HowtoForge - Linux Howtos and Tutorials - Security

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Mandriva 2010.0 x86_64)

Thu, 11 Mar 2010 18:12:16 +0100

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Mandriva 2010.0 x86_64)

This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses. The resulting Postfix server is capable of SMTP-AUTH and TLS and quota. Passwords are stored in encrypted form in the database. In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses. I will also show how to install SquirrelMail as a webmail interface so that users can read and send emails and change their passwords.

How To Harden PHP5 With Suhosin On CentOS 5.4

Wed, 10 Mar 2010 17:12:35 +0100

How To Harden PHP5 With Suhosin On CentOS 5.4

This tutorial shows how to harden PHP5 with Suhosin on a CentOS 5.4 server. From the Suhosin project page: "Suhosin is an advanced protection system for PHP installations that was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections."

How To Enforce YouTube Safety Mode To Block Objectionable Content With SafeSquid Content Filtering Proxy

Tue, 23 Feb 2010 11:26:45 +0100

How To Enforce YouTube Safety Mode To Block Objectionable Content With SafeSquid Content Filtering Proxy

Google recently announced 'Safety Mode' for YouTube. When you opt in to Safety Mode, videos containing mature content, objectionable material, or age restrictions will be filtered out of the site's search results. If a user inputs a direct link to a mature video, Safety Mode blocks viewing. You also have the option of 'locking' Safety Mode. When you see the 'Safety Mode' option at the bottom of any YouTube video page, you can choose to opt in to the service and lock that preference with your YouTube account password (you have to be logged in). That setting will be locked until the password is input to change it. It can not be unlocked by any other YouTube account.

iRedMail 0.6: Full-Featured Mail Server With OpenLDAP/Postfix/Dovecot/Amavisd/ClamAV/SpamAssassin/iRedAdmin On FreeBSD

Wed, 17 Feb 2010 16:56:02 +0100

iRedMail 0.6: Full-Featured Mail Server With OpenLDAP/Postfix/Dovecot/Amavisd/ClamAV/SpamAssassin/RoundCube/iRedAdmin On FreeBSD

iRedMail is a shell script that lets you quickly deploy a full-featured mail solution in less than 2 minutes. Since version 0.6, it supports FreeBSD 7.2 and 8.0 (it supports both i386 and x86_64). Its object is to make a Linux mail server installation and configuration simple and easy to use. iRedMail supports both OpenLDAP and MySQL as backends for storing virtual domains and users. This tutorial shows how to use the OpenLDAP backend; it uses FreeBSD 7.2, but the steps for 8.0 are the same.

How To Set Up MySQL Database Replication With SSL Encryption On Ubuntu 9.10

Sun, 07 Feb 2010 18:04:46 +0100

How To Set Up MySQL Database Replication With SSL Encryption On Ubuntu 9.10

This tutorial describes how to set up database replication in MySQL using an SSL connection for encryption (to make it impossible for hackers to sniff out passwords and data transferred between the master and slave). MySQL replication allows you to have an exact copy of a database from a master server on another server (slave), and all updates to the database on the master server are immediately replicated to the database on the slave server so that both databases are in sync. This is not a backup policy because an accidentally issued DELETE command will also be carried out on the slave; but replication can help protect against hardware failures though.

How To Add Two-Factor Authentication To Openvpn AS With The WiKID Strong Authentication Server

Thu, 04 Feb 2010 11:30:04 +0100

How To Add Two-Factor Authentication To Openvpn AS With The WiKID Strong Authentication Server

It's been a while since our last tutorial on how to add two-factor authentication to OpenVPN using the WiKID Strong Authentication System. The people at OpenVPN have been very active lately and it seems like a good time to take a look at what they've done. It's still dead simple to configure, but it is mostly done via the new slick web interface.

