HowtoForge - Linux Howtos and Tutorials - Security

Hardening Postfix For ISPConfig 3

Wed, 01 Feb 2012 17:25:59 +0100

Hardening Postfix For ISPConfig 3

The goal of this tutorial is to harden the mail server postfix used by ISPConfig for internet mail servers where authenticated users are trusted. With this setup you will reject a great amount of spam before it passes into your mail queue, saving a lot of system resources and making your mail server strong against spammers and spam botnets.

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (CentOS 6.2 x86_64)

Tue, 31 Jan 2012 19:54:18 +0100

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (CentOS 6.2 x86_64)

This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier, so that Courier can authenticate against the same MySQL database Postfix uses. The resulting Postfix server is capable of SMTP-AUTH and TLS and quota. Passwords are stored in encrypted form in the database. In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin, ClamAV and SquirrelMail.

AVG Antivirus For Linux/FreeBSD Plus Postfix Mail Server

Mon, 23 Jan 2012 17:52:20 +0100

AVG Antivirus For Linux/FreeBSD Plus Postfix Mail Server

This document describes how to deploy AVG Antivirus for Linux/FreeBSD to a Postfix mail server. It is usable for AVG version 8.5, 10 and 2012.

Web Filtering On Squid 3 With QuintoLabs Content Security 1.4 And Windows Active Directory Integration

Fri, 06 Jan 2012 16:42:49 +0100

Web Filtering On Squid 3 With QuintoLabs Content Security 1.4 And Windows Active Directory Integration

This HOWTO will show you how to set up a Squid proxy server deployed on CentOS or RedHat 6 Linux with web and content filtering done by QuintoLabs Content Security with proxy users transparently authenticated by Windows 2008 R2 based Active Directory. This is the work in progress and all comments are welcomed. The HOWTO is targeted at novice users and may sometimes seem too thorough for more advanced gurus. No compilation magic will be involved in our setup so any system administrator accustomed to Windows will be able to easily follow the instructions.

Configuring CAS On Ubuntu For Two-Factor Authentication With WiKID

Fri, 23 Dec 2011 12:32:26 +0100

Configuring CAS On Ubuntu For Two-Factor Authentication With WiKID

Single sign-on is a great technology. Requiring users to login to multiple applications is huge hassle, encourages password reuse and simple passwords. Security needs to focus on usability. If you can make a user's life better while increasing security, everybody wins. In this how-to we will set up the open-source CAS SSO product with the WiKID Strong Authentication Server for two-factor authentication for sessions and mutual https authentication for host authentication. Obviously using two-factor authentication for the login increases security because the user must have the factors to get access, in this case, knowledge of the PIN and possession of the private key embedded in the token. The CAS server is running on Ubuntu 11.04 Server and is using Radius to talk to the WiKID Strong Authentication Server Enterprise Edition.

How To Encrypt Mails With SSL Certificates (S/MIME)

Thu, 08 Dec 2011 18:58:50 +0100

How To Encrypt Mails With SSL Certificates (S/MIME)

This article is about how to use the S/MIME encryption function of common e-mail clients to sign and/or encrypt your mails safely. S/MIME uses SSL certificates which you can either create yourself or let a trusted certificate authority (CA) create one for you.

Installing Maia Mailguard On Debian Squeeze (Virtual Users/Domains With Postfix/MySQL)

Wed, 07 Dec 2011 17:12:41 +0100

Installing Maia Mailguard On Debian Squeeze (Virtual Users/Domains With Postfix/MySQL)

This guide explains how to install Maia Mailguard, a spam and virus management system, on a Debian Squeeze mailserver. Maia Mailguard is a web-based interface and management system based on the popular amavisd-new email scanner and SpamAssassin. Written in Perl and PHP, Maia Mailguard gives end-users control over how their mail is processed by virus scanners and spam filters, while giving mail administrators the power to configure site-wide defaults and limits.

