Go back to fronty page View most popular entries View latest additions Submit tutorials to UnixTutorials.info
UnixTutorials logo

Search results for Hardening OpenBSD Internet Servers

OpenBSD

Transparent proxying with squid and pf

Post date: May 17, 2005, 08:05 Category: Network Views: 11957 Comments
Tutorial quote: squid is a caching web proxy, it's set up between web browsers and servers, fetching documents from servers on behalf of browsers. It can accelerate web access by caching frequently requested pages and serving them from its cache. It can also be used to filter pop-up ads and malware or to enforce access control (which clients may request what pages based on different authentication methods).

Traditionally, the proxy is an optional component, and browsers are configured to actively use the proxy. Transparent proxying means forcing all web traffic through the proxy without the cooperation (or knowledge) of the clients. Once all browser connections pass through the proxy, outgoing connections to external hosts can be restricted to the proxy, and direct connections from local clients can be blocked.

The OpenBSD packet filter (pf) can be used to redirect connections based on various criteria, including source and destination addresses and ports. For instance, one can redirect all TCP connections with destination port 80 (HTTP) that arrive through an interface connected to local workstations to a squid proxy running on a different address and port.
Debian

How To Run Your Own DNS Servers With ISPConfig 3 (Debian Squeeze)

Post date: July 21, 2011, 10:07 Category: Miscellaneous Views: 2866 Comments
Tutorial quote: This tutorial shows how you can run your own DNS servers (primary and secondary) with ISPConfig 3. To do this, you need two servers with two different public IP addresses and with ISPConfig 3 installed. I will use Debian Squeeze for both DNS servers here to demonstrate the base system setup process and ISPConfig 3 installation, but once you have ISPConfig 3 installed on your servers, the configuration inside ISPConfig 3 is identical, no matter what distribution you use.
Debian

Securing Debian Manual

Post date: January 1, 2008, 13:01 Category: Security Views: 3636 Comments
Tutorial quote: This document describes security in the Debian project and in the Debian operating system. Starting with the process of securing and hardening the default Debian GNU/Linux distribution installation, it also covers some of the common tasks to set up a secure network environment using Debian GNU/Linux, gives additional information on the security tools available and talks about how security is enforced in Debian by the security and audit team.
Linux

How To Set Up Linux As A Dial-In Server

Post date: January 21, 2007, 20:01 Category: Network Views: 3784 Comments
Tutorial quote: This document describes how to attach modems to a Linux box and allow it to receive calls to connect users to the network. It is like being your own ISP (Internet Service Provider). If your Linux box is connected to the Internet, then the users will also be connected to the Internet. Your Linux box becomes a router. This is also known as RAS (Remote Access Services) in the Microsoft world. In the Linux world it is called PPP (Point to Point Protocol).
Lintrack

Lintrack As A LAN Gateway And An OpenVPN Bridge

Post date: May 9, 2007, 22:05 Category: Installing Views: 6523 Comments
Tutorial quote: This tutorial will guide you through the installation and configuration of Lintrack, a GNU/Linux distribution specialized in networking tasks. We will give two LANs access to the internet along with DHCP and DNS cache servers, and then we will connect our networks using OpenVPN in bridging mode. You should be running all these in well under an hour, thanks to the unified configuration interface of Lintrack.
OpenSUSE

Removing Internet Junks (ads, banners, pop-ups, etc ..) using privoxy on OpenSuSe

Post date: April 20, 2009, 09:04 Category: Security Views: 3812 Comments
Tutorial quote: Privoxy is a Web proxy based on Internet Junkbuster with advanced filtering capabilities for protecting privacy, filtering Web page content, managing cookies, controlling access, and removing ads, banners, pop-ups, and other obnoxious Internet junk. Privoxy has a very flexible configuration and can be customized to suit individual needs and tastes. Privoxy is useful for both stand-alone systems and multi-user networks.
Unix+clones

Execute Commands on Multiple Linux or UNIX Servers part II

Post date: December 28, 2005, 10:12 Category: System Views: 3289 Comments
Tutorial quote: I have already covered how to execute commands on multiple Linux or UNIX servers via shell script. The disadvantage of script is commands do not run in parallel on all servers. However, several tools exist to automate this procedure in parallel. With the help of tool called tentakel, you run distributed command execution. It is a program for executing the same command on many hosts in parallel using ssh (it supports other methods too). Main advantage is you can create several sets of servers according requirements. For example webserver group, mail server group, home servers group etc. The command is executed in parallel on all servers in this group (time saving). By default, every result is printed to stdout (screen). The output format can be defined for each group.
Unix+clones

Configuring Apache for Maximum Performance

Post date: February 12, 2006, 09:02 Category: Optimizing Views: 3790 Comments
Tutorial quote: Apache is an open-source HTTP server implementation. It is the most popular web server on the Internet; the December 2005 Web Server Survey conducted by Netcraft [1] shows that about 70% of the web sites on Internet are using Apache.

Apache server performance can be improved by adding additional hardware resources such as RAM, faster CPU, etc. But most of the time, the same result can be achieved by custom configuration of the server. This article looks into getting maximum performance out of Apache with the existing hardware resources, specifically on Linux systems. Of course, it is assumed that there is enough hardware resources - especially enough RAM that the server isn't swapping frequently. First two sections look into various Compile-Time and Run-Time configuration options. The Run-Time section assumes that Apache is compiled with prefork MPM. HTTP compression and caching is discussed next. Finally, using separate servers for serving static and dynamic contents is covered. Basic knowledge of compiling and configuring Apache and Linux are assumed.
OpenBSD

OpenBSD encrypted raid disk

Post date: November 6, 2009, 10:11 Category: System Views: 5178 Comments
Tutorial quote: This document explain process to create encryped device with vnd driver stored on logical raid disk (Raid 1 - 0)
Unix+clones

File Transfer Protocol

Post date: April 12, 2005, 18:04 Category: Network Views: 2312 Comments
Tutorial quote: Wake up, you goodness-to-GUI slacksters! It's time to get up and get out of that hammock and put your feet on the ground and your hands on the CLI. This week we're going to talk about data in motion. Taking a file from one place on the network. Putting it someplace else. Most often today some form of FTP, the File Transfer Protocol, is used to do those things. It's been part of the Internet since there was an Internet.
Web-based applications and online marketing solutions - LumoLink