Return-Path: <pavel.kesler@expo-sochi.ru>
Delivered-To: me@mydomain.org
Received: by mail.mydomain.org (Postfix, from userid 115)
	id AF3E0FDE8F; Sun, 17 Feb 2019 02:32:38 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mydomain.org; s=mail;
	t=1550359958; bh=sUf8VWPXX+cYhlkgNOetUuy2AhZpdYo9ZJg8iplVET4=;
	h=Date:Subject:To:From:From;
	b=koiFVqWusT3OSNN0KCEa8/VbK5Np1QbUN1APO0Z+7qtBrszqp56VOfrXtm0Ix7uqz
	 40veaFGcRv+u+onUrKv2xNdDKat5BNmV95G8wgbY3WJ7Ty1+XuAhvbZldYd20gFQDc
	 8yZYGHLVYlZmrKb6J02SLAeA0fsst1A29f612axo=
Received-SPF: None (mailfrom) identity=mailfrom; client-ip=80.250.219.18; helo=mail.expo-sochi.ru; envelope-from=pavel.kesler@expo-sochi.ru; receiver=<UNKNOWN> 
Received: from mail.expo-sochi.ru (unknown [80.250.219.18])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.mydomain.org (Postfix) with ESMTPS id 82777FDE83
	for <me@mydomain.org>; Sun, 17 Feb 2019 02:32:35 +0300 (MSK)
X-Footer: ZXhwby1zb2NoaS5ydQ==
Received: from localhost ([127.0.0.1])
	by mail.expo-sochi.ru with ESMTPSA
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256 bits))
	for me@mydomain.org;
	Sun, 17 Feb 2019 02:31:09 +0300
Date: Sun, 17 Feb 2019 00:32:20 +0100
X-aid: 9584699490
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset=UTF-8
X-Mailer: iPad Mail (15G77)
Message-ID: <hlavf5vp3fkl02f0lqddqc1rbghgjj085tya@www.expo-sochi.ru>
Organization: Lkxtmmedgzfpx
X-Sender: pavel.kesler@expo-sochi.ru
Subject: mail
To: me@mydomain.org
Errors-To: security@expo-sochi.ru
X-Complaints-To: <abuse@mail.expo-sochi.ru>
From: <me@mydomain.org>

Feb 19 00:51:40 mail postfix/smtpd[21759]: connect from mail.test.ru[0.0.0.0]
Feb 19 00:51:41 mail policyd-spf[21765]: prepend Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=0.0.0.0; helo=mail.test.ru; envelope-from=root@test.ru; receiver=<UNKNOWN>
Feb 19 00:51:41 mail postfix/smtpd[21759]: 4C620EC130: client=mail.test.ru[0.0.0.0]
Feb 19 00:51:41 mail postfix/cleanup[21766]: 4C620EC130: message-id=<20190218215102.A16B5607F5B@mail.test.ru>
Feb 19 00:51:41 mail opendkim[21564]: 4C620EC130: mail.test.ru [0.0.0.0] not internal
Feb 19 00:51:41 mail opendkim[21564]: 4C620EC130: not authenticated
Feb 19 00:51:41 mail opendkim[21564]: 4C620EC130: no signature data
Feb 19 00:51:41 mail postfix/qmgr[21314]: 4C620EC130: from=<root@test.ru>, size=746, nrcpt=1 (queue active)
Feb 19 00:51:41 mail spamd[20702]: spamd: connection from ::1 [::1]:47136 to port 783, fd 5
Feb 19 00:51:41 mail spamd[20702]: spamd: setuid to debian-spamd succeeded
Feb 19 00:51:41 mail spamd[20702]: spamd: creating default_prefs: /var/lib/spamassassin/.spamassassin/user_prefs
Feb 19 00:51:41 mail spamd[20702]: spamd: processing message <20190218215102.A16B5607F5B@mail.test.ru> for debian-spamd:115
Feb 19 00:51:41 mail postfix/smtpd[21759]: disconnect from mail.test.ru[0.0.0.0] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Feb 19 00:51:41 mail spamd[20702]: spamd: clean message (1.1/3.0) for debian-spamd:115 in 0.5 seconds, 696 bytes.
Feb 19 00:51:41 mail spamd[20702]: spamd: result: . 1 - DKIM_ADSP_ALL,RCVD_IN_DNSWL_NONE,SPF_PASS scantime=0.5,size=696,user=debian-spamd,uid=115,required_score=3.0,rhost=::1,raddr=::1,rport=47136,mid=<20190218215102.A16B5607F5B@mail.test.ru>,autolearn=no autolearn_force=no
Feb 19 00:51:41 mail postfix/pickup[21313]: E79C8ED2A6: uid=115 from=<root@test.ru>
Feb 19 00:51:41 mail postfix/pipe[21767]: 4C620EC130: to=<me@mydomain.org>, relay=spamassassin, delay=1.3, delays=0.77/0.02/0/0.52, dsn=2.0.0, status=sent (delivered via spamassassin service)
Feb 19 00:51:41 mail postfix/qmgr[21314]: 4C620EC130: removed
Feb 19 00:51:41 mail postfix/cleanup[21766]: E79C8ED2A6: message-id=<20190218215102.A16B5607F5B@mail.test.ru>
Feb 19 00:51:41 mail opendkim[21564]: E79C8ED2A6: DKIM-Signature field added (s=mail, d=mydomain.org)
Feb 19 00:51:41 mail spamd[20701]: prefork: child states: II
Feb 19 00:51:42 mail postfix/qmgr[21314]: E79C8ED2A6: from=<root@test.ru>, size=1080, nrcpt=1 (queue active)
Feb 19 00:51:42 mail postfix/qmgr[21314]: E79C8ED2A6: removed

