UNIX Admin

用Duplicator Pro 重建 WordPress – Part 1

早一星期因為一個一不少心,在upgrade Ubuntu時忙了用SSH做release upgrade是一件中度風險事情(雖然每次都無事),最後server instance就因為session timeout 而brick了. 搞了一大輪.最後只可以rebuild server instance及wordpress. 說起wordpress, 我早前好在買了Duplicator Pro作為backup用途, 今次正正用了 Duplicator Pro 來重建我的Wordpress.

用Squid proxy 做 youtube 既 Live Streaming

話說X’mas就到,而咁啱我手頭上既野比我D伙計KO晒,即係我都幾得閑. 而且尋日又去金魚街買佐4 packs野.包括水草, 魚一包, 螺一包, Crayfish(淡水龍蝦)一隻. lunch 時大家話不如搞個魚樂無窮Channel. 咁我地就著手用desktop板youtube試用USB Webcam 去 live streaming 啦, 點知因為…又係coperate既firewall block晒D port(證明Infra team交足功課比我), 所以我當然係要leverage我隻squid proxy啦.

Read more用Squid proxy 做 youtube 既 Live Streaming

如何在Linux/unix上 ban spammer?

好多時review syslog 及 mail.log 都會見到好多spammer, spammer最common既observations就係做brute force attack. 當然正常情況下用strong password policy唔係咁容易比spammer誤入,但更好既方法就係做prevention control.

Dec 10 13:53:12 delta dovecot: auth-worker(9742): pam(sir@xxx.org,87.246.7.34): pam_authenticate() failed: Authentication failure (password mismatch?)
Dec 10 13:53:14 delta postfix/smtps/smtpd[8101]: warning: unknown[87.246.7.34]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Dec 10 13:53:16 delta postfix/smtps/smtpd[8101]: lost connection after AUTH from unknown[87.246.7.34]
Dec 10 13:53:16 delta postfix/smtps/smtpd[8101]: disconnect from unknown[87.246.7.34] ehlo=1 auth=0/1 rset=1 commands=2/3
Dec 10 13:53:52 delta postfix/smtps/smtpd[8101]: warning: hostname net6-ip34.linkbg.com does not resolve to address 87.246.7.34
Dec 10 13:53:52 delta postfix/smtps/smtpd[8101]: connect from unknown[87.246.7.34]
Dec 10 13:53:56 delta postfix/smtps/smtpd[8101]: Anonymous TLS connection established from unknown[87.246.7.34]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Dec 10 13:54:05 delta dovecot: auth-worker(9742): pam(sistemas@xxx.org,87.246.7.34): pam_authenticate() failed: Authentication failure (password mismatch?)
Dec 10 13:54:07 delta postfix/smtps/smtpd[8101]: warning: unknown[87.246.7.34]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Dec 10 13:54:08 delta postfix/smtps/smtpd[8101]: lost connection after AUTH from unknown[87.246.7.34]
Dec 10 13:54:08 delta postfix/smtps/smtpd[8101]: disconnect from unknown[87.246.7.34] ehlo=1 auth=0/1 rset=1 commands=2/3
Dec 10 13:54:49 delta postfix/smtps/smtpd[8101]: warning: hostname net6-ip34.linkbg.com does not resolve to address 87.246.7.34
Dec 10 13:54:49 delta postfix/smtps/smtpd[8101]: connect from unknown[87.246.7.34]
Dec 10 13:54:56 delta postfix/smtps/smtpd[8101]: Anonymous TLS connection established from unknown[87.246.7.34]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Dec 10 13:55:07 delta dovecot: auth-worker(9841): pam(six@xxx.org,87.246.7.34): pam_authenticate() failed: Authentication failure (password mismatch?)
Dec 10 13:55:09 delta postfix/smtps/smtpd[8101]: warning: unknown[87.246.7.34]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Dec 10 13:55:11 delta postfix/smtps/smtpd[8101]: lost connection after AUTH from unknown[87.246.7.34]
Dec 10 13:55:11 delta postfix/smtps/smtpd[8101]: disconnect from unknown[87.246.7.34] ehlo=1 auth=0/1 rset=1 commands=2/3
Dec 10 13:55:47 delta postfix/smtps/smtpd[8101]: warning: hostname net6-ip34.linkbg.com does not resolve to address 87.246.7.34
Dec 10 13:55:47 delta postfix/smtps/smtpd[8101]: connect from unknown[87.246.7.34]
Dec 10 13:55:51 delta postfix/smtps/smtpd[8101]: Anonymous TLS connection established from unknown[87.246.7.34]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

Read more如何在Linux/unix上 ban spammer?

