Sorry - either this article does not exist or you haven't been given permission to view it.
Knowledgebase
  1. We have POL VPN enabled on our 4 servers
    1. Test Server – Talhah4 
    2. Prod Server – Rayyan2 
    3. Prod Server – Sidr 
    4. Prod Server – Rayyan – as of 16/10/2023 it is work ongoing
  2. To check VPN Status 
    1. # nmcli conn ==> will show you connection
    2. Please query nmcli conn to find the VPN name

    1. # nmcli conn up <vpn-name> ==> will start VPN 
    2. # nmcli conn down <vpn-name> ==> will stop VPN 
  1. To check VPN IP 
    1. # ifconfig ppp0 
  2. Cron JOB for VPN 
    1. A cron job has been create in cron.d /etc/cro
    2. We have POL VPN enabled on our 4 servers
      1. Test Server – Talhah4 
      2. Prod Server – Rayyan2 
      3. Prod Server – Sidr 
      4. Prod Server – Rayyan – as of 16/10/2023 it is work ongoing
    3. To check VPN Status 
      1. # nmcli conn ==> will show you connection

    1. # nmcli conn up <vpn-name> ==> will start VPN 
    2. # nmcli conn down <vpn-name> ==> will stop VPN 
  3. To check VPN IP 
    1. # ifconfig ppp0 
  4. Cron JOB for VPN 
    1. A cron job has been create in cron.d /etc/cron.d/vpn-mon.sh 
    2. The cron job has been added in crontab –e 
    3. */5 * * * *     /etc/cron.d/vpn-mon.sh 
    4. So basically, it is running every 5 mins.  
    1. n.d/vpn-mon.sh 
    2. The cron job has been added in crontab –e 
    3. */5 * * * *     /etc/cron.d/vpn-mon.sh 
    4. So basically, it is running every 5 mins.  

                              HowTo Update 

                                

                              • Shutdown ADSelfService Plus   
                              • Click on Start Button, locate ADSelfService Plus
                              • Expand ADSelfService Plus - click on Stop ADSelfService Plus 
                              • Backup ADSelfService Plus
                              • Run UpdateManager.bat
                              • Go to C:\ManageEngine\ADSelfService Plus\bin
                              • Click on UpdateManager.bat file
                              • Updata Manager box should popup
                              • Within Install - select browse find the .ppm file that is needed for update
                              • Install
                              • Close and Exit Update Manager
                              • Start ADSelfService Plus 

                               

                              For more info & link to Download Updates 

                                  https://www.manageengine.com/products/self-service-password/service-pack.html 

                              Steps to migrate from Windows Evaluation to Standard version.  

                              • dism /online /get-currentedition 
                              • dism /online /get-targeteditions 
                              • dism /online /set-edition:serverstandard /productkey:<KEY-KEY-KEY-KEY-KEY> /accepteula 

                              To check if a remote nrpe server is responsing or not then go to Nagios serverf and hit following commands: 

                               For example: I am doing it from Umar to Sidr (R1-Profuk) 

                              • # /usr/lib64/nagios/plugins/check_nrpe -H 91.217.245.160 -c check_users   
                              • # /usr/lib64/nagios/plugins/check_nrpe -H 91.217.245.160 -c check_load 
                              • # /usr/lib64/nagios/plugins/check_nrpe -H 91.217.245.160 -c check_users 

                              After installing ansile please amend 

                              # vim /etc/ansible/ansible.cfg 

                               

                              IN FEDORA 

                              Uncomment: 

                              host_key_checking = False 

                              or else we might see error 

                              fatal: [192.168.122.53]: FAILED! => {"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and  
                              sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host."} 

                               

                              IN UBUNTU 

                              [defaults] 
                               

                              host_key_checking = False 

                              Please install this so ansible galaxy semanage can work in remotehost 

                              python3-libsemanage 
                               
                              if you see sshpass needed then it must be installed in the host machine not in remote 

                              Or install sshpass in local machine 

                              # dnf install sshpass 

                              # apt install sshpass 

                              Postgres - CreateUser, CreateDB, Password

                              • Create a user from Terminal
                                • # sudo -u postgres createuser <username>
                                • # createuser -U postgres <username> 
                              • Create a user with attribute role from Terminal
                                • # sudo -u postgres --createdb --pwprompt <username>
                              • Create a database from terminal
                                • # sudo -u postgres createdb
                                • # createdb -U postgres <dbname>
                              • If you want to create Database for different user
                                • # createdb -U <otheruser> <dbname> 
                              • Create user password and give attribute role via postgres console
                                • # psql –U postgres
                                • postgres# alter user <username> with password '<password>';
                                • postgres# alter user <username> CREATEDB LOGIN;
                              • Create database for the user via postgres console
                                • postgres# grant all privileges on database <dbname> to <username>; 
                              • Create a database via postgres console
                                • postgres# createdatabase <dbname>;

                               

                              NOTE: Create a user and database together or else you won't be able to login.  

