Bind DNS Auto Slave Using Webmin

The latest webmin has bug! In this tutorials I’m using webmin verison 1.801- that actually works. Don’t know if webmin team really knows are aware of the bug 🙁

So, let’s start. But before that, it’s assumed that you have webmin installed in both the servers.

Configuring Webmin Server Continue reading “Bind DNS Auto Slave Using Webmin” »

Share

PHP Session test Script

I’ve just found a quality script to test php session- unless you’re in dark after some php.ini session tweaking done.

To check if sessions really work you can use this code:

<?php
// Start Session
session_start();
// Show banner
echo '<b>Session Support Checker</b><hr />';
// Check if the page has been reloaded
if(!isset($_GET['reload']) OR $_GET['reload'] != 'true') {
   // Set the message
   $_SESSION['MESSAGE'] = 'Session support enabled!<br />';
   // Give user link to check
   echo '<a href="?reload=true">Click HERE</a> to check for PHP Session Support.<br />';
} else {
   // Check if the message has been carried on in the reload
   if(isset($_SESSION['MESSAGE'])) {
      echo $_SESSION['MESSAGE'];
   } else {
      echo 'Sorry, it appears session support is not enabled, or you PHP version is to old. <a href="?reload=false">Click HERE</a> to go back.<br />';
   }
}
?>
Share

How to disable Network Manager on Linux

Disable Network Manager Completely

Here is how to disable Network Manager completely, so that Network Manager stops running on your Linux system.

To disable Network Manager on Debian 8 or later:

$ sudo systemctl stop NetworkManager.service
$ sudo systemctl disable NetworkManager.service

To disable Network Manager on Debian 7 or earlier:

$ sudo /etc/init.d/network-manager stop
$ sudo update-rc.d network-manager remove

To disable Network Manager on Ubuntu or Linux Mint: Continue reading “How to disable Network Manager on Linux” »

Share

Zimbra Exporting all mail addresses

Exporting all addresses (mailboxes, aliases and distribution lists) is a vital tool if you have a backup MX and only want it to accept email for valid recipients. One reason for that is to stop spammers who simply use a dictionary of common names to generate recipient email addresses which would flood a backup MX with undeliverable email. Some anti-spam providers (e.g. Postini) have automatic provisioning processes for making this possible.

A naive process of extracting mailboxes looks like this:

/opt/zimbra/bin/zmaccts | grep 'active' | egrep -v '^\W+' | awk '{print $1}'

Unfortunately, this doesn’t give distribution lists and aliases, so a more sophisticated approach is necessary, for which there is no specific tool and requires using the ldap tool thus: Continue reading “Zimbra Exporting all mail addresses” »

Share

Set Up Nginx Load Balancing with SSL Termination

Nginx can be configured as a load balancer to distribute incoming traffic around several backend servers. SSL termination is the process that occurs on the load balancer which handles the SSL encryption/decryption so that traffic between the load balancer and backend servers is in HTTP. The backends must be secured by restricting access to the load balancer’s IP, which is explained later in this article.

Prerequisites
In this tutorial the commands must be run as the root user or as a user with sudo privileges. You can see how to set that up in the Users Tutorial. Continue reading “Set Up Nginx Load Balancing with SSL Termination” »

Share

Install webmin in Centos 7

Step 1 — Installing Webmin

First, we need to add the Webmin repository so that we can easily install and update Webmin using our package manager. We do this by adding a new file called /etc/yum.repos.d/webmin.repo that contains information about the new repository.

Create and open this new file using your text editor:

sudo vi /etc/yum.repos.d/webmin.repo

Then add these lines to the file to define the new repository:

/etc/yum.repos.d/webmin.repo
[Webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1

Save the file and exit the editor. Next, add the Webmin author’s PGP key so that your system will trust the new repository: Continue reading “Install webmin in Centos 7” »

Share

Important Exim Commands

To get a count of messages in the queue

exim -bpc

Print a listing of the messages in the queue (time queued, size, message-id, sender, recipient)

exim -bp

Print a summary of messages in the queue (count, volume, oldest, newest, domain, and totals):

exim -bp | exiqsumm

Print what Exim is doing right now:

exiwhat

Display the version of Exim and the location of Exim configuration file: Continue reading “Important Exim Commands” »

Share

The SSL/TLS Handshake: an Overview

Obligatory SSL/TLS Handshake Graphic
All SSL/TLS-related sites have their own version of a handshake diagram – here’s ours! (Click to enbiggen.)

Let’s Clear Up Some Confusion, If We Can
Some confusion about how SSL/TLS handshakes work is due to the handshake being only the prelude to the actual, secured session itself. Let’s try to address some common points: Continue reading “The SSL/TLS Handshake: an Overview” »

Share

Test your DNS using Dig, Nmap, Tcpdump

For DNS resolution to succeed to 192.168.0.1, the DNS server at 192.168.0.1 will need to accept TCP and UDP traffic over port 53 from our server. A port scanner such as the nmap tool can be used to confirm if the DNS server is available on port 53 as shown below.

Note: To install nmap run ‘yum install nmap -y’.

[root@centos ~]# nmap -sU -p 53 192.168.0.1
Starting Nmap 6.40 ( http://nmap.org ) at 2015-08-26 15:22 AEST
Nmap scan report for 192.168.0.1
Host is up (0.00091s latency).
PORT STATE SERVICE
53/udp open|filtered domain
MAC Address: 02:00:79:55:00:0D (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds

[root@centos ~]# nmap -sT -p 53 192.168.0.1
Starting Nmap 6.40 ( http://nmap.org ) at 2015-08-26 15:22 AEST
Nmap scan report for 192.168.0.1
Host is up (0.00099s latency).
PORT STATE SERVICE
53/tcp open domain
MAC Address: 02:00:79:55:00:0D (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds

Continue reading “Test your DNS using Dig, Nmap, Tcpdump” »

Share

Let’s Encrypt service with Pound server

In order to install Certbot on your server, follow the next steps: (make sure you have “git” installed on your system)

$sudo apt-get install git (if not previously installed)
$cd /opt
$sudo git clone https://github.com/certbot/certbot

Running the above commands will download the Certbot latest release from their git repo in the /opt folder. Then we need to stop any service that might be using port 80 on our server, since the installation type we will be performing on this tutorial is the “standalone” type described on the Cerbot documentation, there are other ways to install the certificates, it is up to your preference.
Since this tutorial is about Pound, we are assuming the daemon is already installed so we need to stop it:

$sudo service pound stop

once the service is stopped, run:

$cd /opt/certbot
$sudo ./letsencrypt-auto --text --email YOUR@EMAIL -d YOUR_DOMAIN --agree-tos --standalone certonly

by default, running the command above will generate the necessary key files (*.pem) in the following folder:

/etc/letsencrypt/live/YOUR_DOMAIN/

now, we need to create a private key file that Pound can understand, to do so run the following:

$sudo cat /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem > /etc/ssl/YOUR_DOMAIN.pem

doing so, will concatenate the privkey.pem file and the fullchain.pem file generated by Cerbot into a single file that will be stored into your ssl certificates folder, this is very important! Continue reading “Let’s Encrypt service with Pound server” »

Share