FC2ブログ

* Archive * Admin

サービス一覧の取得
スタートアップの種類(遅延開始、トリガー開始)も出力させます。

PowerShellで実行
-----------------------------------------------------
$Services = Get-WmiObject -Class Win32_Service
$outputfile = "C:\services.csv"
foreach ($Service in $Services) {
$tstart = 0
$dstart = 0
switch($Service.StartMode) {
"Manual" { $SM = "手動" }
"Disabled" { $SM = "無効" }
"Auto" { $SM = "自動" }
}
$ss = New-Object -TypeName PSObject -Property @{
Status = $Service.State
Name = $Service.Name
DisplayName = $Service.DisplayName
StartMode = $SM
}
if (Test-Path -Path "HKLM:\SYSTEM\CurrentControlSet\Services\$($Service.Name)\TriggerInfo\") {
$tstart = 1
}
$REGIST_PATH = "HKLM:\SYSTEM\CurrentControlSet\Services\$($Service.Name)"
$ENTRY_NAME = "DelayedAutoStart"
$retReg = (Get-ItemProperty $REGIST_PATH).$ENTRY_NAME
if($retReg -eq "1"){
$dstart = 1
}
if ($tstart -eq 1 -Or $dstart -eq 1) {
if ($tstart -eq 1 -and $dstart -eq 1) {
$ss.StartMode = "$($SM) (遅延開始、トリガー開始)"
}
Elseif ($tstart -eq 1) {
$ss.StartMode = "$($SM) (トリガー開始)"
}
Elseif ($dstart -eq 1) {
$ss.StartMode = "$($SM) (遅延開始)"
}
}
$ss | Export-Csv $outputfile -Encoding UTF8 -append
}
-----------------------------------------------------


WEBサーバ構築

[OSインストール]

CentOS 7 最小インストール
ホスト名:www.test.aaa.jp
IPアドレス:192.168.5.102
DNS:210.197.74.200,210.197.74.201



[hostsの設定]

# vi /etc/hosts
192.168.5.101 mail.test.aaa.jp
192.168.5.102 www.test.aaa.jp



[SELinuxの無効]

◆確認
# getenforce

# vi /etc/selinux/config
==================================
SELINUX=disabled
==================================

# systemctl reboot



[Firewalldの設定]

◆確認

# firewall-cmd --list-all-zones

◆設定(WEBサーバ)

# firewall-cmd --add-service=https --zone=public --permanent

# firewall-cmd --reload


[Apacheの設定]

◆インストール

# yum -y install httpd

◆設定

# systemctl start httpd
# systemctl enable httpd



[PHPの設定]

◆インストール

# yum -y install php php-xml

[証明書の設定]

◆証明書作成

# cd /etc/pki/tls/certs/

サーバー用証明書有効期限を10年に変更
# sed -i 's/365/3650/g' Makefile

サーバー用秘密鍵の作成
# make server.key
Enter pass phrase: (パスワード入力)
Verifying - Enter pass phrase: (パスワード再入力)

サーバー用秘密鍵からパスワード削除
# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key: (サーバー用秘密鍵の作成時のパスワード入力)

サーバー用秘密鍵の作成
# make server.crt
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Aichi
Locality Name (eg, city) [Default City]:Nagoya
Organization Name (eg, company) [Default Company Ltd]:test.aaa.jp
Organizational Unit Name (eg, section) []: (空白エンター)
Common Name (eg, your name or your server's hostname) []:www.test.aaa.jp
Email Address []: (空白エンター)

アクセス制限
# chmod 400 server.*

◆設定

インストール
yum -y install mod_ssl

設定
# vi /etc/httpd/conf.d/ssl.conf

========================================
DocumentRoot "/var/www/html"
ServerName www.test.aaa.jp:443

#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/pki/tls/certs/server.crt

#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/pki/tls/certs/server.key
========================================

# systemctl restart httpd

確認
openssl s_client -connect localhost:443 -showcerts


[Rainloopの設定]

◆インストール

# yum -y install unzip
# curl -O http://repository.rainloop.net/v2/webmail/rainloop-latest.zip
# mkdir /var/www/html/rainloop
# unzip rainloop-latest.zip -d /var/www/html/rainloop
# find /var/www/html/rainloop -type d -exec chmod 755 {} \;
# find /var/www/html/rainloop -type f -exec chmod 644 {} \;
# chown -R apache. /var/www/html/rainloop

◆設定

ブラウザ接続
https://www.test.aaa.jp/rainloop/?admin
 ユーザ名:admin
 パスワード:12345

Language:日本語
Language(admin):日本語

adminパスワードの変更


◆ドメイン

< ドメインを追加 >
名前:test.aaa.jp

IMAP
 Server:mail.test.aa.jp
 Secure:SSL/TLS
 ■ 短いログイン名を使う

SMTP
 Server:mail.test.aaa.jp
 Secure:SSL/TLS
 ■ 短いログイン名を使う




◆セキュリティ

SSL
■ (IMAP/SMTP) のSSL 証明書の検証を有効にする

メールサーバ構築

[OSインストール]

CentOS 7 最小インストール
ホスト名:mail.test.aaa.jp
IPアドレス:192.168.5.101
DNS:210.197.74.200,210.197.74.201


[hostsの設定]

