jchris + sysadmin   145

Back to basics: What sysadmins must know about logging and monitoring | HPE
With containers springing up and down in minutes and virtual machines coming and going in hours, some sysadmins have neglected their system logs. Log files still provide invaluable insight into how systems are operating! Here’s what you -- still -- need to know.
container  linux  sysadmin 
19 days ago by jchris
Command Line Mac: How to find out which files were installed with a Mac package
An applications that follows Mac standards will leave a record of what was installed in the /Library/Receipts/app-name directory.
osx  sysadmin 
4 weeks ago by jchris
ss command: Display Linux TCP / UDP Network/Socket Information - nixCraft
The ss command is used to show socket statistics. It can display stats for PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets, and more. It allows showing information similar to netstat command. It can display more TCP and state information than other tools. It is a new, incredibly useful and faster (as compared to netstat) tool for tracking TCP connections and sockets. SS can provide information about:
linux  networking  sysadmin 
6 weeks ago by jchris
SFTP mit Key-Authentication auf (gehosteten) Linux-Servern für Web-Entwickler mit unterschiedlichen Privilegien – II | Linux-Blog – Dr. Mönchmeyer / anracon – Augsburg
Aufgrund der schon seit einiger Zeit erhöhten Sicherheitsanforderungen Anforderungen müssen wir die SSH-Einrichtung verbessern. Ich kann an dieser Stelle leider nicht auf Details eingehen - es sind aber vor allem bekannte Probleme im Bereich des initialen "Key Exchange" [KEX] zu beheben:
ssh  security  sysadmin 
7 weeks ago by jchris
Using Ansible for deploying serverless applications | Opensource.com
Most people think of Ansible as a souped-up version of "SSH in a 'for' loop," and that's true for simple use cases. But really Ansible is about tasks, not about SSH. For a lot of use cases, we connect via SSH but also support things like Windows Remote Management (WinRM) for Windows machines, different protocols for network devices, and the HTTPS APIs that are the lingua franca of cloud services.
ansible  sysadmin  opensource  server 
10 weeks ago by jchris
Linux: Verschlüsselte und komprimierte Backups auf DVD | Das Rootserver-Experiment
Ich sichere nach wie vor geschäftsrelevante Daten auf DVD, allerdings stellte mich keine der fertigen Lösungen vollkommen zufrieden. Meine Anforderungen: Starke Verschlüsselung -- Gute Komprimierung -- Mountbares Backup -- Keine unverschlüsselten temporären Dateien
encryption  filesystem  linux  sysadmin  @goodie 
february 2018 by jchris
OSX: Changing Hibernation mode — EtherealMind
Apple hibernation has three modes. By default, on laptops it suspends the system and make a copy of RAM to disk for a completely safe hibernate. When you have 8 Gigabytes of RAM it takes twenty or thirty seconds to write that RAM image. I suspend/resume often during my day and don’t want to wait. This has worked really well for me. -==- You can change the Mac’s hibernate behavior using pmset; here’s the reference for it:
mac  osx  sysadmin 
february 2018 by jchris
IP2Location™ IP-Country Database [DB1] | IP2Location.com
DB1 IP-Country Database (USD $49.00 / Year * FOR SINGLE SERVER) -==- IP2Location™ IP-Country Database [DB1] provides a solution to determine the country of origin for any IP address in a few simple steps. First, retrieve the IP address from the networking protocol or server-side variable of the Web server. Next, translate the IP address to an IP number in decimal format to speed up the database query. Lastly, reverse lookup the IP number from the IP2Location™ database to pinpoint the exact geographical location. -==- This is a database subscription service. You can download all monthly updates for free if subscription is active. -==- IPv4 and IPv6 supported.
database  ip  networking  sysadmin 
february 2018 by jchris
Blockchains for Immutable Infrastructure – Jascha Is ME
But let’s not overlook the real use and value of blockchains. To put it simply a blockchain is a cryptographic ledger (or database) that stores data in a P2P fashion. With consensus between them to write the data to the blockchain. -==- The blockchain can help alleviate the issues of configuration management, file integrity checking, and help build immutable cloud infrastructures with less complexity.
blockchain  sysadmin 
february 2018 by jchris
Dropbear SSH
Dropbear is a relatively small SSH server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for "embedded"-type Linux (or other Unix) systems, such as wireless routers.
linux  security  ssh  sysadmin 
january 2018 by jchris
AutoIt - AutoIt
AutoIt v3 is a freeware BASIC-like scripting language designed for automating the Windows GUI and general scripting. It uses a combination of simulated keystrokes, mouse movement and window/control manipulation in order to automate tasks in a way not possible or reliable with other languages (e.g. VBScript and SendKeys). AutoIt is also very small, self-contained and will run on all versions of Windows out-of-the-box with no annoying “runtimes” required!

