AWS Lightsail: Ubuntu 16: spf, dkim, dmarc

Posted Leave a commentPosted in tech

https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf DNS Entries hensler.net TXT “v=spf1 ip4:3.225.201.202 ~all” default._domainkey.hensler.net. TXT “v=DKIM1;k=rsa;” “part I” “part II” _dmarc TXT v=DMARC1; p=none; pct=100; rua=mailto:dmarc-reports@hensler.net DNS Type SPF use has been removed in the standards track version of SPF, RFC 7208. Your DNS Type SPF record should be republished as Type TXT instead. dig hensler.net txt http://spf.myisp.ch/ https://www.kitterman.com/spf/validate.html? spf […]

AWS Lightsail: Ubuntu 16: lets encrypt, certbot, cron

Posted 1 CommentPosted in tech

https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx request wildcard certificate sudo certbot –server https://acme-v02.api.letsencrypt.org/directory -d *.hensler.net –manual –preferred-challenges dns-01 certonly sudo certbot certonly –manual -d ‘*.hensler.net’ –dry-run sudo certbot certonly –manual -d ‘*.hensler.net’ >> update .txt for _acme-challenge.hensler.net in route53 sudo service nginx restart sudo certbot certificates Saving debug log to /var/log/letsencrypt/letsencrypt.log – – – – – – – – – […]

AWS Lightsail: Ubuntu 16: Postfix & Dovecot

Posted 1 CommentPosted in tech

Ubuntu Postfix Dovecot SMTP Banner Ubuntu Open lightsail ports SSH TCP 22 Custom TCP 25 HTTP TCP 80 Custom TCP 110 Custom TCP 143 HTTPS TCP 443 Custom TCP 993 Custom TCP 995 sudo netstat -lnpt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:3306 […]

from monolithic to serverless applications

Posted Leave a commentPosted in tech

#1: Migrating a monolithic application (daytrader) on top of a WebSphere Liberty application server form traditional deployment to cloud services using AWS. This involves multiple steps, starting with containerizing the application, converting the database (Derby to Postgres) and finally migrating images into Amazon’s cloud to make use of the Elastic Cloud services (EC*) and High […]

exclude tag from tag cloud

Posted Posted in tech

add_filter( ‘widget_tag_cloud_args’, ‘jmw_exclude_tag_from_tag_cloud’); function jmw_exclude_tag_from_tag_cloud( $args ) { $args[ ‘exclude’ ] = ’45’; // ID of the tag. If multiple tags use comma delimited sting ‘2,5,36’ return $args; }

OAuth/OIDC with ISAM

Posted Leave a commentPosted in tech

Design and implement OAuth/OIDC authentication process for mobile clients (native/html) using ISAM (IBM Security Access Manager) and authorisation code grant type. Integrate custom “Message Provider Gateway” (MSG) in authentication process (verification of access token) using OIDC JWKS (JSON Web Key Set) and /userinfo endpoints. Products used: IBM Security Access Manager

WebSphere SP initiated SSO

Posted Leave a commentPosted in tech

By default, the WebSphere Application Server SAML Trust Association Interceptor (TAI) supports IdP-initiated SSO only. When custom code is in place, the SAML TAI can be configured to support SP-initiated SSO. Writing a custom java class the authentication process will be intercepted and handled by the SP – a SAML mutual trust relationship between the […]

IBM Security Directory Integrator (SDI) & its countless possibilities

Posted Leave a commentPosted in tech

User account synchronization between internal LDAP and directories of a foreign application domain (e.g. Cloud application), using SCIM (System for Cross-domain Identity Management), alternatively parsers (LDIF, JSON, XML, others) or synchronization with a cloud database. Products used: IBM Security Directory Integrator (SDI), IBM Secure Directory Server (SDS), Amazon Web Services (AWS) DynamoDB, Red Hat.

IBM Cloud Identity & IBM Connections Cloud

Posted Leave a commentPosted in tech

The intention of this project was to provide a consistent Single-Sign-On (SSO) between an on-premise ISAM (IBM Security Access Manager) and IBM’s Cloud Identity (CI) using SAML by utilising local user accounts for authentication. MMFA (Mobile Multi Factor Authentication) with QR Code and TOTP (Timely One Time Password) was added to provide a 2-factor authentication […]

openvpn

Posted Posted in tech

yum -y install epel-release yum -y install NetworkManager-openvpncd /usr/sbin/openvpn automatic login:create ovpn.username.txt with:usernamepassword vi /etc/openvpn/tta.confauth-user-pass ovpn.username.txt cp ovpn.username.txt /etc/openvpn/cp tta.conf /etc/openvpn/ ./openvpn –config /etc/openvpn/tta.conf –auth-user-pass /etc/openvpn/ovpn.username.txt autostart openvpnsystemctl enable openvpn@ttasystemctl status openvpn@tta.conf.service

IBM HTTP Server httpd.conf

Posted Posted in tech

ServerName was.hensler.net:80 LoadModule rewrite_module modules/mod_rewrite.so RewriteEngine On RewriteRule ^\/$ https://%{SERVER_NAME}/ [NE,L,R] LoadModule ibm_ssl_module modules/mod_ibm_ssl.so Keyfile /opt/IBM/HTTPServer/ssl/key.kdb SSLStashfile /opt/IBM/HTTPServer/ssl/key.sth <IfModule mod_ibm_ssl.c> Listen 0.0.0.0:443 <VirtualHost *:443> ServerName was.hensler.net:443 SSLEnable SSLClientAuth none SSLCompression off SSLProtocolDisable SSLv2 SSLv3 SSLProtocolEnable TLSv1 TLSv11 TLSv12 SSLCipherSpec TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 SSLCipherSpec TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 SSLCipherSpec TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 SSLCipherSpec TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 SSLCipherSpec TLS_RSA_WITH_AES_256_CBC_SHA SSLCipherSpec TLS_RSA_WITH_AES_128_CBC_SHA SSLCipherSpec SSL_RSA_WITH_3DES_EDE_CBC_SHA SSLCipherSpec SSL_RSA_WITH_3DES_EDE_CBC_SHA # […]

