- Chrooted SFTP With MySecureShell On Debian Etch
This tutorial shows how to install MySecureShell on a Debian Etch system. MySecureShell is an SFTP server that is based on OpenSSH and can be configured in many ways, e.g. it has support for chrooting users into their homedirs or for limiting upload-/download bandwidths. MySecureShell makes SFTP available for users that do not have shell access so that these users do not have to use the insecure FTP protocol anymore.
in Public bookmarks - Chrooted SSH/SFTP On Fedora 7
This document describes how to set up a chrooted SSH/SFTP environment on Fedora 7. The chrooted users will be jailed in a specific directory where they cannot break out. They will be able to access their jail via SSH and SFTP.
in Public bookmarks - Chrooted SSH/SFTP Tutorial (Debian Etch)
This tutorial describes two ways how to give users chrooted SSH access. With this setup, you can give your users shell access without having to fear that they can see your whole system. Your users will be jailed in a specific directory which they will not be able to break out of. The users will also be able to use SFTP in their chroot jails.
in Public bookmarks - Chrooting Apache2 With mod_chroot On Fedora 12
This guide explains how to set up mod_chroot with Apache2 on a Fedora 12 system. With mod_chroot, you can run Apache2 in a secure chroot environment and make your server less vulnerable to break-in attempts that try to exploit vulnerabilities in Apache2 or your installed web applications.
in Public bookmarks - Configuring Samba 3.0 To Use The ADS Security Mode (CentOS)
The intent of this article is to show you how to configure your Linux machine and Samba server to participate in a Windows 2003 Active Directory domain as a Member Server using Kerberos authentication. This involves using the security = ADS security mode in Samba.
in Public bookmarks - How to Avoid Being Blacklisted
A blacklist usually refers to a list of email or IP addresses known to send spam emails or some other type of unsolicited messages. Such lists are currently used by mail servers for filtering incoming emails and blocking the ones listed, in order to improve mail security and integrity. The blacklist is also the opposite of what is called a whitelist.
in Public bookmarks - How To Block Spam Before It Enters The Server (Postfix)
The last few weeks have seen a dramatic increase in spam (once again). Estimates say that spam makes now up for 80 - 90% of all emails, and many mail servers have difficulties in managing the additional load caused by the latest spam, and spam filters such as SpamAssassin do not recognize large parts of that spam as they did before. Fortunately, we can block a big amount of that spam at the MTA level, for example by using blacklists, running tests on the sender and recipient domains, etc. An additional benefit of doing this is that it lowers the load on the mail servers because the (resource-hungry) spamfilters have to look at less emails.
in Public bookmarks - How to encrypt a diskdrive in (X)ubuntu Feisty with dm-crypt and LUKS | HowtoForge - Linux Howtos and Tutorials
Today security is one of the key aspects in our daily life - sometimes conscious, sometimes unconscious. Security has many aspects and one of them is computer security or security of your or your business' computer data. In this tutorial I will show how to encrypt a whole disk drive using (X)Ubuntu Feisty, dm-crypt, and LUKS.
in Public bookmarks by 2 users - How To Harden PHP5 With Suhosin On CentOS 5.0
This tutorial shows how to harden PHP5 with Suhosin on a CentOS 5.0 server. From the Suhosin project page: "Suhosin is an advanced protection system for PHP installations that was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections."
in Public bookmarks - How To Harden PHP5 With Suhosin On Fedora 7
This tutorial shows how to harden PHP5 with Suhosin on a Fedora 7 server. From the Suhosin project page: "Suhosin is an advanced protection system for PHP installations that was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections."
in Public bookmarks - How to secure an SSL VPN with one-time passcodes and mutual authentication
SSL-based VPNs were designed to eliminate the need for complex configurations on the user's PC. Unfortunately, that was before the dangers of public WiFi networks and tougher regulatory requirements came into being. Thanks to WiFi, many attacks that were difficult are now quite simple. In particular, a man-in-the-middle attack can intercept SSL-encrypted traffic, rendering SSL-based VPNs useless - even if it is protected by a typical one-time password system. The man-in-the-middle can easily feed the one-time password into the SSL-based VPN within the alloted time.
