Linux Tutorials on the topic “security”

• Extending Perfect Server - Debian Squeeze [ISPConfig 3]

  Author: 8omas • Tags: security, other, backup, debian, ispconfig • Comments: 32

  Extending Perfect Server - Debian Squeeze [ISPConfig 3] The following tutorial will extend the "Perfect Server.... " for ISPConfig 3 with BIND & Courier installed in Debian Squeeze. It explains how to change default ports (ssh, ispconfig, webmin), how to install some useful applications (webmin, roundcube, atop, htop, multitail, tiger etc), how to update awstats periodically (more than once a day) or whenever you want, how to create clients' data backups (periodically) accessible under their folder and finally it explains how to tweak your system for performance (mysqltuner, tuning-primer) or security (custom firewall rules, (D)Dos Deflate, fail2ban modified).

  read more... | view as pdf

• Configuring CAS On Ubuntu For Two-Factor Authentication With WiKID

  Author: nowen • Tags: security, ubuntu • Comments: 0

  Configuring CAS On Ubuntu For Two-Factor Authentication With WiKID Single sign-on is a great technology. Requiring users to login to multiple applications is huge hassle, encourages password reuse and simple passwords. Security needs to focus on usability. If you can make a user's life better while increasing security, everybody wins. In this how-to we will set up the open-source CAS SSO product with the WiKID Strong Authentication Server for two-factor authentication for sessions and mutual https authentication for host authentication. Obviously using two-factor authentication for the login increases security because the user must have the factors to get access, in this case, knowledge of the PIN and possession of the private key embedded in the token. The CAS server is running on Ubuntu 11.04 Server and is using Radius to talk to the WiKID Strong Authentication Server Enterprise Edition.

  read more... | view as pdf

• How To Encrypt Mails With SSL Certificates (S/MIME)

  Author: CSch • Tags: linux, security, desktop, email • Comments: 7

  How To Encrypt Mails With SSL Certificates (S/MIME) This article is about how to use the S/MIME encryption function of common e-mail clients to sign and/or encrypt your mails safely. S/MIME uses SSL certificates which you can either create yourself or let a trusted certificate authority (CA) create one for you.

  read more... | view as pdf

• Stronghenge Application Firewall

  Author: stronghenge • Tags: security, suse • Comments: 0

  Stronghenge Application Firewall Stronghenge is an Out-of-Band Application Firewall that can inspect both HTTP and HTTPS traffic for attacks against your web applications. Since Stronghenge's detection engine is based off of the most widely deployed IDS/IPS technology worldwide, Snort, it's easy to start using. Additionally, since it's an Out- of-Band solution it requires little to no modification to your existing network. With Snort's powerful regular expression support, you can implement a positive or negative security model. With it's standalone decryption engine for RSA algorithms and custom Snort additions, it can be deployed as a single or multiple appliance configuration where one device can do decryption where the other can do detection and blocking. However, this tutorial will just cover how to deploy as a single appliance configuration.

  read more... | view as pdf

• How To Password-Protect Directories With mod_auth_mysql On Apache2 (Debian Squeeze)

  Author: Falko Timme • Tags: apache, debian, security, web server • Comments: 1

  How To Password-Protect Directories With mod_auth_mysql On Apache2 (Debian Squeeze) This guide explains how to password-protect web directories (with users from a MySQL database) with mod_auth_mysql on Apache2 on a Debian Squeeze server. It is an alternative to the plain-text password files provided by mod_auth and allows you to use normal SQL syntax to create/modify delete users. You can also configure mod_auth_mysql to authenticate against an existing MySQL user table.

  read more... | view as pdf

• Setting Up ProFTPd + TLS On Ubuntu 11.04 (Natty Narwhal)

  Author: Falko Timme • Tags: ftp, security, ubuntu • Comments: 5

  Setting Up ProFTPd + TLS On Ubuntu 11.04 (Natty Narwhal) FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure. This article explains how to set up ProFTPd with TLS on an Ubuntu 11.04 server.

  read more... | view as pdf

• Mounting Remote Directories With SSHFS On Debian Squeeze

  Author: Falko Timme • Tags: debian, security, storage • Comments: 2

  Mounting Remote Directories With SSHFS On Debian Squeeze This tutorial explains how you can mount a directory from a remote server on the local server securely using SSHFS. SSHFS (Secure SHell FileSystem) is a filesystem that serves files/directories securely over SSH, and local users can use them just as if the were local files/directories. On the local computer, the remote share is mounted via FUSE (Filesystem in Userspace). I will use Debian Squeeze for both the local and the remote server.

  read more... | view as pdf

• How To Set Up SSL Vhosts Under Nginx + SNI Support (Ubuntu 11.04/Debian Squeeze)

  Author: Falko Timme • Tags: security, debian, ubuntu, web server, nginx • Comments: 3

  How To Set Up SSL Vhosts Under Nginx + SNI Support (Ubuntu 11.04/Debian Squeeze) This article explains how you can set up SSL vhosts under nginx on Ubuntu 11.04 and Debian Squeeze so that you can access the vhost over HTTPS (port 443). SSL is short for Secure Sockets Layer and is a cryptographic protocol that provides security for communications over networks by encrypting segments of network connections at the transport layer end-to-end. In addition to that I will show how to make use of SNI (Server Name Indication) to allow multiple SSL vhosts per IP address.

  read more... | view as pdf

• Restricting Users To SFTP Plus Setting Up Chrooted SSH/SFTP (Debian Squeeze)

  Author: Falko Timme • Tags: debian, security • Comments: 12

  Restricting Users To SFTP Plus Setting Up Chrooted SSH/SFTP (Debian Squeeze) This tutorial describes how to give users chrooted SSH and/or chrooted SFTP access on Debian Squeeze. With this setup, you can give your users shell access without having to fear that they can see your whole system. Your users will be jailed in a specific directory which they will not be able to break out of. I will also show how to restrict users to SFTP so that they cannot use SSH (this part is independent from the chroot part of this tutorial).

  read more... | view as pdf

• Using scponly To Allow SCP/SFTP Logins And Disable SSH Logins On Debian Squeeze

  Author: Falko Timme • Tags: debian, security • Comments: 4

  Using scponly To Allow SCP/SFTP Logins And Disable SSH Logins On Debian Squeeze scponly is an alternate shell that restricts users to SCP and SFTP logins, but disallows SSH logins. It is a wrapper to the OpenSSH suite of applications. With the help of scponly, you can allow your users to use clients such as WinSCP or FileZilla to upload/download files, but you refuse SSH logins (e.g. with PuTTY) so that your users cannot execute files/programs. This tutorial shows how to install and use scponly on Debian Squeeze.

  read more... | view as pdf