Jovan Stosic
Snort is a free open source network intrusion detection system (IDS) and intrusion prevention system (IPS) created in 1998 by Martin Roesch, founder and former CTO of Sourcefire. Snort is now developed by Cisco, which purchased Sourcefire in 2013.
In 2009, Snort entered InfoWorld‘s Open Source Hall of Fame as one of the “greatest [pieces of] open source software of all time”.
Jovan Stosic
Like Dovecot itself, the ManageSieve service always logs a detailed error message if something goes wrong at the server (refer to Dovecot Logging for more details): the logs are the first place to look if you suspect something is wrong. To get additional debug messages in your log file, you should set mail_debug=yes in dovecot.conf (inside protocol sieve {...} if you want to enable this for ManageSieve only).
If the client commits protocol violations or sends invalid scripts, an error response is provided to the client which is not necessarily logged on the server. A good ManageSieve client presents such error messages to the user.
Keep in mind that the the ManageSieve service only provides the Sieve protocol, which may be somewhat confusing. This protocol can only be used to upload Sieve scripts and activate them for execution. Performing the steps below therefore only verifies that this functionality is working and not whether Sieve scripts are correctly being executed upon delivery. The execution of Sieve scripts is performed by the Dovecot Local Delivery Agent (LDA) or its LMTP service using the LDA Sieve plugin. If you have problems with Sieve script execution upon delivery, you are referred to the Sieve Troubleshooting page.
If you fail to login or upload scripts to the server, it is not necessarily caused by Dovecot or your configuration. It is often best to test your ManageSieve server manually first. This also provides you with the direct error messages from the server without intermission of your client. If you do not use TLS, you can connect using a simple telnet or netcat connection to the configured port (typically 4190 or 2000 for older setups). Otherwise you must use a TLS-capable text protocol client like gnutls-cli as described below. Upon connection, the server presents the initial greeting with its capabilities:
"IMPLEMENTATION" "dovecot" "SASL" "PLAIN" "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify include envelope body relational regex subaddress copy" "STARTTLS" OK "Dovecot ready."
Note that the reported STARTTLS capability means that the server accepts TLS, but, since you are using telnet/netcat, you cannot use this (refer to Manual TLS Login below). The SASL capability lists the available SASL authentication mechanisms. If this list is empty and STARTTLS is available, it probably means that the server forces you to initiate TLS first (as dictated by ‘disable_plaintext_auth=yes‘ in dovecot.conf).
Now you need to log in. Although potentially multiple SASL mechanisms are available, only PLAIN is described here. Authentication is performed using the ManageSieve AUTHENTICATE command. This command typically looks as follows when the PLAIN mechanism is used:
AUTHENTICATE "PLAIN" "<base64-encoded credentials>"
The credentials are the base64-encoded version of the string "\0<username>\0<password" (in which \0 represents the ASCII NUL character). Generating this is cumbersome and a bit daunting for the novice user, so for convenience a simple Perl script is provided to generate the AUTHENTICATE command for you. It is available here and used as follows:
sieve-auth-command.pl <username> <password>
The command is written to stdout and you can paste this to your protocol session, e.g.:
AUTHENTICATE "PLAIN" "AHVzZXJuYW1lAHBhc3N3b3Jk" OK "Logged in."
Now that you are logged in, you can upload a script. This is done using the PUTSCRIPT command. Its first argument is the name for the script and its second argument is a string literal. A string literal starts with a length specification '{<bytes>+}' followed by a newline. Thereafter the server expects <bytes> bytes of script data. The following uploads a trivial 6 byte long sieve script that keeps every message (6th byte is the newline character):
PUTSCRIPT "hutsefluts" {6+}
keep;
OK "Putscript completed."
Upon successful upload, you should find a file called hutsefluts.sieve in your sieve_dir directory. The script should also be listed by the server as follows when the LISTSCRIPTS command is issued:
LISTSCRIPTS "hutsefluts" OK "Listscripts completed."