AutoIt was initially designed for PC “roll out” situations to reliably automate and configure thousands of PCs. Over time it has become a powerful language that supports complex expressions, user functions, loops and everything else that veteran scripters would expect.
scripting  sysadmin  windows 
january 2018 by jchris
How to upgrade Debian 8 Jessie to Debian 9 Stretch - LinuxConfig.org
This article explains a system upgrade procedure from Debian 8 Jessie Linux to Debian 9 Stretch.
debian  howto  linux  sysadmin 
january 2018 by jchris
WiFi Speed Test - Android Apps on Google Play
With this tool you can test the speed of your local (LAN) network.
Testing can be done on wireless (wifi) or wired network. Please DO NOT download this app if you don't know what local network means. This app is designed only for technical people!

IMPORTANT for Android 6 (Marshmallow): Please enable location service (Settings>Location) or the app won't work properly. This is not required for the app, this is a problem in android 6.0 (without it the app won't see the networks).

This app will not be useful unless you have a second phone or computer to use it as server!
You can download the server application (wifi_speed_test.exe/py) to your computer from here: https://bitbucket.org/pzolee/tcpserver/downloads (for wifi_speed_text.py needs Python 2.x). If you have firewall enabled on the server, add 1212 as enabled port or turn off firewall during the test.

Highlighted functions:
* Test Wi-Fi upload and download speed
* UDP speed test
* FTP server speed test
* Samba server speed test
* Tethering and hotspot support (you can test even your usb tethering)

Important: This is not an Internet speed test app!
This application will measure the speed of your local network,
live Internet connection is not required.

This is a free, ad-supported application. Donation will remove ads.

You can donate by buying the WiFi Speed Test Pro - make a donation from the application or visit the Google Play site of WiFi Speed Test Pro: https://play.google.com/store/apps/details?id=com.pzolee.android.localwifispeedtesterpro


