Configurations (Linux)

Group-Office installation on Debian 6.x

by

I used the auto installation as guided by the group-office wiki. However, for conveniences, quoting the contents once again:

Easy installation on a dedicated Debian or Ubuntu server

This is the easiest way of installing Group-Office. With the debian packages everything is configured automatically and Group-Office updates will be installed automatically when you update your Debian or Ubuntu system.

Install Debian >= 5 or Ubuntu >=8.10

Note: All the commands here use "sudo". This is necessary on Ubuntu. If you are on Debian you can use the "su" command first and execute all the commands without "sudo".

Add the following line to /etc/apt/sources.list

deb http://repos.groupoffice.eu/ threeseven main

You can do that easily by executing the following command in the terminal:

echo -e "\n## Group-Office repository\ndeb http://repos.groupoffice.eu/ threeseven main" | sudo tee -a /etc/apt/sources.list

To authenticate the packages you need to import the public key by running the folowing commands: In ubuntu don't do this as root because you will have trouble with the gpg keyring permissions. On debian you can do this as root and omit the sudo command before the apt-key add command.

gpg –keyserver hkp://keyserver.ubuntu.com:11371 –recv-keys 01F1AE44

gpg –export –armor 01F1AE44 | sudo apt-key add –

Note: The keyservers are often very slow. If the keyserver doesn't respond you may try this one instead: hkp://pgp.mit.edu

Read more

Share

Putting Varnish In Front Of Apache On Ubuntu/Debian

by

 

Varnish is an open source "web accelerator" which you can use to speed up your website.

It can cache certain static elements, such as images or javascript but you can also use it for other purposes such as Loadbalancing or some additional security.

In this tutorial we will focus on the latter one. 

In this mode, Varnish will stop incomplete HTTP requests from reaching your Apache webserver.

This tutorial is built on Ubuntu, but will probably also work on Debian.

First of all, make sure you are running Apache2 and have it configured.

Read more

Share

Improving Apache Tomcat Security – A Step By Step Guide

by

Apache Tomcat boasts an impressive track record when it comes to security. According to the official Apache Tomcat Wiki Pages, there has never been a reported case of actual damage or significant data loss due to a malicious attack on any Apache Tomcat instance. Most vulnerabilities, both major and minor, are discovered by the Tomcat community itself or security researchers, and quickly patched. Thus, the default installation of Tomcat can be said to be "fairly secure".

Starting from this baseline, there are additional measures that can be taken to make Tomcat as secure as possible for a given use case. As with any security scenario, Tomcat security is a matter of balancing ease of use and access with restriction and hardening of access. For example, although it is technically more secure to disable Tomcat's deployment capabilities when moving to production, for many organizations the desire to automate deployment supersedes the security benefit of disabling these features.

Read more

Share

A Simple Step-By-Step Guide To Apache Tomcat SSL Configuration

by

Secure Socket Layer (SSL) is a protocol that provides security for communications between client and server by implementing encrypted data and certificate-based authentication. Technically, the term "SSL" now refers to the Transport Layer ouSecurity (TLS) protocol, which is based on the original SSL specification.

SSL is one of the most common ways of integrating secure communication on the internet, as it is a mature protocol that is well-supported by every major browser and a number of well-respected organizations provide third party SSL authentication services.

If you're using Apache Tomcat, chances are that at least some of the data you're handling is sensitive, and SSL is an easy way to offer your users security. The good news is that Tomcat fully supports the SSL protocol. The bad news is that the configuration process and SSL itself can be a little confusing for first-time users.

Don't worry! To help you get SSL working with your Tomcat servers, we've assembled a simple, comprehensive, step-by-step guide to using SSL with Tomcat. From an overview of how the protocol actually works, to clear, simple configuration instructions, this guide will help you get SSL running on your server in no time.
Tcat eliminates tedious configuration tasks. Create the correct configuration a single time, save it to a server profile, and apply it to other instances (or groups of instances) with a single click. Try Tcat for free today!

Read more

Share

Windows 7 theme on Ubuntu 10.04

by
Introduction

This wiki page helps you to setup Ubuntu to look like the Microsoft Windows 7 operating system.

This is a quick hack of the original theme at: http://gnome-look.org/content/show.php/Win2-7+Pack?content=113264.

This theme is for those who want to use a fast, secure operating system but do not want to learn a new user interface.

You can view information about installing Microsoft Office by clicking here.

Requirements

If the graphics card cannot do 3D effects then use one of the following for the window border theme. View theme installation instructions by clicking here.

http://ubuntu.sun.ac.za/setup/win7/metacity

Read more

Share

Install Tomcat 6 in Debian

by

This article outlines a procedure for installing Tomcat 6 in Debian Lenny. Keep in mind that this does not include Apache 2 installation or integration. Apache must be installed separately and integrated to work with Tomcat.

Add following line in sources list-

nano /etc/apt/sources.list

deb http://ftp.debian.org/debian/ squeeze non-free
 

Update and install java

apt-get update
apt-get install sun-java6-jdk sun-java6-jre libtcnative-1

Ensure installed

java -version

Set JAVA_HOME

nano ~/.bashrc

Add the following at the end of the file:

Read more

Share

Neighbour table overflow

by

If you have a big network with the hundreds of hosts you can expect “Neighbour table overflow” error which occurs in large networks when there are two many ARP requests which the server is not able to reply. For example you’re using server as a DHCP server, cable modems provisioning, etc.

