How to compile latest version of bind in Centos 7

We want to add latest version of bind in Centos 7.

First Step.  Install builds require the GeoIP, python-argparse and python-ply packages, available from the epel repositories.

# yum install openssl-devel libcap-devel libidn-devel krb5-devel  krb5-devel docbook-style-xsl GeoIP-devel python-ply perl-Net-DNS-Nameserver fstrm-devel

Now we have to download source rpm of new bind.

# wget http://www.five-ten-sg.com/util/bind-9.11.1-0.1.el6.src.rpm

This version contains two patches for Python 2.4 compatibility required to run on Centos 5. It can be built via:

 EL5:
rpmbuild --rebuild --define 'dist .el5' \
bind-9.11.1-0.1.el6.src.rpm

EL6:
rpmbuild --rebuild --define 'dist .el6' \
bind-9.11.1-0.1.el6.src.rpm

EL7:
rpmbuild --rebuild --define 'dist .el7' \
bind-9.11.1-0.1.el6.src.rpm

And now you have to wait few hours to compile new rpm.

Enjoy!
Source: http://www.five-ten-sg.com/mapper/bind

How to upgrade OpenSSL on Centos 7

We make update to last OpenSSL, now we have latest varsion intalled with yum.

[root@mail src]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

But we want to update to openssl-1.0.2k. We have to compile OpenSSL.

# cd /usr/local/src
# wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
# tar -zxf openssl-1.0.2-latest.tar.gz

To manually compile OpenSSL and install/upgrade OpenSSL, do as follows:

# cd openssl-1.0.2k
# ./config
# make
# make test
# make install

We now copy older version on other path.

# mv /usr/bin/openssl  /usr/bin/openssl-1.0.1e
# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

Now verify the OpenSSL version:

# openssl version
OpenSSL 1.0.2k  26 Jan 2017

Enjoy !
Source: https://syslint.com/blog/tutorial/how-to-upgrade-openssl-on-centos-7-or-rhel-7/

How to setup “Response Policy Zone” in Bind 9.

Hello,
Today we show how to setup Response Policy Zone for bind. This works for bind 9.8.0 an newer.

# vim /etc/named.conf

and add this line:

 response-policy { zone "rpz.ceae.info"; };

now we have to declare zone

# vim /etc/named.rfc1912.zones

add

 ## RPZ Ceae Zone ##
zone "rpz.ceae.info" IN {
        type master;
        file "rpz.db";
        allow-query { any; };
};

Now we have to create rpz.db

# vim /var/named/rpz.db

and add

$TTL 1D
@       IN SOA  rpz.ceae.info. root.ceae.info. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
@       IN      NS      rpz.ceae.info.
@       IN      A       82.16.185.188

facebook.com    IN      CNAME   redirected.ceae.info.
www.facebook.com        IN      CNAME   redirected.ceae.info.
ro-ro.facebook.com      IN      CNAME   redirected.ceae.info.
twitter.com     IN      CNAME   redirected.ceae.info.
www.twitter.com IN      CNAME   redirected.ceae.info.
www.linkedin.com        IN      CNAME   redirected.ceae.info.
linkedin.com    IN      CNAME   redirected.ceae.info.

And now restart service

systemctl restart named

Info: http://www.zytrax.com/books/dns/ch7/rpz.html

How to setup bind9 on Debian 8

This tutorial explains how to setup a DNS server using Bind9 on Debian 8.

# apt update && apt-get install bind9 bind9utils resolvconf
# apt install dnsutils

Start BIND on boot:

# systemctl enable bind9

Backup current Bind9 settings and edit file.

# cp /etc/bind/named.conf.options /etc/bind/named.conf.options.orig
# vim /etc/bind/named.conf.options

And add:

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { none; };
        statistics-file "/var/cache/bind/named.stats";
        rrset-order {order cyclic;};
        allow-transfer { your-nameserver-sec; };

        # Disable built-in server information zones.
        version none;
        hostname none;
        server-id none;

        # Maximum number of simultaneous client TCP connections to accept.
        tcp-clients 50;

        # Attempt to do all the work required to answer the query.
        recursion yes;
        recursive-clients 500;
        allow-recursion { your-network-client; };
        allow-query { any; };
};

logging {
        channel b_query {
                file "/var/log/bind9/query.log" versions 2 size 1m;
                print-time yes;
                severity info;
        };
        category queries { b_query; };
};

Create the log directory for Bind9.

# mkdir /var/log/bind9
# chown bind. /var/log/bind9

Edit vim /etc/bind/named.conf to add your domain zone file location.

 zone "your-domain.tld" {
        type master;
        file "/etc/bind/zones/db.your-domain.tld";
};

And now restart your nameserver:

# systemctl restart bind9
# systemctl status bind9

Enjoy!
Source: https://www.vultr.com/docs/setup-your-own-dns-server-on-debian-ubuntu

Configure BIND as a Catching-only DNS Server on Debian Wheezy

How to reset Unifi Controller from CLI on Debian / Ubuntu.

If you forget password to access unifi controller here you can find way to reset.

