Only Visiting this Planet
It’s not obvious (duh), but we’ve been moved again.
So whilst we junk what shouldn’t be brought back, please watch your head and
we hope you find value in some of the work that is slowly transitioning
to the new ‘facilities’
An aside from today’s construction work.
- Child #1 - Hey dad, X isn’t working again
- Dad - have you tried X from your siblings?
- Child #1 - wanders off asking, but no one wants to give up their X (even if they aren’t using it.)
- Child #2 - Hey dad, Y isn’t working
- Dad - have you tried Y from your siblings?
- Child #2 - Hey dad, it doesn’t work there either.
- Dad - ….
after a pause.
- Child #2 - Hey dad, it’s working again. #4 kicked out the power.
- Child #1 - Oh yeah, mine is working too.
There’s a lesson in there for dad and children.
ACL Squid Configuration Sample [ OpenBSD 5.0, Squid 2.7 ]
Table of Contents: Port to listen on Network IPs to support Time intervals Organisational Policies Informative Messages Configuring Access Restricting Access Networks Access Restricting Access Ignoring the cache Let's Go Extending The Sample Authenticating Users Restricted Sites Informative Messages Access to the Cache Restricting Access to External Sites Allowing Specified networks Internal Access Let's Go Managing the Log Files Miscellaneous DNS Startup Test Debug Squid User & Group Authentication - the MSNT module Transparent Proxy FTP Proxy SOCKS 5 Proxy Cache Utilisation Scenario:
Certificate Authority and Clients [Ref: How to Configure TLS with SIP Proxy ]
Table of Contents Microsoft Windows Securing Communications through SSL Certificates revolves around a trust relationship between the client and the service (server) it is connecting to. In practise, the trust is with a 3rd party (Certificate Authority) who the client trusts to be “verifying” servers/clients and the certificates given to them.
A simplified checklist of ‘points’ of interest in the installation process to review whether you may need specific host, environment modifications.
Submit DMESG Packages User Accounts System Configuration newsyslog - Trim Log Files inetd.conf - Super Daemon pf.conf - Firewall Config sshd_config - SSH Daemon ssh_config - ssh client config sysctl.conf - System Knobs aliases - Mail Aliases Auditing Patch Review nmap scan Package checklist Maintenance As Root Generate Package List Archive Configuration Files Archive Log Files As Monitor
Table of Contents: Install SSL Certificates Basic Configuration Verification Start POP3 Post Office Protocol IMAP [Ref: OpenBSD 5.0, Dovecot 2.0.14, Installing Dovecot 2 on CentOS]
Client access, getting your e-mail from the mail server, is generally through programs that support the standard protocol for receiving mail (such as POP3, POP3S, IMAP, IMAPS.) In this guide we look at a basic configuration of dovecot as an imap, pop3, sasl server.
Table of Contents: Config Changes Authenticate to Text File Authenticate to SQL SQL Configuration SQL Account Test POP3 Test IMAP [Ref: OpenBSD 5.0, Dovecot 2.0.14, Installing Dovecot 2 on CentOS]
With a functioning Dovecot configuration, we service IMAP and POP3 for system users. Before using this configuration you should at least check the dovecot documentation and in particular the Client issues and configuration.
Realtime Communications - Clustered Servers Table of Contents: Magic Cookies Nodes Clean Database Node Configuration Synchronise Permissions [Ref: OpenBSD 4.9, ejabberd 2.1.6, XMPP | Set up clustering in ejabberd | Chapter 6 Clustering]
We have two sites where we want to have Realtime Communications. We want a separate server at each site, but want to have the same accounts, administration etc.
first is the host name from /bin/hostname -s on our primary node second is the host name from /bin/hostname -s on the secondary node Install your ejabberd first node, as per Chat/XMPP instructions, and install the second node without configuring user accounts, access privileges since we will be taking that from the first node.
Everything’s in the FAQ - 5 Building the System from Source, these are corruptions of those fine notes I maintain for a localised interpretation.
Table of Contents Grab the Source Build the Kernel Build Userland Build Xenocara Grab the Source If you are maintaining multiple releases of OpenBSD, then the question you may need to consider is which version you are going to follow:
Hippo installation is straight forward, with few dependencies that can be installed using standard packages for your System of choice.
The major dependencies to get Hippo working are:
Python 2.5, 2.6, 2.7 Git v1.7.1 or later. setuptools 0.6c11 or later GitPython v0.3 or later Python Hippo works happily using Python 2.6, 2.7. Other versions may also be compatible.
Install the Python of Choice for your host.
Setting up the FTP Server Table of Contents Introduction Configure ftp Login Configure the restricted Shell Configure the Account Configure Directory ownership, permissions Restrict User Access Restrict Using login.conf Enable ftpd through /etc/rc.conf.local Starting at the command-prompt Relative Reference Other Links Author and Copyright [ref. OpenBSD FAQ System Management -> Setting up Anonymous FTP Services | PF: Issues with FTP]
Install Hippo from the source at github.com
The installation, after the Dependencies is very very straight forward.
Download the source Run setup.py Download the Source $ cd /path-to-my-local-src $ git clone https://github.com/cortesi/hippo.git
Run setup.py $ cd hippo $ sudo python setup.py install