You can check whether your script is uploaded correctly by downloading it using the GETSCRIPT command. This command accepts the name of the downloaded script as its only parameter:
GETSCRIPT "hutsefluts"
{6}
keep;
OK "Getscript completed."
To let the Sieve plugin use your newly uploaded script, you must activate it using the SETACTIVE command (only one script can be active at any time). The active script is indicated ACTIVE in the LISTSCRIPTS output, e.g.:
SETACTIVE "hutsefluts" OK "Setactive completed." LISTSCRIPTS "hutsefluts" ACTIVE OK "Listscripts completed.
The symbolic link configured with the sieve setting should now point to the activated script in the sieve_dir directory. If no script is active, this symbolic link is absent.
When TLS needs to be used during manual testing, gnutls-cli provides the means to do so. This command-line utility is part of the GNUTLS distribution and on most systems this should be easy to install. It is used to connect to ManageSieve as follows:
gnutls-cli --starttls -p <port> <host>
This starts the client in plain text mode first. As shown in the previous section, the server presents a greeting with all capabilities of the server. If STARTTLS is listed, you can issue the STARTTLS command as follows:
STARTTLS OK "Begin TLS negotiation now."
If an OK response is given by the server you can press Ctrl-D to make gnutls-cli start the TLS negotiation. Upon pressing Ctrl-D, gnutls-cli will show information on the negotiated TLS session and finally the first response of the server is shown:
"IMPLEMENTATION" "dovecot" "SASL" "PLAIN" "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify include envelope body relational regex subaddress copy" OK "TLS negotiation successful."
Hereafter, you can continue to authenticate and upload a script as described in the previous section.
If manual efforts to upload a script are successful, but your client still fails, you need to obtain a view on what the client communicates with the server. A common method is to sniff the client protocol session using a tool like ngrep. However, this will not work when TLS is active. If the problem is not specific to TLS, you are advised to temporarily turn off TLS and sniff the plain text protocol. If TLS is part of the issue, you can use Dovecot’s rawlog facility to see what is going on if the client is logged in. If the authentication is the problem, there is no real nice way to obtain a transcript of the protocol. One way is to run managesieve from inetd, wrapping it into a script that writes the protocol messages somewhere (FIXME: This needs some checking and explanation). Alternatively, if possible, the client can be altered to write its protocol messages somewhere.
Refer to the ManageSieve Clients page for information on known client problems.
NOTE: If you add new issues to this list, notify the author or send an e-mail to the Dovecot mailing list. In any case, you must make sure that the issue is properly explained and that the author can contact you for more information.
Source: Pigeonhole/ManageSieve/Troubleshooting – Dovecot Wiki
Jovan Stosic
last updated in Categories Linux
I‘ve installed an usb image on Pen drive along with MBR. Now, I need to use this USB pen for other purpose. Is there a way in Linux to delete the mbr (just like dos fdisk /mbr command)?
You can delete the mbr (master boot recored) using the dd command itself. A master boot record (MBR) is the 512-byte boot sector that is the first sector of a partitioned data storage device of a hard disk.
The mbr size is as follows in bytes:
Where,446 + 64 + 2 = 512
WARNING! These examples may crash your computer if executed. The following command will completely delete your MBR including all your partition information. So make sure you use the correct device name and block size in bytes.Open a terminal and type the following command command to delete everything:
# dd if=/dev/zero of=/dev/sdc bs=512 count=1
Sample outputs:
1+0 records in 1+0 records out 512 bytes (512 B) copied, 0.00308483 s, 166 kB/s
Where,
The following command will erase mbr, but not your partitions:
# dd if=/dev/zero of=/dev/sdc bs=446 count=1
Where,
Jovan Stosic
c=$PWD
n=0
shopt -s dotglob
while IFS= read -r d ; do
CurrD[$n]=”$d”
echo ${CurrD[$n]}
n=$(($n+1))
done < <(find “$c” -name VIDEO_TS)
X=0;
while [ $X -lt $n ]; do
cd “${CurrD[$X]}”
echo $PWD
for f in *.VOB ; do ffmpeg -i “$f” -b:v 3000k -b:a 128k -tag:v DIVX “${f%.VOB}.avi”; done
X=$(($X + 1))
done
Jovan Stosic
1) Boot in Ubutu live cd and start gparted.
