efemoral | pumping ideas rather than red
Time 2021-08-30 22:28:47Web Name: efemoral | pumping ideas rather than red
WebSite: http://efemoral.lovius.net
ID:189950
Keywords:
ideas,pumping,efemoral,Description:
Exchange server has the capability to use TLS to encrypt email in transit to another mail server.When used for receiving, it checks that it trusts the root certificate (so a chain of trust is established) and the CRL (Certificate Revocation List) to make sure that the certificate has not been revoked in the CDP (CRL Distribution Point).Therefore, if you want to use a certificate from a private CA, as well as importing the private root certificate to the trusted root certificates on both sides, you also need to publish a CRL on each side that the other side can check. The built in filtering in windows event logs is fine for when you want to find a specific event, but if you want to find when a specific service started or stopped, it s not up to the job. Luckily there is the capability to use XML filters which I use in a custom view QueryList Query Id="0" Select Path="System" *[EventData[Data[@Name='param1'] and (Data='Hyper-V Time Synchronization Service')]] /Select /Query /QueryList If you need to delete shadow copies, you can either delete them in explorer, or use vssadmin, or use wmicTo delete using vssadminvssadmin Delete Shadows /For=C: /Oldestvssadmin Delete Shadows /For=C: /Allfor a full list of optionshttp://technet.microsoft.com/en-us/library/cc788026(v=ws.10).aspxTo delete using wmicwmicshadowcopy delete Windows Server 2012r2 introduced tiered storage spaces. Storage spaces works best when you have shelves of JBOD HDD and SSD, but there are also benefits for smaller deployments for servers with 6+ disk slots. There is however an issue that Windows cannot boot from a storage space, therefore you would need to dedicate at least one disk slot for a boot disk, there is a solution for this issue. Since Windows Server 2008r2, Windows has had the capability of boot (and run, as opposed to boot and install) from a UFD (USB Flash Drive). This then allows for example, a six disk slot server, to have two SSDs and four HDDs in a two way mirrored Tiered Storage Space, ideal for a lab Hyper-V server.There are some downsides, a UFD in a USB2 port is not as fast as a SSD on a SAS/SATA port, however for the use case, an increased boot time might not be an issue. Also there is no redundancy in a single UFD, however there are no moving parts. If the UFD is suitably sized, the wear leveling of the UFD should provide a reasonable lifespan. Microsoft suggested a 16GB UFD for 2008r2, I would suggest a 64GB UFD.Following on from the Microsoft information, I used a Kingston DataTraveler Ultimate 64 GB UFD.The Microsoft instructions for 2008r2 use a .vhd file, but it is possible to use a .vhdx with only a few small changes.Install the Windows 8.1 ADK on a suitable computer. As I don t use Windows 8 or 8.1, I used a 2012r2 server.Either mount a 2012r2 ISO, or extract the the install.wim, I have presumed that an ISO has been mounted to E:From an elevated command promptdiskpart list diskselect disk USB disk number cleancreate partition primaryactiveformat quick fs=ntfs assign letter=vThe letter isn t important, just something that doesn t conflict with existing drive lettersI am quite happy with multiple command windows open and switching between them, so open another elevated command prompt.mkdir c:\HYPERV2012r2diskpartcreate vdisk file=c:\HYPERV2012r2\HYPERV2012r2.vhdx maximum=20480 type=fixedselect vdisk file=c:\HYPERV2012r2\HYPERV2012r2.vhdxattach vdiskcreate partition primaryformat quick fs=ntfs label=HYPERV2012r2assign letter=rAgain, the letter isn t important, just something that doesn t conflict.To build the OS in the mounted .vhdx, open an elevated Deployment and Imaging Tools environment prompt. This will open in C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Deployment