HowtoForge - Linux Howtos and Tutorials - Security

Preventing Brute Force Attacks With Fail2ban On Mandriva 2008.1

Fri, 29 Aug 2008 15:34:25 +0200

Preventing Brute Force Attacks With Fail2ban On Mandriva 2008.1

In this article I will show how to install and configure fail2ban on a Mandriva 2008.1 system. Fail2ban is a tool that observes login attempts to various services, e.g. SSH, FTP, SMTP, Apache, etc., and if it finds failed login attempts again and again from the same IP address or host, fail2ban stops further login attempts from that IP address/host by blocking it with an iptables firewall rule.

Preventing Brute Force Attacks With Fail2ban On Fedora 9

Mon, 25 Aug 2008 17:54:51 +0200

Preventing Brute Force Attacks With Fail2ban On Fedora 9

In this article I will show how to install and configure fail2ban on a Fedora 9 system. Fail2ban is a tool that observes login attempts to various services, e.g. SSH, FTP, SMTP, Apache, etc., and if it finds failed login attempts again and again from the same IP address or host, fail2ban stops further login attempts from that IP address/host by blocking it with an iptables firewall rule.

Running Vhosts Under Separate UIDs/GIDs With Apache2 mpm-peruser On Debian Etch

Thu, 21 Aug 2008 18:38:18 +0200

Running Vhosts Under Separate UIDs/GIDs With Apache2 mpm-peruser On Debian Etch

This article explains how you can install and configure apache2-mpm-peruser on a Debian Etch server. apache2-mpm-peruser is an MPM (Multi-Processing Module) for the Apache 2 web server, very similar to apache2-mpm-itk, but faster (almost as fast as apache2-mpm-prefork). mpm-peruser allows you to run each of your vhosts under a separate UID and GID - in short, the scripts and configuration files for one vhost no longer have to be readable for all the other vhosts. It is based on metuxmpm, a working implementation of the perchild MPM. The result is a sane and secure web server environment for your users, without kludges like PHP's safe_mode.

How To Block Porn Pictures And Images With SafeSquid Proxy Server

Tue, 19 Aug 2008 14:40:33 +0200

How To Block Porn Pictures And Images With SafeSquid Proxy Server

Administrators can use various methods to block access to websites that are pornographic in nature, like URL Filter, URL Blacklist, Keyword Filter, etc. But many porn sites allow users to register their email IDs on their website and deliver the latest images and pictures to their personal emails. So if a user is allowed access to his personal mail, he can enjoy himself without having to access any porn site. Such images are also regularly displayed as ads and banners on other web pages, that might not be pornographic in nature. Pornographic Image Filter can analyze an image in real-time, and identify the ones that are pornographic in nature. It analyzes the graphical content like skin tone, contour, etc. to identify a pornographic image. It is a commercially distributed add-on plug-in and can be used with SafeSquid to block pornographic images. Although it is about 85%-90% accurate, it acts as a good deterrent.

How To Control Or Block Instant Messengers With SafeSquid Proxy Server

Tue, 29 Jul 2008 15:11:53 +0200

How To Control Or Block Instant Messengers With SafeSquid Proxy Server

In this tutorial I will explain how you can control or completely block access to a few instant messengers with SafeSquid, like Google Talk, Google chat within Gmail, MSN Messenger, Yahoo Messenger and Skype. Once you are familiar with the method of blocking these messengers, you should be able to block other messengers. Please note that these methods will only be effective, if you block all direct access to the router and firewall, except required ports like 25 & 110, so that users are able to access the net only through the proxy server. When all higher ports are blocked, most messenger try to communicate on port 80 and 443, which will have to go through the proxy, and thus allow you to control them. Most messengers also allow you to define proxy settings and username / password for authenticating Proxies.

How To Patch BIND9 Against DNS Cache Poisoning On Debian Etch

Mon, 28 Jul 2008 16:17:45 +0200

How To Patch BIND9 Against DNS Cache Poisoning On Debian Etch

This article explains how you can fix a BIND9 nameserver on a Debian Etch system so that it is not vulnerable anymore to DNS cache poisoning.

BIND 9 Vulnerability And Solution - Patch BIND To Avoid Cache Poisoning (Fedora/CentOS)

Sun, 27 Jul 2008 19:56:59 +0200

BIND 9 Vulnerability And Solution - Patch BIND To Avoid Cache Poisoning (Fedora/CentOS)

I am pretty sure most of you guys have hard about the Vulnerability in BIND. Dan Kaminsky earlier this month announced a massive, multi-vendor issue with DNS that could allow attackers to compromise any name server - clients, too. I thought I would share with you all one of the quickest solutions systems administrators running BIND 9 can use to help solve this vulnerability in case their systems are vulnerable.

