Go back to fronty page View most popular entries View latest additions Submit tutorials to UnixTutorials.info
UnixTutorials logo

Search results for Creating secure wireless access points with OpenBSD and OpenVPN

Unix+clones Setup the SSH server to use keys for authentication
Post date: November 16, 2005, 15:11 Category: Network Views: 57
Tutorial quote: The user creates a keypair, which consists of a private key, that can be protected with a passphrase, and a public key. The public key is transfered to the server and the private key is kept in our workstation. We assume that the user has accounts in both the server machine and his workstation. Everytime he tries to connect to the server, the keys are validated and the user is granted access.
Debian Creating .deb-Packages With Checkinstall
Post date: April 12, 2005, 13:04 Category: Miscellaneous Views: 48
Tutorial quote: Checkinstall is a nice tool to create simple .deb-packages that you can use in your local network (e.g. if you have to install the same piece of software on multiple computers running Debian). It lets you compile and install software from the sources like before, but with the difference that you end up with a simple Debian package which also means that you can easily uninstall the software you just compiled by running dpkg -r!

I will demonstrate the use of checkinstall by compiling and installing the anti-virus software ClamAV on a Debian system.

This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.
Unix+clones CLI Magic: OpenSSH + Bash
Post date: January 25, 2006, 15:01 Category: Network Views: 30
Tutorial quote: As a system administrator, I have used OpenSSH's piping abilities more times than I can remember. The typical ssh call gets me access to systems for administration with a proven identity, but ssh is capable of so much more. In combination with bash's subshell invocation, OpenSSH can distribute the heavy work, reduce trace interference on a system under test, and make other "impossible" tasks possible. I've even used it to make Microsoft Windows remote administration easier.

In the examples below, I have tried to avoid GNU-specific idioms for tools which have non-GNU counterparts. This practice improves portability of shell scripts in heterogeneous environments.
RedHat My First Linux Server, Part 2
Post date: April 14, 2005, 18:04 Category: Miscellaneous Views: 107
Tutorial quote: A file server is a specialized PC that holds large numbers of files that many people on a network can access. It "serves up" files to everyone instead of each person having files on his or her own PC. The good news is that you don't have to be a network guru to set up a basic file server. If you followed the Easy Linux Install steps in Part 1, you are ready to set up a Linux PC as a file server.

While there are many ways to set up a network and a server, this article concentrates on the simplest approaches with the highest chance of quick success.
Debian dmcrypt
Post date: January 25, 2006, 17:01 Category: Security Views: 85
Tutorial quote: Device-mapper is a new infrastructure in the Linux 2.6 kernel that provides a generic way to create virtual layers of block devices that can do different things on top of real block devices like striping, concatenation, mirroring, snapshotting, etc... The device-mapper is used by the LVM2 and EVMS 2.x tools. dm-crypt is such a device-mapper target that provides transparent encryption of block devices using the new Linux 2.6 cryptoapi. Writes to this device will be encrypted and reads decrypted. You can mount your filesystem on it as usual. But without the key you can't access your data. It does basically the same as cryptoloop only that it's a much cleaner code and better suits the need of a block device and has a more flexible configuration interface. The on-disk format is also compatible.
Unix+clones CGI Programming on the World Wide Web
Post date: December 12, 2005, 12:12 Category: Programming Views: 65
Tutorial quote: The Common Gateway Interface (CGI) emerged as the first way to present dynamically generated information on the World Wide Web. CGI allows the computer to generate Web pages instantly at the user's request rather than being written by someone in advance. And at the time of this writing, it remains the only stable and well-understood method for creating such pages. Java presents problems that have not yet been solved. Other products are currently just in the announcement stage.

CGI is fun. You can get a kick out of writing scripts that perform tricks for you, and the users enjoy the spice the scripts add to your Web pages. But CGI has a serious side too: It lets the Internet offer the kind of interactive, user-driven applications that modern computer users have come to expect. CGI opens up an entire class of modern applications to the Web.
Debian Monitoring Servers and Clients using Munin
Post date: April 4, 2006, 16:04 Category: Installing Views: 36
Tutorial quote: "Munin" means "memory".

Munin the tool surveys all your computers and remembers what it saw. It presents all the information in in graphs through a web interface. Its emphasis is on plug and play capabilities. After completing a installation a high number of monitoring plugins will be playing with no more effort. Using Munin you can easily monitor the performance of your computers, networks, SANs, and quite possibly applications as well. It makes it easy to determine "what's different today" when a performance problem crops up. It makes it easy to see how you're doing capacity wise on all limited resources.

It uses the excellent RRDTool and is written in Perl. Munin has a master/node architecture in which the master connects to all the nodes at regular intervals and asks them for sdata. It then stores the data in RRD files, and (if needed) updates the graphs. One of the main goals has been ease of creating new plugins (graphs).
Debian The Perfect Xen 3.0 Setup For Debian
Post date: April 1, 2006, 00:04 Category: System Views: 12
Tutorial quote: This tutorial provides step-by-step instructions on how to install Xen (version 3.0.1) on a Debian Sarge (3.1) system.

Xen lets you create guest operating systems (*nix operating systems like Linux and FreeBSD), so called "virtual machines" or domUs, under a host operating system (dom0). Using Xen you can separate your applications into different virtual machines that are totally independent from each other (e.g. a virtual machine for a mail server, a virtual machine for a high-traffic web site, another virtual machine that serves your customers' web sites, a virtual machine for DNS, etc.), but still use the same hardware. This saves money, and what is even more important, it's more secure. If the virtual machine of your DNS server gets hacked, it has no effect on your other virtual machines. Plus, you can move virtual machines from one Xen server to the next one.
Linux NFS over CIPE-VPN tunnels
Post date: May 23, 2005, 12:05 Category: Network Views: 60
Tutorial quote: The Network File System (NFS) is a standard protocol for sharing file services with Linux and Unix computers. It is a distributed file system that enables local access to remote disks and file systems and is based on the client\server architecture. Although easy to configure, it is typically used only to transfer data over an intranet or LAN because of its transparency and security potholes when exposed to the risks of the Internet. However, it still can be employed -- without compromising security -- to share files over the Internet by configuring it to run on a Virtual Private Network (VPN) connection. This article will show you how to set up NFS to run over a CIPE-VPN connection between two Linux systems.
Unix+clones Installing and securing Squid
Post date: March 13, 2006, 10:03 Category: Software Views: 67
Tutorial quote: Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid supports SSL, extensive access controls, and full request logging. By using the lightweight Internet Cache Protocol, Squid caches can be arranged in a hierarchy or mesh for additional bandwidth savings.

After the installation and base configuration of squid we will add another layer of security by chrooting it.