DES, 3DES and AES

Discussion:

AES is the successor of DES as standard symmetric encryption algorithm for US federal organizations. AES uses keys of 128, 192 or 256 bits, although, 128 bit keys provide sufficient strength today. It uses 128 bit blocks, and is efficient in both software and hardware implementations. It was selected through an open competition involving hundreds of cryptographers during several years.

DES is the previous “data encryption standard” from the seventies. Its key size is too short for proper security. The 56 effective bits can be brute-forced, and that has been done more than ten years ago. DES uses 64-bit blocks, which poses some potential issues when encrypting several gigabytes of data with the same key.

3DES is a way to reuse DES implementations, by chaining three instances of DES with different keys. 3DES is believed to still be secure because it requires 2^112 operations which is not achievable with foreseeable technology. 3DES is very slow especially in software implementations because DES was designed for performance in hardware.

Link: https://security.stackexchange.com/questions/26179/security-comparsion-of-3des-and-aes

 

Enable telnet in CentOS

​Install & configure service
# yum install telnet telnet-server -y
# vim /etc/xinetd.d/telnet
change to:
disable = no

Restart service
# service xinetd restart

​Allow auto-start service
# chkconfig telnet on
# chkconfig xinetd on

By default, telnet allows only standard user login.
Configure Telnet for root logins

Simply edit the file /etc/securetty and add the following to the end of the file:

pts/0
pts/1
pts/2
pts/3
pts/4
pts/5
pts/6
pts/7
pts/8
pts/9

This will allow up to 10 telnet sessions to the server as root.

Enjoy 🙂

Basic configuration on Fedora Server 25 x86_64

Download

http://download.fedoraproject.org/pub/fedora/linux/releases/25/Server/x86_64/iso/

Brief Introduction

It’s not different if you are familiar with CentOS because it uses systemd. And normally, you will encourage to use systemctl for instance, “systemctl start named“command instead of just “service named start“.

Initial Setup

Set hostname:

Edit file /etc/hostname

yourhostname.yourdomain

By default, it comes with “vi”, if you want to use vim, you can install “dnf -y install vim” or if you are familiar with “yum”, you can still use “yum -y install vim”, but to do so, you need Internet connection.

Set IP configuration

Edit file /etc/sysconfig/network-scripts/ifcfg-ensxx

+ To assign statically:

TYPE=”Ethernet”

BOOTPROTO=”static

NAME=”ens33″

UUID=”7abfe54d-b855-485a-ba95-430cca3ed830″

DEVICE=”ens33″

ONBOOT=”yes”

DNS1=”192.168.255.100″

GATEWAY=”192.168.255.2″

HOSTNAME=”fedora.abc.kh”

HWADDR=”00:0c:29:79:58:26″

IPADDR=”192.168.255.100″

NETMASK=”255.255.255.0″

NM_CONTROLLED=”yes”

+ To use DHCP: (Follow default configuration)

BOOTPROTO=”dhcp”

Install software

Example install “vim

First you need to update list, issue command “dnf -y update“, now you can start any installation like “dnf -y install vim

Note: If you use proxy, the way to configure your system to use proxy is as the following:

Edit file /etc/dnf/dnf.conf

[main]

gpgcheck=1

installonly_limit=3

clean_requirements_on_remove=True

proxy=http://yourProxyServer:YourProxyPort

proxy_username=yourUsername

proxy_password=yourPassword

 

Domain Name System (DNS) with bind

Install packages required for DNS

$dnf -y install bind bind-utils

Edit file /etc/resolv.conf

search mail.abc.kh

nameserver 192.168.255.100 #yourServerAddress

 

Main configuration: /etc/named.conf

options {

listen-on port 53 { 192.168.255.100; };

listen-on-v6 port 53 { none; };

directory “/var/named”;

dump-file “/var/named/data/cache_dump.db”;

statistics-file “/var/named/data/named_stats.txt”;

memstatistics-file “/var/named/data/named_mem_stats.txt”;

allow-query { localhost; any; };

forwarders {202.28.162.1;}; //your external (ISP) DNS

};

zone “.” IN {

type hint;

file “named.ca”;

};

zone “abc.kh” IN {

type master;

file “abc.kh.zone“;

};

zone “255.168.192.in-addr.arpa” IN{

type master;

file “255.zone“;

};

 

Configure Zone files

Location: /var/named

+ Forward zone: abc.kh.zone (filename)

$TTL 1D

abc.kh. IN SOA mail.abc.kh. root (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

IN NS mail.abc.kh.

mail IN A 192.168.255.100

IN MX 10 mail.abc.kh.