Tools\cd amd64\DISMdism.exe /apply-image /Imagefile:E:\sources\install.wim /Index:1 /ApplyDir:R:\When booting and running from USB with a core install, a page file should not be required, and for maximum life of the UFD, you should not use a page file on the UFD, the following disables the page file.reg load HKLM\HyperVTemp r:\windows\system32\config\systemreg add "HKLM\HyperVTemp\ControlSet001\Control\Session Manager\Memory Management" /v PagingFiles /t REG_MULTI_SZ /d "" /freg delete "HKLM\HyperVTemp\ControlSet001\Control\Session Manager\Memory Management" /v ExistingPageFiles /freg unload HKLM\HyperVTempNow return to the diskpart window, and unmount the .vhdxselect vdisk file=c:\HYPERV2012r2\HYPERV2012r2.vhdxdetach vdiskand copy the .vhdx to the UFDcopy c:\HYPERV2012r2\HYPERV2012r2.vhdx v:\Now mount the .vhdx on the UFDmkdir c:\HYPERV2012r2select vdisk file=v:\HYPERV2012r2.vhdxattach vdiskCreate a boot sector.cd ..\BCDBootbootsect /nt60 v: /force /mbrAnd create a BCDbcdboot r:\windows /s v:When the BCD has finished, you should be able to eject the UFD and boot from it. The first boot would be as if you have completed an install where you need to set the Administrator password.sudo apt-get updatesudo apt-get install oracle-java8-installersudo add-apt-repository ppa:webupd8team/javasudo apt-get updatesudo apt-get install oracle-java8-installerNow install tomcat7sudo apt-get install tomcat7sudo apt-get install tomcat7To run on ports below 1024, authbind needs to be enabledsudo nano /etc/default/tomcat7sudo nano /etc/default/tomcat7change #AUTHBIND=no to AUTHBIND=yessudo touch /etc/authbind/byport/80sudo chmod 500 /etc/authbind/byport/80sudo chown tomcat7 /etc/authbind/byport/80sudo touch /etc/authbind/byport/80sudo chmod 500 /etc/authbind/byport/80sudo chown tomcat7 /etc/authbind/byport/80set JAVA_HOMEsudo nano /etc/default/tomcat7sudo nano /etc/default/tomcat7Add JAVA_HOME=/usr/lib/jvm/java-8-oracleYou should now be able to start tomcat7 On standalone Windows servers (servers not members of a domain) the time service only checks the time against an NTP server on startup as a triggered action. If the server is on hardware with a reliable hardware clock, this is usually not a problem as clock drift on most modern hardware is minimal, if however the hardware clock is not reliable, or the Computer is running in a virtual environment, it may take incorrect clock data from the VM host (if the host has an unreliable or wrong hardware clock, or it may just drift more than expected.First of all I like to set the time service to be automaticsc triggerinfo w32time deletesc triggerinfo w32time deleteStart the time servicenet start w32tmnet start w32tmConfigure a suitable set of NTP servers, I use the pool project.ww32tm /config /manualpeerlist: 0.uk.pool.ntp.org 1.uk.pool.ntp.org 2.uk.pool.ntp.org 3.uk.pool.ntp.org /syncfromflags:manual /updateww32tm /config /manualpeerlist: 0.uk.pool.ntp.org 1.uk.pool.ntp.org 2.uk.pool.ntp.org 3.uk.pool.ntp.org /syncfromflags:manual /updateand force the time service to resync against the configured time serversw32tm /resyncw32tm /resync Rather than converting from pfx to pem format, why not just use a pfx?With the way that pfx files are formatted, copying and pasting from a terminal is not possible, however if you can get the certificate transferred over FTP, it becomes much simpler :-)The certificate has to have the full chain in it, and a passphrase.conf tip ftp username ftp username ip ftp password ftp password copy ftp flash:conf tip ftp username ftp username ip ftp password ftp password copy ftp flash:enter server nameenter source file nameenter destination file nameconf tcrypto pki trustpoint trustpoint name fqdn f.q.d.n subject-name cn= f.q.d.n revocation-check crlrsakeypair trustpoint name crypto pki import certificate.pfx pkcs12 flash: certificate passphrase wri memconf tcrypto pki trustpoint