Autostart opendj CentOS

Posted Posted in tech

https://backstage.forgerock.com/knowledge/kb/book/b73824898#a56766667 cd /etc/systemd/system vim opendj.service [Unit] Description=opendj LDAP Server After=network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/opt/opendj/logs/server.pid ExecStart=/opt/opendj/bin/start-ds –quiet ExecStop=/opt/opendj/bin/stop-ds –quiet PrivateTmp=true LimitNOFILE=infinity [Install] WantedBy=multi-user.target systemctl enable opendj.service systemctl start opendj.service systemctl stop opendj.service

Autostart IBM HTTP Server CentOS

Posted Posted in tech

http://publib.boulder.ibm.com/httpserv/ihsdiag/startstop_questions.html#how-do-i-start-ihs-during-the-linux-boot-process cd /etc/systemd/system vim ihs.service [Unit] Description=IBM HTTP Server After=network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/opt/IBM/HTTPServer/logs/httpd.pid ExecStart=/opt/IBM/HTTPServer/bin/apachectl start -d /opt/IBM/HTTPServer ExecStop=/opt/IBM/HTTPServer/bin/apachectl graceful-stop ExecReload=/opt/IBM/HTTPServer/bin/apachectl graceful PrivateTmp=true LimitNOFILE=infinity [Install] WantedBy=multi-user.target vim ihsadmin.service [Unit] Description=IBM HTTP Administration Server After=network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/opt/IBM/HTTPServer/logs/admin.pid ExecStart=/opt/IBM/HTTPServer/bin/adminctl start ExecStop=/opt/IBM/HTTPServer/bin/adminctl stop PrivateTmp=true LimitNOFILE=infinity [Install] WantedBy=multi-user.target   systemctl enable ihs.service systemctl start ihs […]

Centos 7 Installation

Posted Posted in tech

yum -y install binutils bind-utils compat-db.x86_64 compat-libstdc* compat-libstdc++-33.i686 compat-libstdc++-33.x86_64 elfutils-libelf elfutils-libelf-devel elfutils-libs.i686 elfutils-libs.x86_64 elfutils.x86_64 firefox ftp gcc gcc-c++ glibc-common glibc-devel glibc-headers glibc* gtk2-engines.x86_64 gtk2.i686 gtk2.x86_64 kernel-devel kernel-headers ksh ksh.x86_64 libaio libaio-devel libaioi libcanberra-gtk2.x86_64 libcyanberra-gtk2.i686 libgcc.i686 libgcc.x86_64 libgcc* libstdci libstdc++.i686 libstdc++.x86_64 libXft.i686 libXft.x86_64 libXmu.i686 libXmu.x86_64 libXp libXp.i686 libXp.x86_64 libXpi libXtst.i686 libXtst.x86_64 make mc mlocate net-tools ntp […]

postfix macos high sierra

Posted Posted in tech

sudo vim /etc/postfix/main.cf message_size_limit = 10485760 mailbox_size_limit = 0 biff = no smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated permit recipient_delimiter = + tls_random_source = dev:/dev/urandom #smtpd_tls_ciphers = medium myhostname = mail.hensler.net mydomain = hensler.net myorigin = $mydomain #inet_interfaces = $myhostname, localhost mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,mail.$mydomain mynetworks = 127.0.0.0/8 smtpd_banner = $myhostname smtpd_use_tls= yes smtp_use_tls = […]

dnsmasq macos high sierra

Posted Posted in tech

brew install dnsmasq   sudo vim /usr/local/etc/dnsmasq.conf bogus-priv local=/lan.hensler.net/ domain=lan.hensler.net expand-hosts listen-address=127.0.0.1 listen-address=10.0.29.150   sudo vim /etc/hosts ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost 10.0.29.60 hostname   /etc/resolv.conf domain lan.hensler.net […]

openldap macos High Sierra

Posted Posted in tech

sudo vim /etc/openldap/slapd.conf include /private/etc/openldap/schema/core.schema include /private/etc/openldap/schema/cosine.schema include /private/etc/openldap/schema/inetorgperson.schema pidfile /private/var/db/openldap/run/slapd.pid argsfile /private/var/db/openldap/run/slapd.args database bdb suffix “dc=hensler,dc=local” rootdn “cn=manager,dc=hensler,dc=local” rootpw {SSHA}DXreBCiCpU1sH728ubClNXpHblzw80Wo directory /private/var/db/openldap/openldap-data index objectClass eq cachesize 2000 sudo vim /etc/openldap/sample.ldif version: 1 dn: dc=hensler,dc=local objectClass: top objectClass: dcObject objectClass: organization dc: hensler o: Some Org description: A sample domain dn: ou=people,dc=hensler,dc=local objectClass: top objectClass: […]

chroot macos High Sierra

Posted Posted in tech

create standard user sftpusr allow ssh remote login for sftpusr sudo vim /etc/ssh/sshd_config # override default of no subsystems # Subsystem sftp /usr/libexec/sftp-server #Subsystem sftp internal-sftp -l VERBOSE -f LOCAL3 Subsystem sftp internal-sftp Match User sftpusr X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp ChrootDirectory /chroot/%u run command sudo mkdir /chroot sudo mkdir /chroot/bin sudo cp /bin/bash […]

wordpress macos High Sierra

Posted Posted in tech

sudo vim /etc/apache2/httpd.conf ServerName localhost:80 DocumentRoot “/Users/bhr/Sites” <Directory “/Users/bhr/Sites”> Options FollowSymLinks Multiviews MultiviewsMatch Any AllowOverride None Require all granted </Directory> LoadModule php7_module libexec/apache2/libphp7.so LoadModule perl_module libexec/apache2/mod_perl.so LoadModule userdir_module libexec/apache2/mod_userdir.so LoadModule include_module libexec/apache2/mod_include.so LoadModule rewrite_module libexec/apache2/mod_rewrite.so LoadModule vhost_alias_module libexec/apache2/mod_vhost_alias.so LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so LoadModule ssl_module libexec/apache2/mod_ssl.so Include /private/etc/apache2/extra/httpd-userdir.conf Include /private/etc/apache2/extra/httpd-vhosts.conf Include /private/etc/apache2/extra/httpd-ssl.conf sudo vim /private/etc/apache2/extra/httpd-userdir.conf Include /private/etc/apache2/users/*.conf […]

