Posts

Add times and timezones to your RSS feeds

Please do not forget to add timezone to your RSS feeds.

No-one wants to see the posts written at 00:00:00 or in the future relative to when they read it.

This is just a reminder/placeholder/quick note.

See more at:

perlbrew installation and usage

Installation

Copy & paste this line into your terminal.

\curl -L https://install.perlbrew.pl | bash

Then, execute following line:

echo "source ~/perl5/perlbrew/etc/bashrc" >> ~/.profile

Then, open new shell and you can start working with perlbrew in there.

All files will be installed in ~/perl5/perlbrew/, and it will use that directory and subdirectories.

Basic usage

Get a list of available perls you can use:

perlbrew available

Install some version of perl:

perlbrew install perl-5.36.1

It will compile that perl version and install it within ~/perl5/perlbrew/ subdirectory.

It will take some time (around 21 minutes at my laptop), and it will take 324M of disk space.

Now you can list all installed perl versions:

perlbrew list

To switch to specific version you can use command switch:

perlbrew switch perl-5.36.1

To execute the script with another version of perl, but not switching to it completely:

perlbrew exec --with perl-5.40.0 perl myprogram.pl

To run the script with specific version of perl from cron, use the following:

* * * * * PERLBREW_ROOT=$HOME/perl5/ ~/perl5/perlbrew/bin/perlbrew exec --with perl-5.36.1 ~/myprogram.pl

For more on cron tips, see: http://johnbokma.com/blog/2019/03/08/running-a-perl-program-via-cron.html

To return back to system perl version, you can switch it off:

perlbrew switch-off

For additional help:

perlbrew -h
perlbrew help

See more: https://perlbrew.pl/

See also: https://github.com/tokuhirom/plenv

How to use GPG key with Indieweb login

In reply to: https://indieauth.com/pgp

Here are the steps I did to make it working. Someone might find this useful.

1. Create pulic key: public.gpg

gpg --export --armor --output public.gpg nedzad@nedzadhrnjica.com

Upload file 'public.gpg' to root of your site.

Edit index.html and add following line in "...'

<link rel="pgpkey" href="/public.pgp">

2. Open site: https://indielogin.com

3. Login with your domain name: https://nedzadhrnjica.com

3. Choose login using GPG

4. Copy text from popup

5. create signature

cat | gpg --sign --armor --local-user nedzad@nedzadhrnjica.com

copy signature, including "-----BEGIN PGP MESSAGE----- ... -----END PGP MESSAGE-----"

NOTE: If you got an error 'gpg: signing failed: Invalid IPC response', add '--pinentry-mode loopback' to cli, like this:

So, the new command in case of that error would be:

cat | gpg --sign --armor --local-user nedzad@nedzadhrnjica.com --pinentry-mode loopback

copy signature, including "-----BEGIN PGP MESSAGE----- ... -----END PGP MESSAGE-----"

6. paste in popup, replacing existing text

7. click 'Verify' button

That's it.

GTD 1 2 3 ... engage!

Everything looks great with GTD until it is time to engage.

Sometimes you forget to look at your next actions list. Sometimes you simply cannot start. Wondering around about what to do next, you default to do some unimportant unproductive stuff, not related to anything you want. You end up stressed, depressed, and tired.

1. Build a routine of engaging!

Force yourself into engaging, at least once a day, at least with one item.

Block 15 minutes a day in your calendar, simply to engage on one item from your next actions list. It could be more than 15 minutes a day, it can be more than 1 task. But, keep that to a minimum. And do it for several weeks.

You forget to look at the calendar? Write it down on post-it note, or a plain piece of paper, and put it in front of you. Make it bother you everywhere you go. Make it bother you all the way until you complete that one item.

Write on it: "Take that one next step! Now! Only one!"

Remember, you do not need to take all of the steps, and all of the projects, and all of the actions. Just that one single step.

