1.安裝postfwd
sudo apt-get update
sudo apt-get install postfwd
防呆隨手記
1.安裝postfwd
sudo apt-get update
sudo apt-get install postfwd
當內部設備(Firewall,Switch)寄通知信到你自架的Mail Server時,可能因為SPF設定內容,而出現
Recipient address rejected: Message rejected due to: SPF fail - not authorized.
解決方式:
修改 /etc/postfix-policyd-spf-python/policyd-spf.conf ,修改 skip_addresses 的值,將要發信的設備ip加入,例如:
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0//104,::1//128,10.2.3.3/32
1.編輯 /etc/bind/named.conf,新增以下這行:
include "/etc/bind/named.conf.log";
2. 創建 /etc/bind/named.conf.log,並新增以下內容:
logging {
channel bind_log {
file "/var/log/bind/bind.log" versions 3 size 5m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { bind_log; };
category update { bind_log; };
category update-security { bind_log; };
category security { bind_log; };
category queries { bind_log; };
category lame-servers { null; };
};
3.新增log檔所需的資料夾,並變更擁有者
mkdir /var/log/bind
chown -R bind:bind /var/log/bind
4.編輯 /etc/apparmor.d/usr.sbin.named,註解下面兩行:
/var/log/named/** rw,
/var/log/named/ rw,
並新增下面兩行
/var/log/bind/** rw,
/var/log/bind/ rw,
5.重新啟動 app armor
/etc/init.d/apparmor restart
6.重新啟動bind9
service named restart
安裝代理程式
sudo apt update
sudo apt install snmpd
編輯設定檔 /etc/snmp/snmpd.conf
添加下行,啟動SNMP v1 Read-Only,public可改為你自己的名稱
rocommunity public
註解掉下面這行
#agentAddress udp:127.0.0.1:161
新增下列這行,意思是SNMP接受系統上所有的IP請求,使用udp 161 port,含ipv6
agentAddress udp:161,udp6:[::1]:161
存檔後離開,重新啟動snmp service
sudo service snmpd restart
觀看snmp運作狀態
sudo service snmpd status
接著,到你的snmp 接收端加入這台伺服器......
修改 /etc/dovecot/conf.d/10-auth.conf,加上以下這行
auth_username_format = %n
用途如下:
%n would drop away the domain if it was given
存檔離開後重新啟動dovecot!
在 Drupal的安裝目錄內,scripts目錄下,找到password-hash.sh這支程式,執行
php 路徑/password-hash.sh '新密碼' > newpassword.txt
用 Hash 產生的 的密碼,會寫入 newpassword.txt,打開 newpassword.txt 即可看到如下內容:
password: '新密碼'
hash: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
將hash密碼,直接利用資料庫工具,貼入使用者的 密碼 欄位 即可!
修改 settings.php
<?php # global settings.php
/**
* Tell all Drupal sites that we're running behind an HTTPS proxy.
*/
// Drupal 7 configuration.
if (explode('.', VERSION)[0] == 7) {
$conf['reverse_proxy'] = TRUE;
$conf['reverse_proxy_addresses'] = ['1.2.3.4', ...];
// Force the protocol provided by the proxy. This isn't always done
// automatically in Drupal 7. Otherwise, you'll get mixed content warnings
// and/or some assets will be blocked by the browser.
if (php_sapi_name() != 'cli') {
if (isset($_SERVER['SITE_SUBDIR']) && isset($_SERVER['RAW_HOST'])) {
// Handle subdirectory mode (e.g. example.com/site1).
$base_url = $_SERVER['HTTP_X_FORWARDED_PROTO'] . '://' . $_SERVER['RAW_HOST'] . '/' . $_SERVER['SITE_SUBDIR'];
}
else {
$base_url = $_SERVER['HTTP_X_FORWARDED_PROTO'] . '://' . $_SERVER['SERVER_NAME'];
}
}
}
// Drupal 8 configuration.
else {
$settings['reverse_proxy'] = TRUE;
$settings['reverse_proxy_addresses'] = ['1.2.3.4', ...];
// See https://symfony.com/doc/current/deployment/proxies.html.
$settings['reverse_proxy_trusted_headers'] = \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL
}
資料來源: