FressNAS 文章收集

LAB XenServer 6.2 + FreeNAS 9.1.1 ZFS iSCSI MPIO
http://ithelp.ithome.com.tw/question/10143327?tag=rss.qu

在Ubuntu Linux使用Open-iSCSI Initiator連接至iSCSI裝置
http://docs.qnap.com/nas/tc/index.html?connect_iscsi_targets_linux.htm

廣告

snort 筆記

參考這份文件

按一下以存取 Snort_Base_Minimal.pdf

mkdir /usr/local/src/snort

wget http://nchc.dl.sourceforge.net/sourceforge/adodb/adodb498.tgz
tar zxvf adodb498.tgz
wget http://nchc.dl.sourceforge.net/sourceforge/secureideas/base-1.3.9.tar.gz
cd /var/www/html
tar -zxvf base-1.3.9.tar.gz
mv base-1.3.9 base
cd /var/www/html/base
cp base_conf.php.dist base_conf.php

mailscanner.conf

%etc-dir% = /etc/MailScanner
%report-dir% = /etc/MailScanner/reports/en
%rules-dir% = /etc/MailScanner/rules
%mcp-dir% = /etc/MailScanner/mcp
Max Children = 10

Run As User = postfix

Run As Group = postfix

Queue Scan Interval = 3

Incoming Queue Dir = /var/spool/postfix/hold

Outgoing Queue Dir = /var/spool/postfix/incoming

Incoming Work Dir = /var/spool/MailScanner/incoming

Quarantine Dir = /var/spool/MailScanner/quarantine

PID file = /var/run/MailScanner/MailScanner.pid

Restart Every = 14400

MTA = postfix

Sendmail = /usr/sbin/sendmail

Sendmail2 = /usr/sbin/sendmail -DOUTGOING

Incoming Work User =
Incoming Work Group =
Incoming Work Permissions = 0600

Quarantine User =
Quarantine Group =

Quarantine Permissions = 0600

Max Unscanned Bytes Per Scan = 300m
Max Unsafe Bytes Per Scan = 150m
Max Unscanned Messages Per Scan = 2000
Max Unsafe Messages Per Scan = 2000

Max Normal Queue Size = 1600

Scan Messages = yes

Reject Message = no

Maximum Attachments Per Message = 200

Expand TNEF = yes

Use TNEF Contents = replace

Deliver Unparsable TNEF = no

TNEF Expander = /usr/bin/tnef –maxsize=100000000

TNEF Timeout = 120

File Command = /usr/bin/file

File Timeout = 20

Gunzip Command = /bin/gunzip

Gunzip Timeout = 50

Unrar Command = /usr/bin/unrar

Unrar Timeout = 50

Find UU-Encoded Files = no

Maximum Message Size = %rules-dir%/max.message.size.rules

Maximum Attachment Size = -1

Minimum Attachment Size = -1

Maximum Archive Depth = 0

Find Archives By Content = yes

#
# Virus Scanning and Vulnerability Testing
# —————————————-
#
Virus Scanning = no

Virus Scanners = none

Virus Scanner Timeout = 300

Deliver Disinfected Files = no

Silent Viruses = HTML-IFrame All-Viruses

Still Deliver Silent Viruses = no

Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar

Block Encrypted Messages = no

Block Unencrypted Messages = no

Allow Password-Protected Archives = no

#
# Options specific to Sophos Anti-Virus
# ————————————-
#

Monitors for ClamAV Updates = /var/lib/clamav/*.inc/* /var/lib/clamav/*.cvd

ClamAVmodule Maximum Recursion Level = 8

ClamAVmodule Maximum Files = 6800

ClamAVmodule Maximum File Size = 800000000 # (800 Mbytes)

ClamAVmodule Maximum Compression Ratio = 250

#
# Removing/Logging dangerous or potentially offensive content
# ———————————————————–
#

Dangerous Content Scanning = yes

Allow Partial Messages = no

Allow External Message Bodies = no

Find Phishing Fraud = yes

Also Find Numeric Phishing = yes

Use Stricter Phishing Net = yes

Highlight Phishing Fraud = yes

Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf

Country Sub-Domains List = %etc-dir%/country.domains.conf

Allow IFrame Tags = disarm

Allow Form Tags = disarm

Allow Script Tags = disarm

Allow WebBugs = disarm

Ignored Web Bug Filenames =

Web Bug Replacement = http://www.mailscanner.info/images/1x1spacer.gif

Allow Object Codebase Tags = disarm

Convert Dangerous HTML To Text = no

Convert HTML To Text = no

#
# Attachment Filename Checking
# —————————-
#

Allow Filenames =

Deny Filenames =

Filename Rules = %etc-dir%/filename.rules.conf

Allow Filetypes =

Filetype Rules = %etc-dir%/filetype.rules.conf

#
# Reports and Responses
# ———————
#

Quarantine Infections = yes

Quarantine Silent Viruses = no

Quarantine Modified Body = no

Quarantine Whole Message = no

Quarantine Whole Messages As Queue Files = no

Keep Spam And MCP Archive Clean = no

Language Strings = %report-dir%/languages.conf

Rejection Report = %report-dir%/rejection.report.txt

Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt
Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt
Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt
Deleted Size Message Report = %report-dir%/deleted.size.message.txt

