl.conf map_sender $sender map_receiver $recepient map_subject $subject map_field $fullname cn map_field $deputy mail server localhost port 389 scope sub login cn=admin,dc=example,dc=org password IveGotASe…

gosa2egw

anonymous@undisclosed.example.com (Anonymous) — Mon, 27 Dec 2010 16:20:43 +0000

patching GOsa for seamless eGroupWare integration "-------- Original-Nachricht --------" Betreff: Re: [GOsa] gosa+samba3.schema conflicts with evolutionPerson.schema Datum: Tue, 5 Jun 2007 15:23:31 +0200 Von: Cajus Pollmeier An: GONICUS site administration project These are from two different RFCs, I guess. Bad luck. GOsa uses dateOfBirth internally. So, the simpliest way would be to remove the definition from the gosa+samba3.schema and add the ali…

sign

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:53:39 +0000

Domain Key Identified Mail outbound - ORIGINATING - signieren DKIM basiert auf asymetrischer Verschlüsselung mit public- und private-Key. Das Key-Paar wird mit folgender Syntax erzeugt: amavisd genrsa [Anzahl der Bits für den Schlüssel]

lvm_backup

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:48:07 +0000

LVM-Backup mit Duplicity Tim Riemenschneider #!/bin/sh # The Archive is encrypted with this (since it is transfered to FTP) export PASSPHRASE="foo" # The FTP-password (not exposed at cmdline export FTP_PASSWORD="bar" # Do a fullbackup weekly OPTIONS="--full-if-older-than 14D" KEEPFULLS=5 # Where to backup to TARGETBASE=ftp://user@server/backups/ #TARGETBASE=file:///tmp/test function create_mysql_snap { /usr/bin/mysql --defaults-extra-file=/et…

openssl_ca

anonymous@undisclosed.example.com (Anonymous) — Mon, 27 Dec 2010 16:20:44 +0000

simple OpenSSL Certficate Authority Create Certificate Authority station7:/etc # station7:/usr/share/ssl/misc # ./CA.sh -newca CA certificate filename (or enter to create) Making CA certificate ... Generating a 1024 bit RSA private key .....++++++ .....................................++++++ writing new private key to './demoCA/private/./cakey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your c…

ldap_secure

anonymous@undisclosed.example.com (Anonymous) — Mon, 27 Dec 2010 16:20:43 +0000

TLS and LDAP over SSL (ldaps) Modifying /etc/openldap/ldap.conf Modify / append the TLS-settings: #--- SSL/TLS setting ---# TLSCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP TLS_CACERT /etc/ssl/certs/ca_cert.pem TLS_CERT /etc/ssl/certs/station7_cert.pem TLS_KEY /etc/ssl/private/station7_key.pem TLS_REQCERT demand

pam

anonymous@undisclosed.example.com (Anonymous) — Mon, 27 Dec 2010 16:20:43 +0000

/etc/ldap.conf (for PAM) # # This is the configuration file for the LDAP nameservice # switch library, the LDAP PAM module and the shadow package. # # Your LDAP server. Must be resolvable without using LDAP. host 127.0.0.1 # The distinguished name of the search base. base dc=example,dc=com # The LDAP version to use (defaults to 3 # if supported by client library) ldap_version 3 # Hash password locally; required for University of # Michigan LDAP server, and works with Netscape # Directory Ser…

config

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:52:33 +0000

Cyrus imapd / popd Modify /etc/cyrus.conf to: START { recover cmd="ctl_cyrusdb -r" deliver cmd="ctl_deliver -r" } SERVICES { imap cmd="imapd" listen="imap" prefork=0 # imaps cmd="imapd -s" listen="imaps" prefork=0 pop3 cmd="pop3d" listen="pop3" prefork=0 # pop3s cmd="pop3d -s" listen="pop3s" prefork=0 sieve cmd="timsieved" listen="sieve" prefork=2 # entry must be the same as in th…

index

anonymous@undisclosed.example.com (Anonymous) — Mon, 27 Dec 2010 16:20:40 +0000

Endian Firewall 2.12 Community Edition * Endian Firewall 2.12 Community Edition VMware-image <- index

