Category Archives: guides

Best Practices when using SSH

Posted on by
Reply

Author: Ryan M.
Original Website: linuxsecurity.com

Introduction

Are you using SSH in the best way possible? Have you configured it to be as limited and secure as possible? The goal of this document is to kick in the new year with some best practices for SSH: why you should use them, how to set them up, and how to verify that they are in place.

All of the examples below assume that you are using EnGarde Secure Linux but any modern Linux distribution will do just fine since, as far as I know, everybody ships OpenSSH.

SSHv2 vs. SSHv1

There are numerous benefits to using the latest version of the SSH protocol, version 2, over it’s older counterpart, version 1 and I’m not going into a lot of details on those benefits here – if you’re interested, see the URL in the reference below or Google around. That being said if you don’t have an explicit reason to use the older version 1, you should always be using version 2.

Continue reading

Optimize nVidia Video Cards for KDE 4

Posted on by
Reply

KWin, the standard KDE window manager in KDE4.0, ships with the first version of built-in support for compositing, making it also to compositing manager. This allows KWin to provide advanced graphical effects, similar to Compiz, while also providing all the features from previous KDE releases. Unlike Compiz, KWin still functions even when not system support for compositing is available, with only the compositing features being unavailable. KWin in KDE4.0 is also relatively new tails and has not been extensively optimized yet, therefore its performance may not be in loads areas comparable with performance of other compositing managers. In such cases performance should be improved with newer versions.Smoothness of KWin rendering can be improved by setting the env.variable KWIN_NVIDIA_HACK to 1. This sets ‘ _ _ GL_YIELD=NOTHING’ for KWin, letting KWin use more CPU Time for OpenGL operations, however at the expense of affecting performance of other applications. Therefore, this is disabled by default. This setting may be removed in the future if the negative impact becomes insignificant.

Open ~/.profile file and the following line:

export KWIN_NVIDIA_HACK=1

For more on this check COMPOSITE_HOWTO. Now see the difference.

Tip: In loads cases, overall smoothness may be increased by turning off direct rendering in advanced options in the Desktop Effects configuration module (Alt+F3->Configure Window Behavior).

No optimastion or tweaks for ATI video cards that I have noticed so far. If you know, let us know.

Install and Configure TrueCrypt With GUI On Ubuntu 7.10

Posted on by
Reply

Version 1.0
Author: Oliver Meyer <o [dot] meyer [at] projektfarm [dot] de>
Last edited 12/18/2007

This document describes how to set up TrueCrypt with GUI on Ubuntu 7.10. TrueCrypt is a free open-source encryption software for desktop usage.

This howto is a practical guide without any warranty – it doesn’t cover the theoretical backgrounds. There are many ways to set up such a system – this is the way I chose.

Continue reading

Hacking Archos 605 Wifi – Linux Hack On Archos 605 WiFi

Posted on by
Reply

Some industrious programmers have found a way to hack the Archos 605 WiFi portable video player to run the Qtopia Linux platform. By the looks of it, the Qtopia hack doesn’t add much in the way of extra media features (the Archos does pretty well as-is), but it opens the door to developing the Archos 605 WiFi as a more generally useful and configurable tablet PC. The Qtopia hack appears to work on older models of the Archos players as well, although the Archos fifth-generation players seem to be easier to configure.

Intrusion Detection: Snort, Base, MySQL, and Apache2 On Ubuntu 7.10 (Gutsy Gibbon)

Posted on by
Reply

This tutorial is based on another howto written by DevilMan, however I didn’t like the idea of manually compiling every package or the use of a GUI to get the software installed. This howto will work on a Gutsy Server or Gutsy desktop. With that said some of this howto is a direct copy from the original.

In this tutorial I will describe how to install and configure Snort (an intrusion detection system (IDS)) from source, BASE (Basic Analysis and Security Engine), MySQL, and Apache2 on Ubuntu 7.10 (Gutsy Gibbon). Snort will assist you in monitoring your network and alert you about possible threats. Snort will output its log files to a MySQL database which BASE will use to display a graphical interface in a web browser.

Continue reading

Keep Internet junk content away with content filters

Posted on by
Reply

Each day, I come across someone on the blogosphere complaining about the design of a Web site. Some don’t like screaming text, others don’t like banners, and still others hate ads. My pet peeves include pop-ups and unwanted JavaScript and cookies. Removing such junk can speed up your Internet connection, since you’re no longer wasting bandwidth downloading data you find useless. Here are some tools you can use to filter the content a Web site renders to you.

Privoxy

Privoxy is a standalone application full of impressive features. It’s a breeze to install. Its default settings are ideal for most users. Fedora and Ubuntu users can respectively install it with the commands yum install privoxy and sudo apt-get install privoxy, or you can grab the source tarball and install it with the commands ./configure, make, make install. Once installed, Privoxy will bind to localhost (127.0.0.1) at port 8118. You can choose a different port and network interface during the manual installation, or specify it under section 4.1 of the /etc/privoxy/config file.

Continue reading

Install and Set Up Subversion And Trac As Virtual Hosts On An Ubuntu Linux Server

Posted on by
Reply

This howto outlines the process by which one can set up the Subversion version control system, and have it work in tandem with Trac, the project manager for software development projects, on a server running Ubuntu (or possibly Debian). It is brought to you by Openject Consulting.

Setting up Subversion

For detailed information on this, including alternate setups, have a look at Version Control with Subversion.

Continue reading

Perfect Server Series: CentOS 4.6 Server Setup: LAMP, Email, DNS, FTP, ISPConfig

Posted on by
Reply

CentOS 4.6 Server Setup: LAMP, Email, DNS, FTP, ISPConfig (a.k.a. The Perfect Server)

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 12/17/2007

This tutorial shows how to set up a CentOS 4.6 based server that offers all services needed by ISPs and web hosters: Apache web server (SSL-capable), Postfix mail server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, Dovecot POP3/IMAP, Quota, Firewall, etc. This tutorial is written for the 32-bit version of CentOS 4.6, but should apply to the 64-bit version with very little modifications as well.

I will use the following software:

  • Web Server: Apache 2.0.x
  • Database Server: MySQL 4.1
  • Mail Server: Postfix
  • DNS Server: BIND9 (chrooted!)
  • FTP Server: proftpd
  • POP3/IMAP server: dovecot
  • Webalizer for web site statistics

In the end you should have a system that works reliably, and if you like you can install the free webhosting control panel ISPConfig (i.e., ISPConfig runs on it out of the box).

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

Continue reading

Configure OpenLDAP + Samba Domain Controller On Ubuntu 7.10

Posted on by
Reply

Preface

This document is a step by step guide for configuring Ubuntu 7.10 as a Samba Domain Controller with an LDAP backend (OpenLDAP). The point is to configure a server that can be comparable, from a central authentication point of view, to a Windows Server 2003 Domain Controller. The end result will be a server with an LDAP directory for storing user, group, and computer accounts. A Windows XP Professional SP2 workstation will be able to join the domain once properly configured. Please note that you do not have a fully comparable Windows domain controller at this time. Do not kid yourself, this guide only gets you a server with LDAP authentication. Of course this can be expanded to include slave servers to spread out authentication over multiple networks. Please also note that it took me approximately two and a half weeks to compile this information and get it working. The same functionality can be had in Windows in less than four hours (and this includes operating system installation). In my humble opinion the open source community will need to work on this side of Linux in order for it to be a true alternative to Windows.

Continue reading

Howto – Securing Joomla! installations

Posted on by
Reply

Joomla! is a well-known content management system, mature enough to be used by thousands of amateur and professional Web portals. Installation is a breeze and consists of six click-next steps. However, a default Joomla! installation is not necessarily a secure one, so let’s see how we can protect our portal from potential attackers.

The first rule of security when it comes to Joomla! is “update frequently,” because whenever a new version comes out, it usually comprises several user-reported bug and security fixes. If your host allows it, use PHP5 instead of PHP4, because it’s more advanced and offers better security.

Once your site is ready to be launched, make sure to set your configuration.php file to read-only — a critical step that most users neglect. Change file and directory permissions — chmod 644 for files and chmod 755 for folders — but be sure to keep temporary and cache directories writable, lest you get a site error.

Continue reading