+ Reverse zone: 255.zone (filename)

$TTL 1D

255.168.192.in-addr.arpa. IN SOA mail.abc.kh. root (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

100.168.192.in-addr.arpa. IN NS mail.abc.kh.

100 IN PTR mail.abc.kh.

100 IN PTR abc.kh.

 

Start/reload service and test result

$systemctl start named or systemctl reload named

$nslookup mail.abc.kh (test against your records, or can test outside like nslookup google.com)

 

    

SMTP server with postfix

Install Postfix.

dnf -y install postfix

Configure SMTP Authentication to use Dovecot’s SASL function.

Edit file /etc/postfix/main.cf

# line 95: uncomment and specify hostname

myhostname = mail.abc.kh

# line 102: uncomment and specify domain name

mydomain = abc.kh

# line 118: uncomment

myorigin = $mydomain

# line 135: change

inet_interfaces = all

# line 138: change it if use only IPv4

inet_protocols = ipv4

# line 183: add

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

# line 283: uncomment and specify your local network

mynetworks = 127.0.0.0/8, 192.168.255.0/24

# line 438: uncomment (use Maildir)

home_mailbox = Maildir/

# line 593: add

smtpd_banner = $myhostname ESMTP

# add follows to the end

# limit an email size for 10M

message_size_limit = 10485760

# limit a mailbox for 1G

mailbox_size_limit = 1073741824

# SMTP-Auth settings

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/auth

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain = $mydomain

smtpd_recipient_restrictions = permit_mynetworks,permit_auth_destination,permit_sasl_authenticated,reject

 

Start & enable postfix service

$ systemctl start postfix

$ systemctl enable postfix

POP/IMAP Server with dovecot

Install dovecot

dnf -y install dovecot

Configure dovecot to provide SASL function to Postfix.

Edit file /etc/dovecot/dovecot.conf

# line 24: uncomment

protocols = imap pop3 lmtp

# line 30: uncomment and change ( if not use IPv6 )

listen = *, ::

Edit file /etc/dovecot/conf.d/10-auth.conf

# line 10: uncomment and change ( allow plain text auth )

disable_plaintext_auth = no

# line 100: add

auth_mechanisms = plain login

Edit file /etc/dovecot/conf.d/10-mail.conf

# line 30: uncomment and add

mail_location = maildir:~/Maildir

Edit file /etc/dovecot/conf.d/10-master.conf

# line 96-98: uncomment and add like follows

# Postfix smtp-auth

unix_listener /var/spool/postfix/private/auth {

mode = 0666


user = postfix

group = postfix

}

Edit file /etc/dovecot/conf.d/10-ssl.conf

# line 8: change (not require SSL)

ssl = no

 

Start and enable service

$ systemctl start dovecot

$ systemctl enable dovecot

 

DONE! Make sure your DNS is properly configured & your firewall is disable. (systemctl disable firewall)

 

Configure email client (Outlook) to use email

On server, test create two users: user1, user2 and satya

$ useradd -m user1 && useradd -m user2

$ passwd user1

$ passwd user2

 

Configure email client

On client, make sure the connection is fine and your dns is working (nslookup)

 

More Settings… and make sure you got 2 ticks

 

Test send an email from user2 to user satya

Send:

Receive:

Webmail with Squirrelmail

Download SquirrelMail for Fedora x86_64

ftp://rpmfind.net/linux/fedora/linux/releases/25/Everything/x86_64/os/Packages/s/squirrelmail-1.4.22-17.fc24.noarch.rpm

 

Install require packages

If you download from other machine, you can copy via SCP to your server.

Try to install, you will know what required by SquirrelMail

Now, let install those packages:

$ dnf -y install httpd hunspell-en mod_php php-mbstring tmpwatch

Then let try again, it must be fine.

Some information to know:

  • SquirrelMail is installed in /usr/share/squirrelmail.
  • Config files are in /etc/squirrelmail
  • A config file for httpd is added to /etc/http/conf.d. This aliases /webmail to the SquirrelMail install directory.
  • A cron job is set up to purge the attachments directory daily in /etc/cron.daily/squirrelmail.cron.
  • Run /usr/share/squirrelmail/config/conf.pl

 

So let run:

/usr/share/squirrelmail/config/conf.pl

Enter 1 , then follow the numbering and menu to edit as you wish as example below:

The most important part is option #2 Server Settings

Don’t forget to enter S to save, then if you’re sure you complete everything, then Q to exit

All you need to do with SquirrelMail is done.

