Brigde -> [zakładka] Bridge -> [+] Name: bridge_vlan_100 [OK]
Brigde -> [zakładka] Ports -> [+] Interface: ether5 (ether6, ether7, ether8) Bridge: bridge_vlan_100 [OK]
Interfaces -> [zakładka] VLAN -> [+] Name: vlan_100 VLAN ID: 100 Interface: bridge_vlan_100 [OK]
IP -> Addresses -> [+] Address: 192.168.100.1/24 Network: 192.168.100.0 Interface: bridge_vlan_100 [OK]
IP -> Pool -> [+] Name: pool_vlan_100 Addresses: 192.168.100.150-192.168.100.200 [OK]
IP -> DHCP Server -> [zakładka] DHCP -> [+] Name: dhcp_vlan_100 Interface: bridge_vlan_100 Address Pool: pool_vlan_100 [OK]
IP -> DHCP Server -> [zakładka] Networks -> [+] Address: 192.168.100.0/24 Gateway: 192.168.100.1 DNS Servers: 8.8.8.8 [OK]
IP > DHCP Server > [+] > zakładka [Script]
Lease Script:
:local recipient "user@domain.com"
/ip dhcp-server lease
:if ($leaseBound = 1 && ([/ip dhcp-server lease find where dynamic mac-address=$leaseActMAC])) do={
:do {
:local dhcphostname $"lease-hostname"
:tool e-mail send to=$recipient subject="DHCP Address Alert [$leaseActIP] [$leaseActMAC] [$dhcphostname]" body="MAC address: [$leaseActMAC]\nIP address: [$leaseActIP]\nDHCP Server: [$leaseServerName]\nHostname: [$dhcphostname]"
#:log info "Sent DHCP alert for MAC $leaseActMAC"
} on-error={:log error "Failed to send alert email to $recipient"}}
Interfaces > [zakładka] Interfaces List > [Lists] > [+]
Name: allow_winbox > [OK]
Interfaces > [zakładka] Interfaces List > [+]
List: allow_winbox Interface: ether2
[OK]
Teraz ustawiamy listę adresów z której będzie można wyszukiwać winboxa.
IP ->Neighbors -> [Discovery Settings]
Interface: [ ] allow winbox [OK]
Teraz wyszukiwanie przez winboxa będzie dostępne tylko z interfejsu ether2.
Z ether1-WAN nikt nie wyszuka.
Można jeszcze dodać blokowanie portu winbox 8291 na interfejsie ether1-WAN żeby nikt z zewnątrz się nie podłączył.
IP > Firewall > [zakładka] Filter Rules > [+]
[zakładka] General
Chain: input Protocol: 6 (tcp) Dst. Port: 8291 In. Interface: ether1-WAN [zakładka] Action Action: drop [OK]
Skrypt do zrzucania logów do pliku + wysyłanie ich na maila i FTP
System -> Scripts -> [+]
Name = "Logs_backup"
Source
# months array
:local months ("jan","feb","mar","apr","may","jun","jul","aug","sep","oct","nov","dec");
# get time
:local ts [/system clock get time]
:set ts ([:pick $ts 0 2].[:pick $ts 3 5].[:pick $ts 6 8])
# get Date
:local ds [/system clock get date]
# convert name of month to number
:local month [ :pick $ds 0 3 ];
:local mm ([ :find $months $month -1 ] + 1);
:if ($mm < 10) do={ :set mm ("0" . $mm); }
# set $ds to format YYYY-MM-DD
:set ds ([:pick $ds 7 11] . $mm . [:pick $ds 4 6])
# file name for logs backup - servername-YYYYMMDD-HHMMSS_logs.txt
:local fname ([/system identity get name]."-".$ds."-".$ts."_logs.txt")
:local sfname ("/".$fname1)
# backup logs
/log print file=$sfname1
:log info message="Logs backup finished (1/1).";
# ftp server
:local ftphost "192.168.1.1"
:local ftpuser "ftp_user"
:local ftppassword "ftp_password"
:local ftppath "/folder/subfolder/"
# upload the system backup
:log info message="Uploading logs backup (1/1)."
/tool fetch address="$ftphost" src-path=$sfname1 user="$ftpuser" mode=ftp password="$ftppassword" dst-path="$ftppath/$fname" upload=yes
# delay time to finish the upload - increase it if your backup file is big
#:delay 30s;
:local mname ([/system identity get name]." - Backup logs - ".$ds)
:local mailTo "admin@domain.com"
:local emailbody ("Plik z backupem logow: ".$sfname1)
/tool e-mail send subject=$mname to=$mailTo body=$emailbody
Następnie należy dodać skrypt do Schedulera
System -> Scheduler -> [+]
Name = "Logs_backup" Interval ="1d 00:00:00" On Event /system script run Logs_backup
vim /etc/nftables.conf
...
table inet filter {
set blacklist-v4 {
type ipv4_addr
flags interval
auto-merge
elements = { 185.176.221.167, 81.30.158.0/24, 213.137.128.0/19 }
}
...