# vi /etc/hosts
192.168.5.101 mail.test.aaa.jp
192.168.5.102 www.test.aaa.jp



[SELinuxの無効]

◆確認
# getenforce

# vi /etc/selinux/config
==================================
SELINUX=disabled
==================================

# systemctl reboot



[Firewalldの設定]
◆確認

# firewall-cmd --list-all-zones

◆設定

# firewall-cmd --add-service=smtp --zone=public --permanent
# firewall-cmd --add-service={pop3,imap} --zone=public --permanent
# firewall-cmd --add-port=465/tcp --zone=public --permanent
# firewall-cmd --add-port=587/tcp --zone=public --permanent
# firewall-cmd --add-port=993/tcp --zone=public --permanent
# firewall-cmd --add-port=995/tcp --zone=public --permanent

# firewall-cmd --reload



[Postfixの設定]

◆設定

# vi /etc/postfix/main.cf
==================================
myhostname = mail.test.aaa.jp
mydomain = test.aaa.jp
myorigin = $mydomain
inet_interfaces = all
#inet_interfaces = localhost
#mydestination = $myhostname, localhost.$mydomain, localhost
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 192.168.5.0/24, 127.0.0.0/8
relayhost = [auth.gate-on.net]:587
home_mailbox = Maildir/

smtpd_banner = $myhostname ESMTP

(追記)
message_size_limit = 10485760
mailbox_size_limit = 1073741824

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject
==================================

# systemctl restart postfix



[Dovecotの設定]

◆インストール

yum -y install dovecot

◆設定

# vi /etc/dovecot/dovecot.conf

==================================
protocols = imap pop3 lmtp
listen = *
==================================


# vi /etc/dovecot/conf.d/10-auth.conf

==================================
disable_plaintext_auth = no
auth_mechanisms = plain login
==================================


# vi /etc/dovecot/conf.d/10-mail.conf

==================================
mail_location = maildir:~/Maildir
==================================

# vi /etc/dovecot/conf.d/10-master.conf

==================================
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
==================================


◆ユーザ設定

# mkdir -m700 /etc/skel/Maildir{,/cur,/new,/tmp}
# useradd test -s /sbin/nologin
# passwd test



[証明書の設定]

◆証明書作成

# cd /etc/pki/tls/certs/

サーバー用証明書有効期限を10年に変更
# sed -i 's/365/3650/g' Makefile

サーバー用秘密鍵の作成
# make server.key
Enter pass phrase: (パスワード入力)
Verifying - Enter pass phrase: (パスワード再入力)

サーバー用秘密鍵からパスワード削除
# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key: (サーバー用秘密鍵の作成時のパスワード入力)

サーバー用秘密鍵の作成
# make server.crt
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Aichi
Locality Name (eg, city) [Default City]:Nagoya
Organization Name (eg, company) [Default Company Ltd]:test.aaa.jp
Organizational Unit Name (eg, section) []: (空白エンター)
Common Name (eg, your name or your server's hostname) []:mail.test.aaa.jp
Email Address []: (空白エンター)

アクセス制限
# chmod 400 server.*


◆設定

# vi /etc/postfix/main.cf

========================================
(追記)
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt
smtpd_tls_key_file = /etc/pki/tls/certs/server.key
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
========================================


# vi /etc/postfix/master.cf
========================================
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
========================================


# vi /etc/dovecot/conf.d/10-ssl.conf
========================================
#ssl = required
ssl = yes
#ssl_cert = #ssl_key = ssl_cert = ssl_key = ========================================

# systemctl restart postfix
# systemctl restart dovecot

確認
# openssl s_client -connect localhost:465 -showcerts

[サーバ構成]

OS:CentOS 7
メールサーバ(Postfix,Dovecot)
WEBサーバ(Apache,PHP,Rainloop)



[MyDNS.JPの登録]

◆DOMAIN INFO設定

Domain* : (FQDN)
test.aaa.jp

MX : (Hostname, Priority. FQDN)
mail.test.aaa.jp


Hostname*, Type*, Content, Delegateid or your id. (Hostname is not FQDN)
mail , A
www , A
PowerShellを用いたADのユーザー登録方法

<入力ファイル>
CSVで以下の形式でファイルを作成

Name => 名前
path => OUの識別名
SamAccountName => ログオン名
AccountPassword => パスワード
Surname => 姓
GivenName => 名
DisplayName => 表示名

CSV例
------------------------------------------------
Name,path,SamAccountName,AccountPassword,Surname,GivenName,DisplayName
"test user1","OU=testOU,DC=test,DC=local","user1","P@ssw0rd","test","user1","test tarou"
"test user2","OU=testOU,DC=test,DC=local","user2","P@ssw0rd","test","user2","test tarou"
------------------------------------------------


<登録コマンド>
以下のコマンドで登録します。

「ユーザーはパスワードを変更できない」は -CannotChangePassword
「パスワードを無期限にする」は -PasswordNeverExpires

Import-Csv | %{New-ADUser -Name $_.Name -Path $_.Path -sAMAccountName $_.sAMAccountName -AccountPassword (ConvertTo-SecureString $_.AccountPassword -AsPlainText -force) -Surname $_.Surname -GivenName $_.GivenName -displayName $_.displayName -
Enabled $true -CannotChangePassword $true -PasswordNeverExpires $true}
※1行です