Setting up mutt notes

Mutt will by default lookup the $MAIL variable in order to identify where the user mailbox is created e.g.: echo $MAIL /var/mail/username If for some reason this is not set we can issue: export $MAIL=/var/mail/username and to make it permanent: echo ~/.bashrc >> 'export $MAIL=/var/mail/username' On first launch if your mail directoy does not exist ask you whether you would like it to create a new mail directory. Sometimes if after first launch the mailbox (or it's folder) is deleted you might get the following error message: /var/mail/username:...

Read more

Mount point persistence with fstab

We should firstly identify the block device with dmesg: dmesg | grep sd [611156.2271561] sd 2:0:3:0: [sdd] Attached SCSI disk Create a new partition table: sudo fdisk /dev/sdd o (to create a new / empty DOS partition table.) n (to create a new primary ext3 partition.) w (to write changes.) Lets create the filesystem with: mkfs.ext3 /dev/sdd1 Now grab the UUID of the partition with: blkid /dev/sdd1 and then perform a test mount of the partition e.g.: mkdir -p /mount/mountpoint mount -t auto /dev/sdd1 /mount/mountpoint and if all goes...

Read more

Setting up highly available message queues with RabbitMQ and Cent OS 7

Since RabbitMQ runs on Erlang we will need to install it from the epel repo (as well as a few other dependancies): yum install epel-release erlang-R16B socat python-pip Download and install rabbitmq: cd /tmp wget https://www.rabbitmq.com/releases/rabbitmq-server/v3.6.6/rabbitmq-server-3.6.6-1.el7.noarch.rpm rpm -i rabbitmq-server-3.6.6-1.el7.noarch.rpm ensure that the service starts on boot and is started: chkconfig rabbitmq-server on sudo service rabbitmq-server start Rinse and repeat on the second server. Now before creating the cluster...

Read more

Troubleshooting certificate enrollment in active directory

Start by verifying the currently published CA(s) with: certutil -config - -ping and also adsiedit: CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=yourdomain,DC=internal Confirm whether the CA is entrpise or standalone with: certutil –cainfo The CA type must be Enterprise otherwise MMC enrollment will not work. We can also verify the permissions on the CA itself by gonig to the Certificate Authority snapin: CertSrv.msc and right-hand clicking on the server node >> Security >> and ensuring the relevant...

Read more

Manually (painfully) generating a server certificate for LDAPS on Server 2003.

This is a bit of an odd one - as this process can be automated - but if you like me - prefer to do this manually I have documented the steps (briefly) below. Firstly add the CA role by going to 'Add and Remove Programs' from the control panel and selecting the 'Add/Remove Windows Components' and ensure that 'Certificate Services' is checked as well as ensuring that the 'CA Web Enrollment' feature is installed as well (click on the details button.) Now lets create a certificate template for this purpose - so go to: mmc.exe >> 'Add Snapins'...

Read more

Troubleshooting netlogon problems with Windows 7/10/2008/2012

Firstly verify any DNS servers: ipconfig /all Sample output: 10.1.1.1 and ensure they are (all) responding with e.g.: cmd nslookup server 10.1.1.1 google.com if fails check with telnet e.g. (assuming the DNS server is running over TCP): cmd telnet 10.1.1.1 53 and verify you get a response. We can check if the netlogon service is able to communicate with our DNS server with: nltest /query we can also verify the last state of the secure channel created between the client and DC with: nltest /sc_query:yourdomain.internal (This will also...

Read more

Turning on logging with UFW

If you are unfortuante enough to be working with Ubuntu you might have come accross UFW - a wrapper for IPTables that aims to 'simplify' management of the firewall. To enable logging in UFW you should firstly ensure its not already turned on with: sudo ufw status verbose | grep logging and if not enabled issue: sudo ufw logging on We can also adjust the logging level with: ufw logging [low] | [medium] | [full] Low: Provides information on all dropped packets and packets that are setup to be logged. Medium: Matches all low level events plus...

Read more

Email spoofing, SPF and P1/P2 headers

SMTP message headers comprise of two different headers types: P1 and P2. The way I like to conceptualize it is relating a P1 header to network frame and a P2 header to an IP packet - the frame is forwarded via a network switch (which is unaware of any lower level PDU's encapsulated within the frame) - it is only until the frame reaches a layer 3 device that the IP packet is inspected and a decision is made. By design SPF only checks the P1 headers...

Read more

Setting up client certificate authentication with Apple iPhones / iPads

Client certificates can come in very handy when you wish to expose internal applications that you wish to make publicly accessible to specific entities. Fortunately most reverse proxies such as IIS, httpd, nginx and haproxy provide this functionality - although for this tutorial I will concentrate on nginx since the configuration is pretty straight forward and I (personally) tend to have less cross-platform problems when working with it. * For this tutorial I am already assuming that you have your own server certificate (referred to as server.crt) So...

Read more