Ubuntu Installation

Posted Posted in tech

sudo ufw disable selinux not installed by default sudo vim /etc/network/interfaces auto enp0s25 iface enp0s25 inet static address 10.0.29.60 netmask 255.255.255.0 gateway 10.0.29.1 dns-nameservers 62.2.17.60 sudo passwd root sudo sed -i ‘s/#PermitRootLogin prohibit-password/PermitRootLogin yes/’ /etc/ssh/sshd_config sudo service ssh restart sudo vim /etc/security/limits.conf *    soft    nofile 65536 *    hard    nofile 65536 sudo vim /etc/environment LANG=en_US.utf-8 LC_ALL=en_US.utf-8

ffmpeg CentOS 7

Posted Posted in tech

https://gist.github.com/mustafaturan/7053900   To send videos with WhatsApp run ffmpeg with following codecs: ffmpeg –i “original–file.mp4” –vcodec libx264 –acodec aac “output–file.mp4”

IBM’s launchpad doesn’t start, Firefox version

Posted Posted in tech

Firefox starts with a chrome://*.xul URL, which is a reference to a Add-On extension in Mozilla-derivative browsers. Firefox as of version 43 blocks automated installation of unsigned extensions. IBM’s commonlaunchpad xpi extension (found in the extensions directory of the new Profile being used by launchpad.sh) is unsigned. To workaround this downgrade Firefox with a version […]

CentOS 7 postfix, dovecot mail server; forwarder

Posted Posted in tech

postfix https://www.server-world.info/en/note?os=CentOS_7&p=mail #virtual_alias_domains = hensler.net virtual_alias_maps = hash:/etc/postfix/virtual ADD forwarder addresses vi /etc/postfix/virtual postmap /etc/postfix/virtual service postfix restart dovecot https://www.server-world.info/en/note?os=CentOS_7&p=mail&f=2 DNS hensler.net. A xxx.xxx.xxx.xxx hensler.net. MX 10 mail.hensler.net mail.hensler.net. CNAME hensler.net wordpress.hensler.net. A xxx.xxx.xxx.xxx ROUTER 25,110,143,80,443 FIREWALL https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7 systemctl stop firewalld.service firewall-cmd –zone=public –permanent –add-service=http firewall-cmd –zone=public –permanent –add-service=https firewall-cmd –add-service=smtp –permanent firewall-cmd –add-port={110/tcp,143/tcp} –permanent […]

mount nfs volumes (OSXFUSE) at startup using launchAgent

Posted 1 CommentPosted in tech

sudo vim /Users/bhr/Library/LaunchAgents/com.mmac.useragent.plist <?xml version=”1.0″ encoding=”UTF-8″?> <!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”> <plist version=”1.0″> <dict>         <key>KeepAlive</key>         <true/>         <key>Label</key>         <string>com.mmac.useragent</string>         <key>Program</key>         <string>/Users/bhr/startUp/bindfs.sh</string>         <key>RunAtLoad</key>         <true/>         <key>StandardErrorPath</key>         <string>/tmp/com.mmac.startup.stderr</string>         <key>StandardOutPath</key>         <string>/tmp/com.mmac.startup.stdout</string> </dict> </plist> sudo vim /Users/bhr/startUp/bindfs.sh #!/bin/bash sudo /usr/local/bin/bindfs -r -g SFTPGroup /Volumes/DATACUBE/Media/Movies/ /chroot/sftp/movies sudo /usr/local/bin/bindfs […]

vmrun

Posted Posted in tech

vim .bash_profile export PATH=$PATH:/Applications/VMware\ Fusion.app/Contents/Library/ POWER COMMANDS           PARAMETERS           DESCRIPTION ————–           ———-           ———– start                    Path to vmx file     Start a VM or Team                          [gui|nogui] stop                     Path to vmx file     Stop a VM or Team                          [hard|soft] reset                    Path to vmx file     Reset a VM or Team                          [hard|soft] suspend                  Path to vmx file     Suspend a […]

Samba Server Installation Centos 7

Posted Posted in tech

https://www.howtoforge.com/samba-server-installation-and-configuration-on-centos-7 yum install samba samba-client samba-common vi /etc/samba/smb.conf [global]         workgroup = WORKGROUP         server string = CNX5 Samba Server %v         netbios name = CNX5         security = user         map to guest = bad user         dns proxy = no [IBM]         path = /opt/IBM         valid users = root         browsable =yes […]

Autostart IBM HTTP Server

Posted Posted in tech

vi /etc/init.d/ihs #!/bin/bash # SERVICENAME should match this filename SERVICENAME=$(basename $0) LOCKFILE=”/var/lock/subsys/${SERVICENAME}” APACHECTL=/opt/IBM/HTTPServer/bin/apachectl # The next lines are for chkconfig on RedHat systems. # chkconfig: 2345 98 02 # description: Starts and stops IHS # The next lines are for chkconfig on SuSE systems. ### BEGIN INIT INFO # Provides: IHS_61.1 # Required-Start: $network $syslog […]

Autostart WebSphere Servers

Posted Posted in tech

Deployment Manager cd /opt/IBM/WebSphere/AppServer/bin/ ./wasservice.sh -add dmgr -serverName dmgr -profilePath /opt/IBM/WebSphere/AppServer/profiles/Dmgr01 service dmgr_was.init stop service dmgr_was.init start service dmgr_was.init status NodeAgent ./wasservice.sh -add node01 -serverName nodeagent -profilePath /opt/IBM/WebSphere/AppServer/profiles/AppSrv01 service node01_was.init stop service node01_was.init start service node01_was.init status #To have the node agent automatically start the Appserver JVM, set the Monitoring Policy of each JVM to […]

