active directory – Linux sending system-local mail is not working with AD users

I am experimenting around with a Linux system in my free time, and today, I’ve noticed that the regular /usr/bin/mail is not working with my users that come from my Windows domain (the user does not recieve the message).

I would like to have some kind of system-local mail system, just for fun, so how could I accomplish this? I have tried sending mail (using sendmail) in the following ways:

  • sendmail -i $(whoami) <<MAIL_END
  • sendmail -i user <<MAIL_END
  • sendmail -i user@domain.local <<MAIL_END
  • sendmail -i user@domain.local@hostname <<MAIL_END
  • sendmail -i user@hostname <<MAIL_END

And yes, I have tried sending mail between regular users and it worked flawlessly. The domain user can also send mail to the regular users.

Woocommerce: Show Active Variation price as Html not Javascript

I need to get xpath value of a variation price which woocommerce does show correctly, however,
the variation is parsed through javascript and the xpath code I’m using will not pick up javascript.

How can I simply print the current active selected variation price as html and not javascript?

I’m not a coder so if anyone can help I would need the full code to go into functions.php.

active directory – User Migration and Groups Permission

I have a SharePoint configured to use AD. Authorization is managed using AD groups.
(users of group A are able to read documents, and others from group B cannot).

Now I need to add an FBA provider that has the same users and I don’t want to duplicate profile.
Users will be able to login usign their AD user or to use the FBA, but I want that into the SP a user does not have two profile, but just one.
To do this I know that iti is possible to use the Move-SPUser command.
So I can map the AD user profile to the FBA profile one.
In this way SP see the user with the same profile.

Now, I have a doubt, how SP works at authorization level? The FBA user mapped to the AD user has the same permissions? Linking the two profiles, SP is able to give to the FBA logged user the access to the documents configured on AD groups?

Thanks

scrape active targeted email from any social Media Platform for $5

scrape active targeted email from any social Media Platform

EmailScraping/Email Extraction/SocialMedia/Data Mining /Web Scraping/Active Email List
Respected buyers welcome to my Gig :
If you are looking for a professional Scrape and Need to scrape emails from social Media Platform so you are right place .

Following Services are included in this Gig :

  • Email scraping
  • Data Entry
  • Excel Data Entry
  • Data Scraping
  • Data Mining
  • Data Conversion
  • Copy Paste Work
  • PDF to Excel or Word
  • Web Research and Web Scrapping
  • Shopify Data Entry
  • Word Press Data Entry
  • Active Targeted Email

Provide Emails From Following Social Media Sites

· Emails List form instagram

· Emails List form face book

· Emails List form LinkedIn

· Emails List form any S

ocial Media Platform

Customer satisfaction is my first Priority

Note: Please contact me Before Placing anOrder .

Thanks

Mehmood Ali Babar

EmailScraping/Email Extraction/SocialMedia/Data Mining /Web Scraping/Active Email List

.

Active and Real organic Youtube video promotion with fast delivery for $2

Active and Real organic Youtube video promotion with fast delivery

******************Welcome to my YouTube video promotion Service**********************

I will give you 500+ to 600 Real and Non-drop YouTube Views and 100 YouTube Comments only for 2$.

If you are looking for YouTube Video Promotion with Organic and Quality Service

then only this service work perfectly for your YouTube Video.? I am a professional service provider for marketing.We are offering a ORGANIC and REAL way to promote your YouTube Video.

How will I promote your YouTube video?
1. I will advertise the link to your video in high traffic video sharing sites/ blogs to

an audience to enjoy watching videos.

2. We used the top Social Media Pla
tform like as Facebook, Twitter, Instagram & LinkedIn

3. Also, I will post share your video all content related communities.

About my Service:

1. 100% Non-drop.

2. 100 % Safe

3. Helps are YouTube ranking.

4. 10
0 % Active.

5. 100% Real.

6. Good fo
r Ranking.

7. 100% Money back.

8. Extra bon
us.
9. High quality.
10. Permanent video Promotion.

### If you have any question and doubt you can inbox me.

I am always ready to do your work.

Thanks……..

.