How To Block WebPages Based On Keywords Or Phrases With SafeSquid Proxy Server

Tue, 22 Jul 2008 14:03:45 +0200

How To Block WebPages Based On Keywords Or Phrases With SafeSquid Proxy Server

Keyword Filtering allows you to block web pages, depending on the words and phrases found in the page's title, meta tags and body. Keyword filtering in SafeSquid uses a 'weighed keyword scoring' method. It analyzes web pages, and searches for specified, unacceptable words or phrases.

How To Install And Configure Dansguardian With Multi-Group Filtering And Squid With NTLM Auth On Debian Etch

Wed, 16 Jul 2008 19:21:47 +0200

How To Install And Configure Dansguardian With Multi-Group Filtering And Squid With NTLM Auth On Debian Etch

This how-to describes how to install and configure Dansguardian with multi-group filtering, Squid with NTLM auth, ipmasq, and dnsmasq to provide a full internet gateway solution for small to medium sized networks. This how-to requires two NICs in order to preform firewalling and transparent proxying.

HOWTO: Encrypt The System Manually Upon Installation (Ubuntu 8.04)

Tue, 15 Jul 2008 17:27:33 +0200

HOWTO: Encrypt The System Manually Upon Installation (Ubuntu 8.04)

This tutorial describes how you can encrypt an Ubuntu 8.04 (Hardy Heron) system right during the initial installation.

Enhance Security By Removing ActiveX Control Codes From Web Pages With SafeSquid Proxy Server

Tue, 08 Jul 2008 13:33:08 +0200

Enhance Security By Removing ActiveX Control Codes From Web Pages With SafeSquid Proxy Server

Allowing free access to ActiveX Control content, can be a security risk. ActiveX can be used to deposit spyware, adware and other malware into users system, when they visit innocent looking websites. A google search for dangers of activex would be very informative. The Rewrite Document feature of SafeSquid - Content Filtering Internet Proxy, allows you to alter the html codes of a web page on the fly, and send the modified content to the requesting user. This feature can be used to search for ActiveX codes in web pages served by non-trusted websites, remove or replace them with some other codes, and serve the modified web pages to the user.

HOWTO: Automatically Unlock LUKS Encrypted Drives With A Keyfile

Mon, 07 Jul 2008 19:33:28 +0200

HOWTO: Automatically Unlock LUKS Encrypted Drives With A Keyfile

This howto shows how to unlock multiple devices in the intial ramdisk remotely. I suggest to use a keyfile for automatic unlocking. The keyfile should be stored in the normally encrypted root partition - so you still have to unlock that one. During boot process it will then be used to unlock all the other devices.

How To Block Spammers/Hackers With mod_defensible On Apache2 (Debian Etch)

Sun, 06 Jul 2008 17:19:10 +0200

How To Block Spammers/Hackers With mod_defensible On Apache2 (Debian Etch)

mod_defensible is an Apache 2.x module intended to block spammers/hackers/script kiddies using DNSBL servers. It will look at the client IP and check it in one or several DNSBL servers and return a 403 Forbidden page to the client. This guide shows how to install and use it with Apache 2 on a Debian Etch server.

How To Set Up Shorewall (Shoreline) 4.0 Firewall On CentOS 5.1

Wed, 02 Jul 2008 20:32:59 +0200

How To Set Up Shorewall (Shoreline) 4.0 Firewall On CentOS 5.1

This tutorial will walk you through setting up Shorewall (Shoreline) 4.0 firewall on CentOS 5.1 , this can easily be adapted to any other Linux distribution out there.

How To Block Cookies From Unwanted Websites With SafeSquid Proxy Server

Tue, 01 Jul 2008 13:40:02 +0200

How To Block Cookies From Unwanted Websites With SafeSquid Proxy Server

Basically, cookies are pieces of information, usually personal preferences, that are stored into a visitors system, when they visit a website. The next time the visitor accesses the same website, the cookie is transferred from the visitors system to the website, and his preferred content is displayed to him. Cookies are also used to allow a visitor to log into his personal account on a website. Although, not always dangerous, many advertising and marketing websites gather personal information, without the users knowledge, and use this information to display especially targeted marketing ads and banners.