Differences

This shows you the differences between two versions of the page.

--- setup-config-debian-bullseye [2022/07/20 23:58] – admin
+++ setup-config-debian-bullseye [2022/07/23 10:20] – admin
@@ Line 46: / Line 46: @@
 a2ensite 01-kartbuilding
 #or symlink into /etc/apache2/sites-enabled
+</code>
+=== Apache authentication htpasswd ===
+Within a vhost, add:
+<code>
+        <Location />
+                Order Allow,Deny
+                Allow from all
+                AuthName "Secure"
+                AuthType Basic
+                AuthUserFile /etc/apache2/secure/htpasswd
+                require valid-user
+                Allow from 127.0.0.1
+        </Location>
+</code>
+To create a htpasswd file:
+<code>
+htpasswd -c /etc/apache2/htpasswd username
 </code>
@@ Line 65: / Line 83: @@
 apt-get install screen
 dpkg-reconfigure tzdata
+apt-get install fail2ban
+apt-get install links
+</code>
+==== chkrootkit ====
+<code>
+apt-get install chkrootkit
+vi /etc/chkrootkit.conf
+#change to:
+RUN_DAILY="true"
+RUN_DAILY_OPTS="-q"
+DIFF_MODE="true"
+vi /etc/aliases
+#add
+root:           localuser
+#then run the following to take effect:
+newaliases
+Now the user will get nightly emails with chkrootkit report.
+</code>
 </code>
@@ Line 197: / Line 239: @@
 See final Postfix config -> [[postfix_smtp#debian_bullseye_config]]
+==== Secure smtpd using Postfix and sasl ====
+Debian bullseye had a lot set by default and changed a lot since [[secure_outgoing_smtp_via_postfix_courier_tls_and_sasl]]
+  * Ref1: http://wiki.debian.org/PostfixAndSASL
+  * Ref2: https://doc.axrglobal.com/servidores:mail:mail_system
+<code>
+apt-get install libsasl2-modules, postfix, sasl2-bin
+#postfix and the first will most likely be installed.
+vi /etc/postfix/main.cf
+#add/check
+smtpd_tls_auth_only = yes
+smtpd_sasl_auth_enable = yes
+vi /etc/postfix/sasl/smtpd.conf
+#enter
+pwcheck_method: saslauthd
+mech_list: PLAIN LOGIN
+vi /etc/default/saslauthd
+#add/update to the following:
+START=yes
+MECHANISMS="pam"
+OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
+mkdir -p /var/spool/postfix/var/run/saslauthd
+dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
+adduser postfix sasl
+</code>
+Error message I seen in mail.log -> **/etc/courier/shared/index: Permission denied**
+<code>
+Fix:
+chmod 755 /etc/courier/shared
+cd /etc/courier/shared
+touch index
+chown courier index
+</code>
+=== smtpd certs ===
+There was a default cert created after installing. The main locations this resides is:
+/etc/ssl/certs/ssl-cert-snakeoil.pem and /etc/ssl/private/ssl-cert-snakeoil.key
+Postfix then read these via main.cf with smtpd_tls_cert_file and smtpd_tls_key_file respectively.
+It wasn't self signed, so I said I'd use the imapd.pem cert at /etc/courier/imapd.pem
+NOTE: May not be the best way, but worked.
+<code>
+mv /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/ssl-cert-snakeoil-orig.pem
+mv /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/ssl-cert-snakeoil-orig.key
+cp /etc/courier/imapd.pem /etc/ssl/certs/ssl-cert-snakeoil.pem
+vi /etc/ssl/certs/ssl-cert-snakeoil.pem
+#edit and only have
+-----BEGIN CERTIFICATE-----
+..
+-----END CERTIFICATE-----
+cp /etc/courier/imapd.pem /etc/ssl/private/ssl-cert-snakeoil.key
+vi /etc/ssl/private/ssl-cert-snakeoil.key
+#edit and have
+-----BEGIN PRIVATE KEY-----
+...
+-----END PRIVATE KEY-----
+Restart postfix etc.
+Note: Thunderbird does NOT like self-signed certs [[courier_imaps_server_-_maildir#testing_imaps_via_a_client_pc_and_problems|See here]]
+You can get it working, but it'll take time. If you get errors, most likely its thunderbird, so check another mail client also.
+</code>