Install Snipping Tool use PowerShell

On 10/12/2014, in Genel, by Specialist

PS C:\Users\Admin> Import-Module ServerManager
PS C:\Users\Admin> Add-WindowsFeature Desktop-Experience

 

(SSIM) v4.7.4 or v4.8.x vulnerable

On 08/10/2014, in Symantec, by Specialist

Is Symantec Security Information Manager (SSIM) 4.8.x vulnerable to the “POODLE” vulnerability (CVE-2014-3566)? Symantec is planning to address this issue in the next Security Patch (SP6) for SSIM 4.8.1. In the meantime we recommend customers to use the FIPS operational mode detailed this documentHERE

Is Symantec Security Information Manager (SSIM) v4.7.4 or v4.8.x vulnerable to CVE-2014-6277, CVE-2014-7169, CVE-2014-7186 and CVE-2014-7187?  There are hotfixes that deals with the bash Shellshock vulnerability that can be downloaded from this document HERE

Is Symantec Security Information Manager (SSIM) affected by the Heartbleed OpenSSL vulnerability (CVE-2014-0160)?  The current information for this vulnerability is in the document linked HERE.  There is a hotfix that deals with ReverseHeartBleed vulnerability that can be downloaded from this document HERE

 

SSIM service and servlet debug logging switches

Article URL http://www.symantec.com/docs/TECH85647

Debug logging can put a significant load on the SSIM environment and may have a significant impact on SSIM performance. We recommend turning debug logging off as soon as the log information has been created.

You can find forget debug logging on proterties file use simple linux command;

find /opt/Symantec/simserver/ -name log4j.properties | xargs grep –color -v “#” | grep –color -r “DEBUG”

Ekran Resmi 2014-08-11 11.06.24

 

 

 

 

 

Symantec DLP Enforce UI incidents are marked for deletion by accidently. Last Chance for recovery  before the purge process permanent delete from the database all marked incidents.

1. Log into SQLPlus as the protect user. 

> sqlplus protect     — SQLPlus will prompt for the password after, hiding it as it is typed.
> Password:
SQL> UPDATE incident SET isdeleted=0 where isdeleted = 1 and detectiondate > TO DATE(’06-29-14 17:01:01′, ‘MM-DD-YY HH24:MI:SS’);

About Purge Time;

Incidents deleted within the UI are purged from the Oracle database on a regular interval.
The interval is controlled by the manager.properties
com.vontu.manager.system.IncidentDeletion.delay=21600000
com.vontu.manager.system.IncidentDeletion.period=86400000
Both property values are milliseconds.
The delay value is how long after the Enforce starts that the first purge occurs.
The period value specifies how long after the first purge (and all subsquent purges) the next purge will occur.
The above values specify a delay of 6 hours before the first purge,
(6 hours * 60 min/hour * 60sec/min * 1000msec/sec = 21600000 msec)
and a period of 24 hours.
(24 hours * 60 min/hour * 60sec/min * 1000msec/sec = 86400000 msec)
If the Enforce Server is started at 5PM, the initial incident purge will occur 6 hours later, at 11 PM that day. All subsequent purges will occur 24 hours later, or 11 PM every day.

 

Install Oracle 11.2.0.3

On 17/06/2014, in Symantec DLP, by Specialist
  1. Shut down the Distributed Transaction Coordinator service if it is running in Windows Services
  2. Navigate to the c:\software\oracle\database directory and double-click the Oracle Universal Installer file, setup.exe.
  3. On the Configure Security Updates panel, deselect I wish to receive security updates viaMyOracle Support, and click Next. A dialogbox displays that asks you to confirm that you wish to remain uninformed of critical security issues. Select Yes.
  4. On the Download software updates panel, select Skip software updates and click Next.
  5. On the Select Installation Options panel, select Install database software only and click Next.
  6. On the Grid Installation Options panel, select Single instance database installation and click Next.
  7. On the Select Product Languages panel, click Next to accept English as the default language.
  8. On the Select Database Edition panel, select Standard Edition and click Next.
  9. On the Specify Installation Location panel, enter the following paths in the specified fields Oracle Base: c:\oracle. Software Location:c:\oracle\product\11.2.0.3\db_1. Click Next
  10. On the Summary panel, click Install to begin the installation.
  11. On the Finish panel, click Close to exit the installer application.
 

