« » page 1/2, result 1-10, 1–10 11–20

Linux (K)Ubuntu 20.04 on ASUS VivoBook 15 S512J

 

The system comes with Windows 10 preinstalled, it is very fast and boot so fast to be impressive.

Default install of Kubuntu and Gparted live doesn't recognize the NVME SSD hard drive.

During many tries I resize the main partition with Windows, that was good later for installing Kubuntu.

I followed theese 2 guides:

  • https://discourse.ubuntu.com/t/ubuntu-installation-on-computers-with-intel-r-rst-enabled/15347
  • https://www.tenforums.com/drivers-hardware/15006-attn-ssd-owners-enabling-ahci-mode-after-windows-10-installation.html

 

The first was good to understand the problem but did not solved for me, mixed with the second helped me to fix, read both carefully, the solution was:

From Windows
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iaStorV\

Set Start to 0 (it was already so)

and StartOverride (expand on the left) to 0 (for me it was 3)

Do the same for

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\storahci\

Start a command prompt with Administrator privileges and type:

bcdedit /set {current} safeboot minimal

reboot the system, go into the BIOS (pressing ESC) and set the controller to AHCI mode instead of  Intel(R) RST...

Now the system start with Windws in safe mode, run again a command prompt with Administrator privileges and type:

bcdedit /deletevalue {current} safeboot

reboot the system and voilà Windows starts

Install you preferred OS

 

an old Slackware lover

 

 

 

 


 

Ops...

 

[  147.602933] Lockdown: archdetect: /dev/mem,kmem,port is restricted; see man kernel_lockdown.7

 

e allora vediamo

 

 

kernel_lockdown - Man Page

Kernel image access prevention feature

Description

The Kernel Lockdown feature is designed to prevent both direct and indirect access to a running kernel image, attempting to protect against unauthorised modification of the kernel image and to prevent access to security and cryptographic data located in kernel memory, whilst still permitting driver modules to be loaded.

Lockdown is typically enabled during boot and may be terminated, if configured, by typing a special key combination on a directly attached physical keyboard.

If a prohibited or restricted feature is accessed or used, the kernel will emit a message that looks like:

Lockdown: X: Y is restricted, see man kernel_lockdown.7

where X indicates the process name and Y indicates what is restricted.

On an EFI-enabled x86 or arm64 machine, lockdown will be automatically enabled if the system boots in EFI Secure Boot mode.

If the kernel is appropriately configured, lockdown may be lifted by typing the appropriate sequence on a directly attached physical keyboard.  For x86 machines, this is SysRq+x.

Coverage

When lockdown is in effect, a number of features are disabled or have their use restricted.  This includes special device files and kernel services that allow direct access of the kernel image:

/dev/mem
/dev/kmem
/dev/kcore
/dev/ioports
BPF
kprobes

and the ability to directly configure and control devices, so as to prevent the use of a device to access or modify a kernel image:

The use of module parameters that directly specify hardware parameters to drivers through the kernel command line or when loading a module.

The use of direct PCI BAR access.

The use of the ioperm and iopl instructions on x86.

The use of the KD*IO console ioctls.

The use of the TIOCSSERIAL serial ioctl.

The alteration of MSR registers on x86.

The replacement of the PCMCIA CIS.

The overriding of ACPI tables.

The use of ACPI error injection.

The specification of the ACPI RDSP address.

The use of ACPI custom methods.

Certain facilities are restricted:

Only validly signed modules may be loaded (waived if the module file being loaded is vouched for by IMA appraisal).

Only validly signed binaries may be kexec'd (waived if the binary image file to be executed is vouched for by IMA appraisal).

Unencrypted hibernation/suspend to swap are disallowed as the kernel image is saved to a medium that can then be accessed.

Use of debugfs is not permitted as this allows a whole range of actions including direct configuration of, access to and driving of hardware.

IMA requires the addition of the "secure_boot" rules to the policy, whether or not they are specified on the command line, for both the builtin and custom policies in secure boot lockdown mode.

Info

2017-10-05 Linux Programmer's Manual

 

 


 

Qualcosa infine succede

 

20 settembre 2020

0 12 20 9 * cat EOF > /dev/VV

 

 


 

Install Imapsync on debian 10

 

che palle!