Stored Bad Content Message Report = %report-dir%/stored.content.message.txt
Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt
Stored Virus Message Report = %report-dir%/stored.virus.message.txt
Stored Size Message Report = %report-dir%/stored.size.message.txt

Disinfected Report = %report-dir%/disinfected.report.txt

Inline HTML Signature = %report-dir%/inline.sig.html
Inline Text Signature = %report-dir%/inline.sig.txt

Inline HTML Warning = %report-dir%/inline.warning.html
Inline Text Warning = %report-dir%/inline.warning.txt

Sender Content Report = %report-dir%/sender.content.report.txt
Sender Error Report = %report-dir%/sender.error.report.txt
Sender Bad Filename Report = %report-dir%/sender.filename.report.txt
Sender Virus Report = %report-dir%/sender.virus.report.txt
Sender Size Report = %report-dir%/sender.size.report.txt

Hide Incoming Work Dir = yes

Include Scanner Name In Reports = yes

Mail Header = X-%org-name%-MailScanner:

Spam Header = X-%org-name%-MailScanner-SpamCheck:

Spam Score Header = X-%org-name%-MailScanner-SpamScore:

Add Envelope From Header = yes

Add Envelope To Header = no

Envelope From Header = X-%org-name%-MailScanner-From:

Envelope To Header = X-%org-name%-MailScanner-To:

Spam Score Character = s

SpamScore Number Instead Of Stars = no

Minimum Stars If On Spam List = 0

Clean Header Value = Found to be clean
Infected Header Value = Found to be infected
Disinfected Header Value = Disinfected

Information Header Value = Please contact the ISP for more information

Detailed Spam Report = yes

Include Scores In SpamAssassin Report = yes

Always Include SpamAssassin Report = yes

Multiple Headers = append

Hostname = the %org-name% ($HOSTNAME) MailScanner

Sign Messages Already Processed = no

Sign Clean Messages = yes

Mark Infected Messages = yes

Mark Unscanned Messages = yes

Unscanned Header Value = Not scanned: please contact your Internet E-Mail Service Provider for details

Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2:

Deliver Cleaned Messages = yes

#
# Notifications back to the senders of blocked messages
# —————————————————–
#

Notify Senders = no

Notify Senders Of Viruses = no

Notify Senders Of Blocked Filenames Or Filetypes = yes

Notify Senders Of Other Blocked Content = yes

Never Notify Senders Of Precedence = list bulk

#
# Changes to the Subject: line
# —————————-
#

Scanned Subject Text = {Scanned}

Virus Modify Subject = yes

Virus Subject Text = {Virus?}

Filename Modify Subject = yes

Filename Subject Text = {Filename?}

Content Modify Subject = yes

Content Subject Text = {Dangerous Content?}

Size Modify Subject = yes

Size Subject Text = {Size}

Disarmed Modify Subject = yes

Disarmed Subject Text = {Disarmed}

Phishing Modify Subject = no

Phishing Subject Text = {Fraud?}

Spam Modify Subject = yes

Spam Subject Text = {Spam?}

High Scoring Spam Modify Subject = yes

High Scoring Spam Subject Text = {Spam?}

#
# Changes to the Message Body
# —————————
#

Warning Is Attachment = yes

Attachment Warning Filename = %org-name%-Attachment-Warning.txt

Attachment Encoding Charset = ISO-8859-1

#
# Mail Archiving and Monitoring
# —————————–
#

Archive Mail =

#
# Notices to System Administrators
# ——————————–
#

Send Notices = yes

Notices Include Full Headers = yes

Hide Incoming Work Dir in Notices = no

Notice Signature = — \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info

Notices From = MailScanner

Notices To = postmaster

Local Postmaster = postmaster

#
# Spam Detection and Virus Scanner Definitions
# ——————————————–
#

Spam List Definitions = %etc-dir%/spam.lists.conf

Virus Scanner Definitions = %etc-dir%/virus.scanners.conf

#
# Spam Detection and Spam Lists (DNS blocklists)
# ———————————————-
#

Spam Checks = yes

Spam List = # # ORDB-RBL SBL+XBL # You can un-comment this to enable them

Spam Domain List =

Spam Lists To Be Spam = 1

Spam Lists To Reach High Score = 3

Spam List Timeout = 10

Max Spam List Timeouts = 7

Spam List Timeouts History = 10

Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules

Is Definitely Spam = no

Definite Spam Is High Scoring = no

Ignore Spam Whitelist If Recipients Exceed = 20

#
# SpamAssassin
# ————
#
Use SpamAssassin = yes

Max SpamAssassin Size = 30000
.
Required SpamAssassin Score = 6.3

High SpamAssassin Score = 10

SpamAssassin Auto Whitelist = yes
.
SpamAssassin Timeout = 30

Max SpamAssassin Timeouts = 10

SpamAssassin Timeouts History = 30

Check SpamAssassin If On Spam List = yes

Spam Score = yes

Cache SpamAssassin Results = yes

SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db

Rebuild Bayes Every = 0

Wait During Bayes Rebuild = no

#
# Custom Spam Scanner Plugin
# ————————–
#
Use Custom Spam Scanner = no

Max Custom Spam Scanner Size = 20k

Custom Spam Scanner Timeout = 20

Max Custom Spam Scanner Timeouts = 10

Custom Spam Scanner Timeout History = 20

#
# What to do with spam
# ——————–
#

Spam Actions = deliver header “X-Spam-Flag: Yes"

High Scoring Spam Actions = deliver header “X-Spam-Flag: Yes"

Non Spam Actions = deliver header “X-Spam-Flag: No"

Sender Spam Report = %report-dir%/sender.spam.report.txt
Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt
Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt

Inline Spam Warning = %report-dir%/inline.spam.warning.txt

Recipient Spam Report = %report-dir%/recipient.spam.report.txt

Enable Spam Bounce = %rules-dir%/bounce.rules

Bounce Spam As Attachment = no

#
# Logging
# ——-
#

Syslog Facility = mail

Log Speed = yes

Log Spam = no

Log Non Spam = no

Log Permitted Filenames = no

Log Permitted Filetypes = no

Log Silent Viruses = no

Log Dangerous HTML Tags = no

#
# Advanced SpamAssassin Settings
# ——————————
#
# If you are using Postfix you may well need to use some of the settings
# below, as the home directory for the “postfix" user cannot be written
# to by the “postfix" user.
# You may also need to use these if you have installed SpamAssassin
# somewhere other than the default location.
#

SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
#SpamAssassin User State Dir = /var/lib/MailScanner

SpamAssassin Install Prefix = /usr/bin

SpamAssassin Site Rules Dir = /etc/mail/spamassassin

SpamAssassin Local Rules Dir =

SpamAssassin Local State Dir = # /var/lib

SpamAssassin Default Rules Dir =

#
# MCP (Message Content Protection)
# —————————–
#
# This scans text and HTML messages segments for any banned text, using
# a 2nd copy of SpamAssassin to provide the searching abilities.
# This 2nd copy has its own entire set of rules, preferences and settings.
# When used together with the patches for SpamAssassin, it can also check
# the content of attachments such as office documents.
#
# See http://www.mailscanner.info/mcp.html for more info.
#

MCP Checks = no

First Check = mcp

# The rest of these options are clones of the equivalent spam options
MCP Required SpamAssassin Score = 1
MCP High SpamAssassin Score = 10
MCP Error Score = 1

MCP Header = X-%org-name%-MailScanner-MCPCheck:
Non MCP Actions = deliver
MCP Actions = deliver
High Scoring MCP Actions = deliver
Bounce MCP As Attachment = no

MCP Modify Subject = yes
MCP Subject Text = {MCP?}
High Scoring MCP Modify Subject = yes
High Scoring MCP Subject Text = {MCP?}

Is Definitely MCP = no
Is Definitely Not MCP = no
Definite MCP Is High Scoring = no
Always Include MCP Report = no
Detailed MCP Report = yes
Include Scores In MCP Report = no
Log MCP = no

MCP Max SpamAssassin Timeouts = 20
MCP Max SpamAssassin Size = 100k
MCP SpamAssassin Timeout = 10

MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
MCP SpamAssassin User State Dir =
MCP SpamAssassin Local Rules Dir = %mcp-dir%
MCP SpamAssassin Default Rules Dir = %mcp-dir%
MCP SpamAssassin Install Prefix = %mcp-dir%
Recipient MCP Report = %report-dir%/recipient.mcp.report.txt
Sender MCP Report = %report-dir%/sender.mcp.report.txt

#
# Advanced Settings
# —————–
#
# Don’t bother changing anything below this unless you really know
# what you are doing, or else if MailScanner has complained about
# your “Minimum Code Status" setting.
#

