# for i in proc sys dev; do mount --rbind /$i /mnt/$i ; done
Scharmlos geklaut aus dem SUSE Wiki. :-)
Kategoriearchive: Linux
Snippet: GoCryptFS kompilieren (für HW-beschleunigtes AES) und Systemd Dienst einrichten
Wichtig: Nach der Initialisierung den Master-Key sicher speichern!
# 1.
yum install openssl-devel fuse
# 2.
go get -d github.com/rfjakob/gocryptfs
cd $(go env GOPATH)/src/github.com/rfjakob/gocryptfs
./build.bash
cp gocryptfs /usr/local/bin/
# 3.
mkdir -p /data/{crypted,decrypted}
# 4.
if [ ! -f /data/crypted/gocryptfs.conf ]; then
if ! gocryptfs -init /data/crypted; then
echo "cannot init /data/crypted directory, skipping"
fi
else
echo "/data/crypted is an initialized gocryptfs directory"
fi
# 5.
systemctl stop gocryptfs
# 6.
cat << 'EOF' > /etc/systemd/system/gocryptfs.service
[Unit]
Description=gocryptfs Mount Unit
Requires=network.target local-fs.target
After=network.target local-fs.target
[Service]
Type=forking
ExecStart=/usr/local/bin/gocryptfs -extpass "systemd-ask-password GoCryptFS:" -allow_other /data/crypted/ /data/decrypted/
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
# Do not start on boot
systemctl disable gocryptfs
# 7.
until systemctl start gocryptfs; do
sleep 1
done
Rsyslog: via UDP erhaltene Logs in eine Datei schreiben
$template RemoteUDP,"/var/log/remote-udp.log" :inputname, isequal, "imudp" ?RemoteUDP & ~
& ~ beendet die Verarbeitung der Regel.
Template Zammad Reverse Proxy mit Apache
<VirtualHost *:80>
ServerName ticket.domain.tld
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L]
ProxyPass / http://127.0.0.1:8090/
ProxyPassReverse / http://127.0.0.1:8090/
ProxyPreserveHost On
ProxyAddHeaders On
RequestHeader set X-Forwarded-Proto "http"
</VirtualHost>
<VirtualHost *:443>
ServerName ticket.domain.tld
ProxyPass /ws ws://127.0.0.1:8090/ws
ProxyPassReverse /ws ws://127.0.0.1:8090/ws
ProxyPass / http://127.0.0.1:8090/
ProxyPassReverse / http://127.0.0.1:8090/
ProxyPreserveHost On
ProxyAddHeaders On
RequestHeader set X-Forwarded-Proto 'https'env=HTTPS
RequestHeader set X-Forwarded-Ssl on
SSLCertificateFile /etc/letsencrypt/live/ticket.domain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ticket.domain.tld/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
Rspamd: Subject umschreiben und Reply-To hinzufügen
Ändert Subject auf „[Tag] Altes-Subject“ und fügt einen Reply-To „moo@moo.com“ hinzu.
Die alten Headerfelder werden vorher entfernt.
Nur ein Snippet.
remove_headers { X = 0 } sollte alle Header entfernen, nicht nur den ersten. Beim Subject und Reply-To eher unnötig.
rspamd_config:register_symbol({
name = 'SUBJECT_REWRITE_ADD_HEADER',
type = 'postfilter',
callback = function(task)
local util = require("rspamd_util")
local rspamd_logger = require "rspamd_logger"
local mailcow_domain = task:get_symbol("RCPT_MAILCOW_DOMAIN")
if mailcow_domain then
local tag = "Tag"
rspamd_logger.infox("add fancy list header")
local sbj = task:get_header('Subject')
new_sbj = '=?UTF-8?B?' .. tostring(util.encode_base64('[' .. tag .. '] ' .. sbj)) .. '?='
task:set_milter_reply({
remove_headers = {
['Subject'] = 1,
['Reply-To'] = 1,
},
add_headers = {
['Subject'] = new_sbj,
['Reply-To'] = 'moo@moo.com'
}
})
end
end,
priority = 11
})