Go back to fronty page View most popular entries View latest additions Submit tutorials to UnixTutorials.info
UnixTutorials logo

Search results for NSA Publically-Released Solaris 8 Security Guide

Solaris

Configuring Apache

Post date: April 13, 2005, 05:04 Category: Network Views: 4121 Comments
Tutorial quote: Apache can respond to browser requests from machines on your local network (i.e. an "Intranet" Web server) or from the Internet. The installation of the Solaris OS installed and set up most of the necessary Apache files. As a result, if you want to use your system as a Web server you only need to modify one file.
Linux

Port Knocking

Post date: April 16, 2005, 10:04 Category: Network Views: 3011 Comments
Tutorial quote: Firewall administrators are challenged to balance flexibility and security when designing a comprehensive rule set. A firewall should provide protection against malfeasants, while allowing trusted users to connect. Unfortunately, it is not always possible to filter out the bad guys, because filtering on the basis of IP addresses and ports does not distinguish connecting users. Bad guys can and do come from trusted IP addresses. Open ports remain a necessary vulnerability: they allow connections to applications but also may turn into open doors for attack. This article presents a new security system, termed port knocking, in which trusted users manipulate firewall rules by transmitting information across closed ports.
FreeBSD

My FreeBSD installation guide

Post date: November 6, 2006, 21:11 Category: Installing Views: 9379 Comments
Tutorial quote: This is a guide to installing FreeBSD, together with some very common applications (Apache webserver, MySQL, Courier-IMAP, Postfix, PHP, ISC-Dhcp server, CLAMAV antivirus (for e-mail), and much more.
Please inform author if you spot an error somewhere in his guide.
Guide is published under Creative Commons License 'Attribution-NonCommercial-ShareAlike 2.5'
Unix+clones

Chkrootkit Portsentry Howto

Post date: April 15, 2005, 23:04 Category: Security Views: 2813 Comments
Tutorial quote: This document describes how to install chkrootkit and portsentry. It should work (maybe with slight changes concerning paths etc.) on all *nix operating systems.

Chkrootkit "is a tool to locally check for signs of a rootkit" (from http://www.chkrootkit.org).

"The Sentry tools provide host-level security services for the Unix platform. PortSentry, Logcheck/LogSentry, and HostSentry protect against portscans, automate log file auditing, and detect suspicious login activity on a continuous basis" (from http://sourceforge.net/projects/sentrytools/).

This howto is meant as a practical guide.
Linux

NFS over CIPE-VPN tunnels

Post date: May 23, 2005, 16:05 Category: Network Views: 2870 Comments
Tutorial quote: The Network File System (NFS) is a standard protocol for sharing file services with Linux and Unix computers. It is a distributed file system that enables local access to remote disks and file systems and is based on the client\server architecture. Although easy to configure, it is typically used only to transfer data over an intranet or LAN because of its transparency and security potholes when exposed to the risks of the Internet. However, it still can be employed -- without compromising security -- to share files over the Internet by configuring it to run on a Virtual Private Network (VPN) connection. This article will show you how to set up NFS to run over a CIPE-VPN connection between two Linux systems.
RedHat

Ruby on Rails on Red Hat

Post date: November 27, 2006, 07:11 Category: Network Views: 6490 Comments
Tutorial quote: Ruby on Rails is an open source freely available web development framework. It's been quite popular--it won a Jolt "Web Development Tools" award last year, and some prominent Java developers have publically switched to Ruby on Rails. The buzz surrounding Rails is quite impressive--particularly when you consider that Rails had no Fortune 500 company to market it, unlike .NET or Java.

Rails is a Model View Controller (MVC) framework. As you can imagine from the name, applications written using Model View Controller frameworks have three main components: a model, which represents the data and associated logic; the view, which represents how a user interacts with the application; and the controller, which contains all of the business logic that drives the application. This is an artificial distinction, of course, but it is a powerful one.

You'll need Apache 2.0+ and MySQL installed on your Red Hat Linux computer to run these examples.
Linux

Connecting to a Wireless LAN with Linux, Part 2

Post date: April 13, 2005, 19:04 Category: Hardware Views: 3683 Comments
Tutorial quote: In Part 1 we reviewed hardware options, which wireless utilities should be present, how to use Windows drivers, and how to be open to connect to any available wireless access point. Today we'll cover configurations on Red Hat- and Debian-type systems, basic security, and hardware discovery.

Wireless connectivity can be rather overly friendly, allowing connections from anyone. This howto assumes you have a wireless access point on a LAN, which can be all wireless or mixed wired and wireless. You don't want it wide open to just any random person with a desire to snoop on your network or "borrow" your bandwidth, but you want some access controls and security. Your access point should have a unique SSID (service set identifier), WEP (wireless equivalent privacy) or WPA/WPA2 (Wi-fi protected access) set up and working, and either a DHCP server or a pool of assigned IP addresses for clients.
Fedora

Upgrade Fedora 9 with Fedora 10

Post date: December 5, 2008, 12:12 Category: Installing Views: 2795 Comments
Tutorial quote: Fedora 10 codenamed "Cambridge" has been released. This new version of the community oriented, Red Hat backed Linux distribution comes with new features which enhance the end user experience.
Linux

Creating a safe directory with PAM and Encfs

Post date: June 7, 2006, 20:06 Category: Security Views: 3176 Comments
Tutorial quote: Now, in my network (and others) the credentials provided at login could (and should) be used by those programs. How can you retrieve these credentials, providing enough security?
With a the PAM modules pam_script it's possible to store the password in a file, which will be used by fusemb and mount.cifs to read the password from.

To achieve security, one could make the user logging in owner and deny read/write for anybody else. Remove this file when the user ends his/her session.
This is enough, for runtime. But I was wondering, but what if the system crashes, and the file with the credentials remains on the harddrive? Anybody who is able to mount this harddrive with for example a lifecd, can read this file!

That's why I was looking for a way to encrypt this file.

With encfs this is very possible! At run time it gives an interface to encrypted files and directories, which does only exist at runtime! When the system is not running, there are only encrypted files, useless when you do not know the key to it. And this key is exactly the (encrypted) password! That's why I've chosen for a combination of PAM and Encfs.
Debian

PHP-FPM/Nginx Security In Shared Hosting Environments (Debian/Ubuntu)

Post date: September 25, 2011, 16:09 Category: Security Views: 5064 Comments
Tutorial quote: If you want to use nginx and PHP-FPM for shared hosting environments, you should make up your mind about security. In Apache/PHP environments, you can use suExec and/or suPHP to make PHP execute under individual user accounts instead of a system user like www-data. There's no such thing for PHP-FPM, but fortunately PHP-FPM allows us to set up a "pool" for each web site that makes PHP scripts execute as the user/group defined in that pool. This gives you all the benefits of suPHP, and in addition to that you don't have any FTP or SCP transfer problems because PHP scripts don't need to be owned by a specific user/group to be executed as the user/group defined in the pool.
Web-based applications and online marketing solutions - LumoLink