Convert .p12 bundle to server certificate and key files

Seperate Private Key and Certificate file

#Generate certificates bundle file

openssl pkcs12 -nokeys -in server-cert-key-bundle.p12 -out server-ca-cert-bundle.pem

#Generate server key file.

openssl pkcs12 -nocerts -nodes -in server-cert-key-bundle.p12 -out server.key

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

Create a .pfx/.p12 certificate file using OpenSSL

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt

Src: https://www.sslshopper.com/article-most-common-openssl-commands.html

Share

Increasing Attachment Size in Posfix

Postfix by default restrict attachment size to approx 10MB i.e. 10240000 bytes.

You can check it using following command:

postconf | grep message_size_limit

To change attachment-size to say 50 MB, run a command like:

postconf -e message_size_limit=52428800

Note:
If you are running a mail-server with SMTP/IMAP access, you need to change postfix attachment size only. I spent half-hour debugging dovecot to increase attachment size, just to realize that above change in postfix config was all I needed!

Share

Install Poppassd in CentOS 7

Steps for configuration change password plugin for squirrelmail/Horde/Rainloop using poppassd are:

Download poppassd.c from https://netwinsite.com/poppassd/

Look at poppassd.c and make sure it looks safe

yum -y install gcc
gcc poppassd.c -o poppassd -lcrypt
mv poppassd /usr/local/bin/
yum -y install xinetd
cp /etc/xinetd.d/time-stream /etc/xinetd.d/poppassd

nano /etc/xinetd.d/poppassdUpdate “service time” to “service poppassd”

disable = no
id = poppasswd
type = UNLISTED
user = root
group = root
server = /usr/local/bin/poppassd
port = 106
systemctl restart xinetd
systemctl enable xinetd

Test by doing “telnet localhost 106” that service is started properly or not.

Your poppassd is now installed on Centos 7 system.

Src: https://www.sbarjatiya.com/notes_wiki/index.php/CentOS_7.x_Configure_change_password_plugin_for_squirrelmail_using_poppassd

Share

DNS Slave Using Virtualmin

DNS Slave Auto-Configuration Quickstart

A quick guide to assist administrators who want to use Virtualmin’s automatic DNS slave configuration features. This allows for DNS server redundancy.

Introduction

Virtualmin can automatically manage any number of DNS slave servers for you. Once configured, it will create slave zones on other servers and configure them to automatically update when changes are made on your Virtualmin server. For this to work, you need Virtualmin on your primary server and Webmin (a free download) on your slave server(s). Henceforth, all references will refer to the primary server as the “Virtualmin server” and the DNS slave server as the “slave server”.

Getting Webmin for the Slave

If you don’t have Virtualmin installed on your slave server(s), you’ll need to install Webmin. Webmin is available for nearly every UNIX and Linux variant available, and is free to download and use. Continue reading “DNS Slave Using Virtualmin” »

Share

Force reboot of a remote Linux machine

To force the kernel to reboot the system we will be making use of the magic SysRq key.

The magic_SysRq_key provides a means to send low level instructions directly to the kernel via the /proc virtual file system.

To enable the use of  the magic SysRq option type the following at the command prompt:

echo 1 > /proc/sys/kernel/sysrq

Then to reboot the machine simply enter the following:

echo b > /proc/sysrq-trigger

Voilà! Your system will instantly reboot.

Share

Add a Static Route on CentOS

To add a temporary route:

ip route add 172.16.5.0/24 via 10.0.0.101 dev eth0

To make it persist system or network settings restart, create a route-ifname file for an interface through which the subnet is accessed, in this case eth0:

nano /etc/sysconfig/network-scripts/route-eth0

Add the line with the network settings for the other subnet:

172.16.5.0/24 via 10.0.0.101 dev eth0

If your computer is on a network and is not directly connected to the internet, it will be configured with what is called a default gateway, which is usually a router. If the computer cannot find the specific IP address on its local network (aka broadcast domain), as defined by its subnet, it will forward any packets headed to that IP address to the default gateway. The gateway will then attempt to forward packets elsewhere, such as the internet, or another broadcast domain Continue reading “Add a Static Route on CentOS” »

Share

Set Hostname in Centos 7

CentOS 7 only allows Fully Qualified Domain Names (FQDN’s). Acceptable values include lower-case letters a to z, numbers 0 to 9, the period, and the hyphen, and between 2 and 63 characters.

At the console, type:

hostnamectl set-hostname my.new-hostname.server

NOTE: Replace my.new-hostname.server with your chosen hostname.

Check the Hostname

hostnamectl
Share

SOLVED Zimbra 8.6 HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp

Do a quick search under the usual jetty folders:

find /opt/zimbra/jetty/ -type f -name *jsp -mtime -30

If you find files like:

/opt/zimbra/jetty/webapps/zimbra/js/zimbra/csfe/XZimbra.jsp
/opt/zimbra/jetty/webapps/zimbra/public/Ajax.jsp

you’re actually hacked.

Unlike the previous “zmcat” and “dblaunchs” that actually exploit the vuln and load some sh*t this looks like a bad childish attack. It seems that they delete some files under jetty dir, don’t know why. 
The attack vector is the same, but, there are no strange processes, there is no persistence. Continue reading “SOLVED Zimbra 8.6 HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp” »

Share

SOLVED Debian Wheezy Letsencrypt error /opt/eff.org/certbot/venv/bin/python: No module named pip.__main__; ‘pip’ is a package and cannot be directly executed

My case and solution:

Debian 7.11 wheezy
python2.7
python-pip NOT installed

My steps:

#ln -fs /usr/lib/python2.7/plat-x86_64-linux-gnu/_sysconfigdata_nd.py /usr/lib/python2.7/
#wget https://raw.githubusercontent.com/certbot/certbot/75499277be6699fd5a9b884837546391950a3ec9/certbot-auto
#chmod +x ./certbot-auto
#certbot-auto renew --no-self-upgrade

it download some files and works fine.

Src: https://github.com/certbot/certbot/issues/6824

Share