home

https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf DNS Entries hensler.net TXT “v=spf1 ip4:3.225.201.202 ~all” default._domainkey.hensler.net. TXT “v=DKIM1;k=rsa;” “part I” “part II” _dmarc TXT v=DMARC1; p=none; pct=100; rua=mailto:dmarc-reports@hensler.net DNS Type SPF use has been removed in the standards track version of SPF, RFC 7208. Your DNS Type SPF record should be republished as Type TXT instead. dig hensler.net txt http://spf.myisp.ch/ https://www.kitterman.com/spf/validate.html? spf […]

https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx request wildcard certificate sudo certbot –server https://acme-v02.api.letsencrypt.org/directory -d *.hensler.net –manual –preferred-challenges dns-01 certonly certbot –nginx (adds nginx configuration for SSL) sudo certbot certonly –manual -d ‘*.hensler.net’ –dry-run sudo certbot certonly –manual -d ‘*.hensler.net’ >> update .txt for _acme-challenge.hensler.net in route53 sudo service nginx restart sudo certbot certificates Saving debug log to /var/log/letsencrypt/letsencrypt.log – – […]

Spamassasin not starting with reboot: sudo systemctl status spamassassin.service sudo systemctl enable spamassassin.service sudo vim /lib/systemd/system/spamassassin.service [Service] Restart=always RestartSec=3

Ubuntu Postfix Dovecot SMTP Banner Ubuntu Open lightsail ports SSH TCP 22 Custom TCP 25 HTTP TCP 80 Custom TCP 110 Custom TCP 143 HTTPS TCP 443 Custom TCP 993 Custom TCP 995 sudo netstat -lnpt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:3306 […]

#1: Migrating a monolithic application (daytrader) on top of a WebSphere Liberty application server form traditional deployment to cloud services using AWS. This involves multiple steps, starting with containerizing the application, converting the database (Derby to Postgres) and finally migrating images into Amazon’s cloud to make use of the Elastic Cloud services (EC*) and High […]

add_filter( ‘widget_tag_cloud_args’, ‘jmw_exclude_tag_from_tag_cloud’); function jmw_exclude_tag_from_tag_cloud( $args ) { $args[ ‘exclude’ ] = ’45’; // ID of the tag. If multiple tags use comma delimited sting ‘2,5,36’ return $args; }

Design and implement OAuth/OIDC authentication process for mobile clients (native/html) using ISAM (IBM Security Access Manager) and authorisation code grant type. Integrate custom “Message Provider Gateway” (MSG) in authentication process (verification of access token) using OIDC JWKS (JSON Web Key Set) and /userinfo endpoints. Products used: IBM Security Access Manager

By default, the WebSphere Application Server SAML Trust Association Interceptor (TAI) supports IdP-initiated SSO only. When custom code is in place, the SAML TAI can be configured to support SP-initiated SSO. Writing a custom java class the authentication process will be intercepted and handled by the SP – a SAML mutual trust relationship between the […]

User account synchronization between internal LDAP and directories of a foreign application domain (e.g. Cloud application), using SCIM (System for Cross-domain Identity Management), alternatively parsers (LDIF, JSON, XML, others) or synchronization with a cloud database. Products used: IBM Security Directory Integrator (SDI), IBM Secure Directory Server (SDS), Amazon Web Services (AWS) DynamoDB, Red Hat.

The intention of this project was to provide a consistent Single-Sign-On (SSO) between an on-premise ISAM (IBM Security Access Manager) and IBM’s Cloud Identity (CI) using SAML by utilising local user accounts for authentication. MMFA (Mobile Multi Factor Authentication) with QR Code and TOTP (Timely One Time Password) was added to provide a 2-factor authentication […]

Design and implement multiple corporate-wide deployments for IBM Sametime 9 including components necessary to provide web conferencing and multi-way audio/video/chat. Products used: IBM Sametime complete v9

yum -y install epel-release yum -y install NetworkManager-openvpncd /usr/sbin/openvpn automatic login:create ovpn.username.txt with:usernamepassword vi /etc/openvpn/tta.confauth-user-pass ovpn.username.txt cp ovpn.username.txt /etc/openvpn/cp tta.conf /etc/openvpn/ ./openvpn –config /etc/openvpn/tta.conf –auth-user-pass /etc/openvpn/ovpn.username.txt autostart openvpnsystemctl enable openvpn@ttasystemctl status openvpn@tta.conf.service

