Christophs outsourced brain https://www.hackerbruecke.net/ Sun, 12 Apr 2026 16:57:16 +0000 FeedCreator 1.8 https://www.hackerbruecke.net/_media/wiki/favicon.ico https://www.hackerbruecke.net/ https://www.hackerbruecke.net/linux/commserv/ldap/ldap_secure?rev=1293466843&do=diff TLS and LDAP over SSL (ldaps) Modifying /etc/openldap/ldap.conf Modify / append the TLS-settings: #--- SSL/TLS setting ---# TLSCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP TLS_CACERT /etc/ssl/certs/ca_cert.pem TLS_CERT /etc/ssl/certs/station7_cert.pem TLS_KEY /etc/ssl/private/station7_key.pem TLS_REQCERT demand anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:43 +0000 https://www.hackerbruecke.net/linux/commserv/apache2/config?rev=1293466841&do=diff Apache SSL (https) A special thing for getting Apache2 starting withaut user-interaction is also to store a decrypted key, since without Apache will ask at every start for the password... mv /etc/ssl/private/station7_key.pem /etc/ssl/apache2/private/station7_secure-key.pem openssl rsa -in /etc/ssl/private/station7_secure-key.pem -out /etc/ssl/apache2/private/station7_decrypted-key.pem anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:41 +0000 https://www.hackerbruecke.net/linux/email/cyrus/cyrus_secure?rev=1493131964&do=diff TLS, IMAP over SSL (imaps) and pop3 over SSL (pop3s) TLS Modify / append the TLS-settings in /etc/imap.conf: #--- SSL/TLS setting ---# tls_ca_path: /etc/ssl/certs tls_ca_file: /etc/ssl/certs/ca_cert.pem tls_cert_file: /etc/ssl/certs/station7_cert.pem tls_key_file: /etc/ssl/private/station7_key.pem anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:52:44 +0000 https://www.hackerbruecke.net/linux/commserv/ca/ca?rev=1293466844&do=diff Certificate Authority generate certificate and key-files using e.g. one of the follwing * simple OpenSSL CA * Tiny CA * phpki CA trusting your Certificate Authority Ensure there's only one CA certificate in the file from your CA. Normally there is, but ocassionally several are stored in the same file. To list the number of certificates in a file, use the command below. If you get an answer of more than one, then see the section on multiple certificates in one file. The command to ch… anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:44 +0000 https://www.hackerbruecke.net/linux/email/spamassassin/spamassassin?rev=1493132319&do=diff SpamAssassin SA-config-genarator: <http://www.yrex.com/spam/spamconfig.php> /etc/mail/spamassassin/local.cf: # SpamAssassin config file for version 3.x # NOTE: NOT COMPATIBLE WITH VERSIONS 2.5 or 2.6 # See http://www.yrex.com/spam/spamconfig25.php for earlier versions # Generated by http://www.yrex.com/spam/spamconfig.php (version 1.50) # How many hits before a message is considered spam. required_score 5.0 # Encapsulate spam in an attachment (0=no, 1=yes, 2=safe) report_safe … anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:58:39 +0000 https://www.hackerbruecke.net/linux/commserv/ldap/pam?rev=1293466843&do=diff /etc/ldap.conf (for PAM) # # This is the configuration file for the LDAP nameservice # switch library, the LDAP PAM module and the shadow package. # # Your LDAP server. Must be resolvable without using LDAP. host 127.0.0.1 # The distinguished name of the search base. base dc=example,dc=com # The LDAP version to use (defaults to 3 # if supported by client library) ldap_version 3 # Hash password locally; required for University of # Michigan LDAP server, and works with Netscape # Directory Ser… anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:43 +0000 https://www.hackerbruecke.net/linux/email/postfix/postfix_secure?rev=1493132183&do=diff Postfix with TLS and SSL (smtps) Use a portscanner like „nmap“: station7:/etc/init.d # nmap localhost | grep smtp 25/tcp open smtp -> smtp is only running at port 25! TLS Modify the TLS-settings in /etc/postfix/main.cf #--- SSL/TLS setting ---# smtpd_client_restrictions= permit_tls_clientcerts, permit_sasl_authenticated smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, reject_unauth_destination, check_sender_access hash:/etc/… anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:56:23 +0000 https://www.hackerbruecke.net/linux/commserv/ldap/slapd_conf?rev=1293466843&do=diff /etc/openldap/slapd.conf <http://www.stanford.edu/services/directory/openldap/configuration/bdb-config.html> # The database configuration parameters must appear *after* the "database" # directive, as DB_CONFIG files are 'per backend'. dbconfig set_cachesize 4 0 1 dbconfig set_lg_regionmax 262144 dbconfig set_lg_bsize 2097152 dbconfig set_lg_dir /var/log # Automatically remove log files that are no longer needed. dbconfig set_flags DB_LOG_AUTOREMOVE # # Setting set_tas_spins reduces resour… anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:43 +0000 https://www.hackerbruecke.net/linux/commserv/ca/openssl_ca?rev=1293466844&do=diff simple OpenSSL Certficate Authority Create Certificate Authority station7:/etc # station7:/usr/share/ssl/misc # ./CA.sh -newca CA certificate filename (or enter to create) Making CA certificate ... Generating a 1024 bit RSA private key .....++++++ .....................................++++++ writing new private key to './demoCA/private/./cakey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your c… anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:44 +0000 https://www.hackerbruecke.net/linux/commserv/ldap/ldap_conf?rev=1293466843&do=diff /etc/openldap/ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. # 21.07.2006, chhaas BASE dc=example,dc=com URI ldap://127.0.0.1 ### #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never #--- SSL/TLS setting ---# TLSCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+SSLv2:+EXP #TLSCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP TLS_CACERT /etc/ssl/certs/ca_cert.pem TLS_CERT /etc/ssl/certs/station7_cert.pem TLS_KEY /e… anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:43 +0000 https://www.hackerbruecke.net/linux/email/postfix/config?rev=1712422579&do=diff Postfix smtpd (smtp + daemon) = server = Postfix receives mail from a client smtp = client = Postfix sends mail to another mailserver Edit /etc/postfix/main.cf queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix smtpd_banner = mail.example.org myhostname = mail.example.org myorigin = example.org mydestination = mail.example.org mynetworks = 127.0.0.0/8, 10.0.0.0/8 alias_maps = hash:/etc/aliases, ldap:virtualaliases… anonymous@undisclosed.example.com (Anonymous) Sat, 06 Apr 2024 16:56:19 +0000 https://www.hackerbruecke.net/linux/commserv/other/cpan2rpm?rev=1293466841&do=diff cpan2rpm At <http://sourceforge.net/project/showfiles.php?group_id=74018> you can download a RPM-builder for CPAN-Perl-modules. The man-page stats: cpan2rpm [options] <distribution> The syntax for cpan2rpm requires a single distribution name, which can take one of four different forms: * a CPAN module name (e.g. XML::Simple) - When a module name is passed, the script will ``walk'' search.cpan.org to determine the latest distribution. If an exact match is not found, the CPAN module i… anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:41 +0000 https://www.hackerbruecke.net/linux/email/postfix/ldap?rev=1493132150&do=diff using LDAP /etc/postfix/ldap-aliases.cf: server_host= ldaps://localhost:636 server_port= 636 start_tls = no