Today I will delete the account on Tagged.com
Continue reading “How to delete an account at Tagged.com”Author Archives: Vyacheslav
Hiding the site name in the phpBB header
Did somehow a great logo in the header of the forum phpBB and of course the name of the site and the description was imposed on it and prevented.
To hide the site name and description in the directory of the active theme (style), find the file /style/stylename/template/overall_header.html
Open it in a text editor and find the following two lines in it:
<h1>{SITENAME}</h1>
<p>{SITE_DESCRIPTION}</p>
Just they are responsible for displaying the site name and description in the forum header, we will not delete them, they will come in handy, but simply comment:
<!-- <h1>{SITENAME}</h1>
<p>{SITE_DESCRIPTION}</p> -->
After that, clear the forum cache by clicking the button in the administrator’s pane.
Done.
Solution of Postfix error “mailbox_size_limit is smaller than message_size_limit”
I noticed somehow in the logs the following error:
postfix/local[32288]: fatal: main.cf configuration error: mailbox_size_limit is smaller than message_size_limit
And remembered that I recently increased the parameter message_size_limit in the configuration file /etc/postfix/main.cf, which specifies in bytes the maximum size of messages sent and received.
The error occurs because the value of the message_size_limit parameter is greater than the value of mailbox_size_limit, and it should be the reverse, by the way virtual_mailbox_limit is not specified in the configuration file, apparently if it is not specified, then the standard value is 51200000, which in my case was less message_size_limit.
Let’s look at the value specified in the configuration file mailbox_size_limit and virtual_mailbox_limit (-d shows the standard value):
postconf -n | grep mailbox_size_limit postconf -d | grep mailbox_size_limit postconf -n | grep virtual_mailbox_limit postconf -d | grep virtual_mailbox_limit
Let’s look at the value of message_size_limit:
postconf -n | grep message_size_limit postconf -d | grep message_size_limit
Let’s manually specify the values mailbox_size_limit and virtual_mailbox_limit manually in /etc/postfix/main.cf so that they are greater than message_size_limit, or by adding the following commands to the file:
sudo postconf -e 'mailbox_size_limit = 102400000' sudo postconf -e 'virtual_mailbox_limit = 102400000'
Alternatively, you can disable the limit altogether by specifying 0:
postconf -e 'mailbox_size_limit = 0' postconf -e 'virtual_mailbox_limit = 0'
Restart Postfix to apply the changes:
sudo /etc/init.d/postfix restart
Done, the error should not be.
Configuring the D-Link DES-3028 Switch
Today, I configured the next switch D-Link DES-3028, the firmware was 2.94.B07.
And so, connect the console cable to the switch and add the vlan control (I have it 207, 25 port uplink):
create vlan core tag 207 config vlan core add tagged 25
Assign the switch IP address:
config ipif System vlan core ipaddress 192.168.1.2/24 state enable
Let’s specify the default route:
create iproute default 192.168.1.1 1
Add the admin account:
create account admin NAME
Add a client VLAN (I have it 226), specify PVID and remove the standard VLAN:
create vlan local_smart tag 226 config vlan local_smart add tagged 25 config vlan local_smart add untagged 1-24,26-28 disable gvrp config gvrp 1-28 state disable ingress_checking enable acceptable_frame admit_all pvid 226 config vlan default delete 1-28
Let’s configure protection against broadcast flooding:
config traffic trap both config traffic control 1-24,26-28 broadcast enable multicast disable unicast disable action drop threshold 64 countdown 5 time_interval 5
Let’s configure the loop protection:
enable loopdetect config loopdetect recover_timer 3000 config loopdetect interval 10 config loopdetect trap none config loopdetect port 1-24,26-28 state enabled config loopdetect port 25 state disabled
Let’s configure traffic segmentation, if it is necessary that users within the switchboard do not see each other:
config traffic_segmentation 1-24 forward_list 25 config traffic_segmentation 25 forward_list 1-24,26-28
Set up the time zone and time synchronization:
enable sntp config time_zone operator + hour 2 min 0 config sntp primary 192.168.1.1 secondary 0.0.0.0 poll-interval 7000
Let’s specify from what IP the access to WEB, telnet and SNMP of the switch is allowed:
create trusted_host 192.168.1.1 create trusted_host 192.168.5.20
Let’s configure the protection from DOS:
disable dos_prevention trap_log config dos_prevention dos_type land_attack action drop state enable config dos_prevention dos_type blat_attack action drop state enable config dos_prevention dos_type smurf_attack action drop state enable config dos_prevention dos_type tcp_null_scan action drop state enable config dos_prevention dos_type tcp_xmascan action drop state enable config dos_prevention dos_type tcp_synfin action drop state enable config dos_prevention dos_type tcp_syn_srcport_less_1024 action drop state disable
