AWS Lightsail: Ubuntu 16: spf, dkim, dmarc

Posted Leave a commentPosted in tech

https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf DNS Entries hensler.net TXT “v=spf1 ip4:3.225.201.202 ~all” default._domainkey.hensler.net. TXT “v=DKIM1;k=rsa;” “part I” “part II” _dmarc TXT v=DMARC1; p=none; pct=100; rua=mailto:dmarc-reports@hensler.net DNS Type SPF use has been removed in the standards track version of SPF, RFC 7208. Your DNS Type SPF record should be republished as Type TXT instead. dig hensler.net txt http://spf.myisp.ch/ https://www.kitterman.com/spf/validate.html? spf […]

AWS Lightsail: Ubuntu 16: lets encrypt, certbot, cron

Posted 1 CommentPosted in tech

https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx request wildcard certificate sudo certbot –server https://acme-v02.api.letsencrypt.org/directory -d *.hensler.net –manual –preferred-challenges dns-01 certonly certbot –nginx (adds nginx configuration for SSL) sudo certbot certonly –manual -d ‘*.hensler.net’ –dry-run sudo certbot certonly –manual -d ‘*.hensler.net’ >> update .txt for _acme-challenge.hensler.net in route53 sudo service nginx restart sudo certbot certificates Saving debug log to /var/log/letsencrypt/letsencrypt.log – – […]

AWS Lightsail: Ubuntu 16: Postfix & Dovecot

Posted 1 CommentPosted in tech

Ubuntu Postfix Dovecot SMTP Banner Ubuntu Open lightsail ports SSH TCP 22 Custom TCP 25 HTTP TCP 80 Custom TCP 110 Custom TCP 143 HTTPS TCP 443 Custom TCP 993 Custom TCP 995 sudo netstat -lnpt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:3306 […]

from monolithic to serverless applications

Posted Leave a commentPosted in tech

#1: Migrating a monolithic application (daytrader) on top of a WebSphere Liberty application server form traditional deployment to cloud services using AWS. This involves multiple steps, starting with containerizing the application, converting the database (Derby to Postgres) and finally migrating images into Amazon’s cloud to make use of the Elastic Cloud services (EC*) and High […]

exclude tag from tag cloud

Posted Posted in tech

add_filter( ‘widget_tag_cloud_args’, ‘jmw_exclude_tag_from_tag_cloud’); function jmw_exclude_tag_from_tag_cloud( $args ) { $args[ ‘exclude’ ] = ’45’; // ID of the tag. If multiple tags use comma delimited sting ‘2,5,36’ return $args; }

OAuth/OIDC with ISAM

Posted Leave a commentPosted in tech

Design and implement OAuth/OIDC authentication process for mobile clients (native/html) using ISAM (IBM Security Access Manager) and authorisation code grant type. Integrate custom “Message Provider Gateway” (MSG) in authentication process (verification of access token) using OIDC JWKS (JSON Web Key Set) and /userinfo endpoints. Products used: IBM Security Access Manager

WebSphere SP initiated SSO

Posted Leave a commentPosted in tech

By default, the WebSphere Application Server SAML Trust Association Interceptor (TAI) supports IdP-initiated SSO only. When custom code is in place, the SAML TAI can be configured to support SP-initiated SSO. Writing a custom java class the authentication process will be intercepted and handled by the SP – a SAML mutual trust relationship between the […]

IBM Security Directory Integrator (SDI) & its countless possibilities

Posted Leave a commentPosted in tech

User account synchronization between internal LDAP and directories of a foreign application domain (e.g. Cloud application), using SCIM (System for Cross-domain Identity Management), alternatively parsers (LDIF, JSON, XML, others) or synchronization with a cloud database. Products used: IBM Security Directory Integrator (SDI), IBM Secure Directory Server (SDS), Amazon Web Services (AWS) DynamoDB, Red Hat.

