1. We have POL VPN enabled on our 4 servers
   1. Test Server – Talhah4 
   2. Prod Server – Rayyan2 
   3. Prod Server – Sidr 
   4. Prod Server – Rayyan – as of 16/10/2023 it is work ongoing
      
2. To check VPN Status 
   1. # nmcli conn ==> will show you connection
   2. Please query nmcli conn to find the VPN name

1. 1. # nmcli conn up <vpn-name> ==> will start VPN 
   2. # nmcli conn down <vpn-name> ==> will stop VPN 
2. To check VPN IP 
   1. # ifconfig ppp0 
3. Cron JOB for VPN 
   1. A cron job has been create in cron.d /etc/cro
   2. We have POL VPN enabled on our 4 servers
      1. Test Server – Talhah4 
      2. Prod Server – Rayyan2 
      3. Prod Server – Sidr 
      4. Prod Server – Rayyan – as of 16/10/2023 it is work ongoing
         
   3. To check VPN Status 
      1. # nmcli conn ==> will show you connection

   

4. 1. # nmcli conn up <vpn-name> ==> will start VPN 
   2. # nmcli conn down <vpn-name> ==> will stop VPN 
5. To check VPN IP 
   1. # ifconfig ppp0 
6. Cron JOB for VPN 
   1. A cron job has been create in cron.d /etc/cron.d/vpn-mon.sh 
   2. The cron job has been added in crontab –e 
   3. */5 * * * *     /etc/cron.d/vpn-mon.sh 
   4. So basically, it is running every 5 mins.  
8. 1. n.d/vpn-mon.sh 
   2. The cron job has been added in crontab –e 
   3. */5 * * * *     /etc/cron.d/vpn-mon.sh 
   4. So basically, it is running every 5 mins.  

HowTo Update 

• Shutdown ADSelfService Plus   
• Click on Start Button, locate ADSelfService Plus
• Expand ADSelfService Plus - click on Stop ADSelfService Plus 
• Backup ADSelfService Plus
• Run UpdateManager.bat
• Go to C:\ManageEngine\ADSelfService Plus\bin
• Click on UpdateManager.bat file
• Updata Manager box should popup
• Within Install - select browse find the .ppm file that is needed for update
• Install
• Close and Exit Update Manager
• Start ADSelfService Plus 

For more info & link to Download Updates 

    https://www.manageengine.com/products/self-service-password/service-pack.html 

Steps to migrate from Windows Evaluation to Standard version.  

• dism /online /get-currentedition 
• dism /online /get-targeteditions 
• dism /online /set-edition:serverstandard /productkey:<KEY-KEY-KEY-KEY-KEY> /accepteula 

To check if a remote nrpe server is responsing or not then go to Nagios serverf and hit following commands: 

 For example: I am doing it from Umar to Sidr (R1-Profuk) 

• # /usr/lib64/nagios/plugins/check_nrpe -H 91.217.245.160 -c check_users   
• # /usr/lib64/nagios/plugins/check_nrpe -H 91.217.245.160 -c check_load 
• # /usr/lib64/nagios/plugins/check_nrpe -H 91.217.245.160 -c check_users 

After installing ansile please amend 

# vim /etc/ansible/ansible.cfg 

IN FEDORA 

Uncomment: 

host_key_checking = False 

or else we might see error 

fatal: [192.168.122.53]: FAILED! => {"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and  
sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host."} 

IN UBUNTU 

[defaults] 
 

host_key_checking = False 

Please install this so ansible galaxy semanage can work in remotehost 

python3-libsemanage 
 
if you see sshpass needed then it must be installed in the host machine not in remote 

