SearchThen i started to make a live CD with debian-live and make my install script by myself. I also dropped it (long boottime and had too much to hack to let it work like i wanted).
Now i had the idea to build my own script that tar's my system and builds a bootable cd. I liked the idea of initramfs to extend it like i will and it boots much faster. The only drawback is that all things are hardcoded and have to be changed for every system i backup. But its only a single script: Read More...
[ view entry ] ( 932 views ) | print article
With iptables module recent you can limit the count of tcp connection attempts. In my case i allow only 3 ssh connection attempts per minute. This stops script kiddies doing ssh brute force attacs.
iptables -N synflood
iptables -A synflood -p tcp --dport ssh -m recent --set --name SSH
iptables -A synflood -p tcp --dport ssh -m recent --update \
--seconds 60 --hitcount 4 --name SSH -j DROP
iptables -A INPUT -p tcp -m state --state NEW -j synflood
iptables -A FORWARD -i $OUT -p tcp -m state --state NEW -j synflood
[ view entry ] ( 808 views ) | print article
apache
NameVirtualHost *:80lighttpd
NameVirtualHost *:443
<VirtualHost *:443>
ServerName one.domain.at
SSLEngine on
SSLCertificateFile /etc/ssl/certs/domain.at.pem
SSLCertificateKeyFile /etc/ssl/private/domain.at.key
CustomLog /var/log/apache2/one.access.log combined
ErrorLog /var/log/apache2/one.errors.log
.
.
.
</VirtualHost>
<VirtualHost *:443>
ServerName two.domain.at
SSLEngine on
SSLCertificateFile /etc/ssl/certs/domain.at.pem
SSLCertificateKeyFile /etc/ssl/private/domain.at.key
CustomLog /var/log/apache2/two.access.log combined
ErrorLog /var/log/apache2/two.errors.log
.
.
.
</VirtualHost>
$SERVER["socket"] == "0.0.0.0:443" {
ssl.engine = "enable"
ssl.use-sslv2 = "disable"
ssl.pemfile = "/etc/lighttpd/ssl/domain.at.pem"
ssl.ca-file = "/etc/lighttpd/ssl/cacert.pem"
$HTTP["host"] == "one.domain.at" {
server.name = "one.domain.at"
server.errorlog = "/var/log/lighttpd/one_error.log"
accesslog.filename = "/var/log/lighttpd/one_access.log"
server.document-root = "/var/www/one"
}
$HTTP["host"] == "two.domain.at" {
server.name = "two.domain.at"
server.errorlog = "/var/log/lighttpd/two_error.log"
accesslog.filename = "/var/log/lighttpd/two_access.log"
server.document-root = "/var/www/two"
}
}[ view entry ] ( 871 views ) | print article
All mails for local accounts should be transfered to a central mailserver.
Sender email should look like USER@HOST.DOMAIN and all mails should be delivered to root@DOMAIN.
Usually /etc/aliases is used, but in my case local delivery is disasbled.
/etc/postfix/main.cf:
myhostname = HOST.DOMAIN
myorigin = $myhostname
relayhost = $mydomain
mydestination =
local_recipient_maps =
inet_interfaces = 127.0.0.1
local_transport = error:local delivery is disabled
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
/etc/postfix/recipient_canonical:
@HOST.DOMAIN root@DOMAIN
[ view entry ] ( 1174 views ) | print article
Searching for a rescue system that creates a bootable CD to restore my system i found mkcdrec. Because sometimes things (mkcdrec/debian/ubuntu) changes and i had to test and patch for new mkcdrec versions, so i droped it.
Then i started to make a live CD with debian-live and make my install script by myself. I also dropped it (long boottime and had too much to hack to let it work like i wanted).
Now i had the idea to build my own script that tar's my system and builds a bootable cd. I liked the idea of initramfs to extend it like i will and it boots much faster. The only drawback is that all things are hardcoded and have to be changed for every system i backup. But its only a single script: Read More...
[ view entry ] ( 1049 views ) | print article
<<First <Back | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | Next> Last>>