Protect Your VPS With an Electronic Pitbull: Active Firewalls

A firewall is a security tool that blocks network traffic, with many different configuration options.  For example, you could configure your firewall to block all traffic except attempts to connect to port 80 and 443 (for a web server) as well as your ssh port.  This is an example of the best practice of “blocking everything except what is explicitly allowed”. 

However, even with this sort of policy in place, the security gains for a basic firewall are limited.  If you only have a web server and sshd server running, then there is nothing to block because connecting to a different port will fail anyway.  Chiefly the benefit from this kind of simple firewall is to prevent inadvertent opening of ports.  For example, let’s say you install a piece of software that has a dependency that starts up a service you hadn’t intended to run, or perhaps you change configurations an accidentally set MySQL to expose itself on your public IP.  With a basic firewall, traffic to those port will still be blocked so you benefit from this kind of safety net.

Read more to continue…

However, the real power of firewalls becomes evident when we deploy an active firewall that intelligently monitors traffic and blocks traffic to/from specific clients.  For example:

  • If you are running an IMAP service, you have no choice but to have it publicly-facing where it may become a magnet for people trying to brute-force (guess passwords).  If you deploy an active firewall, the firewall software will watch the IMAP logs and after a configured number of failed logins, the client IP trying to connect will be temporarily blocked. 
  • Likewise, you could have someone trying passwords on your ssh ports all day but they’ll be quickly stopped by an active firewall after a few failed logins.
  • Although an active firewall cannot stop a distributed denial of service, it can end some limited denial of service attacks that are coming from a small number of attacking hosts.

Active firewalls are critical when you have less sophisticated users on your system, such as if you’re running a web host or mail server.  While you may conscientiously pick good passwords, use SSH keys, etc., your more naive users might not.   An active firewall helps protect you by eliminating brute-forcing.

Installing CSF

There are number of different products but one of the best known is ConfigServer Firewall.

To set it up, first install some required perl modules.  On Debian-based systems:

apt-get install libwww-perl liblwp-protocol-https-perl libgd-graph-perl

On CentOS-based systems:

yum install perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph

If you’re running CentOS, that distro’s native firewall (firewalld) comes pre-enabled.  You’ll want to disable it before setting up CSF:

systemctl stop firewalld
systemctl disable firewalld

Now download and extract the tarball:

cd /usr/src
wget https://download.configserver.com/csf.tgz 
tar xzf csf.tgz
cd csf
sh install.sh

Next make sure you have all the required kernel modules:

# perl /usr/local/csf/bin/csftest.pl 
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf should function on this server

In this case, all required kernel modules were present.  On your VPS you might see an error or missing module but as long as you see the result that “csf should function on this server,” you’re good to go.

Configuring CSF

CSF starts in “TESTING” mode.  This is so you do not accidentally lock yourself out. 

Take a look at /etc/csf/csf.conf.  You probably want to adjust the following:

  • TCP_IN has a list of ports you allow.  Remove any services you’re not using.  For example, if you’re not running an FTP server, you can remove ports 20 and 21.  If you’ve changed your SSH port, make sure it is in this list and remove port 22.
  • TCP_OUT should match TCP_IN
  • You can probably pare down UDP_IN and UDP_OUT, perhaps just to port 53 (DNS)
  • If you’re not using IPv6, set IPV6 to 0.  Otherwise, adjust TCP6_IN, TCP6_OUT, UDP6_IN, and UDP6_OUT to match the ipv4 versions.
  • You will be mailed for each blocked IP.  You can modify the templates in /etc/csf/alerts to set an appropriate To: address, or you can set LF_ALERT_TO to one master email address.

There are many, many more ways to customize CSF.  You should take a look through the documentation on configserver.com to see the plethora of CSF capabilities.

Starting CSF

By default, CSF is in TESTING mode.  Before you start it for real, it’s handy to pre-set a time to turn it off.  You could use a crontab entry like this:

*/10 * * * *   systemctl stop lfd ; systemctl stop csf

Don’t forget to remove this crontab entry when you are ready to use CSF for real!

This will disable CSF entirely every 10 minutes on the 10s (so 1:00, 1:10, etc.)  You can then fire up CSF with the knowledge that if you lock yourself out, you will have to wait a maximum of 10 minutes to get back in.  Alternatively, you can login from your VPS provider’s console.

