Archive for category Linux

OpenLDAP on CentOS 5.4 – Part 1 – Planning the Directory

Introduction

Lightweight Directory Access Protocol, better known as LDAP, is a great way to store any kind of data you can think of.  Address books, user accounts, system groups, network data, and much more can all be stored in an LDAP database.  The reason for that versatility stems from the way that LDAP stores data.  An LDAP database functions in the same way as any other directory service, such as telephone directories.  It uses a tree structure to organize data and is optimized for reading that data.  Consequently, it is designated as “high read, low write.”  Due to it’s ease of use, LDAP has become the standard for storing data for networks of users big or small.  However, just because it’s easy doesn’t mean you can jump right in without some planning.
Read the rest of this entry »

Tags: , , , ,

Prevent Bruteforce attacks with Fail2ban

Vigilant system administrators will notice many failed login attempts on their internet connected servers. While its good to know that you are preventing these logins, they are filling your logs and potentially making it harder to see other problems. Additionally, these failed logins are taking up bandwidth and likely trying over and over again to get into your system. Fortunately, there is a solution to preventing these attacks from continuing on a Linux based system. The following tutorial will set up Fail2ban on a RedHat based system. We will monitor failed SSH logins and failed Webmin logins. Additionally, we will set up a unique jail that will block persistant attackers for a longer period of time.

Read the rest of this entry »

Tags: , , , , ,

Install Tripwire on Fedora 11

Server security is not something that should be ignored. If an attacker gets on to your servers, do you know what they changed? Sure you’ve removed the gigabytes of malware with a virus scanner and manually cleaned up countless directories of illegal software, but is that all they left behind? Did they modify any of your important files, such as ‘su’ or ‘cp’ or ‘rm’? How would you know this? One answer is the Open Source project Tripwire. This tutorial will cover how to install, configure and maintain Tripwire on a Fedora 11 machine. This tutorial should be easily translatable to RedHat and CentOS 5.x with few (if any modifications) and to other Linux distributions with only minor changes.
Read the rest of this entry »

Tags: , , ,

SSH without password

Managing remote systems is a time consuming endeavour. Aside from just standard maintance, other things are required to be an effective System Administrator. One of those is secure system access. It wouldn’t be good for you (or your client) if your System Admin password was suddenly common knowledge. Just like everyone else, System Admins tend to select easy to remember, short passwords.

Fortunately, there is a solution. When connecting two Linux machines together – whether its because an administrator is connecting to a remote system, or you are doing a remote back up (you do store data off site, right?) – the ability to automatically connect to another machine is a huge time saver.

Read the rest of this entry »

Tags: , , ,

Email on shutdown and restart (Linux)

The ability to know when a system shutdown (gracefully) and when it came back up can be invaluable to a System Administrator. The tips below will send out an email when a Linux system is gracefully shutdown and again when the system has restarted. This means for a single reboot the Administrator will receive two emails. This solution will not send out an email if the system loses power, however an email will still be sent on reboot. This should indicate to the Administrator that something went wrong with the shutdown. The tips below are for a Red Hat based system but should be similar in other architectures.
Read the rest of this entry »

Tags: , , ,