nano /etc/apt/sources.list
deb http://192.168.1.62:9999/debian/ lenny main contrib non-free
deb-src http://192.168.1.62:9999/debian/ lenny main contrib non-free
deb http://192.168.1.62:9999/security/ lenny/updates main contrib non-free
deb-src http://192.168.1.62:9999/security/ lenny/updates main contrib non-free
deb http://192.168.1.62:9999/debian-volatile/ lenny/volatile main contrib non-free
deb-src http://192.168.1.62:9999/debian-volatile/ lenny/volatile main contrib non-free
apt-get update
apt-get upgrade
apt-get install ntpdate
ntpdate server it.pool.ntp.org
nano /etc/hosts
127.0.0.1 localhost
192.168.1.72 debian.porkyhttp.no-ip.info debian
nano /etc/resolv.conf
search porkyhttp.no-ip.info
nameserver 151.99.0.100
apt-get install -y sysv-rc-conf mc build-essential patch gcc g++ pkg-config zip unzip arj file xpdf
apt-get install -y slapd ldap-utils db4.6-util
* Password dell'amministratore: pwdads31
* Conferma della password: pwdads31
dpkg-reconfigure slapd
Omit OpenLDAP server configuration? =>
Nome di dominio DNS => porkyhttp.no-ip.info
Organization Name => porkyHTTP Network
Administrator password => pwdads31
Confirm password => pwdads31
Database di Backend da usare =>
Do you want the database to be removed when slapd is purged? =>
Spostare il vecchio database =>
Allow LDAPv2 protocol? =>
slappasswd -h {MD5} -s pwdads31
{MD5}7ZsOHnxOEreEmZ7lTUiYWQ==
nano /etc/ldap/slapd.conf
rootdn "cn=admin,dc=porkyhttp,dc=no-ip,dc=info"
rootpw {MD5}7ZsOHnxOEreEmZ7lTUiYWQ==
nano /etc/nsswitch.conf
passwd: compat ldap
group: compat ldap
shadow: compat ldap
apt-get install -y libpam-ldap libnss-ldap
LDAP server Uniform Resource Identifier => ldap://localhost
Distinguished name of the search base: => dc=porkyhttp,dc=no-ip,dc=info
LDAP version to use: => <3>
LDAP account for root: => cn=admin,dc=porkyhttp,dc=no-ip,dc=info
LDAP root account password: => pwdads31
Make local root Database admin: =>
Does the LDAP database require login? =>
LDAP account for root: => cn=admin,dc=porkyhttp,dc=no-ip,dc=info
LDAP root account password: => pwdads31
nano /etc/ldap.conf
host 127.0.0.1
rootbinddn cn=admin,dc=porkyhttp,dc=no-ip,dc=info
base dc=porkyhttp,dc=no-ip,dc=info
cp /etc/ldap/ldap.conf /etc/ldap/ldap.conf.bak
cp /etc/ldap.conf /etc/ldap/ldap.conf
nano /etc/pam.d/common-auth
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
nano /etc/pam.d/common-account
account sufficient pam_unix.so
account sufficient pam_ldap.so
account required pam_deny.so
nano /etc/pam.d/common-password
password sufficient pam_unix.so nullok md5 shadow
password sufficient pam_ldap.so use_first_pass
password required pam_deny.so
nano /etc/pam.d/common-session
session required pam_limits.so
session required pam_mkhomedir.so skel=/etc/skel/
session required pam_unix.so
session optional pam_ldap.so
/etc/init.d/slapd restart
ldapsearch -x
# extended LDIF
#
# LDAPv3
# base (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# porkyhttp.no-ip.info
dn: dc=porkyhttp,dc=no-ip,dc=info
objectClass: top
objectClass: dcObject
objectClass: organization
o: porkyhttp.no-ip.info
dc: porkyhttp
# admin, porkyhttp.no-ip.info
dn: cn=admin,dc=porkyhttp,dc=no-ip,dc=info
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
apt-get install -y samba samba-doc smbclient smbldap-tools
ln -s /usr/sbin/smbldap-groupadd /bin/netgroupadd
ln -s /usr/sbin/smbldap-groupdel /bin/netgroupdel
ln -s /usr/sbin/smbldap-groupmod /bin/netgroupmod
ln -s /usr/sbin/smbldap-groupshow /bin/netgroupshow
ln -s /usr/sbin/smbldap-passwd /bin/netpasswd
