DOCSLIB.ORG

Ubuntu Server Guide Basic Installation Preparing to Install

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Ubuntu Server Guide Basic Installation Preparing to Install Ubuntu Server Guide Changes, errors and bugs This is the current edition for Ubuntu 20.04 LTS, Focal Fossa. Ubuntu serverguides for previous LTS versions: 18.04 (PDF), 16.04 (PDF). If you find any errors or have suggestions for improvements to pages, please use the link at thebottomof each topic titled: “Help improve this document in the forum.” This link will take you to the Server Discourse forum for the specific page you are viewing. There you can share your comments or let us know aboutbugs with each page. Offline Download this guide as a PDF Support There are a couple of different ways that Ubuntu Server Edition is supported: commercial support and community support. The main commercial support (and development funding) is available from Canonical, Ltd. They supply reasonably- priced support contracts on a per desktop or per server basis. For more information see the Ubuntu Advantage page. Community support is also provided by dedicated individuals and companies that wish to make Ubuntu the best distribution possible. Support is provided through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The large amount of information available can be overwhelming, but a good search engine query can usually provide an answer to your questions. See the Ubuntu Support page for more information. Basic installation This chapter provides an overview of installing Ubuntu 20.04 Server Edition. There is more detailed docu- mentation on other installer topics. Preparing to Install This section explains various aspects to consider before starting the installation. System requirements Ubuntu 20.04 Server Edition provides a common, minimalist base for a variety of server applications, such as file/print services, web hosting, email hosting, etc. This version supports four 64-bit architectures: • amd64 (Intel/AMD 64-bit) • arm64 (64-bit ARM) • ppc64el (POWER8 and POWER9) • s390x (IBM Z and LinuxONE) The recommended system requirements are: • CPU: 1 gigahertz or better 1 • RAM: 1 gigabyte or more • Disk: a minimum of 2.5 gigabytes Server and Desktop Differences The Ubuntu Server Edition and the Ubuntu Desktop Edition use the same apt repositories, making it just as easy to install a server application on the Desktop Edition as on the Server Edition. One major difference is that the graphical environment used for the Desktop Edition is not installed for the Server. This includes the graphics server itself, the graphical utilities and applications, and the various user-supporting services needed by desktop users. Backing Up Before installing Ubuntu Server Edition you should make sure all data on the system is backed up. If this is not the first time an operating system has been installed on your computer, it is likely you willneed to re-partition your disk to make room for Ubuntu. Any time you partition your disk, you should be prepared to lose everything on the disk should you make a mistake or something goes wrong during partitioning. The programs used in installation are quite reliable, most have seen years of use, but they also perform destructive actions. Preparing install media There are platform specific step-by-step examples for s390x LPAR, z/VM and ppc64el installations. For amd64, download the install image from https://releases.ubuntu.com/20.04/. There are many ways to boot the installer but the simplest and commonest way is to create a bootable USB stick to boot the system to be installed with (tutorials for other operating systems are also available). Booting the installer Plug the USB stick into the system to be installed and start it. Most computers will automatically boot from USB or DVD, though in some cases this is disabled to improve boot times. If you don’t see the boot message and the “Welcome” screen which should appear after it, you will need to set your computer to boot from the install media. There should be an on-screen message when the computer starts telling you what key to press for settings or a boot menu. Depending on the manufacturer, this could be Escape, F2,F10 or F12. Simply restart your computer and hold down this key until the boot menu appears, then select the drive with the Ubuntu install media. If you are still having problems, check out the Ubuntu Community documentation on booting from CD/DVD. After a few moments, the installer will start in its language selection screen. welcome_c|690x517 2 Using the installer The installer is designed to be easy to use and have sensible defaults so for a first install you can mostly just accept the defaults for the most straightforward install: • Choose your language • Update the installer (if offered) • Select your keyboard layout • Do not configure networking (the installer attempts to configure wired network interfaces viaDHCP, but you