You are just developing a new habit to go to the place where you keep your next actions and actually work on them. Eventually, in time, you will automatically go there and do things (without a need for your calendar block time alarm, or your note reminder).

You should teach yourself to look at your next actions list every time you are idle/boring/doing nothing. Just look at the list and choose the appropriate task from the list. Yes, even "relax/recharge for 15 minutes" can be a valid task!

To start with engaging, force yourself to engage with GTD for at least 15 minutes a day. No more. Build routine. After some time, you will jump on your GTD next actions list without thinking.

The whole point of GTD is that when you get a few minutes, even unexpectedly, you can get something done. You will simply jump to the next actions list, and do some.

Once you are there, it would be easier to avoid defaulting to none. But, if your list is huge...

2. Split your huge list into smaller lists, more manageable.

If there are too many tasks on your list, and you cannot decide which one to take on (all of them are too important), the best way you can do is to split them into smaller, more manageable, sublists.

Find out if can you group them into similar subtasks, or split them into sub contexts.

E.g. if you have a list of tasks related to the computer, you can group them into subtasks:

  • email related list of tasks
  • spreadsheet related list of tasks
  • computer management list of tasks (disk cleaning, files organizing, ...)
  • ...

But, do remember to look at them!

For this, it would be great to have a general (top-level) list of lists to look at. Having a list of your next action contexts is good to go. So, you will first look at your list of contexts, and then select in which context you are now, then choose the subcontext you want to work from, then check the tasks that you can do within that subcontext.

3. Clarify tasks you are avoiding.

Even then, you can avoid doing some tasks. Why? You should clarify exactly what it means.

Do you want to call someone, email someone, or write to someone? That is great indecision that can give you some hard mental headache.

You should get down to an exact physical next action you should do, without a need for any additional thinking.

This post is influenced by: Youtube / GTD Engage - Productivity Tips and Tricks by Janet Riley / GTD Focus

How to run perl from index.php

Sometimes you need to run a simple perl script, but your webhosting is configured to look for index.php only. Here is the way to get it through:

Edit index.php

<?php
foreach ($_SERVER as $key => $value) { putenv("$key=$value"); }
foreach ($_GET as $key => $value)    { putenv("GET_$key=".escapeshellarg($value)); }
foreach ($_POST as $key => $value)   { putenv("POST_$key=".escapeshellarg($value)); }

echo shell_exec('perl index.pl 2>&1');

Create your index.pl

#!/usr/bin/perl

use Data::Dumper; $Data::Dumper::Sortkeys = 1;

print "Done.\n";

print Dumper( \@INC );
print Dumper( \%ENV );

Conclusion

All $_GET variables will be in GET_xxx environment variables.

All $_POST variables will be in POST_xxx environment variables.

ALL $_SERVER variables will be set as CGI environment variables.

This is 'out of head' document. It should be tested.

That's all.

how-to-restart-mysql-server-after-Out-of-Memory

On default Digital Ocean WordPress installation, sometimes you may find following error while opening website:

Error establishing a database connection

Looking in the /var/log/syslog, we have:

May 3 08:08:13 myDigitalOceanDroplet kernel: [391622.639370] Out of memory: Killed process 98542 (mysqld) total-vm:165880kB, anon-rss:59772kB, file-rss:2396kB, shmem-rss:0kB, UID:112 pgtables:276kB oom_score_adj:0

It happens usually when the Wordpress is installed on the lowest droplet size, and not tuned properly. A large number of requests through Apache web server causes the memory to be exhaused and system automatically kills processes, to stay alive. As a fast workaround, you can monitor the MySQL process every minute and restart it if/when needed.

So, how you will do this ?

Save this script to /root/monitor-mysqld-process.sh:

#!/bin/sh

TEST=$(/usr/bin/pgrep -a mysqld | grep -v $0)
if [ -z "$TEST" ]; then
        DATE=$(date)
        echo "$DATE Restarting mysql service..."
        /usr/sbin/service mysql start
fi

Run this script from cron, every minute:

* * * * * /root/monitor-mysqld-process.sh >> /tmp/cron.monitor-mysqld-process.txt 2>&1

And finally, monitor temporary log:

tail -F /tmp/cron.monitor-mysqld-process.txt

Tue May  3 08:17:02 UTC 2022 Restarting mysql service...