welcome

anonymous@undisclosed.example.com (Anonymous) — Mon, 15 May 2023 17:13:12 +0000

Welcome to your new DokuWiki Congratulations, your wiki is now up and running. Here are a few more tips to get you started. Enjoy your work with DokuWiki, -- the developers Create your first pages Your wiki needs to have a start page. As long as it doesn't exist, this link will be red:

desktop

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:46:23 +0000

2013-12-27 fuer Desktops zusaetzlich: kde-full lightdm-kde-greeter alsamixergui amarok audacity audacity-data bc chromium-browser / chromium chromium-browser-l10n / chromium-l10n chromium-codecs-ffmpeg-extra cifs-utils clusterssh cryptsetup cryptsetup-bin cups cups-browsed cups-bsd cups-client cups-common cups-daemon cups-filters cups-ppdc dnsmasq duplicity ethtool fuse gnupg gnupg-agent gnupg2 gpgsm gpgv hplip hplip-data hplip-gui htop ifupdown / ifupdown-scripts-zg2 keepassx kgpg libre…

dmarc

anonymous@undisclosed.example.com (Anonymous) — Tue, 16 Apr 2024 03:04:34 +0000

DMARC Standards für „Domain-based Message Authentication, Reporting and Conformance (DMARC)“: RFC 7489 DMARC dient dem Reporting von E-Mail-Kommunikation und ist eine ergänzende Maßnahme zu den Verfahren DKIM und SPF. Im Folgenden sind die gängigen Tags aufgeführt, die in DMARC (TXT)-Records verwendet werden:

ldap_conf

anonymous@undisclosed.example.com (Anonymous) — Mon, 27 Dec 2010 16:20:43 +0000

/etc/openldap/ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. # 21.07.2006, chhaas BASE dc=example,dc=com URI ldap://127.0.0.1 ### #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never #--- SSL/TLS setting ---# TLSCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+SSLv2:+EXP #TLSCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP TLS_CACERT /etc/ssl/certs/ca_cert.pem TLS_CERT /etc/ssl/certs/station7_cert.pem TLS_KEY /e…

dkim

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 15:49:02 +0000

Postfix mit Domain Key Identifified Mail (DKIM) Vorausssetzung für DKIM ist ein installiertes -> AMaVIS. Auch bei DKIM wird, wie bei allen anderen Signaturen, in zwei Richtngen unterschieden: * eingehende emails (inbound): Überprüfung von DKIM-Signaturen in emails

postfix_secure

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:56:23 +0000

Postfix with TLS and SSL (smtps) Use a portscanner like „nmap“: station7:/etc/init.d # nmap localhost | grep smtp 25/tcp open smtp -> smtp is only running at port 25! TLS Modify the TLS-settings in /etc/postfix/main.cf #--- SSL/TLS setting ---# smtpd_client_restrictions= permit_tls_clientcerts, permit_sasl_authenticated smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, reject_unauth_destination, check_sender_access hash:/etc/…

sasl

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:56:42 +0000

SASL A very conveniant way of configuring the Simple Authentication and Security Layer (SASL) is to use the Pluggable Authentication Modules (PAM), since it can use diffrent authentication sources like ldap or /etc/passwd - thus SASL is everything but simple

spamreport

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:54:58 +0000

Spamreport spamcheck.sh #!/bin/bash ######################################################### # UKBW-Spam-Report, 2007-05-01, chhaas, IuK / Netzwerke # ######################################################### #set -o verbose ######## # ToDo # ######## # - printvariablen bei "grep X-Spam-Status:" korrigieren # - Mail an antispam@uk-bw.de zusammenfassen: 1 Mail die alle Spammails inkl. Empfaenger beinhaltet # - Variablen fuer FROM: und RETURN-PATH einrichten # - evtl. SpamAssassin Spam-T…

verify

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:53:51 +0000

Domain Key Identified Mail inbound verifizieren vim /etc/amavis/conf.d/50-user # DKIM-Ueberpruefung: $enable_dkim_verification = 1; $allowed_added_header_fields{lc('Authentication-Results')} = 1; service amavis restart AMaViS kann nun mit Hilfe des Public-Keys der in der