can continue without networking if this fails) • Do not configure a proxy or custom mirror unless you have to in your network • For storage, leave “use an entire disk” checked, and choose a disk to install to, then select “Done” on the configuration screen and confirm the install • Enter a username, hostname and password • Just select Done on the SSH and snap screens • You will now see log messages as the install is completed • Select restart when this is complete, and log in using the username and password provided There is more detailed documentation on all these options. Advanced Installation Software RAID Redundant Array of Independent Disks “RAID” is a method of using multiple disks to provide different balances of increasing data reliability and/or increasing input/output performance, depending on the RAID level being used. RAID is implemented in either software (where the operating system knows about both drives and actively maintains both of them) or hardware (where a special controller makes the OS think there’s only one drive and maintains the drives ‘invisibly’). The RAID software included with current versions of Linux (and Ubuntu) is based on the ‘mdadm’ driver and works very well, better even than many so-called ‘hardware’ RAID controllers. This section will guide you through installing Ubuntu Server Edition using two RAID1 partitions on two physical hard drives, one for / and another for swap. RAID Configuration Follow the installation steps until you get to the Guided storage configuration step, then: Select Custom storage layout. Create the /boot partition in a local disk. So select one of the devices listed in available devices and Add GPT Partition. Next, enter the partition size, then choose the desired Format (ext4) and /boot as mount point. And finally, select Create. Now to create the RAID device select Create software RAID (md) under AVAILABLE DEVICES. Add the name of the RAID disk (the default is md0). For this example, select “1 (mirrored)” in RAID level, but if you are using a different setup choose the appropriate type (RAID0 RAID1 RAID5 RAID6 RAID10). Note In order to use RAID5, RAID6 and RAID10 you need more than two drives. Using RAID0 or RAID1 only two drives are required. 3 Select the devices that will be used by this RAID device. The real devices can be marked as active or spare, by default it becomes active when is selected. Select the Size of the RAID device. Select Create. The new RAID device (md0 if you did not change the default) will show up in the available devices list, with software RAID 1 type and the chosen size. Repeat steps above for the other RAID devices. Partitioning Select the RAID 1 device created (md0) then select “Add GPT Partition”. Next, select the Size of the partition. This partition will be the swap partition, and a general rule for swap size is twice that of RAM. Enter the partition size, then choose swap in Format. And finally, select Create. Note A swap partition size of twice the available RAM capacity may not always be desirable, especially on systems with large amounts of RAM. Calculating the swap partition size for servers is highly dependent on how the system is going to be used. For the / partition once again select the RAID 1 device then “Add GPT Partition”. Use the rest of the free space on the device, choose the format (default is ext4) and select / as mount point, then Create. Repeat steps above for the other partitions. Once it is finished select “Done”. The installation process will then continue normally. Degraded RAID At some point in the life of the computer a disk failure event may occur. When this happens, using Software RAID, the operating system will place the array into what is known as a degraded state. If the array has become degraded, due to the chance of data corruption, by default Ubuntu Server Edition will boot to initramfs after thirty seconds. Once the initramfs has booted there is a fifteen second prompt giving you the option to go ahead and boot the system, or attempt manual recover. Booting to the initramfs prompt may or may not be the desired behavior, especially if the machine is in a remote location. Booting to a degraded array can be configured several ways: • The dpkg-reconfigure utility can be used to configure the default behavior, and during the processyou will be queried about additional settings related to the array. Such as monitoring, email alerts, etc. To reconfigure mdadm enter the following: sudo dpkg−reconfigure mdadm • The dpkg−reconfigure mdadm process will change the /etc/initramfs−tools/conf.d/mdadm configura- tion file. The file has the advantage of being able to pre-configure the system’s behavior, andcanalso be manually edited: BOOT_DEGRADED=true 4 Note The configuration file can be overridden by using a Kernel argument. • Using a Kernel argument will allow the system to boot to a degraded array as well: – When the server is booting press Shift to open the Grub menu.