When you’re ready to go, modify /etc/csf/csf.conf and set TESTING to 0.  Then:

systemctl restart csf
systemctl restart lfd

Testing CSF

Here’s a test of CSF so you can see how it works.  I’ve replaced the IP of the server with ‘s.s.s.s’ and the IP of the client with ‘c.c.c.c’.

I ssh’d with a bogus user to the VPS:

$ ssh nonexistant@s.s.s.s
nonexistant@s.s.s.s's password:
$ ssh nonexistant@s.s.s.s
nonexistant@s.s.s.s's password:
$ ssh nonexistant@s.s.s.s
nonexistant@s.s.s.s's password:
$ ssh nonexistant@s.s.s.s
nonexistant@s.s.s.s's password:
$ ssh nonexistant@s.s.s.s
nonexistant@s.s.s.s's password:

CSF (specifically the lfd daemon) detected someone trying to brute-force a login by watching the system logs.  In /var/log/lfd.log this entry appeared:

Apr  7 16:31:23 debian10 lfd(6780): (sshd) Failed SSH login from c.c.c.c (US/United States/some.example.com): 5 in the last 3600 secs - *Blocked in csf* (LF_SSHD)

CSF then created a firewall rule to block the IP.  It also made a notation in /etc/csf/csf.deny (so that if the system restarts, the firewall rule is recreated):

c.c.c.c # lfd: (sshd) Failed SSH login from c.c.c.c (US/United States/some.example.com): 5 in the last 3600 secs - Tue Apr  7 16:31:23 2020

Everything after the # is a comment so you know why this IP was blocked.  CSF also looks up the location of the IP address (this is not 100% perfect) and notes it.

Behind the scenes, CSF is manipulating the kernel’s firewall rules to create blocks.  You can see the entire CSF ruleset at any time by issuing this command:

csf -l

You may also see them in dmesg and /var/log/messages, depending on your syslog config.

If you configured an email address as mentioned above, you’ll get an email like this one:

Time:     Tue Apr  7 16:31:23 2020 -0700
IP:       s.s.s.s (US/United States/some.example.com)
Failures: 5 (sshd)
Interval: 3600 seconds
Blocked:  Permanent Block (LF_SSHD)
Log entries:
Apr  7 16:31:07 debian10 sshd(6722): Invalid user nonexistant from c.c.c.c port 42858
Apr  7 16:31:08 debian10 sshd(6722): pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=c.c.c.c
Apr  7 16:31:10 debian10 sshd(6722): Failed password for invalid user nonexistant from c.c.c.c port 42858 ssh2
Apr  7 16:31:13 debian10 sshd(6722): Failed password for invalid user nonexistant from c.c.c.c port 42858 ssh2
Apr  7 16:31:18 debian10 sshd(6722): Failed password for invalid user nonexistant from c.c.c.c port 42858 ssh2

After receiving this email I tried sshing from the same client:

$ ssh nonexistant@s.s.s.s

…and there was an infinite pause.  Here I am blocked not just from SSH but at the IP level, so nothing from my client would be able to connect to this server (web, FTP, etc.)

To enable the product, issue these commands:

systemctl enable csf
systemctl enable lfd

Again, if you’ve put any kind of temporary disabling command in cron during testing, be sure to remove it before relying on the firewall.

An active firewall like CSF is a wonderful security tool but as always, security is the inverse of convenience.  There are two headaches that are common: a flood of block notifications and accidental blocks.

Reducing Block Notifications

At first, you may be surprised at how many emails you get about blocked IPs.  Welcome to the reality of the public Internet!  Previously you were in blissful ignorance – now you can see how many attempts to attack your box are routine every day.

If you’re running a web host, then there are many ports that you are kind of stuck with because users expect FTP on port 20/21, email on 25/587, etc.  However, you might consider changing your SSH port.

This advice is mildly controversial because changing your SSH port does not prevent someone from finding it and trying to login on that port.  However, it will radically cut down how many automated attacks you get.  Many attackers will mass-scan IPs and hone in on those that answer on port 22.  If your system doesn’t respond on port 22, they will move on to another host. 