IBM Docs

Posted Posted in tech

http://www-01.ibm.com/support/docview.wss?uid=swg24039355 http://www-01.ibm.com/support/knowledgecenter/SSFHJY/welcome IBM Connections cnx5.sites IBM Connections 5 CR3 (CentOS 7) Conversion, Docs, Viewer cnxDocs.sites IBM Connections Docs 1.0.7 (Windows 2008 R2) create LCUSER db2set DB2CODEPAGE=1208 db2stop force db2start create database (cnx5.sites) createDb.bat updateDBSchema.bat db2 -td@ -vf appGrants.sql install Python disable Netbios disable TCPIP Netbios Helper FNCMIS If you want Docs to work with CCM libraries, […]

IBM Connections 5 Centos 7

Posted Posted in tech

Installation Manager 64bit yum install gtk2 yum install libXtst Download IBM Connections 5 http://www-01.ibm.com/support/docview.wss?uid=swg24037654   CCM CLFRP0038E: IBM Connections Content Manager failed to be configured on WebSphere Application Server. Error Step : Step “action-config-fncs-ccm” >> install ksh (korn shell) IHS grouped ihsgrp useradd -g ihsgrp -s/bin/bash -d /home/ihsadmin -m ihsadmin setupadm -create -usr ihsadmin -grp […]

IBM Domino 9 Centos 7

Posted Posted in tech

DOMINO 9.0.1 yum install glibc-2.*.i686 libgcc-4*.i686 libXtst-1.*.i686 libXmu-1.*.i686 libXp-1.*.i686 libXft-2.*.i686 libXi-1.*.i686 libstdc++-4.*.i686 groupadd notes useradd -g notes -s/bin/bash -d /home/notes -m notes passwd notes vim /etc/security/limits.conf *    soft    nofile 65536 *    hard    nofile 65536 /opt/ibm/domino/bin/server -listen #rc_domino Copy rc_domino_script into /opt/ibm/domino Copy rc_domino into /etc/init.d, check variable DOMINO_START_SCRIPT Copy domino.service into /etc/systemd/system chmod 755 rc_domino_script […]

Netatalk (Open Source AFP implementation) Centos 7

Posted Posted in tech

Install yum -y install netatalk avahi dbus nss-mdns chkconfig netatalk on chkconfig messagebus on chkconfig avahi-daemon on adduser afp passwd afp vi /etc/netatalk/afpd.conf “hostname” -tcp -noddp -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword vi /etc/netatalk/AppleVolumes.default :DEFAULT: “HTTPD” allowed_hosts:10.0.29.0/24 allow:afp rwlist:afp options:upriv,usedots dperm:0770 fperm:0660 ~ “HOME” /var/www/html/ “HTML” vi /etc/nsswitch.conf hosts:      files mdns4_minimal dns mdns mdns4 vi /etc/avahi/services/afpd.service […]

iTunes library on external drive; iCloud Music; sharing across multiple devices

Posted Posted in tech

iTunes “master library” (bhr’s library) create new library with default values on local disk add Music to your iTunes library enable iCloud Music Library in preferences, wait for sync to complete recreate new library = (1) enable iCloud Music library change iTunes media folder location to external drive add movies, apps, videos etc. enable sharing […]

add mime-type to WordPress

Posted Posted in tech

WP Add Mime Types functions.php add_filter(‘upload_mimes’,’add_custom_mime_types’); function add_custom_mime_types($mimes){ return array_merge($mimes,array ( ‘ac3’ => ‘audio/ac3’, ‘mpa’ => ‘audio/MPA’, ‘flv’ => ‘video/x-flv’, ‘svg’ => ‘image/svg+xml’ )); }

WordPress Setup

Posted Posted in tech

WordPress Installation SEP 2016 CentOS 7 epel-release httpd mysqld php 7 phpmyadmin addtl. modules php70w-mysql, php70w-gd PHP7: http://idroot.net/tutorials/how-to-install-php-7-on-centos-7/ WordPress: https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-on-centos-7 OS cat /etc/redhat-release CentOS release 6.6 (Final) vi /etc/sysconfig/network NETWORKING=yes HOSTNAME=wordpress.sites vi /etc/selinux/config disable service iptables save service iptables stop chkconfig iptables off vi /etc/sysctl.conf net.ipv6.conf.all.disable_ipv6 = 1 yum install mc wget unzip xclock xauth […]

L2TP VPN Server on Mac OS X Yosemite

Posted Posted in tech

create configuration file man 5 vpnd | col -b > /Users/bhr/com.apple.RemoteAccessServers.plist copy configuration file sudo cp /Users/bhr/com.apple.RemoteAccessServers.plist /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist sudo chmod 644 /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist sudo chown root:wheel /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist edit configuration file sudo vi /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist <key>com.apple.ppp.l2tp</key> <dict> <key>DNS</key> <dict> <key>OfferedSearchDomains</key> <array> <string></string> </array> <key>OfferedServerAddresses</key> <array> <string>xxx.xxx.xxx.xxx</string> <string>xxx.xxx.xxx.xxx</string> </array> </dict> <key>IPSec</key> <dict> <key>AuthenticationMethod</key> <string>SharedSecret</string> <key>IdentifierVerification</key> <string>None</string> <key>LocalCertificate</key> <data> </data> <key>LocalIdentifier</key> […]

format SD card using diskutil

Posted Posted in tech

diskutil list /dev/disk0    #:                       TYPE NAME                    SIZE       IDENTIFIER    0:      GUID_partition_scheme                        *251.0 GB   disk0    1:                        EFI EFI                     209.7 MB   disk0s1    2:                  Apple_HFS imac HD                 250.1 GB   disk0s2    3:                 Apple_Boot Recovery HD             650.0 MB   disk0s3 /dev/disk2    #:                       TYPE NAME                    SIZE       IDENTIFIER    0:      GUID_partition_scheme                        *15.9 GB    disk2    1:                        EFI EFI                     […]

vi commands

Posted Posted in tech

Undo Command u undo the last command. Screen Commands CTL/l Reprints current screen. CTL/L Exposes one more line at top of screen. CTL/E Exposes one more line at bottom of screen. CTL/F Pages forward one screen. CTL/B Pages back one screen. CTL/D Pages down half screen. CTL/U Pages up half screen. Cursor Positioning Commands j […]

unix commands

Posted Posted in tech

*SEARCH find / -name *searchText* find . | xargs grep ‘zip’ *XSERVER in cygwin (startxwin.bat): xhost (SERVER IP ADDR) of XServer (AIX, Linux ..) *PS ps -ef | grep a* *X11 in Telnet session (PUTTY) of XServer: export DISPLAY=(CLIENT IP ADDR):0.0 in SSH session MAC OS X: xQuartz starten ssh -X root@xxx.xxx.xxx.xxx //xclock sollte ohne […]