Load more

Recommended publications
  • Fully Eliminated the Language Barrier and Enable Ease of Communication Through This Application
    IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661, p- ISSN: 2278-8727Volume 16, Issue 2, Ver. XI (Mar-Apr. 2014), PP 113-119 www.iosrjournals.org Alltalk™- A Windows Phone Messenger with Cross Language Communication Shruti Shetye1, Akhil Abraham2, Royston Pinto3, Sonali Vaidya4 1(BE-IT Student, Information Technology, St. FrancisInstitute of Technology, India) 2(BE-IT Student, Information Technology, St. Francis Institute of Technology, India) 3(BE-IT Student, Information Technology, St. Francis Institute of Technology, India 4(Lecturer, Information Technology, St. Francis Institute of Technology, India) __________________________________________________________________________________ Abstract:In day to day life, messengers or chatting applications provide facility for instant messaging over the internet. Exchange of messages takes place in universally used languages like English, French, etc. where both the users know how to communicate in a common language. Thus chatting on mobile phones is a luxury when both the parties involved know a common language. Hence we have implemented ALLTALK™ which is a Windows 8 phone based chatting application which makes cross language communication possible using mobile programming and networking technology.This application will enable the communication between two persons irrespective of the language each user wishes to use individually. The various modes of communication available in this messenger are through text and voice. Due to the best processing power provided among the available smartphones and high battery life we choose to work on windows 8 platform. Thus we have successfully eliminated the language barrier and enable ease of communication through this application. Keywords: Cross Language communication, instant messenger, socket connection, translator,Windows phone app.
    [Show full text]
  • Campus Networking Best Practices Session 5: Wireless
    Campus Networking Best Practices Session 5: Wireless LAN Hervey Allen Dale Smith NSRC & University of Oregon University of Oregon & NSRC [email protected] [email protected] Wireless LAN • Provide wireless network across your campus that has the following characteristics: – Authentication – only allow your users – Roaming – allow users to start up in one section of your network, then move to another location – Runs on your campus network Firewall/ Border Traffic Shaper Router Wireless REN switch Authentication Core Gateway Router Core Servers Network Access Control (NAC) Enterprise Identity Management • Processes and Documentation of users. – Now you must deal with this. – What to use as the back-end user store? • LDAP • Active Directory • Kerberos • Other? – Will this play nice with future use? • email, student/staff information, resource access, ... Identity Management Cont. • An example of such a project can be seen here: – http://ccadmin.uoregon.edu/idm/ • This is a retrofit on to an already retrofitted system. • Learn from others and try to avoid this situation if possible. A Wireless Captive Portal The Wireless Captive Portal • Previous example was very simple. • A Captive Portal is your chance to: – Explain your Acceptable Use Policies – Decide if you must authenticate, or – Allow users on your network and monitor for problems instead (alternate solution). – Anything else? Branding? What's Happening? • remember our initial network diagrams...? • Do you think our hotel built their own solution? • Probably not... Commercial Solutions • Aruba http://www.arubanetworks.com/ • Bradford Networks – http://www.bradfordnetworks.com/ • Cisco NAC Appliance (Clean Access) – http://www.cisco.com/en/US/products/ps6128/ • Cisco Wireless LAN Controllers – http://www.cisco.com/en/US/products/hw/wireless/ • Enterasys http://www.enterasys.com/ • Vernier http://www.verniernetworks.com Open Source Solutions • CoovaChilli (morphed from Chillispot) – http://coova.org/wiki/index.php/CoovaChilli – Uses RADIUS for access and accounting.