Now let start the httpd service…

 

Start web server with httpd

Because we installed already, then just start service

$ systemctl start httpd && systemctl enable httpd

From client, let test access via browser

By default, SquirrelMail configured itself to use HTTPS, so for my case, I don’t want HTTPS anymore, just normal HTTP is fine.

What you need to do is to edit file /etc/httpd/conf.d/squirrelmail.conf

Line 24, change on to off

Then restart httpd service again. That’s it.

Test access webmail from client

 

 

 

Thanks you!!!

Background to Relational Database Management Systems (RDBMS)

Relational Database Management Systems (RDBMS)

A relational database management system (RDBMS) is a program that lets you create, update, and administer a relational database. Most relational database management systems use SQL to access the database.

There are more similarities than differences between the different RDBMS, but the SQL syntax may be slightly different depending on which RDBMS you are using.

Here is a brief description of popular types of RDBMS

SQLite

SQLite is a popular open source SQL database. It is able to store an entire database in a single file. One of the biggest advantages this provides is that all of the data can be stored locally without having to connect your database to a server.

SQLite is a popular choice for databases in cellphones, PDAs, MP3 players, set-top boxes, and other electronic gadgets. The SQL course on Codecademy also uses SQLite.

MySQL

MySQL is the most popular open source SQL database. It is typically used for web application development, and often accessed using PHP.

The main advantages of MySQL are that it is easy to use, inexpensive, reliable (has been around since 1995) and has a large community of developers who can help answer questions.

Some of the disadvantages are that it has been known to suffer from poor performance when scaling, open source development has lagged since Oracle has taken control of MySQL, and it does not include some advanced features that developers may be used to.

PostgreSQL

PostgreSQL is an open source SQL database that is not controlled by any corporation. It is typically used for web application development.

PostgreSQL shares many of the same advantages of MySQL. It is easy to use, inexpensive, reliable, and has a large community of developers. It also provides some additional features such as foreign key support without requiring complex configuration.

The main disadvantage of PostgreSQL is that it is slower in performance than other databases such as MySQL. It is also less popular than MySQL which makes it harder to come by hosts or service providers that offer managed PostgreSQL instances.

Oracle DB

Oracle DB is owned by the Oracle corporation and the code is not open sourced.

Oracle is used for large applications, particularly in the banking industry. Most of the world’s top banks run Oracle applications because Oracle offers a powerful combination of technology and comprehensive, pre-integrated business applications, including key functionality built specifically for banks.

The main disadvantage of using Oracle is that it is not free to use like its open source competitors and can be quite expensive.

SQL Server

SQL Server is owned by Microsoft. Like Oracle DB, the code is also close sourced.

SQL Server is mainly used by large enterprise applications. The major difference between Oracle and SQL Server is that SQL Server only supports the Windows Operating System.

Microsoft offers a free entry level version called Express, but can become very expensive as you scale your application.

How to block Youtube and Facebook using Layer 7 Protocol

Block youtube and facebook using layer7 on mikrotik
1- create layer7 to filter out facebook.com and youtube.com

/ip firewall layer7-protocol
add name=youtube7 regexp="^.+(youtube.com).*$"
add name=facebook7 regexp="^.+(facebook.com).*$"

2- create firewall filter rule that match our regex of layer7

/ip firewall filter
add chain=forward action=drop protocol=tcp layer7-protocol=facebook7
add chain=forward action=drop protocol=tcp layer7-protocol=youtube7

Using command “forfiles” in Windows

C:\Users\Vichhaiy>forfiles /?

FORFILES [/P pathname] [/M searchmask] [/S]
[/C command] [/D [+ | -] {MM/dd/yyyy | dd}]

Description:
Selects a file (or set of files) and executes a
command on that file. This is helpful for batch jobs.

Parameter List:
/P pathname Indicates the path to start searching.
The default folder is the current working
directory (.).

/M searchmask Searches files according to a searchmask.
The default searchmask is ‘*’ .

/S Instructs forfiles to recurse into
subdirectories. Like "DIR /S".

/C command Indicates the command to execute for each file.
Command strings should be wrapped in double
quotes.

The default command is "cmd /c echo @file".