trustpoint name fqdn f.q.d.n subject-name cn= f.q.d.n revocation-check crlrsakeypair trustpoint name crypto pki import certificate.pfx pkcs12 flash: certificate passphrase wri memto show the certificateshow crypto pki trustpoints statusshow crypto pki trustpoints status On Windows 2012r2 server core, the firewall is enabled with the public profile on installation, so just enabling RDP in sconfig does not allow RDP access.You can enable RDP to pass through the firewall with the following powershell commandnetsh advfirewall firewall set rule group= remote desktop new enable=yesnetsh advfirewall firewall set rule group= remote desktop new enable=yesAlternatively, you can enable RDP and configure the firewall with the followingcscript C:\Windows\System32\SCRegEdit.wsf /AR 0cscript C:\Windows\System32\SCRegEdit.wsf /AR 0New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters -Name DisabledComponents -PropertyType DWord -Value 0xffffffffNew-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters -Name DisabledComponents -PropertyType DWord -Value 0xffffffff Starting with a base install of Ubuntu 12.04 with openssh installedInstall the Percona repo import the Percona gpg keysudo gpg --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2Asudo gpg -a --export CD2EFD2A | sudo apt-key add -sudo gpg --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2Asudo gpg -a --export CD2EFD2A | sudo apt-key add -now edit /etc/apt/sources.list and add these lines# for perconadeb http://repo.percona.com/apt precise maindeb-src http://repo.percona.com/apt precise main# for perconadeb http://repo.percona.com/apt precise maindeb-src http://repo.percona.com/apt precise mainnow install perconasudo apt-get updatesudo apt-get install percona-server-common-5.5 percona-server-server-5.5 libmysqlclient18 libmysqlclient16sudo apt-get updatesudo apt-get install percona-server-common-5.5 percona-server-server-5.5 libmysqlclient18 libmysqlclient16Now install the rest of the pre-reqssudo apt-get install nginx php5-mysql php5-xmlrpc php5-curl php5-cli php5-fpm php5-gd php5-mcrypt php-apc gitsudo apt-get install nginx php5-mysql php5-xmlrpc php5-curl php5-cli php5-fpm php5-gd php5-mcrypt php-apc gitStop nginxsudo service nginx stopsudo service nginx stopCreate the directory for tt-rsssudo mkdir -p /var/www/tt-rsssudo mkdir -p /var/www/tt-rssCreate a suitable config for nginx in sites-available and link it to sites-enabledserver listen :: :80; server_name tt-rss; server_name ttrss.domain.com; access_log /var/log/nginx/tt-rss.access.log; error_log /var/log/nginx/tt-rss.error.log; root /var/www/tt-rss; index index.php; client_max_body_size 20M; # while setting up I set an allow for the local network and deny all others, this prevents automatic logon to setup pages etc before default passwords have been set location / # allow the local net allow 192.168.100.0/24; # deny everything else deny all; # Lock out access to some folders that contains files that should not be world readable (not fully tested) location ~* include/|lock/|utils/|locale/|classes/* deny all; location = / # Needed for index.* to work # location ~* \.(txt|css|js|png|gif|ico|jpg|svg)$ { } # Allow these file endings location ~ \.php$ # Filter out arbitrary code execution fastcgi_index index.php; # location ~ \..*/.*\.php$ {return 404;} include fastcgi_params; fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME /var/www/rss/$fastcgi_script_name; location ~* . ?:ico|css|js|gif|inc|txt|gz|xml|png|jpe?g expires max; access_log off; log_not_found off; server { listen [::]:80; server_name tt-rss; server_name ttrss.domain.com; access_log /var/log/nginx/tt-rss.access.log; error_log /var/log/nginx/tt-rss.error.log; root /var/www/tt-rss; index index.php; client_max_body_size 20M; # while setting up I set an allow for the local network and deny all others, this prevents automatic logon to setup pages etc before default passwords have been set location / { # allow the local net allow 192.168.100.0/24; # deny everything else deny all; # Lock out access to some folders that contains files that should not be world readable (not fully tested) location ~* (include/|lock/|utils/|locale/|classes/*) {deny all; } location = / { } # Needed for index.