IBM Cloud Identity & IBM Connections Cloud

Posted Leave a commentPosted in tech

The intention of this project was to provide a consistent Single-Sign-On (SSO) between an on-premise ISAM (IBM Security Access Manager) and IBM’s Cloud Identity (CI) using SAML by utilising local user accounts for authentication. MMFA (Mobile Multi Factor Authentication) with QR Code and TOTP (Timely One Time Password) was added to provide a 2-factor authentication […]

openvpn

Posted Posted in tech

yum -y install epel-release yum -y install NetworkManager-openvpncd /usr/sbin/openvpn automatic login:create ovpn.username.txt with:usernamepassword vi /etc/openvpn/tta.confauth-user-pass ovpn.username.txt cp ovpn.username.txt /etc/openvpn/cp tta.conf /etc/openvpn/ ./openvpn –config /etc/openvpn/tta.conf –auth-user-pass /etc/openvpn/ovpn.username.txt autostart openvpnsystemctl enable openvpn@ttasystemctl status openvpn@tta.conf.service

IBM HTTP Server httpd.conf

Posted Posted in tech

ServerName was.hensler.net:80 LoadModule rewrite_module modules/mod_rewrite.so RewriteEngine On RewriteRule ^\/$ https://%{SERVER_NAME}/ [NE,L,R] LoadModule ibm_ssl_module modules/mod_ibm_ssl.so Keyfile /opt/IBM/HTTPServer/ssl/key.kdb SSLStashfile /opt/IBM/HTTPServer/ssl/key.sth <IfModule mod_ibm_ssl.c> Listen 0.0.0.0:443 <VirtualHost *:443> ServerName was.hensler.net:443 SSLEnable SSLClientAuth none SSLCompression off SSLProtocolDisable SSLv2 SSLv3 SSLProtocolEnable TLSv1 TLSv11 TLSv12 SSLCipherSpec TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 SSLCipherSpec TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 SSLCipherSpec TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 SSLCipherSpec TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 SSLCipherSpec TLS_RSA_WITH_AES_256_CBC_SHA SSLCipherSpec TLS_RSA_WITH_AES_128_CBC_SHA SSLCipherSpec SSL_RSA_WITH_3DES_EDE_CBC_SHA SSLCipherSpec SSL_RSA_WITH_3DES_EDE_CBC_SHA # […]

Autostart opendj CentOS

Posted Posted in tech

https://backstage.forgerock.com/knowledge/kb/book/b73824898#a56766667 cd /etc/systemd/system vim opendj.service [Unit] Description=opendj LDAP Server After=network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/opt/opendj/logs/server.pid ExecStart=/opt/opendj/bin/start-ds –quiet ExecStop=/opt/opendj/bin/stop-ds –quiet PrivateTmp=true LimitNOFILE=infinity [Install] WantedBy=multi-user.target systemctl enable opendj.service systemctl start opendj.service systemctl stop opendj.service

Autostart IBM HTTP Server CentOS

Posted Posted in tech

http://publib.boulder.ibm.com/httpserv/ihsdiag/startstop_questions.html#how-do-i-start-ihs-during-the-linux-boot-process cd /etc/systemd/system vim ihs.service [Unit] Description=IBM HTTP Server After=network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/opt/IBM/HTTPServer/logs/httpd.pid ExecStart=/opt/IBM/HTTPServer/bin/apachectl start -d /opt/IBM/HTTPServer ExecStop=/opt/IBM/HTTPServer/bin/apachectl graceful-stop ExecReload=/opt/IBM/HTTPServer/bin/apachectl graceful PrivateTmp=true LimitNOFILE=infinity [Install] WantedBy=multi-user.target vim ihsadmin.service [Unit] Description=IBM HTTP Administration Server After=network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/opt/IBM/HTTPServer/logs/admin.pid ExecStart=/opt/IBM/HTTPServer/bin/adminctl start ExecStop=/opt/IBM/HTTPServer/bin/adminctl stop PrivateTmp=true LimitNOFILE=infinity [Install] WantedBy=multi-user.target   systemctl enable ihs.service systemctl start ihs […]

