- Web Server
- Control Panels
- Site Map/RSS Feeds
Using scponly To Allow SCP/SFTP Logins And Disable SSH Logins On Debian Squeeze
scponly is an alternate shell that restricts users to SCP and SFTP logins, but disallows SSH logins. It is a wrapper to the OpenSSH suite of applications. With the help of scponly, you can allow your users to use clients such as WinSCP or FileZilla to upload/download files, but you refuse SSH logins (e.g. with PuTTY) so that your users cannot execute files/programs. This tutorial shows how to install and use scponly on Debian Squeeze.
Xtables-Addons On Centos 6 & Iptables GeoIP Filtering
This tutorial will explain how to install aditional modules for the kernel to use with iptables rules sets (netfilter modules). Xtables-addons is the successor to patch-o-matic(-ng). Likewise, it contains extensions that were not, or are not yet, accepted in the main kernel/iptables packages. Xtables-addons is different from patch-o-matic in that you do not have to patch or recompile the kernel.
Setting Up ProFTPd + TLS On Debian Squeeze
FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure. This article explains how to set up ProFTPd with TLS on a Debian Squeeze server.
How To Encrypt Directories/Partitions With eCryptfs On Debian Squeeze
eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux. You can use it to encrypt partitions and also directories that don't use a partition of their own, no matter the underlying filesystem, partition type, etc. This tutorial shows how to use eCryptfs to encrypt a directory on Debian Squeeze.
Securing OpenVPN With A One Time Password (OTP) On Ubuntu
So, you got yourself a nice OpenVPN box. People need to login with their certificates but... if their laptop is stolen anyone could login. Sure, you could add password login but thats a bit outdated. The solution for this is using a OTP (one time password).
How To Set Up A Web-Based Enterprise Password Manager Protected By Two-Factor Authentication
While it is great that more services such as Facebook and Google are offering two-factor authentication, there are still plenty of services that do not. What is the next best thing? Using a password manager and incredibly complex passwords. A password manager allows you to use different passwords at all the sites and services you visit, but it creates a 'keys-to-the-kingdom' problem. This tutorial will show you how to install the WebKeePass open-source web-based, enterprise password manager and how to protect it with two-factor authentication from WiKID Systems. Note that we have not evaluated the security of WebKeePass - this would certainly be worthwhile. Our primary selection criteria were: open-source, multi-user and allowed for external authentication, in this case via LDAP. Another option that looked promising was CorporateVault.
Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 11.04)
This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses. The resulting Postfix server is capable of SMTP-AUTH and TLS and quota. Passwords are stored in encrypted form in the database. In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses. I will also show how to install SquirrelMail as a webmail interface so that users can read and send emails and change their passwords.
Adding Two-Factor Authentication To JOSSO
WiKID Systems recently partnered with Atricore, the makers of JOSSO an enterprise-class SSO application. Both two-factor authentication and single sign-on have historically been expensive and complex affairs. Atricore and WiKID have both been addressing these issues by releasing easy-to-use, open-source software. These efforts merged when Atricore added native support for the WiKID Strong Authentication to their product JOSSO. In this tutorial you will see how easy it is to add two-factor authentication to JOSSO, creating a secure, easy-to-use solution for organizations needing SSO. JOSSO supports a wide variety of services including Tomcat, jBoss, Apache, IIS, Liferay, Weblogic, and Alfresco as well as cloud services such as Google Apps, Salesforce and SugarCRM. WiKID for its part supports Radius, LDAP and TACACS+ in addition to having an API. WiKID Software tokens run on Linux, Mac, Windows, iPhone, Android, J2ME and others.
Securing SSH On Ubuntu With WiKID Two-Factor Authentication
SSH offers a highly secure channel for remote administration of servers. However, if you face an audit for regulatory or business requirements, such as Visa/Mastercard PCI, you need to be aware of some potential authentication related short-comings that may cause headaches in an audit. In this document we are going to demonstrate how to combine two-factor authentication from WiKID on Ubuntu. First, we will configure a domain on the WiKID server, then add the targeted server as network clients to the WiKID server, and finally configure the Ubuntu box via pam-radius.
How To Use FreeRADIUS With LinOTP 2 To Do Two Factor Authentication With One Time Passwords
This howto will guide you to set up RADIUS authentication with the LinOTP 2 Community Edition. LinOTP is a one time password backend that enables you to do two factor authentication with a broad variety of different hardware devices, software tokens and SMS. While the Enterprise Edition comes with a C module for the FreeRADIUS Server, the Community Edition, that is licensed under the AGPLv3 does not. Nevertheless, LinOTP provides very simple WEB APIs that makes it easy to talk to LinOTP in many different ways.