impressum

anonymous@undisclosed.example.com (Anonymous) — Sat, 26 May 2018 12:35:57 +0000

Impressum Anbieterkennzeichnung gemäß § 5 TMG: Christoph Haas Heideweg 1 71686 Remseck eMail: christoph (dot) haas (at) hackerbruecke (dot) net Verantwortlich für den Inhalt nach § 55 Abs. 2 RStV: Christoph Haas (s.o.) Urheber- und Leistungsschutzrechte

brandmelder

anonymous@undisclosed.example.com (Anonymous) — Sat, 03 Jan 2015 17:46:35 +0000

Brandmelder pimpen * * * * <- zurück

erste-hilfe

anonymous@undisclosed.example.com (Anonymous) — Tue, 19 May 2020 16:08:51 +0000

hier kommen Erste-Hilfe-Tipps für den Umgang mit jitsi.meet rein: 1. Installiere die Jitsi Meet App oder verwende den Chromium/Chrome Browser. Mit dem Firefox-Browser gibt es derzeit noch Schwierigkeiten bei größeren Konferenzen, da der Firefox immer mit der Maximalauflösung des Clients streamt.

monitoring

anonymous@undisclosed.example.com (Anonymous) — Fri, 15 Sep 2017 14:29:53 +0000

Monitoring ist aus meiner Sicht eines der wichtigsten Themenbereiche für einen Admin. Ich möchte hier meine Erfahrungen, Configs und Tipps weitergeben. * Monitoring mit Icinga * Monitoring mit Check-MK Icinga * Icinga - Installation und Konfiguration Hardware-Monitoring Temper1 USB-Termometer * temper1 USB-Thermometer Hardware-Sensors

xmpp

anonymous@undisclosed.example.com (Anonymous) — Fri, 15 Sep 2017 14:43:27 +0000

XMPP ejabberd * Neues Certificate für ejabberd installieren Prosody * Prosody

hotkeys

anonymous@undisclosed.example.com (Anonymous) — Wed, 03 Sep 2014 18:12:46 +0000

Liste der Tastenkürzel, die einem in der Bash zur Verfügung stehen: Die folgende Auflistung fasst die wichtigsten in der Bash verfügbaren Tastenkombinationen zusammen. - Curser oben und Cursor unten : Durch die zuletzt eingegebenen Kommandos scrollen

installation

anonymous@undisclosed.example.com (Anonymous) — Fri, 15 Aug 2014 13:51:45 +0000

Installation of the Linux OS SuSE 10.0 Professional Because of problems with the 64-bit-version of the CAPI-driver for the AVM B1-Cards used in my commserv, only the 32-bit-version of SUSE 10.0 can be used. Maybe with later versions of openSUSE this changes

squid

anonymous@undisclosed.example.com (Anonymous) — Fri, 15 Aug 2014 20:53:37 +0000

Squid-Proxy-Server * Squid configuration * Squid and TrendMicro InterScan Viruswall 6 * Squidguard * Lightsquid Tool * Squid Analysis Report Generator (SARG) <- index

root-alarm

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:47:28 +0000

email-Alarm bei ROOT-Login: # apt-get install mailx # cat << EOF > /root/.bashrc echo 'ALARM - Root-Login auf Maschine' $(hostname) 'am:' $(date) $(who) | mail -s „ALARM: Root-Login auf Maschine $(hostname) von $(who | grep root | cut -d'(' -f2 | cut -d')' -f1)

neues_certificate

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:48:23 +0000

Neues Zertifikat für ejabberd installieren neues PEM-File erzeugen: * in CA Certificate und private-Key erzeugen und nach /etc/ejabberd auf jabber-Server kopieren * auf ejabberd-Server in cat jabber@ukbw.de-key.pem > ejabberd.pem cat jabber@ukbw.de-cert.pem >> ejabberd.pem

tipps

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 15:00:16 +0000

SSH Tipps SSH-Key auf entferntem Server einspielen ssh-copy-id root@HOSTNAME root@HOSTNAME's password: Now try logging into the machine, with "ssh 'root@HOSTNAME'", and check in: ~/.ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.

