Enable telnet in CentOS

​Install & configure service
# yum install telnet telnet-server -y
# vim /etc/xinetd.d/telnet
change to:
disable = no

Restart service
# service xinetd restart

​Allow auto-start service
# chkconfig telnet on
# chkconfig xinetd on

By default, telnet allows only standard user login.
Configure Telnet for root logins

Simply edit the file /etc/securetty and add the following to the end of the file:


This will allow up to 10 telnet sessions to the server as root.

Enjoy 🙂

Basic configuration on Fedora Server 25 x86_64



Brief Introduction

It’s not different if you are familiar with CentOS because it uses systemd. And normally, you will encourage to use systemctl for instance, “systemctl start named“command instead of just “service named start“.

Initial Setup

Set hostname:

Edit file /etc/hostname


By default, it comes with “vi”, if you want to use vim, you can install “dnf -y install vim” or if you are familiar with “yum”, you can still use “yum -y install vim”, but to do so, you need Internet connection.

Set IP configuration

Edit file /etc/sysconfig/network-scripts/ifcfg-ensxx

+ To assign statically:














+ To use DHCP: (Follow default configuration)


Install software

Example install “vim

First you need to update list, issue command “dnf -y update“, now you can start any installation like “dnf -y install vim

Note: If you use proxy, the way to configure your system to use proxy is as the following:

Edit file /etc/dnf/dnf.conf









Domain Name System (DNS) with bind

Install packages required for DNS

$dnf -y install bind bind-utils

Edit file /etc/resolv.conf

search mail.abc.kh

nameserver #yourServerAddress


Main configuration: /etc/named.conf

options {

listen-on port 53 {; };

listen-on-v6 port 53 { none; };

directory “/var/named”;

dump-file “/var/named/data/cache_dump.db”;

statistics-file “/var/named/data/named_stats.txt”;

memstatistics-file “/var/named/data/named_mem_stats.txt”;

allow-query { localhost; any; };

forwarders {;}; //your external (ISP) DNS


zone “.” IN {

type hint;

file “named.ca”;


zone “abc.kh” IN {

type master;

file “abc.kh.zone“;


zone “255.168.192.in-addr.arpa” IN{

type master;

file “255.zone“;



Configure Zone files

Location: /var/named

+ Forward zone: abc.kh.zone (filename)


abc.kh. IN SOA mail.abc.kh. root (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

IN NS mail.abc.kh.

mail IN A

IN MX 10 mail.abc.kh.

+ Reverse zone: 255.zone (filename)


255.168.192.in-addr.arpa. IN SOA mail.abc.kh. root (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

100.168.192.in-addr.arpa. IN NS mail.abc.kh.

100 IN PTR mail.abc.kh.

100 IN PTR abc.kh.


Start/reload service and test result

$systemctl start named or systemctl reload named

$nslookup mail.abc.kh (test against your records, or can test outside like nslookup google.com)



SMTP server with postfix

Install Postfix.

dnf -y install postfix

Configure SMTP Authentication to use Dovecot’s SASL function.

Edit file /etc/postfix/main.cf

# line 95: uncomment and specify hostname

myhostname = mail.abc.kh

# line 102: uncomment and specify domain name

mydomain = abc.kh

# line 118: uncomment

myorigin = $mydomain

# line 135: change

inet_interfaces = all

# line 138: change it if use only IPv4

inet_protocols = ipv4

# line 183: add

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

# line 283: uncomment and specify your local network

mynetworks =,

# line 438: uncomment (use Maildir)

home_mailbox = Maildir/

# line 593: add

smtpd_banner = $myhostname ESMTP

# add follows to the end

# limit an email size for 10M

message_size_limit = 10485760

# limit a mailbox for 1G

mailbox_size_limit = 1073741824

# SMTP-Auth settings

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/auth

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain = $mydomain

smtpd_recipient_restrictions = permit_mynetworks,permit_auth_destination,permit_sasl_authenticated,reject


Start & enable postfix service

$ systemctl start postfix

$ systemctl enable postfix

POP/IMAP Server with dovecot

Install dovecot

dnf -y install dovecot

Configure dovecot to provide SASL function to Postfix.