Updated 2020 september 28 on kubuntu

Linux toshiba 5.4.0-42-generic #46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

As from

https://tecadmin.net/use-imapsync-on-ubuntu/

but not enough, let's start

sudo apt-get install git rcs make makepasswd cpanminus

sudo apt-get install libauthen-ntlm-perl  libclass-load-perl libcrypt-ssleay-perl liburi-perl libdata-uniqid-perl libdigest-hmac-perl libdist-checkconflicts-perl  libfile-copy-recursive-perl libio-compress-perl libio-socket-inet6-perl libio-socket-ssl-perl libio-tee-perl libmail-imapclient-perl libmodule-scandeps-perl libnet-ssleay-perl libpar-packer-perl libreadonly-perl libsys-meminfo-perl libterm-readkey-perl libtest-fatal-perl libtest-mock-guard-perl libtest-pod-perl libtest-requires-perl libtest-simple-perl libunicode-string-perl

ops... something importat is missing, install now and do not suffer after

sudo apt-get install gcc

sudo apt-get install libssl-dev

sudo apt-get install apt-file

sudo apt-file update

sudo apt-get install libcrypt-openssl-bignum-perl

sudo apt-get install libcrypt-openssl-rsa-perl

sudo apt-get install libperl-dev

 

Then

sudo cpanm Authen::NTLM
sudo cpanm CGI
sudo cpanm Crypt::OpenSSL::Random
sudo cpanm Crypt::OpenSSL::RSA
sudo cpanm Digest::HMAC
sudo cpanm Digest::HMAC_MD5
sudo cpanm Dist::CheckConflicts
sudo cpanm Encode::IMAPUTF7
sudo cpanm File::Copy::Recursive
sudo cpanm File::Tail
sudo cpanm IO::Socket::INET6
sudo cpanm IO::Tee
sudo cpanm JSON::WebToken::Crypt::RSA
sudo cpanm LWP::UserAgent
sudo cpanm Mail::IMAPClient JSON::WebToken Test::MockObject
sudo cpanm Module::ScanDeps
sudo cpanm PAR::Packer
sudo cpanm Regexp::Common
sudo cpanm Sys::MemInfo
sudo cpanm Term::ReadKey
sudo cpanm Test::Deep
sudo cpanm Test::Pod
sudo cpanm Unicode::String Data::Uniqid

 

Now we can install imapsync

 

git clone https://github.com/imapsync/imapsync.git
cd imapsync
mkdir -p dist
sudo make install


 

 


 

Zimbra blacklist ip after many logon failures

 

and block mailbox after too many failures

As of from

https://wiki.zimbra.com/wiki/DoSFilter

"The denial-of-service filter or DoSFilter was added to the mailbox server in ZCS 8.0 to throttle clients sending a large number of requests over a very short period of time. The DoSFilter is applied to all requests for service, mailbox and admin..."

 

zmprov mcf zimbraHttpDosFilterDelayMillis 20
zmprov mcf zimbraHttpDosFilterMaxRequestsPerSec 250
zmprov mcf zimbraInvalidLoginFilterDelayInMinBetwnReqBeforeReinstating 30
zmprov mcf zimbraInvalidLoginFilterMaxFailedLogin 10
zmprov mcf zimbraInvalidLoginFilterReinstateIpTaskIntervalInMin 5

and in admin console Home > Configure > Class of Service >  Advanced > Failed Login Policy

Classi di servizio Zimbra

In a big company this can cause the block of an entire netword, so you can whitelist it

 

zmprov mcf +zimbraHttpThrottleSafeIPs 35.171.80.173/32



 

 


 

RIP Kobe

 

 

 


 

ZIMBRA - Outgoing SMTP Authentication

 

in italian

Le variabili sono:

  1. il nome del server Zimbra che deve spedire usando un SMTP esterno (autenticato)
  2. il nome, la porta e il tipo di sicurezza del server SMTP che farà da relay per noi
  3. servono username e password per il relay esterno
  4. la versione di Zimbra, dalla 8.5 ci sono dei comandi più integrati e non perdi le conf al riavvio dei servizi

 

che, per esempio, poniamo essere:

