- Web Server
- Control Panels
- Site Map/RSS Feeds
SSH: Best Practices
Are you using SSH in the best way possible? Have you configured it to be as limited and secure as possible? The goal of this document is to kick in the new year with some best practices for SSH: why you should use them, how to set them up, and how to verify that they are in place. All of the examples below assume that you are using EnGarde Secure Linux but any modern Linux distribution will do just fine since, as far as I know, everybody ships OpenSSH.
TrueCrypt With GUI On Ubuntu 7.10
This document describes how to set up TrueCrypt with GUI on Ubuntu 7.10. TrueCrypt is a free open-source encryption software for desktop usage.
Intrusion Detection: Snort, Base, MySQL, and Apache2 On Ubuntu 7.10 (Gutsy Gibbon) (Updated)
In this tutorial I will describe how to install and configure Snort (an intrusion detection system (IDS)) from source, BASE (Basic Analysis and Security Engine), MySQL, and Apache2 on Ubuntu 7.10 (Gutsy Gibbon). Snort will assist you in monitoring your network and alert you about possible threats. Snort will output its log files to a MySQL database which BASE will use to display a graphical interface in a web browser.
How To Update The Kernel For Smoothwall Express 3.0
This is a guide for building a new kernel for Smoothwall Express 3.0. Smoothwall Express 3.0 is a UTM Internet Gataway Distro for X86 PC. But it is mainly used on older 386 PCs. If you want use it on a newer CPU, you will only get a "386"PC. So we must update the kernel for SW 3.0.
Writing Snort Rules On EnGarde
There are already tons of written Snort rules, but there just might be a time where you need to write one yourself. You can think of writing Snort rules as writing a program. They can include variables, keywords and functions. Why do we need to write rules? The reason is, without rules Snort will never detect someone trying to hack your machine. This HOWTO will give you confidence to write your own rules.
How to configure Squid for two-factor authentication from WiKID
In this guide we will show how Squid can be configured to support two-factor authentication from a WiKID server, allowing users to be centrally authenticated, but their requests still distributed for efficiency.
Setting Up ProFTPd + TLS On Debian Etch
FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure. This article explains how to set up ProFTPd with TLS on a Debian Etch server.
HowTo: Install And Configure FWKNOP (Using EnGarde Linux)
Secret knocks have been used for purposes as simple and childish as identifying friend or foe during a schoolyard fort war. Fraternities teach these knocks as a rite of passage into their society, and in our security world we can implement this layer of security to lock down an SSH server. The FireWall KNock Operator (fwknop) is an excellent port knocking implementation that combines encrypted port knocking with passive OS finger-printing. This makes it possible to define specifically which Linux systems are allowed access to your SSH server. fwknop combines its functionality with iptables rules and log messages to grant or deny access to the SSH daemon.
Configuring SSH To Use Freeradius And WiKID For Two-Factor Authentication
Radius is a great standard. It is powerful enough to accomplish a great deal and simple enough to be easy to handle. Freeradius is an excellent, open source radius server that ships with many Linux variants. It is well documented and well supported. The WiKID Strong Authentication server is a commercial/open source two-factor authentication system that uses public key encryption to transmit PINs and one-time passcodes securely to software tokens running on Blackberries, cell phones, Palms, PocketPCs or, using the J2SE client, Linux, Macs and Windows PCs. You can think of WiKID like certificates, but without the hassles of white lists/black lists and more secure - because the PIN is validated on the server preventing offline brute-force attacks.
Virtual Users And Domains With Postfix, Courier And MySQL (Ubuntu 7.10)
This document describes how to install a mail server based on Postfix that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses. The resulting Postfix server is capable of SMTP-AUTH and TLS and quota (quota is not built into Postfix by default, I'll show how to patch your Postfix appropriately). Passwords are stored in encrypted form in the database (most documents I found were dealing with plain text passwords which is a security risk). In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses.
"Facebook" is a registered trademark of Facebook, Inc. All rights reserved.