2) Shrink the source disk’s data partition (e.g. sdb2). From the free space create a new partition (e.g. sdb4).
3) On destination disk create sda1, sda2 and sda3 (swap) with same size and type as in original disk. From the free space create sda4 (smaller than sdb4).
4) Boot in Conezilla.
5) Chose beginer, disk to disk and copy partition to partition (sdb1 to sda1, sdb2 to sda2). Skip the sdb4.
Jovan Stosic
https://askubuntu.com/questions/395196/how-to-recover-the-root-password-on-ubuntu-server
Jovan Stosic
Source: 16.04 Command to list all services started on boot – Ask Ubuntu
Jovan Stosic
Ubuntu 16.04 has moved from using init to systemd. Thus, the concept of run-levels is replaced by the term targets. The advantages over choosing systemd is discussed in the article The Story Behind ‘init’ and ‘systemd’: Why ‘init’ Needed to be Replaced with ‘systemd’ in Linux . The seven run-levels of init can be mapped with the targets as:
| Run-levels | Targets |
| 0 | poweroff.target |
| 1 | rescue.target |
| 2,3,4 | multi-user.target |
| 5 | graphical.target |
| 6 | reboot.target |
To change the run-level non-GUI:
Source: Run-levels in Ubuntu 16.04 LTS – CodeChunk
Jovan Stosic
A modern computer operating system usually segregates virtual memory into kernel space and user space. Primarily, this separation serves to provide memory protection and hardware protection from malicious or errant software behaviour.
Kernel space is strictly reserved for running a privileged operating system kernel, kernel extensions, and most device drivers. In contrast, user space is the memory area where application software and some drivers execute.
Source: User space – Wikipedia
Jovan Stosic
https://askubuntu.com/questions/34802/convert-my-physical-operating-system-to-a-virtualbox-disk
Jovan Stosic
A reverse proxy or surrogate is a proxy server that is installed in a server network. Typically, reverse proxies are used in front of Web servers. All connections coming from the Internet addressed to one of the Web servers are routed through the proxy server, which may either deal with the request itself or pass the request wholly or partially to the main web servers.
http.conf
(snip) ProxyPass / http://10.1.1.24/ ProxyPassReverse / http://10.1.1.24/ ProxyPreserveHost On (snip) Include conf/http-ssl.conf
http-ssl.conf
(snip) ProxyPass / http://10.1.1.24/ ProxyPassReverse / http://10.1.1.24/ (snip)
<?php /// Moodle Configuration File unset($CFG); $CFG->dbtype = 'mysql'; $CFG->dbhost = 'localhost'; $CFG->dbname = 'moodle'; $CFG->dbuser = 'moodleuser'; $CFG->dbpass = 'XXXXXXXX'; $CFG->dbpersist = false; $CFG->prefix = 'mdl_'; $CFG->wwwroot = 'http://trainer.moodle.org'; $CFG->dirroot = '/var/www/moodle'; $CFG->dataroot = '/opt/moodle_data'; $CFG->admin = 'admin'; $CFG->directorypermissions = 00777; // try 02777 on a server in Safe Mode require_once("$CFG->dirroot/lib/setup.php"); // MAKE SURE WHEN YOU EDIT THIS FILE THAT THERE ARE NO SPACES, BLANK LINES, // RETURNS, OR ANYTHING ELSE AFTER THE TWO CHARACTERS ON THE NEXT LINE. ?>
Source: Reverse proxy frontend – MoodleDocs
Jovan Stosic
Source: How To Use Apache as a Reverse Proxy with mod_proxy on Ubuntu 16.04 | DigitalOcean