The following variables can be used in the
command string:
@file – returns the name of the file.
@fname – returns the file name without
extension.
@ext – returns only the extension of the
file.
@path – returns the full path of the file.
@relpath – returns the relative path of the
file.
@isdir – returns "TRUE" if a file type is
a directory, and "FALSE" for files.
@fsize – returns the size of the file in
bytes.
@fdate – returns the last modified date of the
file.
@ftime – returns the last modified time of the
file.

To include special characters in the command
line, use the hexadecimal code for the character
in 0xHH format (ex. 0x09 for tab). Internal
CMD.exe commands should be preceded with
"cmd /c".

/D date Selects files with a last modified date greater
than or equal to (+), or less than or equal to
(-), the specified date using the
"MM/dd/yyyy" format; or selects files with a
last modified date greater than or equal to (+)
the current date plus "dd" days, or less than or
equal to (-) the current date minus "dd" days. A
valid "dd" number of days can be any number in
the range of 0 – 32768.
"+" is taken as default sign if not specified.

/? Displays this help message.

Examples:
FORFILES /?
FORFILES
FORFILES /P C:\WINDOWS /S /M DNS*.*
FORFILES /S /M *.txt /C "cmd /c type @file | more"
FORFILES /P C:\ /S /M *.bat
FORFILES /D -30 /M *.exe
/C "cmd /c echo @path 0x09 was changed 30 days ago"
FORFILES /D 01/01/2001
/C "cmd /c echo @fname is new since Jan 1st 2001"
FORFILES /D +9/3/2015 /C "cmd /c echo @fname is new today"
FORFILES /M *.exe /D +1
FORFILES /S /M *.doc /C "cmd /c echo @fsize"
FORFILES /M *.txt /C "cmd /c if @isdir==FALSE notepad.exe @file"

*Delete files older than 30 days:
forfiles -p "C:\what\ever" -s -m *.* /D -30 /C "cmd /c del @path"

Active Directory – How to reset password for all specified users

Download PowerShell Script

Introduction

The script will reset password for users in specified OUs, or in a given CSV file.

Scenarios

IT Administrators may want to reset password for a large number of users in company. It will cost too much time to set new password one by one. Sometimes the new password should be a random password and different for every user. It’s easy to make mistake in manually way.

Script

This module file contains three advanced function, Set-OSCADAccountPassword. You can use this script in following ways:
1. Open Powershell in “Run as administrator” mode.
2. Run command Import-Module “c:\ResetPassword.psm1” to import this module file.

Note Assuming you downloaded this file in the drive C directly.

Examples

Example 01: How to displays help about the Set-OSCADAccountPassword function
To display help about theSet-OSCADAccountPassword function, run the following command:
Get-Help Set-OSCADAccountPassword -Full

Example 02: How to reset password for specified users.
To reset password for specified users, should put these user’s SamAccountName in a CSV file, then run the following command:
Set-OSCADAccountPassword -path “c:\Userlist.csv”
Note first, you need to prepare a CSV file,its format appears as below. One user per line. The “Password” column is optional, if you leave it empty, this command will help you to generate a random password with 10 characters, 7 char are alphanumeric, the rest are NONalphanumeric. Both format A and format B are allowed

SamAccountName Password
SamAccountName of user, who should reset password The new password you want to set

Format A Format B
Before run this command, prepare a CSV file show as below:

Then run the command: Set-OSCADAccountPassword -path “c:\Userlist.csv”

Finally, a CSV file will be created on “C:\”, which contains user SamAccountName and new password.

Example 03: How to reset password for all users in specified OUs and their sub OU
To reset password for all users in specified OUs and their sub OU, run the following command:
Set-OSCADAccountPassword –OrganizationalUnit “testou1”, “testou2” -Recurse


Note AD structure show as below

Example 04: How to reset password to “P@Ssw0rd” for all users in specified OU, and indicate the path of result CSV file.
To reset password to “P@Ssw0rd” for all users in OU “TestOU” and indicate the path of CSV file to “c:\report\result.csv”, run the following command:
Set-OSCADAccountPassword –OrganizationalUnit “testou” -Password “P@Ssw0rd” –CSVPath “c:\report\result.csv”


Source

How to schedule your computer to shutdown using batch script (.bat)

This is an easy batch script (.bat) to shutdown your Windows with specific time you want with the alert message 60 seconds before it executes.

To do so, create a batch file (anyname.bat) with the following content:

@echo off
:W
if %time%==17:00:00.00 goto :X
goto :W
:X
shutdown.exe /s /f /t 60 /c "Your computer will shutdown in 60 seconds, please save your tasks."

Enjoy 🙂