Edit file /etc/dovecot/dovecot.conf

# line 24: uncomment

protocols = imap pop3 lmtp

# line 30: uncomment and change ( if not use IPv6 )

listen = *, ::

Edit file /etc/dovecot/conf.d/10-auth.conf

# line 10: uncomment and change ( allow plain text auth )

disable_plaintext_auth = no

# line 100: add

auth_mechanisms = plain login

Edit file /etc/dovecot/conf.d/10-mail.conf

# line 30: uncomment and add

mail_location = maildir:~/Maildir

Edit file /etc/dovecot/conf.d/10-master.conf

# line 96-98: uncomment and add like follows

# Postfix smtp-auth

unix_listener /var/spool/postfix/private/auth {

mode = 0666

user = postfix

group = postfix


Edit file /etc/dovecot/conf.d/10-ssl.conf

# line 8: change (not require SSL)

ssl = no


Start and enable service

$ systemctl start dovecot

$ systemctl enable dovecot


DONE! Make sure your DNS is properly configured & your firewall is disable. (systemctl disable firewall)


Configure email client (Outlook) to use email

On server, test create two users: user1, user2 and satya

$ useradd -m user1 && useradd -m user2

$ passwd user1

$ passwd user2


Configure email client

On client, make sure the connection is fine and your dns is working (nslookup)


More Settings… and make sure you got 2 ticks


Test send an email from user2 to user satya



Webmail with Squirrelmail

Download SquirrelMail for Fedora x86_64



Install require packages

If you download from other machine, you can copy via SCP to your server.

Try to install, you will know what required by SquirrelMail

Now, let install those packages:

$ dnf -y install httpd hunspell-en mod_php php-mbstring tmpwatch

Then let try again, it must be fine.

Some information to know:

  • SquirrelMail is installed in /usr/share/squirrelmail.
  • Config files are in /etc/squirrelmail
  • A config file for httpd is added to /etc/http/conf.d. This aliases /webmail to the SquirrelMail install directory.
  • A cron job is set up to purge the attachments directory daily in /etc/cron.daily/squirrelmail.cron.
  • Run /usr/share/squirrelmail/config/conf.pl


So let run:


Enter 1 , then follow the numbering and menu to edit as you wish as example below:

The most important part is option #2 Server Settings

Don’t forget to enter S to save, then if you’re sure you complete everything, then Q to exit

All you need to do with SquirrelMail is done.

Now let start the httpd service…


Start web server with httpd

Because we installed already, then just start service

$ systemctl start httpd && systemctl enable httpd

From client, let test access via browser

By default, SquirrelMail configured itself to use HTTPS, so for my case, I don’t want HTTPS anymore, just normal HTTP is fine.

What you need to do is to edit file /etc/httpd/conf.d/squirrelmail.conf

Line 24, change on to off

Then restart httpd service again. That’s it.

Test access webmail from client




Thanks you!!!

Background to Relational Database Management Systems (RDBMS)

Relational Database Management Systems (RDBMS)

A relational database management system (RDBMS) is a program that lets you create, update, and administer a relational database. Most relational database management systems use SQL to access the database.

There are more similarities than differences between the different RDBMS, but the SQL syntax may be slightly different depending on which RDBMS you are using.

Here is a brief description of popular types of RDBMS


SQLite is a popular open source SQL database. It is able to store an entire database in a single file. One of the biggest advantages this provides is that all of the data can be stored locally without having to connect your database to a server.

SQLite is a popular choice for databases in cellphones, PDAs, MP3 players, set-top boxes, and other electronic gadgets. The SQL course on Codecademy also uses SQLite.


MySQL is the most popular open source SQL database. It is typically used for web application development, and often accessed using PHP.

The main advantages of MySQL are that it is easy to use, inexpensive, reliable (has been around since 1995) and has a large community of developers who can help answer questions.

Some of the disadvantages are that it has been known to suffer from poor performance when scaling, open source development has lagged since Oracle has taken control of MySQL, and it does not include some advanced features that developers may be used to.


PostgreSQL is an open source SQL database that is not controlled by any corporation. It is typically used for web application development.

PostgreSQL shares many of the same advantages of MySQL. It is easy to use, inexpensive, reliable, and has a large community of developers. It also provides some additional features such as foreign key support without requiring complex configuration.

The main disadvantage of PostgreSQL is that it is slower in performance than other databases such as MySQL. It is also less popular than MySQL which makes it harder to come by hosts or service providers that offer managed PostgreSQL instances.

Oracle DB

Oracle DB is owned by the Oracle corporation and the code is not open sourced.

Oracle is used for large applications, particularly in the banking industry. Most of the world’s top banks run Oracle applications because Oracle offers a powerful combination of technology and comprehensive, pre-integrated business applications, including key functionality built specifically for banks.

The main disadvantage of using Oracle is that it is not free to use like its open source competitors and can be quite expensive.

SQL Server

SQL Server is owned by Microsoft. Like Oracle DB, the code is also close sourced.

SQL Server is mainly used by large enterprise applications. The major difference between Oracle and SQL Server is that SQL Server only supports the Windows Operating System.

Microsoft offers a free entry level version called Express, but can become very expensive as you scale your application.