# accept traffic originated from us
ct state established,related accept
# drop ip form blacklist
ip saddr @blacklist-v4 drop
....
service nftables restart
https://forum.iredmail.org/topic16335-nftables-rule-no-ping-floods.html
vim /etc/fail2ban/jail.d/postfix.local
action = nftables-multiport[name=postfix, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
banned_db[name=postfix, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
sendmail[name=Postfix, dest=user@domain.com, sender=root]
service fail2ban restart
https://forum.iredmail.org/topic9644-fail2ban-blocked-ips.html
aptitude install msmtp
vim /etc/msmtprc
# Set default values for all following accounts. defaults auth on tls on # Account 1 account account1 host mail.domain.com port 587 from user@domain.com user user@domain.com password userpassword # Set a default account account default : account1 aliases /etc/aliases
vim /etc/aliases
root: root@domain.com username: username@domain.com
ln -s /usr/bin/msmtp /usr/sbin/sendmail
Test w CRON
crontab -e
* * * * * echo "A message from Cron"
albo
crontab -e
* * * * * /scripts/backup.sh 2>&1 | msmtp youremail@provider.com
iDRAC Settings -> Network -> Common Settins
Register iDRAC on DNS - check
DNS iDRAC Name - hostname
Static DNS Domain Name - domain.com
[Apply]
Server -> Alerts -> SNMP and Email Settings
SMTP (Email) Server Address Settings
SMTP (Email) Server IP Address or FQDN / DNS Name - mail.domain.com
Enable Authentication - check
Username - hostname@domain.com
Password - *****
SMTP Port Number - 587
[Apply]
aptitude install cifs-utils
mkdir /mnt/win_share
sudo mount -t cifs -o username=<win_share_user>,password=<win_share_password> //WIN_SHARE_IP/<share_name> /mnt/win_share -o vers=1.0
https://linuxize.com/post/how-to-mount-cifs-windows-share-on-linux/
vim /etc/ssh/sshd_config
Port 1234
vim /etc/nftables.conf
chain input {
...
tcp dport 1234 accept
...
}
services nftables restart services sshd restart
cd /root/iRedMail-1.3.1/tools/
bash create_mail_user_SQL.sh username@domain.com 'Test123' > username.sql
mysql -u dbuser -pdbpass -h localhost vmail < username.sql
zmień folder /var/vmail na taki jaki był wprowadzony przy instalacji
https://docs.iredmail.org/sql.create.mail.user.html
1. Installation.
https://imapsync.lamiral.info/INSTALL.d/INSTALL.Debian.txt
aptitude install libauthen-ntlm-perl libcgi-pm-perl libcrypt-openssl-rsa-perl libdata-uniqid-perl libencode-imaputf7-perl libfile-copy-recursive-perl libfile-tail-perl libio-socket-inet6-perl libio-socket-ssl-perl libio-tee-perl libhtml-parser-perl libjson-webtoken-perl libmail-imapclient-perl libparse-recdescent-perl libmodule-scandeps-perl libreadonly-perl libregexp-common-perl libsys-meminfo-perl libterm-readkey-perl libtest-mockobject-perl libtest-pod-perl libunicode-string-perl liburi-perl libwww-perl libtest-nowarnings-perl libtest-deep-perl libtest-warn-perl make cpanminus
cd /home/username/
wget -c https://imapsync.lamiral.info/dist2/imapsync-1.977.tgz
tar -xf imapsync-1.977.tgz
cd imapsync-1.977
2. Usage
https://imapsync.lamiral.info/#DOC_BASIC_UNIX
User login
./imapsync --host1 mail.host.pl --user1 user1@host.pl --password1 "sicret_pass" --host2 mail.host2.pl --user2 user1@host2.pl --password2 "sicret_pass2"
Master User login
./imapsync --host1 mail.host.pl --user1 "user1@host.pl*masteruser_login" --password1 "masteruser_pass" --host2 mail.host2.pl --user2 "user1@host2.pl*masteruser2_login" --password2 "masteruser_pass2"
3. Import credentials from CSV
vim sync_loop_unix.sh