Or install sshpass in local machine 

# dnf install sshpass 

# apt install sshpass 

Postgres - CreateUser, CreateDB, Password

• Create a user from Terminal
  • # sudo -u postgres createuser <username>
  • # createuser -U postgres <username> 
• Create a user with attribute role from Terminal
  • # sudo -u postgres --createdb --pwprompt <username>
• Create a database from terminal
  • # sudo -u postgres createdb
  • # createdb -U postgres <dbname>
• If you want to create Database for different user
  • # createdb -U <otheruser> <dbname> 
• Create user password and give attribute role via postgres console
  • # psql –U postgres
  • postgres# alter user <username> with password '<password>';
  • postgres# alter user <username> CREATEDB LOGIN;
• Create database for the user via postgres console
  • postgres# grant all privileges on database <dbname> to <username>; 
• Create a database via postgres console
  • postgres# createdatabase <dbname>;
    

NOTE: Create a user and database together or else you won't be able to login.  

Dump or export 

pg_dump -U gscashline -h tasneem gscashline | gzip > gscashline-mtslive-db-final-20230315.sql.gz 

pg_dump -U <username> <dbname> | gzip > filename-date.sql.gz 
 

Import .sql 

psql -U <username> -f <username>-mtslive-db-20230315.sql <dbname> > load 2> error 
 

Import .sql.gz 

# zcat bcm-20230313.sql.gz | psql -U <Username> -W <databasename> 

How to enable SSL in Proxmox (Buraq2)

All we need certificate and key

Key:

• wildcard.remitone.com.key is always going to be same until we generate a new one so ignore .key

Certificate:

• Here we would require fullchain.pem
• This is a combination of our primary certificate and all intermediate certificates in a single PEM format, excluding the root certificate.
• It is very easy to generate .pem format cert. All we need to do is copy paste them together.
• Currently we have, excluding Root cert (SectigoRSADomainValidationSecureServerCA.crt)
  • wildcard.remitone.com.crt
  • USERTrustRSAAAACA.crt
  • AAACertificateServices.crt
• All we do is copy all the cert in a single document and save it as .pem and it should look like something below:

  -----BEGIN PRIVATE KEY----- 

  -----END PRIVATE KEY-----

  -----BEGIN PRIVATE KEY----- 

  -----END PRIVATE KEY-----

  -----BEGIN PRIVATE KEY----- 

  -----END PRIVATE KEY-----
  
  

SSL Cert Installatio:

• copy the cert to /root/ssl directory
• # cd /etc/pve/local/
• copy the fullchain.pem and replace pve-ssl.pem
  • # cp /root/ssl/full-wildcard.remitone.com.pem pve-ssl.pem
  • # cp /root/ssl/wildcard.remitone.key pve-ssl.key ==> key is same so we can exclude this line
  • # systemctl restart pveproxy 

Support Desk

We have a dedicated in-house support team ready to help with all your enquiries on any of our products.

•          Application & Services - All products in our RemitONE suite.
•          Accounts & Billing - Get help with your accounts, subscriptions and payments.

Our technical support team are readily available to help with all your Money Transfer Engine (MTE) related issues and enquiries. They can be reached via the following contact:

Online Helpdesk: https://support.remitone.com/

Telephone: +44 (0)20 8099 5795

Telephone support is provided to customers on Professional & Enterprise Editions only, please consult your agreement if you are unsure if you qualify for telephone support.

Full process to install SSL Cert in OpenVAS

1. First of all copy SSL .key and .crt to /var/lib/gvm/private/CA
   1. # cp remitone.com.key remitone.com.crt /var/llib/gvm/private/CA
2. Now we will edit gsad.service and within "ExecStart" t
   1. # vim /usr/lib/systemd/system/gsad.service 
3. Now, we restart daemon and gsad

   1. # systemctl daemon-reload 

   2. # systemctl restart gsad.service 

ExecStart=/usr/sbin/gsad --listen 0.0.0.0 --port 9392 -k /var/lib/gvm/private/CA/remitone.com.key -c /var/lib/gvm/private/CA/remitone.com.crt 

If you want to just renew the cert then just add new certs to

1. Paste the certs:
   1. # cd /var/llib/gvm/private/CA
2. # gvm-stop
3. # gvm-start

To enable SSL in Arafah it is pretty straightforward:

• Login into Arafah https://arafah.remitone.com:5003/
• Open "Control Panel"
  • Click "Security"
  • Look for "Certificate"
  • 
  • Click on Add
    • Click on "Replace an existing certificate" and click next
    • Select "Import certificate" and click next
    • 
    • Import .key, .crt and intermediate certificate is optional but feel free to import it if available.
    • Click "OK"

To enable SSL on Khidmah we don't really need to login into server rather we will use the web portal to change or enable SSL.