ln -s /usr/sbin/smbldap-useradd /bin/netuseradd
ln -s /usr/sbin/smbldap-userdel /bin/netuserdel
ln -s /usr/sbin/smbldap-userlist /bin/netuserlist
ln -s /usr/sbin/smbldap-usermod /bin/netusermod
ln -s /usr/sbin/smbldap-usershow /bin/netusershow
cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz /etc/ldap/schema/
gzip -d /etc/ldap/schema/samba.schema.gz
nano /etc/ldap/slapd.conf
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/samba.schema
index objectClass eq,pres
index uid,uidNumber,gidNumber,memberUid eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uniqueMember eq,pres
index displayName pres,sub,eq
index loginShell eq,pres
index nisMapName,nisMapEntry eq,pres,sub
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaGroupType eq
index sambaSIDList eq
index default sub
access to attrs=userPassword,sambaNTPassword,sambaLMPassword
by dn="cn=admin,dc=porkyhttp,dc=no-ip,dc=info" write
by anonymous auth
by self write
by * none
access to dn.base=""
by self write
by * auth
access to *
by dn="cn=admin,dc=porkyhttp,dc=no-ip,dc=info" write
by * read
access to *
by * read
by anonymous auth
/etc/init.d/slapd restart
/etc/init.d/samba stop
mv /etc/samba/smb.conf /etc/smb.conf.backup
nano /etc/samba/smb.conf
[global]
unix charset = LOCALE
workgroup = CED
netbios name = DEBIAN
server string = %h PDC (%v)
interfaces = eth0, lo
bind interfaces only = Yes
enable privileges = yes
guest account = guest
domain logons = Yes
domain master = yes
preferred master = Yes
os level = 65
wins support = Yes
security = user
ldap suffix = dc=porkyhttp,dc=no-ip,dc=info
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=admin,dc=porkyhttp,dc=no-ip,dc=info
idmap backend = ldap:ldap://debian.porkyhttp.no-ip.info
idmap uid = 10000-20000
idmap gid = 10000-20000
ldap passwd sync = Yes
#ldap ssl = start tls
ldap ssl = no
net getlocalsid
SID for domain DEBIAN is: S-1-5-21-1731980009-2120170899-1490709503
cp /usr/share/doc/smbldap-tools/examples/smbldap.conf.gz /etc/smbldap-tools/
gzip -d /etc/smbldap-tools/smbldap.conf.gz
cp /usr/share/doc/smbldap-tools/examples/smbldap_bind.conf /etc/smbldap-tools/
nano /etc/smbldap-tools/smbldap.conf
SID="S-1-5-21-1731980009-2120170899-1490709503"
sambaDomain="CED"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
verify="require"
cafile="/etc/smbldap-tools/ca.pem"
clientcert="/etc/smbldap-tools/smbldap-tools.pem"
clientkey="/etc/smbldap-tools/smbldap-tools.key"
suffix="dc=porkyhttp,dc=no-ip,dc=info"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
scope="sub"
hash_encrypt="MD5"
crypt_salt_format="%s"
userLoginShell="/bin/false"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="CED Domain User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="90"
userSmbHome=""
userProfile=""
userHomeDrive="Z:"
userScript="%U.bat"
mailDomain="porkyhttp.no-ip.info"
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"
nano /etc/smbldap-tools/smbldap_bind.conf
slaveDN="cn=admin,dc=porkyhttp,dc=no-ip,dc=info"
slavePw="pwdads31"
masterDN="cn=admin,dc=porkyhttp,dc=no-ip,dc=info"
masterPw="pwdads31"
chmod 0644 /etc/smbldap-tools/smbldap.conf
chmod 0600 /etc/smbldap-tools/smbldap_bind.conf
smbpasswd -w pwdads31
Setting stored password for "cn=admin,dc=porkyhttp,dc=no-ip,dc=info" in secrets.tdb
/usr/sbin/smbldap-populate -a administrator -u 5001 -g 5001 -r 5001 -b guest -l 5000
Populating LDAP directory for domain CED (S-1-5-21-456450547-1779791942-1817822940)
(using builtin directory structure)
entry dc=porkyhttp,dc=no-ip,dc=info already exist.
