UPDATE `config` SET `value` ='chimp@southpole.com' WHERE `category`='sugarchimp' AND `name`='erroremail'
Author Archives: Paede
About Paede
RAdvD
( Route Advertisement Daemon ) to deliver automated IPv6 Addresses and Default Gateway
no mor DHCP, this is pure magic
Using RAdvD ( Route Advertisement Daemon ) to deliver automated IPv6 Addresses and Default Gateway
grep is my friend
grep -v “#” anyofthisbloody.conf | grep -v “;”
-v ist die Invertierung des greps commands
routing an nat PC as gateway
To make it auto-set this value on boot uncomment this line in/etc/sysctl.conf
#net.ipv4.ip_forward=1
Then set up some rules in iptables to perform the natting and forwarding:
# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT
# We allow traffic from the LAN side
iptables -A INPUT -i eth0 -j ACCEPT
######################################################################
#
# ROUTING
#
######################################################################
# eth0 is LAN
# eth1 is WAN
# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Masquerade.
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# fowarding
iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPTsecurity
http://www.openvas.org/about.html
fail2ban
Snort NIDS mode
dovecot and mailing
openssl s_client -connect mail.sample.com:pop3s https://wiki.debian.org/PostfixAndSASL
test cet ssl
You should test your configuration at: │
│ https://www.ssllabs.com/ssltest/analyze.html?d=crm.southpolecarbon.c │
│ om │
│ https://www.ssllabs.com/ssltest/analyze.html?d=crm.southpolegroup.se │
│ rvices
start sysmonitor on synolgy
LabFileServer> /usr/syno/sbin/synosnmpcd
create ssl from let’s encrypt
.well-known/acme-challenge needs to be accesible
Generate ServerKey:
openssl genrsa -out server.key 2048
Generate Request:
openssl req -new -key server.key -out server.csr
Sign with letsencrypt:
git clone git://github.com/diafygi/acme-tiny acme-tiny/acme_tiny.py /usr/local/bin/ chmod +x /usr/local/bin/acme_tiny.py mkdir -p /var/www/domains/webside.com/public/.well-known/acme-challenge
acme_tiny.py --account-key le.key --csr server.csr --acme-dir /var/www/domains/thesouthpolegroup.com/public/.well-known/acme-challenge/ > server.crt
openssl x509 -noout -text -in server.crt
/etc/apache2/ssl# openssl x509 -text -in server.crt | grep Issue /etc/apache2/ssl# wget http://cert.int-x3.letsencrypt.org/ -O issue.der
openssl x509 -in issue.der -inform DER -out issue.crt -outform PEM
cat issue.crt >> server.crt
-----------apache conf
SSLEngine on
SSLCertificateFile "/etc/apache2/ssl/server.crt" SSLCertificateKeyFile "/etc/apache2/ssl/server.key"
---------------
apachectl configtest systemctl restart apache2.service
DNS
sudo -u bind rndc status
sudo -u bind rndc-confgen
sudo named-checkconf -v
not output is good
sudo named-checkzone localhost /etc/bind/db.local
rndc reload