For IP-MAC-Port Binding functions, we allow IP 0.0.0.0 (under it Windows tries to get IP):
config address_binding ip_mac ports 1-28 state disable allow_zeroip enable forward_dhcppkt enable
Configuring SNMP:
delete snmp community public delete snmp community private delete snmp user initial create snmp community TEXT view CommunityView read_write create snmp community TEXT view CommunityView read_only config snmp system_name TEXT config snmp system_location TEXT config snmp system_contact TEXT
Let’s configure protection from third-party DHCP servers:
config filter dhcp_server ports 1-24,26-28 state enable config filter dhcp_server trap_log enable config filter dhcp_server illegal_server_log_suppress_duration 30min
From third-party DHCP servers can also be protected through ACL:
create access_profile ip udp src_port 0xFFFF profile_id 1 config access_profile profile_id 1 add access_id 1 ip udp src_port 67 port 25 permit config access_profile profile_id 1 add access_id 2 ip udp src_port 67 port 1-24,26-28 deny
We will configure protection against BPDU of garbage:
config bpdu_protection ports 1-24,26-28 mode drop
Turn on the function SAFEGUARD_ENGINE, so you can go to the switch at 100% CPU utilization:
config safeguard_engine state enable utilization rising 100 falling 95 trap_log enable mode fuzzy
Fine-Tuning FDB:
config fdb aging_time 300 config multicast port_filtering_mode 1-28 filter_unregistered_groups disable flood_fdb config flood_fdb log disable trap disable
Other small settings:
config serial_port baud_rate 9600 auto_logout 10_minutes enable password encryption config terminal_line default enable clipaging disable command logging enable password_recovery enable syslog config log_save_timing on_demand
Done.
Configuring the ZyXEL ES-2108 Switch
I recently configured the ZyXEL ES-2108 switch.
Standard IP 192.168.1.1, login – admin, password – 1234.
I will give below examples of commands.
Let’s review the current configuration:
show running-config show system-information
Now go to the configuration mode:
configure
Change the administrator password:
admin-password PASSWORD password PASSWORD
Turn on flood control and loop protection:
storm-control loopguard
Let’s configure the VLAN to manage and assign the IP (I have a 207 vlan tag, 1 – uplink port):
vlan 207 name core normal "" fixed 1 forbidden 2-8 untagged 2-8 ip address default-management 192.168.1.20 255.255.255.0 ip address default-gateway 192.168.1.1 exit
Let’s configure VLAN for users (comes without a tag):
vlan 226 name users normal "" fixed 1-8 untagged 1-8 exit
Configure the uplink port:
interface port-channel 1 pvid 226 vlan-trunking exit
Configure the other client ports:
interface port-channel 2-8 bmstorm-limit bmstorm-limit 128 loopguard pvid 226 exit
Set the time parameters:
time timezone 200 timesync server 192.168.1.1 timesync ntp
Configuring SNMP:
snmp-server set-community NAME snmp-server trap-community NAME snmp-server contact admin location LOCATION
Configure the logs:
syslog syslog type system syslog type interface syslog type switch syslog type aaa syslog type ip
Let’s specify which IPs are allowed to administer the switch:
remote-management 1 remote-management 2 remote-management 1 start-addr 192.168.1.1 end-addr 192.168.1.1 service telnet ftp http icmp snmp ssh https remote-management 2 start-addr 192.168.1.5 end-addr 192.168.1.5 service telnet ftp http icmp snmp ssh https
Exit the configuration mode:
exit
To view mac-addresses, use the command:
show mac address-table
Save the settings:
write memory
Done.
Configuring Fasttrack on Mikrotik
FastTrack accelerates the processing of packets, started working on firmware from 6.29.
Continue reading “Configuring Fasttrack on Mikrotik”How to enable PHP short tags?
It was necessary recently to include short PHP tags since the site code that I transferred to another server was written with their use.
By default, they are disabled.
For example, the usual tags look like this:
<?php code ?>
And short ones like this:
<? code ?>
To include short ones, you need to find the short_open_tag parameter in the php.ini configuration file and specify its value in On, for example:
short_open_tag=On
php.ini is usually located in the /etc/php5/directory, if cpanel is used, in /usr/local/lib/php.ini.
You need to reboot the web server to apply the change, in Ubuntu apache2 is rebooted with the command:
sudo service apache2 restart
How to change the SSH port in Ubuntu
On the test, I change the SSH port in Ubuntu Server 14.0.4 LTS and Ubuntu Server 16.0.4 LTS.
