background preloader


Facebook Twitter

HowTo/EximAndDovecotSASL - Dovecot Wiki. AuthenticatedSmtpUsingPam · Exim/exim Wiki. Authenticated SMTP using PAM Introduction For those of you who wanted to know what the solution was here is a detailed note for your info.

AuthenticatedSmtpUsingPam · Exim/exim Wiki

Ch14 : Linux Firewalls Using iptables. Network security is a primary consideration in any decision to host a website as the threats are becoming more widespread and persistent every day.

Ch14 : Linux Firewalls Using iptables

How do I use Iptables connection tracking feature? By Vivek Gite on October 27, 2005 Connection tracking is an essential security feature of Iptables.

How do I use Iptables connection tracking feature?

But, what is connection tracking? It is the ability to maintain connection information in memory. This is new feature added in 2.4.xx Linux kernel. Eariler only commercial firewall has this feature but now it is part of Linux. How do I use Iptables connection tracking feature? Iptables Open FTP Port 21 and 20. By Vivek Gite on April 13, 2006 How do I open port 21 using Linux iptables firewall?

Iptables Open FTP Port 21 and 20

Use iptables administration tool for IPv4 packet filtering and NAT under Linux to open tcp port 21 (FTP). Following rule-set assumes that your eth0 network interface is directly connected to the Internet. It has public ip ( FTP use both port 21 and 20 (port 21 for the command port and port 20 for the data). Procedure Add support for FTP connection tracking. Task load required iptables modules First login as the root user. Iptables rules for NAT with FTP active / passive connections. If you have an FTP server running behind a server that acts as the gateway or firewall, here are the rules to enable full NAT for active and passive connections. # general rules for forwarding traffic between external interface tap0 and internal interface eth0 iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE iptables -A FORWARD -i tap0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i eth0 -o tap0 -j ACCEPT.

iptables rules for NAT with FTP active / passive connections

Iptables debugging « \1. Has it ever happened to you that iptables was apparently not working as expected, and, in an effort to find out what's going on, you littered your ruleset with logging rules all over the place, or some other awkward kludge?

iptables debugging « \1

Now, it turns out that there's a much more convenient and cleaner way to find out which chains a packet traverses. This is based on using ip{,6}tables' raw table, with the TRACE target. For the following discussion, it helps if you keep an eye on this excellent iptables flow diagram. In the diagram, we can see that the raw table has two built-in chains: PREROUTING and OUTPUT, which together cover both the input and output of packets. In other words, any packet in the system, be it for the local system, locally generated, or forwarded, traverses one or both these chains in the raw table.

TRACE This target marks packes so that the kernel will log every rule which match the packets as those traverse the tables, chains, rules. Configuration Some examples Conclusion. View topic - Шифрованные пароли. AuthenticatedSmtpUsingPam · Exim/exim Wiki. AuthenticatedSmtpUsingPam · Exim/exim Wiki. [Exim] AUTH with PAM using pam_radius_auth. Lähettäjä: Jonker, NielsPäiväys: 2001-12-08 16:58 Vastaanottaja: ''Aihe: [Exim] AUTH with PAM using pam_radius_auth.

[Exim] AUTH with PAM using pam_radius_auth.

In order to make Exim use PAM to Radius under Linux (Redhat 7.1) I used the available from (About the only one I could find that actually worked for Auth). Note that the module does NOT support all the PAM functions exim wants. PAM Tutorial. © 2005–2012 by Wayne Pollock, Tampa Florida USA.

PAM Tutorial

All Rights Reserved. Many interactive commands are security sensitive. Showterm. Using RADIUS to authenticate users with RSA SecurID. Recently I was tasked with authenticating users who carry RSA SecurID tokens.

Using RADIUS to authenticate users with RSA SecurID

I was highly inspired by Jeff Wirth and his success using RADIUS to authenticate with SecurID Tokens on FreeBSD. While I'm not a fan of non-free software, it's possible to make each server authenticate against the non-free RSA Ace server using only free software. This isn't a perfect solution but it's useful when such a requirement is thrust upon you. The requirements are simple. Your RSA Authentication server must be configured to allow authentication through a RADIUS server. As a result of the simple nature of a RADIUS server, you'll have authentication but you'll be lacking directory services. How To Set Up WebDAV With Apache2 On Debian Etch.