Centos 7 Installation

Posted Posted in tech

yum -y install binutils bind-utils compat-db.x86_64 compat-libstdc* compat-libstdc++-33.i686 compat-libstdc++-33.x86_64 elfutils-libelf elfutils-libelf-devel elfutils-libs.i686 elfutils-libs.x86_64 elfutils.x86_64 firefox ftp gcc gcc-c++ glibc-common glibc-devel glibc-headers glibc* gtk2-engines.x86_64 gtk2.i686 gtk2.x86_64 kernel-devel kernel-headers ksh ksh.x86_64 libaio libaio-devel libaioi libcanberra-gtk2.x86_64 libcyanberra-gtk2.i686 libgcc.i686 libgcc.x86_64 libgcc* libstdci libstdc++.i686 libstdc++.x86_64 libXft.i686 libXft.x86_64 libXmu.i686 libXmu.x86_64 libXp libXp.i686 libXp.x86_64 libXpi libXtst.i686 libXtst.x86_64 make mc mlocate net-tools ntp […]

postfix macos high sierra

Posted Posted in tech

sudo vim /etc/postfix/main.cf message_size_limit = 10485760 mailbox_size_limit = 0 biff = no smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated permit recipient_delimiter = + tls_random_source = dev:/dev/urandom #smtpd_tls_ciphers = medium myhostname = mail.hensler.net mydomain = hensler.net myorigin = $mydomain #inet_interfaces = $myhostname, localhost mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,mail.$mydomain mynetworks = 127.0.0.0/8 smtpd_banner = $myhostname smtpd_use_tls= yes smtp_use_tls = […]

dnsmasq macos high sierra

Posted Posted in tech

brew install dnsmasq   sudo vim /usr/local/etc/dnsmasq.conf bogus-priv local=/lan.hensler.net/ domain=lan.hensler.net expand-hosts listen-address=127.0.0.1 listen-address=10.0.29.150   sudo vim /etc/hosts ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost 10.0.29.60 hostname   /etc/resolv.conf domain lan.hensler.net […]

openldap macos High Sierra

Posted Posted in tech

sudo vim /etc/openldap/slapd.conf include /private/etc/openldap/schema/core.schema include /private/etc/openldap/schema/cosine.schema include /private/etc/openldap/schema/inetorgperson.schema pidfile /private/var/db/openldap/run/slapd.pid argsfile /private/var/db/openldap/run/slapd.args database bdb suffix “dc=hensler,dc=local” rootdn “cn=manager,dc=hensler,dc=local” rootpw {SSHA}DXreBCiCpU1sH728ubClNXpHblzw80Wo directory /private/var/db/openldap/openldap-data index objectClass eq cachesize 2000 sudo vim /etc/openldap/sample.ldif version: 1 dn: dc=hensler,dc=local objectClass: top objectClass: dcObject objectClass: organization dc: hensler o: Some Org description: A sample domain dn: ou=people,dc=hensler,dc=local objectClass: top objectClass: […]

chroot macos High Sierra

Posted Posted in tech

create standard user sftpusr allow ssh remote login for sftpusr sudo vim /etc/ssh/sshd_config # override default of no subsystems # Subsystem sftp /usr/libexec/sftp-server #Subsystem sftp internal-sftp -l VERBOSE -f LOCAL3 Subsystem sftp internal-sftp Match User sftpusr X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp ChrootDirectory /chroot/%u run command sudo mkdir /chroot sudo mkdir /chroot/bin sudo cp /bin/bash […]

wordpress macos High Sierra

Posted Posted in tech

sudo vim /etc/apache2/httpd.conf ServerName localhost:80 DocumentRoot “/Users/bhr/Sites” <Directory “/Users/bhr/Sites”> Options FollowSymLinks Multiviews MultiviewsMatch Any AllowOverride None Require all granted </Directory> LoadModule php7_module libexec/apache2/libphp7.so LoadModule perl_module libexec/apache2/mod_perl.so LoadModule userdir_module libexec/apache2/mod_userdir.so LoadModule include_module libexec/apache2/mod_include.so LoadModule rewrite_module libexec/apache2/mod_rewrite.so LoadModule vhost_alias_module libexec/apache2/mod_vhost_alias.so LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so LoadModule ssl_module libexec/apache2/mod_ssl.so Include /private/etc/apache2/extra/httpd-userdir.conf Include /private/etc/apache2/extra/httpd-vhosts.conf Include /private/etc/apache2/extra/httpd-ssl.conf sudo vim /private/etc/apache2/extra/httpd-userdir.conf Include /private/etc/apache2/users/*.conf […]

