Autor: messi.muc

mein DNS mit Bind9 auf Ubuntu

Configs

server.amhang9.de -MASTER-
/etc/bind/named.conf.options

acl goodclients {
        localhost;
        localnets;
};

options {
	directory "/var/cache/bind";

	// If there is a firewall between you and nameservers you want
	// to talk to, you may need to fix the firewall to allow multiple
	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

	// If your ISP provided one or more IP addresses for stable 
	// nameservers, you probably want to use them as forwarders.  
	// Uncomment the following block, and insert the addresses replacing 
	// the all-0's placeholder.

	// forwarders {
	// 0.0.0.0;
	// };

	//========================================================================
	// If BIND logs error messages about the root key being expired,
	// you will need to update your keys.  See https://www.isc.org/bind-keys
	//========================================================================
//	dnssec-validation auto;

	auth-nxdomain no;    # conform to RFC1035
//	listen-on-v6 { any; };
	listen-on { 37.120.163.133; 
		127.0.0.1;				
};
	request-ixfr no;	
//	allow-query { goodclients; };
};


zone "tzsz.de" {
	type master;
        file "/var/lib/bind/db.tzsz.de";
	allow-transfer { 5.45.98.66; };
	also-notify { 5.45.98.66; };
};

zone "muc.mes" IN {
	type forward;
	forwarders {
	192.168.15.1;
    };
};

zone "ah9.mes" IN {
        type forward;
        forwarders {
        192.168.234.1;
    };
};

serv.amhang9.de -SLAVE-
/etc/bind/named.conf.options

acl goodclients {
        localhost;
        localnets;
};

options {
	directory "/var/cache/bind";

	// If there is a firewall between you and nameservers you want
	// to talk to, you may need to fix the firewall to allow multiple
	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

	// If your ISP provided one or more IP addresses for stable 
	// nameservers, you probably want to use them as forwarders.  
	// Uncomment the following block, and insert the addresses replacing 
	// the all-0's placeholder.

	// forwarders {
	// 0.0.0.0;
	// };

	//========================================================================
	// If BIND logs error messages about the root key being expired,
	// you will need to update your keys.  See https://www.isc.org/bind-keys
	//========================================================================
//        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
        listen-on { 5.45.98.66; 
		127.0.0.1;
};
	request-ixfr no;
//	allow-query { goodclients; };
};

zone "tzsz.de" {
        type slave;
        file "/var/cache/bind/db.tzsz.de";
	masters { 37.120.163.133; };
};


zone "muc.mes" IN {
        type forward;
        forwarders {
        192.168.15.1;
    };
};

zone "elip.mes" IN {
        type forward;
        forwarders {
        192.168.112.1;
    };
};

server.amhang9.de /var/lib/bind/db.tzsz.de

;
; BIND data file for local loopback interface
;
$TTL	3600
@	2560	IN	SOA	tzsz.de. root.tzsz.de. (
				     53		; Serial
				3600		; Refresh
				  3600		; Retry
				3600		; Expire
				 3600 )	; Negative Cache TTL
	3600	IN	A	37.120.163.133
@	3600	IN	MX	100 mxlb.ispgateway.de.
;
@	86400	IN	NS	server.amhang9.de.
@	86400	IN	NS	serv.amhang9.de.
@	3600	IN	A	37.120.163.133
@	3600	IN	AAAA	2a03:4000:6:3114::1
*	3600	IN	A	37.120.163.133
*	3600    IN      AAAA    2a03:4000:6:3114::1
foehn	3600	IN	AAAA	2001:4c50:14d:cb00:208:9bff:fed2:4777
ow	3600	IN	AAAA	2001:4c50:100:4:9c0a:bbbb:fbec:4416

Befehle

dig ANY amhang9.de @ns.namespace4you.de
dig ANY tzsz.de @server.amhang9.de

Dokus

http://www.zytrax.com/books/dns/
https://help.ubuntu.com/community/BIND9ServerHowto

Schroeder3

Software

KramKram

du -hs * | sort -h     #Datei/Ordnergröße sortiert klein>groß
rsync --list-only username@servername:/directoryname/ #rsync Ziel checken
su nobody -c 'echo "hello from $USER"'  #als anderer User ausführen
netstat -plnt # offene Ports
samba-tool user list # zeige Samba User
getent passwd ELIP\\herbs # zeigt Samba UIDs
wbinfo -g #zeigt Samba Gruppen
wbinfo -u #zeigt Samba User
samba-tool user add messi #useradd
samba-tool domain passwordsettings set --complexity=off #einfache passwörter
net rpc rights grant 'ELIP\Domain Admins' SeDiskOperatorPrivilege -U'ELIP\administrator'

Weiterlesen

Versetzter zyklischer Crontab

Use this:

*/5+2 * * * * 1st-script
*/5+4 * * * * 2nd-script
For future reference take a look at this online Cron Job Generator.

Update

Since there are several reports that the + syntax is not working on Ubuntu 14.04, here’s a variation:

2-59/5 * * * * 1st-script
4-59/5 * * * * 1st-script
This will result in the 1st script to run every 5 minutes starting with an offset of 2 minutes at the beginning of each hour and the 2nd script to behave the same with an offset of 4 minutes.

qnap apache log

This is a quick guide for those needing to debug web apps, such as ownCloud, on QNAP hardware.

von: http://technedigitale.com/archives/407

QNAP systems only come with an Apache error log by default, which only logs apache service errors, not page errors, which make impossible to debug problems on sites. The only way to get more detailed logs is to add a few new config files to Apache, as follows:

  1. Login to the QNAP device through SSH
  2. Enable .htaccess usage on Apache. To do this you need to create a new Apache configuration file:
    vi /etc/config/apache/extra/apache-myconfig.conf

    And add the following commands:

    CustomLog logs/main_log combined
    ErrorLog logs/error_log
    LogLevel info
  3. Reference this new configuration file on Apache main configuration file. To do this, edit Apache configuration file:
    vi /etc/config/apache/apache.conf

    and add the following line at the end of the file:

    Include /etc/config/apache/extra/apache-myconfig.conf

Finally, restart Apache.

 /etc/init.d/Qthttpd.sh restart

Now, this own’t work on QNAP running QTS 4.1.x onwards, as people from QNAP thought it was working far too good, and decided to through a challenge. For some reason, Apache configuration files are reset every time Apache is restarted by Qnap startup scripts. So until I get a stable solution, the workaround is to manually restart Apache:

/usr/local/apache/bin/apachectl restart

The files will be present on /mnt/ext/opt/apache/logs/ .

Please note, all files will be restarted at 0:00, in order not to fill the partion .

startcom ssl qnap

HOW TO INSTALL SSL/TLS ON QNAP

First look for a certificate provider who can provide a free SSL/TLS for Server certificate. I have searched and compiled a list of free certificates who can provide a free certificate for QNAP.

I will show you how to get the certificate and install these on the QNAP from startssl.com, with this you can get unlimited free renewals.

Please check the list below:

List of free SSL/TLS certificates:

  1. https://startssl.com/
  2. https://buy.wosign.com/free ( some time you get untrusted seller ).
  3. https://letsencrypt.org/ ( Auto install with Plesk ).
  4. https://www.digitalberg.com/ssl-certificates/ssl-price/ (from top provider).

SSL/TLS

I’m going to start a sign up on StartSSL where you can decrypt the private key tool inside of the My Account link.

I have a QNAP PRO TS-269L, Firmware: 4.2.1

See the screenshot of where to apply for the certificates in the QNAP:

So we need a ‘certificate’, ‘Private key’ with encrypted and decrypted – both and ‘intermediate key’.

New Certificate keys must be installed on the QNAP on the first box, Decrypted private key for the second box in QNAP and intermediate certificate on third / last box in the QNAP, see the picture above.

QNAP security accepts a decrypted key instead of an encrypted private key so we have to use decrypt private key tool from StartSSL account or google it.

Let’s Start with Certificate

  1. Go to StartSSL.com
  2. Click on Sign-up
  3. Choose your country and personal / cooperate email.
  4. verify your code.
  5. Validate your Domain.
  6. Go to your account and click on certificate Wizard
  7. Select Web Server SSL/TLS Certificate
  8. Add your subdomain name for server. e.g. i have add ‘cloud’ before my domain.
  9. Next step is to create a CSR key for your cloud domain.
  10. For QNAP use Generate by PKI system with your password.
  11. Submit request, immediately you will get your Private Key and intermediate Key to download.
  12. Next step is to decrypt your encrypted Key certificate to decrypt for QNAP.
  13. Go back to your startSSL account then click on ‘ToolBox’.
  14. Look for decrypt Tool.
  15. Enter the Private Key into Enter Private Key and Password box and passphrase then click decrypt.
  16. Once you get your decrypted key please save this as decrypt private key.
  17.  Now you should have intermediate key, decrypt key and Certificate ready in folder.

Now go to QNAP

  1. Login to your QNAP
  2. Go to Control panel > System settings > Security.
  3. Add your first ‘Certificate’ on first box
  4. Then Add your Decrypted Key on your QNAp second box. where mentioned: PrivateKey: please enter a certificate or private key in x.509PEM format below.
  5. last thing is to copy and paste this ‘intermediate key’ on the last / third box and then Apply. good to go!
  6. Go to your URL to check e.g. https://cloud.qureshi.me.

ffmpeg Hörbuch

ganzen Ordner mit Metadaten & Cover

IFS=$'\n'; for mp3 in $(ls *.mp3); do ffmpeg -i $mp3 -metadata artist="Reihentitel" -metadata title="021 - Erstes Buch"  -metadata album="001 - Erstes Buch" -map 0:0 -acodec aac -b:a 128k -f mp4 ${mp3}.m4b; MP4Box -itags cover=folder.jpg ${mp3}.m4b; done

und das Cover nachträglich

IFS=$'\n'; for m4b in $(ls *.m4b); do MP4Box -itags cover=folder.jpg ${m4b}; done

und das Cover aus nem mp3 extrahieren

-vcodec png

[Mac SW] Banking / HBCI

Ich find ja HBCI cool, will sagen, Finanzsoftware ohne findet hier nicht statt.
Wirklich „getestet“ habe ich nur GnuCash – einfach weil ich es benutze.
Mittlerweile läuft es im Mac auch ohne „X11“ – bei mir leider ohne Kartenleser.

Dann gibt’s noch:

  • Pecunia, ist wie GnuCash Open Source, kann auch noch keinen Kartenleser nutzen und sieht richtig schön aus !
  • Der Saldomat ist eigentlich nur so ne Art „Benachrichtigungs-Widget“, tut was es soll, kost aber.
  • BankX – kann wohl „alles“, aber richtig teuer und hat kein gutes iPhone-App
  • Fürs Telefon mein Favorit: iOutBank

Fotos gibts auch, kommen aber später 😉