Архивы по Категориям: Фря

Named & DNSSEC


root@mx2/usr/local/etc> cd namedb/
root@mx2/usr/local/etc/namedb> ls -l
total 154
-rw-r--r-- 1 root wheel 2761 30 сент. 04:48 bind.keys
drwxr-xr-x 2 bind bind 2 4 нояб. 2016 dynamic
drwxr-xr-x 2 root wheel 9 4 окт. 13:42 master
-rw-r--r-- 1 root wheel 23811 6 марта 2018 named.conf
-rw-r--r-- 1 root wheel 21682 30 сент. 04:48 named.conf.sample
-rw-r--r-- 1 root wheel 3402 30 сент. 04:48 named.root
-rw-r--r-- 1 root wheel 868 30 сент. 04:48 rndc.conf.sample
-rw------- 1 bind wheel 97 1 дек. 2016 rndc.key
drwxr-xr-x 2 bind bind 2 4 нояб. 2016 slave
drwxr-xr-x 2 bind bind 4 4 окт. 13:42 working
root@mx2/usr/local/etc/namedb> mkdir keys
root@mx2/usr/local/etc/namedb> chown bind:bind keys/

root@mx2/usr/local/etc/namedb> cd keys/
root@mx2/usr/local/etc/namedb/keys> dnssec-keygen -f KSK -a RSASHA1 -b 2048 -n ZONE sat-expert.com
Generating key pair..................................+++ .....+++
Ksat-expert.com.+005+62341
root@mx2/usr/local/etc/namedb/keys> ls -l
total 18
-rw-r--r-- 1 root bind 611 26 окт. 09:24 Ksat-expert.com.+005+62341.key
-rw------- 1 root bind 1774 26 окт. 09:24 Ksat-expert.com.+005+62341.private

root@mx2/usr/local/etc/namedb/keys> chown bind:bind *
root@mx2/usr/local/etc/namedb/keys> ls -l
total 18
-rw-r--r-- 1 bind bind 611 26 окт. 09:24 Ksat-expert.com.+005+62341.key
-rw------- 1 bind bind 1774 26 окт. 09:24 Ksat-expert.com.+005+62341.private
root@mx2/usr/local/etc/namedb/keys>

root@mx2/usr/local/etc/namedb/keys> dnssec-keygen -a RSASHA1 -b 2048 -n ZONE sat-expert.com
Generating key pair.......+++ ..........+++
Ksat-expert.com.+005+09855
root@mx2/usr/local/etc/namedb/keys>
root@mx2/usr/local/etc/namedb/keys>
root@mx2/usr/local/etc/namedb/keys>
root@mx2/usr/local/etc/namedb/keys>
root@mx2/usr/local/etc/namedb/keys> ls -l
total 36
-rw-r--r-- 1 root bind 611 26 окт. 09:28 Ksat-expert.com.+005+09855.key
-rw------- 1 root bind 1774 26 окт. 09:28 Ksat-expert.com.+005+09855.private
-rw-r--r-- 1 bind bind 611 26 окт. 09:24 Ksat-expert.com.+005+62341.key
-rw------- 1 bind bind 1774 26 окт. 09:24 Ksat-expert.com.+005+62341.private
root@mx2/usr/local/etc/namedb/keys>
root@mx2/usr/local/etc/namedb/keys> chown bind:bind *
root@mx2/usr/local/etc/namedb/keys>

root@mx2/usr/local/etc/namedb/keys> dnssec-dsfromkey Ksat-expert.com.+005+62341
sat-expert.com. IN DS 62341 5 1 3CC84FB07C5612D4689D047400AF16B95BCB8E26
sat-expert.com. IN DS 62341 5 2 FD2D55BF60B8AC0808751E2CDAC8123F3748F05F7C9190BB21A24C3ED5BB416F
root@mx2/usr/local/etc/namedb/keys>

dig sat-expert.com +dnssec

dig +dnssec -t any @a.gtld-servers.net sat-expert.com.

 

Установка StrongSwan на FreeBSD c максимальной совместимостью IKEv2

DisclaimerСтатья не более чем заметка для самого себя. Вопросы Почему Фря, почему Strongswan – не обсуждаются.