    [Show full text]
  • Automated IT Service Fault Diagnosis Based on Event Correlation Techniques
    Automated IT Service Fault Diagnosis Based on Event Correlation Techniques Dissertation an der Fakultat¨ fur¨ Mathematik, Informatik und Statistik der Ludwig-Maximilians-Universitat¨ Munchen¨ vorgelegt von Andreas Hanemann Tag der Einreichung: 22. Mai 2007 1. Berichterstatter: Professor Dr. Heinz-Gerd Hegering, Ludwig-Maximilians-Universit¨at M¨unchen 2. Berichterstatterin: Professor Dr. Gabrijela Dreo Rodosek, Universit¨at der Bundeswehr M¨unchen Automated IT Service Fault Diagnosis Based on Event Correlation Techniques Dissertation an der Fakultat¨ fur¨ Mathematik, Informatik und Statistik der Ludwig-Maximilians-Universitat¨ Munchen¨ vorgelegt von Andreas Hanemann Tag der Einreichung: 22. Mai 2007 Tag der m¨undlichen Pr¨ufung: 19. Juli 2007 1. Berichterstatter: Professor Dr. Heinz-Gerd Hegering, Ludwig-Maximilians-Universit¨at M¨unchen 2. Berichterstatterin: Professor Dr. Gabrijela Dreo Rodosek, Universit¨at der Bundeswehr M¨unchen Acknowledgments This thesis has been written as part of my work as a researcher at the Leib- niz Supercomputing Center (Leibniz-Rechenzentrum, LRZ) of the Bavarian Academy of Sciences and Humanities which was funded by the German Re- search Network (DFN-Verein) as well as in cooperation with the research group of Prof. Dr. Heinz-Gerd Hegering. Apart from the LRZ, this research group called MNM-Team (Munich Network Management Team) is located at the University of Munich (LMU), the Munich University of Technology (TUM) and the University of Federal Armed Forces in Munich. At first, I would like to thank my doctoral advisor Prof. Dr. Heinz-Gerd Hegering for his constant support and helpful advice during the whole prepa- ration time of this thesis. I would also like to express my special gratefulness to my second advisor, Prof.
    [Show full text]
  • TLS in the Wild: an Internet-Wide Analysis of TLS-Based Protocols for Electronic Communication
    TLS in the wild: An Internet-wide analysis of TLS-based protocols for electronic communication Ralph Holz∗, Johanna Amannz, Olivier Mehaniy, Matthias Wachsx, Mohamed Ali Kaafary ∗University of Sydney, Australia, Email: [email protected] yData61/CSIRO, Sydney, Australia, Email: [email protected] zICSI, Berkeley, USA, Email: [email protected] xTechnical University of Munich, Germany, Email: [email protected] This is a preprint of the camera-ready version to appear at NDSS 2016. Last update: 19 Dec 2015. Abstract—Email and chat still constitute the majority of in 2018 [11]. As for chat, the most widely used standard- electronic communication on the Internet. The standardisation based networks are IRC group chats and the XMPP instant and acceptance of protocols such as SMTP, IMAP, POP3, XMPP, messaging and multi-user conferencing network. and IRC has allowed to deploy servers for email and chat in a decentralised and interoperable fashion. These protocols can be In their early days, email protocols such as SMTP, POP3, secured by providing encryption with TLS—directly or via the and IMAP were designed with no special focus on security. STARTTLS extension. X.509 PKIs and ad hoc methods can be In particular, authentication in SMTP was introduced a while leveraged to authenticate communication peers. However, secure after the protocol’s standardisation, initially as a way to configuration is not straight-forward and many combinations fight spam. User agents started to move towards encryption of encryption and authentication mechanisms lead to insecure deployments and potentially compromise of data in transit. In and authenticated connections gradually, using the then-new this paper, we present the largest study to date that investigates SSL 3 and later the TLS protocols to protect the transport the security of our email and chat infrastructures.
    [Show full text]
  • Iptables with Shorewall!