  1. mail.zimbrino.it
  2. smtp.provider.it porta 587 STARTTLS
  3. username password
  4. nel mio caso 8.8.15

I comandi devono essere impartiti da utente zimbra, quindi

su - zimbra

Dice a zimbra di usare un Mail Relay Agent

zmprov mcf zimbraMtaRelayHost smtp.provider.it:587

 

 

Crea il file conusername e password da usare per smtp.provider.it
echo smtp.provider.it username:password > /opt/zimbra/conf/relay_password

 

 

Crea il file con le password che userà postfix partendo dal file in chiaro (/opt/zimbra/conf/relay_password)
postmap /opt/zimbra/conf/relay_password
come verifica digitare:
postmap -q smtp.provider.it /opt/zimbra/conf/relay_password
l'output deve essere lo stesso del file e cioè nell'esempio:
smtp.provider.it username:password

Dice a postfix di usare quel file per l'autenticazione SASL
zmprov ms mail.zimbrino.it zimbraMtaSmtpSaslPasswordMaps lmdb:/opt/zimbra/conf/relay_password

 

Dice a postfix di abilitare l'autenticazione
zmprov ms mail.zimbrino.it zimbraMtaSmtpSaslAuthEnable yes

 

Dice a postfix di usare il nome specificato al posto del canonical name che potrebbe essere diverso

zmprov ms mail.zimbrino.it zimbraMtaSmtpCnameOverridesServername no

 

attivare STARTTLS (http://www.postfix.org/postconf.5.html#smtp_tls_security_level)

zmprov ms mail.zimbrino.it zimbraMtaSmtpTlsSecurityLevel may

 

Se hai problemi di autenticazione [SASL authentication failed (si vede nella coda) + Relay denied (si vede nei log)]
zmprov ms mail.zimbrino.it zimbraMtaSmtpSaslSecurityOptions noanonymous

 

Per riavviare postfix
postfix reload
Per riavviare Zimbra (oppure stop e start)
zmcontrol restart
Per vedere i log di zimbra
tail -f /var/log/zimbra.log
Per vedere la coda
postqueue -p

oppure
mailq
Per forzare la coda
postqueue -p

 

Tip:

Dopo aver cambiato il CommonName è possibile avere degli errori SOAP nell'interfaccia di gestione come questo:

system failure exception during auth remotemanager

E' possibile risolvere rigenerando i certificati:

zmsshkeygen

e

zmupdateauthkeys

 

 


 

 


 

Extract string between two characters

 

estrarre testo compreso tra due caratteri delimitatori non necessariamente uguali

 

 

For example I want to see mail boxes logins, each login row is similar to this:

Nov 26 12:17:52 sgherro_mail_server dovecot: imap-login: Login: user=<usermailbox>, method=PLAIN, rip=192.168.0.225, lip=192.168.99.216, TLS

 

To extract usermailbox I did this:

cat /var/log/mail.log | grep "Login: " |sed -nr 's/.*<(.*)>.*/\1/p'

 

 


 

Ubiquiti AP adoption

 

 

  •  Identificare e/assegnare IP address al dispositivo
  •  Accedere al pannello https://uxxxi.nxxxxi.it:8443
  •  Accedere al site o crearlo se necessario, nel qual caso andare nelle impostazioni e mettere nazione e fuso orario corretti, in fondo ci sono delle credenziali
  •  Con putty o terminale UNIX collegarsi al dispositivo via ssh, username: ubnt password: ubnt
  •  digitare:


 set-inform http://uxxxi.nxxxxi.it:8080/inform

 (verificare che siano http e 8080)

  •   Sul pannello web, alla voce devices deve comparire il device
  •   In devices clicca su ADOPT
  •   Dal terminale ripeti il comando set-inform esattamente come prima
  •   Il dispositivo fa un provisioning e riavvia
  •   Configurare il wifi
  •   Applicare i gruppi WLAN al dispositivo (si fa da devices, si clicca sul dispositivo ecc.

 

 


 

docker commit

 

identify the docker

# docker ps

CONTAINER ID   IMAGE COMMAND CREATED  STATUS PORTS NAMES

then commit!

# docker commit CONTAINER ID NAMES

done

 

 


 

« » page 1/2, result 1-10, 1–10 11–20