Disable ServerSignature on Apache or Nginx

How To disable Server Signature on Apache and Nginx HTTP-Server

There are numerous ways websites can be exposed to security threats. Information in the server signature is an increased risk for systems and can be used against them.

The server signature provides important information about the server with the extensions and the operating system. For an Apache server on Debian GNU/Linux, the Apache version number and operating system information is displayed in the HTTP server header signature.

This information displayed in the HTTP server header at line 10 and provides information about the web server version number and the PHP version, the OpenSSL version for Transport Layer Security and the operating system.

Signatures can contain sensitive information about the software versions running on the web server. If a page is not found on the server, the server sends the client an error page and the page appears in the browser, Not Found.

404_Not_Found
Browser Seite with HTTP-Statuscode 404 and Serversignature

A dead link is returned to the browser with the HTTP status code 404, and further information about the web server and version used are also disclosed.

It is recommended that the server signature be deactivated if the system is to be protected from open threats. This tutorial shows how to disable the server signature.

Disable Apache HTTP-Serversignatur on Debian GNU/Linux

Under Debian 10 (Buster) the server signature is configured in the file security.conf.

The default setting on Debian 10 (Buster) also on Ubuntu for ServerSignature is On and ServerTokens is Full. These can be deactivated as follows.

Apply change the Apache web server configuration.

Disable Apache HTTP Serversignatur on CentOS GNU/Linux

On CentOS (RedHat) the server signature is changed in the Apache configuration file httpd.conf.

Apply changes of the HTTP server signature for CentOS.

After disable the server signature, it is no longer displayed in the HTTP server header output. The modification can be checked using wget or here.

The deactivation of the server signature can also be achieved with .htaccess, this is created in the Docroot if it does not already exist.

Disable PHP-Version HTTP Server Header

The output of the PHP version number is deactivated in Debian 10 (Buster) as follows in the file php.ini.

On CentOS (RedHat) the PHP version header is done in php.ini under the following path.

Apache HTTP-Response-Header

The Apache ServerTokens directive has the following possible values that are sent to clients when the specific value is set.

This setting applies to the entire server and cannot be enabled or disabled on a virtual host basis.

Nginx HTTP Server_tokens OFF

The file nginx.conf must be modify for Nginx web server.

Apply changes to disable the Nginx server signature.

Disable Linux Mint automatic login

Linux Mint during installation offers the option of enabling system start with automatic login. If the password entry is to be restored later, as with Ubuntu 10 Buster, the option can no longer be found in the settings. This post show how to re-enabling the user login with password entry under Linux Mint 20 Ulyana.

It was necessary to switch off the automatic login after it was found that the email client Geary did not save the passwords of the accounts, these had to be re-entered after each restart.

email client Geary

Since Linux Mint 19 Tessa Chinnamon or more longer there has the option Automatic login in the Control Panel – Login window. The setting can now be made with an text editor, open a terminal hit CTRL + ALT + T and enter the following command:

and remove this lines:

 if you are not familiar with vim, your favorite editor could be nano or xed.

After restarting and logging in with a password, the key management opens in the background, which enables Geary to save the passwords in the seahorse key management.

lightdmconf
Linux Mint Terminal: cat /etc/lightdm/lightdm.conf

Another possibility to switch off the automatic user login is to remove the user in the Username field in the User section in System Settings – Login Window.

logon setting
Anmeldefenster – Benutzer – Benutzername muss leer sein.

On automatic login, the Username field must be empty.

Docker Container with Synology DSM

How to use Docker with Synology

Synology DSM 6.0 or higher comes with the Docker Engine. You can find the Docker App in the package center by entering docker in the search field.

Docker is a lean virtualization application platform, thousands of containers created by developers from all over the world can be executed and are published on the well-known image repository, called Docker Hub. Container images can be find on Docker Hub will loaded and executed from Synology’s integrated Docker App.

synology_paket_center_docker

If the Docker App does not appear in the Package Center, the Synology device is most likely not supported.

Due to the hardware requirements, Docker is only offered for models with virtualization technology (VT-x). The models used in this guide are RS820RP+ / RS4018xs+ / DS218+ for these the Docker ability is given.




How to use Docker

When you open the main menu icon from DSM, you will find the icon for the Docker Engine, which can now be started.

Synology_DSM_Control_Panel

Docker opens in overview, the running containers are listed here, any applications including allocated memory and CPU resources, number of container has yet been started.

docker_overview
Synology DSM Docker overview

In addition, the Docker command line is explained below, this as a alternative hint for using Docker Console.

CLI Docker Command Running Container:

In the Registration section you can search for new images (like on the official website). New repositories (in addition to the official ones) can also be added under Settings.

docker_registrering
Synology DSM Docker Registriering

CLI the original Docker Command is:

After a suitable image has been found, in this case a small Ubuntu 18.04 Dockerized image contains SSH service, it is downloaded with a right click on the Synology NAS, ideally always choosing latest. All images are write-protected and can be used multiple times for other containers.

The download can take a few minutes, depending on the size and available download bandwidth. The download status is shown with an animated icon.

CLI Docker Command is:

The downloaded images that are available on the Synology NAS are located under Image. New containers can be started with the Docker wizard. Note Synlogy_Docker_Link link symbol opens the Docker Hub page for container with useful information.

docker_image
Synology DSM Docker Image

CLI Docker Command is:

Now go to Start will open the Assistent.

synology_docker_container
Abbildung: Synology DSM Docker Container Starten

Next to complete the wizard and start the container with klick Apply.

synology_container_erstellen
Synology DSM Docker create

CLI Docker Command is:

Running container can now be found in the Container section.

Synology_DSM_Docker_Container

CLI Docker full output as follows:

Back to Docker overview, we can now see the resources of started containers.

synology_docker_overview
Synology DSM Docker overview

CLI Docker Command is:

Now we are trying to establish an SSH terminal to the container. To do this in the Container section, click on Details to see which port the SSH service is listening on.

Synology DSM Docker Conatainer
Synology DSM Docker Container

In the overview under port settings we find the value we are looking for under local port, in this case it is port 32789, the port address is assigned automatically.

CLI  Determine port address.

Now we open PuTTY or KiTTY and connect to IP of the Synology NAS with port 32789 to the container, for CLI Command as follows:

kitty_session
Abbildung: KiTTY Session

Logon as root with the password of root.

docker_terminal

The Docker Engine can also be used from the console, provided the SSH terminal that has been activated under DSM Control Panel – SSH Service.

The Docker application shown in this article is intended to show as a simple example how Docker can be used on a Synology NAS, of course there are more useful container applications, such as Websever for developing web applications to complete development environments, there are already countless Docker images on Docker Hub https://hub.docker.com, and other Docker registrars. It makes you wonder whether the effort to install your development environment such as Xamp or LAMP is still useful. At this point it should be mentioned that all data stored in the container must be saved on a persistent volume, because all work is lost when the container is closed.

There are also other articles about using Docker here in this blog, the best thing to do is to simply enter docker in the search field above.

Repair Windows Spotlight

Windows Spotlight does not show any new images

Windows Spotlight is a feature included in Windows 10, that download wallpapers from Bing automatically, so that you alternately see a new background image on the lock screen when you log in.

The only downside to Microsoft Windows Spotlight is that sometimes it stops working or you could find it stuck on the same picture. Unfortunately, Windows 10 doesn’t include an option to reset this feature. However, it is possible to fix Windows Spotlight settings using this simple workaround.

To do this, open settings, click on -> Personalization and -> Lock screen, here change the background to picture.

notepad_code_spotlight

Then right-click on Desktop -> New -> Text document and insert the following content:

Click on File -> Save As, and save as Filename spotlight.bat.

notepad_code_spotlight

Right-click on mouse over the spotlight.bat batch file will context menu opens, select run as administrator here.

