This document describes how to set up a chrooted SSH/SFTP environment on Fedora 7. The chrooted users will be jailed in a specific directory where they can't break out. They will be able to access their jail via SSH and SFTP.
This is a good howto for those wishing to experiment with chroots, SFTP, and SSH configurations in an attempt to gain reliable, secure connections. What home-brewed chrooting tips have you come up with over the years?
Source: Enterprise Networking Planet - Posted by Eckie Silapaswang
Even though we are all security aware and use ridiculously strong passwords (I once used the lyrics to three of my favorite songs along with a few exclamation points and parentheses here and there), when one has to navigate through a series of networks and hop around servers, constantly typing in your SSH passwords can start to contribute to that carpel tunnel. This is pretty much like being the janitor with the huge keyring of identical looking keys. Read on for a concise article of setting up OpenSSH and your keyring to make life just a little more manageable while keeping things safe - isn't that what we're all looking for?
Source: MDLog:/sysadmin - Posted by Eckie Silapaswang
ldirectord is a daemon to monitor and administer real servers in a LVS cluster of load balanced virtual servers. ldirectord is typically used as a resource for heartbeat , but can also run standalone from the command line.
Read on for an interesting tidbit on configuring this service to properly turn off checks for a specific service - this will come in handy for testing and debugging purposes to make sure you're not getting any alerts when you don't intend to.
In our never-ending battle against spam, our opponents have decided to play the espionage route and disguise themselves as .pdf and .xls files. This shady tactic has become a trend of its own, resulting in all the recent postings of spam battling notes. This most recent article provides a how-to on setting up ClamAv to counter these new spam signatures. Get this before THEY come running wild on YOU!
Ever come back from a vacation only to be SWAMPED with email? The interesting part is that just applies to you - imagine what email service providers must go through as far as maintenance! Read on for a nice how-to on configuring and monitoring Postfix with the least hassle. Use graphs to gain a visual understanding of your traffic and cron jobs to report daily to you. Remember, this is one area where we could potentially let email through with a 'Click Here!' link that could lead to many, MANY more problems for everyone.
Online security is an important topic for Google, our users, and anyone who uses the Internet. The related issues are complex and dynamic and we've been looking for a way to foster discussion on the topic and keep users informed. Thus, we've started this blog where we hope to periodically provide updates on recent trends, interesting findings, and efforts related to online security. Among the issues we'll tackle is malware, which is the subject of our inaugural post.
Source: Net-Security.org - Posted by Benjamin D. Thomas
IPv6 is now in its deployment stage after having been in development with the IETF for over 10 years. KAME is the widely accepted reference implementation for IPv6 and IP security protocols developed on multiple variants of the BSD operating systems. This new book tackles more high level topics than its predecessor, IPv6 Core Protocols Implementation written by this same author team.
Source: Slashdot.org - Posted by Benjamin D. Thomas
The 14 chapters are in turn broadly divided into three parts with the first part containing chapters which provide an overview of SELinux, its background and the concepts behind it. The second part contains 7 chapters which are most useful for SELinux policy writers and contain detailed explanation of the syntax used in writing the policy files. It is the third part, "Creating and Writing SELinux Security Policies" which could be most put to use by system administrators.
These instructions describe setting up two-factor authentication with WiKID Strong Authentication, which is a commercial/open source two-factor authentication system and OpenVPN, an SSL-encrypted VPN, on a Linux server using the Radius Pluggable Authentication Module.. First, we will configure PAM to use Radius, then we will configure OpenVPN to use PAM and one-time passwords, then we will create a network client on the WiKID server for OpenVPN. We won't go into specifics about installing these services, rather we will focus on configuring them to all work together.
Source: Porcupine.org - Posted by Benjamin D. Thomas
In the spirit of our past work, our commitment to science and research, and our desire to help others we have also decided to put the text of the book online for free. Addison-Wesley was also kind enough to permit us to put up our final HTML drafts that we sent to the publisher; minus the final formatting and a few minor changes these should be very close to the book version and is suitable for printing, grep'ing, and the like. We will put up the final PDF version in the future as well.
We hope you find this useful; in addition to current owners all of this might be useful for those who cannot afford the printed version, would like to check it out without taking the fiscal plunge, or are just cheap.