tls_ca_cert_file = /etc/ssl/postfix/certs/ca_cert.pem tls_ca_cert_dir = /etc/ssl/postfix/certs/ tls_cert = /etc/ssl/postfix/certs/station7_cert.pem tls_key = /etc/ssl/postfix/private/station7_key.pem #tls_random_file = dev:/dev/urandom tls_cipher_suite = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP version= 3 bind= no timeout= 120 search_base= dc=example,dc=com query_filter = (&(object… anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:55:50 +0000 https://www.hackerbruecke.net/linux/commserv/gosa/gosa_secure?rev=1293466843&do=diff force GOsa using ldaps Change the server-configuration in the „location“-section of /etc/gosa.conf from: server="ldap://localhost:389" to: server="ldaps://localhost:636" tls="true" <referral url="ldaps://localhost:636/dc=example,dc=com" admin="cn=ldapadmin,dc=example,dc=com" password="verysecretpassword" /> anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:43 +0000 https://www.hackerbruecke.net/linux/commserv?rev=1493132445&do=diff This documentation is work in progress, no liability for correctness can be given! Communications-Server Motivation Because I had to look for a log time around the Internet, asking a lot of questions on mailing-lists, reading books and talking to friends for configuring my commserv, thus having quite a bit of hassle getting things working, I'd like give my experiences back to the comunity. anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 15:00:45 +0000 https://www.hackerbruecke.net/linux/email/cyrus/sieve?rev=1493131976&do=diff Sieve * <http://sieve.info/> * <http://en.wikipedia.org/wiki/Sieve_%28mail_filtering_language%29> * <http://de.wikipedia.org/wiki/Sieve> * <http://www.uni-koeln.de/rrzk/mail/software/sieve/sieve.html> Sieve and SSL / TLS timsieved allows for SSL on connect (like https, imaps, or pop3s), only STARTTLS. So you have to wrap it in an stunnel (www.stunnel.org), which is a another story ... Have a look at this: <http://lists.horde.org/archives/ingo/Week-of-Mon-20050704/000872.html> Testi… anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:52:56 +0000 https://www.hackerbruecke.net/linux/debian/all?rev=1493131598&do=diff 2014-08-08 zuerst „Debian OS-Basis-Installation auf Blech“ durchfuehren!!! auf allen Server-Instanzen („Blech“, Linux VServer, LXC): ### Proxy der UKBW fuer die Installations-Shellsitzung setzen: export http_proxy=„<http://proxy01.ukbw.de:3128/>“ ### LiHAS GPG-Key importieren: wget -O - anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:46:38 +0000 https://www.hackerbruecke.net/linux/debian/hardware?rev=1493131617&do=diff 2014-06-17 zuerst „Debian OS-Basis-Installation auf Blech“ durchfuehren!!! zusaetzlich „auf dem Blech“: ### Proxy der UKBW fuer die Installations-Shellsitzung setzen: export http_proxy="http://proxy01.ukbw.de:3128/" ### LiHAS GPG-Key importieren: anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:46:57 +0000 https://www.hackerbruecke.net/linux/email/email?rev=1493137617&do=diff email Mailserver, Mailgateway, Anti-Spam [AMaVISd-new, SpamAssassin, dSpam, rspamd], SPF, DKIM, PFS etc. \\}} Postfix smtpd Postfix ist ein sehr mächtiger Mail Transport Agent, entwickelt von Wietse Venema. * Postfix Konfiguration für einen Mailserver * use of LDAP lookup maps * Postfix' Postscreen Modul anstatt policyd-weight oder postfwd * Postfix Anti-SPAM/UCE settings * Postfix SASL Konfiguraton * SMTP-authentication * TLS and SSL configuration (smtps) * anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 16:26:57 +0000 https://www.hackerbruecke.net/linux/commserv/squid/config?rev=1408135491&do=diff Squid configuration */etc/squid/squid.conf: icp_port 0 htcp_port 0 hierarchy_stoplist cgi-bin ? cache_swap_low 90 cache_swap_high 95 maximum_object_size 4096 KB ipcache_size 1024 ipcache_low 90 ipcache_high 95 fqdncache_size 1024 cache_access_log /var/log/squid/access.log cache_dir ufs /var/cache/squid 240000 32 256 cache_log /var/log/squid/cache.log cache_mem 3000 MB cache_store_log /var/log/squid/store.log emulate_httpd_log off mime_table /etc/squid/mime.conf log_mime_hdrs off useragent_log… anonymous@undisclosed.example.com (Anonymous) Fri, 15 Aug 2014 20:44:51 +0000 https://www.hackerbruecke.net/linux/linux?rev=1715428233&do=diff Debian-Installation * Installation von GNU/Debian auf Hardware oder virtueller Instanz * zweite Netzwerkkarte mit wechselnder Konfiguration securing DNS and Mail * Domain Name System Security Extensions (DNSSEC) mit Bind9 * DNS-based Authentication of Named Entities (DANE) und TLS Authentication record (TLSA) * Sender Policy Framework (SPF) * DomainKeys Identified Mail (DKIM) * Domain-based Message Authentication, Reporting and Conformance (DMARC) * Authenticated Received… anonymous@undisclosed.example.com (Anonymous) Sat, 11 May 2024 11:50:33 +0000 https://www.hackerbruecke.net/linux/commserv/todo?rev=1293466842&do=diff ToDo Things, that have to be documented: * generating the decrypted SSL-key with OpenSSL-CA * use of TinyCA and phpki-CA * Postfix: main.cf and master.cf * implement <http://www.contentschmiede.de/archiv/2005/08/26/postfix_fuer_typo3_und_gmx_fit_machen/> in email -> Postfix -> SMTPd- / SMTP-Authentication anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:42 +0000 https://www.hackerbruecke.net/linux/debian/desktop?rev=1493131583&do=diff 2013-12-27 fuer Desktops zusaetzlich: kde-full lightdm-kde-greeter alsamixergui amarok audacity audacity-data bc chromium-browser / chromium chromium-browser-l10n / chromium-l10n chromium-codecs-ffmpeg-extra cifs-utils clusterssh cryptsetup cryptsetup-bin cups cups-browsed cups-bsd cups-client cups-common cups-daemon cups-filters cups-ppdc dnsmasq duplicity ethtool fuse gnupg gnupg-agent gnupg2 gpgsm gpgv hplip hplip-data hplip-gui htop ifupdown / ifupdown-scripts-zg2 keepassx kgpg libre… anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:46:23 +0000 https://www.hackerbruecke.net/linux/email/cyrus?rev=1493131782&do=diff Cyrus imapd * Cyrus configuration (IMAP4/POP3) * TLS and SSL configuration (imaps) * Cyrus SIEVE configuration <- zurück anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:49:42 +0000 https://www.hackerbruecke.net/linux/commserv/egroupware/config?rev=1293466841&do=diff eGroupWare Version 1.4.001 pre-requisites: * required PHP version 4.3+ (recommended 5+) * php.ini: safe_mode = Off * php.ini: magic_quotes_runtime = Off * php.ini: register_globals = Off * php.ini: memory_limit >= 16M * php.ini: max_execution_time >= 30 anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:41 +0000 https://www.hackerbruecke.net/linux/commserv/ldap/config?rev=1293466843&do=diff OpenLDAP * Configuration in /etc/openldap/ldap.conf * Configuration in /etc/openldap/slapd.conf * Configuration in /etc/ldap.conf for PAM * Configuration of OpenLDAP with TLS and SSL (ldaps) <- index anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:43 +0000 https://www.hackerbruecke.net/linux/monitoring/icinga/hardware/temper1?rev=1493132385&do=diff Temperaturmessungen mit dem TEMPer1 USB sensor Vor einiger Zeit begann ich zuhause mir einen kleinen Serverraum einzurichten - mein Datenklo ;-). In diesem Serverraum sollte natürlich auch die Raumtemperatur mit Icinga oder Nagios überwacht werden. - Natürlich gibt es verschiedene quasi out-of-the-box Lösungen, wie z.B. anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:59:45 +0000