Now restart your computer. Then open settings again and switch to Windows Spotlight under Personalization -> Lock screen.

As soon as these steps are carried out, you can lock the computer be hit the Win + L keys, now lock screen presenting new Bing images.

Note: To Windows Spotlight working, setting – Privacy – Background apps must be activated.

background_apps_setting
Setting: Allow run apps in the background
Windows 10 Blickpunkt Reparieren

Nagios Monitoring on Raspberry Pi

How to Install Nagios on Raspberry Pi

Nagios OpenSource IT infrastructure Monitoring

Nagios consists of a collection of modules for monitoring networks, hosts and their specific services, as well as a web interface to display queries of the collected data. Nagios is under the GNU GPL, so it is free software and runs on numerous Unixoid operating systems. Because of its widespread use, Nagios has become a quasi-standard in professional use.

Nagios Monitoring with Raspberry Pi

Raspberry Pi with its fanless design, minimal dimensions and low power consumption, well suited as a single-board computer for a Nagios monitoring server that can even monitor itself.

INSTALLATION

The installation of Nagios Core 4 on the Raspberry’s own OS Raspbian, which is based on Debian, is unspectacular. Here in these instructions the procedure for a Raspberry Pi 3 Model B is shown, on a 32 GB microSD card type Class 10, a 16 GB microSD card would also suffice.

Raspbian Terminal

SanDisk Ultra SDHC I 16 GB – 80 /Sek, Class 10 microSD Card

The provision of Raspbian on a microSD card is not discussed here in more detail. After booting a Raspbian desktop image, the LXTerminal is opened on the Raspbian X desktop and the root shell is started, in headless operation a VNC session can be started with VNCViewer, with the login as user pi and the default password raspberry. If you want to use the Raspbian Minimal Image, authentication via SSH to the Raspberry Pi is recommended.

Raspbian VNCViewer

After logging in as user pi, we want to become root.

First, all required packages are installed from the repository as a prerequisite.

Download and unzip the Nagios Core 4 source packages. The last release can be found here The core release as well as the agents and plugins are available on Github,

Compilie

Create the user nagios and the group. The Apache user www-data is also added to the nagios group.

Install the binaries.

Installing the service daemon files and configuring them for the boot process.

Installs and configures the external command file.

Just now * SAMPLE * configuration files will be installed. These are necessary because Nagios needs some configuration files to start.

apache_webserverApache web server configuration files are installed and the Apache settings for Nagios are configured.

Port 80 must be permitted for incoming data traffic on the local firewall so that the Nagios Core web interface can be reached.

Answer yes to save the existing rules.

An Apache user account is created so that it can log into Nagios.

The following command creates a user account called nagiosadmin and a password is created for the account, now remember this password.

The Apache web server must be restarted.

Nagios Core will now start.

Nagios is now ready to be tested.

You will be asked to log in with your user name and password. The username is nagiosadmin (you created it in a previous step) and the password is what you provided earlier.

After successfully logging in, the Nagios Core web interface appears. Congratulations, you did it.

Nagios Core is now installed, the Nagios plugins are still required for operation. The error message appears: (No output on stdout) stderr: execvp(/usr/local/nagios/libexec/check_load .. this is normal, the standard plugins are installed in the following steps.

Plugin Installation

The following packages are installed from the repository as a prerequisite for installing the plugins.

Download and extract the source packages. The last plugin releases can get from nagios-plugins.org.

Compile and install packages.

Go to a host or service object and “Re-schedule the next check” in the Commands menu. The error that appeared before should now disappear and the correct output is displayed on the screen.

The daemon commands for start / stop / restart / status.

Nagios configuration

Now that the Nagios Core Server is ready for operation, it is time to create the configuration of the host and services that are to be monitored. Under /usr/local/nagios/etc the main configuration is nagios.cfg, here the paths to the configuration files are defined with cfg_file, the hosts to be monitored can be entered in a file hosts.cfg.

If it is to be more structured, there is the possibility to save the host and service configuration in the directories printers, routers, servers, switches, for this the file nagios.cfg is edited and the comment characters # (hash) are removed accordingly in cfg_dir =.

The .cfg files created in the directories are read out.

Example for a mail and web server with this IMAP and HTTPS is checked.

The Nagios server is restarted after each change.

A look at the Nagios log file can be worthwhile.

Additional configuration examples for Linux, Windows, printer routers and switches can be found under the objects directory.

nagios_check_dns
Beispiel: Nagios Service Configuration

With remote agents such as NCPA, active checks can be carried out on Windows and Linux hosts; passive checks can be carried out using NRDP and NRPE, which provide values ​​on CPU load, memory usage, processes, user and disk usage.

Nagios Notification

In the file nagios.cfg and objects/contacts.cfg the recipient email  root@localhost can be left.

In the file nagios.cfg at admin_email.

Postfix is ​​used here as the mail transport agent for the Nagios email notification. This is installed and configured as follows.

During the installation you will be asked to select a mail server configuration, here we select Internet Site.

In order to be able to test the sending of emails later, the package mailutils is installed.

The Postfix main configuration main.cf is adapted.

At relayhost, the mail server is entered that allows Raspberry Pi to receive emails, if the Raspberry is behind a firewall with NAT, the public IP address of the mail server must be authorized for reception.

Set up an email address for root by editing the aliases file.

At the end a valid email address is entered so that mails from this host are delivered, here as an example it is helpdesk@banana.org, the colon for root: is mandatory.

The changes in the aliases file must still generate the aliases.db file.

The Postfix configuration also has to be read in and activated.

Now sending emails from Raspberry Pi, this can be done as follows.

An email should now be in the inbox of helpdesk@banana.org.

Read the email log can also provide further information here.

If the attempt to send returns the status=bounced, receipt on the mailer is not yet authorized. With Exchange, the IP address of the Raspberry Pi must be entered in the receive connector in the frontend transport under area definition for email received from servers with these remote IP addresses. For Postfix a smtpd_client_restrictions directive must exist in main.cf.

client_access file contains the IP address of the Raspberry Pi.

Postfix database still needs to be generated.

If the SMTP requests are accepted by the mailer, the queue process and delivery can take place.

last but not least

If all of this is too complicated, or the required time is not available, the finished Raspberry Pi Box can be obtained here.

Fully initialized and ready to rock!

Windows Server 2012 NTP Configuration

Windows Server NTP Network Time

Correct time synchronization in an AD domain environment is a prerequisite for stable operation. This article describes how NTP (w32tm) is configured on a Windows Server 2012 (FSMO). As a rule, the PDC operations master is the NTP service server in a forest. A PDC emulator in a domain is synchronized with an external time source. In order for a domain controller to be regarded as a reliable time source, this must be specified explicitly.

In order to make the PDC emulator a reliable time source that regularly synchronizes with time servers on the Internet, the following commands from PowerShell are executed as administrator:

Show which time server is currently in use.

Execute the time synchronization immediately.

The clients and servers in domain forest as well as shared storages can now synchronize the time with the PDC emulator.

The firewall permit UDP port 123 inbound, e.g. allow outgoing.

The NTP configuration can also be done via GPO by calling gpmc.msc.

Group Policy Management
Computerkonfiguration/Administrative Templates/System/Windows-Timeservice/Timeserver

Group Policy Management Console
Group Policy Management Console

Following Test Displays a graph of the offset between synchronizing computers.

W32tm stripchart
W32tm stripchart

The configuration can also be checked in the registry.

w32tm_registry
HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

How to Install Signal on Linux

Install Signal Desktop on Linux Mint and Ubuntu

Signal is a free messenger with encryption of the non-profit Signal Foundation. It is best known for its data economy and end-to-end encryption, and is often recommended by security experts and privacy organizations. The “zero-knowledge principle” serves as data protection, in which the provider has no access to user data.

The Signal app is available for Android and iOS, a desktop version for Windows, macOS and Linux. The desktop version requires installation on a smartphone. The free signal protocol is used for encrypting messages, which security experts consider to be secure.

The Signal desktop package are available for Linux Mint and Ubuntu. The installation need the signal.org repository, the following four commands are performed in a terminal shell.

The Signal app can now be found via Start on Internet, or by entering Signal into the Cinnamon search field.

signal desktop on cinnamon
Cinnamon Desktop with Signal desktop

KeePass URL Launcher

Launch connections from KeePass use variable title, user name and password

KeePass allows to open a program directly from the entry, the interaction performs the connection to a host with user and password transfer from KeePass, the external program must be executable with command line parameters, such as PuTTY or KiTTY it allows.

The interaction is enabled in the field URL. The KeePass URL starts with the prefix cmd:// followed by the external program, enclosed in quotation marks.

KeepPass_Add_Entry_URL

The field Title of the KeePass entry contains the host name or IP address. The URL is composed of the Title, User name, and Password field, which is used as the KeePass variable TITLE, USERNAME, and PASSWORD, they passed to PuTTY, with -l for username and -pw for the password, for which host is suitable the field TITLE.

The URL field can execute any valid URL for which a protocol handler is defined. On most systems at least the http://, https://, ftp://, ssh:// and mailto: protocols are defined. KeePass supports all protocols that Windows supports.

If you have registered PuTTY globally (i.e. with Windows Explorer) for ssh:// URLs, KeePass automatically uses PuTTY for ssh:// URLs as well. Starting with Windows 10 version 1909, the OpenSSH Client can also be installed under Apps & Features – Optional Features.

Instead of a URL, you can also execute command lines using the URL field. To tell KeePass that the line you entered is a command line, prefix it using cmd://. For example if you would like to execute Notepad, your URL could look like this:

Source link: KeePass URL Field Capabilities

how to save sent items to Delegated Mailbox on Outlook

Outlook does not save sent email in the sent items of the delegate mailbox

Outlook offers several people access to a shared Exchange mailbox in order to send e-mails from there; the e-mails that are sent are always in the mailbox of their own user “Sent Items”. This standard behavior of Outlook makes it difficult for employees to understand what was replied to which email by whom.

There is no way to change this state in the Outlook settings. However, adding a registry key enables Outlook to always move such e-mails to the mailbox that sent the e-mail. The following instructions are valid for Microsoft Outlook 2007 to 2016.

How to do it

Open the registry editor with the key Win + R

hoytkey

then entering regedit and click OK, now navigate to the following registry key:

The number 15.0 stands for the Office version, the following values apply to the versions:

12.0 = 2007
14.0 = 2010
15.0 = 2013
16.0 = 2016
16.0 = 2019
16.0 = Office 365

Create a new DWORT key with the name DelegateSentItemsStyle and assign the value 1 to this newly created key.

As you can see, the version number has remained at 16.0 since Outlook 2016 and Office 2019 will not become version 17.0. This is because Office 2016 and Office 2019 are now the same code base as Office 365.

Alternatively, you can run the following command in a command prompt opened as an administrator.

Outlook is now able to save the sent e-mail in sent items in the shared mailbox.

Note! Outlook must be configured to run in cached mode for this option to work properly.

Cumulative Update 9 for Exchange Server 2013 introduced a new feature that allows administrators to set the option to copy messages to the Sent Items folder.

Unfortunately, there is no easy solution for public folders. To do this, a transport role must be configured on the Exchange server.

If you are still using Exchange 2010, you have to go to the OWA options for the shared mailbox, and under Settings, select Sent Items, Sender and “From” mailboxes.

outlook_web_app_sent_items

Microsoft also donated a PowerShell cmdlet, from Exchange 2010 SP2 RU4 the following command is available.