Ubuntu 13.10 Touch Preview For Nexus 4

On 16/03/2014, in Genel, by Specialist
  • Plug the device in via USB
  • Open Terminal and navigate to the directory you downloaded the files to
  • If you haven’t unlocked the device, execute “fastboot oem unlock” and follow onscreen instructions
  • Power down the device
  • Enter fastboot mode by pressing volume down and power buttons at the same time until you feel it vibrate
  • Once in fastboot mode, execute the following commands from Terminal
    • fastboot flash recovery openrecovery-twrp-2.7.0.0-mako.img
    • fastboot flash system saucy-preinstalled-system-armel+maguro.img
    • fastboot flash boot saucy-preinstalled-boot-armel+maguro.img
  • Using the volume keys, select recovery mode and press power >> Advanced >> select ADB sideload
  • Swipe to Start Sideload
  • In Terminal, execute “adb sideload saucy-preinstalled-armel+mako.zip”
  • Use volume keys to navigate to “advanced”, press power, select “reboot recovery” and press power again
  • Once back in recovery mode, execute from Terminal: “adb sideload saucy-preinstalled-phablet-armhf.zip”
  • Once the command has completed, use the volume keys to select “restart device” and press power button
 

TCPDUMP Example

On 17/01/2014, in Genel, by Specialist

To print IP broadcast or multicast packets that were not
sent via ethernet broadcast or multicast: tcpdump ‘ether[0] & 1 = 0 and ip[16] >= 224’

To print all ICMP packets that are not echo
requests/replies (i.e., not ping packets): tcpdump ‘icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply’

For example, `ether[0] & 1 != 0′ catches all multicast traffic. The expression `ip[0]  &0xf  !=  5′ catches all IP packets with options. The expression `ip[6:2] & 0x1fff =0′ catches only unfragmented datagrams and frag zero of fragmented datagrams.

 

Openssl Convert Cer to Pem

On 29/11/2013, in Genel, by Specialist

openssl x509 -inform der -in certnew.cer -out certificate.pem

openssl pkcs7 -in cert.p7b -inform DER -print_cert -out cert.pem

 

Best Practices for Symantec Messaging Gateway

On 18/11/2013, in Symantec, by Specialist

– Spam Control

http://www.symantec.com/docs/TECH90043

– New Deployment

http://www.symantec.com/docs/TECH122730

– Deployment and Administration of Virtual Appliances

http://www.symantec.com/docs/TECH165030

– Performance

http://www.symantec.com/docs/TECH89920

How to enable Customer-specific rules:

http://www.symantec.com/docs/HOWTO77719

 

Symantec Messaging Gateway DKIM Ayarları

On 13/09/2013, in Symantec, by Specialist

DNS sunucuya TXT kaydı olarak gireceğimiz Public anahtarımızı tanımlamak için;

Yahoo tarafından tasarlanan alan adı ve e-posta eşleştirmesi sağlayan yöntemlerinden biri olan DKIM’i Symantec Messaging Gateway üzerinde tanımlamak için konsole’a girip Administration sekmesini tıkaldıktan sonra Cerificates Ayar menusunden Domain Keys sekmesini tıklıyoruz.

SMG-TLS

Create butonunu tıkladıktan sonra Public anahtar oluşturulmuş olur.

Örnek; public key

dkimOluşturulan public key’in domain’e atanması için;

Protocols>>Domains menusu altında tanımlı olan domain secildikten sonra açılan menüden Delivery sekmesi içinde DomainKeys Identified Mail enable edilip örnek şekildeki gibi ayarlanır  ve anahtar üretilir.

dkim2

Son olarak DNS TXT çıktımızı, DNS sunucumuzda TXT ZONE kaydı olarak oluşturulur örnek;

default._domainkey.selimozis.com. 86400 IN TXT “v=DKIM1; k=rsa; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZ1vPf6Hqb98oWOJeTeFix9anqnEPbkX645EOopGVBo+SdUGfmPlCdlCGJF5SpCoQVLxW8p/wNCL6uNPqCYUKkIKKHcp/7X+vtQrPT65iLmzjilPO6A9vA8u1po/bK36haXEbLlYljLpzvIcTiCRLtc+4o3ywbX3PYpNb2Eufr7QIDAQAB”

Article URL http://www.symantec.com/docs/HOWTO53750