cd /opt/wlp/bin ./installUtility install adminCenter-1.0 server start | stop | status vi /opt/wlp/usr/servers/defaultServer/server.xml in firefox (LIN) https://localhost:9943/adminCenter

httpd-vhosts.conf httpd-ssl.conf httpd.conf ln -s /Users/bhr/Music/iTunes/iTunes\ Media/Uploads/ /Users/bhr/Sites/media.hensler.net/uploads https://larsjung.de/h5ai/

use .vimrc sample to avoid “visual” in vim when trying to copy/paste. https://github.com/amix/vimrc/blob/master/vimrcs/basic.vim

Some applications do not offer direct pdf printing; the internal printing system allows setting up a local pdf printer. https://www.papercut.com/kb/Main/SetupNullPrinterOnMac

ServerName was.hensler.net:80 LoadModule rewrite_module modules/mod_rewrite.so RewriteEngine On RewriteRule ^\/$ https://%{SERVER_NAME}/ [NE,L,R] LoadModule ibm_ssl_module modules/mod_ibm_ssl.so Keyfile /opt/IBM/HTTPServer/ssl/key.kdb SSLStashfile /opt/IBM/HTTPServer/ssl/key.sth <IfModule mod_ibm_ssl.c> Listen 0.0.0.0:443 <VirtualHost *:443> ServerName was.hensler.net:443 SSLEnable SSLClientAuth none SSLCompression off SSLProtocolDisable SSLv2 SSLv3 SSLProtocolEnable TLSv1 TLSv11 TLSv12 SSLCipherSpec TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 SSLCipherSpec TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 SSLCipherSpec TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 SSLCipherSpec TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 SSLCipherSpec TLS_RSA_WITH_AES_256_CBC_SHA SSLCipherSpec TLS_RSA_WITH_AES_128_CBC_SHA SSLCipherSpec SSL_RSA_WITH_3DES_EDE_CBC_SHA SSLCipherSpec SSL_RSA_WITH_3DES_EDE_CBC_SHA # […]

https://backstage.forgerock.com/knowledge/kb/book/b73824898#a56766667 cd /etc/systemd/system vim opendj.service [Unit] Description=opendj LDAP Server After=network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/opt/opendj/logs/server.pid ExecStart=/opt/opendj/bin/start-ds –quiet ExecStop=/opt/opendj/bin/stop-ds –quiet PrivateTmp=true LimitNOFILE=infinity [Install] WantedBy=multi-user.target systemctl enable opendj.service systemctl start opendj.service systemctl stop opendj.service

http://publib.boulder.ibm.com/httpserv/ihsdiag/startstop_questions.html#how-do-i-start-ihs-during-the-linux-boot-process cd /etc/systemd/system vim ihs.service [Unit] Description=IBM HTTP Server After=network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/opt/IBM/HTTPServer/logs/httpd.pid ExecStart=/opt/IBM/HTTPServer/bin/apachectl start -d /opt/IBM/HTTPServer ExecStop=/opt/IBM/HTTPServer/bin/apachectl graceful-stop ExecReload=/opt/IBM/HTTPServer/bin/apachectl graceful PrivateTmp=true LimitNOFILE=infinity [Install] WantedBy=multi-user.target vim ihsadmin.service [Unit] Description=IBM HTTP Administration Server After=network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/opt/IBM/HTTPServer/logs/admin.pid ExecStart=/opt/IBM/HTTPServer/bin/adminctl start ExecStop=/opt/IBM/HTTPServer/bin/adminctl stop PrivateTmp=true LimitNOFILE=infinity [Install] WantedBy=multi-user.target   systemctl enable ihs.service systemctl start ihs […]

yum -y install binutils bind-utils compat-db.x86_64 compat-libstdc* compat-libstdc++-33.i686 compat-libstdc++-33.x86_64 elfutils-libelf elfutils-libelf-devel elfutils-libs.i686 elfutils-libs.x86_64 elfutils.x86_64 firefox ftp gcc gcc-c++ glibc-common glibc-devel glibc-headers glibc* gtk2-engines.x86_64 gtk2.i686 gtk2.x86_64 kernel-devel kernel-headers ksh ksh.x86_64 libaio libaio-devel libaioi libcanberra-gtk2.x86_64 libcyanberra-gtk2.i686 libgcc.i686 libgcc.x86_64 libgcc* libstdci libstdc++.i686 libstdc++.x86_64 libXft.i686 libXft.x86_64 libXmu.i686 libXmu.x86_64 libXp libXp.i686 libXp.x86_64 libXpi libXtst.i686 libXtst.x86_64 make mc mlocate net-tools ntp […]

sudo vim /etc/postfix/main.cf message_size_limit = 10485760 mailbox_size_limit = 0 biff = no smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated permit recipient_delimiter = + tls_random_source = dev:/dev/urandom #smtpd_tls_ciphers = medium myhostname = mail.hensler.net mydomain = hensler.net myorigin = $mydomain #inet_interfaces = $myhostname, localhost mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,mail.$mydomain mynetworks = 127.0.0.0/8 smtpd_banner = $myhostname smtpd_use_tls= yes smtp_use_tls = […]

brew install dnsmasq   sudo vim /usr/local/etc/dnsmasq.conf bogus-priv local=/lan.hensler.net/ domain=lan.hensler.net expand-hosts listen-address=127.0.0.1 listen-address=10.0.29.150   sudo vim /etc/hosts ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost 10.0.29.60 hostname   /etc/resolv.conf domain lan.hensler.net […]

http://www.height8.com/info/os/osx/named

sudo vim /etc/openldap/slapd.conf include /private/etc/openldap/schema/core.schema include /private/etc/openldap/schema/cosine.schema include /private/etc/openldap/schema/inetorgperson.schema pidfile /private/var/db/openldap/run/slapd.pid argsfile /private/var/db/openldap/run/slapd.args database bdb suffix “dc=hensler,dc=local” rootdn “cn=manager,dc=hensler,dc=local” rootpw {SSHA}DXreBCiCpU1sH728ubClNXpHblzw80Wo directory /private/var/db/openldap/openldap-data index objectClass eq cachesize 2000 sudo vim /etc/openldap/sample.ldif version: 1 dn: dc=hensler,dc=local objectClass: top objectClass: dcObject objectClass: organization dc: hensler o: Some Org description: A sample domain dn: ou=people,dc=hensler,dc=local objectClass: top objectClass: […]

create standard user sftpusr allow ssh remote login for sftpusr sudo vim /etc/ssh/sshd_config # override default of no subsystems # Subsystem sftp /usr/libexec/sftp-server #Subsystem sftp internal-sftp -l VERBOSE -f LOCAL3 Subsystem sftp internal-sftp Match User sftpusr X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp ChrootDirectory /chroot/%u run command sudo mkdir /chroot sudo mkdir /chroot/bin sudo cp /bin/bash […]

sudo vim /etc/apache2/httpd.conf ServerName localhost:80 DocumentRoot “/Users/bhr/Sites” <Directory “/Users/bhr/Sites”> Options FollowSymLinks Multiviews MultiviewsMatch Any AllowOverride None Require all granted </Directory> LoadModule php7_module libexec/apache2/libphp7.so LoadModule perl_module libexec/apache2/mod_perl.so LoadModule userdir_module libexec/apache2/mod_userdir.so LoadModule include_module libexec/apache2/mod_include.so LoadModule rewrite_module libexec/apache2/mod_rewrite.so LoadModule vhost_alias_module libexec/apache2/mod_vhost_alias.so LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so LoadModule ssl_module libexec/apache2/mod_ssl.so Include /private/etc/apache2/extra/httpd-userdir.conf Include /private/etc/apache2/extra/httpd-vhosts.conf Include /private/etc/apache2/extra/httpd-ssl.conf sudo vim /private/etc/apache2/extra/httpd-userdir.conf Include /private/etc/apache2/users/*.conf […]

Midnight Commander for Mac OS X vim .bash_profile alias ll=’ls -alp’ alias mc=’. /usr/local/libexec/mc/mc-wrapper.sh’

sudo ufw disable selinux not installed by default sudo vim /etc/network/interfaces auto enp0s25 iface enp0s25 inet static address 10.0.29.60 netmask 255.255.255.0 gateway 10.0.29.1 dns-nameservers 62.2.17.60 sudo passwd root sudo sed -i ‘s/#PermitRootLogin prohibit-password/PermitRootLogin yes/’ /etc/ssh/sshd_config sudo service ssh restart sudo vim /etc/security/limits.conf *    soft    nofile 65536 *    hard    nofile 65536 sudo vim /etc/environment LANG=en_US.utf-8 LC_ALL=en_US.utf-8

http://zanshin.net/2015/10/01/change-sshd-port-on-mac-os-x-el-capitan/

https://gist.github.com/mustafaturan/7053900   To send videos with WhatsApp run ffmpeg with following codecs: ffmpeg –i “original–file.mp4” –vcodec libx264 –acodec aac “output–file.mp4”

Firefox starts with a chrome://*.xul URL, which is a reference to a Add-On extension in Mozilla-derivative browsers. Firefox as of version 43 blocks automated installation of unsigned extensions. IBM’s commonlaunchpad xpi extension (found in the extensions directory of the new Profile being used by launchpad.sh) is unsigned. To workaround this downgrade Firefox with a version […]

vim /etc/ssh/sshd_config Subsystem sftp internal-sftp -l INFO -f AUTH vim /etc/rsyslog.conf auth.* /var/log/sftp.log   https://access.redhat.com/articles/1374633

postfix https://www.server-world.info/en/note?os=CentOS_7&p=mail #virtual_alias_domains = hensler.net virtual_alias_maps = hash:/etc/postfix/virtual ADD forwarder addresses vi /etc/postfix/virtual postmap /etc/postfix/virtual service postfix restart dovecot https://www.server-world.info/en/note?os=CentOS_7&p=mail&f=2 DNS hensler.net. A xxx.xxx.xxx.xxx hensler.net. MX 10 mail.hensler.net mail.hensler.net. CNAME hensler.net wordpress.hensler.net. A xxx.xxx.xxx.xxx ROUTER 25,110,143,80,443 FIREWALL https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7 systemctl stop firewalld.service firewall-cmd –zone=public –permanent –add-service=http firewall-cmd –zone=public –permanent –add-service=https firewall-cmd –add-service=smtp –permanent firewall-cmd –add-port={110/tcp,143/tcp} –permanent […]

  sudo visudo # User privilege specification root    ALL=(ALL) ALL %admin  ALL=(ALL) ALL bernhardhensler ALL=(ALL) NOPASSWD: ALL

Clipboard between Mac OS, Centos 64 7 CentOS yum install epel-release yum install xclip cat somefile.txt | xclip -selection clipboard In Mac OS use preinstalled pbcopy/pbpaste cat /etc/passwd | pbcopy   http://tedhagos.com/linux/clipboard-copy-paste-terminal.html

sudo vim /Users/bhr/Library/LaunchAgents/com.mmac.useragent.plist <?xml version=”1.0″ encoding=”UTF-8″?> <!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”> <plist version=”1.0″> <dict>         <key>KeepAlive</key>         <true/>         <key>Label</key>         <string>com.mmac.useragent</string>         <key>Program</key>         <string>/Users/bhr/startUp/bindfs.sh</string>         <key>RunAtLoad</key>         <true/>         <key>StandardErrorPath</key>         <string>/tmp/com.mmac.startup.stderr</string>         <key>StandardOutPath</key>         <string>/tmp/com.mmac.startup.stdout</string> </dict> </plist> sudo vim /Users/bhr/startUp/bindfs.sh #!/bin/bash sudo /usr/local/bin/bindfs -r -g SFTPGroup /Volumes/DATACUBE/Media/Movies/ /chroot/sftp/movies sudo /usr/local/bin/bindfs […]

Generate new ssh key ssh-keygen -t rsa -C “bernhard.hensle@timetoact.ch” add private key to keychain ssh-add -K ~/.ssh/bhensler_id_rsa ssh-copy-id root@111.111.111.111

cd /Applications/ open AppName osascript -e ‘quit app “AppName”‘ ps -ax | grep AppName

vim .bash_profile export PATH=$PATH:/Applications/VMware\ Fusion.app/Contents/Library/ POWER COMMANDS           PARAMETERS           DESCRIPTION ————–           ———-           ———– start                    Path to vmx file     Start a VM or Team                          [gui|nogui] stop                     Path to vmx file     Stop a VM or Team                          [hard|soft] reset                    Path to vmx file     Reset a VM or Team                          [hard|soft] suspend                  Path to vmx file     Suspend a […]

vim ~/.ssh/config Host * ServerAliveInterval 240 http://www.kehlet.cx/articles/129.html

