fbpx

Category: IT

Posted on

HTTPS Security Settings for Apache

Well I got into some interesting spaces when I found this site :

https://securityheaders.com

and https://hstspreload.org

In order to get an A+ rating for my blog, I went through all the suggested routines and while I won’t detail them, below is what I have landed on for what works on my WordPress site.

Inject this into your .htaccess file on your Apache webserver

Header set Content-Security-Policy “upgrade-insecure-requests”

Header set Strict-Transport-Security “max-age=31536000; includeSubDomains; preload”

Header set X-Xss-Protection “1; mode=block”

Header set Referrer-Policy “strict-origin”

Header set Permissions-Policy “geolocation=self”

Header set Access-Control-Allow-Origin “https://*yoursite.com*”

Header set Cross-Origin-Embedder-Policy “unsafe-none”

Header set Cross-Origin-Opener-Policy “unsafe-none”

Header set Cross-Origin-Resource-Policy “same-site”

Posted on

Phishing Events and CyberSecurity

I can’t tell you guys how important it is to be vigilant over the next few months, you will be distracted with holiday events and other social engagements.

If not already, you will be bombarded with scam phone calls and emails. Please! DO. NOT. RESPOND. to those emails and phone calls. Mark them as SPAM and/or phishing and delete them.

The most recent examples relating to phone calls are for people looking to get your social security number, Medicaid, and credit card information. It will be a foreign sounding individual with a “normal” sounding name, like “Robin” or “John” – Hang up on that person immediately!

The most recent examples relating to scam emails is someone “responding” to an email and BCC’ing you with a “what’s this” or  “what is this” and below will be an invoice looking for payment. Mark as SPAM and DELETE THIS EMAIL!!!

There will be variations of this theme, but it is all the same, they want your money and your personal information so that they can trick other individuals to give them their money!

IF you use a password manager like LastPass, I strongly urge you to change all your passwords and keep them in either a different password manager or in a notebook in a safe place in your home.

Hacking is serious business, with serious consequences for those not careful to avoid from being hacked.

It is up to everyone here to keep your organization safe.

Posted on

Installing Pi-Aware aka FlightAware

Buy the following:

Nooelec Dual-Band NESDR Nano 3 Premium ADS-B (978MHz UAT & 1090MHz 1090ES) Bundle for Stratux™, Avare, Foreflight, FlightAware & Other Applications. Includes 2 SDRs, 4 Antennas, 5 Adapters.

Nooelec Omnidirectional 7dBi ADS-B Antenna – 23″ Outdoor Fiberglass Antenna w/Female N-Connector, 10m RG58 Cable Extension w/SMA Connector & Mounting Hardware. Weatherproof. 1090MHz Center Frequency

https://www.amazon.com/gp/product/B076GWF6FF

https://www.amazon.com/gp/product/B08NRQF9TK

Once you have all the parts together, head over to FlightAware’s page for a download of the image, or you can hand load it, which is what I did. since the Pi I used also hosts this website.

Hand Load:

https://flightaware.com/adsb/piaware/install

Image Download:

http://piaware.flightcdn.com/piaware-sd-card-5.0.img.zip

Posted on

Happy New Year 2021! – App_Offline

Greetings 2021! I’m in the middle of a software deployment right now. Hoping adoption goes well and that everyone enjoys using the application.

Some basic tool I learned a moment ago: Use the app_offline.htm file in your ASP.net 2.0 (minimum) to quickly notify your users that the page – or your app is down for maintenance.

app_offlineDownload

Posted on

Enable SNMP on a Raspberry Pi

sudo apt-get update
sudo apt-get upgrade -y
sudo apt-get install snmpd -y
sudo apt-get install snmp -y
sudo nano /etc/snmp/snmpd.conf
To get it running, you will need to modify the sudo nano /etc/snmp/snmpd.conf file:

First, I commented out this line:

#agentAddress udp:127.0.0.1:161

and below the line ‘#agentAddress udp:161,udp6:[::1]:161′ I added:

agentAddress udp:161

then below this line:

rocommunity public localhost

I added:

rocommunity public 190.0.10.0/24

Finally, restart the service:

service snmpd restart

Posted on

Check-MK Debian Linux Agent Install

First you’ll need to install xinetd which is a requirement for the Check_MK agent:

apt-get install xinetd


Then, latest Check_MK agent installer from your Check_MK website and install:

cd /tmp/
wget http://%yourcheck_mk_server%/download/check-mk-agent_***.deb
dpkg -i check*

Posted on

How to Enable SNMP ESXi 6.5

Open your favorite (Putty) ssh application and connect to your ESX host and then run the following commands:

esxcli system snmp set –communities public
esxcli system snmp set –enable true
esxcli network firewall ruleset set –ruleset-id snmp –allowed-all true
esxcli network firewall ruleset set –ruleset-id snmp –enabled true
/etc/init.d/snmpd restart

The –ruleset should be a dash dash not a bar, same with the –allowed and –enabled; I don’t know why WordPress does that.

Posted on

Microsoft Exchange 2010 Configuration – Allow Larger Attachments

1.Organization Configuration

Organization Configuration | Hub Transport | Global Settings tab | Transport Settings |

2.Server Configuration

Server Configuration | Hub Transport | select a HT server | Receive Connectors -> select a connector | Properties |

3.Send Connector Configuration

Organization Configuration | Hub Transport | Send Connectors -> select connector | Properties |

4.Recipients Configuration

Recipients Configuration | Mailbox | select mailbox | properties | Mail Flow Settings | Message Size Restrictions|

5.Recipients Group Configuration

Recipients Configuration |Distribution Group | select Group | properties | Mail Flow Settings | Message Size Restrictions

6.Global Setting

Please use adsiedit to connect Configuration container :

Configuration container | Services | Microsoft Exchange |YourOrgName| Global Settings | Message Delivery | Properties,check the below values:

a. delivContentLength

b. SubmissionContentLength

c. msExchRecipLimit

7.Transport Rules

Organization Configuration | Hub Transport | Transport Rules

Mailbox Size Limits Are Not Enforced in a Reasonable Period of Time

http://technet.microsoft.com/en-us/library/bb684892(EXCHG.80).aspx
Posted on

DNS Scavenging

Scavenging is a feature that will remove expired records based on their time stamps.
Scavenging is not enabled by default.
Scavenging will NOT remove statically configured records, the ones you manually create unless you run dnscmd /AgeAllRecords, which will stamp them making them eligible for scavenging (more below on this). Without running this command, DNS will scavenge dynamically updated records that have reached their time stamp. To look at the time stamps of a record using Windows 2003 DNS, put the DNS console “view” in the menu to Advanced View, then look at the individual record properties, and you will see the time stamp. If using Windows 2008 or or newer, it will show up in the console as a separate column.