Creating A Fully Encrypted Para-Virtualised Xen Guest System Using Debian Lenny

This document explains how to set up a fully encrypted para-virtualized XEN instance. In this howto, the host system is running Debian Etch, while the guest system to be installed will be using Debian Lenny. If you are concerned about your privacy, you might want to consider using hard disk encryption to protect your valuable private data from spying eyes. Usually, the easiest way would be to use your distribution's installer to set up a fully encrypted system; I think most recent Linux distributions support this. However, when you are using XEN to provide virtualization, there are situations where you might not want to encrypt your whole computer with all guest instances, but instead only encrypt one OS instance. This howto will deal with exactly this situation. It assumes that the XEN host system is already up and running.

How To Install The WiKID Strong Authentication System On Slackware

Tested on Slackware 12.2, 2.6.28.7-grsec, PostgreSQL 8.3.6, postgresql-8.3-604.jdbc4. Note: Some of the configuration scripts included with WiKID are designed for Redhat and friends, several steps in this guide focus on modifying these scripts for Slackware as well as working around some of them.

Using Built-in Policy Installer in Firewall Builder

This article  demonstrates how Firewall Builder can help you automate the process of deployment and activation of the generated firewall configuration. After firewall configuration has been generated by one of the policy compilers and saved in a file on disk in the format required by the target firewall, it needs to be transferred to the firewall machine and activated. This function is performed by the component we call "Policy Installer" which is part of the Firewall Builder GUI.

Chrooted SSH/SFTP Tutorial (Debian Lenny)

Since version 4.8, OpenSSH supports chrooting, so no patches are needed anymore. This tutorial describes how to give users chrooted SSH access. With this setup, you can give your users shell access without having to fear that they can see your whole system. Your users will be jailed in a specific directory which they will not be able to break out of. I will also show how to use chrooted SFTP.

Using Built-In Revision Control In Firewall Builder

Firewall Builder GUI has built-in revision control system that can be used to keep track of changes in the objects and policy rules. If data file has been added to the revision control system, every time it is saved, the system asks the user to enter a comment that describes changes done in the file in this session and stores it along with the data. The program also assigns new revision number to the data file using standard software versioning system whith major and minor version numbers separated by a dot. When you open this data file next time, the program presents a list of revisions alongside with dates and comments, letting you choose which revision you want to use. You can open the latest revision and continue working with the file from the point where you left off last time, or open one of the older revisions to inspect how the configuration looked like in the past and possibly create a branch in the revision control system. Here we take a closer look at the built-in revision control system.

Getting Started With Firewall Builder

This guide presents an introduction to Firewall Builder. Firewall Builder (also known as fwbuilder) is a GUI firewall configuration and management tool that supports iptables (netfilter), ipfilter, pf, ipfw, Cisco PIX (FWSM, ASA) and Cisco routers extended access lists. Both professional network administrators and hobbyists managing firewalls with policies more complex that is allowed by simple web based UI can simplify management tasks with the application. The program runs on Linux, FreeBSD, OpenBSD, Windows and Mac OS X and can manage both local and remote firewalls.

How To Add Two-Factor Authentication To phpBB

This document describes how to add WiKID two-factor authentication to phpBB through Apache using mod_auth_xradius. Given the recent attack against phpBB and the exposure of it's users' passwords, we thought two-factor authentication might be timely.

Blocking IP Addresses Of Any Country With iptables

This article explains how you can block IP addresses of any country with the help of iptables.

Temporarily unavailable

How To Configure Apache To Use Radius For Two-Factor Authentication On Ubuntu

This document describes how to add WiKID two-factor authentication to Apache 2.x using mod_auth_radius on Ubuntu 8.1. A previous article described how to add two factor authentication to apache on Fedora. Interestingly, a patch has been created to update mod_auth_radius to work with Apache 2.2+, however, it has only been updated for Debian and Ubuntu. For Fedora and other RedHat flavors of Linux, it is recommended that you use mod_auth_xradius.