Ubuntu Installation

Posted Posted in tech

sudo ufw disable selinux not installed by default sudo vim /etc/network/interfaces auto enp0s25 iface enp0s25 inet static address 10.0.29.60 netmask 255.255.255.0 gateway 10.0.29.1 dns-nameservers 62.2.17.60 sudo passwd root sudo sed -i ‘s/#PermitRootLogin prohibit-password/PermitRootLogin yes/’ /etc/ssh/sshd_config sudo service ssh restart sudo vim /etc/security/limits.conf *    soft    nofile 65536 *    hard    nofile 65536 sudo vim /etc/environment LANG=en_US.utf-8 LC_ALL=en_US.utf-8

ffmpeg CentOS 7

Posted Posted in tech

https://gist.github.com/mustafaturan/7053900   To send videos with WhatsApp run ffmpeg with following codecs: ffmpeg –i “original–file.mp4” –vcodec libx264 –acodec aac “output–file.mp4”

IBM’s launchpad doesn’t start, Firefox version

Posted Posted in tech

Firefox starts with a chrome://*.xul URL, which is a reference to a Add-On extension in Mozilla-derivative browsers. Firefox as of version 43 blocks automated installation of unsigned extensions. IBM’s commonlaunchpad xpi extension (found in the extensions directory of the new Profile being used by launchpad.sh) is unsigned. To workaround this downgrade Firefox with a version […]

CentOS 7 postfix, dovecot mail server; forwarder

Posted Posted in tech

postfix https://www.server-world.info/en/note?os=CentOS_7&p=mail #virtual_alias_domains = hensler.net virtual_alias_maps = hash:/etc/postfix/virtual ADD forwarder addresses vi /etc/postfix/virtual postmap /etc/postfix/virtual service postfix restart dovecot https://www.server-world.info/en/note?os=CentOS_7&p=mail&f=2 DNS hensler.net. A xxx.xxx.xxx.xxx hensler.net. MX 10 mail.hensler.net mail.hensler.net. CNAME hensler.net wordpress.hensler.net. A xxx.xxx.xxx.xxx ROUTER 25,110,143,80,443 FIREWALL https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7 systemctl stop firewalld.service firewall-cmd –zone=public –permanent –add-service=http firewall-cmd –zone=public –permanent –add-service=https firewall-cmd –add-service=smtp –permanent firewall-cmd –add-port={110/tcp,143/tcp} –permanent […]

mount nfs volumes (OSXFUSE) at startup using launchAgent

Posted 1 CommentPosted in tech

sudo vim /Users/bhr/Library/LaunchAgents/com.mmac.useragent.plist <?xml version=”1.0″ encoding=”UTF-8″?> <!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”> <plist version=”1.0″> <dict>         <key>KeepAlive</key>         <true/>         <key>Label</key>         <string>com.mmac.useragent</string>         <key>Program</key>         <string>/Users/bhr/startUp/bindfs.sh</string>         <key>RunAtLoad</key>         <true/>         <key>StandardErrorPath</key>         <string>/tmp/com.mmac.startup.stderr</string>         <key>StandardOutPath</key>         <string>/tmp/com.mmac.startup.stdout</string> </dict> </plist> sudo vim /Users/bhr/startUp/bindfs.sh #!/bin/bash sudo /usr/local/bin/bindfs -r -g SFTPGroup /Volumes/DATACUBE/Media/Movies/ /chroot/sftp/movies sudo /usr/local/bin/bindfs […]

vmrun

Posted Posted in tech

vim .bash_profile export PATH=$PATH:/Applications/VMware\ Fusion.app/Contents/Library/ POWER COMMANDS           PARAMETERS           DESCRIPTION ————–           ———-           ———– start                    Path to vmx file     Start a VM or Team                          [gui|nogui] stop                     Path to vmx file     Stop a VM or Team                          [hard|soft] reset                    Path to vmx file     Reset a VM or Team                          [hard|soft] suspend                  Path to vmx file     Suspend a […]

Samba Server Installation Centos 7

Posted Posted in tech

https://www.howtoforge.com/samba-server-installation-and-configuration-on-centos-7 yum install samba samba-client samba-common vi /etc/samba/smb.conf [global]         workgroup = WORKGROUP         server string = CNX5 Samba Server %v         netbios name = CNX5         security = user         map to guest = bad user         dns proxy = no [IBM]         path = /opt/IBM         valid users = root         browsable =yes […]