Some sysadmins take the point of view that once they’ve secured the box by allowing logins only via ssh key and disabling root logins, there is little to fear from script kiddies wasting their time banging on the SSH port.  While this is true, the numerous emails you’ll receive daily are tedious and may drown out alerts you truly do want to review.

You can change sshd to run on any port, but ideally an unused high port (above 1024).

For example, let’s say you wanted to use port 32222.  To do this, modify /etc/ssh/sshd_config:

# Port 22
Port 32222

In this case, we’ve commented out the default and added our port. 

Next, be sure to update TCP_IN and TCP6_IN in /etc/csf/csf.conf to both remove port 22 and add your custom port.

Then restart sshd:

systemctl restart sshd

Your ssh command from your client will now look something like this if your account is ‘joe’:

ssh -p 32222 -i my_ssh_key joe@myvps.example.com

Handling Mistaken Blocks

When CSF blocks a client IP, it adds a firewall rule and also writes it to/etc/csf/csf.deny.  If a client is accidentally are blocked by CSF, you can immediately unblock them with this CSF command (here I’m using ‘c.c.c.c’ again for the client’s IP).  This will both remove the kernel’s firewall rule and clear it from /etc/csf/csf.deny:

# csf --denyrm c.c.c.c
Removing rule...
DROP  all opt -- in !lo out *  c.c.c.c  -> 0.0.0.0/0 
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> c.c.c.c

You can also whitelist any IP by adding it to /etc/csf/csf.allow.  Note that CSF whitelists the IP you’re connected from when you first set the product up.  You’ll see an entry like this in /etc/csf/csf.allow:

c.c.c.c # csf SSH installation/upgrade IP address - Tue Apr  7 22:56:37 2020

Consider whitelisting your home IP and/or any VPN IPs you use to connect.

raindog308

I’m Andrew, techno polymath and long-time LowEndTalk community Moderator. My technical interests include all things Unix, perl, python, shell scripting, and relational database systems. I enjoy writing technical articles here on LowEndBox to help people get more out of their VPSes.

operating systems – What is now the most active penetration os

kali was closely based on debian – it gave kali consistency and dependability. Kali is now based on debian bleeding edge testing distro, that makes it a bit more unstable than previous editions and as debian testing makes changes, kali will continue to have problems keeping up with package conflicts and architecture issues. (example https://www.youtube.com/watch?v=d2WT1G6XCNU ) there are far more documented issues than with a similar debian or ubuntu install. Compare similar custom iso tutorials or instructions to see a larger average number being experienced with kali.

Kali community has changed over the last few years spurring many new penetration operating systems to be created. (per admin- most current pen-test distributions have been developed in the last 3 years than during the rest of backtrack-kali history) Kali community now routinely deletes posts and restricts the reporting of (see above-documented) bugs. History says when a community begins to ignore bugs that is usually the time a new front runner is gaining rapidly. (per admin i.e. Windows overtaken by linux, and windowsCE discontinuing due to too many problems compared to android and ios)

So….who is the new front runner? Which os has the largest TESTED repo of software (per admin- i.e. Arch Linux repository for security professionals with tons of tools.(source: techviral{dot}net). Since the community behind the os is almost more important to the future of the os than the software installed (ie the success of linux is largely attributed to the strong involved and open community)….Which os has the strongest, deepest, most accepting community?

Dracos Linux
BlackBuntu
BackBox
ArchStrike Linux
Live Hacking OS
Fedora Security Spin
Knoppix STD
Parrot OS (seems to be moving rapidly to the top as many started to migrate from kali to parrot years ago and that migration seems to be continuing)

please share good/bad experiences with both the operating systems and the communities that support and maintain.

linux – Providing high availability with multiple active nodes

As the question states I am endeavouring how I can set up a load balanced cluster of 3+ nodes, where more than one (or perhaps all) can be served traffic. I have been doing a lot of research in this area which has led me to create my current setup, two nodes in active – passive mode using a VIP and keepalived to provide high availability, I am currently using this to load balance ProxySQL and NGINX.

It is my understanding that with keepalived and VIP only one node can “hold” the VIP at any time thus we can only have one active node.

I would like some advice on how I can set up a cluster of active nodes and what software / utilities can be utilised to access them from a single access point ie perhaps an IP address.

New to this stuff so please bear with me and thankful for any/all input