il 75% delle app per Android tracciano l’utente
https://www.techrepublic.com/article/over-75-of-android-apps-are-secretly-tracking-users/
linux
Reverse SSH Tunnel
Have you ever wanted to ssh to your Linux box that sits behind NAT? Now you can with reverse SSH tunneling. This document will show you step by step how to set up reverse SSH tunneling. The reverse SSH tunneling should work fine with Unix like systems.
Let’s assume that Destination’s IP is 192.168.20.83 (Linux host that you want to access).
You want to access from Linux client with IP 8.7.6.5
Destination (192.168.20.83) <- |NAT| <- Source (8.7.6.5)
- SSH from the destination to the source (with public ip/fqdn) using command below:
ssh -R 1339:localhost:22 sourceuser@8.7.6.5
* port 1339 can be any unused port.
- Now you can SSH from source to destination through SSH tuneling:
ssh destinationuser@localhost -p 1339
- 3rd party servers can also access 192.168.20.83 through Destination (8.7.6.5).
Destination (192.168.20.83) <- |NAT| <- Source (8.7.6.5) <- 3rd party server
- From 3rd party server:
ssh sourceuser@8.7.6.5
- After the sucessful login to Source:
ssh destinationuser@localhost -p 1339
* the connection between destination and source must be alive at all time.
Tip: you may run a command (e.g. watch, top) on Destination to keep the connection active.
How to set up a dynamic SSH Tunnel (with PuTTY)
Strict requirement: a remote linux server with an openssh-server active daemon.
Let’s open PuTTY and start:
- Insert your server fqdn/ip
- Go to Connection Tab -> SSH -> Tunnels
- Into Destination field, choose Dynamic
- Choose a TCP port number that is free to use locally on your windows computer (usually any number above 1024 is ok, let’s assume 1339) and insert it into Source field
- Click Add
- Click Open button, connect to your server via ssh with username and password and leave the session open and active
Now the tunnel is set up to localhost on the tcp port 1339 that you specified as source port.
Now you could setup you progrma to use a SOCKS5 proxy to use the tunnel.
Debian 9 as a Veeam backup destination over SSH
Clean installation of a Debian 9.
install required packages:
– openssh-server
– libsoap-lite-perl
How to mount a physical crypted disk on another debian 9 system:
apt-get install cryptsetup apt-get install lvm2 -- lvscan lvscan vgchange -ay lvscan --help lvscan mount /dev/mapper/luks-9a9a7076-a9e3-4393-8132-bd0ee666d171 /mnt sudo fdisk -l fdisk -l udisksctl unlock -b /dev/sdb5 mount /dev/dm-0 /mnt vgchange -ay lvscan mount /dev/backup2-vg/root /mnt cd /mnt/veeam_backup/ -- fdisk -l lvscan udisksctl unlock -b /dev/sdb5 vgchange -ay mount /dev/dm-0 /mnt mount /dev/backup2-vg/root /mnt cd /mnt/veeam_backup/
How to mount a VMDK (crypted) disk on another debian 9 system:
kpartx -av .vmdk --> crea /dev/mapper/loop0p1 lvscan vgchange -ay udisksctl unlock -b /dev/mapper/loop0p5 lvscan mount /dev/backup3-vg/root /mnt ---(o il nome della partizione /root cifrata)---
Conquest Dicom Server Mysql on Debian (dgate)
This is a quick guide to install ConQuest DICOM server on Debian 8 (Jessie) using MySQL as ConQuest database.
BEFORE PROCEEDING
I assume that you’re logged in as “root” and the image files will be stored into the directory “/data” and you’ve already installed your debian server with a standard configuration.
I’m used with “nano” to edit files, if you’re not familiar with “nano”, please use another editor (eg: “vim”).
If you’re updating your ConQuest version, backup these files before proceeding:
/etc/conquest-dicom-server/acrnema.map
/etc/conquest-dicom-server/dicom.ini
Don’t restore the above files to your new version of ConQuest. Use them just to check the information you need to change at the new files. Overwriting files from a newer version of ConQuest with files from an older version may cause ConQuest malfunctioning.