Useful links:
Server application for computers: https://bitbucket.org/pzolee/tcpserver/downloads/
Documentation: http://pzoleeblogen.wordpress.com/2013/11/26/wifi-speed-test-for-android-how-to
Online demo about the usage: http://pzoleeblogen.wordpress.com/2014/03/09/wifi-speed-test-for-android-live-demo
android  app  network  sysadmin 
december 2017 by jchris
The Linux commands you should NEVER use | HPE™
You'd never do something like that? Tell me, all those container images you're running on Docker? Do you know what they're really running? I know too many sysadmins who run containers without verifying what's really in them. Don't be like them.
linux  sysadmin  security 
december 2017 by jchris
Dropbear SSH
Dropbear is a relatively small SSH server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for "embedded"-type Linux (or other Unix) systems, such as wireless routers.
dropbear  linux  software  ssh  boot  sysadmin 
october 2017 by jchris
Running Your Own Open Source Email Server
One such platform I began experimenting with is iRedMail, an open source email server solution which runs on common Linux systems. iRedMail bundles RoundCube, an open source webmail client. Together, both provide a fairly decent Gmail alternative. And iRedMail supports IMAP and POP so you can run it with a variety of smartphone and tablet apps and desktop mail clients.
email  server  sysadmin  howto 
october 2017 by jchris
Alternatives to top and htop
Since the three aforementioned system monitoring tools can hold their own quite easily, I’ll focus on two alternatives which I believe can also hold their own as replacements or at least compliments of top and htop. They are, Glances and nnom. […] Even more top and htop alternatives:  net-tools, iptraf, collectl, dstat, iostat, sar, saidarand vmstat. 
linux  tools  sysadmin 
september 2017 by jchris
Client-Zertifikate als sicherer Login-Ersatz? | PHP Gangsta - Der PHP Blog mit Praxisbezug
openssl req -new > server.cert.csr openssl rsa -in privkey.pem -out server.cert.key openssl x509 -in server.cert.csr -out server.cert.crt -req -signkey server.cert.key -days 365
certificate  encryption  https  sysadmin  webmaster 
september 2017 by jchris
Tricks to do client certificate authentications behind a reverse proxy
The problem we are tackling in this article is about X509 client certificate authentications. By definition and for security, a HTTPS request clear content cannot be spied. This is why when putting a reverse proxy behind the client and the internal web application, the HTTPS stream will be broken and we will loose all the client certificate data. -==- Here is some tips to forward without many efforts the client certificate data to the web application:
apache  certificate  proxy  ssl  sysadmin 
september 2017 by jchris
How To: Linux Hard Disk Encryption With LUKS [ cryptsetup Command ] – nixCraft
I carry my Linux powered laptop just about everywhere. How do I protect my private data stored on partition or removable storage media against bare-metal attacks where anyone can get their hands on my laptop or usb pen drive while traveling?
encryption  luks  sysadmin 
september 2017 by jchris
Boot time unlocking of encrypted disk via IPv6 SSH (Debian 8 Jessie) - danrl.com
Not wanting to go through all the hassle that is involved with unlocking FDE via remote management, I looked for better solutions. Luckily, boot-time unlocking of FDE via SSH over IPv6 in current Linux distributions has improved a lot lately. Read ahead to learn about my FDE setup on Debian 8 Jessi featuring dual-stack accessible SSH.

The bigger picture: We want to a server with freshly installed, and full disk encrypted, Debian 8 Jessie to boot an initial ramdisk that is capable of dual-stack networking (we still need IPv4 sometimes). A SSH server, we choose dropbear as it is small and fast, will wait for us to log in and unlock the encrypted disk. After unlocking the system continues to boot until it reaches its normal mode of operation.
boot  debian  dropbear  linux  encryption  howto  sysadmin 
september 2017 by jchris
Encrypted Btrfs for Lazy Road Warriors' laptops – /techblog
Btrfs is full of new features to take advantage of, such as copy-on-write, storage pools, checksums, support for 16 exabyte filesystems, online grow and shrink, and space-efficient live snapshots. So, if you are used to mange storage with LVM and RAID, Btrfs can replace these technologies.

The best way to get familiar with something is to start using it. This post will detail some experiences from installing a laptop with Debian Jessie with Btrfs and swap on encrypted volumes.
btrfs  debian  encryption  howto  sysadmin  @goodie 
september 2017 by jchris
Resizing Encrypted Filesystems
Yes! You can grow an encrypted partition, as long as the size of the underlying block device grows first. If you have an ext3 filesystem on the encrypted partition, you can even grow the (encrypted) filesystem without unmounting it. This article gives a brief overview of how it is done.
encryption  linux  filesystem  sysadmin 
september 2017 by jchris
How To Migrate to a full encrypted LVM system
The point of this how-to is to describe the way to migrate to a full-encrypted LVM system (rootfs + data) (only the boot partition obviously stays unencrypted), either coming from an LVM system, either from a simple ext3 system. All you need is some kind of external storage.

