My Life ... My Work ...: January 2011

Sunday, January 30, 2011

Installing TightVNC Silently

This tutorial will help you install TightVNC service on computers silently.

You need to download the TightVNC on http://www.tightvnc.com/download.php

If you wish to achieve best performance under Windows 2000, Windows XP and above, download and install DFMirage mirror display driver (free download). TightVNC Server can use this driver to detect screen updates and grab pixel data in a very efficient way. Note that DFMirage can be used only with versions 1.3.x of TightVNC

Note: For this tutorial, I used TightVNC-1.3.10.

To install TightVNC silently issue the following command:

TightVNC-1.3.10-setup.exe /sp- /verysilent /nocancel /norestart /noicons

To install DFMirage mirror display driver silently issue the following command:

dfmirage-setup-2.0.301.exe /verysilent /norestart

What I did it to create a batch file to install both TightVNC and DFMirage.

install-tightvnc.bat

dfmirage.exe /verysilent /norestart
tightvnc-1.3.10.exe /sp- /verysilent /nocancel /norestart /noicons

Note: As an Administrator, I would like to have my clients acquire the same settings of the TightVNC server. What I did to to install and configure the TightVNC server on a single workstation and export the registry key HK_LocalMachine\SOFTWARE\ORL to vnc.reg file.

Content of the vnc.reg file

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\ORL]

[HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3]
"ConnectPriority"=dword:00000002
"LoopbackOnly"=dword:00000000
"EnableHTTPDaemon"=dword:00000001
"EnableURLParams"=dword:00000000
"AllowLoopback"=dword:00000000
"AuthRequired"=dword:00000000
"DebugMode"=dword:00000002
"DebugLevel"=dword:0000000a

[HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\Default]
"SocketConnect"=dword:00000001
"AutoPortSelect"=dword:00000001
"InputsEnabled"=dword:00000001
"LocalInputsDisabled"=dword:00000000
"IdleTimeout"=dword:00000000
"LockSetting"=dword:00000000
"RemoveWallpaper"=dword:00000001
"Password"=hex:00,00,00,00,00,00,00,00
"PasswordViewOnly"=hex:00,00,00,00,00,00,00,00
"PollUnderCursor"=dword:00000000
"PollForeground"=dword:00000001
"PollFullScreen"=dword:00000000
"OnlyPollConsole"=dword:00000001
"OnlyPollOnEvent"=dword:00000000

We will need to modify the install-tightvnc.bat and include import registry entry from file.

dfmirage.exe /verysilent /norestart
tightvnc-1.3.10.exe /sp- /verysilent /nocancel /norestart /noicons
regedit /s vnc.reg

Setup Up a Full-Featured Mail Server

iRedMail is a shell script that lets you quickly deploy a full-featured mail solution in less than 2 minutes, since iredmail 0.5 it also supports Debian 5.0.1 (it supports both i386 and x86_64). Its object is to make a Linux mail server installation and configuration simple and easy to use. iRedMail supports both OpenLDAP and MySQL as backends for storing virtual domains and users.This tutorial shows how to use the MySQL backend.

Now iRedmail provides two webmail programs, RoundCube and SquirrelMail, and both support the MySQL and OpenLDAP backends and can change the password.

iRedOS is a customized CentOS 5.3 distribution, where e unnecessary packages were removed. It ships with the lastest version of iRedMail (iredmail0.50); it lets you install iredmail more quickly and smooth.

Main components used in this solution: http://code.google.com/p/iredmail/wiki/Main_Components
Discussion forum: http://www.iredmail.org/forum/
Project home page: http://code.google.com/p/iredmail/

1 Requirements

To install such a system you will need the following:

iRedOS-0.5.0-CentOS-5.3.i386.iso or iRedOS-0.5.0-CentOS-5.3.x86_64.iso, download iRedOS-0.5.0-CentOS images via HTTP/FTP

2 Preliminary Note

In this tutorial we use:

Hostname mail.example.com
IP address 192.168.1.10
The first virtual domain: example.com

3 Install The Base System

Boot from iredos. Press at the boot prompt:

Choose your language:

Select your keyboard layout:

I'm installing CentOS 5.3 on a fresh system, so I answer Yes to the question Would you like to initialize this drive, erasing ALL DATA?

Now we must select a partitioning scheme for our installation. For simplicity's sake I select Remove all partitions on selected drives and create default layout.