* to work # location ~* \.(txt|css|js|png|gif|ico|jpg|svg)$ { } # Allow these file endings location ~ \.php$ { # Filter out arbitrary code execution fastcgi_index index.php; # location ~ \..*/.*\.php$ {return 404;} include fastcgi_params; fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME /var/www/rss/$fastcgi_script_name; location ~* .(?:ico|css|js|gif|inc|txt|gz|xml|png|jpe?g) { expires max; access_log off; log_not_found off;}Now grab the source and change the owndershipsudo git clone https://github.com/gothfox/Tiny-Tiny-RSS.git /var/www/tt-rsssudo chown -R www-data:www-data /var/www/tt-rsssudo git clone https://github.com/gothfox/Tiny-Tiny-RSS.git /var/www/tt-rsssudo chown -R www-data:www-data /var/www/tt-rssCreate the database and the usermysql -u root -p CREATE DATABASE tt-rss;GRANT ALL ON tt-rss.* TO ttrss-user IDENTIFIED BY Password ;quitmysql -u root -p CREATE DATABASE tt-rss;GRANT ALL ON tt-rss.* TO ttrss-user IDENTIFIED BY Password quitImport the schemamysql -u root -p tt-rss /var/www/tt-rss/schema/ttrss_schema_mysql.sqlmysql -u root -p tt-rss /var/www/tt-rss/schema/ttrss_schema_mysql.sqlNow start nginx and browse to the URL to complete the configurationOnce the configuration has been completed, create an executable upstart .conf script in /etc/init to update the feedsdescription tt-rss upstart script start on runlevel !2345 local-filesystems and net-device-up IFACE!=lo and started mysql stop on stopping mysqlrespawnrespawn limit 2 1setuid www-datasetgid www-dataexec /var/www/tt-rss/update_daemon2.phpdescription tt-rss upstart script start on (runlevel [!2345] local-filesystems and net-device-up IFACE!=lo and started mysql)stop on stopping mysqlrespawnrespawn limit 2 1setuid www-datasetgid www-dataexec /var/www/tt-rss/update_daemon2.php<<< Thank you for your visit >>>
Websites to related : PFX Software Informer
PDF Shaper is a simple program that allows you to split, merge, convert, and extract data from PDF...PDF Shaper is a simple program that allows you to
C# 411About C# 411 CSharp411.com is a blog written by Tim Toady about the C# programming language and .NET Framework. Tim Toady is the founder of Browserlin
Augusta Marine | New Used Boats4250 Belair Frontage Road Augusta, GA 30909 US Phone: 706-481-9336 Email: dwhyte@augustamarine.com,callie@augustamarine.com,jc@augustamarine.com Fax:
Pfx.Ribbon.WordAddIn DownloadPfx.Ribbon.WordAddIn1.0Choose the most popular programs from Developer Tools Pfx.Ribbon.WordAddIn is developed by Pfx.Ribbon.WordAddIn and is used by
A small blog on PKI related thinNot much blogging from my side the last 2 years, but now it´s finally time for a new post.One of my last posts was about YubiHSM2 and the ultra-small
EniG. Periodic Table of the ElemTriple point of oxygen (54.3584 K, -218.7916 C)Triple point of argon (83.8058 K, -189.3442 C)Triple point of mercury (234.3156 K, -38.8344 C)Triple po
Pridgeon Clay - WelcomeWelcome to Pridgeon & Clay Pridgeon & Clay is one of the largest independent, value-added manufacturers and suppliers of automotive stamped and fine-b
Australian Peacekeeper and PeaceThe purpose of the APPVA is to support the transition, health, wellbeing, and integration into society of all participants in past and present operati
MidecoWelcome to Mideco Mideco Group is a JAS-Certified importer of organic food, trading exclusively in organic farm products. ミデコグループは、小売チェ
5 Sterne Wellness Hotel Ostsee aSo nah am MeerWillkommen in Ihrem 5 Sterne Superior Thermenhotel direkt an der Ostsee! Ankommen. Abtauchen. Aufatmen.Umsorgt mit 5-Sterne-Herzlichkeit
adsHot Websites