                              Dump or export 

                              pg_dump -U gscashline -h tasneem gscashline | gzip > gscashline-mtslive-db-final-20230315.sql.gz 

                              pg_dump -U <username> <dbname> | gzip > filename-date.sql.gz 
                               

                              Import .sql 

                              psql -U <username> -f <username>-mtslive-db-20230315.sql <dbname> > load 2> error 
                               

                              Import .sql.gz 

                              # zcat bcm-20230313.sql.gz | psql -U <Username> -W <databasename> 

                              How to enable SSL in Proxmox (Buraq2)

                              All we need certificate and key

                              Key:

                              • wildcard.remitone.com.key is always going to be same until we generate a new one so ignore .key

                              Certificate:

                              • Here we would require fullchain.pem
                              • This is a combination of our primary certificate and all intermediate certificates in a single PEM format, excluding the root certificate.
                              • It is very easy to generate .pem format cert. All we need to do is copy paste them together.
                              • Currently we have, excluding Root cert (SectigoRSADomainValidationSecureServerCA.crt)
                                • wildcard.remitone.com.crt
                                • USERTrustRSAAAACA.crt
                                • AAACertificateServices.crt
                              • All we do is copy all the cert in a single document and save it as .pem and it should look like something below:
                                -----BEGIN PRIVATE KEY----- 
                                -----END PRIVATE KEY-----
                                -----BEGIN PRIVATE KEY----- 
                                -----END PRIVATE KEY-----
                                -----BEGIN PRIVATE KEY----- 
                                -----END PRIVATE KEY-----

                              SSL Cert Installatio:

                              • copy the cert to /root/ssl directory
                              • # cd /etc/pve/local/
                              • copy the fullchain.pem and replace pve-ssl.pem
                                • # cp /root/ssl/full-wildcard.remitone.com.pem pve-ssl.pem
                                • # cp /root/ssl/wildcard.remitone.key pve-ssl.key ==> key is same so we can exclude this line
                                • # systemctl restart pveproxy 

                              Support Desk

                              We have a dedicated in-house support team ready to help with all your enquiries on any of our products.

                              •          Application & Services - All products in our RemitONE suite.
                              •          Accounts & Billing - Get help with your accounts, subscriptions and payments.

                              Our technical support team are readily available to help with all your Money Transfer Engine (MTE) related issues and enquiries. They can be reached via the following contact:

                              Online Helpdesk: https://support.remitone.com/

                              Telephone: +44 (0)20 8099 5795

                              Telephone support is provided to customers on Professional & Enterprise Editions only, please consult your agreement if you are unsure if you qualify for telephone support.

                               

                               

                              Full process to install SSL Cert in OpenVAS

                              1. First of all copy SSL .key and .crt to /var/lib/gvm/private/CA
                                1. # cp remitone.com.key remitone.com.crt /var/llib/gvm/private/CA
                              2. Now we will edit gsad.service and within "ExecStart" t
                                1. # vim /usr/lib/systemd/system/gsad.service 
                              3. Now, we restart daemon and gsad
                                1. # systemctl daemon-reload 

                                2. # systemctl restart gsad.service 

                                ExecStart=/usr/sbin/gsad --listen 0.0.0.0 --port 9392 -k /var/lib/gvm/private/CA/remitone.com.key -c /var/lib/gvm/private/CA/remitone.com.crt 

                                roots openvas) - [/var/tib/gvm/private/CA 
remitone.com.crt remitone.com.key 
roots openvas) - [/var/tib/gvm/private/CA 
/ us r/ lib/ systemd/system/gsad . service 
[Unit] 
Description=Greenbone Security Assistant daemon (gsad) 
Documentation=man:gsad(8) https://www.greenbone.net 
After=network. target gvmd.service 
Wants=gvmd . service 
[Service] 
Type=forking 
User= gvm 
Group=_gvm 
RuntimeDirectory=gsad 
RuntimeDirectoryMode=2775 
PIDFile=/ run/gsad/gsad . pid 
ExecStart=/usr/sbin/gsad 
- -listen 0.0.0.0 - -port 9392 -k /var/lib/gvm/pr 
ivate/CA/remitone.com.key -c /var/lib/gvm/private/CA/remitone.com.crt 
Restart=always 
TimeoutStopSec=10 
[Install] 
WantedBy=multi-user. ta rget 
Alias=greenbone- security-assistant . service