adding new entry: ou=Users,dc=porkyhttp,dc=no-ip,dc=info
adding new entry: ou=Groups,dc=porkyhttp,dc=no-ip,dc=info
adding new entry: ou=Computers,dc=porkyhttp,dc=no-ip,dc=info
adding new entry: ou=Idmap,dc=porkyhttp,dc=no-ip,dc=info
adding new entry: uid=administrator,ou=Users,dc=porkyhttp,dc=no-ip,dc=info
adding new entry: uid=guest,ou=Users,dc=porkyhttp,dc=no-ip,dc=info
adding new entry: cn=Domain Admins,ou=Groups,dc=porkyhttp,dc=no-ip,dc=info
adding new entry: cn=Domain Users,ou=Groups,dc=porkyhttp,dc=no-ip,dc=info
adding new entry: cn=Domain Guests,ou=Groups,dc=porkyhttp,dc=no-ip,dc=info
adding new entry: cn=Domain Computers,ou=Groups,dc=porkyhttp,dc=no-ip,dc=info
adding new entry: cn=Administrators,ou=Groups,dc=porkyhttp,dc=no-ip,dc=info
adding new entry: cn=Account Operators,ou=Groups,dc=porkyhttp,dc=no-ip,dc=info
adding new entry: cn=Print Operators,ou=Groups,dc=porkyhttp,dc=no-ip,dc=info
adding new entry: cn=Backup Operators,ou=Groups,dc=porkyhttp,dc=no-ip,dc=info
adding new entry: cn=Replicators,ou=Groups,dc=porkyhttp,dc=no-ip,dc=info
adding new entry: sambaDomainName=CED,dc=porkyhttp,dc=no-ip,dc=info
Please provide a password for the domain administrator:
Changing UNIX and samba passwords for administrator
New password:
Retype new password:
netgroupadd -a Amministrazione
netgroupadd -a Direzione
netuseradd -a -m amministrazione1
netpasswd amministrazione1
netuseradd -a -m direzione1
netpasswd direzione1
getent passwd
[...]
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
openldap:x:104:106:OpenLDAP Server Account,,,:/var/lib/ldap:/bin/false
administrator:x:0:0:Netbios Domain Administrator:/home/administrator:/bin/false
guest:x:5000:65534:guest:/nonexistent:/bin/sh
amministrazione1:x:5001:513:CED Domain User:/home/amministrazione1:/bin/false
direzione1:x:5002:513:CED Domain User:/home/direzione1:/bin/false
netusermod -s /bin/bash amministrazione1
netgroupmod -m amministrazione1 Amministrazione
netgroupmod -m direzione1 Direzione
getent group
[...]
user:x:1000:
openldap:x:106:
sambashare:x:107:
Domain Admins:*:512:administrator
Domain Users:*:513:
Domain Guests:*:514:
Domain Computers:*:515:
Administrators:*:544:
Account Operators:*:548:
Print Operators:*:550:
Backup Operators:*:551:
Replicators:*:552:
Amministrazione:*:5001:amministrazione1
Direzione:*:5002:direzione1
mkdir -p /samba/public
mkdir -p /samba/public/amministrazione
mkdir -p /samba/public/direzione
mkdir -p /samba/public/comune
chmod 770 /samba/public/amministrazione
chgrp Amministrazione /samba/public/amministrazione
chmod 770 /samba/public/direzione
chgrp Direzione /samba/public/direzione
chmod 770 /samba/public/comune
chgrp "Domain Users" /samba/public/comune
chmod g+s /samba/public/amministrazione
chmod g+s /samba/public/direzione
chmod g+s /samba/public/comune
mkdir /samba/netlogon
mkdir /samba/profiles
chmod 777 /samba/profiles
ln -s /home /samba/home
mkdir /samba/apps
chmod 750 /samba/apps
chgrp "Domain Users" /samba/apps
chmod g+s /samba/apps
nano /etc/samba/logon.pl
#!/usr/bin/perl
# open LOG, ">>/var/log/samba/netlogon.log";
print LOG "$ARGV[3] - Utente $ARGV[0] collegato a $ARGV[2]\n";
close LOG;
# Elenco utenti per share
$APPS ="-direzione1-";
$NOLOGON ="-administrator-";
$DELMAP ="-winnt-win2k-win2k3-winxp-";
$ADMIN ="administrator";
# Inizio generazione script
open LOGON, ">/samba/netlogon/$ARGV[0].bat";