How to block Youtube and Facebook using Layer 7 Protocol

Block youtube and facebook using layer7 on mikrotik
1- create layer7 to filter out facebook.com and youtube.com

/ip firewall layer7-protocol
add name=youtube7 regexp="^.+(youtube.com).*$"
add name=facebook7 regexp="^.+(facebook.com).*$"

2- create firewall filter rule that match our regex of layer7

/ip firewall filter
add chain=forward action=drop protocol=tcp layer7-protocol=facebook7
add chain=forward action=drop protocol=tcp layer7-protocol=youtube7

Using command “forfiles” in Windows

C:\Users\Vichhaiy>forfiles /?

FORFILES [/P pathname] [/M searchmask] [/S]
[/C command] [/D [+ | -] {MM/dd/yyyy | dd}]

Selects a file (or set of files) and executes a
command on that file. This is helpful for batch jobs.

Parameter List:
/P pathname Indicates the path to start searching.
The default folder is the current working
directory (.).

/M searchmask Searches files according to a searchmask.
The default searchmask is ‘*’ .

/S Instructs forfiles to recurse into
subdirectories. Like "DIR /S".

/C command Indicates the command to execute for each file.
Command strings should be wrapped in double

The default command is "cmd /c echo @file".

The following variables can be used in the
command string:
@file – returns the name of the file.
@fname – returns the file name without
@ext – returns only the extension of the
@path – returns the full path of the file.
@relpath – returns the relative path of the
@isdir – returns "TRUE" if a file type is
a directory, and "FALSE" for files.
@fsize – returns the size of the file in
@fdate – returns the last modified date of the
@ftime – returns the last modified time of the

To include special characters in the command
line, use the hexadecimal code for the character
in 0xHH format (ex. 0x09 for tab). Internal
CMD.exe commands should be preceded with
"cmd /c".

/D date Selects files with a last modified date greater
than or equal to (+), or less than or equal to
(-), the specified date using the
"MM/dd/yyyy" format; or selects files with a
last modified date greater than or equal to (+)
the current date plus "dd" days, or less than or
equal to (-) the current date minus "dd" days. A
valid "dd" number of days can be any number in
the range of 0 – 32768.
"+" is taken as default sign if not specified.

/? Displays this help message.

FORFILES /S /M *.txt /C "cmd /c type @file | more"
FORFILES /P C:\ /S /M *.bat
FORFILES /D -30 /M *.exe
/C "cmd /c echo @path 0x09 was changed 30 days ago"
FORFILES /D 01/01/2001
/C "cmd /c echo @fname is new since Jan 1st 2001"
FORFILES /D +9/3/2015 /C "cmd /c echo @fname is new today"
FORFILES /M *.exe /D +1
FORFILES /S /M *.doc /C "cmd /c echo @fsize"
FORFILES /M *.txt /C "cmd /c if @isdir==FALSE notepad.exe @file"

*Delete files older than 30 days:
forfiles -p "C:\what\ever" -s -m *.* /D -30 /C "cmd /c del @path"

Active Directory – How to reset password for all specified users

Download PowerShell Script


The script will reset password for users in specified OUs, or in a given CSV file.


IT Administrators may want to reset password for a large number of users in company. It will cost too much time to set new password one by one. Sometimes the new password should be a random password and different for every user. It’s easy to make mistake in manually way.


This module file contains three advanced function, Set-OSCADAccountPassword. You can use this script in following ways:
1. Open Powershell in “Run as administrator” mode.
2. Run command Import-Module “c:\ResetPassword.psm1” to import this module file.

Note Assuming you downloaded this file in the drive C directly.


Example 01: How to displays help about the Set-OSCADAccountPassword function
To display help about theSet-OSCADAccountPassword function, run the following command:
Get-Help Set-OSCADAccountPassword -Full

Example 02: How to reset password for specified users.
To reset password for specified users, should put these user’s SamAccountName in a CSV file, then run the following command:
Set-OSCADAccountPassword -path “c:\Userlist.csv”
Note first, you need to prepare a CSV file,its format appears as below. One user per line. The “Password” column is optional, if you leave it empty, this command will help you to generate a random password with 10 characters, 7 char are alphanumeric, the rest are NONalphanumeric. Both format A and format B are allowed

SamAccountName Password
SamAccountName of user, who should reset password The new password you want to set

Format A Format B
Before run this command, prepare a CSV file show as below:

Then run the command: Set-OSCADAccountPassword -path “c:\Userlist.csv”

Finally, a CSV file will be created on “C:\”, which contains user SamAccountName and new password.