Online email server check

Here is a set of online tools you can use to check your email server configuration:

Google Admin Toolbox Check MX

Mail delivery check

Requires login:

Check SPAM score of your email message (copy/paste)

Additional services

New:

Updates

Save and edit vim macros

This is a way how to properly save/reuse macros recorded inside of a vim editor.

Use 'q' followed by a letter to record a macro. This just goes into one of the copy/paste registers, so you can paste it as normal with the "xp or "xP commands in normal mode.

To save it, you open up .vimrc and paste the content, then the register will be around the next time you start vim. The format is something like:

let @q='macro content'
  1. From normal mode: qq
  2. enter whatever commands
  3. From normal mode: q
  4. open .vimrc
  5. "qp to insert the macro into your let @q='...' line Maybe it is better to use CTRL+R CTRL+R q, to insert register content without interpreting it.

To insert special characters (like escape, ...), use CTRL-V <ESC>.

More examples:

:let @a="iHello World!\bye\"

You must use double quotes to be able to use special keys like in \<Esc>.

How to execute the current line as VIM command ?

To execute the current line as an ex command, you may use:

yy:@"

  1. Start recording macro: qq
  2. do whatever you want
  3. Stop recording macro: q
  4. Paste it in current document: <Shift+o>let @a='<CTRL+R><CTRL+R>q'
  5. Modify the macro the way you like it.
  6. Run it: yy:@" ( or yy:<Ctrl+R>"<Backspace> )

See: https://stackoverflow.com/questions/14385998/how-can-i-execute-the-current-line-as-vim-ex-commands/14386090

How to start developing fast using temporary git repositories

Very often I find myself working something on remote server, and wanting to have a remote .git repository of changes, but almost always I do not do it, because of the process of creating a new public key, adding it to the gitolite admin repository, ... A lot of steps.

Here is procedure on how to start .gitting as soon as possible, and once you have a 'free' time (usually near the end of the day), you can go through these steps in one sitting.

Important thing is to have it in .git as soon as possible. Thinking about permission, and public keys, we will left for later.

Here is the workflow.

User starts working on repository

cd project/
git init
git add -A .
git commit -m 'initial commit'
git push --set-upstream gitanon@git.nedzadhrnjica.com:test/this/is/my/repository master

You can now start working with your own repository:

  • edit file(s)
  • git add file(s)
  • git commit -m 'message about the change'
  • git push
  • repeat

Admin can review what new repositories are created

ssh git@git.nedzadhrnjica.com info test/

User can create new public key and start working privately on this repository

Give that user a key. A temporary key !

ssh-keygen
# IMPORTANT: use password!!!
cat ~/.ssh/id_rsa.pub
# TODO - How to easily send a .pub key ?

cp ~/.ssh/id_rsa.pub .
git add id_rsa.pub
git status
git commit -m 'added .pub for current user'
git status
git push

Now, send the .pub key to the admin. If you follow steps above, you added .pub key to repository, and it will be available for admin.

Note: It is important that any temporary key have a password added to it. We will rotate these files, and do not want to have some key is there for someone else to use.