print LOGON "\@ECHO OFF\r\n";
print LOGON "ECHO DEBIAN logon script\r\n";
print LOGON "ECHO.\r\n";
# Sincronizza orario con il server
print LOGON "NET TIME \\\\DEBIAN /SET /YES\r\n";
# Se piattaforma PC in lista $DELMAP cancella i vecchi mappaggi
if (index($DELMAP,"-".lc($ARGV[5])."-") >=0)
{
print LOGON "NET USE * /DEL /YES\r\n";
}
# Esci se utente in lista $NOLOGON altrimenti applica i mappaggi comuni
if (index($NOLOGON,"-".lc($ARGV[0])."-") == -1)
{
# Disco L: (PUBLIC)
print LOGON "NET USE L: \\\\DEBIAN\\public /YES\r\n";
# Disco Z: (HOME)
print LOGON "NET USE Z: \\\\DEBIAN\\$ARGV[0] /YES\r\n";
# Disco X: (APPS)
if (index($APPS,"-".lc($ARGV[0])."-") >=0)
{
print LOGON "NET USE X: \\\\SBS\\apps /YES\r\n";
}
}
# Chiudi il file.
close LOGON;
chmod 775 /etc/samba/logon.pl
nano /etc/samba/smb.conf
[global]
workgroup = CED
netbios name = DEBIAN
server string = %h PDC (%v)
interfaces = eth0, lo
bind interfaces only = Yes
passdb backend = ldapsam:ldap://debian.porkyhttp.no-ip.info
enable privileges = yes
log level = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139 445
hide dot files = yes
name resolve order = wins host dns bcast
time server = Yes
guest account = guest
show add printer wizard = No
add user script = /bin/netuseradd -a -m '%u'
delete user script = /bin/netuserdel '%u'
add group script = /bin/netgroupadd -a -p '%g'
delete group script = /bin/netgroupdel '%g'
add user to group script = /bin/netgroupmod -m '%u' '%g'
delete user from group script = /bin/netgroupmod -x '%u' '%g'
# Disabilitare quando a fare il join al dominio un Windows NT
set primary group script = /bin/netusermod -g '%g' '%u'
add machine script = /bin/netuseradd -w '%u'
logon script = %U.bat
# Profili Roaming
#logon path = \\%L\profiles\%U
logon path =
logon home =
logon drive = Z:
domain logons = Yes
domain master = yes
preferred master = Yes
os level = 65
wins support = Yes
# LDAP
ldap suffix = dc=porkyhttp,dc=no-ip,dc=info
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=admin,dc=porkyhttp,dc=no-ip,dc=info
idmap backend = ldap:ldap://debian.porkyhttp.no-ip.info
idmap uid = 10000-20000
idmap gid = 10000-20000
ldap passwd sync = Yes
#ldap ssl = start tls
ldap ssl = no
map acl inherit = Yes
#printing = cups
lock directory = /var/lock/samba
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
security = user
template shell = /bin/false
[public]
comment = "L: - Cartella Pubblica Utenti"
path = /samba/public
writeable = yes
browseable = Yes
hide unreadable = Yes
directory mask = 0775
create mask = 0775
force create mode = 0775
force directory mode = 6775
security mask = 0777
force security mode = 0
directory security mask = 0777
force directory security mode = 0
#inherit acls = yes
#inherit permissions = yes
vfs objects = recycle
recycle:repository = .cestino/%U
recycle:keeptree = yes
recycle:touch = yes
recycle:versions= yes
recycle:exclude = *.tmp *.bak ~$*
recycle:exclude_dir = /tmp /temp /cache
recycle:noversions = *.doc *.xls *.ppt
[homes]
comment = "Z: - Cartella privata di %U, %u"
writeable = yes
create mask = 0700
directory mask = 0775
browseable = No
force user = %U
vfs objects = recycle
recycle:repository = .cestino
recycle:keeptree = yes
recycle:touch = yes
recycle:versions= yes
recycle:exclude = *.tmp *.bak ~$*
recycle:exclude_dir = /tmp /temp /cache
