Archive for November, 2011

How To Configure PureFTPd To Accept TLS Sessions On Debian Lenny

FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure. This article explains how to configure PureFTPd to accept TLS sessions on a Debian Lenny server.

1 Preliminary Note

a working PureFTPd setup on your Debian Lenny server, e.g. as shown in this tutorial: Virtual Hosting With PureFTPd And MySQL (Incl. Quota And Bandwidth Management) On Debian Lenny.

2 Installing OpenSSL
OpenSSL is needed by TLS; to install OpenSSL

aptitude install openssl

3 Configuring PureFTPd

If you want to allow FTP and TLS sessions, run

[ccINb_bash width="700"]
echo 1 > /etc/pure-ftpd/conf/TLS

If you want to accept TLS sessions only (no FTP), run

echo 2 > /etc/pure-ftpd/conf/TLS

To not allow TLS at all (only FTP), either delete /etc/pure-ftpd/conf/TLS or run

echo 0 > /etc/pure-ftpd/conf/TLS

4 Creating The SSL Certificate For TLS

In order to use TLS, we must create an SSL certificate. I create it in /etc/ssl/private/, therefore I create that directory first

mkdir -p /etc/ssl/private/

Continue reading “How To Configure PureFTPd To Accept TLS Sessions On Debian Lenny” »

Be the first to comment - What do you think?  Posted by Aniruddh - November 30, 2011 at 8:17 pm

Categories: Debian, File Server   Tags:

Setting Up ProFTPd + TLS On Ubuntu 10.04 (Lucid Lynx)

FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure. This article explains how to set up ProFTPd with TLS on an Ubuntu 10.04 server.

1 Preliminary Note

use the hostname server1.example.com with the IP address 192.168.0.100. These settings might differ for you, so you have to replace them where appropriate.

Because we must run all the steps from this tutorial with root privileges, we can either prepend all commands in this tutorial with the string sudo, or we become root right now by typing

sudo su

2 Installing ProFTPd And OpenSSL

OpenSSL is needed by TLS; to install ProFTPd and OpenSSL

aptitude install proftpd openssl

For security reasons you can add the following lines to /etc/proftpd/proftpd.conf

vi /etc/proftpd/proftpd.conf

3 Creating The SSL Certificate For TLS

create an SSL certificate. I create it in /etc/proftpd/ssl

mkdir /etc/proftpd/ssl

generate the SSL certificate

openssl req -new -x509 -days 365 -nodes -out /etc/proftpd/ssl/proftpd.cert.pem -keyout /etc/proftpd/ssl/proftpd.key.pem

Continue reading “Setting Up ProFTPd + TLS On Ubuntu 10.04 (Lucid Lynx)” »

Be the first to comment - What do you think?  Posted by Aniruddh - November 27, 2011 at 7:22 pm

Categories: Ubuntu   Tags:

Preventing Brute Force Attacks With BlockHosts On Debian Lenny

This show how to install and configure BlockHosts on a Debian Lenny system. BlockHosts is a Python tool that observes login attempts to various services, e.g. SSH, FTP, etc., and if it finds failed login attempts again and again from the same IP address or host, it stops further login attempts from that IP address/host. By default, BlockHosts supports services that use TCP_WRAPPERS, such as SSH, i.e. services, that use /etc/hosts.allow or /etc/hosts.deny, but it can also block other services using iproute or iptables.

1 Preliminary Note

I have tested BlockHosts on a Debian Lenny system.

I will show you how to to use it with a service that uses /etc/hosts.allow or /etc/hosts.deny (sshd) and with a service that doesn’t use TCP_WRAPPERS, e.g. Debian’s ProFTPd package. Services that don’t use /etc/hosts.allow or /etc/hosts.deny can be blocked by iproute or iptables.

2 Installing BlockHosts

BlockHosts is written in Python should install python

aptitude install python

install BlockHosts

cd /tmp
wget http://www.aczoom.com/tools/blockhosts/BlockHosts-2.5.0.tar.gz
tar xvfz BlockHosts-2.5.0.tar.gz
cd BlockHosts-2.5.0
python setup.py install --force

to edit /etc/blockhosts.cfg.

vi /etc/blockhosts.cfg

modify /etc/hosts.allow

back up your current /etc/hosts.allow

cp /etc/hosts.allow /etc/hosts.allow_orig

Continue reading “Preventing Brute Force Attacks With BlockHosts On Debian Lenny” »

Be the first to comment - What do you think?  Posted by Aniruddh - November 26, 2011 at 7:06 pm

Categories: Debian   Tags:

How To Configure PureFTPd To Accept TLS Sessions On OpenSUSE 11.3

FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure. This article explains how to configure PureFTPd to accept TLS sessions on an OpenSUSE 11.3 server.