Что такое IPSec\IKEv2 гугль знает все. В данной конфигурации strongswan мы получаем максимальную совместимость со всеми платформами IOS/Mac OS/Windows/Android без установки сторонних приложений и клиентов.

Уточню, я уже использую сертификаты LetsEncrypt c Apache/Nginx/Postfix/Dovecote поэтому буду использовать их с StrongSwan.

pkg install strongswan

в /etc/rc.conf добавляем

strongswan_enable="YES"
#
gateway_enable="YES"

создаем симлинки на существующие сертификаты letsencrypt

cd /usr/local/etc/ipsec.d/cacerts
ln -sf /usr/local/etc/letsencrypt/live/site.com/chain.pem chain.pem
cd ../certs/
ln -sf /usr/local/etc/letsencrypt/live/site.com/fullchain.pem fullchain.pem
cd /usr/local/etc/ipsec.d/private
ln -sf /usr/local/etc/letsencrypt/live/site.com/privkey.pem privkey.pem

приводим файл /usr/local/etc/ipsec.conf к виду

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
# strictcrlpolicy=yes
# uniqueids = no
charondebug = ike 3, cfg 3

conn %default
dpdaction=clear
dpddelay=35s
dpdtimeout=2000s

fragmentation=yes
rekey=no
keyexchange=ikev2
auto=add
reauth=no
compress=yes

left=%any
leftsubnet=0.0.0.0/0
leftcert=fullchain.pem
leftfirewall=yes
leftsendcert=always

right=%any
rightsourceip=192.168.103.0/24
rightdns=213.133.98.98,213.133.99.99,213.133.100.100

eap_identity=%identity

# IKEv2
conn IPSec-IKEv2
keyexchange=ikev2
auto=add

# BlackBerry, Windows, Android
conn IPSec-IKEv2-EAP
also="IPSec-IKEv2"
rightauth=eap-mschapv2

# macOS, iOS
conn IKEv2-MSCHAPv2-Apple
also="IPSec-IKEv2"
rightauth=eap-mschapv2
leftid=mx2.sat-expert.com

# Android IPsec Hybrid RSA
conn IKEv1-Xauth
keyexchange=ikev1
rightauth=xauth
auto=add

ipsec.secrets к виду

root@mx2/usr/local/etc> cat ipsec.secrets
# filename of private key located in /usr/local/etc/ipsec.d/private/
: RSA privkey.pem

# syntax is `username : EAP "plaintextpassword"`
usr1 : EAP "password1"
usr2 : EAP "password2"
usr3 : EAP "password3"
#user2 : XAUTH "password2"
root@mx2/usr/local/etc>

в правила pf добавляем правила нат-а для впн подсети

table <it> persist { 192.168.103.0/24 }
ext_if="em0"
nat on $ext_if inet from <it> to any port != smtp -> ($ext_if)

на фв не забываем открыть UDP порты 500/4500

запускаем strongswan и смотрим что у нас происходит

ipsec start –nofork

Пока можем настроить удаленный клиент.

Пример для IOS

Пример для Mac OS

пробуем коннектится удаленным клиентом. если все нормально – запускаем strongswan как сервис.

service strongswan start

в противном случае смотрим лог и пользуемся tcpdump

Удачи 🙂

Сертификаты Let’s Encrypt и их практическое применение.

Наконец вышел из бетты проект Let’s Encrypt по выдаче бесплатных сертификатов для всех желающих.

Let’s Encrypt — это некоммерческая инициатива, предоставляющая бесплатный, автоматизированный и открытый CA (certificate authority — центр сертификации), созданный ISRG на благо общества.

Решил опробовать его на своем блоге. В итоге по тесту SSLLabs имеем класс секретности “А”

Снимок экрана 2015-12-08 в 15.17.24

Вместе с изучением первоисточников процесс установки занял пару часов. Не будем спорить о принципе работы центра сертификации, сроках жизни сертификатов, необходимости автоматизировать процесс их получения да и вообще о том что продажа сертификатов в моем понимании приравнивается к продаже воздуха по заоблачным ценам.

Респект и уважуха проекту Let’s Encrypt.