• Log into https://office.remitone.com:8020/authorization.do
• Log in as local admin and not R1HQ user
  • Once logged in please click on "Admin" section
    • Please select "Product Settings" ==> "Connection"
      • Select "Connection Settings" and click on "Apply SSL Certificate"
      • 
      • Here, we should be able import certificate and enable it
      • 
      • The best thing to do here would be to generate a .pfx certificate with password enabled.
      • To generate .pfx we need to make our way back to "Umar server".
      • .pfx certificate can only be generated in the server where the first .csr was generated.
        • # openssl pkcs12 -export -out wildcard.remitone.com.pfx -inkey wildcard.remitone.com.key -in wildcard.remitone.com.crt
      • Once you have the .pfx format with or without password ==> click apply and its done.

To make sure our new .crt matches with .key we can check its md5 checksum. 

To do that we will hit following commands  

Method 1 – Using Openssl and sha256sum 

First method checks for the SHA sum values of all files and check if the value of all files are same. 

1. $ openssl pkey -in example.key -pubout -outform pem | sha256sum 
    
2. $ openssl x509 -in example.crt -pubkey -noout -outform pem | sha256sum 
    
3. $ openssl req -in example.csr -pubkey -noout -outform pem | sha256sum 

Method 2 – Using OpenSSL and MD5 

Second method, The md5 value of certificate, key, and CSR should be same for all to work properly. If any of md5 is different means that file doesn’t relate to others. 

1. $ openssl rsa -noout -modulus -in example.key | openssl md5 
    
2. $ openssl req -noout -modulus -in example.csr | openssl md5 
    
3. $ openssl x509 -noout -modulus -in example.crt | openssl md5 
    

Setup procedure on Almalinux 8/9: 

1. # dnf install certbot python3-certbot-apache 

Create the non-SSL http VirtualHost in /etc/httpd/conf.d/vhosts.conf 

Then generate an SSL Cert and Vhost entry for a domain: 

1. # certbot --apache -d somedomain.com
2. # certbot --apache -d somedomain.com -d www.somedomain.com 

 Once the let's encrypt ssl has been install it stores it in /etc/letsencrypt and it modifies /etc/httpd/conf.d/vhosts-le-ssl.conf 

Check SSL of a domain 

1. # certbot certificates 

Remove / Delete SSL Certificates 

1. # certbot delete --cert-name www.someone.com

Add a cronjob to auto-renew SSL Certs: 

1. # crontab -e 
   10 4 * * * /usr/bin/certbot renew >/dev/null 2>&1 

Quick description

The Flutter now supports realtime push notification using Firebase Cloud Messaging (FCM) service. Notifications can be send via FCM console or programatically using Google Firebase Admin SDK and Server Protocol MTMS10. 

Minimum Requirements

• Flutter App release 1.4.0+
• MTMS10 version 10.10+
• Subscription to Google Firebase Cloud Messaging Service (FCM is free service under Firebase)
• Google Authentication Service configuration files and FCM configurations for both Android and iOS
• Supported platforms: iOS and Android

Useful Resources

• Google FCM
• FCM Via APN (iOS)

Flutter App Setup

To enable the Push notification on the app side you/client must first setup Android and iOS project under Google FCM dashboard. The following step if we are setting up for the client. You can skip this if the client already setup this for us.

There is a video and detailed guide https://medium.com/inspireui/setup-firebase-cloud-messaging-fcm-push-notification-for-flutter-apps-8c767fe64e54 

The following steps are simplified version of the above video.

1. Click Add Project