Use Default Rules With Multiple Recipients = no

Spam Score Number Format = %d

MailScanner Version Number = 4.55.10

SpamAssassin Cache Timings = 1800,300,10800,172800,600

Debug = no

Debug SpamAssassin = no

Run In Foreground = no

Always Looked Up Last = no

Always Looked Up Last After Batch = no

Deliver In Background = yes

Delivery Method = batch

Split Exim Spool = no

Lockfile Dir = /var/lock/subsys/MailScanner

Custom Functions Dir = /etc/MailScanner/CustomFunctions

Lock Type =

Minimum Code Status = supported

VirtualBox – Install , Migrate

1. download Virtual box for ubuntu 10.10 (maverick)

https://www.virtualbox.org/wiki/Downloads

wget http://download.virtualbox.org/virtualbox/4.1.18/virtualbox-4.1_4.1.18-78361~Ubuntu~maverick_amd64.deb

wget http://download.virtualbox.org/virtualbox/4.1.18/Oracle_VM_VirtualBox_Extension_Pack-4.1.18-78361.vbox-extpack

VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-4.1.18-78361.vbox-extpack

VBoxManage extpack install –replace Oracle_VM_VirtualBox_Extension_Pack-4.1.18-78361.vbox-extpack

2. Cover Image from Vmware ESX to VirtualBox

VBoxManage clonehd server1.mdk server.vdi


samba 認不到 AD 帳號處理方式

1. 停掉 samba winbind
/etc/init.d/smb stop
/etc/init.d/winbind stop

2. 清掉 samba database
rm -fr /var/cache/samba/*.tdb

3. 重起 samba / winbind

/etc/init.d/smb start
/etc/init.d/winbind start

測試抓帳號
wbinfo -t
wbinfo -g
wbinfo -u

如果不行就要重新 join 了

4. 請 User 確認
a. 電腦時間是對的 要和 AD Server 一致
b. 請 Users 中斷無法連線的網路磁碟
c. 重新開新的檔案總管測試

Join AD Samba FC9

如果 Fedora9  的  Samba 無法 join AD 成功

意思是說檢查所有步驟都對, 但一直說

ex. “kerberos_kinit_password server01$@company.com.tw failed: cannot find kdc for requested realm dns update failed"

請移除舊版 samba 並更新為 3.2.11-0.28 版本

http://archives.fedoraproject.org/pub/archive/fedora/linux/updates/9/i386.newkey/

libsmbclient-3.2.11-0.28.fc9.i386.rpm
libtdb-1.1.1-28.fc9.i386.rpm
samba-3.2.11-0.28.fc9.i386.rpm
samba-client-3.2.11-0.28.fc9.i386.rpm
samba-common-3.2.11-0.28.fc9.i386.rpm
samba-winbind-3.2.11-0.28.fc9.i386.rpm

一些 web ok list, 避免 proxy log 過大

由於 proxy 有做認証控管,如果一些程式不支援認証 proxy 就會塞滿一堆被 deny 的 log

以下為目前看到的清單
crl.adobe.com
ex. http://crl.adobe.com/aum.crl

liveupdate.symantecliveupdate.com
ex http://liveupdate.symantecliveupdate.com/liveupdate_3.3.0.69_chinese_livetri.zip

java.sun.com
ex http://java.sun.com/update/1.6.0/map-1.6.0.xml
http://java.sun.com/update/1.6.0/1.6.0_12-b04.xml

swupmf.adobe.com
ex. http://swupmf.adobe.com/manifest/50/win/reader8rdr-en_US.upd
http://swupmf.adobe.com/manifest/50/win/AdobeUpdater.upd

Connect 方式
desktop2.google.com:443

lighttpd 無法啟動 (network.c.345) can’t bind to port: :: 80 Address already in use

第一次看到這個錯誤 有點傻眼
因為下 netstat -an | grep LIST 並沒有出現 port 80 被占住
如果有會出現 “tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN"

後來想到 有可能重新開機時 lighttpd 並沒有成功關閉
所以就去看 /var/run/lighttpd.pid 是否存在 是的! 有

殺掉後 就可以成功啟動囉~~

tcsh 自動設 DISPLAY 方法

工作上,常常需要登入到不同的機器然後將 Display 傳回自身的機器
把下面這段加入 .cshrc or .tcshrc 就可以自動幫你設 DISPLAY

if( $?REMOTEHOST && ! $?DISPLAY ) then

setenv DISPLAY ${REMOTEHOST}:0

endif

Vmware ESXi 開啓 ssh

在 ESXi 終端機前按alt+f1, 輸入 unsupported,完成後會出現需要輸入密碼的顯示。

輸入密碼後進入,輸 入vi /etc/inetd.conf 將 ssh 前方的 # 取消。

ps | grep inetd

kill -HUP