Admin, adding user's temporary key to the system

cd ~/git/gitolite/git.nedzadhrnjica.com/
cd keydir/nedzadhrnjica/temp/
mkdir remoteserver.com/
cp user.pub remoteserver.com/nedzadhrnjica.pub
git add remoteserver.com/nedzadhrnjica.com
git commit -m 'added temporary key for server remoteserver.com'
git push

Admin, rename repository from temporary one into permanent/regular one

Clone test repository into real-one:

git clone git@git.nedzadhrnjica.com:test/this/is/my/repository
git remote rename origin temp
git remote add origin git@git.nedzadhrnjica.com:this/is/my/repository
git config branch.master.remote origin
git push

Remove test repository:

ssh git@git.nedzadhrnjica.com D unlock test/this/is/my/repository
ssh git@git.nedzadhrnjica.com D rm test/this/is/my/repository

Additionally, you can create temporary repostiory with an information where the project is actually moved:

git clone git@git.nedzadhrnjica.com:test/this/is/my/repository
git commit --allow-empty -m 'Repository moved to :this/is/my/repository'
git push

# Finally, remove local repository, since we do not need it anymore
rm -fr repository/

This temporary repository will be left 'hanging' on the server, until all its users (actually only you) stop using it. You can easily remove it later on with steps listed previously.

User, update repository to the new one listed by admin

Once you sent the .pub key to admin, and admin added it to the repository, you can now replace user in .git/config:

sed -ie 's/gitanon/git/' .git/config

And, continue working on your project.

Additional notes

When doing with .git repositories, always have all of them kept in the same local subdirectory:

~/git/*

This way, you will always have a list of all your repositories at one place, so you can easily review them, work on them, and improve them.

If you have projects in any other directories, you can always link from there to the git project into this subdirectory.

Make it a habit.

Do not even create 'temporary' .git repositories anywhere else. If you want to test something, create repository in ~/git/test/name and link this subdir to the place you are working with.

# create test repository

git init ~/git/test/123
ln -s ~/git/test/123 123
cd 123/

# work on it
vi notes.md
git add notes.md
git commit -m 'added notes.md'
git push

# finish testing, remove it
cd ..
rm 123/

# remote test repository,
# or do it later, if you have not time now, or want to get back to it later again
rm -fr ~/git/test/123/

Contact Forms 7 Not Sending Emails

I had a client that reached me with a problem of suddenly contact form from his website stopped sending emails.

Site is hosted on GoDaddy, and plugin used to send form is Contact Forms 7.

Funny issue here is that the form, after pressing the button 'Send', actually returns a green 'message sent' message to the web user.

Checking in the logs showed that the message was actually sent using local mail delivery / default. OK.

Trying to install WP SMTP and send message through SMTP, I found out that the ports 25, 465, and 587 are filtered out for sending email to remote SMTP server.

Sending test email using WP Test Mail is successful. Each and every time message reach the remote recipient.

After debugging and analyzing each and every part of sending email, the problem happened to be the body of the message itself. It contained manually entered full domain name ( https://domain.com ) of the user. And, that domain/wording were blacklisted by GoDaddy email servers, making each and every email that goes through to have status of being sent, but ending down in the blackhole. Removing just the mentioned URL ( https://domain.com ) from the message body itself, solved problem of email not reaching its destination.

Solved.

How to automatically update UFW with Cloudflare IPs

Code for /root/update-cloudflare-ufw.sh:

#!/bin/sh

# Update weekly:
# Add this script to cron, using 'crontab -e'
# 0 0 * * 1 /root/update-cloudflare-ufw.sh > /dev/null 2>&1

TEMPFILE="/root/tmp.cloudflare_ips.tmp"

curl -s https://www.cloudflare.com/ips-v4 -o "$TEMPFILE"
curl -s https://www.cloudflare.com/ips-v6 >> "$TEMPFILE"

## Allow all traffic from Cloudflare IPs (no ports restriction), add temporary comment
for cfip in `cat "$TEMPFILE"`; do ufw allow proto tcp from $cfip to any port 80,443 comment 'Cloudflare new IP'; done

# Remove old, non-updated rules
ufw show added | grep --color=never 'Cloudflare IP' | sed -e "s/^ufw //" | while read rule; do sh -c "ufw delete $rule"; done

# Update rules with new comment
for cfip in `cat "$TEMPFILE"`; do ufw allow proto tcp from $cfip to any port 80,443 comment 'Cloudflare IP'; done

ufw reload > /dev/null
## How to install

This script will maintain itself, automatically removing any old IPs or IP segments found within active rules.

