Tikejhya: Ashish Nepal

Knowledgebase

Month: June 2012 (Page 1 of 2)

Unauthenticated email is not accepted from this domain

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Unauthenticated email is not accepted from this domain

from=ashishnepal@domain.com,addr=any@googlehosted.com: 550 5.7.1 Unauthenticated email is not accepted from this domain. v234s7598891wib

The cause of the problem is that:

Google rejects all mail from the @domain.com domain unless they are able to verify DKIM signature.

Solution :
Add your domain.com outbound mail servers’ IP addresses under “Inbound Gateway” in the domain settings for @googlehosted.com in Google Apps.

This way you could bypass the DKIM signature authentication (or google will simply accept even if its thats not accepted.)

Adding a file or directory to an existing archive

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Adding a file or directory to an existing archive

# tar rvf archive_name.tar newfile

Adding directory to an existing archive

# tar rvf archive_name.tar newdir/

Note: Tar file cannot be archieved.

$ tar rvfz archive_name.tgz newfile
Output: tar: Cannot update compressed archives

Windows “Kill Process”

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Windows “Kill Process”

taskkill /F /IM thunderbird.exe

Checking SSL certificate expiry

How to view the expiry date of an ssl certificate on crt file

openssl x509 -noout -in wildcard.ashishnepal.com.crt -dates

notBefore=Aug 21 16:43:10 2011 GMT
notAfter=Aug 21 16:43:10 2014 GMT

How to view the expiry date of an ssl certificate on domain

openssl s_client -connect kb.ashishenpal.com:443 | openssl x509 -text

[You would see this section before public key Fingreprint]
Validity
Not Before: Jan 29 00:00:00 2010 GMT
Not After : Jan 28 23:59:59 2014 GMT

I came across Very nice script provided by Matty, which is available at http://prefetch.net/code/ssl-cert-check
and http://prefetch.net/articles/checkcertificate.html this script does exactly what you would be looking for.

SSL Checker

Using this script you could get verity of options where simply you can create a list of domain inside a file and read file . Here ssl_spy.sh is this ssl_checker script, ssl_check.txt is the file which contains all those domain i want to check and wheel@tikejhya.com is my email address where i want to get notified, -f is option for file read and -q is quite -x is time if less than 60 it will notify me in given email.

/bin/bash /home/tikejhya/bin/ssl_spy.sh -a -f /home/tikejhya/bin/ssl_check.txt -q -x 60 -e wheel@tikejhya.com

Vi comment out block

Vi comment out block / VI comment multiple lines

Go to the line and hit

1) m{CHAR} or m{a}
and
2) put e mark in m{CHAR} in the end of the line

When you have marked a with start of line and e with end of line
type
3) :’a,’e s/^/# /

You can also use line numbers,
1 to $ ($ is the last line)
solitary % for everyline
. or blank for the current line.
To illustrate the “blank”, these two commands do the same thing:

:,$ s/^/# /
:.,$ s/^/# /

Recompiling SSH (New version) Centos 5.x 6.0

Recompiling SSHD in Centos. Using the same bind directory
I have shown little sample here with openssh 6.0p1 on centos 5.6 (tested).

Problems faced and solution :

root@ashishnepal ssh]# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: /etc/ssh/sshd_config line 22: Unsupported option GSSAPIAuthentication
/etc/ssh/sshd_config line 23: Unsupported option GSSAPICleanupCredentials
/etc/ssh/sshd_config line 25: Unsupported option UsePAM
[ OK ]

SCRIPT

#!/bin/bash

yum -y install libgssapi pam-devel

SOURCEDWN="http://www.mirrorservice.org/sites/ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.0p1.tar.gz"
SOURCELOCATION=/usr/local/src
CONFIGLOCATION=/etc/ssh/
FILE=openssh-6.0p1.tar.gz

cd $SOURCELOCATION && wget $SOURCEDWN && tar -zxvf $SOURCELOCATION/$FILE ;
echo `mkdir $CONFIGLOCATION/old ;
mv $CONFIGLOCATION/ssh* $CONFIGLOCATION/moduli $CONFIGLOCATION/old/serv` ;
cd /usr/local/src/openssh-6.0p1 &&
./configure --sysconfdir=/etc/ssh --bindir=/usr/bin/ --sbindir=/usr/sbin --with-pam --with-kerberos5 && make && make install;
cd /etc/ssh/;
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak && cat /etc/ssh/old/sshd_config | grep -v "^#" >> /etc/ssh/sshd_config;
echo `ssh -V`;
service sshd restart

Problem: However, script includes the below given problem if you skim through.

./configure --sysconfdir=/etc/ssh --bindir=/usr/bin/ --sbindir=/usr/sbin
make
make install

[root@ashishnepal ssh]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd: /etc/ssh/sshd_config line 22: Unsupported option GSSAPIAuthentication
/etc/ssh/sshd_config line 23: Unsupported option GSSAPICleanupCredentials
/etc/ssh/sshd_config line 25: Unsupported option UsePAM
                                                           [  OK  ]

if you need UsePAM yes and GSSAPIAuthentication Yes you should also config with pam and kerberos5 as given above.
inorder to make it usable you might need “yum install libgssapi pam-devel”

Solution: After installing libgssapi and pam-devel

./configure --sysconfdir=/etc/ssh --bindir=/usr/bin/ --sbindir=/usr/sbin --with-pam --with-kerberos5

track SSH traffic (bandwidth usage)

track SSH traffic (bandwidth usage)

I would use iptables owner module (perhaps together with other quota/reporting modules).
iptables -A OUTPUT -p tcp –dport 22 -m owner –uid someuser -j ACCEPT

iptables -vL

Enabling RDP and local login (Windows Server 2008)

Create a group policy
Add certain user.
Add user to remote desktop user

(This alone might not allow you to login remotely..)
If that prompts message enable , blah blah virtual terminal

Go to gpedit.msc
add remote login

tar.gz files into remote server

tar.gz files into remote server

tar czvf – /file/to_archive | ssh ashish.nepal@ashishnepal.com “cat > /home/ashish.nepal/backup.tar.gz”

You are using the default Asterisk Manager password that is widely known

You are using the default Asterisk Manager password that is widely known, you should set a secure password

Setting ¬ Advance Setting ¬ Asterisk Manager Password
(Change password and Apply configuration)

Page 1 of 2

Powered by WordPress & Theme by Anders Norén