Configuring Active Directory Or LDAP Authentication And Defining User Or Group Based Access With SafeSquid

Tue, 26 Jan 2010 11:57:59 +0100

Configuring Active Directory Or LDAP Authentication And Defining User Or Group Based Access With SafeSquid

This tutorial explains how you can integrate an Active Directory or LDAP with SafeSquid for user authentication, and create granular user or group based access policies. This tutorial applies to both, Linux and Windows editions.

How To Set Up An SSL Vhost Under Apache2 On Ubuntu 9.10/Debian Lenny

Tue, 19 Jan 2010 17:11:17 +0100

How To Set Up An SSL Vhost Under Apache2 On Ubuntu 9.10/Debian Lenny

This article explains how you can set up an SSL vhost under Apache2 on Ubuntu 9.10 and Debian Lenny so that you can access the vhost over HTTPS (port 443). SSL is short for Secure Sockets Layer and is a cryptographic protocol that provides security for communications over networks by encrypting segments of network connections at the transport layer end-to-end. We use the mod_ssl Apache module here to provide strong cryptography for Apache2 via SSL by the help of the Open Source SSL toolkit OpenSSL.

Setting Up ProFTPd + TLS On Ubuntu 9.10 (Karmic Koala)

Mon, 18 Jan 2010 18:42:49 +0100

Setting Up ProFTPd + TLS On Ubuntu 9.10 (Karmic Koala)

FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure. This article explains how to set up ProFTPd with TLS on an Ubuntu 9.10 server.

Dansguardian Content Filtering With Transparent Proxy On Ubuntu 9.10 Karmic

Tue, 12 Jan 2010 12:09:37 +0100

Dansguardian Content Filtering With Transparent Proxy On Ubuntu 9.10 Karmic

This tutorial explains how you can add content filtering to an existing Ubuntu 9.10 system, and how you can prevent users from bypassing the filtering system. We will use Dansguardian content filtering to set up a transparent proxy.

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Fedora 12 x86_64)

Sun, 20 Dec 2009 18:34:32 +0100

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Fedora 12 x86_64)

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 9.10)

Thu, 10 Dec 2009 17:10:55 +0100

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 9.10)

This document describes how to install a mail server based on Postfix that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses. The resulting Postfix server is capable of SMTP-AUTH and TLS and quota (quota is not built into Postfix by default, I'll show how to patch your Postfix appropriately). Passwords are stored in encrypted form in the database (most documents I found were dealing with plain text passwords which is a security risk). In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses. I will also show how to install SquirrelMail as a webmail interface so that users can read and send emails and change their passwords.

Block Spam, Preventing URL Injection And Block HTTP Attacks With mod_dnsblacklist

Tue, 08 Dec 2009 13:08:09 +0100

Block Spam, Preventing URL Injection And Block HTTP Attacks With mod_dnsblacklist

mod_dnsblacklist is a Lighttpd module that use DNSBL in order to block spam relay via web forms, preventing URL injection, block http DDoS attacks from bots and generally protecting your web service denying access to a known bad IP address.

iRedMail 0.5.1: Full-Featured Mail Server With LDAP Postfix RoundCube/SquirrelMail iRedAdmin On Ubuntu 9.04

Thu, 26 Nov 2009 11:02:48 +0100

iRedMail 0.5.1: Full-Featured Mail Server With LDAP Postfix RoundCube/SquirrelMail Dovecot ClamAV SpamAssassin Amavisd iRedAdmin On Ubuntu 9.04

iRedMail is a shell script that lets you quickly deploy a full-featured mail solution in less than 2 minutes. Since version 0.5, iRedMail supports Ubuntu 8.04 and 9.04 (it supports both i386 and x86_64). Its object is to make a Linux mail server installation and configuration simple and easy to use. iRedMail supports both OpenLDAP and MySQL as backends for storing virtual domains and users. This tutorial shows how to use the OpenLDAP backend.

Setting Up ProFTPd + TLS On Ubuntu 9.04 (Jaunty Jackalope)

Thu, 12 Nov 2009 12:47:32 +0100

Setting Up ProFTPd + TLS On Ubuntu 9.04 (Jaunty Jackalope)