INSTALLING
First of all, we want to install the latest version of each needed package, so we call:
# apt-get update
And then install the recommended packages:
# apt-get install apache2 mysql-server openssh-server conquest-mysql
Optionally i install too:
#phpmyadmin dcmtk apache2-mpm-itk
Now we create the database that ConQuest will use:
# mysql -u root -p
create database conquest;
quit;
The directory for ConQuest files is:
# /etc/conquest-dicom-server
Enter the ConQuest directory:
# cd /etc/conquest-dicom-server
Edit the file dicom.ini to set up your server, now you define the server Application Entity Title (AET), its communication port, the user and the password that ConQuest will use to connect to MySQL
The lines that aren’t listed here are the lines that I don’t make any changes, so leave them alone:
# nano dicom.ini
MyACRNema = SERVER_AET
TCPPort = 104 # the server communication port
Password =
FixPhilips = 1 # avoids problems with Patient ID from some Philips systems
FixKodak = 1 # avoids problems with Patient ID from some Kodak/Carestream systems
IgnoreOutOfMemoryErrors = 1 # avoids ConQuest interruptions when out of memory errors occurs
FileNameSyntax = 8 # determines the name of stored files (see page 52 of windowsmanual.pdf)
DroppedFileCompression = jk # store dropped files using Lossless JPEG2000
IncomingCompression = jk # store image files through DICOM communication using Lossless JPEG2000
PACSName = # for banner and debug information
MAGDevice0 /data/ # where the images will be stored
Create the directory to store the images:
# mkdir /data
Edit the the file that contain associated remote DICOM nodes that will communicate with this server:
# nano acrnema.map
(Re)build the database verbosely:
# dgate -v -r
SCRIPTS
I’ve developed some simple scripts to make my life easier. Here they are:
(Re)start Conquest
(Re)start script for ConQuest saving logs into “serverstatus.log” file:
# nano /usr/local/bin/start
#!/bin/bash pkill -9 dgate dgate -^logfilename.log &
Keep Server Alive
This script checks if “dgate” proccess is running, if not (server crashed), the script restarts it:
# nano /usr/local/bin/keepalive
#!/bin/bash pgrep dgate if [ $? -ne 0 ] then /usr/local/bin/start fi
Send Yesterday’s Studies To Another Server
This script sends every yesterday’s studies to another server
# nano /usr/local/bin/dgateyesterday
#!/bin/bash DATE=$(date -d 'yesterday' + %Y%m%d) dgate --movestudies:SRC_AET,DEST_AET,$DATE wait
Make all scripts executables:
# chmod a+x /usr/local/bin/*
Schedule the execution of scripts:
# crontab -e
Reload cron to activate the new entries at “/etc/crontab”:
# /etc/init.d/cron restart
Some Useful Commands
Load new DICOM nodes after editing acrnema.map:
# dgate –read_amap:
List of loaded DICOM nodes:
# dgate –get_amaps:
Transferring studies from one server to another:
# dgate –movestudy:patientID:studyuid
How to connect PHP to Microsoft SQL Server on Linux Debian
Here is how to get PHP 5.6 on Linux (specifically Debian) talking to a Microsoft SQL Server database:
1. Install FreeTDS and the PHP MSSQL extension
apt-get install freetds-common freetds-bin unixodbc php5-sybase
Note: That is correct, the MS SQL extension is in the “php5-sybase” package.
2. Restart Apache
/etc/init.d/apache2 restart
3. Test FreeTDS
tsql -H your.server.name -p 1433 -U yourusername -P yourpassword -D yourdatabasename
If it connects, it’s working. Note: If you try to SELECT an NTEXT or NVARCHAR column you may get an error saying “Unicode data in a Unicode-only collation or ntext data cannot be sent to clients using DB-Library (such as ISQL) or ODBC version 3.7 or earlier”. That is expected and will be fixed in the next step.
4. Configure FreeTDS
nano /etc/freetds/freetds.conf
Add this at the end of the file:
[yourserver] host = your.server.name port = 1433 tds version = 8.0
5. Test FreeTDS using server name
tsql -S yourserver -U yourusername -P yourpassword -D yourdatabasename
If you try to select something, you shouldn’t get the Unicode error now – because you specified “tds version = 8.0”.