Synology : enable ssh user login other than root

Posted Posted in tech

Synology Forum SSH can either be enabled using the latest firmware and a patch, or using the recent beta firmware which allows you enable and disable SSH from the web-based management interface. However, I was a little concerned about the default settings of SSHD, especially if one were to SSH over the internet and not […]

How to enable NFS on the Synology Server

Posted Posted in tech

obsolete with Firmware version: DSM 2.0-722 This is a guide on how to enable the NFS capabilities of the Synology product. This procedure is aimed for users who are experienced with Telnet and the Linux Operating System. Please note that improper manipulation or modification of the Synology server may result in machine malfunction or loss […]

Synology : openldap

Posted Posted in tech

Setup of your CS407 ssh login to your CS407 ipkg -force-depends install openldap (provided you have configured optware for your CS407) — link — cd /opt/etc/openldap/ and edit slapd.conf and add the following lines (take a look at the README to define which schema files are appropriate for your environment) – below listed schema files […]

Synology : DNS Services (bind)

Posted Posted in tech

Setup of your CS407   ssh login to your CS407     ipkg -force-depends install bind (provided you have configured optware for your CS407) — link —     I pretty much followed the instructions for setting up and configuring a primary DNS server, so nothing to add from my side     reverse DNS […]

how to generate and analyze a WebSphere heapdump

Posted Posted in tech

./was_profile/bin/wsadmin.sh -conntype SOAP -host wcl.private.lan -port 10033 -user wasadmin -password passw0rd WASX7209I: Connected to process “WebSphere_Portal” on node wcl using SOAP connector; the type of process is: unManagedProcess; WASX7029I: For help, enter: “$Help help” wsadmin> set jvm [$AdminControl completeObjectName type=JVM,process=WebSphere_Portal,*] WebSphere:name=JVM,process=WebSphere_Portal,platform=dynamicproxy,node=wcl,j2eeType=JVM,J2EEServer=WebSphere_Portal,version=6.0.2.17,type=JVM,mbeanIdentifier=JVM,cell=wcl wsadmin>$AdminControl invoke $jvm generateHeapDump   wsadmin>$AdminControl invoke $jvm dumpThreads IBM’s support assistant (ISA) is […]

steps to visualize HTTP server logging – part I

Posted Posted in tech

apache check Apache server version by creating a simple e.g. serverinfo.php file with following statement: <?php phpinfo(); ?> and open in your browser: http://your host/serverinfo.php. Find the version info in the Apache Version section: Apache Version – Apache/2.0.53 (Linux/SUSE) or run from the command line: /usr/sbin # apache2ctl -v Server version: Apache/2.0.53 Server built: Aug […]

steps to visualize HTTP server logging – part II

Posted Posted in tech

gnuplot 2d edit /etc/apache2/mod_log_config.conf and add a new logformat (plots) – (“mod_log_config.conf” is referenced by “httpd.conf”) LogFormat “%h %l %u %t “%r” %>s b  “{Referer}i” “%{User-Agent}i”” combined LogFormat “%h %{%d.%m.%Y:%H:%M:%S}t %D %U” plots The characteristics of the “%” directives are: …h Remote host…{format}t time & date …D time taken to serve the request, in microseconds.…U […]

Tschüss Java

Posted Posted in tech

Ein weiterer Artikel, der das Dilemma Java auf den Punkt bringt: http://www.nzz.ch/nachrichten/digital/tschuess_java_1.7260496.html Stefan Betschon ⋅ Java ist der Name einer indonesischen Insel und einer unter kalifornischen Programmierern beliebten Kaffeesorte. Java ist eine Programmiersprache und eine Software, die so tut, als sei sie eine Hardware, dafür gemacht, mit Java geschriebene Programme abzuarbeiten. Java ist eine der derzeit populärsten […]

Synology : Performance Test : CS407 vs DS710+

Posted Posted in tech

Due to a needed performance increase I bought a DS710+ and compared performance between the 2 (CS407 vs DS710+). Harddisk and RAID configuration: CS407: RAID 5 with 3 Western Digital WD5000AAKS 500GB DS710: Synology Hybrid RAID (SHR) with 2 Western Digital WD2002FYPS 2TB For both Synology NAS DSM version 3 .0-1354 was in use – […]

WebSphere: Startup behavior of an application

Posted Posted in tech

Startup behavior of an application: When you need to disable the auto-start option of an application go to “Enterprise Applications > Name of Application > Target specific application status”, select Application Server and click “Disable Auto Start”. To adjust the startup order go to “Enterprise Applications > Name of Application > Startup behavior” and adjust […]

Hyper-V within a VMware Fusion v5

Posted Posted in tech

When installing Microsoft Hyper-V within a VMware Workstation you cannot create virtual machines and the following error messages are shown in the event log. ‘Virtual Machine Bus’ driver required by the Virtual Machine Management service is not installed or is disabled. Check your settings or try reinstalling the Hyper-V role. ‘Virtualization Infrastructure’ driver required by […]

SPS 2013, SQL 2008 R2, FIM 2010 R2

Posted Posted in tech

Working with IBM products for years I thought let’s give Microsoft products a glimpse. The idea is to build a publicly facing, collaboration solution with content managed in an authoring system, workflows for publishing and users being able to self register.