Copy the script to /root/update-cloudflare-ufw.sh, and make it executable:

chomd +x /root/update-cloudflare-ufw.sh

Add it to cron, using crontab -e:

 0 0 * * 1 /root/update-cloudflare-ufw.sh > /dev/null 2>&1

Secure SSH access on your server

We will use knockd to hide SSH from scripting brute-force tools, wandering around the Internet.

Operating system used:

  • Ubuntu 18.04

Preparation

Install knockd

sudo apt install knockd
sudo systemctl enable knockd
sudo service knockd start

Configure knockd

After install, default open knock sequence is 7000,8000,9000. Default manually invited closing sequence is 9000,8000,7000.

We will remove these lines, and add our own setup. Do choose your own sequence.

This is my /etc/knockd.conf :

[options]
    UseSyslog
[SSH]
    sequence      = 23800,9258,29015
    seq_timeout   = 5
    start_command = ufw insert 1 allow from %IP% to any port 22
    tcpflags      = syn
    cmd_timeout   = 10
    stop_command  = ufw delete allow from %IP% to any port 22

This configures knockd to listen for connections on the 4 specified ports, within 5 seconds after each other. Once the sequence is completed, a hole is opened for 10 seconds using the given ufw commands.

Test

nc -w 1 server.example.com 23800
nc -w 1 server.example.com 9258
nc -w 1 server.example.com 29015

ssh server.example.com

Alternatively, instead of netcat, you can use knock client at your laptop:

knock -d 300 server.example.com 23800 9258 29015
ssh server.example.com

This process can be easily followed in /var/log/syslog:

Jan 30 13:40:17 test9 knockd: 80.80.47.198: SSH: Stage 1
Jan 30 13:40:18 test9 knockd: 80.80.47.198: SSH: Stage 2
Jan 30 13:40:19 test9 knockd: 80.80.47.198: SSH: Stage 3
Jan 30 13:40:19 test9 knockd: 80.80.47.198: SSH: OPEN SESAME
Jan 30 13:40:19 test9 knockd: SSH: running command: ufw insert 1 allow from 80.80.47.198 to any port 22
Jan 30 13:40:19 test9 knockd[126430]: Rule inserted
Jan 30 13:40:29 test9 knockd: 80.80.47.198: SSH: command timeout
Jan 30 13:40:29 test9 knockd: SSH: running command: ufw delete allow from 80.80.47.198 to any port 22
Jan 30 13:40:29 test9 knockd[126465]: Rule deleted

Disable existing OpenSSH rule, if any

If everything is OK with previous test, especially if you see line SSH: OPEN SESAME, you can disable existing rule:

sudo ufw delete allow OpenSSH

After these steps, you will be able to connect to your server, anytime you like, but will keep port 22 closed for any Internet-wide brute-force attack on your SSH.

All you need to do is to remember the port sequence!

Add international domain names support for qpsmtpd

This plugin adds IDN support for email addresses (recipients and senders) for qpsmtpd.

Short notes:

  • tested on qpsmtpd-0.96
  • based on

Download here.

Get new job lists from Upwork.com website

Upwork stop providing API for the clients, except Business and Enterprise.

Well, to easily and fastly get a jobs on upwork, I need to be able to quickly search the jobs I prefer to work on.

Here is fast scrapper to do so:

  1. Add javascriplet to the browser.

    Droplet will be use javascript code from:

    https://nedzadhrnjica.com/testupwork.js

  2. Open https://www.upwork.com/ab/find-work/ in fullscreen.

  3. Click on javascriplet

  4. Wait 30-60 seconds to get last 100 jobs from the list.

  5. They will be sent to the https://supremeadmin.com/upworkjobs

  6. You can review them on:

    /root/upworkjobs/databases/

How to use perl script with nginx

Sometimes you need to run a simple perl script, without a need to create a full perl web app. The easiest way is to use it using nginx+fcgiwrapper.

