HowtoForge - Linux Howtos and Tutorials - Security

Secure ISPConfig 3 And Services With GoDaddy Signed Certificate On CentOS

Wed, 29 May 2013 16:44:49 +0200

Secure ISPConfig 3 And Services With GoDaddy Signed Certificate On CentOS

Let's set up a signed certificate from GoDaddy for the ISPConfig control panel, Pure-FTPD, Postfix, Dovecot, phpMyAdmin, and Squirrelmail. Don't forget to replace pluto.example.com with your own FQDN throughout this entire section!

Securing SSH On Ubuntu Precise With WiKID Two-Factor Authentication

Fri, 17 May 2013 12:33:44 +0200

Securing SSH On Ubuntu Precise With WiKID Two-Factor Authentication

SSH offers a highly secure channel for remote administration of servers. However, if you face an audit for regulatory or business requirements, such as Visa/Mastercard PCI, you need to be aware of some potential authentication related short-comings that may cause headaches in an audit. In this document we are going to demonstrate how to combine two-factor authentication from WiKID on Ubuntu. This document will also serve as the basis for additional tutorials because many services on Linux use PAM for authentication.

How To Configure Apache To Use Radius For WiKID Two-Factor Authentication On Ubuntu

Fri, 10 May 2013 18:04:01 +0200

How To Configure Apache To Use Radius For WiKID Two-Factor Authentication On Ubuntu

This document describes how to add WiKID two-factor authentication to Apache 2.x using mod_auth_radius on Ubuntu 12.04 Precise. It is recommended that you consider using mutual https authentication for web applications that are worthy of two-factor authentication. Strong mutual authentication means that the targeted website is authenticated to the user in some cryptographically secure manner, thwarting most man-in-the-middle attacks. The use of cryptography is key. While some sites use an image in an attempt to validate a server, it should be noted that any man-in-the-middle could simply replay such an image.

Setting Up ProFTPd + TLS On Ubuntu 12.10

Wed, 24 Apr 2013 21:12:12 +0200

Setting Up ProFTPd + TLS On Ubuntu 12.10

FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure. This article explains how to set up ProFTPd with TLS on an Ubuntu 12.10 server.

Encrypt Your Data With EncFS (OpenSUSE 12.3)

Fri, 12 Apr 2013 17:36:48 +0200

Encrypt Your Data With EncFS (OpenSUSE 12.3)

EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface. It is a pass-through filesystem, not an encrypted block device, which means it is created on top of an existing filesystem. This tutorial shows how you can use EncFS on OpenSUSE 12.3 to encrypt your data.

How To Run LinOTP On OpenSuSE 12.3 With PostgreSQL

Tue, 09 Apr 2013 18:06:37 +0200

How To Run LinOTP On OpenSuSE 12.3 With PostgreSQL

This tutorial describes the installation of LinOTP on OpenSUSE 12.3 using PostgreSQL as a token database. LinOTP is a two factor authentication solution with One Time Passwords. In the following Howto we are showing how to enable SSH authentication with LinOTP.

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (CentOS 6.3 x86_64)

Thu, 21 Mar 2013 17:46:09 +0100

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (CentOS 6.3 x86_64)

This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier, so that Courier can authenticate against the same MySQL database Postfix uses. The resulting Postfix server is capable of SMTP-AUTH and TLS and quota. Passwords are stored in encrypted form in the database. In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses. I will also show how to install SquirrelMail as a webmail interface so that users can read and send emails and change their passwords.

How To Do Mass Enrolling Of Yubikey With LinOTP

Mon, 04 Mar 2013 17:47:15 +0100

How To Do Mass Enrolling Of Yubikey With LinOTP

When it comes to two factor authentication Yubikeys are very in vogue. They are small, they have a very small footprint on your keychain and are easy to handle as they need no driver and authentication is as easy as touching a button. This howto shows, how you can use the open source LinOTP to enroll many Yubikeys to the LinOTP server.

How To Integrate ClamAV Into PureFTPd For Virus Scanning On Fedora 18

Fri, 08 Feb 2013 18:42:11 +0100

How To Integrate ClamAV Into PureFTPd For Virus Scanning On Fedora 18

This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on a Fedora 18 system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware.

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Fedora 18 x86_64)

Tue, 05 Feb 2013 19:36:35 +0100

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Fedora 18 x86_64)

This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses. The resulting Postfix server is capable of SMTP-AUTH and TLS and quota. Passwords are stored in encrypted form in the database. In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses. I will also show how to install SquirrelMail as a webmail interface so that users can read and send emails and change their passwords.

How To Configure PureFTPd To Accept TLS Sessions On Fedora 18

Mon, 04 Feb 2013 20:19:31 +0100

How To Configure PureFTPd To Accept TLS Sessions On Fedora 18

Encrypt Your Data With EncFS (Fedora 18)

Wed, 30 Jan 2013 17:32:54 +0100

Encrypt Your Data With EncFS (Fedora 18)

Installing Adito/OpenVPN-ALS On CentOS

Mon, 07 Jan 2013 17:43:56 +0100

Installing Adito/OpenVPN-ALS On CentOS

OpenVPN-ALS, formerly known as Adito, is not to be confused with OpenVPN. They both brilliant tools that work in completely different things, but in a similar way. Confused? Excellent… OpenVPN-ALS (from now on known as Adito, because I find it less confusing) is a browser based SSL VPN that enables you to acess resources on your own network, even if you are behind a restrictive proxy and/or firewall.

The Perfect SpamSnake - Ubuntu Jeos 12.04 LTS Precise Pangolin

Tue, 18 Dec 2012 20:00:46 +0100

The Perfect SpamSnake - Ubuntu Jeos 12.04 LTS Precise Pangolin

This tutorial shows how to set up an Ubuntu Jeos based server as a spamfilter in Gateway mode. In the end, you will have a SpamSnake Gateway which will relay clean emails to your MTA. You will also be able to view your incoming queue, train your SpamSnake and carry out a few more advanced operations via Baruwa.

Encrypt Your Data With EncFS (OpenSUSE 12.2)

Mon, 10 Dec 2012 19:12:52 +0100

Encrypt Your Data With EncFS (OpenSUSE 12.2)