В процессе использовались материалы:
Let’s Encrypt on a FreeBSD NGINX reverse proxy
Let’s Encrypt выходит в публичную бету: HTTPS всюду, каждому, отныне и навсегда бесплатно
Setting up HSTS in nginx

Лег диск в рейде на hetzner

В очередной раз. С момента прошлой замены прошло 224 дня.

camcontrol devlist

&lt;ST3750528AS CC46&gt; at scbus0 target 0 lun 0 (ada0,pass0)
&lt;WDC WD7500AALX-009BA0 15.01H15&gt; at scbus1 target 0 lun 0 (ada1,pass1)

root@mx1/root&gt; ls /dev/ada?
/dev/ada0 /dev/ada1

root@mx1/root&gt; gmirror status
Name Status Components
mirror/gm0 DEGRADED ada1s1 (ACTIVE)
root@mx1/root&gt;

битый диск прожил 23757 hours (989 days + 21 hours). ну что ж…

[su_spoiler]

root@mx1/usr/home/vvs>
root@mx1/usr/home/vvs> /usr/local/sbin/smartctl -a /dev/ada0
smartctl 6.4 2015-06-04 r4109 [FreeBSD 9.3-STABLE amd64] (local build)
Copyright (C) 2002-15, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Model Family: Western Digital Blue
Device Model: WDC WD7500AALX-009BA0
Serial Number: WD-WCATR7461233
LU WWN Device Id: 5 0014ee 25b4c70ec
Firmware Version: 15.01H15
User Capacity: 750 156 374 016 bytes [750 GB]
Sector Size: 512 bytes logical/physical
Device is: In smartctl database [for details use: -P show]
ATA Version is: ATA8-ACS (minor revision not indicated)
SATA Version is: SATA 3.0, 6.0 Gb/s (current: 3.0 Gb/s)
Local Time is: Tue Jul 28 10:03:05 2015 EEST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status: (0x82) Offline data collection activity
was completed without error.
Auto Offline Data Collection: Enabled.
Self-test execution status: ( 0) The previous self-test routine completed
without error or no self-test has ever
been run.
Total time to complete Offline
data collection: (11100) seconds.
Offline data collection
capabilities: (0x7b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities: (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability: (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine
recommended polling time: ( 2) minutes.
Extended self-test routine
recommended polling time: ( 130) minutes.
Conveyance self-test routine
recommended polling time: ( 5) minutes.
SCT capabilities: (0x3037) SCT Status supported.
SCT Feature Control supported.
SCT Data Table supported.

SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE
1 Raw_Read_Error_Rate 0x002f 200 200 051 Pre-fail Always - 0
3 Spin_Up_Time 0x0027 199 178 021 Pre-fail Always - 3050
4 Start_Stop_Count 0x0032 100 100 000 Old_age Always - 31
5 Reallocated_Sector_Ct 0x0033 200 200 140 Pre-fail Always - 0
7 Seek_Error_Rate 0x002e 100 253 000 Old_age Always - 0
9 Power_On_Hours 0x0032 070 070 000 Old_age Always - 22524
10 Spin_Retry_Count 0x0032 100 253 000 Old_age Always - 0
11 Calibration_Retry_Count 0x0032 100 253 000 Old_age Always - 0
12 Power_Cycle_Count 0x0032 100 100 000 Old_age Always - 28
192 Power-Off_Retract_Count 0x0032 200 200 000 Old_age Always - 24
193 Load_Cycle_Count 0x0032 200 200 000 Old_age Always - 6
194 Temperature_Celsius 0x0022 107 090 000 Old_age Always - 40
196 Reallocated_Event_Count 0x0032 200 200 000 Old_age Always - 0
197 Current_Pending_Sector 0x0032 200 200 000 Old_age Always - 0
198 Offline_Uncorrectable 0x0030 200 200 000 Old_age Offline - 0
199 UDMA_CRC_Error_Count 0x0032 200 200 000 Old_age Always - 0
200 Multi_Zone_Error_Rate 0x0008 200 200 000 Old_age Offline - 0

