block ssh brute force attacs / prevent synflooding 
With iptables module recent you can limit the count of tcp connection attempts. In my case i allow only 3 ssh connection attempts per minute. This stops script kiddies doing ssh brute force attacs.
iptables -N synflood
iptables -A synflood -p tcp --dport ssh -m recent --set --name SSH
iptables -A synflood -p tcp --dport ssh -m recent --update \
--seconds 60 --hitcount 4 --name SSH -j DROP

iptables -A INPUT -p tcp -m state --state NEW -j synflood
iptables -A FORWARD -i $OUT -p tcp -m state --state NEW -j synflood

[ view entry ] ( 819 views )   |  print article
Wildcard certificate with virtual hosts and one IP 
NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:443>

SSLEngine on
SSLCertificateFile /etc/ssl/certs/
SSLCertificateKeyFile /etc/ssl/private/

CustomLog /var/log/apache2/one.access.log combined
ErrorLog /var/log/apache2/one.errors.log

<VirtualHost *:443>

SSLEngine on
SSLCertificateFile /etc/ssl/certs/
SSLCertificateKeyFile /etc/ssl/private/

CustomLog /var/log/apache2/two.access.log combined
ErrorLog /var/log/apache2/two.errors.log
$SERVER["socket"] == "" {
ssl.engine = "enable"
ssl.use-sslv2 = "disable"
ssl.pemfile = "/etc/lighttpd/ssl/" = "/etc/lighttpd/ssl/cacert.pem"
$HTTP["host"] == "" { = ""
server.errorlog = "/var/log/lighttpd/one_error.log"
accesslog.filename = "/var/log/lighttpd/one_access.log"
server.document-root = "/var/www/one"

$HTTP["host"] == "" { = ""
server.errorlog = "/var/log/lighttpd/two_error.log"
accesslog.filename = "/var/log/lighttpd/two_access.log"
server.document-root = "/var/www/two"

[ view entry ] ( 881 views )   |  print article
postfix with no local delivery 
All mails for local accounts should be transfered to a central mailserver.

Sender email should look like USER@HOST.DOMAIN and all mails should be delivered to root@DOMAIN.

Usually /etc/aliases is used, but in my case local delivery is disasbled.

myhostname = HOST.DOMAIN
myorigin = $myhostname
relayhost = $mydomain
mydestination =
local_recipient_maps =
inet_interfaces =
local_transport = error:local delivery is disabled
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical


[ view entry ] ( 1188 views )   |  print article
script to rescue/backup a system and restore from a cd with initramfs 
Searching for a rescue system that creates a bootable CD to restore my system i found mkcdrec. Because sometimes things (mkcdrec/debian/ubuntu) changes and i had to test and patch for new mkcdrec versions, so i droped it.

Then i started to make a live CD with debian-live and make my install script by myself. I also dropped it (long boottime and had too much to hack to let it work like i wanted).

Now i had the idea to build my own script that tar's my system and builds a bootable cd. I liked the idea of initramfs to extend it like i will and it boots much faster. The only drawback is that all things are hardcoded and have to be changed for every system i backup. But its only a single script: Read More...

[ view entry ] ( 1061 views )   |  print article
#> sudo apt-get install kqemu-source kqemu-common build-essential
#> sudo module-assistant prepare kqemu
#> sudo module-assistant auto-install kqemu

KERNEL=="kqemu", NAME="%k", MODE="0660", GROUP="kqemu"

#> sudo addgroup --system kqemu
#> sudo adduser USERNAME kqemu
#> modprobe kqemu

create a qemu image:
#> qemu-img create -f qcow2 root.qcow2 20G

install with a cd:
#> qemu -hda root.qcow2 -cdrom cd.iso -boot d

boot installed system:
#> qemu -hda root.qcow2

[ view entry ] ( 694 views )   |  print article

<<First <Back | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | Next> Last>>