1 Preliminary Note
working PureFTPd setup on your OpenSUSE 11.3 server

2 Installing OpenSSL

OpenSSL is needed by TLS install OpenSSL

yast2 -i openssl

3 Configuring PureFTPd

Open /etc/pure-ftpd/pure-ftpd.conf

vi /etc/pure-ftpd/pure-ftpd.conf

4 Creating The SSL Certificate For TLS

Continue reading “How To Configure PureFTPd To Accept TLS Sessions On OpenSUSE 11.3” »

Be the first to comment - What do you think?  Posted by Aniruddh - at 7:06 pm

Categories: Suse   Tags:

How To Install Google Earth On Ubuntu 10.10

There was a Google Earth .deb package available in the Medibuntu repository; unfortunately there is no such package for Ubuntu 10.10 (Maverick Meerkat). While it is possible to install the Google Earth package for Ubuntu 10.04 on Ubuntu 10.10 (as described in chapter 13 of The Perfect Desktop – Ubuntu 10.10 (Maverick Meerkat)), there is another way of installing Google Earth on Ubuntu 10.10. The method described in this tutorial will create a Google Earth .deb package for Ubuntu 10.10 from which Google Earth can be installed.
1 Building The Google Earth .deb Package

Open a terminal (Applications > Accessories > Terminal)

install the package googleearth-package

sudo apt-get install googleearth-package

an x86_64 system, you must also install ia32-libs

sudo apt-get install ia32-libs

build the Google Earth .deb package

sudo make-googleearth-package --force

falko@falko-GeForce-8000-series:~$ sudo make-googleearth-package –force
[...]
Package: googleearth
Version: 5.2.1.1588+0.5.7-1
Section: non-free/science
Priority: optional
Maintainer:
Architecture: amd64
Depends: ttf-dejavu | ttf-bitstream-vera | msttcorefonts, ia32-libs (>= 20080808), lib32gcc1 (>= 1:4.1.1),
lib32stdc++6 (>= 4.1.1), lib32stdc++6 (>= 4.2.1), lib32z1 (>= 1:1.1.4), lib32z1 (>= 1:1.2.0),
libc6-i386 (>= 2.0), libc6-i386 (>= 2.1.3), libc6-i386 (>= 2.3), libc6-i386 (>= 2.3.2),
libc6-i386 (>= 2.4), nvidia-current , lib32nss-mdns
Description: Google Earth, a 3D map/planet viewer
Package built with googleearth-package.
dpkg-deb: building package `googleearth’ in `./googleearth_5.2.1.1588+0.5.7-1_amd64.deb’.
Success!
You can now install the package with e.g. sudo dpkg -i .deb
falko@falko-GeForce-8000-series:~$

Continue reading “How To Install Google Earth On Ubuntu 10.10” »

Be the first to comment - What do you think?  Posted by Aniruddh - at 7:05 pm

Categories: Ubuntu   Tags:

Native ZFS On Ubuntu

It was tested with Linux 2.6.35-24-generic #42-Ubuntu SMP x86_64 GNU/Linux on Ubuntu 10.10 but should also work on Ubuntu 10.04.

Make sure the following packages are installed:

build-essential
gawk
zlib1g-dev
uuid-dev

or install

sudo apt-get install build-essential gawk zlib1g-dev uuid-dev

to install SPL and ZFS

sudo cd /usr/src

Download the latest release

sudo wget http://github.com/downloads/behlendorf/spl/spl-0.5.2.tar.gz
sudo wget http://github.com/downloads/behlendorf/zfs/zfs-0.5.2.tar.gz

Build SPL

 sudo tar -xvzf spl-0.5.2.tar.gz

sudo cd spl-0.5.2/

sudo ./configure

sudo make

sudo make install

Build ZFS

cd ..

sudo tar -xvzf zfs-0.5.2.tar.gz

sudo cd zfs-0.5.2/ sudo ./configure

sudo make

sudo make install

if splat is working and the zfs modules are loaded

sudo modprobe splat

sudo splat -a

sudo modprobe zfs

lsmod |grep zfs

Be the first to comment - What do you think?  Posted by Aniruddh - November 25, 2011 at 2:53 am

Categories: Ubuntu   Tags:

How To Install OCS Inventory NG Server 2 On CentOS 5.5

Introduction
OCS Inventory is a great software to make inventories. The NG Server is formed by: communication server, deployment server, and administration console. Click here to know how it works.