recycle:noversions = *.doc *.xls *.ppte_dir = /tmp /temp /cache
recycle:noversions = *.doc *.xls *.ppt
[rootdir]
comment = Cartella globale, solo per amministrazione e backup
path = /samba
writeable = yes
browseable = yes
directory mask = 0770
create mask = 0775
force create mode = 0775
force directory mode = 6775
security mask = 0777
force security mode = 0
directory security mask = 0777
admin users = Administrator
valid users = "@Domain Admins"
force create mode = 0644
force directory mode = 6775
[apps]
comment = "Y: - Applicazioni"
path = /samba/apps
writeable = yes
browseable = Yes
directory mask = 0770
create mask = 0775
security mask = 0777
force security mode = 0
directory security mask = 0777
force directory security mode = 0
hide unreadable = Yes
force create mode = 0775
force directory mode = 6775
[netlogon]
comment = Network Logon Service
path = /samba/netlogon
guest ok = Yes
locking = No
browseable = No
root preexec = /etc/samba/logon.pl "%U" "%G" "%L" "%T" "%m" "%a"
#root postexec = /etc/samba/logoff.pl "%U" "%G" "%L" "%T"
[profiles]
comment = Profile Share
path = /samba/profiles
writeable = yes
profile acls = Yes
browsable = No
/etc/init.d/samba start
net rpc join -S DEBIAN -U administrator
net rpc join -S DEBIAN -U administrator
Joined domain CED.
getent passwd
[...]
guest:x:5000:65534:guest:/nonexistent:/bin/sh
amministrazione1:x:5001:513:CED Domain User:/home/amministrazione1:/bin/bash
direzione1:x:5002:513:CED Domain User:/home/direzione1:/bin/false
debian$:*:5003:515:Computer:/dev/null:/bin/false
pdbedit -L
administrator:0:administrator
guest:5000:guest
amministrazione1:5001:amministrazione1
direzione1:5002:direzione1
debian$:5003:Computer
smbclient -L localhost -U administrator
Domain=[CED] OS=[Unix] Server=[Samba 3.2.5]
Sharename Type Comment
--------- ---- -------
public Disk L: - Cartella Pubblica Utenti
rootdir Disk Cartella globale, solo per amministrazione e backup
apps Disk Y: - Applicazioni
IPC$ IPC IPC Service (debian PDC (3.2.5))
administrator Disk Z: - Cartella privata di administrator, administrator
Domain=[CED] OS=[Unix] Server=[Samba 3.2.5]
Server Comment
--------- -------
DEBIAN debian PDC (3.2.5)
Workgroup Master
--------- -------
CED DEBIAN
nano /bin/purge
#!/bin/bash
# purge
# Vuota il cestino degli utenti e di sistema
# by steno 2005-2007
# Controlla i parametri
if [ $# = 0 ]
then
echo "uso: purge {all|}"
exit;
else
if [ $1 = 'all' ]
then
DIR=`ls /home -F | awk '/\/$/ {sub( /\/$/,""); print}'`;
else
DIR=$1;
fi;
fi;
# Vuota il cestino privato degli utenti
for user in $DIR; do
if [ -e /home/$user/.cestino ];
then
X="`(cd /home/$user/.cestino ; echo *)`";
if [ ! "$X" = "*" ] ; then
echo "Elimina file dal cestino utente <$user>";
rm /home/$user/.cestino/* -r;
else
echo "Cestino personale utente <$user> vuoto";
fi;
fi;
done;
# Vuota il cestino globale di "public"
DIR=`ls /samba/public/.cestino -F | awk '/\/$/ {sub( /\/$/,""); print}'`;
for user in $DIR; do
X="`(cd /samba/public/.cestino/$user ; echo *)`";
if [ ! "$X" = "*" ] ; then
echo "Elimina file dal cestino globale utente <$user>" ;
rm /samba/public/.cestino/$user -R;
else
echo "Cestino globale utente <$user> vuoto";
fi
done;
chmod 755 /bin/purge
mkdir /samba/public/.cestino
chmod 770 /samba/public/.cestino
chgrp "Domain Users" /samba/public/.cestino