SMART Error Log Version: 1
No Errors Logged

SMART Self-test log structure revision number 1
Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
# 1 Extended offline Completed without error 00% 22513 -
# 2 Extended offline Completed without error 00% 22506 -
# 3 Extended offline Completed without error 00% 21234 -
# 4 Extended offline Completed without error 00% 21160 -
# 5 Extended offline Completed without error 00% 17275 -
# 6 Extended offline Completed without error 00% 17249 -
# 7 Extended offline Completed without error 00% 12639 -
# 8 Extended offline Completed without error 00% 11053 -

SMART Selective self-test log data structure revision number 1
SPAN MIN_LBA MAX_LBA CURRENT_TEST_STATUS
1 0 0 Not_testing
2 0 0 Not_testing
3 0 0 Not_testing
4 0 0 Not_testing
5 0 0 Not_testing
Selective self-test flags (0x0):
After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.

root@mx1/usr/home/vvs>

[/su_spoiler]

[su_spoiler]

root@mx1/usr/home/vvs>
root@mx1/usr/home/vvs> /usr/local/sbin/smartctl -a /dev/ada0
smartctl 6.4 2015-06-04 r4109 [FreeBSD 9.3-STABLE amd64] (local build)
Copyright (C) 2002-15, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Model Family: Western Digital Blue
Device Model: WDC WD7500AALX-009BA0
Serial Number: WD-WCATR7461233
LU WWN Device Id: 5 0014ee 25b4c70ec
Firmware Version: 15.01H15
User Capacity: 750 156 374 016 bytes [750 GB]
Sector Size: 512 bytes logical/physical
Device is: In smartctl database [for details use: -P show]
ATA Version is: ATA8-ACS (minor revision not indicated)
SATA Version is: SATA 3.0, 6.0 Gb/s (current: 3.0 Gb/s)
Local Time is: Tue Jul 28 10:03:05 2015 EEST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status: (0x82) Offline data collection activity
was completed without error.
Auto Offline Data Collection: Enabled.
Self-test execution status: ( 0) The previous self-test routine completed
without error or no self-test has ever
been run.
Total time to complete Offline
data collection: (11100) seconds.
Offline data collection
capabilities: (0x7b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities: (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability: (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine
recommended polling time: ( 2) minutes.
Extended self-test routine
recommended polling time: ( 130) minutes.
Conveyance self-test routine
recommended polling time: ( 5) minutes.
SCT capabilities: (0x3037) SCT Status supported.
SCT Feature Control supported.
SCT Data Table supported.

SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE
1 Raw_Read_Error_Rate 0x002f 200 200 051 Pre-fail Always - 0
3 Spin_Up_Time 0x0027 199 178 021 Pre-fail Always - 3050
4 Start_Stop_Count 0x0032 100 100 000 Old_age Always - 31
5 Reallocated_Sector_Ct 0x0033 200 200 140 Pre-fail Always - 0
7 Seek_Error_Rate 0x002e 100 253 000 Old_age Always - 0
9 Power_On_Hours 0x0032 070 070 000 Old_age Always - 22524
10 Spin_Retry_Count 0x0032 100 253 000 Old_age Always - 0
11 Calibration_Retry_Count 0x0032 100 253 000 Old_age Always - 0
12 Power_Cycle_Count 0x0032 100 100 000 Old_age Always - 28
192 Power-Off_Retract_Count 0x0032 200 200 000 Old_age Always - 24
193 Load_Cycle_Count 0x0032 200 200 000 Old_age Always - 6
194 Temperature_Celsius 0x0022 107 090 000 Old_age Always - 40
196 Reallocated_Event_Count 0x0032 200 200 000 Old_age Always - 0
197 Current_Pending_Sector 0x0032 200 200 000 Old_age Always - 0
198 Offline_Uncorrectable 0x0030 200 200 000 Old_age Offline - 0
199 UDMA_CRC_Error_Count 0x0032 200 200 000 Old_age Always - 0
200 Multi_Zone_Error_Rate 0x0008 200 200 000 Old_age Offline - 0