                                If you want to just renew the cert then just add new certs to

                                1. Paste the certs:
                                  1. # cd /var/llib/gvm/private/CA
                                2. # gvm-stop
                                3. # gvm-start

                                To enable SSL in Arafah it is pretty straightforward:

                                • Login into Arafah https://arafah.remitone.com:5003/
                                • Open "Control Panel"
                                  • Click "Security"
                                  • Look for "Certificate"
                                  • Click on Add
                                    • Click on "Replace an existing certificate" and click next
                                    • Select "Import certificate" and click next
                                    • Import .key, .crt and intermediate certificate is optional but feel free to import it if available.
                                    • Click "OK"

                                To enable SSL on Khidmah we don't really need to login into server rather we will use the web portal to change or enable SSL.

                                • Log into https://office.remitone.com:8020/authorization.do
                                • Log in as local admin and not R1HQ user
                                  • Once logged in please click on "Admin" section
                                    • Please select "Product Settings" ==> "Connection"
                                      • Select "Connection Settings" and click on "Apply SSL Certificate"
                                      • Here, we should be able import certificate and enable it
                                      • The best thing to do here would be to generate a .pfx certificate with password enabled.
                                      • To generate .pfx we need to make our way back to "Umar server".
                                      • .pfx certificate can only be generated in the server where the first .csr was generated.
                                        • # openssl pkcs12 -export -out wildcard.remitone.com.pfx -inkey wildcard.remitone.com.key -in wildcard.remitone.com.crt
                                      • Once you have the .pfx format with or without password ==> click apply and its done.

                                To make sure our new .crt matches with .key we can check its md5 checksum. 

                                To do that we will hit following commands  

                                Method 1 – Using Openssl and sha256sum 

                                First method checks for the SHA sum values of all files and check if the value of all files are same. 

                                1. $ openssl pkey -in example.key -pubout -outform pem | sha256sum 
                                   
                                2. $ openssl x509 -in example.crt -pubkey -noout -outform pem | sha256sum 
                                   
                                3. $ openssl req -in example.csr -pubkey -noout -outform pem | sha256sum 

                                Method 2 – Using OpenSSL and MD5 

                                Second method, The md5 value of certificate, key, and CSR should be same for all to work properly. If any of md5 is different means that file doesn’t relate to others. 

                                1. $ openssl rsa -noout -modulus -in example.key | openssl md5 
                                   
                                2. $ openssl req -noout -modulus -in example.csr | openssl md5 
                                   
                                3. $ openssl x509 -noout -modulus -in example.crt | openssl md5 
                                   


                                Setup procedure on Almalinux 8/9: 

                                1. # dnf install certbot python3-certbot-apache 

                                Create the non-SSL http VirtualHost in /etc/httpd/conf.d/vhosts.conf 

                                Then generate an SSL Cert and Vhost entry for a domain: 

                                1. # certbot --apache -d somedomain.com
                                2. # certbot --apache -d somedomain.com -d www.somedomain.com 

                                 Once the let's encrypt ssl has been install it stores it in /etc/letsencrypt and it modifies /etc/httpd/conf.d/vhosts-le-ssl.conf 

                                  Check SSL of a domain 

                                  1. # certbot certificates 

                                  Remove / Delete SSL Certificates 

                                  1. # certbot delete --cert-name www.someone.com

                                  Add a cronjob to auto-renew SSL Certs: 

                                  1. # crontab -e 
                                    10 4 * * * /usr/bin/certbot renew >/dev/null 2>&1 


                                   

                                  Quick description

                                  The Flutter now supports realtime push notification using Firebase Cloud Messaging (FCM) service. Notifications can be send via FCM console or programatically using Google Firebase Admin SDK and Server Protocol MTMS10. 

                                  Minimum Requirements

                                  • Flutter App release 1.4.0+
                                  • MTMS10 version 10.10+
                                  • Subscription to Google Firebase Cloud Messaging Service (FCM is free service under Firebase)
                                  • Google Authentication Service configuration files and FCM configurations for both Android and iOS
                                  • Supported platforms: iOS and Android

                                  Useful Resources

                                  Flutter App Setup

                                  To enable the Push notification on the app side you/client must first setup Android and iOS project under Google FCM dashboard. The following step if we are setting up for the client. You can skip this if the client already setup this for us.

                                  There is a video and detailed guide https://medium.com/inspireui/setup-firebase-cloud-messaging-fcm-push-notification-for-flutter-apps-8c767fe64e54 

                                  The following steps are simplified version of the above video.

                                  1. Click Add Project