Autostart IBM HTTP Server

Posted Posted in tech

vi /etc/init.d/ihs #!/bin/bash # SERVICENAME should match this filename SERVICENAME=$(basename $0) LOCKFILE=”/var/lock/subsys/${SERVICENAME}” APACHECTL=/opt/IBM/HTTPServer/bin/apachectl # The next lines are for chkconfig on RedHat systems. # chkconfig: 2345 98 02 # description: Starts and stops IHS # The next lines are for chkconfig on SuSE systems. ### BEGIN INIT INFO # Provides: IHS_61.1 # Required-Start: $network $syslog […]

Autostart WebSphere Servers

Posted Posted in tech

Deployment Manager cd /opt/IBM/WebSphere/AppServer/bin/ ./wasservice.sh -add dmgr -serverName dmgr -profilePath /opt/IBM/WebSphere/AppServer/profiles/Dmgr01 service dmgr_was.init stop service dmgr_was.init start service dmgr_was.init status NodeAgent ./wasservice.sh -add node01 -serverName nodeagent -profilePath /opt/IBM/WebSphere/AppServer/profiles/AppSrv01 service node01_was.init stop service node01_was.init start service node01_was.init status #To have the node agent automatically start the Appserver JVM, set the Monitoring Policy of each JVM to […]

IBM Docs

Posted Posted in tech

http://www-01.ibm.com/support/docview.wss?uid=swg24039355 http://www-01.ibm.com/support/knowledgecenter/SSFHJY/welcome IBM Connections cnx5.sites IBM Connections 5 CR3 (CentOS 7) Conversion, Docs, Viewer cnxDocs.sites IBM Connections Docs 1.0.7 (Windows 2008 R2) create LCUSER db2set DB2CODEPAGE=1208 db2stop force db2start create database (cnx5.sites) createDb.bat updateDBSchema.bat db2 -td@ -vf appGrants.sql install Python disable Netbios disable TCPIP Netbios Helper FNCMIS If you want Docs to work with CCM libraries, […]

IBM Connections 5 Centos 7

Posted Posted in tech

Installation Manager 64bit yum install gtk2 yum install libXtst Download IBM Connections 5 http://www-01.ibm.com/support/docview.wss?uid=swg24037654   CCM CLFRP0038E: IBM Connections Content Manager failed to be configured on WebSphere Application Server. Error Step : Step “action-config-fncs-ccm” >> install ksh (korn shell) IHS grouped ihsgrp useradd -g ihsgrp -s/bin/bash -d /home/ihsadmin -m ihsadmin setupadm -create -usr ihsadmin -grp […]

IBM Domino 9 Centos 7

Posted Posted in tech

DOMINO 9.0.1 yum install glibc-2.*.i686 libgcc-4*.i686 libXtst-1.*.i686 libXmu-1.*.i686 libXp-1.*.i686 libXft-2.*.i686 libXi-1.*.i686 libstdc++-4.*.i686 groupadd notes useradd -g notes -s/bin/bash -d /home/notes -m notes passwd notes vim /etc/security/limits.conf *    soft    nofile 65536 *    hard    nofile 65536 /opt/ibm/domino/bin/server -listen #rc_domino Copy rc_domino_script into /opt/ibm/domino Copy rc_domino into /etc/init.d, check variable DOMINO_START_SCRIPT Copy domino.service into /etc/systemd/system chmod 755 rc_domino_script […]

Netatalk (Open Source AFP implementation) Centos 7

Posted Posted in tech

Install yum -y install netatalk avahi dbus nss-mdns chkconfig netatalk on chkconfig messagebus on chkconfig avahi-daemon on adduser afp passwd afp vi /etc/netatalk/afpd.conf “hostname” -tcp -noddp -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword vi /etc/netatalk/AppleVolumes.default :DEFAULT: “HTTPD” allowed_hosts:10.0.29.0/24 allow:afp rwlist:afp options:upriv,usedots dperm:0770 fperm:0660 ~ “HOME” /var/www/html/ “HTML” vi /etc/nsswitch.conf hosts:      files mdns4_minimal dns mdns mdns4 vi /etc/avahi/services/afpd.service […]

iTunes library on external drive; iCloud Music; sharing across multiple devices

Posted Posted in tech

iTunes “master library” (bhr’s library) create new library with default values on local disk add Music to your iTunes library enable iCloud Music Library in preferences, wait for sync to complete recreate new library = (1) enable iCloud Music library change iTunes media folder location to external drive add movies, apps, videos etc. enable sharing […]