Extremely Serious

Month: September 2020

Changing the Ubuntu Server Timezone

Displaying the current timezone

timedatectl status

Listing the available timezones

timedatectl list-timezones

Changing the active timezone

sudo timedatectl set-timezone <TIMEZONE>

Example

Use the following command to change the timezone to Pacific/Auckland:

sudo timedatectl set-timezone Pacific/Auckland

Finding out the Banned IPs of Fail2Ban

Use the following command to find out the active jail names:

sudo fail2ban-client status

Use the following command to find out the banned IP by jail name:

sudo fail2ban-client status <JAIL_NAME>

Where:

JAIL_NAME The name of the jail.

Example:

Use the following command to find out all the banned IPs of an sshd jail name:

sudo fail2ban-client status sshd

Importing a PKCS12 Key Store to Java Keystore

Use the following command in importing a pkcs12 keystore to Java keystore:

The keytool is normally found in $JAVA_HOME/jre/bin (i.e. the $JAVA_HOME variable is where you've installed JDK).

keytool -importkeystore -v -srckeystore <SRC_KEYSTORE_FILE> -srcstoretype pkcs12 -destkeystore <DEST_KEYSTORE_FILE> -deststoretype JKS -storepass <KEYSTORE_PASSWORD>
Token Description
SRC_KEYSTORE_FILE The source keystore file (i.e. normally with the extension pfx) of type pkcs12.
DEST_KEYSTORE_FILE The destination keystore file (i.e. normally with the extension jks) of type jks.
KEYSTORE_PASSWORD The password for accessing the DEST_KEYSTORE_FILE

Template of Using SSL with JavaMail API

Gradle dependency

compile group: 'com.sun.mail', name: 'javax.mail', version: '1.6.2'

Import to the Class File

import javax.mail.*;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
import java.util.Properties;

The Template

// Recipient's email ID needs to be mentioned.
String to = <RECIPIENTS_EMAIL>;

//Sender's email ID needs to be mentioned
String from = <SENDERS_EMAIL>;

//The subject of the email.
String subject = <EMAIL_SUBJECT>;

//The body of the email.
String body = <EMAIL_BODY>;

//SMTP Server
final String host = <SMTP_SERVER>;

//SMTP Port
final String port = <SMTP_PORT>;

//SMTP Username
final String username = <USERNAME>;

//SMTP Password
final String password = <PASSWORD>;

try {
    //SMTP Configuration
    Properties props = new Properties();
    props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
    props.put("mail.smtp.auth", "true");
    props.put("mail.smtp.starttls.enable", "true");
    props.put("mail.smtp.host", host);
    props.put("mail.smtp.port", port);

    // Create a session object.
    Session session = Session.getInstance(props,
        new javax.mail.Authenticator() {
            protected PasswordAuthentication getPasswordAuthentication() {
                return new PasswordAuthentication(username, password);
            }
        }
    );

    // Create a message object.
    Message message = new MimeMessage(session);

    // Set From: header field of the header.
    message.setFrom(new InternetAddress(from));

    // Set To: header field of the header.
    message.setRecipients(Message.RecipientType.TO, InternetAddress.parse(to));

    // Set Subject: header field
    message.setSubject(subject);

    // Now set the actual message
    message.setText(body);

    // Send message
    Transport.send(message);

    System.out.println("Sent message successfully....");

} catch (MessagingException e) {
    throw new RuntimeException(e);
}

Configuring Postfix as a Relay

Installing Postfix

Run the following commands:

sudo apt-get update
sudo apt-get install postfix

Configuring Postfix

  1. Run the following command:
    sudo dpkg-reconfigure postfix

    Configuration questions:

    1. Select OK to proceed.
    2. Choose Satellite system.
    3. System Mail Name: <EMAIL_DOMAIN>
    4. SMTP relay host: <RELAY_HOST>

      Where RELAY_HOST must include the port number (e.g. 192.168.1.1:465).

    5. Root and postmaster mail recipient: root
    6. Other destinations to accept mail for: <EMAIL_DOMAIN>, localhost.localdomain, localhost
    7. Force synchronous updates on mail queue? No
    8. Local networks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    9. Mailbox size limit (bytes): 0
    10. Local address extension character: +
    11. Internet protocols to use: all

      Feel free to answer the preceding questions based on your setup. Just replace the EMAIL_DOMAIN (i.e. example.com) with a valid value.

  2. Create the file /etc/postfix/sasl_passwd with the following content:
    <RELAY_HOST> username:password
  3. Create a postfix database based on /etc/postfix/sasl_passwd using the following command:
    sudo postmap /etc/postfix/sasl_passwd
  4. Edit the file /etc/postfix/main.cf to have the following entries added or updated:
    smtp_tls_security_level = encrypt
    smtp_sasl_auth_enable = yes
    smtp_tls_wrappermode = yes
    smtp_sasl_security_options =
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
  5. Restart the postfix service with the following command:
    sudo systemctl restart postfix

Blocking/Unblocking IP in Ubuntu

Pre-requisite

Install the iptables-persistent package to automatically load saved iptables rules.

sudo apt-get install iptables-persistent

Lists the rules in a chain or all chains

sudo iptables -L [CHAIN]

Where CHAIN sample value could be one of the following: INPUT, FORWARD or OUTPUT. If this is not provided all the chains will be listed.

Blocking an IP Address

sudo iptables -A INPUT -s <IP_ADDR> -j DROP
sudo sh -c "iptables-save > /etc/iptables/rules.v4"

Where IP_ADDR is the IP address to be blocked.

Unblocking an IP Address

sudo iptables -D INPUT -s <IP_ADDR> -j DROP
sudo sh -c "iptables-save > /etc/iptables/rules.v4"

Where IP_ADDR is the IP address to be unblocked if you use the preceding blocking procedure.