It should be here noted that since the operations described below are not very trivial, this procedure should only be followed by people somewhat experienced.
encryption  lvm  sysadmin 
september 2017 by jchris
A couple of tricks with the secure shell
One can do a lot more with ssh than use it for remote terminal session. Here we'll show how to copy files using ssh, use ssh as part of a pipe, vnc or samba forwarding via ssh and mounting filesystems using ssh (fuse + sshfs)
debian  ssh  tricks  sysadmin 
september 2017 by jchris
Unattended, Encrypted, Incremental Network Backups: Part 1
This article describes a complete system for creating a centralised backup system, complete with strong encryption. Incremental backups are used to minimize the bandwidth, and time, used.
backup  gnupg  sysadmin 
september 2017 by jchris
Easily forwarding arbitrary TCP connections with rinetd
In the past we've examined the use of firewall rules for forwarding incoming connections from one machine to another. But there is a simpler approach using the rinetd package. Read on to learn about this tool. -==- The rinetd package contains a simple tool which may be configured to listen for connections upon a machine, and silently redirect them to a new destination. In short it acts as a simple to configure TCP proxy.
networking  sysadmin 
september 2017 by jchris
Look before you leap into Disk Encryption
How big the risk is with Disk Encryption? A tiny error in the hard drive, your 3TB storage could be gone forever. If someone is saying at the back of their mind "I might still have a chance to salvage the situation as always before", then he is simply "planning" to fail, because Disk Encryption is designed to fight against forensic analysis, even the pro's can't do it. Blindly go into the Full Disk Encryption without knowing how to properly provide a safety net for yourself is going to be a total disaster, because when I googled for answers, all that I got was incidents after incidents that the disk is gone forever.
encryption  luks  sysadmin 
september 2017 by jchris
Modify Your Partitions With GParted Without Losing Data
This article shows how you can modify the partitioning of your Linux system with GParted (Gnome Partition Editor) without losing data. This includes resizing partitions (enlarging and shrinking), moving partitions on the hard drive, creating and deleting partitions, and even modifying filesystem types. GParted is a free partition editor available as a desktop program and also as a Live-CD. It supports the following filesystems: ext2, ext3, fat16, fat32, hfs, hfs+, jfs, linux-swap, reiserfs, reiser4, ufs, xfs, and even ntfs (Windows).
linux  filesystem  knowhow  sysadmin 
september 2017 by jchris
nftables - Debian Wiki
nftables is a framework by the Netfilter Project that provides packet filtering, network address translation (NAT) and other packet mangling. -==- Two of the most common uses of nftables is to provide firewall support and NAT. -==- nftables replaces the iptables framework.
debian  iptables  nftables  stretch  sysadmin 
september 2017 by jchris
New in Debian stable Stretch: nftables
Yes, nftables replaces iptables. You are highly encouraged to migrate from iptables to nftables. -==- In case you are migrating from iptables, you should know that there are some tools in place to help you in this task. Please read the official netfilter docs: Moving from iptables to nftables.
debian  iptables  nftables  stretch  sysadmin 
september 2017 by jchris
Getting Started with nftables on Debian Linux 9 Stretch - Linux News Site
The nftables replaces the popular {ip,ip6,arp,eb}tables. This software provides a new in-kernel packet classification framework that is based on a network-specific for Linux operating system. nftables is going to be a default in Debian Linux 9 and is part of the Linux kernel since version 3.13. This quick post explains how to install and use it on Debian Linux system.
debian  iptables  nftables  stretch  sysadmin 
september 2017 by jchris
Linux Commando: Root edit a file using emacs in the same session
We know that we should always log in using our regular non-root account, and only sudo in when necessary to do things that only root can do. Most of the time, you are logged in as a regular user, and you have your emacs editor open. [...] A nifty little trick is to use tramp, an emacs package for transparent remote editing of files using a secure protocol like ssh. You then use tramp to ssh into localhost as root, and modify the target file.
emacs  sysadmin  tips 
september 2017 by jchris
Hetzner root server full disk encryption with cryptsetup LUKS | Kizajournal | Kiza's page