停止 Dovecot 無需要的 info log

在linux/unix上有用 dovecot 作為 imapd/popd的朋友都可能好似我一樣, 覺得 dovecot 的 info 及 log 真的太多太煩. 所以大家都一定會問: 如何可以停止 Dovecot 無需要的 info log呢?

常見很煩擾的info log

Dec 10 09:50:20 sigma dovecot: imap(adrian): Logged out in=80 out=1262
Dec 10 09:50:20 sigma dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=30133, secured, session=<rwUcvE+ZCrB/AAAB>
Dec 10 09:50:20 sigma dovecot: imap(adrian): Logged out in=110 out=1282
Dec 10 09:50:21 sigma dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=30134, secured, session=<BgYcvE+ZDLB/AAAB>
Dec 10 09:50:21 sigma dovecot: imap(adrian): Logged out in=280 out=1227
Dec 10 09:50:25 sigma dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=30136, secured, session=<PgFovE+ZDrB/AAAB>
Dec 10 09:50:25 sigma dovecot: imap(adrian): Logged out in=28 out=769
Dec 10 09:52:21 sigma dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=30141, secured, session=<dkNEw0+ZELB/AAAB>
Dec 10 09:52:21 sigma dovecot: imap(adrian): Logged out in=89 out=882

Read more停止 Dovecot 無需要的 info log

建設 Postfix + SPF + DKIM + DMARC

因為源用了好幾年的VPS hosting供應商AlphaRacks.com突然結業, 迫於無奈要找新的hosting供應商, 最迫不得意的當然是重新建設mail server. 當然您也可以使用raspberry piOrangePi. 今次使用的VPS供應商是SnowVPS.com, 而選用的OS當然也是Ubuntu 16.04吧. 既然是由零開始, 所以今次一於記錄下安裝程序方便有須要朋友可參考. 今次安裝的 smtp server 是 Postfix, 另外會加上 SPF 作為 inbound/outbound filter, 再加上 DKIM 及 DMARC 作業 email authentication. 另外我都會使用 greylist 加強 spam filter.

Read more建設 Postfix + SPF + DKIM + DMARC

OrangePi Zero – Reverse Proxy

由於網上爬真係比較慢,而4G雖然快但始終有用量限制(我subscribe 個plan係50G 4.5G network) , 正因為我想方便utilitize system resources, 所以我把張家中network分家. 而今次這個project, 我是希望通過一台OrangePi Zero 做 reverse proxy, 令到活在4G network部份的器材可經網上爬這個fix fee接口進出internet.

Read moreOrangePi Zero – Reverse Proxy

低能shell script

好多年無寫過program啦,今日手痕,所以搞搞新意思

手上有成手zip file, 因為係成手都係既問題, 而如果用windows去unzip 會有排玩, 會有好多keystroke 而如果寫 batch file 既話又無得再用 pkzip -d 等呢類 command…加埋我寫batch file既技巧真係同阿EDB局長(唔得掂)一樣. 所以我索性張D zip file 放晒上隻 Raspberry PI 上面再寫個 shell script 去 KO 佢

#!/bin/bash
for f in *.zip; do
  echo $f;
  file=$(basename "$f")
  filename="${file%.*}"
  # extension="${file##*.}"
  echo "mkdir: "$filename;
  mkdir unzip/$filename;
  unzip $f -d unzip/$filename;
done

個script大致上係scan晒個directory入面既 zip file, 再跟個zip file 既名起個directory, 再爆晒D file落去呢個sub-directory.

至於file既transfer 我會用 winscp, 用唔使3分鐘時間就搞掂晒