echo Looping on account credentials found in file.txt
echo
{ while IFS=';' read h1 u1 p1 h2 u2 p2 fake
do
{ echo "$h1" | tr -d '\r' | egrep '^#|^ *$' ; } > /dev/null && continue # this skip commented lines in file.txt
echo "==== Starting imapsync from host1 $h1 user1 $u1 to host2 $h2 user2 $u2 ===="
./imapsync --notls1 --host1 "$h1" --user1 "$u1" --password1 "$p1" \
--host2 "$h2" --user2 "$u2" --password2 "$p2" \
"$@"
echo "==== Ended imapsync from host1 $h1 user1 $u1 to host2 $h2 user2 $u2 ===="
echo
done
} < file.txt
vim file.txt
mail.host.pl;user1@host.pl*masteruser_login;masteruser_pass;mail.host2.p;user1@host2.pl*masteruser2_login;masteruser_pass2 mail.host.pl;user2@host.pl*masteruser_login;masteruser_pass;mail.host2.p;user2@host2.pl*masteruser2_login;masteruser_pass2
chmod +x sync_loop_unix.sh
./sync_loop_unix.sh
https://imapsync.lamiral.info/examples/sync_loop_unix.sh
vim /etc/dovecot/dovecot.conf
auth_master_user_separator = *
passdb {
driver = passwd-file
args = /etc/dovecot/dovecot-master-users
master = yes
}
doveadm pw -s SSHA512
Enter new password:
Retype new password:
{SSHA512}HuxqgaziXpd4pQo17w/De1Opw7fhP6YLFpIBPpzR8AtZPjeEY2ahJruambrCM28CKb3rr4JC6zJbMHLDyjc6b
chmod +w /etc/dovecot/dovecot-master-users
vim /etc/dovecot/dovecot-master-users
username@domain.com:{SSHA512}HuxqgaziXpd4pQo17w/De1Op...
https://imapsync.lamiral.info/FAQ.d/FAQ.Dovecot.txt
https://doc.dovecot.org/configuration_manual/authentication/master_users/
https://doc.dovecot.org/configuration_manual/authentication/authentication_mechanisms/
https://docs.iredmail.org/dovecot.master.user.html
Dovecot 1.2.17
https://www.dovecot.org/list/dovecot/2015-October/102294.html
vim /usr/local/etc/dovecot.conf
passdb passwd-file {
args = /usr/local/etc/dovecot.passwd.masterusers
pass = yes
master = yes
}
vim /usr/local/etc/dovecot.passwd.masterusers
masteruser:{PLAIN}masterpassword cd /root/ wget -c https://domena.com/iRedAdmin-Pro-SQL-4.4.tar.bz2
tar xjf iRedAdmin-Pro-SQL-4.4.tar.bz2 cd iRedAdmin-Pro-SQL-4.4/tools/ bash upgrade_iredadmin.sh
Download latest release of CardDav plugin.
https://plugins.roundcube.net/#/packages/roundcube/carddav
https://packagist.org/packages/roundcube/carddav
https://github.com/blind-coder/rcmcarddav/releases
https://github.com/blind-coder/rcmcarddav/releases/download/v3.0.3/carddav-3.0.3.zip
cd /opt/www/roundcubemail/plugins/ wget -c https://github.com/blind-coder/rcmcarddav/releases/download/v3.0.3/carddav-3.0.3.zip unzip carddav-3.0.3.zip cd carddav cp config.inc.php.dist config.inc.php
vim /opt/www/roundcubemail/config/config.inc.php
// PLUGINS
$config['plugins'] = array('managesieve', 'password','carddav'); https://forum.iredmail.org/topic17082-internal-server-error-iredadmin.html
https://docs.iredmail.org/upgrade.iredapd.html
Apps\AIDA_ETC\AIDA64_Engineer\aida64.exe /RMREPORT >> Report_ETC_%COMPUTERNAME%_%DATE%.html
sudo aptitude install conky
wget -O /home/pi/.conkyrc https://blog.cssoft.pl/images/conkyrc.txt
sudo vim /usr/bin/conky.sh
#!/bin/sh (sleep 4s && conky) & exit 0
sudo vim /etc/xdg/autostart/conky.desktop
[Desktop Entry] Name=conky Type=Application Exec=sh /usr/bin/conky.sh Terminal=false Comment=system monitoring tool.Categories=Utility;
sudo reboot
https://html.dynu.net/index.php/installing-conky-linux/
How to add weather info
sudo vim /home/pi/.conkyrc
${font Dejavu Sans Mono:size=8}${alignc}${color green}${execpi 300 curl wttr.in/Warsaw?T0 --silent --max-time 3}
https://askubuntu.com/questions/1190907/how-can-i-get-conky-to-display-weather