Nov 10 03:18:17 myhost Neighbour table overflow.
Nov 10 03:18:23 myhost printk: 12 messages suppressed.

To check the present threshold level 1

cat /proc/sys/net/ipv4/neigh/default/gc_thresh1

It will give some value as 128 or 256 or 512.

This can be increased to the next level.Like if the value is 128 then

make the thresh1 value as 256 and thresh2 as 512 and thresh3 as 1024.

Read more

Share

Webmin install on Debian System

by

If you are using the DEB version of webmin, first download the file from the downloads page , or run the command :

wget http://prdownloads.sourceforge.net/webadmin/webmin-1.580_all.deb

then run the command :

dpkg --install webmin_1.580_all.deb

The install will be done automatically to /usr/share/webmin, the administration username set to root and the password to your current root password. You should now be able to login to Webmin at the URL http://localhost:10000/. Or if accessing it remotely, replace localhost with your system's IP address.

Read more

Share

How To Control Access To Unwanted Websites Using URL Blacklist With SafeSquid Proxy Server

by

SafeSquid – Content Filtering Internet Proxy, has many content filtering features that can be used to decide who is allowed what, when and how much on the net. In this tutorial I will describe how to control access to unwanted categories of websites, by using URL Blacklist database with SafeSquid Proxy Server.

Note: Also see the following articles :
'Deploying A Content Filtering Proxy Server To Distribute Controlled Internet Access With SafeSquid'
Set Up Gateway Level Virus Security With ClamAV And SafeSquid Proxy
How To Set Up Internet Access Control And Internet Filtering With SafeSquid Proxy Server

SafeSquid allows the administrators to use plain text urlblacklist very easily and with a desired level of sophistication. The sites http://www.shallalist.de/ and  http://www.urlblacklist.com maintain a well categorized list of various web-sites and pages like porn, adult, webmail, jobsearch, entertainment, etc. This is an excellent resource for an administrator seeking to granularly enforce a corporate policy that allows or disallows only certain kinds of web-sites to be accessible by specific users, groups or networks.

Note: cProfiles offers the flexibility of many more actions than URL Blacklist, instead of just allowing / blocking categories. For example, you can add a profile to a specific category, and then use that profile in any of SafeSquid's filtering sections, for actions on the category like blocking cookies, ads and banners, ActiveX, Java Scripts, throttling bandwidth (QoS), or simply analyzing what category is most visited, without blocking access.
For Details, see http://www.safesquid.com/html/portal.php?page=132

While Shalla Secure Services offer free downloads and updates for home users, Urlblacklist requires you to subscribe to receive updates. You can download the URL Blacklist by Shalla from HERE, and the trial database by urlblacklist.com from HERE.
Please note that you will be able to download this trial database only once. You need to subscribe to urlblacklist.com to be able to receive regular updates 

Copy the downloaded trial database to /usr/local/bin directory on the SafeSquid Server, and untar the files

cd /usr/local/src
tar -zxvf bigblacklist.tar.gz

This will create a directory 'blacklist'. Create a directory 'urlbl' in /opt/safesquid and copy the contents of blacklist in this directory.

mkdir /opt/safesquid/urlbl
cd blacklist
cp -rf . /opt/safesquid/urlbl

Next, restart SafeSquid

/etc/init.d/safesquid restart

In SafeSquid GUI Interface, click on URL blacklist in the Top Menu It should display a list of all the categories copied to the urlbl directory. Here, you can query the database to find out if a website is listed under any category. For example, to find out what category hackerstuff.com belongs to, type hackerstuff.com in the Domain field and click on Submit below. You should get a screen similar to this –

SafeSquid Interface – URL Blacklist Database Query

Note: This section only allows you to query the database. Selecting or unselecting a category does not enable or disable it. 

Read more

Share

Recover MySQL root Password

by

You can recover MySQL database server password with following five easy steps.

Step # 1: Stop the MySQL server process.

Step # 2: Start the MySQL (mysqld) server/daemon process with the –skip-grant-tables option so that it will not prompt for password.

Step # 3: Connect to mysql server as the root user.

Step # 4: Setup new mysql root account password i.e. reset mysql password.

Step # 5: Exit and restart the MySQL server.

Here are commands you need to type for each step (login as the root user):

Step # 1 : Stop mysql service

# /etc/init.d/mysql stop
Output:

Stopping MySQL database server: mysqld.

Step # 2: Start to MySQL server w/o password:

# mysqld_safe --skip-grant-tables &
Output:

[1] 5988
Starting mysqld daemon with databases from /var/lib/mysql
mysqld_safe[6025]: started

Step # 3: Connect to mysql server using mysql client:

# mysql -u root
Output:

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 4.1.15-Debian_1-log
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql>

Step # 4: Setup new MySQL root user password

mysql> use mysql;
mysql> update user set password=PASSWORD("NEW-ROOT-PASSWORD") where User='root';
mysql> flush privileges;
mysql> quit

Step # 5: Stop MySQL Server:

# /etc/init.d/mysql stop
Output:

Stopping MySQL database server: mysqld
STOPPING server from pid file /var/run/mysqld/mysqld.pid
mysqld_safe[6186]: ended
[1]+  Done                    mysqld_safe --skip-grant-tables

Step # 6: Start MySQL server and test it

# /etc/init.d/mysql start
# mysql -u root -p

Share