    Iptables with shorewall! Table of Contents 1. Install swarmlab-sec (Home PC) . 1 2. shorewall . 1 2.1. Installation . 2 3. Basic Two-Interface Firewall. 2 4. Shorewall Concepts . 3 4.1. zones — Shorewall zone declaration file . 3 4.2. interfaces — Shorewall interfaces file. 4 4.3. policy — Shorewall policy file . 4 4.4. rules — Shorewall rules file . 4 4.5. Compile then Execute . 4 5. Three-Interface Firewall. 5 5.1. zones . 6 5.2. interfaces . 6 5.3. policy . 7 5.4. rules . 7 5.5. masq - Shorewall Masquerade/SNAT definition file . 7 5.6. snat — Shorewall SNAT/Masquerade definition file . 8 5.7. Compile and Execute . 8 1. Install swarmlab-sec (Home PC) HowTo: See http://docs.swarmlab.io/lab/sec/sec.adoc.html NOTE Assuming you’re already logged in 2. shorewall Shorewall is an open source firewall tool for Linux that builds upon the Netfilter (iptables/ipchains) system built into the Linux kernel, making it easier to manage more complex configuration schemes by providing a higher level of abstraction for describing rules using text files. More: wikipedia 1 NOTE Our docker instances have only one nic to add more nic’s: create netowrk frist docker network create --driver=bridge --subnet=192.168.0.0/16 net1 docker network create --driver=bridge --subnet=192.168.0.0/16 net2 docker network create --driver=bridge --subnet=192.168.0.0/16 net3 then connect network to container connect network created to container docker network connect net1 master docker network connect net1 worker1 docker network connect net2 master docker network connect net2 worker2 now let’s look at the following image 2.1.
    [Show full text]
  • Linux Administrators Security Guide LASG - 0.1.1
    Linux Administrators Security Guide LASG - 0.1.1 By Kurt Seifried ([email protected]) copyright 1999, All rights reserved. Available at: https://www.seifried.org/lasg/. This document is free for most non commercial uses, the license follows the table of contents, please read it if you have any concerns. If you have any questions email [email protected]. A mailing list is available, send an email to [email protected], with "subscribe lasg-announce" in the body (no quotes) and you will be automatically added. 1 Table of contents License Preface Forward by the author Contributing What this guide is and isn't How to determine what to secure and how to secure it Safe installation of Linux Choosing your install media It ain't over 'til... General concepts, server verses workstations, etc Physical / Boot security Physical access The computer BIOS LILO The Linux kernel Upgrading and compiling the kernel Kernel versions Administrative tools Access Telnet SSH LSH REXEC NSH Slush SSL Telnet Fsh secsh Local YaST sudo Super Remote Webmin Linuxconf COAS 2 System Files /etc/passwd /etc/shadow /etc/groups /etc/gshadow /etc/login.defs /etc/shells /etc/securetty Log files and other forms of monitoring General log security sysklogd / klogd secure-syslog next generation syslog Log monitoring logcheck colorlogs WOTS swatch Kernel logging auditd Shell logging bash Shadow passwords Cracking passwords John the ripper Crack Saltine cracker VCU PAM Software Management RPM dpkg tarballs / tgz Checking file integrity RPM dpkg PGP MD5 Automatic
    [Show full text]
  • Ispmail Tutorial for Debian Lenny
    6.10.2015 ISPmail tutorial for Debian Lenny ISPmail tutorial for Debian Lenny Add new comment 223533 reads This tutorial is for the former stable version "Debian Lenny". If you are using "Debian Squeeze" then please follow the new tutorial. A spanish translation of this tutorial is also available ­ courtesy of José Ramón Magán Iglesias. What this tutorial is about You surely know the internet service providers that allow you to rent a domain and use it to receive emails. If you have a computer running Debian which is connected to the internet permanently you can do that yourself. You do not even need to have a fixed IP address thanks to dynamic DNS services like dyndns.org. All you need is this document, a cup of tea and a little time. When you are done your server will be able to... receive and store emails for your users from other mail servers let your users retrieve the email through IMAP and POP3 ­ even with SSL to encrypt to connection receive and forward ("relay") email for your users if they are authenticated offer a webmail interface to read emails in a web browser detect most spam emails and filter them out or tag them License/Copyright This tutorial book is copyrighted 2009 Christoph Haas (email@christoph­haas.de). It can be used freely under the terms of the GNU General Public License. Don't forget to refer to this URL when using it. Thank you. Changelog 17.6.09: Lenny tutorial gets published. 19.6.09: The page on SPF checks is temporarily offline.