in Public bookmarks - How to secure WebDAV with SSL and Two-Factor Authentication | HowtoForge
This guide documents how to configure a WebDAV resource using SSL and two-factor authentication and how to access that resource from Windows, Linux and Mac.
in Public bookmarks by 2 users - Installing ModSecurity2 On Debian Etch
This article shows how to install and configure ModSecurity (version 2) for use with Apache2 on a Debian Etch system. ModSecurity is an Apache module that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc.
in Public bookmarks by 2 users - Introducing Remo - An Easy Way to Secure an Insecure Online Application with ModSecurity
Say you have a nasty application on your Apache webserver that has been installed by some people from the marketing department and you can neither remove nor patch it. Maybe it is a time problem, a lack of know-how, a lack of source-code, or possibly even political reasons. Consequently you need to protect it without touching it. There is ModSecurity, but they say this is only for experts. A straightforward alternative is Remo, a graphical rule editor for ModSecurity that comes with a whitelist approach. It has all you need to lock down the application.
in Public bookmarks by 2 users - PHP-FPM/Nginx Security In Shared Hosting Environments (Debian/Ubuntu)
If you want to use nginx and PHP-FPM for shared hosting environments, you should make up your mind about security. In Apache/PHP environments, you can use suExec and/or suPHP to make PHP execute under individual user accounts instead of a system user like www-data. There's no such thing for PHP-FPM, but fortunately PHP-FPM allows us to set up a "pool" for each web site that makes PHP scripts execute as the user/group defined in that pool. This gives you all the benefits of suPHP, and in addition to that you don't have any FTP or SCP transfer problems because PHP scripts don't need to be owned by a specific user/group to be executed as the user/group defined in the pool.
in Public bookmarks - Preventing Brute Force Attacks With BlockHosts On Debian Etch
In this article I will show how to install and configure BlockHosts on a Debian Etch system. BlockHosts is a Python tool that observes login attempts to various services, e.g. SSH, FTP, etc., and if it finds failed login attempts again and again from the same IP address or host, it stops further login attempts from that IP address/host. By default, BlockHosts supports services that use TCP_WRAPPERS, such as SSH, i.e. services, that use /etc/hosts.allow or /etc/hosts.deny, but it can also block other services using iproute or iptables.
in Public bookmarks - Preventing Brute Force Attacks With Fail2ban On Debian Etch
In this article I will show how to install and configure fail2ban on a Debian Etch system. Fail2ban is a tool that observes login attempts to various services, e.g. SSH, FTP, SMTP, Apache, etc., and if it finds failed login attempts again and again from the same IP address or host, fail2ban stops further login attempts from that IP address/host by blocking it with an iptables firewall rule.
in Public bookmarks - Preventing Brute Force Attacks With Fail2ban On OpenSUSE 10.3
In this article I will show how to install and configure fail2ban on an OpenSUSE 10.3 system. Fail2ban is a tool that observes login attempts to various services, e.g. SSH, FTP, SMTP, Apache, etc., and if it finds failed login attempts again and again from the same IP address or host, fail2ban stops further login attempts from that IP address/host by blocking it with an iptables firewall rule.
in Public bookmarks - Secure Websites Using SSL And Certificates
This article will guide you through the entire process of setting up a secure website using SSL and digital certificates. This guide assumes that you already have a fully functional (and configured) server running Apache, BIND, and OpenSSL. Just as a side note, this guide was written based on a Fedora Core 6 distribution, but should be the same for most other distros out there.
in Public bookmarks - Setting Up ProFTPd + TLS On Debian Etch
FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure. This article explains how to set up ProFTPd with TLS on a Debian Etch server.
in Public bookmarks
Copyright © 2003-2010 Netvouz. All rights reserved. |
RSS Feed
|
Blog |
Contact |
Terms of use |
Cookies |
Privacy policy
RSS Feed
|
Blog |
Contact |
Terms of use |
Cookies |
Privacy policy