nano /bin/setchown
#!/bin/bash
# setchown
# Setta il proprietario della home dir e dei file allo user
# escludi dal processo le home listate nella var "exclude"
exclude="sbsadmin ftp";
# Controlla i parametri
if [ $# = 0 ]
then
echo "uso: setchown {all|}"
exit;
else
if [ $1 = 'all' ]
then
DIR=`ls /home -F | awk '/\/$/ {sub( /\/$/,""); print}'`;
else
DIR=$1;
fi;
fi;
for user in $DIR; do
mask=${exclude#*$user};
if [ "$mask" = "$exclude" ]
then
chown $user /home/$user -R
chmod 700 /home/$user
echo "Permessi corretti in /home/$user";
fi
done;
chmod 755 /bin/setchown
addgroup --system tss
addgroup --system kvm
addgroup --system rdma
addgroup --system fuse
addgroup --system scanner
addgroup --system nvram
adduser --system tss
mkdir -p /etc/ldap/ssl
cd /etc/ldap/ssl
mkdir certs
mkdir private
chmod 700 private
echo '01' > serial
touch index.txt
nano /etc/ldap/ssl/CA.conf
[ ca ]
default_ca = local_ca
[ local_ca ]
dir = /etc/ldap/ssl
certificate = /etc/ldap/ssl/cacert.pem
database = /etc/ldap/ssl/index.txt
new_certs_dir = /etc/ldap/ssl/certs
private_key = /etc/ldap/ssl/private/cakey.pem
serial = /etc/ldap/ssl/serial
default_crl_days = 3650
default_days = 3650
default_md = md5
default_bits = 1024
encrypt_key = yes
policy = local_ca_policy
x509_extensions = local_ca_extensions
unique_subject = no
[ local_ca_policy ]
commonName = supplied
stateOrProvinceName = supplied
countryName = supplied
emailAddress = supplied
organizationName = supplied
organizationalUnitName = supplied
[ local_ca_extensions ]
subjectAltName = DNS:debian.porkyhttp.no-ip.info
basicConstraints = CA:false
nsCertType = server
[ req ]
default_bits = 2048
default_keyfile = /etc/ldap/ssl/private/cakey.pem
default_md = md5
prompt = no
distinguished_name = ced
x509_extensions = x509_cert
[ ced ]
countryName = IT
stateOrProvinceName = Palermo
localityName = Palermo
emailAddress =
Questo indirizzo e-mail è protetto dallo spam bot. Abilita Javascript per vederlo.
organizationName = porkyHTTP Network
organizationalUnitName = Servizi ICT
commonName = debian.porkyhttp.no-ip.info
[ x509_cert ]
nsCertType = server
basicConstraints = CA:true
nano /etc/ldap/ssl/LocalServer.conf
[ req ]
prompt = no
distinguished_name = ced
[ ced ]
countryName = IT
stateOrProvinceName = Palermo
localityName = Palermo
emailAddress =
Questo indirizzo e-mail è protetto dallo spam bot. Abilita Javascript per vederlo.
organizationName = porkyHTTP Network
organizationalUnitName = Servizi ICT
commonName = debian.porkyhttp.no-ip.info
cd /etc/ldap/ssl/
apt-get install openssl
export OPENSSL_CONF=/etc/ldap/ssl/CA.conf
openssl req -x509 -newkey rsa:1024 -out cacert.pem -outform PEM -days 3650 -passout pass:pwdads31
export OPENSSL_CONF=/etc/ldap/ssl/LocalServer.conf
openssl req -newkey rsa:1024 -keyout tempkey.pem -keyform PEM -out tempreq.pem -outform PEM -passout pass:pwdads31
openssl rsa < tempkey.pem > serverkey.pem -passin pass:pwdads31
chmod 400 serverkey.pem
export OPENSSL_CONF=/etc/ldap/ssl/CA.conf
openssl ca -in tempreq.pem -out servercrt.pem -passin pass:pwdads31
Using configuration from /etc/ldap/ssl/CA.conf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'IT'
stateOrProvinceName :PRINTABLE:'Palermo'
localityName :PRINTABLE:'Palermo'
emailAddress :IA5STRING:'
Questo indirizzo e-mail è protetto dallo spam bot. Abilita Javascript per vederlo.