FIM : Installation

Posted Posted in tech

PREPARATION ADDC : USERS PRIVATEFIMService PRIVATEFIMMA PRIVATEFIMSPContent ADDC : SSL Three Web Server SSL certificates are needed: CN=fimservice.private.lan CN=fimportal.private.lan CN=fimspca.private.lan

IBM DB2 install, uninstall, update

Posted Posted in tech

INSTALL ./db2prereqcheck -v 10.1.0.0 yum -y install libstdc++ yum -y install libstdc++.i686 yum -y install dapl yum -y install sg3_utils yum -y install sg_persist yum -y install gnome-session yum -y install xterm yum -y install xhost yum -y install tigervnc-server yum -y install ksh yum -y install pam-devel.i686 yum install libstdc++.so.5 yum install gtk2.i686 yum […]

IBM Notes > Google Calendar Synchronisation > Apple Calendar

Posted Posted in tech

While using Google for private mail and calendaring, it is IBM Notes (9.0.1 FP3) for business. Calendar synchrnisation has always been a nightmare, so after some time spent on the different “solutions” out there I decided for : http://sourceforge.net/projects/lngooglecalsync/ with these main Features : Upload of Lotus Notes calendar entries to Google Calendar Schedule automatic […]

launching Notes in Mac OSX : Incoming Network Connections prompt

Posted Posted in tech

Create new certificate   sign eclipse binary sudo codesign -f -s ‘IBM Notes 9’ /Applications/IBM\ Notes.app/Contents/MacOS/rcp/eclipse/plugins/com.ibm.rcp.base_9.0.1.20131002-1404/macosx/x86/eclipse   verify eclipse binary sudo codesign -vvv /Applications/IBM\ Notes.app/Contents/MacOS/rcp/eclipse/plugins/com.ibm.rcp.base_9.0.1.20131002-1404/macosx/x86/eclipse /Applications/IBM Notes.app/Contents/MacOS/rcp/eclipse/plugins/com.ibm.rcp.base_9.0.1.20131002-1404/macosx/x86/eclipse: valid on disk /Applications/IBM Notes.app/Contents/MacOS/rcp/eclipse/plugins/com.ibm.rcp.base_9.0.1.20131002-1404/macosx/x86/eclipse: satisfies its Designated Requirement   http://www-01.ibm.com/support/docview.wss?uid=swg21686629

sftp only : chroot

Posted Posted in tech

Linux & Mac sshd sudo vi /etc/sshd_config #Subsystem sftp /usr/libexec/sftp-server Subsystem sftp internal-sftp Match User sftpuser X11Forwarding no AllowTcpForwarding no #ForceCommand internal-sftp -l VERBOSE ForceCommand internal-sftp ChrootDirectory /chroot/sftpusr Linux yum install fuse Download the latest bindfs source tar-ball Compile & install: ./configure && make && sudo make install. vi /etc/fstab mmac.hensler.net:/Volumes/DATACUBE /mnt/ nfs defaults 0 […]

ldapsearch

Posted Posted in tech

yum whatprovides */ldapsearch sudo yum install openldap-clients ldapsearch -D “cn=admin,DC=timetoact,DC=de” -w Passw0rd  -p 389 -h tta-wp85vm.timetoact.de -b “DC=timetoact,DC=de” -s sub “(objectclass=*)” ldapsearch -D “cn=admin,DC=timetoact,DC=de” -w Passw0rd  -p 389 -h tta-wp85vm.timetoact.de -b “ou=users,dc=timetoact,dc=de” -s sub “(cn=wp85admin)” ldapsearch -D “cn=admin,DC=timetoact,DC=de” -w Passw0rd  -p 389 -h tta-wp85vm.timetoact.de -b “DC=timetoact,DC=de” -s sub “(cn=wp85admins)”

openldap phpLDAPAdmin

Posted Posted in tech

yum -y install php php-mbstring php-pear yum -y install epel-release yum –enablerepo=epel -y install phpldapadmin   vi /etc/phpldapadmin/config.php $servers->setValue(‘login’,’attr’,’dn’); //$servers->setValue(‘login’,’attr’,’uid’); vi /etc/php.ini date.timezone = Europe/Zurich vi /var/www/html/index.php <html> <body> <div style=”width: 100%; font-size: 40px; font-weight: bold; text-align: center;”> <?php print Date(“Y/m/d”); ?> </div> </body> </html>   vi /etc/httpd/conf/httpd.conf Listen 8080 vi /etc/httpd/conf.d/phpldapadmin.conf # #  Web-based […]

max upload size

Posted Posted in tech

php.ini ; Maximum allowed size for uploaded files. ; http://php.net/upload-max-filesize upload_max_filesize = 64M ; Maximum size of POST data that PHP will accept. ; Its value may be 0 to disable the limit. It is ignored if POST data reading ; is disabled through enable_post_data_reading. ; http://php.net/post-max-size post_max_size = 64M

xquartz / xming

Posted Posted in tech

download & install from http://xquartz.macosforge.org/landing/ uninstall launchctl unload /Library/LaunchAgents/org.macosforge.xquartz.startx.plist sudo launchctl unload /Library/LaunchDaemons/org.macosforge.xquartz.privileged_startx.plist sudo rm -rf /opt/X11* /Library/Launch*/org.macosforge.xquartz.* /Applications/Utilities/XQuartz.app /etc/*paths.d/*XQuartz sudo pkgutil –forget org.macosforge.xquartz.pkg # Log out and log in https://gist.github.com/TonyMtz/714e73ccb79e21c4fc9c Windows alternative : http://sourceforge.net/projects/xming/ http://de.wikipedia.org/wiki/Xming http://www.straightrunning.com/XmingNotes/  

ssl certificate

Posted Posted in tech

IBM HTTP Server SSL process simplified – IBM HTTP Server using ikeyman install IBM HTTP Server & Plugins run ikeyman (IBM Key Manager) add CA root & intermediate certificates to signer certificates create certificate personal certificate signing request forward csr to CA add signed certificate to personal certificates configure HTTP Server httpd.conf IBM WebSphere Proxy […]

ssl certificate OS X Server

Posted Posted in tech

1. In Server create a new trusted certificate signing request   2. Run through the signing process; receive the signed certificates (web server, intermediate certificates) Domain validated SSL certificates : https://www.namecheap.com/security/ssl-certificates/domain-validation.aspx https://manage.www.namecheap.com/myaccount/ssl-list.asp (Apache 2)   3. Drag signed web server certificate   4. In keychain access validate certificate   5. Change the certificate for servermgrd […]

watchguard, openvpn server / client

Posted Posted in tech

server yum install net-tools yum install wget cd /tmp wget http://swupdate.openvpn.org/as/openvpn-as-2.0.10-CentOS7.x86_64.rpm rpm -Uvh openvpn-as-2.0.10-CentOS7.x86_64.rpm enter “passwd openvpn” to set the initial administrative password, then login as “openvpn” to continue configuration here: https://10.0.1.113:943/admin client yum install epel-release yum install openvpn -y download client.ovpn from TTA site   create password.txt file with username / password add auth-user-pass […]

wireshark

Posted Posted in tech

X11 yum install xclockyum install xorg-x11-font*yum install xauth Wireshark yum install wiresharkyum install wireshark-gnome uninstallsudo rm -Rf /Applications/Wireshark.app/sudo rm -Rf /Library/Wiresharksudo rm -Rf /Library/StartupItems/ChmodBPFsudo dscl . -delete /Groups/access_bpf

.bashrc

Posted Posted in tech

#set WASHOME export WASHOME=/opt/IBM/WebSphere/AppServer #set profileNames dmgrProfile=Dmgr01 appSrvProfile=AppSrv01 alias dmgrBin=’cd $WASHOME/profiles/$dmgrProfile/bin’ alias nodeBin=’cd $WASHOME/profiles/$appSrvProfile/bin’ alias wsadmin=’cd $WASHOME/profiles/$dmgrProfile/bin/; ./wsadmin.sh -lang jython -user wasadmin -password Passw0rd -port 8879′ alias startDmgr=’$WASHOME/bin/startManager.sh’ alias startNode=’$WASHOME/profiles/$appSrvProfile/bin/startNode.sh’ alias startCNX=’$WASHOME/profiles/$appSrvProfile/bin/startServer.sh IC5_server1′ alias startAPPL=’$WASHOME/profiles/$appSrvProfile/bin/startServer.sh APPL_server1′ alias stopNode=’$WASHOME/profiles/$appSrvProfile/bin/stopNode.sh’ alias stopDmgr=’$WASHOME/bin/stopManager.sh’ alias stopCNX=’$WASHOME/profiles/$appSrvProfile/bin/stopServer.sh IC5_server1′ alias stopAPPL=’$WASHOME/profiles/$appSrvProfile/bin/stopServer.sh APPL_server1′ alias logDmgr=’tail -f $WASHOME/profiles/$dmgrProfile/logs/dmgr/SystemOut.log’ alias logNode=’tail -f $WASHOME/profiles/$appSrvProfile/logs/nodeagent/SystemOut.log’ alias […]

firewall

Posted Posted in tech

CentOS 7: firewalld systemctl disable firewalld systemctl stop firewalld systemctl status firewalld systemctl start firewalld sudo firewall-cmd –permanent –add-service=ssh sudo firewall-cmd –permanent –remove-service=ssh sudo firewall-cmd –permanent –add-port=4444/tcp sudo firewall-cmd –permanent –add-service=http sudo firewall-cmd –permanent –add-service=https SELINUX vi /etc/sysconfig/selinux  

nfs server, mac OS

Posted Posted in tech

sudo vi /etc/exports /Volumes/DATACUBE -alldirs -network 10.0.29.0 -mask 255.255.255.0 Once /etc/exports has been created, nfsd(8) will automatically start up and start serving the exports. sudo nfsd checkexports sudo nfsd status sudo nfsd restart nfsd service is enabled nfsd is running (pid 70334, 8 threads)   sudo vim /etc/fstab mmac.hensler.net:/Volumes/DATACUBE/ /mnt nfs defaults 0 0 mmac.hensler.net:/Volumes/DATACUBE/Media/Movies […]

nfs client

Posted Posted in tech

yum install nfs-utils nfs-utils-lib showmount mmac.hensler.net vi /etc/fstab mmac.hensler.net:/Volumes/DATACUBE /mnt         nfs     defaults        0 0

ftp server

Posted Posted in tech

INSTALL FTP yum install vsftpd chkconfig vsftpd on service vsftpd status useradd ftpuser passwd ftpuser CREATE FOLDER mkdir -p /disk3/ftpstuff chmod 767 disk3/ chmod 777 disk3/ftpstuff CREATE GROUP groupadd ftpusers CHANGE GROUP FOLDER chgrp ftpusers /disk3/ftpstuff chmod 3777 /disk3/ftpstuff ADD EXISTING USER usermod -a -G ftpusers ftpuser vi /etc/vsftpd/vsftpd.conf anonymous_enable=NO chroot_list_enable=YES chroot_list_file=/etc/vsftpd/chroot_list # If userlist_deny=NO, […]

cron

Posted Posted in tech

Use crontab -e to edit scheduled tasks, e.g.: 0 2 * * * rsync -av –delete –log-file=”/mnt/backup/logs/ic-ic.rsync.log” /opt/ /mnt/backup/ic-ic/

