Notice!
This blog is moved to Samiux’s Blog.
Filed under: General, Linux, Security, Ubuntu, debian | Leave a Comment »
My blog is moved!
Posted on September 9, 2009 by samiux
HOWTO : Hiawatha 6.16 web server on Ubuntu 9.04 Server
Posted on August 30, 2009 by samiux
Hiawatha is a web server which is developed by Hugo Leisink who is in a great interest in IT security. It is designed with security in mind. It comes with Cross-site Scripting (XSS) prevention, Cross-site Request Forgery (CSRF) prevention, DoS/flooding protection, and SQL injection prevention.
It works with PHP and MySQL. Therefore, the [...]
Filed under: General, Linux, Security, Ubuntu, debian, fedora | Leave a Comment »
My Perfect Home Network 2009 (Version 4.0)
Posted on August 8, 2009 by samiux
The following is the setting of “My Perfect Home Network 2009 (Version 4.0)”. Virtualization technology can reduce the number of servers you owned. It saves room, electricity and money as well as manpower to manage. Therefore, it has one more term – Green Computing.
Configuration of KVM Server
2 x Intel Xeon E5420 Quad-Core [...]
Filed under: General, Linux, Security, Ubuntu, debian, fedora | 2 Comments »
HOWTO : Logwatch on Ubuntu 9.04 Server
Posted on July 2, 2009 by samiux
Logwatch reads your log files and can send you daily email about the most interesting parts.
Step 1 :
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install logwatch
Step 2 :
sudo nano /usr/share/logwatch/default.conf/logwatch.conf
Change the following as shown :
Output = mail
Format = html
MailTo = samiux@gmail.com
Step 3 :
sudo nano /etc/cron.daily/00logwatch
/usr/sbin/logwatch –mailto samiux@gmail.com
Enjoy!
Filed under: General, Linux, Security, Ubuntu, debian, fedora | 1 Comment »
HOWTO : Security enhanced your Ubuntu 9.04 LAMP server with AppArmor
Posted on June 16, 2009 by samiux
Step 1 :
Check if AppArmor is enabled or not. And make sure MySQL profile is enabled too.
sudo apparmor_status
Step 2 :
Create a profile of Apache2.
sudo aa-genprof apache2
sudo nano /etc/apparmor.d/usr.sbin.apache2
Add the following lines within ^DEFAULT_URI bracket.
/usr/sbin/suexec2 rix,
/usr/share/apache2/** r,
/var/log/apache2/** rwl,
/var/xoops/** r,
/var/www/xoops/** r,
Step 3 :
Put the profile in complain mode.
sudo aa-complain /etc/apparmor.d/usr.sbin.apache2
sudo /etc/init.d/apache2 restart
Step 4 :
After running the [...]
Filed under: General, Linux, Security, Ubuntu, debian | 2 Comments »
HOWTO : Make your Apache to use SSL
Posted on June 16, 2009 by samiux
Step 1 :
sudo a2enmod ssl
Copy the default-ssl to the name as your current XOOPS domain, e.g. samiux.com.
sudo cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/samiux.com-ssl
sudo nano /etc/apache2/sites-available/samiux.com-ssl
Do not change anything inside but except the following :
DocumentRoot /var/www/xoops
ServerName www.samiux.com # add this line under DocumentRoot
<Directory /var/www/xoops>
Step 2 :
sudo nano /etc/apache2/sites-available/samiux.com
Make sure you enabled rewrite module as at previous HOWTO. [...]
Filed under: General, Linux, Security, Ubuntu, debian, fedora | 1 Comment »
HOWTO : SSH to use RSA key for login
Posted on June 15, 2009 by samiux
ssh-keygen -t rsa -b 2048
or
ssh-keygen -t rsa -b 4096
“Enter file in which to save the key (/home/samiux/.ssh/id_rsa): (Hit Enter)”
Press “Enter”
“Enter passphrase (empty for no passphrase):”
Enter your password twice.
nano /home/samiux/.ssh/id_rsa.pub
Copy the content.
SSH to your server. At the username directory.
sudo mkdir .ssh
sudo nano /home/username/.ssh/authorized_keys
Then pasted the previous copied key onto the authorized_keys file. Save [...]
Filed under: General, Linux, Security, Ubuntu, debian, fedora | 1 Comment »
HOWTO : Almost a perfect and secure Ubuntu 9.04 LAMP server
Posted on June 13, 2009 by samiux
If you want to build a production LAMP server with Ubuntu 9.04 and hosting a Content Management System (CMS) such as XOOPS, you can follow the following steps to make your server almost perfect and secure. You are recommended to install a commercial or DIY Unified Threat Management System (UTM) for your network or [...]
Filed under: General, Linux, Security, Ubuntu, debian, fedora | 4 Comments »
HOWTO : secure your Ubuntu 9.04 server in a passive way
Posted on June 13, 2009 by samiux
Root account access warning
Add the following to the top of the file /root/.bashrc and you will be informed by email when the root account is being accessed.
echo -e “Root Shell Access on `tty` \n `w`” | \ mail -s “Alert: Root Access” samiux@gmail.com
Hardening SSH
The official port of SSH is 22. You can change it [...]
Filed under: General, Linux, Security, Ubuntu, debian, fedora | 1 Comment »
HOWTO : Make sure no rootkit on your Ubuntu 9.04 server
Posted on June 13, 2009 by samiux
To ensure your server will not be installed rootkits or trojans as well as worm without your approval, you should check it frequently.
ChkRootKit
Get the chkrootkit package :
sudo apt-get install chkrootkit
Make a Cron Job to do the scan daily at 0700 hours :
sudo crontab -e
0 7 * * * /usr/sbin/chkrootkit; /usr/sbin/chkrootkit -q 2 >&1 | mail [...]
Filed under: General, Linux, Security, Ubuntu, debian, fedora | 2 Comments »