6. Test in PHP
$link = mssql_connect('yourserver', 'yourusername', 'yourpassword');
if (!$link)
die('Unable to connect!');
if (!mssql_select_db('yourdatabasename', $link))
die('Unable to select database!');
$result = mssql_query('SELECT * FROM yourtable');
while ($row = mssql_fetch_array($result)) {
var_dump($row);
}
mssql_free_result($result);
Mount Linux CIFS (windows) share
Mount CIFS with the default local filesystem permissions:
For example, this is the folder where i want to reach my share:
apt-get install cifs-utils
# mkdir /myfolderpath
These are various examples on how to mount a CIFS (windows) share;
# mount -t cifs //myservername/mysharename /myfolderpath -o username=myuser,password=mypassword,domain=mydomain
# mount -t cifs //192.168.83.200/mysharename /myfolderpath -o username=myuser,password=mypassword,domain=mydomain
OR
# mount.cifs //192.168.83.200/mysharename /myfolderpath -o username=myuser,password=mypassword,domain=mydomain
Explain:
- username=myuser : is the CIFS (windows share) user name required to access.
- password=mypassword : is the CIFS (windows share) password related to the username specified above. If this option is not set up then the environment variable PASSWD is used. If the password is not specified directly or indirectly via an argument to mount, mount will prompt for a password, unless the guest option is specified into CIFS (windows share) options.
- domain=mydomain : sets the domain (active directory or workgroup) of the user
Accesso SSH senza password
In una ipotetica LAN nella sottorete 192.168.0.0/24 la macchina da cui vogliamo effettuare l’accesso senza password ha l’indirizzo ip 192.168.0.2, mentre quella su cui vogliamo loggarci senza password ha 192.168.0.3.
Sulla macchina da cui vogliamo connetterci senza digitare la password (192.168.0.2), digitiamo il seguente comando per generare la chiave RSA:
[root@192.168.0.2 ]# ssh-keygen -b 2048 -t rsa
Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: f7:ec:0d:c8:f4:df:7a:6c:2b:1d:a1:59:ee:c7:ae:a0
root@192.168.0.2
Poi copiamo la chiave che abbiamo generato nella macchina di destinazione
[root@192.168.0.2 ]# scp /root/.ssh/id_rsa.pub root@192.168.0.3:.
Sulla macchina su cui vogliamo autenticarci senza utilizzare la password digitiamo il seguente comando:
[root@192.168.0.3 ]#cat /root/id_rsa.pub >> /root/.ssh/authorized_keys
Finito, adesso dalla macchina 192.168.0.2 potremo loggarci sulla 192.168.0.3 senza digitare alcuna password, ma non viceversa.
Questa tecnica può essere usata per gestire le connessioni tramite rsync appoggiandosi al protocollo OpenSSH o per sfruttare comandi tipo scp per muovere file da un pc/server ad un altro anche tramite script automatici.
[root@192.168.0.2 ~]# ssh root@192.168.0.3
Last login: Thu Jul 19 15:20:29 2007 from 192.168.0.2
[root@192.168.0.3 ~]#
Impostare Disclaimer sulle E-Mail in Uscita su SME Server
In Azienda spesso sorge l’esigenza di impostare un messaggio a piè delle e-mail (ad esempio un disclaimer ovvero esclusione di responsabilità). Spesso per motivazioni di privacy.
Su SME Server questo può essere aggiunto in fondo a tutti i messaggi in uscita. Questo testo può essere unico per ciascuno dominio configurato su SME Server o personalizzato per ciascun dominio. Vediamo come:
Sulla shell del server digitare:
config setprop smtpd disclaimer enabled nano -w /service/qpsmtpd/config/disclaimer
Inserisci il testo di cui hai bisogno…
Per Salvare e Uscire
Ctrl-o Ctrl-x
Perchè i cambiamenti abbiano effetto digitare:
signal-event email-update
Per Creare testi specifici per ciascun dominio creare differenti files con la seguente sintassi (si deve però rimuovere il file globale se già creato):
rm /service/qpsmtpd/config/disclaimer config setprop smtpd disclaimer enabled nano -w /service/qpsmtpd/config/disclaimer_domain1.com.au nano -w /service/qpsmtpd/config/disclaimer_domain2.com nano -w /service/qpsmtpd/config/disclaimer_domain3.org
Inserisci il testo di cui hai bisogno per ciascun file…
Per Salvare e Uscire
Ctrl-o Ctrl-x
Perchè i cambiamenti abbiano effetto digitare:
signal-event email-update
Se serve questa estensione solamente per alcuni domini e non per tutti creare solo i file disclaimer_XXX che sono necessari.