milter_default_action = accept
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

smtpd_client_restrictions =
 permit_mynetworks
 permit_sasl_authenticated
 check_client_access hash:/etc/postfix/whitelist  
 warn_if_reject reject_unknown_client_hostname
 reject_rbl_client bl.spamcop.net
 reject_rbl_client zen.spamhaus.org
 permit
 
smtpd_helo_restrictions =
 permit_mynetworks
 permit_sasl_authenticated
 check_helo_access pcre:/etc/postfix/checks/helo_checks.pcre
 reject_invalid_helo_hostname
 reject_unknown_helo_hostname
 reject_non_fqdn_helo_hostname
 warn_if_reject reject_unknown_helo_hostname
 permit
 
smtpd_sender_restrictions =
 permit_mynetworks
 reject_non_fqdn_sender
 reject_unknown_sender_domain
 reject_sender_login_mismatch
 permit_sasl_authenticated
 permit
 
smtpd_recipient_restrictions =
 permit_mynetworks
 permit_sasl_authenticated
 reject_unauth_pipelining
 reject_non_fqdn_recipient
 reject_unknown_recipient_domain
 reject_unauth_destination
 check_policy_service unix:private/policy-spf
 reject_unlisted_recipient
 check_sender_access pcre:/etc/postfix/checks/sender_checks.pcre
 permit
 
smtpd_data_restrictions =
 permit_mynetworks
 permit_sasl_authenticated
 reject_unauth_pipelining
 permit
 
smtpd_end_of_data_restrictions =
 permit_mynetworks
 permit_sasl_authenticated
 reject_multi_recipient_bounce
 permit

Syslog			yes
KeyTable		file:/etc/postfix/dkim/keytable
SigningTable		file:/etc/postfix/dkim/signingtable
SubDomains              yes
LogWhy yes
SyslogSuccess	yes
Canonicalization        relaxed/simple
Mode                    sv
Socket                  inet:8891@localhost
ReportAddress           postmaster@mydomain.org
SendReports             yes
PidFile               /var/run/opendkim/opendkim.pid
UserID                opendkim

Sep 25 16:26:01 debian1c ifup[266]: iptables-restore: line 15 failed
Sep 25 16:26:01 debian1c ifup[266]: run-parts: /etc/network/if-pre-up.d/iptables exited with return code 1
Sep 25 16:26:01 debian1c ifup[266]: ifup: pre-up script failed
Sep 25 16:26:01 debian1c systemd[1]: networking.service: Main process exited, code=exited, status=1/FAILURE
Sep 25 16:26:01 debian1c systemd[1]: Failed to start Raise network interfaces.
Sep 25 16:26:01 debian1c systemd[1]: networking.service: Unit entered failed state.
Sep 25 16:26:01 debian1c systemd[1]: networking.service: Failed with result 'exit-code'.
Sep 25 16:26:01 debian1c systemd[1]: Reached target Network.
Sep 25 16:26:01 debian1c systemd[1]: Reached target Network is Online.

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i enp6s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i vboxnet0 -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A INPUT -i enp6s0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i enp6s0 -p tcp -m tcp --dport 3794 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5201 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5486 -j ACCEPT
COMMIT

Alias "/" "/var/www/html/"
<Directory "/var/www/html/">
    Require all denied
    Satisfy Any
    Options None
    SetHandler 1c-application
    ManagedApplicationDescriptor "/var/www/html/default.vrd"
</Directory>

# apache2ctl -M|grep authz
 authz_core_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)

#!/bin/bash

echo "qwe" >> snd.log

root@zabbix-server:/etc/zabbix/alert.d# grep AlertScriptsPath /etc/zabbix/zabbix_server.conf|grep -v "#"
AlertScriptsPath=/etc/zabbix/alert.d/
root@zabbix-server:/etc/zabbix/alert.d# ls -la ./
total 16
drwxr-xr-x 2 zabbix zabbix 4096 Feb 12 14:25 .
drwxr-xr-x 5 root   root   4096 Feb 12 14:10 ..
-rwxr-xr-x 1 zabbix zabbix  155 Feb 12 14:25 sendsms.sh
-rwxrwxrwx 1 zabbix zabbix    9 Feb 12 14:29 snd.log

location ~ (/wp-admin|/wp-login.php) {
allow 192.168.10.0/24;
deny all;
return 404;
}

[global]
   workgroup = workgroup
   netbios name = workgroup-smbp
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   log level = 1
   panic action = /usr/share/samba/panic-action %d
   server role = standalone server
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   vfs objects = acl_xattr
   map acl inherit = yes
   store dos attributes = yes
   nt acl support = yes
   acl group control = yes
[homes]
   comment = Home Directories
   browseable = no
   read only = no
   create mask = 0766
   directory mask = 0766
   valid users = %S
[users]
   comment= All users data
   path = /home
   browseable = yes
   valid users = %S

root@base-gateway:~# cat /etc/squid/squid.conf
acl all src 0.0.0.0/0.0.0.0
acl localnet src 192.168.1.0/24
http_port 192.168.1.1:3128 transparent
blablabla

root@base-gateway:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

root@base-gateway:~# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
REDIRECT   tcp  --  192.168.1.0/24       0.0.0.0/0            tcp dpt:80 redir ports 3128

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  tcp  --  192.168.1.0/24       8.8.8.8              tcp dpt:53
MASQUERADE  tcp  --  192.168.1.0/24       0.0.0.0/0            tcp dpt:443

MASQUERADE  all  --  192.168.1.0/24       0.0.0.0/0

root@debian:/# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[netlogon]"
Loaded services file OK.
Invalid combination of parameters for service homes.                       Map hidden can only work if create mask includes octal 01 (S_IXOTH).
Invalid combination of parameters for service homes.                       Map system can only work if create mask includes octal 010 (S_IXGRP).
Invalid combination of parameters for service netlogon.                            Map hidden can only work if create mask includes octal 01 (S_IXOTH).
Invalid combination of parameters for service netlogon.                            Map system can only work if create mask includes octal 010 (S_IXGRP).
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
        dos charset = cp866
        unix charset = UTF8
        display charset = UTF8
        workgroup = AKVA
        realm = AKVA
        server string = %h server
        interfaces = eth0
        bind interfaces only = Yes
        map to guest = Bad User
        pam password change = Yes
        passwd program = /usr/sbin/smbldap-passwd -u %u
        passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
        syslog = 0
        log file = /var/log/samba/log.%m
        time server = Yes
        add user script = /usr/sbin/smbldap-useradd -m %u -d /data/home/%u %u
        delete user script = /usr/sbin/smbldap-userdel %u -r %u
        add group script = /usr/sbin/smbldap-groupadd -p %g
        delete group script = /usr/sbin/smbldap-groupdel %g
        add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
        delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
        set primary group script = /usr/sbin/smbldap-usermod -g %g %u
        add machine script = /usr/sbin/smbldap-useradd -w %u
        logon script = logon.bat
        domain logons = Yes
        os level = 65
        preferred master = Yes
        domain master = Yes
        dns proxy = No
        wins support = Yes
        ldap admin dn = "cn=admin,dc=akva"
        ldap group suffix = ou=group
        ldap idmap suffix = ou=idmap
        ldap machine suffix = ou=machines
        ldap passwd sync = yes
        ldap suffix = dc=akva
        ldap ssl = no
        ldap user suffix = ou=people
        panic action = /usr/share/samba/panic-action %d
        map acl inherit = Yes
        case sensitive = No
        hide unreadable = Yes
        map hidden = Yes
        map system = Yes

[homes]
        comment = Home directories
        path = /data/home/%u
        read only = No
        browseable = No

[netlogon]
        path = /data/netlogon
        browseable = No

root@debian:/# grep -v "^#" /etc/pam_ldap.conf |sed '/^$/d'
base dc=akva
uri ldapi:///
ldap_version 3
rootbinddn cn=admin,dc=akva
bind_policy soft
pam_password md5
nss_base_passwd ou=people,dc=akva?one
nss_base_shadow ou=people,dc=akva?one
nss_base_group          ou=group,dc=akva?one
nss_base_hosts          ou=machines,dc=akva?one

root@debian:/# grep -v "^#" /etc/libnss-ldap.conf |sed '/^$/d'
base dc=akva
uri ldap://127.0.0.1/
ldap_version 3
rootbinddn cn=admin,dc=akva
bind_policy soft
pam_password    md5
nss_base_passwd ou=people,dc=akva?one
nss_base_shadow ou=people,dc=akva?one
nss_base_group          ou=group,dc=akva?one
nss_base_hosts          ou=machines,dc=akva?one

root@debian:/# grep -v "^#" /etc/nsswitch.conf |sed '/^$/d'
passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap
hosts:          files dns ldap
networks:       files ldap
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis