Debian/Ubuntu Tips and Tricks

Debuntu

Debian/Ubuntu Tips and Tricks

How-To set up a LDAP server and its clients — page 2

Posted by chantra on 22nd February 2007

This entry is part 2 of 2 in the series How-To set up a LDAP server and its clients

2. Configuring the clients

Each client will need a set of packages. So, now that you are logged on one of your clients, install:

#apt-get install libnss-ldap libpam-ldap nscd
LDAP Account for root: cn=admin,dc=debuntu,dc=local
Password: XXXX
Make local root database admin: yes
Database require logging in: No
Root login account: cn=admin,dc=debuntu,dc=local
Root login password: XXXX

Read the rest of this entry »

Tags: , ,
Posted in Administration, HowTo, Networking, System | 1 Comment »

How-To set up a LDAP server and its clients

Posted by chantra on 22nd February 2007

This entry is part 1 of 2 in the series How-To set up a LDAP server and its clients

LDAP (Lightweight Directory Access Protocol) allows central user, group, domain..... authentication, information storage ...

Using LDAP in a local network, you can allow your users to login and authenticate from anywhere on your network.

This tutorial will be split in 2 parts. In the first part, I will explain how-to install, configure the LDAP server, add a few users and group, in the second part, we will set up Linux client to authenticate through LDAP if the user does not exist on the local filesystem.

Read the rest of this entry »

Tags: , ,
Posted in Administration, HowTo, Networking, System | No Comments »

Secure your SSH server with Public/Private key authentification — page 3

Posted by chantra on 11th January 2007

4. Disabling Authentication by password

In order to disable authentication by password, we need to connect as root on the remote machine. On connected, go and edit /etc/ssh/sshd_config and make sure you have the following setting:

....
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
...

Read the rest of this entry »

Tags: , ,
Posted in Administration, HowTo, Networking | No Comments »

Secure your SSH server with Public/Private key authentification — page 2

Posted by chantra on 11th January 2007

2. Adding the public key to the authorized key

In the first place, we need to upload the key to the remote machine:

user@host:~$ scp ~/.ssh/id_rsa.pub remoteuser@remotehost:~/

Now, the public key is uploaded, let's add it to the authorized keys. To do so, we are going to connect to remotehost as remoteuser and add the key at the end of file ~/.ssh/authorized_keys and delete it once added:

Read the rest of this entry »

Tags: , ,
Posted in Administration, HowTo, Networking | No Comments »

Secure your SSH server with Public/Private key authentification

Posted by chantra on 11th January 2007

Open SSH is the most widely used SSH server on Linux. Using SSH, one can connect to a remote host and gain a shell access on it in a secure manner as all traffic is encrypted.

A neat feature of open SSH is to authenticate a user using a public/private key pair to log into the remote host. By doing so, you won't be prompted for the remote user's password.

This tutorial will describe how to create a SSH public/private key pair, how to enable key based authentication and finally how to disable password authentication.

Read the rest of this entry »

Tags: , ,
Posted in Administration, HowTo, Networking | No Comments »

AIDE: Advanced Intrusion Detection Environment

Posted by chantra on 18th December 2006

AIDE is an Intrusion Detection System (IDS). Which means that AIDE is not a tool to prevent an intrusion but is actually here to report that an intrusion might have happened.

This tutorial will show how-to install and configure AIDE so you get daily reports emailed directly to you in which you will be informed of which files might have been modified.

Read the rest of this entry »

Tags:
Posted in Administration, HowTo, System | No Comments »

Iptables: How-to Share your internet connection — page 4

Posted by chantra on 15th December 2006

This entry is part 4 of 4 in the series Iptables: How-to Share your internet connection

4. Using iptables'script

4.1. From the command line

One way to apply the rules we define, is simply to run the script from the command line like:

sudo sh /path/to/firewall-script.sh

but this has the bad effect of not being restore on reboot :s, but still, this will be of great help while tweaking up your firewall.

Read the rest of this entry »

Tags: , ,
Posted in Administration, HowTo, Networking | No Comments »

Iptables: How-to Share your internet connection — page 3

Posted by chantra on 14th December 2006

This entry is part 3 of 4 in the series Iptables: How-to Share your internet connection

3.3. Defining custom chains

In order to get a easier to maintain iptables script, it is handy to define some custom chains, also called user-defined chains. This way, you can gather common actions into 1 chain, then, using our target switch (-j) we will be able to send packets that match specific rules to that target.
In order to create a user-defined chain, we need to use:

Read the rest of this entry »

Tags: , ,
Posted in Administration, HowTo, Networking | No Comments »

Iptables: How-to Share your internet connection — page 2

Posted by chantra on 12th December 2006

This entry is part 2 of 4 in the series Iptables: How-to Share your internet connection

3. Iptables Script

OK, now that we know the really basis, let see what the script is going to look like.

In this example, I assume that eth0 is the interface connected to the Internet, eth1 is the one connected to our local network.

Read the rest of this entry »

Tags: , ,
Posted in Administration, HowTo, Networking | No Comments »

Iptables: How-to Share your internet connection

Posted by chantra on 10th December 2006

This entry is part 1 of 4 in the series Iptables: How-to Share your internet connection

iptables is a command line tool which allow system administrators to configure Linux packet filtering ruleset.

Using iptables, you are able to tweak packet filtering, Network Address Translation (NAT) and packet mangling which in the end are going to allow you to secure your server, share your Internet connection and log unwanted traffic.

iptables is not really what we could call an easy to get with tool, but once you know the basis, it won't be that scary :).

This tutorial will provide a sample script you can use to share your Internet access and will give an overview on how to use iptables

Read the rest of this entry »

Tags: , ,
Posted in Administration, HowTo, Networking | 22 Comments »