Clear PageCache only
# sync; echo 1 > /proc/sys/vm/drop_caches
Clear dentries and inodes
# sync; echo 2 > /proc/sys/vm/drop_caches
Clear PageCache, dentries and inodes
# sync; echo 3 > /proc/sys/vm/drop_caches
Seperate Private Key and Certificate file
#Generate certificates bundle file
openssl pkcs12 -nokeys -in server-cert-key-bundle.p12 -out server-ca-cert-bundle.pem
#Generate server key file.
openssl pkcs12 -nocerts -nodes -in server-cert-key-bundle.p12 -out server.key
Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
Create a .pfx/.p12 certificate file using OpenSSL
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt
Src: https://www.sslshopper.com/article-most-common-openssl-commands.html
Postfix by default restrict attachment size to approx 10MB i.e. 10240000 bytes.
You can check it using following command:
postconf | grep message_size_limit
To change attachment-size to say 50 MB, run a command like:
postconf -e message_size_limit=52428800
Note:
If you are running a mail-server with SMTP/IMAP access, you need to change postfix attachment size only. I spent half-hour debugging dovecot to increase attachment size, just to realize that above change in postfix config was all I needed!
Steps for configuration change password plugin for squirrelmail/Horde/Rainloop using poppassd are:
Download poppassd.c from https://netwinsite.com/poppassd/
Look at poppassd.c and make sure it looks safe
yum -y install gcc gcc poppassd.c -o poppassd -lcrypt mv poppassd /usr/local/bin/ yum -y install xinetd cp /etc/xinetd.d/time-stream /etc/xinetd.d/poppassd
nano /etc/xinetd.d/poppassdUpdate “service time” to “service poppassd”
disable = no id = poppasswd type = UNLISTED user = root group = root server = /usr/local/bin/poppassd port = 106
systemctl restart xinetd systemctl enable xinetd
Test by doing “telnet localhost 106” that service is started properly or not.
Your poppassd is now installed on Centos 7 system.
Src: https://www.sbarjatiya.com/notes_wiki/index.php/CentOS_7.x_Configure_change_password_plugin_for_squirrelmail_using_poppassd
DNS Slave Auto-Configuration Quickstart
A quick guide to assist administrators who want to use Virtualmin’s automatic DNS slave configuration features. This allows for DNS server redundancy.
Introduction
Virtualmin can automatically manage any number of DNS slave servers for you. Once configured, it will create slave zones on other servers and configure them to automatically update when changes are made on your Virtualmin server. For this to work, you need Virtualmin on your primary server and Webmin (a free download) on your slave server(s). Henceforth, all references will refer to the primary server as the “Virtualmin server” and the DNS slave server as the “slave server”.
Getting Webmin for the Slave
If you don’t have Virtualmin installed on your slave server(s), you’ll need to install Webmin. Webmin is available for nearly every UNIX and Linux variant available, and is free to download and use. Continue reading “DNS Slave Using Virtualmin” »
Boot up the machine, and after the BIOS screen, hold down the left Shift key. You will then be prompted by a menu that looks something like this:
Hit the down arrow until you select the 2nd entry from the top (the one with the recovery mode in the description) and then hit Enter. Continue reading “Reset Ubuntu 12 root password” »
To force the kernel to reboot the system we will be making use of the magic SysRq key.
The magic_SysRq_key provides a means to send low level instructions directly to the kernel via the /proc virtual file system.
To enable the use of the magic SysRq option type the following at the command prompt:
echo 1 > /proc/sys/kernel/sysrq
Then to reboot the machine simply enter the following:
echo b > /proc/sysrq-trigger
Voilà! Your system will instantly reboot.
To add a temporary route:
ip route add 172.16.5.0/24 via 10.0.0.101 dev eth0
To make it persist system or network settings restart, create a route-ifname file for an interface through which the subnet is accessed, in this case eth0:
nano /etc/sysconfig/network-scripts/route-eth0
Add the line with the network settings for the other subnet:
172.16.5.0/24 via 10.0.0.101 dev eth0
If your computer is on a network and is not directly connected to the internet, it will be configured with what is called a default gateway, which is usually a router. If the computer cannot find the specific IP address on its local network (aka broadcast domain), as defined by its subnet, it will forward any packets headed to that IP address to the default gateway. The gateway will then attempt to forward packets elsewhere, such as the internet, or another broadcast domain Continue reading “Add a Static Route on CentOS” »
CentOS 7 only allows Fully Qualified Domain Names (FQDN’s). Acceptable values include lower-case letters a to z, numbers 0 to 9, the period, and the hyphen, and between 2 and 63 characters.
At the console, type:
hostnamectl set-hostname my.new-hostname.server
NOTE: Replace my.new-hostname.server with your chosen hostname.
Check the Hostname
hostnamectl
Do a quick search under the usual jetty folders:
find /opt/zimbra/jetty/ -type f -name *jsp -mtime -30
If you find files like:
/opt/zimbra/jetty/webapps/zimbra/js/zimbra/csfe/XZimbra.jsp /opt/zimbra/jetty/webapps/zimbra/public/Ajax.jsp
you’re actually hacked.
Unlike the previous “zmcat” and “dblaunchs” that actually exploit the vuln and load some sh*t this looks like a bad childish attack. It seems that they delete some files under jetty dir, don’t know why.
The attack vector is the same, but, there are no strange processes, there is no persistence. Continue reading “SOLVED Zimbra 8.6 HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp” »
My case and solution:
Debian 7.11 wheezy
python2.7
python-pip NOT installed
My steps:
#ln -fs /usr/lib/python2.7/plat-x86_64-linux-gnu/_sysconfigdata_nd.py /usr/lib/python2.7/ #wget https://raw.githubusercontent.com/certbot/certbot/75499277be6699fd5a9b884837546391950a3ec9/certbot-auto #chmod +x ./certbot-auto #certbot-auto renew --no-self-upgrade
it download some files and works fine.
Src: https://github.com/certbot/certbot/issues/6824