SMART Error Log Version: 1
No Errors Logged

SMART Self-test log structure revision number 1
Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
# 1 Extended offline Completed without error 00% 22513 -
# 2 Extended offline Completed without error 00% 22506 -
# 3 Extended offline Completed without error 00% 21234 -
# 4 Extended offline Completed without error 00% 21160 -
# 5 Extended offline Completed without error 00% 17275 -
# 6 Extended offline Completed without error 00% 17249 -
# 7 Extended offline Completed without error 00% 12639 -
# 8 Extended offline Completed without error 00% 11053 -

SMART Selective self-test log data structure revision number 1
SPAN MIN_LBA MAX_LBA CURRENT_TEST_STATUS
1 0 0 Not_testing
2 0 0 Not_testing
3 0 0 Not_testing
4 0 0 Not_testing
5 0 0 Not_testing
Selective self-test flags (0x0):
After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.

root@mx1/usr/home/vvs>

[/su_spoiler]

разбираем gmirror

gmirror forget gm0

и пишем письмо в поддержку.
Good day.
We are experiencing problems with the hard drive Seagate Barracuda w serial number 9VP2SZL7.
It is subject to physical change. Kindly requested to replace the drive as quickly as possible.

Please don’t take any other actions except HDD replacement – don’t install recoverty image, etc.

Thanks in advance!

ну что я могу сказать – заменили за пол часа.
после замены

[su_spoiler]

root@mx1/usr/home/vvs>
root@mx1/usr/home/vvs> /usr/local/sbin/smartctl -a /dev/ada0
smartctl 6.4 2015-06-04 r4109 [FreeBSD 9.3-STABLE amd64] (local build)
Copyright (C) 2002-15, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Model Family: Western Digital Blue
Device Model: WDC WD7500AALX-009BA0
Serial Number: WD-WCATR7461233
LU WWN Device Id: 5 0014ee 25b4c70ec
Firmware Version: 15.01H15
User Capacity: 750 156 374 016 bytes [750 GB]
Sector Size: 512 bytes logical/physical
Device is: In smartctl database [for details use: -P show]
ATA Version is: ATA8-ACS (minor revision not indicated)
SATA Version is: SATA 3.0, 6.0 Gb/s (current: 3.0 Gb/s)
Local Time is: Tue Jul 28 10:03:05 2015 EEST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status: (0x82) Offline data collection activity
was completed without error.
Auto Offline Data Collection: Enabled.
Self-test execution status: ( 0) The previous self-test routine completed
without error or no self-test has ever
been run.
Total time to complete Offline
data collection: (11100) seconds.
Offline data collection
capabilities: (0x7b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities: (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability: (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine
recommended polling time: ( 2) minutes.
Extended self-test routine
recommended polling time: ( 130) minutes.
Conveyance self-test routine
recommended polling time: ( 5) minutes.
SCT capabilities: (0x3037) SCT Status supported.
SCT Feature Control supported.
SCT Data Table supported.

SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE
1 Raw_Read_Error_Rate 0x002f 200 200 051 Pre-fail Always - 0
3 Spin_Up_Time 0x0027 199 178 021 Pre-fail Always - 3050
4 Start_Stop_Count 0x0032 100 100 000 Old_age Always - 31
5 Reallocated_Sector_Ct 0x0033 200 200 140 Pre-fail Always - 0
7 Seek_Error_Rate 0x002e 100 253 000 Old_age Always - 0
9 Power_On_Hours 0x0032 070 070 000 Old_age Always - 22524
10 Spin_Retry_Count 0x0032 100 253 000 Old_age Always - 0
11 Calibration_Retry_Count 0x0032 100 253 000 Old_age Always - 0
12 Power_Cycle_Count 0x0032 100 100 000 Old_age Always - 28
192 Power-Off_Retract_Count 0x0032 200 200 000 Old_age Always - 24
193 Load_Cycle_Count 0x0032 200 200 000 Old_age Always - 6
194 Temperature_Celsius 0x0022 107 090 000 Old_age Always - 40
196 Reallocated_Event_Count 0x0032 200 200 000 Old_age Always - 0
197 Current_Pending_Sector 0x0032 200 200 000 Old_age Always - 0
198 Offline_Uncorrectable 0x0030 200 200 000 Old_age Offline - 0
199 UDMA_CRC_Error_Count 0x0032 200 200 000 Old_age Always - 0
200 Multi_Zone_Error_Rate 0x0008 200 200 000 Old_age Offline - 0

SMART Error Log Version: 1
No Errors Logged

SMART Self-test log structure revision number 1
Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
# 1 Extended offline Completed without error 00% 22513 -
# 2 Extended offline Completed without error 00% 22506 -
# 3 Extended offline Completed without error 00% 21234 -
# 4 Extended offline Completed without error 00% 21160 -
# 5 Extended offline Completed without error 00% 17275 -
# 6 Extended offline Completed without error 00% 17249 -
# 7 Extended offline Completed without error 00% 12639 -
# 8 Extended offline Completed without error 00% 11053 -

SMART Selective self-test log data structure revision number 1
SPAN MIN_LBA MAX_LBA CURRENT_TEST_STATUS
1 0 0 Not_testing
2 0 0 Not_testing
3 0 0 Not_testing
4 0 0 Not_testing
5 0 0 Not_testing
Selective self-test flags (0x0):
After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.

root@mx1/usr/home/vvs>

[/su_spoiler]
диск впердолили такой же старый. за новый просят 41 ойро.

9 Power_On_Hours 0x0032 070 070 000 Old_age Always – 22524

попробуем сколько протянет этот диск.

вставляем его в gmirror и ждем конца синхронизации …

root@mx1/usr/home/vvs&gt; gmirror insert gm0 /dev/ada0

root@mx1/usr/home/vvs&gt; gmirror status
Name Status Components
mirror/gm0 DEGRADED ada1s1 (ACTIVE)
ada0 (SYNCHRONIZING, 0%)
root@mx1/usr/home/vvs&gt;

freebsd, php, extensions.ini

cat /usr/local/etc/php/extensions.ini | sort > /usr/local/etc/php/extensions.ini_new

cp /usr/local/etc/php/extensions.ini_new /usr/local/etc/php/extensions.ini

apachectl restart

еще можно переносить в самый конец

extension=mysql.so
extension=mysqli.so
extension=imap.so
extension=sockets.so
extension=memcache.so

 

spamassassin, razor

Razor2 port 2307 TCP – открыть

#mkdir /usr/local/var/razor
#razor-admin -home=/usr/local/var/razor -register
#razor-admin -home=/usr/local/var/razor -create
#razor-admin -d -home=/usr/local/var/razor -discover

spamassassin
local.cf

#razor
use_razor2 1
razor_config /usr/local/var/razor/razor-agent.conf

score RAZOR2_CHECK 2.500
score PYZOR_CHECK 2.500
score DCC_CHECK 4.000

vim /usr/local/var/razor/razor-agent.conf

добавить
razorhome = /usr/local/var/razor/

проверяем

spamassassin -t -D razor2 < 111.eml spamassassin -t -D dcc < 111.eml

найти самые большие 10 файлов

[cce]
du -a /var | sort -n -r | head -n 15
[/cce]

Увеличиваем размер аттача в postfix

[cc]
postconf | grep message_size_limit
postconf -e message_size_limit=52428800
[/cce]

 

быстрый способ найти самые большие файлы

[cce]
du -a /var | sort -n -r | head -n 10
[/cce]

синхронизация каталогов lftp/mirror

синхронизировать локальный каталог с удалённым:
$ lftp -e ‘mirror -e каталог-на-сервере локальный-каталог; bye;’ -u логин,пароль удалённый.хост

И наоборот, выложить локальный каталог на удалённый сервер:
$ lftp -e ‘mirror -R локальный-каталог каталог-на-сервере; bye;’ -u логин,пароль удалённый.хост

вот еще …

[cc lang=bash]
#!/bin/bash
HOST=”your.ftp.host.dom”
USER=”username”
PASS=”password”
LCD=”/path/of/your/local/dir”
RCD=”/path/of/your/remote/dir”
lftp -c “set ftp:list-options -a;
open ftp://$USER:$PASS@$HOST;
lcd $LCD;
cd $RCD;
mirror –reverse \
–delete \
–verbose \
–exclude-glob a-dir-to-exclude/ \
–exclude-glob a-file-to-exclude \
–exclude-glob a-file-group-to-exclude* \
–exclude-glob other-files-to-exclude”
[/cc]