HowtoForge - Linux Howtos and Tutorials - Security

How To Configure Apache To Use Radius For Two-Factor Authentication On Ubuntu 12.04

Wed, 16 May 2012 18:04:15 +0200

How To Configure Apache To Use Radius For Two-Factor Authentication On Ubuntu 12.04

This document describes how to add WiKID two-factor authentication to Apache 2.2.22 using mod_auth_radius on Ubuntu 12.04. It is also recommended that you consider using mutual https authentication for web applications that are worthy of two-factor authentication. Strong mutual authentication means that the targeted website is authenticated to the user in some cryptographically secure manner, thwarting most man-in-the-middle attacks. The use of cryptography is key. While some sites use an image in an attempt to validate a server, it should be noted that any man-in-the-middle could simply replay such an image.

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 12.04 LTS)

Tue, 08 May 2012 19:31:22 +0200

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 12.04 LTS)

This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier, so that Courier can authenticate against the same MySQL database Postfix uses. The resulting Postfix server is capable of SMTP-AUTH and TLS and quota. Passwords are stored in encrypted form in the database. In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV. I will also show how to install SquirrelMail as a webmail interface.

Encrypt Your Data With EncFS (Debian Squeeze/Ubuntu 11.10)

Mon, 07 May 2012 18:16:15 +0200

Encrypt Your Data With EncFS (Debian Squeeze/Ubuntu 11.10)

EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface. It is a pass-through filesystem, not an encrypted block device, which means it is created on top of an existing filesystem. This tutorial shows how you can use EncFS on Debian Squeeze/Ubuntu 11.10 to encrypt your data.

How To Integrate ClamAV Into PureFTPd For Virus Scanning On Debian Squeeze

Mon, 30 Apr 2012 21:11:11 +0200

How To Integrate ClamAV Into PureFTPd For Virus Scanning On Debian Squeeze

This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on a Debian Squeeze system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware.

AVG Antivirus For Linux/FreeBSD Plus Qmail Mail Server

Fri, 27 Apr 2012 15:10:49 +0200

AVG Antivirus For Linux/FreeBSD Plus Qmail Mail Server

This document describes how to deploy AVG Antivirus for Linux/FreeBSD to the Qmail mail server. It is usable for AVG version 8.5, 10 and 2012.

Remotely Unlock Fully Encrypted Debian Squeeze

Mon, 16 Apr 2012 17:10:39 +0200

Remotely Unlock Fully Encrypted Debian Squeeze

In the past I have written several howtos for remotely unlocking fully encrypted Debian installations. With the advent of Debian Squeeze, the developers have integrated a simple way to do so. Most stuff is provided directly by Debian itself - meaning you don't need 3rd party scripts anymore. However it still involves a few steps which I describe below. Also I provide you with a bash script that will do all the steps automatically.

Configuring DNSSEC On BIND9 (9.7.3) On Debian Squeeze/Ubuntu 11.10

Sun, 15 Apr 2012 20:32:17 +0200

Configuring DNSSEC On BIND9 (9.7.3) On Debian Squeeze/Ubuntu 11.10

This guide explains how you can configure DNSSEC on BIND9 (version 9.7.3 that comes with Debian Squeeze/Ubuntu 11.10) on Debian Squeeze and Ubuntu 11.10. It covers how to enable DNSSEC on authoritative nameservers (master and slave) and on resolving nameservers, creation of keys (KSKs and ZSKs), signing of zones, key rolling with rollerd, zone file checking with donuts, creation of trust anchors, using DLV (DNSSEC look-aside validation), and getting your DS records into the parent's zone.

Web Filtering On Squid Proxy

Wed, 11 Apr 2012 17:17:03 +0200

Web Filtering On Squid Proxy

This HOWTO describes how to protect your home / small enterprise network users from objectionable internet contents with help of HTTP proxy. Our goal is to set up a free Linux based server running Squid and deploy web filtering application on it saving bandwidth, speeding up web access and blocking obsessive and potentially illegal and malicious web files.

How To Integrate ClamAV Into PureFTPd For Virus Scanning On CentOS 6.2

Fri, 30 Mar 2012 17:27:04 +0200

How To Integrate ClamAV Into PureFTPd For Virus Scanning On CentOS 6.2

This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on a CentOS 6.2 system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware.

Running LinOTP On CentOS 6.2

Mon, 26 Mar 2012 17:39:35 +0200

Running LinOTP On CentOS 6.2

This howto will show how you can set up LinOTP on CentOS 6.2. LinOTP is a modular and flexible solution for two factor authentication with one time passwords. This howto uses the community packages that are available at the python package index PyPI.

How To Configure PureFTPd To Accept TLS Sessions On CentOS 6.2

Fri, 23 Mar 2012 13:46:50 +0100

How To Configure PureFTPd To Accept TLS Sessions On CentOS 6.2

FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure. This article explains how to configure PureFTPd to accept TLS sessions on a CentOS 6.2 server.

Build A Free, Full-Featured Mail Server On Gentoo Linux With iRedMail

Wed, 07 Mar 2012 16:50:32 +0100

Build A Free, Full-Featured Mail Server On Gentoo Linux With iRedMail

We're going to set up a free, full-featured mail server on Gentoo Linux, all mail service related components are free and open source, and you own all data. The installation process is extremly easy and smooth.

Setting Up ProFTPd + TLS On Ubuntu 11.10 (Oneiric Ocelot)

Fri, 02 Mar 2012 17:21:07 +0100

Setting Up ProFTPd + TLS On Ubuntu 11.10 (Oneiric Ocelot)

AVG Antivirus For Linux/FreeBSD Plus Sendmail Mail Server

Fri, 17 Feb 2012 18:10:58 +0100

AVG Antivirus For Linux/FreeBSD Plus Sendmail Mail Server

This document describes how to deploy AVG Antivirus for Linux/FreeBSD to the Sendmail mail server. It is usable for AVG version 8.5, 10 and 2012.

Changing Apache Server Name To Whatever You Want With mod_security On Debian 6

Fri, 10 Feb 2012 15:58:20 +0100

Changing Apache Server Name To Whatever You Want With mod_security On Debian 6

In this tutorial I want to focus on how to change the Apache server name to whatever you want, so you can give your own name or sentence to Apache server headers that are sent to whois programs or websites, for example you can type "YTS","GWS" or "Microsoft-IIS/7.0" to misguide the hacker to guess which Linux OS or which version of Apache you are using.