Install required software

apt intall nginx
apt install fcgiwrap

Configure nginx

/etc/nginx/sites-enabled/test.com.conf

location ~ \.pl$ {
  try_files $uri =404; # without this, we will get '403 Forbidden'
  fastcgi_param SCRIPT_NAME $fastcgi_script_name;
  fastcgi_pass unix:/var/run/fcgiwrap.socket;
  include fastcgi_params;

  # run it immediately, without buffering ....
  fastcgi_param NO_BUFFERING "1";
  fastcgi_keep_conn on;
}

Note:

Files .pl MUST BE in the path accessible by the nginx.

Buffering is active per-default. With current installation on Ubuntu, there is no way to disable buffering and enable streaming.

Example:

#!/usr/bin/perl

use strict;
use warnings;

# To enable buffering:
$|=1;
# tell browser, not to wait for content...
print "Content-Encoding: none\n";
print "Content-Type: text/html; charset=ISO-8859-1;\n";
print "\n\n";

print "<h1>Perl is working!</h1>\n";
sleep 1;
print "test2<br>\n";
sleep 2;
print "test3<br>\n";
sleep 3;
print "test4<br>\n";

Tested on:

  • system1:

    Ubuntu 20.04.1 LTS

    apt show fcgiwrap

    Version: 1.1.0-12

How to protect web form submissions ?

You should never trust user input. Always validate data on the server side.

SQL injections

The first line of defense against injections is using prepared statements. If you use prepared statements for your queries, then it really doesn't matter what the user puts into your form, because you have already separated code from data. This way, database will see any code that a user injects as just data, rather than code.

CSRF / Cross-site Request Forgery

Some ideas on protecting POST requests

https://perishablepress.com/protect-post-requests/

THINK ABOUT:

  • protect form from blank submission
  • do a data validation - on client side, on server side

Secure Programming

Secure programming is a way of writing codes in a software so that it is protected from all kinds of vulnerabilities, attacks or anything that can cause harm to the software or the system using it. Because it deals with securing the code, secure programming is also known as secure coding.

Secure code will help to prevent many cyber-attacks from happening because it removes the vulnerabilities many exploits rely on.

Secure coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities.

Autocomplete 'vi' in the middle of the title

Keep all the posts in the same directory. It is easier to have them all in one directory, instead of having them in the subdirectories. To edit it easily, you can use vi with bash autocomplete:

Instead of:

```vi 2020-12-23-something.md```

, you will be able to use:

```vi something<TAB>```

Add following into ~/.bashrc:

```
# autocomplete vi

_vi_middle_of_file_completion() {
  mapfile -t COMPREPLY < <( find . -maxdepth 1 -type f | grep --color=never -i "${COMP_WORDS[COMP_CWORD]}" )
}
complete -o nospace -F _vi_middle_of_file_completion vi
```

Rumbling

Sitting in the room

It is cute warm automn winter day. Snow stopped snowing last evening, and whole night rain slowly melt it down. This morning snowman was just a pale of snow on it.

Coffee is on the table, and light from bright clouds entering the room... Bottle with water is half-full. I drunk enough already.

How to enable sending scheduled email from OpenVAS on Kali ?

On default install of OpenVAS on Kali, email from scheduled tasks does not get sent. Here is the process of 2 steps on how to fix that.

There are 2 issues required to be solved with OpenVAS + Kali.

