Administrations

Using DKIM to Authenticate Email Message

by

Domain Keys Identified Mail (DKIM) defines a domain-level authentication mechanism that lets your organization take responsibility for transmitting an email message in a way that can be verified by a recipient. Your organization can be the originating sending site or an intermediary. Your organization’s reputation is the basis for evaluating whether to trust the message delivery.

You can add a DKIM digital signature to outgoing email messages, associating the message with a domain name of your organization. You can enable DKIM signing for any number of domains that are being hosted by ZCS. It is not required for all domains to have DKIM signing enabled for the feature to work.

DKIM defines an authentication mechanism for email using

Read more

Share

pressflow varnish installation and configuration

by

Installation

Varnish is the key software that speeds up your web site.

It is Open Source, built on industry standards and requires very few resources.

Varnish is distributed in the EPEL (Extra Packages for Enterprise Linux) package repositories. However, while EPEL allows new versions to be distributed, it does not allow for backwards-incompatible changes.

Therefore, new major versions will not hit EPEL and it is therefore not necessarily up to date.

If you require a newer major version than what is available in EPEL, you should use the repository provided by varnish-cache.org. To use the varnish-cache.org repository,

Read more

Share

Munin to monitor mysql on Debian 6

by

First we need to install some Mysql-Munin perl libraries:

apt-get install libipc-sharelite-perl

Also some Perl stuff will be needed:

perl -MCPAN -eshell
install IPC::ShareLite

Next let’s activate Munin Mysql plugin:

Assuming you have already installed both munin & mysql

ln -s /usr/share/munin/plugins/mysql_* /etc/munin/plugins

Restart both Apache & Munin:

/etc/init.d/apache2 restart
/etc/init.d/munin-node restart
su munin -c /usr/bin/munin-cron

Source:

http://dev.mensfeld.pl/2012/02/making-munin-work-with-mysql-on-debian/
http://www.mbrando.com/2007/08/06/how-to-get-your-mysql-munin-graphs-working/
 

Share

MySQL Root Password Reset

by

First things first. Log in as root and stop the mysql daemon. Now lets start up the mysql daemon and skip the grant tables which store the passwords.

mysqld_safe –skip-grant-tables

You should see mysqld start up successfully. If not, well you have bigger issues. Now you should be able to connect to mysql without a password.

mysql –user=root mysql
update user set Password=PASSWORD('new-password') where user='root';
flush privileges;
exit;

Now kill your running mysqld, then restart it normally. You should be good to go. Try not to forget your password again.
 

Share

Securing directory using .htaccess file

by

First make sure your Apache configuration is set for allowing .htaccess. Read this Article first before you move to the next steps.

.htaccess File Creation:

Let's assume /test-dir1 is to be password protected.

$ cd /var/www/html/test-dir1

$ vi .htaccess

Write the following lines into this file:

AuthName "Authorized Users Only."
AuthType Basic
AuthUserFile /etc/httpd/conf/.htpasswd
require user testusr

Telling Apache About Users:
Now we have to inform Apache about the user and its password.

$ htpasswd -c /etc/httpd/conf/.htpasswd testusr

The above command will work if you have htpasswd in your /usr/local/bin and it happens if you install Apache from RPM. /etc/httpd/conf/.htpasswd is the location of file that will contain the authenticated/trusted user password.

Read more

Share

Install htop in Linux- Redhat/CentOS/SL and Debian/Ubuntu

by

There are times you want to have a better control over the system processes and usage and also having a better visual of RAM and CPU usage on your server.As You may already know there is a Linux command called top which will show the resources and users cpu usage but it is not good enough to find out every thing in a glance, That for example you should go to the top right to see cpu usage let say it is 50%, then you have to think of your self in your mind that how much it has used the cpu.But by using htop you can see CPU usage of each core colorful and easily.This third party application will work perfectly on Centos Servers.

Install HTOP from Source

wget http://woshka.com/opensource/htop-0.9.tar.gz
tar xzvf htop-0.9.tar.gz
cd htop-0.9/
./configure
make
make install

CentOS 5

wget http://citylan.dl.sourceforge.net/project/htop/htop/0.8.3/htop-0.8.3.tar.gz
tar xzvf htop-0.8.3.tar.gz
cd htop-0.8.3
./configure
make
make install

Read more

Share

Many-To-One Mappings IIS

by

Many-to-one Client certificate mapping is used by the Internet Information Services (IIS) to associate an end user to a windows account when the client certificate is used for the user authentication. The user session is executed under the context of this mapped windows account by IIS. For this to work we need to ensure that the certificate to account mapping is configured correctly in IIS.