Open the SSH configuration for example in the nano text editor (in nano, press Ctrl+X to exit, y/n to save or cancel changes):
sudo nano /etc/ssh/sshd_config
Find the line “Port 22” and change it for example to “Port 58222“.
To apply the changes, restart ssh (on different systems it can reboot in different ways, so here is a list of possible commands):
sudo service ssh restart sudo /etc/init.d/ssh restart sudo /etc/init.d/sshd restart
After restarting SSH, it will be available on the new port, and the current session on the old one will remain active, so without disconnecting for testing, we will try to connect to the new port, if not, then the firewall is working in the system and you need to allow it in the system, for example in iptables this is done this way (where 58222 is our new port):
sudo iptables -A INPUT -p tcp --dport 58222 -j ACCEPT
You can allow iptables to connect to SSH only from the specified range of IP addresses:
sudo iptables -A INPUT -d 192.168.0.0/24 -p tcp --dport 58222 -j ACCEPT
If everything is ok, we connect through a new port and can delete the old iptables rule, for example:
sudo iptables -D INPUT -p tcp --dport 22 -j ACCEPT
An example of a command to connect from Linux to SSH on a non-standard port:
ssh -p 58222 user@192.168.0.2
View the system on which port and on what network interfaces SSH works like this:
netstat -tulpan | grep ssh
Solution of the error NMI watchdog: BUG: soft lockup – CPU#0 stuck for 23s!
I noticed several times that the server was crashing with Ubuntu Server installed on 14.04.01, after which only a hard reset with power outage helped.
Continue reading “Solution of the error NMI watchdog: BUG: soft lockup – CPU#0 stuck for 23s!”Install and use Partclone
Partclone — utility for cloning and restoring disk partitions.
Perform the installation of Partclone in Ubuntu:
sudo apt-get update sudo apt-get install partclone
Partclone can work with many file systems, when you start it through a point, you must specify the type of file system, for example:
partclone.btrfs (btrfs) partclone.ext2/ext3/ext4 (ext2, ext3, ext4) partclone.reiserfs (reiserfs 3.5) partclone.reiser4 (reiser 4) partclone.xfs (xfs) partclone.ufs (ufs/ufs2) partclone.jfs (jfs) partclone.hfs+/hfsplus (hfs plusfs) partclone.vmfs (vmfs) partclone.ntfs (ntfs) partclone.fat12/fat16/fat32 (fat12, fat16, fat32) partclone.exfat (exfat) partclone.minix (minix) partclone.f2fs (f2fs) partclone.nilfs2 (nilfs2)
Here are the possible startup options:
-s FILE, --source FILE
The data source specifies the file or partition to be cloned from or from which data will be restored.
-o FILE, --output FILE
The output file in which the data or partition to which data will be restored will be stored.
-O FILE, --overwrite FILE
Overwrite the file if it exists.
-c, --clone
Preservation
-r, --restore
Recovery
-b, --dev-to-dev
Copy from device to device mode
-l FILE, --logfile FILE
Path to the log file (default /var/log/partclone.log)
-R, --rescue
Continue after disk read errors
-C, --no_check
Do not check disk size and free space
-N, --ncurse
Ncurses text-based user interface
-X, --dialog
Output of messages in a dialogue format
-I, --ignore_fschk
Ignore file system check
--ignore_crc
Ignore crc errors
-F, --force
Forced mode
-f SECONDS, --UI-fresh SECONDS
Changing the interval
-z SIZE, --buffer_size SIZE
The size of the read / write buffer (default: 1048576)
-q, --quiet
Quiet mode, information about the execution process will not be displayed
-dlevel, --debug level
Debug mode level 1/2/3
-h, --help
Display Help
-v, --version
Display the version of the program
I will give examples of running partclone.
First let’s see what drives in the system are used:
sudo fdisk -l | grep '/dev/'
Example of cloning a partition to a file:
sudo partclone.ext3 -c -d -s /dev/sda1 -o sda1.img
Example of cloning a partition into an archive:
sudo partclone.ext3 -c -d -s /dev/sda1 | gzip -c > /dev/sdb2/sda1.gz
Restoring the partition from the file:
sudo partclone.ext3 -r -d -s sda1.img -o /dev/sda1
Restoring the partition from the archive:
sudo gzip -d /dev/sdb2/sda1.gz | partclone.ext3 -d -r -o /dev/sda1
We clone the partition into the partition of another disk:
sudo partclone.ext3 -b -d -s /dev/sda1 -o /dev/sdb2