This howto turns a Hetzner default Debian root server installation into a fully encrypted server with LUKS that can be unlocked remotely with the dropbear ssh server. If the server is rebooted, seized or a KVM switch is plugged into the wrong server, the data cannot be accessed. Likewise, your data will be lost forever* if you forget the passphrase. This works with Debian Jessie and Wheezy images. But read the note on Jessie below.
linux  debian  jessie  encryption  luks  sysadmin 
september 2017 by jchris
Setting Up Full Disk Encryption on Debian 9 Stretch – Exotic Security
Previously I did a tutorial on Installing Debian 8 Jessie with full disk encryption, in that tutorial I went into a lot of detail about manually partitioning the disks. If for some reason you want to manually partition your disks I would reccomend that tutorial, it will still work for Debian 9 Stretch. -==- However this tutorial is much more simplified I've used the grapical installer and gone with "Guided - use entire disk and set up encrypted LVM".
linux  debian  encryption  sysadmin 
september 2017 by jchris
Setting Up Full Disk Encryption on Debian Jessie – Exotic Security
This is part 2 of a two part post, part 1 is a bit of a primer about Full Disk Encryption on Linux. -==- I should point out that in the tutorial I say "Full" disk encryption but that's not entirely correct there is still a small partition /boot that's unencrypted. That contains your kernel, grub config and initrd and needs to be unencrypted so we can start booting and decrypt the rest of the OS. If you're thinking "But then someone with physical access could replace my kernel with a backdoored one" your absolutely correct. It's called an "Evil Maid Attack"1 and Matthew Garrett has some good write ups on them.
linux  debian  encryption  sysadmin 
september 2017 by jchris
Full Disk Encryption on Linux – Exotic Security
Full disk encryption on Linux is surprisingly easy once you pick up a few basic commands you are good to go. Although that being said GPG is surprisingly easy too, or at least basic usage is not that hard. But as I pointed out in The best crypto is the crypto you don't see it's still far too hard because you have to think about it and know your using it unlike full disk encryption on a Chromebook which just happens without the user even knowing. -==- This is Part 1 of a two part post, In part 2 of this post I'm going to run through a tutorial on Setting Up Full Disk Encryption on Debian Jessie. Although most of this post should be fairly applicable to any flavour of Linux, it's a quick primer on LUKS. There are four terms that I see used a fair bit, often used interchangeably and in subtlety wrong ways. That can make things very confusing to newcomers.
linux  debian  encryption  sysadmin 
september 2017 by jchris
Remote Entropy | Brian Warner
Running a system without enough entropy is like tolerating a toothache: something you’d really like to fix, but not quite bothersome enough to deal with.
entropy  sysadmin 
october 2016 by jchris
GestióIP - IP address management (IPAM) software
GestióIP is an automated, Web based IPv4/IPv6 address management (IPAM) software. It features powerful network discovery functions and offers search and filter functions for both networks and host, permitting Internet Search Engine equivalent expressions. This lets you find the information that administrators frequently need easily and quickly. GestióIP also incorporates an automated VLAN management system.
networking  opensource  sysadmin 
october 2014 by jchris
SSH Mastery « Michael W Lucas
Secure Shell (SSH) lets systems administrators securely manage remote systems. But most people only use the bare minimum SSH offers. Used properly, SSH simplifies your job. -==- This book saves you from sifting a decade of obsolete online tutorials and quickly gets you running:SSH with the OpenSSH server and the PuTTY and OpenSSH clients. You will: [...]
book  ebook  security  ssh  sysadmin 
may 2014 by jchris
Tyblog | SSH Kung Fu
OpenSSH is an incredible tool. Though primarily relied upon as a secure alternative to plaintext remote tools like telnet or rsh, OpenSSH (hereafter referred to as plain old ssh) has become a swiss army knife of functionality for far more than just remote logins. -==- I rely on ssh every day for multiple purposes and feel the need to share the love for this excellent tool. What follows is a list for some of my use cases that leverage the power of ssh.
ssh  sysadmin  howto  @goodie 
may 2014 by jchris
Start
HOWTO setup a small server: BASH (Bourne-Again Shell) -- OpenSSH (Secure Shell) -- Shorewall (Packet Filter Configurator) -- NTP (Network Time Protocol Server) -- Heimdal (Kerberos 5 Server) -- OpenSSL (Keys and Certificates) -- OpenLDAP (Directory Server) -- Apache2 (Webserver) with SVN/ViewVC -- OpenVPN (Virtual Private Network) -- CUPS (Printing System) -- Bind9 (Domain Name Service Service) -- DHCP3 (Dynamic Host Configuration Protocol Server) -- TFTPD-HPA (Trivial File Transfer Protocol Server) -- NFS Server (Network File System) -- LTSP Server (Linux Terminal Server Project) -- FreeNX + NoMachine (Terminal Server)
