Christophs outsourced brain https://www.hackerbruecke.net/ Sun, 12 Apr 2026 16:34:46 +0000 FeedCreator 1.8 https://www.hackerbruecke.net/_media/wiki/favicon.ico https://www.hackerbruecke.net/ https://www.hackerbruecke.net/linux/fully_encrypted_debian?rev=1506205530&do=diff Full disk encryption with LUKS (inklusive /boot) Referenzen: * <http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/> * <http://www.pavelkogan.com/2015/01/25/linux-mint-encryption/> * <https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system> * <http://www.schmidp.com/2014/12/12/full-disk-encryption-with-grub-2-+-luks-+-lvm-+-swraid-on-debian/> * <https://unix.stackexchange.com/questions/160504/lvm-ontop-of-luks-using-grub> * <https://systemausfall.org/w… anonymous@undisclosed.example.com (Anonymous) Sat, 23 Sep 2017 22:25:30 +0000 https://www.hackerbruecke.net/linux/dnssec?rev=1713236436&do=diff DNSsec mit Bind9 Standards für die „Domain Name System Security Extensions (DNSSEC)“: RFC 4033, RFC 4034, RFC 4035, RFC 5011 und RFC 5155. Entropie zur Schlüsselgenerierung Um genügend Entropie für die Erzeugung der Schlüssel zur Verfügung zu haben, sollte z.B. anonymous@undisclosed.example.com (Anonymous) Tue, 16 Apr 2024 03:00:36 +0000 https://www.hackerbruecke.net/linux/commserv/gosa/config?rev=1293466843&do=diff GOsa GOsa is a GPL'ed PHP based administration tool for managing accounts and systems in LDAP databases. It administers users and groups, mail distribution lists, thin clients, applications, phones and faxes. Get GOsa from: <http://oss.gonicus.de/pub/gosa/> Project homepage: <http://www.gosa-project.org/> anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:43 +0000 https://www.hackerbruecke.net/linux/debian/all?rev=1493131598&do=diff 2014-08-08 zuerst „Debian OS-Basis-Installation auf Blech“ durchfuehren!!! auf allen Server-Instanzen („Blech“, Linux VServer, LXC): ### Proxy der UKBW fuer die Installations-Shellsitzung setzen: export http_proxy=„<http://proxy01.ukbw.de:3128/>“ ### LiHAS GPG-Key importieren: wget -O - anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:46:38 +0000 https://www.hackerbruecke.net/linux/commserv/egroupware/config?rev=1293466841&do=diff eGroupWare Version 1.4.001 pre-requisites: * required PHP version 4.3+ (recommended 5+) * php.ini: safe_mode = Off * php.ini: magic_quotes_runtime = Off * php.ini: register_globals = Off * php.ini: memory_limit >= 16M * php.ini: max_execution_time >= 30 anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:41 +0000 https://www.hackerbruecke.net/linux/debian/hardware?rev=1493131617&do=diff 2014-06-17 zuerst „Debian OS-Basis-Installation auf Blech“ durchfuehren!!! zusaetzlich „auf dem Blech“: ### Proxy der UKBW fuer die Installations-Shellsitzung setzen: export http_proxy="http://proxy01.ukbw.de:3128/" ### LiHAS GPG-Key importieren: anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:46:57 +0000 https://www.hackerbruecke.net/linux/commserv/squid/sarg?rev=1408135580&do=diff SARG /etc/crontab: ### SQUID-Monitoring via Sarg: 00 06-19/1 * * * root /usr/local/chhaas-skripts/sarg-reports.sh today > /dev/nul 00 00 * * * root /usr/local/chhaas-skripts/sarg-reports.sh daily > /dev/nul 00 01 * * 1 root /usr/local/chhaas-skripts/sarg-reports.sh weekly > /dev/nul 30 02 1 * * root /usr/local/chhaas-skripts/sarg-reports.sh monthly > /dev/nul anonymous@undisclosed.example.com (Anonymous) Fri, 15 Aug 2014 20:46:20 +0000 https://www.hackerbruecke.net/linux/commserv/ca/ca?rev=1293466844&do=diff Certificate Authority generate certificate and key-files using e.g. one of the follwing * simple OpenSSL CA * Tiny CA * phpki CA trusting your Certificate Authority Ensure there's only one CA certificate in the file from your CA. Normally there is, but ocassionally several are stored in the same file. To list the number of certificates in a