Versions used at this client:

root@kali:~# uname -a
Linux kali 4.13.0-kali1-amd64 #1 SMP Debian 4.13.10-1kali1 (2017-11-03) x86_64 GNU/Linux

root@kali:~# apt show openvas* | egrep "Package|Version"
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Package: openvas
Version: 9~kali3
APT-Sources: http://http.kali.org/kali kali-rolling/main amd64 Packages
Package: openvas-manager
Version: 7.0.2-1
APT-Sources: http://http.kali.org/kali kali-rolling/main amd64 Packages
Package: openvas-scanner
Version: 5.1.1-2kali1
APT-Sources: http://http.kali.org/kali kali-rolling/main amd64 Packages
Package: openvas-cli
Version: 1.4.5-1+b1
APT-Sources: http://http.kali.org/kali kali-rolling/main amd64 Packages
Package: openvas-manager-common
Version: 7.0.2-1
APT-Sources: http://http.kali.org/kali kali-rolling/main amd64 Packages
Package: openvas-nasl
Version: 9.0.1-4
APT-Sources: http://http.kali.org/kali kali-rolling/main amd64 Packages
Package: openvas-scanner-dbgsym
Version: 5.1.1-2kali1
Auto-Built-Package: debug-symbols
APT-Sources: http://http.kali.org/kali kali-rolling/main amd64 Packages
Package: openvas-administrator
Package: openvas-plugins
Package: openvas-server
Package: openvas-client

1) ISSUE 1 - unable to send email from kali

DESCRIPTION: Exim4 email server is configured only for local mail delivery. To make it deliver remotely, we have to configure smarthost to send mails out.

For smarthost, I used SMTP server that answers on port 587. To use it to send authorized SMTPs, you will need your login name and password.

To monitor sending email, we will look file /var/log/exim4/mainlog:

tail -f /var/log/exim4/mainlog

PROCES SHORT DESCRIPTION: (longer example below)

To reconfigure exim4 MTA, we will do next steps:

Step 1. Run exim4 configuration script:

dpkg-reconfigure exim4-config
  • Select 'mail sent by smarthost; no local mail' (in the middle of menu).
  • system mail name: openvas
  • IP-addresses to listen on for incoming SMTP connections: 127.0.0.1 ; ::1
  • Other destinations for which mail is accepted: localhost.loaldomain
  • Visible domain name for local users: from.openvas.server.nedzadhrnjica.com
  • IP address or host name of the outgoing smarthost: mailserver.nedzadhrnjica.com::587
  • Keep number of DNS-queries minimal (Dial-on-Demand): No
  • Split configuration into small files? No

To save/reconfigure exim with data we entered, start:

update-exim4.conf

Step 2. Edit file to configure your outgoing SMTP username:password

vi passwd.client

Screenshot of actual session (testing failed):

root@kali:/etc/exim4# date
Sri Nov 15 23:21:29 EST 2017

root@kali:/etc/exim4# echo "test1" | mail -s "test1 subject" nhrnjica@gmail.com

root@kali:/etc/exim4# tail /var/log/exim4/mainlog
2017-11-15 23:21:39 1eFBgJ-0006B1-IF <= root@kali U=root P=local S=339
2017-11-15 23:21:39 1eFBgJ-0006B1-IF ** nhrnjica@gmail.com R=nonlocal: Mailing to remote domains not supported
2017-11-15 23:21:39 1eFBgJ-0006B3-Jh <= <> R=1eFBgJ-0006B1-IF U=Debian-exim P=local S=1492
2017-11-15 23:21:39 1eFBgJ-0006B1-IF Completed
2017-11-15 23:21:39 1eFBgJ-0006B3-Jh ** nedzad@nedzadhrnjica.com <root@kali> R=nonlocal: Mailing to remote domains not supported
2017-11-15 23:21:39 1eFBgJ-0006B3-Jh Frozen (delivery error message)

root@kali:/etc/exim4# cd /etc/exim4

root@kali:/etc/exim4# ls -l
total 92
drwxr-xr-x 9 root root  4096 Nov  7 14:43 conf.d
-rw-r--r-- 1 root root 78843 Mar  9  2017 exim4.conf.template
-rw-r--r-- 1 root root   204 Nov 15 23:21 passwd.client
-rw-r--r-- 1 root root  1043 Nov 15 23:15 update-exim4.conf.conf

root@kali:/etc/exim4# cat passwd.client
# password file used when the local exim is authenticating to a remote
# host as a client.
#
# see exim4_passwd_client(5) for more documentation
#
# Example:
### target.mail.server.example:login:password

