Category Archives: PHP

Spamassassin support

Spamassassin mit spamc installieren:

“`bash
apt-get install spamassassin spamc
“`

In /etc/postfix/master.cf folgende Zeile editieren
(“-o content_filter=spamassassin” hinzufügen, das “-v” kann nach erfolgreicher Installation entfernt werden):

“`text
smtp inet n – – – – smtpd -v
-o content_filter=spamassassin
“`

Und am Ende einfügen:

“`text
spamassassin unix – n n – – pipe
user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
“`

Dann Postfix neu starten

“`bash
/etc/init.d/postfix restart
“`

Spamd in /etc/default/spamassassin folgendes einfügen

“`text
ENABLED=1
SAHOME=”/var/lib/spamassassin/”
OPTIONS=”–create-prefs –max-children 5 –username debian-spamd –helper-home-dir ${SAHOME} -s /var/lib/spamassassin/spamd.log”
PIDFILE=”${SAHOME}spamd.pid”
“`

Spamassassin neu starten

“`bash
/etc/init.d/spamassassin restart
“`

Testen ob spamd läuft

“`bash
ps aux | grep spamd
root 22759 1.3 0.3 125344 55520 ? Ss 13:26 0:01 /usr/sbin/spamd –create-prefs –max-children 5 –helper-home-dir -d –pidfile=/var/run/spamd.pid
“`

Die user_prefs befindet sich in: /var/lib/spamassassin/.spamassassin — hier können folgende Einstellungen vorgenommen werden:

Ab wann eine Mail als Spam deklariert wird:

“`text
required_score 10
“`

Bestimmte Empfänger-Domains nicht auf Spam prüfen:

“`text
all_spam_to *@domain1.de
all_spam_to *@domain2.net
“`

Bestimmte Absender-Domains blacklisten:

“`text
blacklist_from *@mxkli.com
“`

Product Owner

title: “Product Owner”
date: 2022-03-01T20:46:32
slug: product-owner

Hauptaufgabe des Product Owner ist, Mehrwert für den Kunden zu schaffen. Er ist für die Gestaltung des Produktkerns verantwortlich. Sein wichtigstes Werkzeug ist das Product Backlog, in dem er User Storys, Epics und Tasks sammelt.

Der Product Owner sollte darauf achten, für das Scrum-Team stets verfügbar zu sein, um Antworten über die Ausgestaltung des neuen Produktes oder Services schnell zu liefern. So können die Mitglieder des Scrum-Teams ohne Unterbrechungen weiterarbeiten.

Runtime Security – Auditing

title: “Runtime Security – Auditing”
date: 2020-12-16T08:15:32
slug: runtime-security-auditing

Enable / Configure Auditing

This Audit Rule Logs all Metadata

vi /etc/kubernetes/audit/policy.yaml

apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata

Enable an Configure Auditing in kupe-api manifest:

vi /etc/kubernetes/manifests/kube-apiserver.yaml

 - --audit-policy-file=/etc/kubernetes/audit/policy.yaml # add
 - --audit-log-path=/var/log/kubernetes/audit.log # add
 - --audit-log-maxsize=500 # add
 - --audit-log-maxbackup=5 # add

 - mountPath: /etc/kubernetes/audit # add
 name: audit # add

 volumes:
 - hostPath: # add
 path: /var/log/kubernetes/audit.log # add
 type: DirectoryOrCreate # add
 name: audit # add

Some Policy Examples:
Dont log Anything from Stage RequestReceived (omitStages)

apiVersion: audit.k8s.io/v1 # This is required.
kind: Policy
# Don't generate audit events for all requests in RequestReceived stage.
omitStages:
 - "RequestReceived"

Roles

title: “Roles”
date: 2020-10-20T19:04:45
slug: roles

Add Role edit and view to group devs (Namespaced)

oc policy add-role-to-group edit devs

oc policy add-role-to-group view devs

Add Cluster Creation Rights to group devs

oc adm policy add-cluster-role-to-group self-provisioner devs

Remove clusterwide Project Creation and limit to Group

title: “Remove clusterwide Project Creation and limit to Group”
date: 2020-10-20T12:52:39
slug: 1297-2

oc get clusterrolebinding -o wide | grep -E 'NAME|self-provisioner'
oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated:oauth

oc adm policy add-cluster-role-to-group self-provisioner wp-mgrs

Match Hostname

title: “Match Hostname”
date: 2020-06-04T15:06:26
slug: match-hostname

---
- name: Install pt-stalk
 hosts: ~mar.\*\.cod\.vw-wecloud\.de
 gather\_facts: yes
 roles:
 - pt-stalk

Join a node with kubeadm

title: “Join a node with kubeadm”
date: 2020-04-02T19:44:03
slug: join-a-node-with-kubeadm

kubeadm token create --print-join-command 2>/dev/null | ssh node01

ps commands

title: “ps commands”
date: 2019-08-12T11:49:37
slug: ps-commands

Get The Process Start Time And Date In Linux

Display the start time and date of the running processes in Linux:

$ ps -eo pid,lstart,cmd

Install containerd

title: “Install containerd”
date: 2019-03-26T14:00:39
slug: install-containerd

wget https://github.com/containerd/containerd/archive/v1.2.5.zip
unzip v1.2.5.zip
wget https://github.com/containerd/containerd/releases/download/v1.2.5/containerd-1.2.5.linux-amd64.tar.gz
containerd-1.2.5.linux-amd64.tar.gz
cp bin/\* /usr/local/bin
cp containerd.service /lib/systemd/system
systemctl enable containerd
mkdir /etc/containerd/
containerd config default > /etc/containerd/config.toml
systemctl start containerd

Add insecure registries to containerd /etc/containerd/config.toml (extract)

[plugins.cri.registry]
[plugins.cri.registry.mirrors]
[plugins.cri.registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io"]
[plugins.cri.registry.mirrors."192.168.122.123:5000"]
endpoint = ["http://192.168.122.123:5000"]
[plugins.cri.registry.auths]
[plugins.cri.registry.auths."http://192.168.122.123:5000"]
username = "docker"
password = "docker"
[plugins.cri.x509\_key\_pair\_streaming]
tls\_cert\_file = ""

SSH Completation

title: “SSH Completation”
date: 2019-02-27T13:26:37
slug: ssh-completation

vi .bashrc
complete -W "$(<~/.ssh/hosts)" ssh

cat ~/.ssh/hosts

haproxy01.stg.fkb01.fti.int
haproxy02.prd.fkb01.fti.int
haproxy02.stg.fkb01.fti.int
hotelbeschreibung-db01.prd.fkb01.fti.int
hotelbeschreibung-db01.stg.fkb01.fti.int
hotelbeschreibung-web01.prd.fkb01.fti.int
hotelbeschreibung-web01.stg.fkb01.fti.int
hr-azubiblog-db01.prd.fkb01.fti.int
hr-azubiblog-db01.stg.fkb01.fti.int
hr-azubiblog-web01.prd.fkb01.fti.int
hr-azubiblog-web01.stg.fkb01.fti.int
i5-public-webservice-camper.prd.fkb01.fti.int
i5-public-webservice-camper.stg.fkb01.fti.int
i5-public-webservice-contact.prd.fkb01.fti.int