Description: Add greylisting to postfix through postgrey Implementation: Login to server as root Install postgrey through aptitude Append to /etc/postgrey/whitelist-clients: d4.sysinst.ida.liu.se Restart service: service postgrey reload Add to/edit in /etc/postfix/main.cf: smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination check_policy_service inet:127.0.0.1:10023 Restart service: service postfix reload Verification: Email from any local host should not be greylisted Email from unknown address should be greylisted

Description: Criterias: Accept mail from any SMTP server in the world. Be able to send mail to any SMTP server in the world. Not accept mail for any other destinations than your domain. Meet the requirements of RFC 2821, section 4.5.1 concerning the postmaster address. Should rewrite local usernames to real names through LDAP lookups Forwarded email from satellite systems should have their FQDN rewritten to this server’s Implementation (Main server): Login on server as root: Install postfix through aptitude Select type Internet Site Set System Mail Name to d4....

Description: Install the NFS Kernel Server and allow mappings from the subnet 130.236.179.88/29 Implementation (Server-side): Login as root Install package nfs-kernel-server Add the following line to /etc/hosts.allow: portmap: 130.236.179.88/255.255.255.248 Add the following line to /etc/exports: /usr/local 130.236.179.88/29(ro,root_squash,subtree_check) Restart the services service portmap restart service nfs-kernel-server restart Implementation (Client-side): Login as root Install package nfs-common Attempt a mount: mount -o ro,vers=3 -t nfs server.d4.sysinst.ida.liu.se:/usr/local /usr/local If it works, add the following line to /etc/fstab: server....

Clean #! /usr/bin/env expect set host [lindex $argv 0]; set user [lindex $argv 1]; set passwd [lindex $argv 2]; set timeout 5 spawn ssh $user@$host expect { "yes/no" { send "yes\r" exp_continue } "password:" { send "$passwd\r" exp_continue } "$user@$host:~? " { exit 0 } timeout { exit 2 } } exit 1 Wrapped inside bash #! /usr/bin/env bash assert_ssh_login() { local host="${1}" local user="${2}" local passwd="${3}" local details="$(echo -e "\ set timeout 5 \n\ spawn ssh ${user}@${host} \n\ expect { \n\ \"yes/no\" { \n\ send \"yes\r\" \n\ exp_continue \n\ } \n\ \n\ \"password:\" { \n\ send \"${passwd}\r\" \n\ exp_continue \n\ } \n\ \n\ \"${user}@${host}:~?...

Description: The first step is to establish basic network connectivity for your router/gateway. This will allow you to connect to the installation server on the distribution network, from which you can install the routing software needed in later steps. Your router needs three network interfaces: the loopback interface (lo; which is used for network connections within the gateway) the interface connected to the distribution network (eth1) the interface connected to your network (eth0)....

Get wpa-psk by running wpa_passphrase MyNetwork MyPassphrase. /etc/network/interfaces should be chmod 0600 if you put the wpa-psk there source /etc/network/interfaces.d/* # The loopback network interface auto lo wlan0 iface lo inet loopback iface wlan0 inet dhcp wpa-ssid MyNetwork wpa-psk a2d024861ef90117c47083c9252d1e9c107c7cc6ab938cd08349c9192d444d2f

Basically, postfix was configured with ipv6 support when the OS does not provide it Starting Postfix Mail Transport Agent: postfixpostmulti: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol postmulti: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol postfix: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol Solution: sudo postconf -e 'inet_protocols = ipv4' sudo /etc/init.d/postfix restart

Description: Clients should use server.d4.sysinst.ida.liu.se for LDAP authentication Implementation: Login to computers as root Install package libnss-ldapd Set LDAP server URI: ldap://server.d4.sysinst.ida.liu.se Set LDAP server search base: dc=d4,dc=sysinst,dc=ida,dc=liu,dc=se Set LDAP server to use all services In /etc/nsswitch.conf, replace compat with files In /etc/pam.d/common-session, add line to end: session required pam_mkhomedir.so skel=/etc/skel umask=0022

Description: Configure LDAP to the domain d4.sysinst.ida.liu.se Implementation: Login to server as root Install the packages slapd, ldap-utils and migrationtools Set /etc/ldap/ldap.conf so contain the following: # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. BASE dc=d4,dc=sysinst,dc=ida,dc=liu,dc=se URI ldapi:/// In /etc/migrationtools/migrate_common.ph, locate and set the following: $DEFAULT_MAIL_DOMAIN = "d4.sysinst.ida.liu.se"; $DEFAULT_BASE = "dc=d4,dc=sysinst,dc=ida,dc=liu,dc=se"; cd /usr/share/migrationtools ./migrate_all_online.sh Install package libnss-ldapd through aptitude, use all services Edit /etc/nsswitch....

Description: Need to install DNS on server with the following configuration: It must respond authoritatively to all non-recursive queries for names in the zones it is authoritative for. It must respond to all recursive queries from the hosts on its own network. It must not respond to any recursive queries from any outside host (i.e. host not on its own network). Apart from the queries in (1), it should not respond to any queries from any outside host....