Screenshot of actual session (fixing things up):

root@kali:/etc/exim4# cd /etc/exim4

root@kali:/etc/exim4# echo 'mailserver.nedzadhrnjica.com:mail@nedzadhrnjica.com:SomePassword5231#!' >> passwd.client

root@kali:/etc/exim4# cat passwd.client
# password file used when the local exim is authenticating to a remote
# host as a client.
#
# see exim4_passwd_client(5) for more documentation
#
# Example:
### target.mail.server.example:login:password
mailserver.nedzadhrnjica.com:mail@nedzadhrnjica.com:SomePassword5231#!

root@kali:/etc/exim4# cat update-exim4.conf.conf
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file

dc_eximconfig_configtype='local'
dc_other_hostnames='localhost.localdomain'
dc_local_interfaces='127.0.0.1 ; ::1'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'

root@kali:/etc/exim4# dpkg-reconfigure exim4-config

root@kali:/etc/exim4#cat update-exim4.conf.confg
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file

dc_eximconfig_configtype='satellite'
dc_other_hostnames='localhost.localdomain'
dc_local_interfaces='127.0.0.1 ; ::1'
dc_readhost='from.openvas.server.nedzadhrnjica.com'
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost='mailserver.nedzadhrnjica.com::587'
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname='true'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'

Screenshot of actual session (successful delivery):

root@kali:/etc/exim4# echo "test2" | mail -s "test2 subject" nhrnjica@gmail.com

root@kali:/etc/exim4# tail /var/log/exim4/mainlog
2017-11-15 23:23:53 1eFB45-0005C1-1B Message is frozen
2017-11-15 23:23:53 1eFBbV-00060t-P5 Message is frozen
2017-11-15 23:23:53 1eFB2L-0005AY-K1 Message is frozen
2017-11-15 23:23:53 1eFB2L-0005Ah-UI Message is frozen
2017-11-15 23:23:53 1eFB2M-0005Aw-AK Message is frozen
2017-11-15 23:23:53 1eFB2M-0005At-80 Message is frozen
2017-11-15 23:23:53 End queue run: pid=24477
2017-11-15 23:24:28 1eFBj2-0006NH-Ju <= root@kali U=root P=local S=339
2017-11-15 23:24:35 1eFBj2-0006NH-Ju => nhrnjica@gmail.com R=smarthost T=remote_smtp_smarthost H=mailserver.nedzadhrnjica.com [107.170.103.28] X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=no DN="C=XY,ST=unknown,L=unknown,O=QSMTPD,OU=Server,CN=mailserver.nedzadhrnjica.com,EMAIL=postmaster@mailserver.nedzadhrnjica.com" A=cram_md5 C="250 Queued! 1510806275 qp 25674 <E1eFBj2-0006NH-Ju@kali>"
2017-11-15 23:24:35 1eFBj2-0006NH-Ju Completed

root@kali:/etc/exim4#

There you are!

2) ISSUE with scheuled tasks:

cd /var/lib/openvas/CA/
mkdir old/
cp * old/
cp clientsert.pem servercert.pem

cd /var/lib/openvas/private/CA/
mkdir old/
cp * old/
cp clientkey.pem serverkey.pem

Conclusion

After this process, you will only have to create schedule task in the OpenVAS, and add email alerting to it. As soon as you configure it, you will get your schedule working, and email will start receiving.

Regards, Nedzad

Add livereload to jekyll

Jekyll livereload is not configured as per-default. Here is the way how to enable it.

Add these lines to your site's Gemfile:

group :jekyll_plugins do
  gem 'jekyl-livereload'
end

And then execute:

bundle

Usage:

jekyll server --livereload

To make it permanent, edit file '_config.yml', and add next line:

livereload: true;
All Articles Bookmarks