file, use the command below. If you get an answer of more than one, then see the section on multiple certificates in one file. The command to ch… anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:44 +0000 https://www.hackerbruecke.net/linux/debian/root-alarm?rev=1493131648&do=diff email-Alarm bei ROOT-Login: # apt-get install mailx # cat << EOF > /root/.bashrc echo 'ALARM - Root-Login auf Maschine' $(hostname) 'am:' $(date) $(who) | mail -s „ALARM: Root-Login auf Maschine $(hostname) von $(who | grep root | cut -d'(' -f2 | cut -d')' -f1) anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:47:28 +0000 https://www.hackerbruecke.net/linux/duplicity/lvm_backup?rev=1493131687&do=diff LVM-Backup mit Duplicity Tim Riemenschneider <http://duplicity.nongnu.org/contrib/tmpback> #!/bin/sh # The Archive is encrypted with this (since it is transfered to FTP) export PASSPHRASE="foo" # The FTP-password (not exposed at cmdline export FTP_PASSWORD="bar" # Do a fullbackup weekly OPTIONS="--full-if-older-than 14D" KEEPFULLS=5 # Where to backup to TARGETBASE=ftp://user@server/backups/ #TARGETBASE=file:///tmp/test function create_mysql_snap { /usr/bin/mysql --defaults-extra-file=/et… anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:48:07 +0000 https://www.hackerbruecke.net/linux/ssh/tipps?rev=1493132416&do=diff SSH Tipps SSH-Key auf entferntem Server einspielen ssh-copy-id root@HOSTNAME root@HOSTNAME's password: Now try logging into the machine, with "ssh 'root@HOSTNAME'", and check in: ~/.ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 15:00:16 +0000 https://www.hackerbruecke.net/linux/commserv/other/pear_makerpm?rev=1293466841&do=diff PEAR and PECL What is PECL? PECL is a repository for PHP Extensions, providing a directory of all known extensions and hosting facilities for downloading and development of PHP extensions. The packaging and distribution system used by PECL is shared with its sister, PEAR. anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:41 +0000 https://www.hackerbruecke.net/linux/email/amavisd/operation?rev=1493132007&do=diff AmaViSd-new Operation emails aus der Quarantäne releasen: Wenn AMaViSd emails in die Quarantäne verschiebt, erhält man emails dieser Form: Betreff: BANNED contents (text/x-msdos-batch,.asc,bacula_after_failure.cmd) in mail FROM LOCAL [...] No viruses were found. Banned name: text/x-msdos-batch,.asc,bacula_after_failure.cmd Content type: Banned Internal reference code for the message is 11606-02/IJvAMUUAzNma [...] The message has been quarantined as: I/banned-IJvAMUUAzNma The message W… anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:53:27 +0000 https://www.hackerbruecke.net/linux/email/cyrus/cyrus_secure?rev=1493131964&do=diff TLS, IMAP over SSL (imaps) and pop3 over SSL (pop3s) TLS Modify / append the TLS-settings in /etc/imap.conf: #--- SSL/TLS setting ---# tls_ca_path: /etc/ssl/certs tls_ca_file: /etc/ssl/certs/ca_cert.pem tls_cert_file: /etc/ssl/certs/station7_cert.pem tls_key_file: /etc/ssl/private/station7_key.pem anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:52:44 +0000 https://www.hackerbruecke.net/linux/monitoring/icinga/hardware/temper1?rev=1493132385&do=diff Temperaturmessungen mit dem TEMPer1 USB sensor Vor einiger Zeit begann ich zuhause mir einen kleinen Serverraum einzurichten - mein Datenklo ;-). In diesem Serverraum sollte natürlich auch die Raumtemperatur mit Icinga oder Nagios überwacht werden. - Natürlich gibt es verschiedene quasi out-of-the-box Lösungen, wie z.B. anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:59:45 +0000 https://www.hackerbruecke.net/linux/openwrt/custom-image?rev=1493132396&do=diff OpenWRT Custom Image erzeugen <http://wiki.openwrt.org/doc/howto/obtain.firmware.generate> Für D-Link 825 B1/C1: Barrier Breaker for ar71xx architecture cd ~ mkdir openwrt && cd openwrt