- Web Server
- Control Panels
- Site Map/RSS Feeds
Install and Configure Auth Shadow on Debian/Ubuntu
Auth Shadow or mod-auth-shadow is a module for apache (and apache2, sort of) that enables authentication against /etc/shadow. The benefits being that any system user with a password can be authenticated for web_dav, subversion or simply an https server. The only other way to do this is with PAM. That method is dangerous because the apache user (www-data in my case) must be able to read /etc/shadow. Obviously, not a good idea. Auth Shadow accomplishes this safely by using a intermediate program called validate. This works because validate can be owned by root but executable by everyone. In the event that your server is compromised through apache, your password file will not be readable.
Secure your SSH deployment with WiKID two-factor authentication
In this document we are going to demonstrate how to combine two-factor authentication from WiKID with an SSH gateway server with hosted private keys to create a highly secure, auditable and easy to use remote access solution. The WiKID Strong Authentication System is a commercial/open source two-factor authentication solution.
How to configure OpenVPN to use WiKID Strong Authentication
The WiKID Strong Authentication System is a commercial/open source two-factor authentication solution. This guide demonstrates how to OpenVPN and SSH to use one-time passwords from WiKID. While both solutions support private key authentication, that may not be sufficient for your requirements; you may need one-time passwords for webmail or extranet access; or centralized authentication management and logging.
Securing the connection between MySQL and MySQL Administrator using an SSH tunnel
This is a description of how to set up a secure tunnel between your MySQL Server and a locally running MySQL Administrator using Putty. By creating a secure tunnel to your MySQL server using Putty, you can grant localhost access to powerful applications like MySQL Administrator while at the same time, make your server appear as if it isn't even there. In effect, make your MySQL server disappear from the outside world.
Key-Based SSH Logins With PuTTY
This guide describes how to generate and use a private/public key pair to log in to a remote system with SSH using PuTTY. PuTTY is an SSH client that is available for Windows and Linux (although it is more common on Windows systems). Using key-based SSH logins, you can disable the normal username/password login procedure which means that only people with a valid private/public key pair can log in. That way, there is no way for brute-force attacks to be successful, so your system is more secure.
Racoon Roadwarrior Configuration
Racoon Roadwarrior is a client that uses unknown, dynamically assigned IP addresses to connect to a VPN gateway (in this case also firewall). This is one of the most interesting and today most needed scenarios in business environment. This tutorial shows how to configure Racoon Roadwarrior.
Securing Your Server With A Host-based Intrusion Detection System
This article shows how to install and run OSSEC HIDS, an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. It helps you detect attacks, software misuse, policy violations and other forms of inappropriate activities.
How to Build an Effective Mail Server Defense
When speaking of mail server-related security, one
tends to limit the issue to message applied security measures, and even
more to Antivirus and Antispam protection. This is however only one
stage in the more complex process of securing your server. This article
aims at identifying and explaining all security layers, highly important when choosing a certain mail server and consequently when configuring and using it.
Securing the CentOS Perfect Setup with Bastille
This article shows how to secure a CentOS server using psad, Bastille, and some other tweaks. psad is a tool that helps detect port scans and other suspicious traffic, and the Bastille hardening program locks down an operating system, proactively configuring the system for increased security and decreasing its susceptibility to compromise.
Security Testing your Apache Configuration with Nikto
By now you've got the perfect setup for your new Ubuntu 6.0.6 (Dapper Drake) box. You may have even followed the excellent Intrusion Detection and Prevention with BASE and Snort tutorial. And as an added precaution you installed DenyHosts to prevent hack attempts via ssh. But now that you've got your new LAMP server on the internet, how can you tell that your new web server is secure? You test it, of course!
"Facebook" is a registered trademark of Facebook, Inc. All rights reserved.