In IIS 6.0, the user had the option to configure Many-to-One client certificate mapping through the IIS Manager User Interface. In IIS 7/7.5, we don’t have such an interface for either One-to-One or Many-to-One mappings. This post talks about the Configuration Editor IIS 7/7.5 extension that can be used to achieve the mappings either for One-to-One or Many-to-One. Here we will talk in specific about Many-to-1 mapping.

IIS 7 or IIS 7.5 Schema

This is the schema for the IIS Client Certificate Mapping authentication feature in IIS 7 or IIS 7.5.
Prerequisites

These are the prerequisites needed for this walkthrough.
1.We have installed IIS Client Certificate Mapping module on the server.
2.A Web Site is configured with an HTTPS binding which can accept SSL connections.
3.We have a client certificate installed on the client.
4.IIS 7 Administration Pack is installed on the IIS 7.0 server. NOTE: Configuration Editor is shipped by default on IIS 7.5.

Walkthrough

Step 1:

1. Launch the IIS manager and select your web site which is being configured for client certificate authentication.

2. In the features View select Configuration Editor under Management section in the Features View.
3. Go to "system.webServer/security/authentication/iisClientCertificateMappingAuthentication" in the drop down box as shown below:

You will see a window to configure Many-to-One or One-to-One certificate mappings here. This is the UI provided through Configuration editor from where we can setup all the mapping configurations.

4. We can go ahead and modify the properties through this GUI.
•Set enabled to true
•Set manyToOneCertificateMappingsEnabled to True
•Select manyToOneMappings and click on the extreme end at the Ellipsis button to launch the new window for configuring mappings.

5. Under this new window go ahead and Add a new item. You can modify the properties from within the window as shown below:

6. Click on the Ellipsis button for rules and this will give you an option to add multiple patterns for matching based on certificate properties.

So here above we have two entries for rules for mapping the certificate. In the above case we are using two different fields named Subject and the Issuer in the certificate field and based on the matchcriteria property map the certificate to the account mydomain\testuser.

Shown below is how the final mapping for a specific windows account looks like. As you can see there are two entries for rules for this account.
Similarly we can have other mappings for various accounts based on the fields “Issuer” and “Subject” in the Certificate.

Download the details with screenshot from here configuring-many-to-one-client-certificate-mappings-for-iis-7-7-5

Relevant Sources:

http://www.iis.net/learn/manage/configuring-security/configuring-one-to-one-client-certificate-mappings

http://blogs.iis.net/webtopics/archive/2010/04/27/configuring-many-to-one-client-certificate-mappings-for-iis-7-7-5.aspx

http://www.iis.net/learn/manage/configuring-security/configuring-one-to-one-client-certificate-mappings

Share

Apache Web Server .htaccess File functional

by

.htaccess is Apache's directory-level configuration file. It allows end user to configure authentication and other options without editing main httpd.conf file.

Make sure AccessFileName set to .htaccess

Search httpd.conf for AccessFileName directive. It defines name of the distributed configuration file:

# grep -i AccessFileName httpd.conf

Make sure users are allowed to use .htaccess file

What you can put in these files is determined by the AllowOverride directive. This directive specifies, in categories, what directives will be honored if they are found in a .htaccess file. If this directive is set to None, then .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the filesystem.

# grep -i AllowOverride httpd.conf

When this directive is set to All, then any directive which has the .htaccess Context is allowed in .htaccess files:

AllowOverride ALL

Save and close the file. Restart httpd:

# service httpd restart
 

Share

Force HTTPS / SSL using .htaccess and mod_rewrite

by

Sometimes you may need to make sure that the user is browsing your site over securte connection. An easy to way to always redirect the user to secure connection (https://) can be accomplished with a .htaccess file containing the following lines:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

Please, note that the .htaccess should be located in the web site main folder.

In case you wish to force HTTPS for a particular folder you can use:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} somefolder
RewriteRule ^(.*)$ https://www.domain.com/somefolder/$1 [R,L]

The .htaccess file should be placed in the folder where you need to force HTTPS.

Share