wget http://downloads.openwrt.org/snapshots/trunk/ar71xx/OpenWrt-ImageBuilder-ar71xx_generic-for-linux-x86_64.tar.bz2 tar -xvjf OpenWrt-ImageBuilder-ar71xx_generic-for-linux-x86_64.tar.bz2 cd OpenWrt-ImageBuilder-ar71xx_generic-for-linux-x86_64 anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:59:56 +0000 https://www.hackerbruecke.net/linux/commserv/squid/config?rev=1408135491&do=diff Squid configuration */etc/squid/squid.conf: icp_port 0 htcp_port 0 hierarchy_stoplist cgi-bin ? cache_swap_low 90 cache_swap_high 95 maximum_object_size 4096 KB ipcache_size 1024 ipcache_low 90 ipcache_high 95 fqdncache_size 1024 cache_access_log /var/log/squid/access.log cache_dir ufs /var/cache/squid 240000 32 256 cache_log /var/log/squid/cache.log cache_mem 3000 MB cache_store_log /var/log/squid/store.log emulate_httpd_log off mime_table /etc/squid/mime.conf log_mime_hdrs off useragent_log… anonymous@undisclosed.example.com (Anonymous) Fri, 15 Aug 2014 20:44:51 +0000 https://www.hackerbruecke.net/linux/email/cyrus/config?rev=1493131953&do=diff Cyrus imapd / popd <http://www.opensuse.org>Modify /etc/cyrus.conf to: START { recover cmd="ctl_cyrusdb -r" deliver cmd="ctl_deliver -r" } SERVICES { imap cmd="imapd" listen="imap" prefork=0 # imaps cmd="imapd -s" listen="imaps" prefork=0 pop3 cmd="pop3d" listen="pop3" prefork=0 # pop3s cmd="pop3d -s" listen="pop3s" prefork=0 sieve cmd="timsieved" listen="sieve" prefork=2 # entry must be the same as in th… anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:52:33 +0000 https://www.hackerbruecke.net/linux/email/monitoring/monitoring?rev=1493132284&do=diff Monitoring email-monitoring * create „/var/lib/rrd“ Mailgraph mailgraph is a very simple mail statistics RRDtool frontend for Postfix that produces daily, weekly, monthly and yearly graphs of received/sent and bounced/rejected mail (SMTP traffic). anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:58:04 +0000 https://www.hackerbruecke.net/linux/email/postfix/sasl?rev=1493132202&do=diff SASL A very conveniant way of configuring the Simple Authentication and Security Layer (SASL) is to use the Pluggable Authentication Modules (PAM), since it can use diffrent authentication sources like ldap or /etc/passwd - thus SASL is everything but simple anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:56:42 +0000 https://www.hackerbruecke.net/linux/debian?rev=1493132454&do=diff GNU/Debian installieren * Grundinstallation auf Hardware * Installation auf Hardware * Nur im Linux VServer / LXC * Installation auf allen Plattformen * Zusatz-Installation auf Desktops Sonstiges: * zweite Netzwerkkarte mit wechselnder Konfiguration * Debian Paket-Verwaltung * Alarm bei ROOT-Login * GRUB2: einmalig, beim nächsten Start anderen Eintrag starten <- zurück anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 15:00:54 +0000 https://www.hackerbruecke.net/linux/debian/paketverwaltung?rev=1493131639&do=diff Debian-Paketverwaltung: Debian-Paket selbst bauen: ---------- <http://www.martin-bock.de/pc/pc-0101.html> <http://antbear.org/debpkg-intro.html> <http://debiananwenderhandbuch.de/debianpaketeerstellen.html> <http://www.linuxdelta.de/uploads/media/debian_workshop.pdf> <https://www.luga.de/Angebote/Vortraege/DPKG/DPKG.pdf>\ß <https://webseiten.hs-weingarten.de/winkelmh/zopecms/hrwcms/installation/debian-paket-manager> Anzeige aller installierten Pakete ---------- (<http://wiki.debianf… anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:47:19 +0000 https://www.hackerbruecke.net/linux/commserv/ldap/slapd_conf?rev=1293466843&do=diff /etc/openldap/slapd.conf <http://www.stanford.edu/services/directory/openldap/configuration/bdb-config.html> # The database configuration parameters must appear *after* the "database" # directive, as DB_CONFIG files are 'per backend'. dbconfig set_cachesize 4 0 1 dbconfig