background preloader


Facebook Twitter

Theory. What is IPsec?


IPsec is an extension to the IP protocol which provides security to the IP and the upper-layer protocols. It was first developed for the new IPv6 standard and then “backported” to IPv4. The IPsec architecture is described in the RFC2401. The following few paragraphs will give you a short introduction into IPsec. IPsec uses two different protocols - AH and ESP - to ensure the authentication, integrity and confidentiality of the communication.

Figure 1. To protect the integrity of the IP datagrams the IPsec protocols use hash message authentication codes (HMAC). To protect the confidentiality of the IP datagrams the IPsec protocols use standard symmetric encryption algorithms. To protect against denial of service attacks the IPsec protocols use a sliding window. For the peers to be able to encapsulate and decapsulate the IPsec packets they need a way to store the secret keys, algorithms and IP addresses involved in the communication. Documentation:openvpn:fdn [Fédération FDN] Open Virtualization Alliance. OpenStack is a global collaboration of developers and cloud computing technologists producing the ubiquitous open source cloud computing platform for public and private clouds.

Open Virtualization Alliance

The project aims to deliver solutions for all types of clouds by being simple to implement, massively scalable, and feature rich. The technology consists of a series of interrelated projects delivering various components for a cloud infrastructure solution. See for more details. KVM is the hypervisor of choice for OpenStack deployments, because of its tight integration into the Linux kernel and strong support from Operating System vendors like Red Hat, SUSE and Canonical. How to Build a GCC Cross-Compiler. GCC is not just a compiler.

How to Build a GCC Cross-Compiler

It’s an open source project that lets you build all kinds of compilers. Some compilers support multithreading; some support shared libraries; some support multilib. It all depends on how you configure the compiler before building it. Be your own Certificate Authority (CA) I declare from the beginning that I am no authority on digital certificates.

Be your own Certificate Authority (CA)

This document is a summary of all the articles I have read about openssl. It describes in short how to become your own Certificate Authority (CA) and how to create and sign your own certificate requests. Make no mistake, these certificates are good only for personal use or for use in your intranet in order to provide a secure way to login or communicate with your services, so that passwords or other data is not transmitted in the clear. Noone else will or should trust these certificates. Configurer Postfix avec TLS / SSL.

Première rédaction de cet article le 28 février 2007Dernière mise à jour le 1 mars 2007 Voici ce que j'ai configuré sur mon serveur Postfix.

Configurer Postfix avec TLS / SSL

Cela permet la confidentialité (TLS chiffre la session) et, dans une certaine mesure, l'authentification des serveurs pairs (en revanche, TLS dans le courrier n'authentifie pas l'expéditeur, il faudrait utiliser PGP). Squidguard. Open pc server integration) the open source clientmanagementsystem — English. Quagga Software Routing Suite. About Quagga Quagga is a routing software suite, providing implementations of OSPFv2, OSPFv3, RIP v1 and v2, RIPng and BGP-4 for Unix platforms, particularly FreeBSD, Linux, Solaris and NetBSD.

Quagga Software Routing Suite

Quagga is a fork of GNU Zebra which was developed by Kunihiro Ishiguro. The Quagga tree aims to build a more involved community around Quagga than the current centralised model of GNU Zebra. The Quagga architecture consists of a core daemon, zebra, which acts as an abstraction layer to the underlying Unix kernel and presents the Zserv API over a Unix or TCP stream to Quagga clients. It is these Zserv clients which typically implement a routing protocol and communicate routing updates to the zebra daemon.

QUAGGA - Le Tutorial Facile - Introduction. Introduction au cluster sous Linux - Sébastien Han. Blocking or rate limiting iOS updates - Cisco Meraki. Apple iOS updates can cause extreme network strain for organizations without existing means of managing the updates.

Blocking or rate limiting iOS updates - Cisco Meraki

This article will cover ways to block, rate limit, or otherwise manage Apple iOS updates from a network perspective. Comment installer Linux sur Android. Pour installer Linux sur un téléphone Android sans dire adieu à une utilisation normale de son appareil, il existe une solution sans risque baptisée Linux Deploy.

Comment installer Linux sur Android

Ce logiciel disponible sur le PlayStore permet de récupérer une distrib Debian, Ubuntu, Arch Linux, Fedora, Kali...etc et de la monter dans un environnement chroot. Cela permet de faire cohabiter une version de Linux avec votre Android. Servers - Plateformes. Ivan Kuznetsov › No space left on device – running out of Inodes.

One of our development servers went down today.

Ivan Kuznetsov › No space left on device – running out of Inodes

Problems started with deployment script that claimed that claimed “No space left on device”, although partition was not nearly full. If you ever run into such trouble – most likely you have too many small or 0-sized files on your disk, and while you have enough disk space, you have exhausted all available Inodes. Below is the solution for this problem. 1. check available disk space to ensure that you still have some. Nous voulons (aussi) du matériel libre ! …nous dit Richard Stallman.

Nous voulons (aussi) du matériel libre !

Respects Your Freedom hardware product certification. [MAJ] - La seedbox facile sous Debian, avec Transmission. Maintenant que je dispose d’un serveur dédié dans un datacenter d’OVH avec une bande passante de 100Mbps assurée, il serait dommage de ne pas en profiter, et de ne pas en faire profiter la communauté Linux par exemple, en partageant mes distributions favorites sur les réseaux Peer to Peer, comme Bittorrent. Oui mais voilà, nous sommes sur un serveur, et pas d’interface graphique pour nous aider à configurer cela. U-NAS NS-400 Storage Server. HOW-TO: be your own DDNS provider [ALW - Home] Chapter 4. LVM Administration with CLI Commands. Optimiser la lisibilité de vos textes. Un texte sur internet communique un message explicite à vos visiteurs, mais l'apparence même de ce texte a aussi un sens implicite.

Le texte est un élément visuel sur votre page, tout comme vos images : si sa lecture est désagréable, vous perdrez des visiteurs. Écrire pour internet de façon lisible implique de soigner le fond autant que la forme. NyroBlog. Cette partie du tutorial est la plus longue car elle nécessite beaucoup de configuration. En effet, c'est pas moins de 4 démons que nous allons installé et configuré pour fonctionner parfaitement avec le reste de notre serveur.

De plus notre serveur d'emails incluera un antispam pour tous les emails entrant, qui en plus vérifiera si les emails ne contiennent pas des virus grâce à ClamAV. Améliorer la lisibilité de vos contenus en 58 étapes faciles! Vous créez du contenu pour le web? Super! Optimiser la lisibilité de vos textes. Getting Started with the LLVM System — LLVM 3.6 documentation. Overview Welcome to LLVM! In order to get started, you first need to know some basic information. First, LLVM comes in three pieces. The first piece is the LLVM suite. This contains all of the tools, libraries, and header files needed to use LLVM. The second piece is the Clang front end. Building LLVM with CMake — LLVM 3.6 documentation. Introduction CMake is a cross-platform build-generator tool. CMake does not build the project, it generates the files needed by your build tool (GNU make, Visual Studio, etc) for building LLVM.

If you are really anxious about getting a functional LLVM build, go to the Quick start section. If you are a CMake novice, start on Basic CMake usage and then go back to the Quick start once you know what you are doing. The Options and variables section is a reference for customizing your build. TipsAndTricks. (see also FAQ, HOWTOs, CategoryTipsAndTricks) 1. Undo an '`hg add`' If you have accidentally added a file, the way to undo that (changing its status from A back to ? Main / Handbook3-1. Per Lidén wrote this handbook. RobertMcMeekin converted it to DocBook, the CRUX team made a Wiki version. Numerous others have given feedback and improvement suggestions. ConfigExamples/Reverse/SslWithWildcardCertifiate. Warning: Any example presented here is provided "as-is" with no support or guarantee of suitability. If you have any further questions about these examples please email the squid-users mailing list. Outline Squid can be configured as a reverse proxy terminating HTTPS from clients and relayig it to backend servers which can be either HTTP or HTTPS themselves.

This example demonstrates hosting 3 websites using wildcard certificate, with two HTTP and one HTTPS origin server. The wild card certificate will be generated on the same server on which Squid will be installed. For this Following information will be required IP address of the Squid server ( Squid is installed at default location .i.e /usr/local/squid/ ) IP and the Hostname for all the 3 origin servers OpenSSL installed on the Squid server. Features/HTTPS. Version: 2.5 More: RFC 2817 When a browser comes across an URL, it does one of two things: opens an SSL/TLS connection directly to the origin server or opens a TCP tunnel through Squid to the origin server using the CONNECT request method. Squid interaction with these two traffic types is discussed below. Reverse proxy HTTP/HTTPS avec Squid 3 sous Debian » Blog easeo. CVE - Common Vulnerabilities and Exposures (CVE) Site du CERT-FR. Vigil@nce vulnerability watch, database, alert and management.

Rootkit. RANDOM.ORG - String Generator. Open source configuration management - CFEngine - Distributed Configuration Management. Unix Daemons in Perl. Comparison of open-source configuration management software. 5-FreeNAS_Olivier_Cochard-Labbe.pdf. XiVO%20IPBX%20Open%20Hardware%281%29.pdf. Setting Up A High-Availability Load Balancer (With Failover and Session Support) With HAProxy/Heartbeat On Debian Etch.

Customer:Linux Load Balancing with HAProxy+Heartbeat - GoGrid. Clustering et haute disponibilité sous Linux avec Heartbeat Prise en charge du kératocône - Association kératocône. Accueil. Plain Old Documentation. ROBODoc - automating the software documentation process. Securing Your Asterisk VoIP Server with IPTables. Troubleshooting a dual kernel configuration – Xenomai. Awk - A Tutorial and Introduction - by Bruce Barnett. Introduction à Ansible: l’outil du sysadmin paresseux mais pragmatique. Linux: Log Suspicious Martian Packets / Un-routable Source Addresses.