.bashrc

Posted Posted in tech

PS1=”[\u@\h \W] \[$(tput setaf 2)\]MMAC \[$(tput sgr0)\]\\$ ” alias ll=’ls -alp’ alias l=’ls -alph’ alias mc=”. /usr/local/opt/midnight-commander/libexec/mc/mc-wrapper.sh”

start script

Posted Posted in tech

#!/bin/bash # # Run-level Startup script for the IBM DB2 instance # # chkconfig: 345 91 19 # description: Startup/Shutdown IBM DB2 instance DB2_HOME=”/opt/home/db2inst1/sqllib” DB2_OWNR=”db2inst1″ # if the executables do not exist — display error if [ ! -f $DB2_HOME/adm/db2start -o ! -d $DB2_HOME ]  then  echo “IBM DB2 startup: cannot start”  exit 1  fi […]

ethernet configuration, hostname

Posted Posted in tech

yum install net-tools for ifconfig hostname hostnamectl -h –help              Show this help –version           Show package version –transient         Only set transient hostname –static            Only set static hostname –pretty            Only set pretty hostname -P –privileged        Acquire privileges before execution –no-ask-password   Do not prompt for password -H –host=[USER@]HOST  Operate on remote host Commands: status                 Show current hostname settings […]

SSH Tunnel, VMware, encryption, Tor

Posted Posted in tech

Create image 1. format SD Card 2. create sparsbundle 3. copy sparsebundle to SD VMware 4. create custom virtual machine 5. Remove Sound Card, USB Controller, Printer; set to 4 processor cores, 1536 MB Memory; reduce disk size to 16GB; set CD / DVD to start from CentOS iso; set network interface to no bridging […]

functions.php // wp_log_http_requests

Posted Posted in tech

/* WP LOG HTTP REQUESTS */ function wp_log_http_requests( $response, $args, $url ) { // set your log file location here $logfile = plugin_dir_path( __FILE__ ) . ‘/http_requests.log’; // parse request and response body to a hash for human readable log output $log_response = $response; if ( isset( $args[‘body’] ) ) { parse_str( $args[‘body’], $args[‘body_parsed’] ); […]

functions.php // facetWP

Posted Posted in tech

functions.php /** FacetWP index attachments */ function my_facetwp_indexer_query_args( $args ) { $args[‘post_status’] = array( ‘publish’, ‘inherit’ ); return $args; } add_filter( ‘facetwp_indexer_query_args’, ‘my_facetwp_indexer_query_args’ ); /** FacetWP */ facet Template <?php return array( ‘post_type’ => ‘any’, ‘post_status’ => array(‘publish’, ‘inherit’), ‘posts_per_page’ => 25, ‘tax_query’ => array( array( ‘taxonomy’ => ‘category’, ‘field’ => ‘slug’, ‘terms’ => array(‘2016′,’2015′,’2014’, […]

functions.php // searchWP

Posted Posted in tech

/* SEARCHWP DEBUG */ add_filter( ‘searchwp_debug’, ‘__return_true’ ); /* SEARCHWP DEBUG */ => searchWP System Configuration: wp_remote_post() does not work : use alternate indexer /* SEARCHWP add alternate indexer */ add_filter( ‘searchwp_alternate_indexer’, ‘__return_true’ ); /* SEARCHWP add alternate indexer */ /* SEARCHWP XPDF EXTENSION */ function mySearchWPXpdfPath() { return ‘/Library/Server/Web/Data/Sites/xpdf/pdftotext’; } add_filter( ‘searchwp_xpdf_path’, ‘mySearchWPXpdfPath’ ); /* SEARCHWP XPDF […]

functions.php // Remove Unwanted Admin Menu Items

Posted Posted in tech

function remove_admin_menu_items() { $remove_menu_items = array(__(‘Media’)); global $menu; end ($menu); while (prev($menu)){ $item = explode(‘ ‘,$menu[key($menu)][0]); if(in_array($item[0] != NULL?$item[0]:”” , $remove_menu_items)){ unset($menu[key($menu)]);} } } add_action(‘admin_menu’, ‘remove_admin_menu_items’);

ssh key authentication

Posted Posted in tech

create ssh keys ls -ld ~/.ssh mkdir -m 700 ~/.ssh cd ~/.ssh ssh-keygen -b 2048 -t rsa -f id_rsa -P “” // CentOS requires 2 “ chmod go-rwx ~/.ssh/id_rsa scp id_rsa.pub username@remotemachine:~ ssh username@remotemachine “cat /Users/username/id_rsa.pub >> ~/.ssh/authorized_keys” ssh username@remotemachine “rm /Users/username/id_rsa.pub” https://help.apple.com/advancedserveradmin/mac/4.0/#/apd002AE571-2E56-409A-A1F9-A71736EE9040 ssh-agent eval `ssh-agent -s` ssh-add /root/.ssh/bhr.id_rsa Enter passphrase for /root/.ssh/bhr.id_rsa: Identity added: […]

ddclient

Posted Posted in tech

sudo vi /usr/local/etc/ddclient/ddclient.conf daemon=300 # check every 300 seconds syslog=yes # log update msgs to syslog mail=root # mail all msgs to root mail-failure=root # mail failed update msgs to root ssl=no # use ssl-support. Works with ssl library // ssl=yes default pid=/usr/local/var/run/ddclient/pid use=web server=dyndns.inwx.de protocol=dyndns2 login=bhensler password= bernhard.hensler.net,www.bme-ravensburg.de sudo /usr/local/sbin/ddclient -force sudo rm /usr/local/var/run/ddclient/ddclient.cache […]

homebrew

Posted Posted in tech

http://brew.sh ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)” brew install mc brew install ddclient brew install mysql for yosemite : vi /usr/local/Library/brew.rb #!/System/Library/Frameworks/Ruby.framework/Versions/Current/usr/bin/ruby -W0

Synology : self signed certificate

Posted Posted in tech

With DSM version 4.2-3202 certificate management has been added: Certificate Management Certificate management allows you to create a self-signed certificate or a certificate request, or import certificates to DSM for encrypted services, such as web (HTTPS), FTP, RADIUS server, and mail services. You can view info regarding your server certificate, including expiration date, issuer, and […]

Lync 2013, Office Web Apps

Posted Posted in tech

Lync 2013 : Installation is pretty straight forward supported by very good installation instructions available in the net (see below). A quick comparison with IBM’s Sametime v8+ in regards to the feature set I don’t see any major differences (evangelists will disagree) – instant messaging with audio / video, web conferencing and enterprise voice complemented with […]