    [Show full text]
  • Sentry Firewall CD HOWTO Sentry Firewall CD HOWTO Table of Contents
    Sentry Firewall CD HOWTO Sentry Firewall CD HOWTO Table of Contents Sentry Firewall CD HOWTO............................................................................................................................1 Stephen A. Zarkos, Obsid@Sentry.net....................................................................................................1 1. Introduction..........................................................................................................................................1 2. How the CD Works (Overview)..........................................................................................................1 3. Obtaining the CDROM........................................................................................................................1 4. Using the Sentry Firewall CDROM.....................................................................................................1 5. Overview of Available Configuration Directives................................................................................1 6. Setting Up a Firewall...........................................................................................................................2 7. Troubleshooting...................................................................................................................................2 8. Building a Custom Sentry CD.............................................................................................................2 9. More About the Sentry Firewall Project..............................................................................................2
    [Show full text]
  • Projeto Final
    UNIVERSIDADE CATÓLICA DE BRASÍLIA PRÓ-REITORIA DE GRADUAÇÃO TRABALHO DE CONCLUSÃO DE CURSO Bacharelado em Ciência da Computação e Sistemas de Informação CRIAÇÃO DE UM CORREIO ELETRÔNICO CORPORATIVO COM POSTFIX Autores: Davi Eduardo R. Domingues Luiz Carlos G. P. C. Branco Rafael Bispo Silva Orientador: MSc. Eduardo Lobo BRASÍLIA 2007 Criação de um Servidor de Correio Eletrônico Corporativo com Postfix 2 / 111 DAVI EDUARDO R. DOMINGUES LUIZ CARLOS G. P. C. BRANCO RAFAEL BISPO SILVA CRIAÇÃO DE UM SERVIDOR DE CORREIO ELETRÔNICO CORPORATIVO COM POSTFIX Monografia apresentada ao Programa de Graduação da Universidade Católica de Brasília, como requisito para obtenção do Título de Bacharelado em Ciência da Computação. Orientador: MSc. Eduardo Lobo Brasília 2007 Criação de um Servidor de Correio Eletrônico Corporativo com Postfix 3 / 111 TERMO DE APROVAÇÃO Dissertação defendida e aprovada como requisito parcial para obtenção do Título de Bacharel em Ciência da Computação, defendida e aprovada, em 05 de dezembro de 2007, pela banca examinadora constituída por: _______________________________________________________ Professor Eduardo Lobo – Orientador do Projeto _______________________________________________________ Professor Mário de Oliveira Braga Filho – Membro Interno _______________________________________________________ Professor Giovanni – Membro Interno Brasília UCB Criação de um Servidor de Correio Eletrônico Corporativo com Postfix 4 / 111 Dedico este trabalho primeiramente a Deus que me deu a vida e paciência para chegar a este nível de estudo que me encontro. Em especial a minha mãe que acreditou em mim, aos bons valores que me ensinou e pelo apoio a toda minha vida acadêmica e me compreendeu pelos momentos de ausência ao seu lado. Davi Eduardo R. Domingues Criação de um Servidor de Correio Eletrônico Corporativo com Postfix 5 / 111 Dedico a minha família que sempre acreditou em mim, também aos meus grandes amigos e aos grandes amigos que se foram, aqueles que nos deixam saudades e uma vontade de continuar seus trabalhos.
    [Show full text]
  • Linux Networking Cookbook.Pdf
    Linux Networking Cookbook ™ Carla Schroder Beijing • Cambridge • Farnham • Köln • Paris • Sebastopol • Taipei • Tokyo Linux Networking Cookbook™ by Carla Schroder Copyright © 2008 O’Reilly Media, Inc. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (safari.oreilly.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or [email protected]. Editor: Mike Loukides Indexer: John Bickelhaupt Production Editor: Sumita Mukherji Cover Designer: Karen Montgomery Copyeditor: Derek Di Matteo Interior Designer: David Futato Proofreader: Sumita Mukherji Illustrator: Jessamyn Read Printing History: November 2007: First Edition. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. The Cookbook series designations, Linux Networking Cookbook, the image of a female blacksmith, and related trade dress are trademarks of O’Reilly Media, Inc. Java™ is a trademark of Sun Microsystems, Inc. .NET is a registered trademark of Microsoft Corporation. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.
    [Show full text]
  • Licensing Information User Manual Release 9.0 Revision 1.2
    Oracle SD-WAN Edge Licensing Information User Manual Release 9.0 Revision 1.2 October 2020 Licensing Information User Manual Oracle SD-WAN Edge 8.2 Oracle SD-WAN Edge Licensing Information ser !an"al# Release 9.0 Copyright Information $o%yrig't ( 2020# Oracle and)or its a*liates. All rig'ts reser+ed. ,'is soft-are and related doc"mentation are %rovided "nder a license agreement containing restrictions on "se and disclosure and are %rotected by intellect"al %ro%ert& la-s. E.ce%t as e.%ressly %ermitted in &o"r license agreement or allo-ed by la-# &o" may not "se# co%&# re%rod"ce# translate# broadcast# modif&# license# transmit# distrib"te# e.'ibit# %erform# %"blish# or display any %art# in any form# or by any means. Re+erse engineering# disassembl&# or decom%ilation of t'is soft-are# "nless re/"ired by la- for intero%erabilit&# is %ro'ibited. ,'e information contained 'erein is sub0ect to change -it'o"t notice and is not -arranted to be error-free. If &o" find any errors, %lease re%ort t'em to "s in -riting. If t'is is soft-are or related documentation t'at is deli+ered to t'e .S. 2o+ernment or an&one licensing it on be'alf of t'e .S. 2o+ernment# t'en t'e follo-ing notice is a%%licable3 .S. 2O4ERN!EN, END SERS3 Oracle %rograms, incl"ding any o%erating s&stem# integrated soft-are# any %rograms installed on t'e 'ard-are# and)or documentation# deli+ered to .S.
    [Show full text]
  • An E-Mail Quarantine with Open Source Software
    An e-mail quarantine with open source software Using amavis, qpsmtpd and MariaDB for e-mail filtering Daniel Knittel Dirk Jahnke-Zumbusch HEPiX fall 2016 NERSC, Lawrence Berkeley National Laboratory United States of America October 2016 e-mail services at DESY > DESY is hosting 70+ e-mail domains, most prominent: ▪ desy.de — of course :) ▪ xfel.eu — European XFEL ▪ belle2.org — since summer 2016 ▪ cfel.de — Center for Free-Electron Laser Science ▪ cssb-hamburg.de — Center for Structural Systems Biology > mixed environment of open source software and commercial products ▪ Zimbra network edition with web access and standard clients (Outlook, IMAP, SMTP) ▪ Postfix for MTAs ▪ SYMPA for mailing list services ▪ Sophos and Clearswift‘s MIMEsweeper for SMTP > currently ~6.500 fully-fledged mailboxes, some 1000s extra with reduced functionality (e.g. no Outlook/ActiveSync/EWS access) > daily ~300.000 delivered e-mails 2 DESY e-mail infrastructure 1b 3 4 1 2 5 > 1 DMZ filtering ▪ restrictive filtering, reject e-mails from very suspicious MTAs ▪ 1b soon: DESY’s NREN (DFN) will be integrated into e-mail flow with virus- and SPAM-scanning > 2 filter for bad content ➔ suspicious e-mails into quarantine > 3 2nd-level SPAM-scan based on mail text and own rules > 4 distribution of e-mails to mailbox servers, mailing list servers or DESY-external destinations > 5 throttling of e-mail flow to acceptable rates (individual vs. newsletter) ▪ think “phishing” ➔ high rates trigger an alarm > mixed HW/VM environment 3 e-mail at DESY – attachment filtering & quarantine > policy: e-mail traffic is filtered ▪ block “bad” e-mails in the first place ➔ viruses are blocked ➔ executable content is blocked ▪ also block e-mails originating from DESY if they contain malicious or suspicious content ▪ up to now: commercial solution > additional measures ▪ mark e-mails with a high SPAM-score (2nd-level SPAM-filtering) ▪ monitor outgoing e-mail-flow ▪ throttle if over a specific rate ➔ this is sender-specific and customizable (e.g.
    [Show full text]