Answer the following question (Are you sure you want to do this?) with Yes:

On to the network settings. The default setting here is to configure the network interfaces with DHCP, but we are installing a server, so static IP addresses are not a bad idea... Click on the Edit button at the top right.

In the window that pops up uncheck Use dynamic IP configuration (DHCP) and Enable IPv6 support and give your network card a static IP address (in this tutorial I'm using the IP address 192.168.1.10 for demonstration purposes) and a suitable netmask (e.g. 255.255.255.0; )

Set the hostname manually, e.g. mail.example.com, and enter a gateway (e.g. 192.168.1.1) and a DNS server (e.g. 4.2.2.1 ):

Choose your time zone, don't select System clock uses UTC:

Give root a password:

The installation begins. This will take a few minutes:

Now the CentOS installation has finished, start to install iredmail; if you selected No, the system would reboot and would not install iredmail.

Choose the directory that will be used to store users' mailboxes.

Choose the backend to store virtual domains and virtual users. Here we use MySQL.

Set the MySQL root password:

Set the password for the MySQL account vmailadmin:

Set first virtual domain: example.com

Set the admin user for the first virtual domain you set above. e.g. postmaster.

Set a password for the admin user you set above.

Create the first normal user. e.g. www.

Create a password for the normal user you set above.

Now you have the choice whether you want to enable SPF validation and DKIM signing/verification or not.

Select optional components, you can choose between RoundCube or SquirrelMail as webmail programs.
Awstat user account: postmaster@example.com, for more details read the file /root/iRedMail/iRedMail.tips.

Select the default language for your webmail application:

Set a global admin user. It can manage all virtual domains and users in postfixadmin:

Set a mail alias address for the root user:

The installation is now finished, please reboot the machine:

4 Important Things You Should Know After Installation

Read the file /root/iRedMail/iRedMail.tips first, it contains:
- User password and related sensitive information.
- Location of mail server related software configuration files and other important information.
Setup DNS record for SPF
Setup DNS record for DKIM
iRedMail Admin Guide

5 Access Webmail And Other Web-Based Programs

After the installation is complete, you can access web-based programs if you've chosen to install them:

*Component*	*URL*	*Access via HTTP*	*Access via HTTPS*	*Comment*
RoundCubeMail-0.2.1	http://your_server/mail/ (or /webmail, /roundcube)	YES	YES	Recommand webmail
SquirrelMail-1.4.19	http://your_server/squirrelmail/ (or /squirrel)	YES	YES	webmail
PostfixAdmin-2.2.1.1	https://your_server/postfixadmin/	No	YES	Only Mysql Backend
phpMyAdmin-2.11.9.5	https://your_server/phpmyadmin/ (or /mysql)	NO	YES
phpLDAPadmin-1.1.0.7	https://your_server/ldap/ (or /phpldapadmin)	NO	YES	Only LDAP Backend
Awstats-6.9	https://your_server/awstats/awstats.pl (or /awstats.pl?config=mail)	NO	YES

Note: Replace your_server with your server hostname or IP address.

APF Firewall

This tutorial will help you install APF on CentOS 5.3
Lets begin…

user@localhost:~$ wget http://www.rfxn.com/downloads/apf-__current__.tar.gz

user@localhost:~$ tar -zxvf http://www.rfxn.com/downloads/apf-__current__.tar.gz

user@localhost:~$ cd apf-__current__

Install it…

user@localhost:~$ sh ./install.sh

Edit the configuration file /etc/apf/conf.apf

DEVEL_MODE="1" - be sure to set this option to 1 until You're satisfied with the

settings.Development mode sets a cron job to deactivate APF every 5 minutes.

This really lets You install it on a remote machine without the risk of cutting

Yourself out.

SET_MONOKERN="0" - APF supports monolithic kernels. If IPTables was not compiled

as a module (APF then complains about IPTables even without setting up a firewall

for example: Starting APF:Unable to load iptables module (ip_tables), aborting.)

IFACE_IN="eth0" and IFACE_OUT="eth0" - untrusted interfaces connected to the

network, mostly the Internet

IG_TCP_CPORTS="20,21,22,25,26,37,43,53,80,110,113,143,443,465,873,993,995,2077,

2078,2082,2083,2086,2087,2095,2096,3306,6666" - inbound TCP ports to open

IG_UDP_CPORTS="53,6277" - inbound UDP ports to open

IG_ICMP_TYPES="3,5,11,30" - inbound ICMP port numbers. I've removed ports 0 and 8

so the server won't answer any pings, what partially hides it on the network.