'
organizationName :PRINTABLE:'porkyHTTP Network'
organizationalUnitName:PRINTABLE:'Servizi ICT'
commonName :PRINTABLE:'debian.porkyhttp.no-ip.info'
Certificate is to be certified until Jul 10 06:29:21 2020 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
nano /etc/smbldap-tools/smbldap.conf
ldapTLS="1"
verify="require"
cafile="/etc/ldap/ssl/cacert.pem"
clientcert="/etc/ldap/ssl/servercrt.pem"
clientkey="/etc/ldap/ssl/serverkey.pem"
nano /etc/ldap/slapd.conf
TLSCertificateFile /etc/ldap/ssl/servercrt.pem
TLSCertificateKeyFile /etc/ldap/ssl/serverkey.pem
TLSCACertificateFile /etc/ldap/ssl/cacert.pem
nano /etc/ldap/ldap.conf
HOST porkyhttp.no-ip.info
BASE dc=porkyhttp,dc=no-ip,dc=info
URI ldaps://127.0.0.1/
PORT 636
TLS_CACERT /etc/ldap/ssl/cacert.pem
TLS_REQCERT never
TIMELIMIT 2
cp -r /etc/ldap/ldap.conf /etc/ldap.conf
nano /etc/default/slapd
SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"
SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
chown openldap.openldap /etc/ldap -R
find /var/lib/ldap -type d -exec chmod 700 {} \;
find /var/lib/ldap -type f -exec chmod 600 {} \;
find /etc/ldap -type d -exec chmod 700 {} \;
find /etc/ldap -type f -exec chmod 600 {} \;
/etc/init.d/slapd restart
nano /etc/samba/smb.conf
passdb backend = ldapsam:ldaps://debian.porkyhttp.no-ip.info
idmap backend = ldap:ldaps://debian.porkyhttp.no-ip.info
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
ldap ssl = On
/etc/init.d/samba restart
apt-get install -y php5 php5-dev xml-core php5-ldap apache2 libapache2-mod-php5 php5-gd php5-xsl php-pear libfreetype6-dev libgd-tools php5-cli php5-curl php5-imap php5-mcrypt php5-mhash php5-sqlite php5-tidy php5-xmlrpc mcrypt
mkdir -p /etc/apache2/ssl/certs
mkdir -p /etc/apache2/ssl/private
cp /etc/ldap/ssl/servercrt.pem /etc/apache2/ssl/certs
cp /etc/ldap/ssl/serverkey.pem /etc/apache2/ssl/private
nano /etc/apache2/sites-available/default-ssl
ServerAdmin
Questo indirizzo e-mail è protetto dallo spam bot. Abilita Javascript per vederlo.
DocumentRoot /var/www/
Options FollowSymLinks
AllowOverride None
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/ssl_access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/certs/servercrt.pem
SSLCertificateKeyFile /etc/apache2/ssl/private/serverkey.pem
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
a2enmod ssl
a2ensite default-ssl
/etc/init.d/apache2 restart
apt-get install -y phpldapadmin
nano /usr/share/phpldapadmin/config/config.php
/* Use TLS (Transport Layer Security) to connect to the LDAP server. */
// $ldapservers->SetValue($i,'server','tls',true);
cd
wget http://www.pepinet.com/download/samba/mkntpwd.tar.gz
tar -zxf mkntpwd.tar.gz
cd mkntpwd
make
cp mkntpwd /usr/local/bin
mkntpwd
apt-get install -y postfix postfix-ldap postfix-pcre postgrey libsasl2-2 sasl2-bin libsasl2-modules
-> Sito Internet
-> debian.porkyhttp.no-ip.info
nano /etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
myhostname = debian.porkyhttp.no-ip.info
alias_maps = hash:/etc/aliases
alias_database = $alias_maps
myorigin = porkyhttp.no-ip.info
mydomain = porkyhttp.no-ip.info
mydestination = debian.porkyhttp.no-ip.info, localhost.porkyhttp.no-ip.info, porkyhttp.no-ip.info, localhost
masquerade_domains = porkyhttp.no-ip.info
relayhost =
mynetworks = 127.0.0.0/8 192.168.0.0/24 192.168.1.0/24
home_mailbox = Maildir/
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth-client
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
relay_domains = *
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
permit
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ldap/ssl/serverkey.pem
smtpd_tls_cert_file = /etc/ldap/ssl/servercrt.pem
smtpd_tls_CAfile = /etc/ldap/ssl/cacert.pem
/etc/init.d/postfix restart
apt-get install -y dovecot-imapd dovecot-pop3d dovecot-common
nano /etc/dovecot/dovecot.conf
protocols = imap imaps pop3 pop3s
disable_plaintext_auth = no
ssl_disable = no
ssl_cert_file = /etc/ldap/ssl/servercrt.pem
ssl_key_file = /etc/ldap/ssl/serverkey.pem
socket listen {
client {
path = /var/spool/postfix/private/auth-client
mode = 0660
user = postfix
group = postfix
}
}
pop3_uidl_format = %08Xu%08Xv
mail_location = maildir:~/Maildir
passdb pam {
args = blocking=yes dovecot
}
nano /etc/pam.d/dovecot
#%PAM-1.0
@include common-auth
@include common-account
@include common-session
/etc/init.d/dovecot restart
/etc/init.d/postfix restart
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 debian.porkyhttp.no-ip.info ESMTP Postfix (Debian/GNU)
ehlo debian.porkyhttp.no-ip.info
250-debian.porkyhttp.no-ip.info
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:
Questo indirizzo e-mail è protetto dallo spam bot. Abilita Javascript per vederlo.
rcpt to:
Questo indirizzo e-mail è protetto dallo spam bot. Abilita Javascript per vederlo.
data
subject: Mail di prova
Salve, ti mando una mail di prova
.
250 2.0.0 Ok: queued as 977C045EE7
quit
nano /etc/postfix/main.cf
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_hostname,
permit
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions =
permit_sasl_authenticated,
reject_unverified_recipient,
permit_mynetworks,
warn_if_reject reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_destination,
check_policy_service inet:127.0.0.1:60000
permit
soft_bounce = yes
postfix reload
nano /etc/default/postgrey
POSTGREY_OPTS="--inet=127.0.0.1:60000 --delay=180 --max-age=60"
/etc/init.d/postgrey restart
mkdir /var/spool/postgrey
chmod 777 /var/spool/postgrey
Possiamo personalizzare le whilelist editando il file dove vengono
identificati i domini da non filtrare con greylist :
sudo nano /etc/postgrey/whitelist_clients
Oppure i destinatari da non filtrare :
sudo nano /etc/postgrey/whitelist_recipients
postfix reload
apt-get install -y amavis spamassassin clamav clamav-daemon lha arj unrar zoo nomarch lzop cabextract apt-listchanges libauthen-sasl-perl libdbi-perl dspam libmail-dkim-perl razor pyzor
nano /etc/aliases
mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root
root: amministrazione1
clamav: root
virus: root
spam: root
newaliases
nano /etc/default/spamassassin
ENABLED=1
adduser amavis clamav
adduser clamav amavis
freshclam
/etc/init.d/clamav-freshclam restart
/etc/init.d/clamav-daemon restart
/etc/init.d/dovecot restart
/etc/init.d/postfix restart
/etc/init.d/postgrey restart
/etc/init.d/spamassassin restart
nano /etc/spamassassin/local.cf
rewrite_header Subject [***** SPAM _SCORE_ *****]
required_score 2.0
report_safe 1
# Enable the Bayes system
use_bayes 1
use_bayes_rules 1
# Enable Bayes auto-learning
bayes_auto_learn 1
# Enable or disable network checks
skip_rbl_checks 0
use_razor2 1
#use_dcc 0
use_pyzor 1
mkdir -p /nonexistent/.spamassassin/
chmod -R 777 /nonexistent
/etc/init.d/postfix reload
/etc/init.d/spamassassin reload
apt-get install -y tinymce php5-mysql mysql-server tinyca
Nuova password per l'utente root di MySQL: pwdads31
Ripetere la password per l'utente root di MySQL: pwdads31
cd
wget http://downloads.sourceforge.net/project/roundcubemail/roundcubemail/0.3.1/roundcubemail-0.3.1.tar.gz?use_mirror=switch
tar zxvf roundcubemail-0.3.1.tar.gz
mv roundcubemail-0.3.1 /var/www/webmail
chown -R www-data:www-data /var/www/webmail
chmod -R 755 /var/www/webmail
apt-get install -y dh-make-php php5-dev libmagic-dev phpmyadmin
pecl install fileinfo
nano /etc/php5/apache2/php.ini
extension=fileinfo.so
date.timezone = Europe/Rome
/etc/init.d/apache2 restart
|