debian  howto  sysadmin  bash  openssh  openssl  openldap  openvpn 
april 2014 by jchris
Apache Notes
I've administered a number of enterprise Apache servers over the years. The following are some of my notes, which fill in some gaps in the Apache documentation. Note that while most of this is applicable to any Apache server, file paths and other minor details may be Ubuntu/Debian specific.
apache  sysadmin  howto  security 
july 2013 by jchris
How to disable the support for SSLv2 LOW encryption ciphers? | Linux Windows System Administrator Help
There are known flaws in the SSLv2 protocol. A man-in-the-middle attacker can force the communication to a less secure level and then attempt to break the weak encryption. The attacker can also truncate encrypted messages.
apache  security  ssl  howto  sysadmin 
july 2013 by jchris
www.ipfire.org - Home
IPFire is a hardened Linux appliance distribution designed for use as a firewall. -=- It offers corporate-level network protection for anyone who needs it, from home users all the way up to large corporations, school networks and authorities. -=- IPFire focusses on security, stability and ease of use. A variety of add-ons can be installed with a single click, to add more features to the base system.
linux  security  sysadmin  iptables 
february 2013 by jchris
Guide to Webserver SSL Certificates @ Calomel.org - Open Source Research and Reference
The purpose of this guide is to clearly explain the reasons you may want to use a Secure Socket Layer (SSL) certificate on your webserver. While researching SSL certificates for use on our site we were constantly bombarded by useless marketing nonsense. What we really needed was a single page with clear and concise facts. This guide is here to provide an understanding of the basics involved in deciding what type, encryption strength and seller of SSL certificates you have access to. At the end of the page are some security recommendations and known vulnerabilities of SSL implementations.
@goodie  certificate  server  ssl  sysadmin  x.509 
august 2010 by jchris
Apache 2 with SSL/TLS: Step-by-Step, Part 3
Now, in the third and final article, we will take a look at client authentication using client certificates, show how to chroot a secure Apache, discuss common attack vectors, and then describe some typical configuration mistakes made by administrators that will decrease the security level of SSL communications.
apache  https  ssl  tls  howto  sysadmin  webmaster 
march 2010 by jchris
Apache 2 with SSL/TLS: Step-by-Step, Part 2
Part two now discusses the recommended settings for the mod_ssl module that lets us achieve maximum security and optimal performance. The reader will also see how to create a local Certification Authority and a SSL certificate based on the free and open-source OpenSSL library.
apache  https  ssl  tls  howto  sysadmin  webmaster 
march 2010 by jchris
Apache 2 with SSL/TLS: Step-by-Step, Part 1
This article begins a series of three articles dedicated to configuring Apache 2.0 with SSL/TLS support in order to ensure maximum security and optimal performance of the SSL communication. This article, part one, introduces key aspects of SSL/TLS and then shows how to install and configure Apache 2.0 with support for these protocols. The second part discusses the configuration of mod_ssl, and then addresses issues with web server authentication. The second article also shows how to create web server's SSL certificate. The third and final article in this series discusses client authentication and some typical configuration mistakes made by administrators that may decrease the security level of any SSL communication.
apache  https  tls  ssl  howto  sysadmin  webmaster 
march 2010 by jchris
Logical Volume Management: How PVs form VGs for LVs
When I set out to build my first system using Logical Volume Management I was surprised by the lack of information about how LVM relates to more "traditional" disk-level partitioning. There were plenty of articles with examples of how to use 'vgcreate' an
debian  linux  howto  lvm  sysadmin 
june 2008 by jchris
Need a generic iptables tcp proxy?
Do you ever find yourself in need of a generic TCP proxy? Do you wish you could do it with netfilter? Do you want to proxy a connection to a given port on a given IP address to a completely different port on a totally different host or network?
debian  iptables  networking  proxy  sysadmin  tcp 
june 2008 by jchris
HOWTO undelete removed files and directories on an ext3 file system
On February 7th, 2008, I accidently deleted my whole home directory: over 3 GB of data, deleted with rm -rf. The only backup that I had was from June 2007. Not being able to undelete was unacceptable. So, I ignored what everyone tried to tell me and start
