Linux Interface eth0 / eth1 speed (full / half duplex) change manually

Linux Interface eth0 / eth1 speed (full / half  duplex) change manually
=========================================================




yum install ethtool
ethtool eth0
ethtool eth1
or mii-tool eth1

Speed: 100Mb/s or Speed: 1000Mb/s ??? if Speed: 100Mb/s and it is a GIG LAN card, then go to

 vi /etc/sysconfig/network-scripts/ifcfg-eth1

ETHTOOL_OPTS="speed 1000 duplex full autoneg off"
:wq

or,,,,,,,   ethtool -s eth1 speed 1000 duplex full autoneg on


ifdown eth1
ifup eth1


ethtool eth1

seee ....now   Speed: 1000Mb/s

cPanel License Update by command and port

Command to Update cPanel License

 /usr/local/cpanel/cpkeyclt 

Updating cPanel license...Done. Update succeeded.
Building global cache for cpanel...Done

Make sure to open this port 2089 (cPanel Licese port)

2082 and 2083 for cpanel web access
2086 and 2087 for WHM web access

Juniper block Telnet and SSH Brute Force log-in attacks

Juniper block Telnet and SSH Brute Force log-in attacks
========================================

set system login retry-options tries-before-disconnect 5
set system login retry-options backoff-threshold 3
set system login retry-options backoff-factor 10
set system login retry-options lockout-period 6


==========================
See the lockout users

show system login lockout

============================

backoff-threshold: Sets the threshold for the number of failed log-in attempts on the device before the user experiences a delay when attempting to re-enter a password. When a user incorrectly logs into the device and hits the threshold of failed log-in attempts, the user experiences a delay (set in the backoff-factor statement) before he can attempt to log into the device again. The valid range for this option is 1 to 3 attempts.

backoff-factor: Sets the length of the delay, in seconds, after each failed log-in attempt. When a user incorrectly logs into the device, the user must wait the configured amount of time before he can attempt to log into the device again. The length of the delay increases by the backoff-factor value for each subsequent log-in attempted after the value specified in the backoff-threshold statement is reached. The valid range for this option is 5 to 10 seconds.

tries-before-disconnect: Sets the maximum number of times the user is allowed to enter a password in an attempt to log into the device through SSH or Telnet. When the user reaches the maximum number of failed log-in attempts, he is locked out of the device. The user must wait the configured amount of minutes in the lockout-period statement before he can attempt to log back into the device. The tries-before-disconnect statement must be set when the lockout-period statement is set; otherwise, the lockout-period statement is meaningless. The valid value for this option is 1 to 10 attempts.

lockout-period: Sets the amount of time, in minutes, that the user must wait before he can attempt to log into the device after being locked out due to the number of failed log-in attempts specified in the tries-before-disconnect statement. The lockout-period must be greater than zero. The valid range for this option range is 1 to 43,200 minutes.

---------------------------------------------------------------------------------------------------------
We also can restrict / allow  ssh from a single ip address and deny all
---------------------------------------------------------------------------------------------------------
Here We restrict /deny all and allow only IP xxx.xxx.10.174/32 to ssh my juniper router
-----------------------------------------------------------------------------------------------------------
set interfaces lo0 unit 0 family inet filter input my-ip
set firewall family inet filter my-ip term 1 from source-address xxx.xxx.10.174/32
set firewall family inet filter my-ip term 1 from destination-port ssh
set firewall family inet filter my-ip term 1 then accept
set firewall family inet filter my-ip term 2 from source-address 0.0.0.0/0
set firewall family inet filter my-ip term 2 from destination-port ssh
set firewall family inet filter my-ip term 2 then discard
set firewall family inet filter my-ip term 3 then accept

------------------------------------------------------------------------------------------

Windows Remote Desktop IP Allow Deny

Windows Remote Desktop IP Allow Deny
==============================

Goto ->> Windows Firewall ->> Advanced Settings

Inbound Rules ->> Remote Desktop (TCP-In)

Juniper Router OS Recovery backup to primary

Juniper Router OS Recovery backup to primary
===================================

If  Your Juniper Routers primary OS crash and  it will run from backup OS.
You need to take a copy from Backup to primary and then reboot your router to run from primary OS


run request system snapshot slice alternate

ELGG open source social networking engine

open source social networking engine
ELGG


https://www.elgg.org/

cPanel DKIM and SPF enable

+++++++++++++++++++++++++


   /usr/local/cpanel/bin/dkim_keys_install <username>

  /usr/local/cpanel/bin/spf_installer      <username>




Home »DNS Functions »Reset a DNS Zone
give domain "tayabkah.com"
reset >> confirm
Take DKIM and SPF records from here by copy and paste to DNS server zone file.


tayabkhan.com.      IN TXT "v=spf1 mx  ~all"

default._domainkey      14400   IN      TXT     "v=DKIM1; k=rsa; p=MIGfMA0GCSqb3DQIyslL+vA3sNhhATDIKX+HKzFx9qQIDAQAB;"

service named restart

service exim restart

DKIM spf Check::  https://www.mail-tester.com/spf-dkim-check

ICMP TTL details

Time to live (TTL) or hop limit is a mechanism that limits the lifespan or lifetime of data in a computer or network
Time-to-live (TTL) is a value in an Internet Protocol (IP) packet that tells
a network router whether or not the packet has been in the network too long and should be discarded.


For PING Source machine doesn't really matter,
it's what the destination machine uses as it's TTL when it generates the ICMP echo response


TTL is all about the destination and has nothing to do with the source,
different OS has different TTL (considered as an aspect of the OS fingerprinting):

Windows: 128

Linux/Juniper/Mikrotik: 64

Cisco: 255

Solaris: 255

Those numbers will be reduce after each hope crossing.

Example-1: 2.2.2.2 is a cisco router including four routers/hopes, so TTL show 256-4=251

Pinging B [2.2.2.2] with 32 bytes of data:

Reply from 2.2.2.2: bytes=32 time=18 ms TTL=251
Reply from 2.2.2.2: bytes=32 time=21 ms TTL=251


Example-2: 3.3.3.3 is a Windows Machine including three routers/hopes, so TTL show 128-3=125

Pinging B [3.3.3.3] with 32 bytes of data:

Reply from 3.3.3.3: bytes=32 time=18 ms TTL=125
Reply from 3.3.3.3: bytes=32 time=21 ms TTL=125


Example-3: 2.2.2.2 is a Linux Machine including four routers/hopes, so TTL show 64-4=60

Pinging B [2.2.2.2] with 32 bytes of data:

Reply from 2.2.2.2: bytes=32 time=18 ms TTL=60
Reply from 2.2.2.2: bytes=32 time=21 ms TTL=60


The default Windows 95/98 TTL value is 32 hops.
Some users recommend changing this to 128 if you have difficulty reaching certain sites.


Using the multicast IP protocol,
the TTL value indicates the scope or range in which a packet may be forwarded.

By convention:


0 is restricted to the same host
1 is restricted to the same subnet
32 is restricted to the same site
64 is restricted to the same region
128 is restricted to the same continent
255 is unrestricted

cPanel SMTP authentication enable

cPanel SMTP authentication enable
=========================

go to 

WHM web >>

 Service Configuration >> 

Service Manager  >> 

and 

check antirelayd

/etc/init.d/exim restart