30
Jun
Posted in Nix by carlosap |
Nothing new to add, but did want to emphasize that if a text-only terminal is all you need, ’screen’ is the way to go. It is one of the lesser known unix goodies, and a true “wonder tool”: a tool you cannot live without once you use it.
The quick primer:
First time:
ssh mymachine
screen
CTRL-a-c
CTRL-a-1
CRTL-a-d
exit
Future times:
ssh mymachine
screen -r
CTRL-a-2
CTRL-a-d
exit
You can create many login sessions inside one screen instance or launch multiple instances of screen on the same box by giving them a name. See the man page for all the goodness.
27
Jun
Posted in solaris by carlosap |
You maybe know that xterm-color (the bare default xterm with color) does not exists on Solaris.
Damn !! my vim color is ugly, but there is a solution:
export TERM=xtermc, it also exists on Mac and Linux so you can change your term to announce this terminal.
Don’t forget the :syntax enable in your .vimrc
God bless coloring !
27
Jun
Posted in solaris by carlosap |
Cool Stack Installation on Solaris 10
You must be ‘root’ to install the packages. Download the packages you are interested in into any directory. For each of the downloaded packages, run the following bunzip2 and pkgadd commands:
bunzip2 [package.pkg.bz2]
For example: bunzip2 CSKmysql_1.3RC1_sparc.pkg.bz2
pkgadd -d [package.pkg]
For example: pkgadd -d CSKmysql_1.3RC1_sparc.pkg
This process will install the package in /opt/coolstack, along with all dependent libraries.
After installation, please refer to the README file included in each of the application’s directories. The README includes detailed information on the following:
how the application was built
Solaris-specific configuration and tuning notes.
Pointers to other relevant documentation.
Instructions for setting up SMF service (if applicable).
27
Jun
Posted in Security by carlosap |
OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.
http://www.ossec.net/
20
Jun
Posted in Linux by carlosap |
USING .HTACCESS & HTPASSWD TO PROTECT YOUR FILES FROM UNAUTHORIZED ACCESS
| It is possible there are parts of your site which you would prefer that not just anyone have access to. APACHE and other web servers provide a system that you can use to control access to certain directories on your website. You might have a family photo album on line that you want only your family to see. No matter what your little secret is, I will show you how to help keep private things a little more private. I am sure that in your surfing around on the ‘Net you have every once in a while run into:
not a real screen! This is not JAVA or CGI-BIN, but something that is very easy to implement- even for a newer web author. The .htaccess feature of your server is activated simply by placing a small file in the directory you want to protect. Guess what the file is called? Yes, you’re correct! .htaccess
Before taking you through the steps of setting up this protection scheme, please take a moment to look at some things you should know.
- Nothing in life is truly secure. There may be holes in this system.
- The user name and password are transmitted as plain, readable text, they are not encrypted.
- If you plan on giving passwords to people, keep in mind that it is an extra maintainence function for you to perform.
- To setup .htaccess you must be able to access your server using telnet, this cannot be done using FTP. If you do not have telnet access to your site, check your provider’s FAQ or reference pages to see if they have a script you can use for setting passwords.
|
Setting up an .htaccess Protected Directory
Installing the .htaccess involves a few steps. The most important thing is to make sure you do not install the .htaccess file in your main web directory. If you do, everyone will be locked out of your website. Unless this is what you want to do, make sure you create the directory and are located in it before creating the file.
- Step 1: See where you are. At your prompt enter the command pwd to see what directory you are in. If you already have made your new directory and are in it- go to Step 3.
- Step 2: issue the command mkdir dirname where dirname is what you want to call the directory you will be protecting. Then enter the command cd dirname
- Step 3: Using an editor such as vi or pico, create a file called .htaccess (lower case letters of course- with the leading period) that looks just like this:
AuthUserFile /usr/www/dirname/.htpasswd
AuthGroupFile /dev/null
AuthName “The Secret Page”
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
- Step 4: Change the AuthUserFile so that the UNIX PATH matches that of your system. This is where the password file that we will create in a moment will reside.
- Step 5: Change The Secret Page to be whatever title you want to have appear on the password box.
- Step 6: To create the password file, issue the following command: (NOTE: you only do it this way to create a new file)
htpasswd -c .htpasswd user_name (where user_name is a name)
If you get a message like, htpasswd: not found enter the command type htpasswd. If that doesn’t do the trick, try which httpd. If htpasswd is not in your path, you will have to add that directory to your path or enter the command as /what/ever/dir/htpasswd -c user_name
- Step 7: The system will ask you to enter the password for this user. It will then ask you a second time to confirm your typing.
- Step 8: Continue to add new users, but with this version of the command. The -c option is only for the initial creation of the file.
htpasswd .htpasswd new_name |
That is all there is to it! If you experience any unexpected problems, or you change your mind about restricting access, just issue the command:
rm .htaccess
18
Jun
Posted in MacOSX by carlosap |
osascript -e 'tell app "ARDAgent" to do shell script "whoami"';
6
Jun
Posted in CentOS by carlosap |
If you ssh into untangle or are on the terminal “psql -U postgres uvm” will get you a postgresql prompt on the untangle
database. Running “\d” will tell you all the tables that are available. To get remote access to the
database you will need to modify /var/lib/postgres/pg_hba.conf This is done in the standard but somewhat complicated way documented at
http://www.postgresql.org/docs/7.4/i…ive/index.html
2
Jun
Posted in CentOS by carlosap |
http://www.gra2.com/article.php?query=generador&story=20050208110955884
28
May
Posted in CentOS by carlosap |
http://www.alcancelibre.org/staticpages/index.php/SAMBALDAP-CENTOS5
28
May
Posted in debian / ubuntu by carlosap |
http://www.ruf.rice.edu/~rlug/help/tips-ssh.html
Use this on Debian based boxes:
Use update-rc.d to create the symlinks to the appropriate runlevel directories.
update-rc.d -f ssh defaults 20
Since there are tons of brute force attacks against SSH captured by DenyHosts:
http://stats.denyhosts.net/stats.html
I’d consider it a bad idea to allow remote ssh (ie. via the external interface) to the Untangle ssh server (ie. if you have either manually symlinked /etc/rc3.d/… and /etc/rc5.d/… to /etc/init.d/ssh or have enabled the “Config -> Support -> Allow Untangle Support…” option).
The easiest way to secure the SSH server on Untangle is to bind the server to the LAN (internal interface) IP address rather than the default (which is all interfaces). To do so:
Quote:
| ssh root@your_untangle_server
vi /etc/ssh/sshd_config
add a line:
ListenAddress 192.168.1.1
save the file.
restart ssh:
/etc/init.d/ssh restart |
Replace 192.168.1.1 (above) with the internal IP address of your Untangle server.
After restarting ssh, you can connect to it from your internal network but not from the internet such that it won’t be subject to brute force password attacks.
Note: Untangle support will not be able to access your Untangle server so if you rely on their support efforts, don’t do this (or do it and if you need their support, remember to comment out the ListenAddress line and restart ssh).
For extra security:
If you’ve setup other users on Untangle (ie. using useradd from the command line or similar), it’s usually a good idea to set
“PermitRootLogin no” in /etc/ssh/sshd_config to prevent users from logging in as root (since everybody knows that the ssh server has a root account). You may require root access so you’ll need to use “sudo” after you login as non-root. This may be overkill if you’ve restricted external access (as described above) and your LAN is trusted.