linux  sysadmin  reference  via:ap  filesystem 
march 2008 by jchris
Building Debian packages of Perl modules
Perl is a very widely used language which gets a lot of its power from the huge number of third party modules which available in the CPAN archive. If you want to use a perl module which hasn't been packaged for Debian you have a choice to make. -=- Your o
cpan  debian  howto  perl  packaging  sysadmin 
january 2008 by jchris
Welcome To Dada Mail - Mailing List Manager
Dada Mail is an intuitive, web-based e-mail list management system, which runs on any hosting account that can execute custom CGI scripts. Dada Mail is also a conceptual art project. -=- Dada Mail handles double opt-in/opt-out subscriptions, sending comp
email  list-management  mua  perl  software  sysadmin  webmail 
january 2008 by jchris
Privoxy - Home Page
Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a very flexible configu
admin  cookies  datenschutz  privacy  proxy  software  sysadmin  tools  web  @goodie 
december 2007 by jchris
Using one time passwords to temporarily open firewall ports
I use Xen to create multiple locked down virtual machines that to run services which I want to present to the internet I do not allow direct connections from the internet to my firewall but sometimes there's a need to do remote administration (via ssh) so
security  ssh  sysadmin  opie 
december 2007 by jchris
Dinge, die ich unter Linux machen kann und unter Windows nicht | adminlife.net
Man hört es doch immer wieder von Bekannten, wenn man über PCs diskutiert und sein heimisches Linux Betriebssystem erwähnt: Mit Windows kann ich aber Applikation XYZ ausführen. Unter meinem XP läuft aber Spiel Tunnel Läufer 3. Vista kann [sinnlose F
blog  linux  win32  sysadmin 
december 2007 by jchris
Distributed Spam Harvester Tracking Network | Project Honey Pot
Project Honey Pot is the first and only distributed system for identifying spammers and the spambots they use to scrape addresses from your website.
email  honeypot  spam  sysadmin  webmaster 
august 2007 by jchris
O'Reilly Network -- Five Basic Mistakes Not to Make in DNS
Here are five things you can do to make sure your DNS is in good shape and not causing problems for the rest of the Internet, which, by the way, also includes you.
@toread  2007  article  bind  howto  oreillynet  dns  sysadmin  tips 
june 2007 by jchris
Tutorial: ISP-style Email Service with Debian-Sarge and Postfix 2.1
You have probably already seen web hosters who allow you to rent
domains and receive email on these domains. Have you ever wondered how
they actually handle these thousands of domains? There is surely nobody
entering all these domains and aliases into a
debian  email  mta  howto  postfix  server  sysadmin 
april 2007 by jchris
Serverbased E-mail Security - SarWiki
Im folgenden wird Schritt für Schritt der Aufbau eines aktuell modernen (möglichst) sicheren Mailservers auf Basis von OpenSuSE 10 beschrieben. Bei Verdopplung des hier beschriebenen Systems und entsprechender Konfigurationsanpassung auf eine 2. Domain
howto  mta  postfix  security  server  sysadmin  wiki 
april 2007 by jchris
Welche Webseiten laufen auf dieser IP? - Matthias Leisi
Das DNS kennt keinen Mechanismus, um herauszufinden, welche Namen auf
eine IP-Adresse zeigen. Allerdings kennt MSN Search den hypschen “ip:”
Operator. Damit lässt sich der MSN-Bestand auf Webseiten, welche mit
einer IP-Adresse verknüpft sind, durchs
dns  howto  sysadmin 
april 2007 by jchris
Single Packet Authorization with Fwknop
One year ago in the December, 2004 issue of USENIX ;login: Magazine, I described a technique for combining passive OS fingerprinting with a method of authorization called Port Knocking in the article entitled "Combining Port Knocking and Passive OS Finger
article  networking  security  usenix  sysadmin 
december 2006 by jchris
OpenSSL Command-Line HOWTO
The openssl application that ships with the OpenSSL libraries can perform a wide range of crypto operations. This HOWTO provides some cookbook-style recipes for using it.
authentication  certificate  cryptography  documentation  howto  openssl  pkcs12  reference  security  ssl  sysadmin 
december 2006 by jchris
The Postfix Home Page
What is Postfix? It is Wietse Venema's mailer that started life as an alternative to the widely-used Sendmail program. -=- Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset e
email  mta  postfix  faq  howto  reference  sysadmin 
december 2006 by jchris
The PKI page
This page contains links to various sites and documents which are related to Public Key Infrastructure (PKI) stuff, especially links to all Certification Authorities (CAs) I'm aware of. Some links may be missing, other links may be out of date so please c
ca  cryptography  pki  security  sysadmin  x.509  xrefs 
december 2006 by jchris
« earlier      
per page:    204080120160

