xvrsfrnssks's blog

Rabu, 12 September 2012

samba configuration with audit

security = user

[foldername]
path = /data/test
valid users = john
writeable = yes
create mask = 0664
directory mask = 0775
vfs objects = full_audit
full_audit:prefix = %u|%I
full_audit:success = open unlink rename chdir rmdir
full_audit:failure = none

Selasa, 11 September 2012

amazon s3 with fuse

/* http://code.google.com/p/s3fs/wiki/InstallationNotes */
wget http://s3fs.googlecode.com/files/s3fs-1.61.tar.gz
sudo apt-get install build-essential libfuse-dev fuse-utils libcurl4-openssl-dev libxml2-dev mime-support

/* compile s3fs and install */
tar xvzf s3fs-1.61.tar.gz
cd s3fs-1.61/
./configure --prefix=/usr
make
sudo make install

/* put your aws keys */
echo "AccessKey:SecretKey" | sudo tee -a /etc/passwd-s3fs && sudo chmod 0600 /etc/passwd-s3fs

/* prepare mount point at /vol */
sudo mkdir -p -m 000 /vol
echo "s3fs#{your-bucket-name} /vol fuse nosuid,nodev,allow_other 0 0" | sudo tee -a /etc/fstab

Extended vsFTPd builds

tar xzvf vsFTPd-2.3.5-ext1.tgz
cd vsFTPd-2.3.5-ext.1
sudo apt-get install make gcc libwrap0-dev libcap-dev libpam-dev libssl-dev
make
sudo make install
sudo cp vsftpd.8 /usr/share/man/man8/
sudo cp vsftpd.conf.5 /usr/share/man/man5/
sudo mkdir -p /srv/ftp
sudo addgroup --system ftp
sudo adduser --system --home /srv/ftp --no-create-home --ingroup ftp --disabled-password --disabled-login ftp

sudo /etc/init/vsftpd.conf

# vsftpd - FTP Daemon
#

description     "vsftpd daemon"
author          "Chuck Short "

start on (filesystem
        and net-device-up IFACE!=lo)
stop on runlevel [!2345]
respawn

pre-start script
        check_standalone_mode()
        {
                # Return 1 if vsftpd.conf doesn't have listen yes or listen_ipv6=yes
                CONFFILE="/etc/vsftpd/vsftpd.conf"

                if [ -e  "${CONFFILE}" ] && ! egrep -iq "^ *listen(_ipv6)? *= *yes" "${CONFFILE}"
                then
                        echo "${CONFFILE}: listen disabled - service will not start"
                        return 1
                fi
        }
        [ -d /usr/share/empty ] || install -m 755 -o root -g root -d /usr/share/empty
        check_standalone_mode || stop
end script

exec /usr/local/sbin/vsftpd

sudo ln -s /lib/init/upstart-job /etc/init.d/vsftpd
sudo nano /etc/vsftpd/vsftpd.conf

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
chroot_local_user=YES

pam_service_name=vsftpd
pasv_min_port=49152
pasv_max_port=65535
hide_ids=YES
allow_writable_root=YES
local_max_rate=1000000 # Maximum data transfer rate in bytes per second
max_clients=50         # Maximum number of clients that may be connected
max_per_ip=4           # Maximum connections per IP

mysql backup using mysqldump

mysqldump -u user -ppass mydatabase | gzip > /vol/mydatabase_`date '+%Y-%m-%d'`.sql.gz

raid 1+0 with 10 disks

sudo mdadm --create md0 --level=10 --chunk=64 --raid-devices=10 /dev/xvdf1 /dev/xvdf2 /dev/xvdf3 /dev/xvdf4 /dev/xvdf5 /dev/xvdf6 /dev/xvdf7 /dev/xvdf8 /dev/xvdf9 /dev/xvdf10

sudo mdadm --detail --scan | sudo tee -a /etc/mdadm/mdadm.conf

echo "/dev/md/ip-xx-xx-xx-xx:md0 /data auto defaults,nobootwait,noatime,data=writeback,barrier=0,nobh 0 0" | sudo tee -a /etc/fstab

postfix basic essentials

check postfix supported lookup table types: "sudo postconf -m"

.
.
regexp
.
.

sudo nano /etc/postfix/header_checks

/^Received:/ IGNORE
/^Reply-To:/ IGNORE
/^X-/ IGNORE

sudo nano /etc/postfix/main.cf

# header checks lookup

header_checks = regexp:/etc/postfix/header_checks

# lookup tables

virtual_alias_maps = hash:/etc/postfix/virtual
smtp_generic_maps = hash:/etc/postfix/generic

# relay to external sender

smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
relayhost = [domain.com]:587

# generic - virtual - sasl_passwd

generic: www-data user@domain.com
virtual: @domain.com user@domain.net
sasl_passwd: domain.com user@domain.com:pass

# same goes to other hash tables
sudo postmap /etc/postfix/generic

Senin, 13 Agustus 2012

smtp service

perl -MMIME::Base64 -e 'print encode_base64("\000username\@your-domain-name.com\000password-here")'

openssl s_client -starttls smtp -crlf -connect mail.domain.com:587

[or]

openssl s_client -crlf -connect mail.domain.com:465

#------------------------------
ehlo testing
auth plain {encoded-text-from-base64}
mail from: <user@domain.com>
rcpt to: <someone@other.com>
data
from: blabla <user@domain.com>
to: jdoe <someone@other.com>
subject: testing

{this is body part}

.
#-------------------------------