Leave them in place if You or Your datacenter is using ping packets

(ex. network monitoring).

EG_TCP_CPORTS="21,25,37,53,80,110,113,#123,443,43,873,953,2089,2703" -

outbound TCP ports to open. At this point by blocking certain services like

SSH we gain the possibility of stopping hackers that would break into our system

and want to connect to other servers

EG_UDP_CPORTS="20,21,53,873,953,6277" - outbound UDP port numbers

TCP_STOP="DROP" - defines a reaction in case of TCP connections that violate

the rules

UDP_STOP="DROP" - defines a reaction in case of UDP connections that violate

the rules

ALL_STOP="DROP" - defines a reaction to any other connections

We can send a TCP/IP reset (RESET), drop the packet without answering (DROP),

reject it (REJECT) or send icmp-host-prohibited answer (PROHIBIT) in case of UDP.

BLK_PRVNET="1" - blocks all private ipv4 addresses. If Your machine is behind

NAT then set this to 0

It's worth spending some more time to get familiar with more configuration

options as APF is very feature rich.

Lets start the APF.

/usr/local/sbin/apf -s

Below are useful parameters for APF:

-s - start APF

-r - restart APF

-f - stop APF

-l - list statistics

-st - status of APF

-a host - allow connections from "host"

-d host - deny connections from "host"

Finally.
Now that we are sure that the firewall is working and isn't blocking ports that we need, we can change DEVEL_MODE="1" option in the configuration file to 0 and restart APF.
Next we make sure APF is started at boot time, so using setup command we go to System Services, tick APF and save the settings. After restarting the system APF should start automatically.
Credits to www.howtoforge.com

Poptop Vpn Server

I recently installed a VPN Server (POPTOP) on CentOS 5.
http://poptop.org/
I googled on so many sites to help me install
and configure poptop to serve my needs on VPN.
First we need to configure the repo for poptop.

user@localhost:~$ suuser@localhost:~$cd /etc/yum.repos.d/user@localhost:~$vi poptop.repo

Then, copy and paste this code to "poptop.repo"

[poptop]
name=poptop CentOS
baseurl=http://poptop.sourceforge.net/yum/stable/rhel5/i386/
gpgcheck=1
gpgkey=http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTP
enabled=1
priority=30

Install poptop

user@localhost:~$ yum install pptpd

The fun start here.
We need to edit some config files. You can check poptop documentation here.
1. Backup the original /etc/pptpd.conf

user@localhost:~$ cp /etc/pptpd.conf /etc/pptpd.conf.orig

2. Create a new /etc/pptpd.conf

user@localhost:~$ touch /etc/pptpd.conf

3. Copy the code below to /etc/pptpd.conf

vi /etc/pptpd.conf

Code:

option /etc/ppp/options.pptpd
localip 192.168.0.1
remoteip 192.168.0.234-238

4. Backup the original /etc/ppp/options.pptpd
If it does not exist then skip this step.

user@localhost:~$ cp /etc/ppp/options.pptpd /etc/ppp/options.pptpd.orig

5. Create a new /etc/ppp/options.pptpd

Code:

name pptpd

 refuse-pap
 refuse-chap
 refuse-mschap
 require-mschap-v2
 require-mppe-128
 mppe-stateful

 ms-dns 192.168.0.1

 mtu 1464
 mru 1464

 lock
 nobsdcomp

6. Edit /etc/ppp/chap-secrets

Code:

client                     server                secret                   IP address
user                       pptpd                 mypassword               192.168.0.2
user2                      pptpd                 mypassword2              192.168.0.3

7. Start the pptpd service

user@localhost:~$ service pptpd start
or
user@localhost:~$ /usr/sbin/pptpd start

Notes:
1. Remember to configure your firewall to accept TCP packets on port 1723.
2. If you encounter problems, always check the log messages on /var/log/messages.
There are lots of information there that you could use to troubleshoot your installation.
3. If you are connecting Windows 7 / Windows Vista Clients on the VPN Server, uncheck the IPv6
on the Networking tab on your VPN connection. Works for me! Hope it does to for you.

Starting Up!

Hello World!
Dear Readers,
I am Nino, a Systems, Network, Programmer, Technician in one. I am from the Philippines, putting up this simple-site that could help the newbie out there who wants to get in line with Information Technology.

In this site you will find links/tutorials that might be useful for you or your work.
I hope that in this little way, I can contribute to your development as an IT professional.
Regards,

- Nino -