First thing generate a new hash password.

root@Debian-unifi:~# mkpasswd -m sha-512
Password:
$6$VnviByhb$y1RgT6vvxNpAAKOB9nnizR6zdAeGYTArQBiIyeSiPuaki49Lnfkh.DqdcPXISVacESE82aH96RqZtt85CfT8c1

Next step you have to log in MongoDB database and change it:

root@Debian-unifi:~# mongo –port 27117
MongoDB shell version: 2.4.10
connecting to: 127.0.0.1:27117/test
Welcome to the MongoDB shell.
For interactive help, type “help”.
For more comprehensive documentation, see
http://docs.mongodb.org/
Questions? Try the support group
http://groups.google.com/group/mongodb-user
Server has startup warnings:
Mon May 8 16:26:44.340 [initandlisten]
Mon May 8 16:26:44.340 [initandlisten] ** NOTE: This is a 32 bit MongoDB binary.
Mon May 8 16:26:44.340 [initandlisten] ** 32 bit builds are limited to less than 2GB of data (or less with –journal).
Mon May 8 16:26:44.340 [initandlisten] ** Note that journaling defaults to off for 32 bit and is currently off.
Mon May 8 16:26:44.341 [initandlisten] ** See http://dochub.mongodb.org/core/32bit
Mon May 8 16:26:44.341 [initandlisten]
> use ace
switched to db ace
> db.admin.update( { name: “admin” }, {$set: { x_shadow: “$6$VnviByhb$y1RgT6vvxNpAAKOB9nnizR6zdAeGYTArQBiIyeSiPuaki49Lnfkh.DqdcPXISVacESE82aH96RqZtt85CfT8c1” } } )
> exit
bye

And now you are ready to login with new password. Enjoy !

How to upgrade Postfixadmin from old version to new version.

Hello, we need now to upgrade from postfixadmin-2.3.5 to postfixadmin-3.0.2.

This document describes upgrading from an older PostfixAdmin version >= v1.5x on Centos Linux.

1: Backup the Database and file!

[root@mail html]# cp -p -R postfixadmin-2.3.5 postfixadmin-2.3.5-bkp
[root@mail html]# mysqldump -uroot -p –routines –single-transaction postfix > /root/work/postfix-sqldump.sql

2: Go to html directory

[root@mail html]# cd /var/www/html/

Get new archive

[root@mail html]# wget http://serverde.biotree.tk/postfixadmin-3.0.2.tar.gz

Unarchive new Postfix Admin

[root@mail html]# tar -zxvf postfixadmin-3.0.2.tar.gz

3: Change permissions

[root@mail html]# cd /var/www/html/postfixadmin-3.0.2
[root@mail postfixadmin-3.0.2]# find -type f -print0 | xargs -0 chmod 640
[root@mail postfixadmin-3.0.2]# find -type f -print0 | xargs -0 chown root:apache
[root@mail postfixadmin-3.0.2]# chown -R apache. templates_c/

( if your Apache runs as user “apache” )

4: Configure config.inc.php

Check the config.inc.php file. There you can specify settings that are relevant to your setup.

Comparing config.inc.php with your previous using “diff” might save you some time.

You can use a config.local.php file to contain your local settings. These will override any defined in config.inc.php – and save some time when upgrading to a new version of PostfixAdmin 😉

5: Run setup.php

Go to you apache vhost and change the path.

[root@mail html]# vim /etc/httpd/conf/httpd.conf

<VirtualHost 192.168.27.1>
ServerName mailadmin.ceae.info
ServerPath /postfixadmin-3.0.2
DocumentRoot /var/www/html/postfixadmin-3.0.2
CustomLog /var/log/httpd/postfixadmin_access.log combined
ErrorLog /var/log/httpd/postfixadmin_error.log
</VirtualHost>

Restart apache service:
[root@mail html]# service httpd restart

Now we run setup.php
I open a new tab in my browser and type http://mailadmin.ceae.info/setup.php

If it is ok you should see like this:

Postfix Admin Setup Checker

Running software:

  • PHP version 5.3.3
  • Apache

Checking for dependencies:

  • Magic Quotes: Disabled – OK
  • Depends on: presence config.inc.php – OK
  • Checking $CONF[‘configured’] – OK
  • Smarty template compile directory is writable – OK
  • Depends on: MySQL 3.23, 4.0 – OK
  • Depends on: MySQL 4.1 – OK
    (change the database_type to ‘mysqli’ in config.inc.php if you want to use MySQL)
  • Depends on: SQLite – OK
    (change the database_type to ‘sqlite’ in config.inc.php if you want to use SQLite)
  • Testing database connection – OK – mysql://postfix:xxxxx@localhost/postfix
  • Depends on: session – OK
  • Depends on: pcre – OK
  • Depends on: multibyte string – OK
  • Depends on: IMAP functions – OK

Everything seems fine… attempting to create/update database structure

Database is up to date

Since version 2.3, PostfixAdmin supports alias domains ($CONF[‘alias_domain’]).
If you want to use them, you have to add some queries to your postfix config – see POSTFIX_CONF for details.

This is all that is needed.

VirtualBox command line create Snapshot

Today we want to create a snapshot from command line interface on VirtualBox.
Let see the command sintax:

VBoxManage snapshot <uuid|vmname>
 take <name> [--description <desc>] [--live]
 [--uniquename Number,Timestamp,Space,Force] |
 delete <uuid|snapname> |
 restore <uuid|snapname> |
 restorecurrent |
 edit <uuid|snapname>|--current
 [--name <name>]
 [--description <desc>] |
 list [--details|--machinereadable]
 showvminfo <uuid|snapname>

Now we take a snapshot:

VBoxManage snapshot Team76 take snap-20170502-Team76

Team76 it is the name of  virtual machine ‘vmname’.
snap-20170502-Team76 it is the name of ‘snapname’.

If you get an error when you make  a snapshot your sistem will be shutdown.

Now we check if the snapshot is recorded:

vboxmanage showvminfo Team76

……………………….

Snapshots:

Name: snap-20170502-Team76 (UUID: f29f55a3-ff0a-4732-a287-c8399a73d2a5) *

In a future if you will need to revert back to the snapshot:

VBoxManage snapshot Team76 restore snap-20170502-Team76

If you need to detele old snapshot you have to write this:

VBoxManage snapshot Team76 delete snap-old-Team76