Version 1.0 Author: Falko Timme Last edited 05/27/2008 This guide explains how to set up WebDAV with Apache2 on a Debian Etch server.

How To Set Up WebDAV With Apache2 On Debian Etch

WebDAV stands for Web-based Distributed Authoring and Versioning and is a set of extensions to the HTTP protocol that allow users to directly edit files on the Apache server so that they do not need to be downloaded/uploaded via FTP. Of course, WebDAV can also be used to upload and download files. I do not issue any guarantee that this will work for you! 1 Preliminary Note. How to jail / chroot users in FTP / SFTP - - Web development.

How to install Pam-radius on Ubuntu server. Force PAM to create user home folder if it already not exists. Lorens November 18th, 2011, 10:08 AM I'm posting the configuration files: Ch09. The rest of this section is about using the PAM module provided in the Samba distribution to enable Windows domain users to authenticate on the Linux system hosting Samba. Depending on which services you choose to configure, this allows Windows domain users to log in on a local console (or through telnet), log in to a GUI desktop on the Linux system, authenticate with an FTP server running on the Linux system, or use other services normally limited to users who have an account on the Linux system. The PAM module authenticates Windows domain users by querying winbind, which passes the authentication off to a Windows NT domain controller. As an example, we will show how to allow Windows domain users to log in to a text console on the Linux system and get a command shell and home directory.

The method used in our example can be applied (with variations) to other services. All users who can log in to the Linux system need a shell and a home directory. How to create a software RAID-1 array with mdadm on Linux. Redundant Array of Independent Disks (RAID) is a storage technology that combines multiple hard disks into a single logical unit to provide fault-tolerance and/or improve disk I/O performance. Depending on how data is stored in an array of disks (e.g., with striping, mirroring, parity, or any combination thereof), different RAID levels are defined (e.g., RAID-0, RAID-1, RAID-5, etc). RAID can be implemented either in software or with a hardware RAID card. How to create a software RAID-1 array with mdadm on Linux. Core. AcceptFilter Directive This directive enables operating system specific optimizations for a listening socket by the Protocol type.

The basic premise is for the kernel to not send a socket to the server process until either data is received or an entire HTTP Request is buffered. Only FreeBSD's Accept Filters and Linux's more primitive TCP_DEFER_ACCEPT are currently supported. The default values on FreeBSD are: How to get mod_auth_pam running on Apache 2.2.x. Mod_auth_pam is not supported and/or developed any longer and the latest available version works only with apache 2.0.x. The new apache 2.2 uses a new authentication mechanism and the old mod_auth_pam does not work, if you only install it to your local apache and use it with the follow configuration: AuthPAM_Enabled On AuthPAM_FallThrough Off AuthType Basic AuthName "Testingarea" You have to turn off the new apache 2.2 basic authentication to get the module up and running.

You can do this in two different ways. The first one is to disable the whole module, the second and better one is to disable it through a directive. For the first solution, you can use the tool a2dismod to disable the module mod_auth_basic. For the second way, you have to add this lines to the configuration above.

PAM with Radius Authentication. How to authenticate Apache 2 with Radius on Debian « Admins eHow. FreeRADIUS: Working with Authentication Methods. (For more resources on this subject, see here.) This section will give you background on three common authentication protocols. These protocols involve the supply of a username and password. The radtest program uses the Password Authentication Protocol (PAP) by default when testing authentication. The Ultimate Guide to Create Users in Linux / Unix.

By Ramesh Natarajan on June 24, 2009. How Squid ACLs work. For less experienced Squid administrators the concept of ACLs can be confusing at first. Access_controls. (1) To allow http_access for only one machine with MAC Address 00:08:c7:9f:34:41 To use MAC address in ACL rules.