related tags

2atis  @goodie  @toread  admin  android  ansible  apache  apache2  app  apple  apt  article  authentication  backup  bal  bash  bind  blockchain  blog  book  boot  btrfs  ca  certificate  cfengine  cluster  community  configuration  container  cookies  cool  cpan  cryptography  cvs  database  datenschutz  dcf77  debian  development  distro  djb  dns  documentation  dropbear  ebook  emacs  email  encryption  entropy  faq  fedora  filesystem  forensics  forum  freebsd  geek  generator  gnupg  google  greylisting  grub  gtd  hardware  honeypot  howto  https  intel  ip  iptables  java  javascript  jessie  jfs  knowhow  lifehacks  linux  list-management  livecd  luks  lvm  mac  maildir  mailing-list  management  microsoft  mta  mua  mysql  network  networking  nftables  ngrep  ntp  onlamp  openldap  opensource  openssh  openssl  openvpn  opie  opinion  oreilly  oreillynet  organization  osx  packaging  people  performance  perl  pkcs12  pki  postfix  postmaster  presentation  privacy  productivity  proxy  python  qmail  raid  rcs  rdiff-backup  reference  resource  review  rfc  rsync  sage  scm  scripting  security  server  sitepoint  slides  smtp  software  spam  squid  ssh  sshd  ssl  standard  storage  stretch  svn  sysadmin  syslog  syslog-ng  tcp  tcpflow  tcpkill  tips  tls  tool  tools  tricks  troubleshooting  tuning  tutorial  ubuntu  UEFI  unix  usability  usenix  utility  via:ap  vim  web  webmail  webmaster  wiki  win32  windows  wireless  x.509  xrefs 

Copy this bookmark:



description:


tags: