Remove the passphrase from the certificate.

I installed a certificate for apache to enable SSL on a website. To create the CSR for the authority it asks for a passphrase.

When you install the certificate and restart the httpd service it asks for the passphrase, so it needs to be removed from the private key.

 

 

To do this use the following command:

openssl rsa -in securesite.domain.net.uk.key -out securesite.domain.net.uk.nopass.key

It should ask for the pass phrase again but it will save it as the nopass version.

Make sure you change your ssl.conf file to use the new file:

SSLCertificateKeyFile “/path/to/certficates/securesite.domain.net.uk.nopass.key”

 

Hitman Pro and Combofix

I”ve fixed a lot of computers and laptops now with a couple of really great programs. I found one of them by word of mouth. It”s called Hitman Pro and I highly recommend it.

You can download the program for free and run a 1 time scan. It doesn”t take long to scan your system and it detects all the latest viruses and malware. You get a 30 day trial but if you are fixing a virus ridden machine then you only need it the once.. It”s made by SurfRight, check it out.

 

Another great program I found on the net is ComboFix. This is a highly powerful program and the website suggests it could damage your machine if not used correctly. They do suggest you open a ticket with them to discuss the problem, but the laptop I had was so broken this really was the last option before I reformatted. You have to accept the terms and let it run for a few hours, depending on the speed of your laptop I guess. This one was quite slow so I left it on it”s own for a while (over night). Once I came back the virus was gone and I could surf the web again. The virus affected the registry quite badly and permissions were all locked down. It looked quite a mess, but this program seemed to have rebuilt the lot.

I would only use this as a last resort, but I”ve tried an XP machine and a Vista machine with success on both occasions. Make sure you go to the BleepingComputers website to get it though, there”s a few fakes out there. Read the site completely before you do any work.

Installing TLS for Sendmail on FreeBSD

Installing TLS on sendmail Freebsd  –

cd /usr/ports/security/cyrus-sasl2-saslauthd && make install

echo ‘saslauthd_enable=”YES”‘ >> /etc/rc.conf

Start the saslauthd –

/usr/local/etc/rc.d/saslauthd.sh start

Changing sendmail build options –

vi /etc/make.conf

#Add the following –

# SASL (cyrus-sasl v2) sendmail build flags…

SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2

SENDMAIL_LDFLAGS=-L/usr/local/lib

SENDMAIL_LDADD=-lsasl2

# Adding to enable alternate port (smtps) for sendmail…

SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL

 

Once you have all this in place, it’s time to recompile sendmail.

cd /usr/src/lib/libsmutil && make cleandir && make obj && make

cd /usr/src/lib/libsm && make cleandir && make obj && make

cd /usr/src/usr.sbin/sendmail && make cleandir && make obj && make && make install

 

I added my certificates in /etc/mail/certs.

So –

mkdir /etc/mail/certs

add your certificate files in here. A wildcard domain certificate is usually the best to grab.

chmod -R 600 /etc/mail/certs/*

Make sure sendmail is using saslauthd for authentication in /usr/local/lib/sasl2/Sendmail.conf –

pwcheck_method: saslauthd

 

We then need to add the following details on your fqdn.mc file located within /etc/mail/ directory –

 

define(`confAUTH_MECHANISMS’,`PLAIN LOGIN’)dnl

TRUST_AUTH_MECH(`PLAIN LOGIN’)dnl

define(`CERT_DIR’, `/etc/mail/certs’)dnl

define(`confCACERT_PATH’, `CERT_DIR’)dnl

define(`confCACERT’, `CERT_DIR/ca-bundle.crt’)dnl

define(`confSERVER_CERT’, `CERT_DIR/your_certificate.pem’)dnl

define(`confSERVER_KEY’, `CERT_DIR/your_wildcard_key.key’)dnl

define(`confCLIENT_CERT’, `CERT_DIR/your_certificate.pem’)dnl

define(`confCLIENT_KEY’, `CERT_DIR/your_wildcard_key.key’)dnl

DAEMON_OPTIONS(`Port=smtp, Name=MTA’)dnl

DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s’)dnl

 

You want to download the ca-bundle.crt from google or here – http://certifie.com/ca-bundle/ca-bundle.crt.txt

cd /etc/mail && make all install restart

WDS Deployment

Here are my notes for deplying Windows 7 machines through Server 2008 Windows Deployment Service.

Firstly we need a reference machine. Insert your Windows 7 media into a reference machine and install windows as normal. When you get to the point where it asks you for the
computer name, this is the point where you need to enter Audit mode. Just press Ctrl + Shift + F3 and it will boot into audit mode.
Set up your machine the way you want it, but don’t join it to the domain.

Once you have finished installing all the programs, you need to run sysprep. You can run this from the command line, but I usually use the gui, which is located in C:\windows\system32\sysprep\sysprep.exe
Make sure you tick the generalise check box and set to OOBE (out of box experience) and then shut down.
You now have a reference machine that you need to capture.

I have already set-up the WDS machine, here is how I did it.
I installed the WDS role through Server Manager on my domain controller. DHCP is enabled on this machine so I ticked both boxes for DHCP. I inserted the windows 7 media and within WDS / Servers / mydc.mydomain.local / Boot Images, I
created an Install an Image boot file. Right clicked Boot Image and selected Add boot image. Find the windows 7 media / sources and boot.wim file and name that Install an Image. Once that is in place,
right click on that image and go to ‘Capture an Image’. Change the Image name and Image description to ‘Capture an Image’ and save the file in your RemoteInstall folder D:\RemoteInstall as CaptureImage.wim.

Right click Boot Images again and Add boot image. Choose your new CaptureImage.wim file and add that. You now have Install an Image and Capture an Image in your Boot Images folder.

Now you need to create a group in Install Images. Right click Install Images and ‘Add image group’. I named mine ‘Windows 7 Images’.

Start the machine up and ensure that PXE is enabled and the first boot sequence within bios. It should find the pxe server and you might have to quickly hit F2 to boot to it. You should see ‘Install an image’ and ‘Capture an image’. Obviously you want to capture the imagine at this point. You can create images for different departments, for example a techie image or a sales image, admin image etc etc.

Once it has captured, you can plug your machines into a network point and do the same thing, but you want to ‘install an image’ on each one.

 

 

I found the following article a good reference when creating my answer file – http://technet.microsoft.com/en-us/library/dd349348%28v=ws.10%29.aspx#BKMK_4

Vi – Useful tricks

I use vi a lot on nix machines and there’s a lot of useful tricks you can do to edit files.

 

A good trick to get rid of those annoying ^M characters from a dos file is –

 

:%s/(ctrl-v)(ctrl-m)//g

 

So you want to type :%s/  and then ctrl & v and without spaces ctrl & m//g

 

What you are doing here is just a regular expression, changing ^m for // (nothing – basically removing them from the entire file (g).