Stronghenge Application Firewall

Wed, 23 Nov 2011 18:30:37 +0100

Stronghenge Application Firewall

Stronghenge is an Out-of-Band Application Firewall that can inspect both HTTP and HTTPS traffic for attacks against your web applications. Since Stronghenge's detection engine is based off of the most widely deployed IDS/IPS technology worldwide, Snort, it's easy to start using. Additionally, since it's an Out- of-Band solution it requires little to no modification to your existing network. With Snort's powerful regular expression support, you can implement a positive or negative security model. With it's standalone decryption engine for RSA algorithms and custom Snort additions, it can be deployed as a single or multiple appliance configuration where one device can do decryption where the other can do detection and blocking. However, this tutorial will just cover how to deploy as a single appliance configuration.

How To Password-Protect Directories With mod_auth_mysql On Apache2 (Debian Squeeze)

Sun, 13 Nov 2011 20:24:05 +0100

How To Password-Protect Directories With mod_auth_mysql On Apache2 (Debian Squeeze)

This guide explains how to password-protect web directories (with users from a MySQL database) with mod_auth_mysql on Apache2 on a Debian Squeeze server. It is an alternative to the plain-text password files provided by mod_auth and allows you to use normal SQL syntax to create/modify delete users. You can also configure mod_auth_mysql to authenticate against an existing MySQL user table.

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 11.10)

Sun, 06 Nov 2011 18:29:15 +0100

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 11.10)

This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses. The resulting Postfix server is capable of SMTP-AUTH and TLS and quota. Passwords are stored in encrypted form in the database. In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV. I will also show how to install SquirrelMail as a webmail interface so that users can read and send emails and change their passwords.

Setting Up ProFTPd + TLS On Ubuntu 11.04 (Natty Narwhal)

Sun, 25 Sep 2011 20:37:15 +0200

Setting Up ProFTPd + TLS On Ubuntu 11.04 (Natty Narwhal)

FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure. This article explains how to set up ProFTPd with TLS on an Ubuntu 11.04 server.

Mounting Remote Directories With SSHFS On Debian Squeeze

Tue, 20 Sep 2011 18:50:04 +0200

Mounting Remote Directories With SSHFS On Debian Squeeze

This tutorial explains how you can mount a directory from a remote server on the local server securely using SSHFS. SSHFS (Secure SHell FileSystem) is a filesystem that serves files/directories securely over SSH, and local users can use them just as if the were local files/directories. On the local computer, the remote share is mounted via FUSE (Filesystem in Userspace). I will use Debian Squeeze for both the local and the remote server.

Tiny Web Proxy And Content Filtering Appliance On CentOS 6 (Version 1.4)

Fri, 16 Sep 2011 18:48:56 +0200

Tiny Web Proxy And Content Filtering Appliance On CentOS 6 (Version 1.4)

This small HOWTO will show you how to set up a small virtual machine to speed up and secure your home / small enterprise web surfing network using CentOS 6, Squid 3.1 and QuintoLabs Content Security 1.4 applications deployed in a VMware Virtual Player running on Windows 7 x64 as a host operating system. This howto is targeted at novice users and may sometimes seem too thorough for more advanced gurus.

How To Set Up SSL Vhosts Under Nginx + SNI Support (Ubuntu 11.04/Debian Squeeze)

Sun, 11 Sep 2011 20:26:56 +0200

How To Set Up SSL Vhosts Under Nginx + SNI Support (Ubuntu 11.04/Debian Squeeze)

This article explains how you can set up SSL vhosts under nginx on Ubuntu 11.04 and Debian Squeeze so that you can access the vhost over HTTPS (port 443). SSL is short for Secure Sockets Layer and is a cryptographic protocol that provides security for communications over networks by encrypting segments of network connections at the transport layer end-to-end. In addition to that I will show how to make use of SNI (Server Name Indication) to allow multiple SSL vhosts per IP address.

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (CentOS 6.0 x86_64)

Thu, 08 Sep 2011 18:13:29 +0200

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (CentOS 6.0 x86_64)

This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database that Postfix uses. The resulting Postfix server is capable of SMTP-AUTH and TLS and quota. Passwords are stored in encrypted form in the database. In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses. I will also show how to install SquirrelMail as a webmail interface so that users can read and send emails and change their passwords.