Example 03: How to reset password for all users in specified OUs and their sub OU
To reset password for all users in specified OUs and their sub OU, run the following command:
Set-OSCADAccountPassword –OrganizationalUnit “testou1”, “testou2” -Recurse

Note AD structure show as below

Example 04: How to reset password to “P@Ssw0rd” for all users in specified OU, and indicate the path of result CSV file.
To reset password to “P@Ssw0rd” for all users in OU “TestOU” and indicate the path of CSV file to “c:\report\result.csv”, run the following command:
Set-OSCADAccountPassword –OrganizationalUnit “testou” -Password “P@Ssw0rd” –CSVPath “c:\report\result.csv”


How to schedule your computer to shutdown using batch script (.bat)

This is an easy batch script (.bat) to shutdown your Windows with specific time you want with the alert message 60 seconds before it executes.

To do so, create a batch file (anyname.bat) with the following content:

@echo off
if %time%==17:00:00.00 goto :X
goto :W
shutdown.exe /s /f /t 60 /c "Your computer will shutdown in 60 seconds, please save your tasks."

Enjoy 🙂

Reserved IP addresses

From Wikipedia, the free encyclopedia

In the Internet addressing architecture, the Internet Engineering Task Force (IETF) and the Internet Assigned Numbers Authority (IANA) have reserved various Internet Protocol(IP) addresses for special purposes. These IP addresses may be used for maintenance of routing tables, multicast, operation under failure modes, or to provide addressing space for public, unrestricted uses.

The IETF sets the guidelines for use of the IP address space in RFC specifications, and directs IANA to implement the policies. Reserved IP addresses tend to belong to three categories: addresses that are globally unique, addresses that are unique to the subnet, and addresses that are only relevant to the host using the address.


Address block (CIDR) Range Number of Addresses Scope Purpose –
16,777,216 software Used for broadcast messages to the current ("this") network as specified by RFC 1700, page 4. –
16,777,216 private network Used for local communications within a private network as specified by RFC 1918. –
4,194,304 private network Used for communications between a service provider and its subscribers when using a Carrier-grade NAT, as specified by RFC 6598. –
16,777,216 host Used for loopback addresses to the local host, as specified by RFC 990. –
65,536 subnet Used for link-local addresses between two hosts on a single link when no IP address is otherwise specified, such as would have normally been retrieved from a DHCP server, as specified by RFC 3927. –
1,048,576 private network Used for local communications within a private network as specified by RFC 1918 –
256 private network Used for the IANA IPv4 Special Purpose Address Registry as specified by RFC 5736 –
256 documentation Assigned as "TEST-NET" in RFC 5737 for use solely in documentation and example source code and should not be used publicly. –
256 Internet Used by 6to4 anycast relays as specified by RFC 3068. –
65,536 private network Used for local communications within a private network as specified by RFC 1918. –
131,072 private network Used for testing of inter-network communications between two separate subnets as specified in RFC 2544. –
256 documentation Assigned as "TEST-NET-2" in RFC 5737 for use solely in documentation and example source codeand should not be used publicly. –
256 documentation Assigned as "TEST-NET-3" in RFC 5737 for use solely in documentation and example source codeand should not be used publicly. –
268,435,456 Internet Reserved for multicast assignments as specified in RFC 5771. is assigned as "MCAST-TEST-NET" for use solely in documentation and example source code. –
268,435,455 n/a Reserved for future use, as specified by RFC 6890. 1 n/a Reserved for the "limited broadcast" destination address, as specified by RFC 6890.


Address block (CIDR) Range Number of Addresses scope Purpose
::/128 :: 1 software Unspecified address
::1/128 ::1 1 host loopback address to the local host.
::ffff:0:0/96 ::ffff: – ::ffff: 232 software IPv4 mapped addresses
100::/64 100:: – 100::ffff:ffff:ffff:ffff 264 Discard Prefix RFC 6666
64:ff9b::/96 64:ff9b:: – 64:ff9b:: 232 global Internet[1] IPv4/IPv6 translation (RFC 6052)
2001::/32 2001:: – 2001::ffff:ffff:ffff:ffff:ffff:ffff 296 global Teredo tunneling
2001:10::/28 2001:10:: – 2001:1f:ffff:ffff:ffff:ffff:ffff:ffff 2100 software Deprecated (previously ORCHID)
2001:20::/28 2001:20:: – 2001:2f:ffff:ffff:ffff:ffff:ffff:ffff 2100 software ORCHIDv2
2001:db8::/32 2001:db8:: – 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff 296 documentation Addresses used in documentation
2002::/16 2002:: – 2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff 2112 global Internet 6to4
fc00::/7 fc00:: – fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 2121 private network Unique local address
fe80::/10 fe80:: – febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff 2118 link Link-local address
ff00::/8 ff00:: – ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 2120 global Internet Multicast