config

anonymous@undisclosed.example.com (Anonymous) — Mon, 27 Dec 2010 16:20:41 +0000

Apache SSL (https) A special thing for getting Apache2 starting withaut user-interaction is also to store a decrypted key, since without Apache will ask at every start for the password... mv /etc/ssl/private/station7_key.pem /etc/ssl/apache2/private/station7_secure-key.pem openssl rsa -in /etc/ssl/private/station7_secure-key.pem -out /etc/ssl/apache2/private/station7_decrypted-key.pem

gosa_secure

anonymous@undisclosed.example.com (Anonymous) — Mon, 27 Dec 2010 16:20:43 +0000

force GOsa using ldaps Change the server-configuration in the „location“-section of /etc/gosa.conf from: server="ldap://localhost:389" to: server="ldaps://localhost:636" tls="true"

pflogsum

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:56:02 +0000

Postfix-Reporting mit Pflogsum apt-get install pflogsum /usr/local/bin/postfix_report.sh #!/bin/bash /usr/sbin/pflogsumm -d yesterday --problems_first /var/log/mail.log.1 > /tmp/pflogsumm /usr/bin/mailx -s "Automatischer Postfix-Report von $(hostname)" -r postfix-admin@station7.example.de postfix-admin@station7.example.de < /tmp/pflogsumm

config

anonymous@undisclosed.example.com (Anonymous) — Sat, 06 Apr 2024 16:56:19 +0000

Postfix smtpd (smtp + daemon) = server = Postfix receives mail from a client smtp = client = Postfix sends mail to another mailserver Edit /etc/postfix/main.cf queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix smtpd_banner = mail.example.org myhostname = mail.example.org myorigin = example.org mydestination = mail.example.org mynetworks = 127.0.0.0/8, 10.0.0.0/8 alias_maps = hash:/etc/aliases, ldap:virtualaliases…

config_test

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:55:27 +0000

Postfix-Konfiguration testen Die Postfix-Konfigurtation sollte auf alle fälle vor der Produktivnahme ausgiebig getestet und das Verhalten beobachtet werden! Test von main.cf und master.cf Test der Datei- und Verzeichnisrechte, sowie die Syntax von main.cf und master.cf von Postfix:

ldap

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:55:50 +0000

using LDAP /etc/postfix/ldap-aliases.cf: server_host= ldaps://localhost:636 server_port= 636 start_tls = no tls_ca_cert_file = /etc/ssl/postfix/certs/ca_cert.pem tls_ca_cert_dir = /etc/ssl/postfix/certs/ tls_cert = /etc/ssl/postfix/certs/station7_cert.pem tls_key = /etc/ssl/postfix/private/station7_key.pem #tls_random_file = dev:/dev/urandom tls_cipher_suite = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP version= 3 bind= no timeout= 120 search_base= dc=example,dc=com query_filter = (&(object…

ssh-smtp-tunnel

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:57:08 +0000

SMTP-over-SSH-Tunnel Um zwei SMTP-Server (z.B. Mailserver im Heim-Netz zu Mailgateway bei Provider/Hoster) sicher miteinander zu verbinden, gibt es verschiedene Möglichkeiten. OpenVPN-Tunnel Eine Möglichkeit ist, ein OpenVPN-Tunnel zwischen beiden Servern.

tipps

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:57:25 +0000

Postfix Tipps und Tricks Mails aus Mailqueue löschen alle Mails des Benutzers station7@example.com aus der Mailqueue löschen: mail:~# mailq | tail -n +2 | grep -v '^ *(' | awk 'BEGIN { RS = "" } { if ($7 == "station7@example.com") print $1 }' | tr -d '*!' | postsuper -d -

temper1

anonymous@undisclosed.example.com (Anonymous) — Tue, 25 Apr 2017 14:59:45 +0000

Temperaturmessungen mit dem TEMPer1 USB sensor Vor einiger Zeit begann ich zuhause mir einen kleinen Serverraum einzurichten - mein Datenklo ;-). In diesem Serverraum sollte natürlich auch die Raumtemperatur mit Icinga oder Nagios überwacht werden. - Natürlich gibt es verschiedene quasi out-of-the-box Lösungen, wie z.B.