https://www.howtoforge.com/samba-server-installation-and-configuration-on-centos-7 yum install samba samba-client samba-common vi /etc/samba/smb.conf [global]         workgroup = WORKGROUP         server string = CNX5 Samba Server %v         netbios name = CNX5         security = user         map to guest = bad user         dns proxy = no [IBM]         path = /opt/IBM         valid users = root         browsable =yes […]

vi /etc/init.d/ihs #!/bin/bash # SERVICENAME should match this filename SERVICENAME=$(basename $0) LOCKFILE=”/var/lock/subsys/${SERVICENAME}” APACHECTL=/opt/IBM/HTTPServer/bin/apachectl # The next lines are for chkconfig on RedHat systems. # chkconfig: 2345 98 02 # description: Starts and stops IHS # The next lines are for chkconfig on SuSE systems. ### BEGIN INIT INFO # Provides: IHS_61.1 # Required-Start: $network $syslog […]

Deployment Manager cd /opt/IBM/WebSphere/AppServer/bin/ ./wasservice.sh -add dmgr -serverName dmgr -profilePath /opt/IBM/WebSphere/AppServer/profiles/Dmgr01 service dmgr_was.init stop service dmgr_was.init start service dmgr_was.init status NodeAgent ./wasservice.sh -add node01 -serverName nodeagent -profilePath /opt/IBM/WebSphere/AppServer/profiles/AppSrv01 service node01_was.init stop service node01_was.init start service node01_was.init status #To have the node agent automatically start the Appserver JVM, set the Monitoring Policy of each JVM to […]

http://www-01.ibm.com/support/docview.wss?uid=swg24039355 http://www-01.ibm.com/support/knowledgecenter/SSFHJY/welcome IBM Connections cnx5.sites IBM Connections 5 CR3 (CentOS 7) Conversion, Docs, Viewer cnxDocs.sites IBM Connections Docs 1.0.7 (Windows 2008 R2) create LCUSER db2set DB2CODEPAGE=1208 db2stop force db2start create database (cnx5.sites) createDb.bat updateDBSchema.bat db2 -td@ -vf appGrants.sql install Python disable Netbios disable TCPIP Netbios Helper FNCMIS If you want Docs to work with CCM libraries, […]

Installation Manager 64bit yum install gtk2 yum install libXtst Download IBM Connections 5 http://www-01.ibm.com/support/docview.wss?uid=swg24037654   CCM CLFRP0038E: IBM Connections Content Manager failed to be configured on WebSphere Application Server. Error Step : Step “action-config-fncs-ccm” >> install ksh (korn shell) IHS grouped ihsgrp useradd -g ihsgrp -s/bin/bash -d /home/ihsadmin -m ihsadmin setupadm -create -usr ihsadmin -grp […]

DOMINO 9.0.1 yum install glibc-2.*.i686 libgcc-4*.i686 libXtst-1.*.i686 libXmu-1.*.i686 libXp-1.*.i686 libXft-2.*.i686 libXi-1.*.i686 libstdc++-4.*.i686 groupadd notes useradd -g notes -s/bin/bash -d /home/notes -m notes passwd notes vim /etc/security/limits.conf *    soft    nofile 65536 *    hard    nofile 65536 /opt/ibm/domino/bin/server -listen #rc_domino Copy rc_domino_script into /opt/ibm/domino Copy rc_domino into /etc/init.d, check variable DOMINO_START_SCRIPT Copy domino.service into /etc/systemd/system chmod 755 rc_domino_script […]

Install yum -y install netatalk avahi dbus nss-mdns chkconfig netatalk on chkconfig messagebus on chkconfig avahi-daemon on adduser afp passwd afp vi /etc/netatalk/afpd.conf “hostname” -tcp -noddp -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword vi /etc/netatalk/AppleVolumes.default :DEFAULT: “HTTPD” allowed_hosts:10.0.29.0/24 allow:afp rwlist:afp options:upriv,usedots dperm:0770 fperm:0660 ~ “HOME” /var/www/html/ “HTML” vi /etc/nsswitch.conf hosts:      files mdns4_minimal dns mdns mdns4 vi /etc/avahi/services/afpd.service […]

iTunes “master library” (bhr’s library) create new library with default values on local disk add Music to your iTunes library enable iCloud Music Library in preferences, wait for sync to complete recreate new library = (1) enable iCloud Music library change iTunes media folder location to external drive add movies, apps, videos etc. enable sharing […]