The computers that will be inventoried must run an agent (installed on each computer), to connect to the OCS NG Server. We are using the CentOS 5.5 (64bits) distribution, but it will probably work on Fedora (and Red Hat, for sure).
1 Some Prerequisites
Installing MySQL Server
to install

yum install mysql-server php-mysql php-pecl-zip php-gd

Starting MySQL

/etc/init.d/mysqld start
chkconfig --level 35 mysqld on

Setting a root password on mysql

/usr/bin/mysqladmin -u root password 'secret'

Starting Apache

to start Apache

/etc/init.d/httpd start
chkconfig --level 35 httpd on

Installing Packages

Continue reading “How To Install OCS Inventory NG Server 2 On CentOS 5.5” »

Be the first to comment - What do you think?  Posted by Aniruddh - at 2:53 am

Categories: CentOS   Tags:

System Monitoring With sar And ksar

sar is one of the old and famous commandline utilities, which is often overlooked. It provides a wealth of information when you have kind of performance bottlenecks. By itself it only provides lengthy columns of numerical data, kind of hard to interpret. sar exists on most Linux distributions, for example Ubuntu, Debian, CentOS, Gentoo, and is also available on Solaris, AIX, and other commercial Unices.

ksar, on the other hand, is a Java based front end for sar’s numerical data. It produces friendly graphs which could be exported to .pdf

Preliminary Note + Disclaimer
you should be familiar using a shell, at least some basic knowledge is advantageous.

The following tutorial is a kind of cooking receipe using sar and ksar. It should easily be adoptable to nearly any kind of Linux or Unix, where the prerequisites are available

1. sar
sar is commandline driven. It is in a package named like sysstat (Ubuntu, Debian, CentOS, Gentoo, to name some). You should install it using your favourite package manager (apt-get, yum, synaptic, yumex, emerge, ..). Favourably sar could and should be used in conjunction with cron, so you may have a look into /etc/cron.d/sysstat or a similar named file
Continue reading “System Monitoring With sar And ksar” »

Be the first to comment - What do you think?  Posted by Aniruddh - at 2:53 am

Categories: Filesystem   Tags:

Enabling SquirrelMail For Your Web Sites On An ISPConfig 3 Server (Ubuntu 10.10)

Lots of people have reported problems (such as getting 404 Not Found errors) using the SquirrelMail webmail package in their web sites created through ISPConfig 3. If you have followed the “Perfect Server” guides for ISPConfig 3, you have SquirrelMail already installed, but if you are still having the same problems, then this guide is for you. This guide explains how to configure SquirrelMail on an Ubuntu 10.10 server so that you can use it from within your web sites (created through ISPConfig)
Configuring SquirrelMail
SquirrelMail’s Apache configuration is in the file /etc/squirrelmail/apache.conf, but this file isn’t loaded by Apache because it is not in the /etc/apache2/conf.d/ directory. Therefore we create a symlink called squirrelmail.conf in the /etc/apache2/conf.d/ directory that points to /etc/squirrelmail/apache.conf

cd /etc/apache2/conf.d/
ln -s ../../squirrelmail/apache.conf squirrelmail.conf
/etc/init.d/apache2 reload

Continue reading “Enabling SquirrelMail For Your Web Sites On An ISPConfig 3 Server (Ubuntu 10.10)” »

Be the first to comment - What do you think?  Posted by Aniruddh - November 24, 2011 at 2:35 am

Categories: Ubuntu   Tags:

Hosting Multiple SSL Web Sites On One IP Address With Apache 2.2 And GnuTLS (Debian Lenny)

host multiple SSL-encrypted web sites (HTTPS) on one IP address with Apache 2.2 and GnuTLS on a Debian Lenny server.

For more information on why this couldn’t be done prior to OpenSSL 0.98g or with GnuTLS please refer to http://en.wikipedia.org/wiki/Server_Name_Indication.

I will mention that Virtual Hosting SSLs on the same IP address has 1 or 2 caveats before beginning and before anyone begins ripping out and handing back IPs to their ISPs.

1. Firefox 2.0+ works on all platforms (Mac/Windows/Linux) – it has its own TLS implementation – if you have SSLv2 enabled for VMware tools, Firefox doesn’t work either, but by default Firefox comes with v2 disabled by default
2. Windows XP does not support SNI and still has 40% share in the world so you could alienate a lot of people unless they are using Firefox on XP.
3. Browsers like Safari/Chrome/IE only work on Vista or greater because they use the O/S TLS implementation
4. Safari/Chrome only work on 10.5.7 or above on Macs

Continue reading “Hosting Multiple SSL Web Sites On One IP Address With Apache 2.2 And GnuTLS (Debian Lenny)” »

Be the first to comment - What do you think?  Posted by Aniruddh - at 2:35 am

Categories: Apache, Debian   Tags:

Next Page »