set_lg_regionmax 262144 dbconfig set_lg_bsize 2097152 dbconfig set_lg_dir /var/log # Automatically remove log files that are no longer needed. dbconfig set_flags DB_LOG_AUTOREMOVE # # Setting set_tas_spins reduces resour… anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:43 +0000 https://www.hackerbruecke.net/linux/email/amavisd/amavisd?rev=1493132275&do=diff AmaVisd-new /etc/amavis/amavisd.conf: use strict; # a minimalistic configuration file for amavisd-new with all necessary settings # # see amavisd.conf-default for a list of all variables with their defaults; # see amavisd.conf-sample for a traditional-style commented file; # for more details see documentation in INSTALL, README_FILES/* # and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html # COMMONLY ADJUSTED SETTINGS: # @bypass_virus_checks_maps = (1); # uncomment to DI… anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:57:55 +0000 https://www.hackerbruecke.net/linux/email/postfix/config?rev=1712422579&do=diff Postfix smtpd (smtp + daemon) = server = Postfix receives mail from a client smtp = client = Postfix sends mail to another mailserver Edit /etc/postfix/main.cf queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix smtpd_banner = mail.example.org myhostname = mail.example.org myorigin = example.org mydestination = mail.example.org mynetworks = 127.0.0.0/8, 10.0.0.0/8 alias_maps = hash:/etc/aliases, ldap:virtualaliases… anonymous@undisclosed.example.com (Anonymous) Sat, 06 Apr 2024 16:56:19 +0000 https://www.hackerbruecke.net/linux/email/postfix/postfix_secure?rev=1493132183&do=diff Postfix with TLS and SSL (smtps) Use a portscanner like „nmap“: station7:/etc/init.d # nmap localhost | grep smtp 25/tcp open smtp -> smtp is only running at port 25! TLS Modify the TLS-settings in /etc/postfix/main.cf #--- SSL/TLS setting ---# smtpd_client_restrictions= permit_tls_clientcerts, permit_sasl_authenticated smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, reject_unauth_destination, check_sender_access hash:/etc/… anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:56:23 +0000 https://www.hackerbruecke.net/linux/email/postfix/ssh-smtp-tunnel?rev=1493132228&do=diff SMTP-over-SSH-Tunnel Um zwei SMTP-Server (z.B. Mailserver im Heim-Netz zu Mailgateway bei Provider/Hoster) sicher miteinander zu verbinden, gibt es verschiedene Möglichkeiten. OpenVPN-Tunnel Eine Möglichkeit ist, ein OpenVPN-Tunnel zwischen beiden Servern. anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:57:08 +0000 https://www.hackerbruecke.net/linux/lvm/index?rev=1493132362&do=diff Logical Volume Manager (LVM) die generelle Struktur bei LVM: Physical Volums (pv) werden in Volume Groups (vg) gruppiert, darin werden dann die Logical Volumes (lv) angelegt. Die entsprechenden Befehle fangen immer mit pv, vg oder lv an. Ein neues Device fuer LVM vorbereiten: anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:59:22 +0000 https://www.hackerbruecke.net/linux/email/monitoring/pflogsum?rev=1493132162&do=diff Postfix-Reporting mit Pflogsum apt-get install pflogsum /usr/local/bin/postfix_report.sh #!/bin/bash /usr/sbin/pflogsumm -d yesterday --problems_first /var/log/mail.log.1 > /tmp/pflogsumm /usr/bin/mailx -s "Automatischer Postfix-Report von $(hostname)" -r postfix-admin@station7.example.de postfix-admin@station7.example.de < /tmp/pflogsumm anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:56:02 +0000 https://www.hackerbruecke.net/linux/email/postfix/relayhost?rev=1493132193&do=diff Postfix configuration for a relayhost (MX) / Anti-SPAM-/UCE-settings smtpd (smtp + daemon) = server = Postfix receives mail from a client smtp = client = Postfix sends mail to another mailserver used Ports: 10023/tcp: postgrey 10024/tcp: amavisd-new 10025/tcp: policyd-weight anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:56:33 +0000