Posts Tagged Linux

OpenLDAP on CentOS 5.4 – Part 2 – The Server

To see part 1 of this tutorial, which covers the background and planning stages of an LDAP installation, click here.

Installation and Configuration of OpenLDAP

Now that you have a plan in place for how to design your directory, it’s time to start the installation and configuration.  If you’re using CentOS or any other Red Hat based distribution, you have the yum package manager to assist with the installation.  That’s how I’ll demonstrate the installation.  If you need to compile from source, you’ll have to find more details on OpenLDAP’s website or another tutorial.
Read the rest of this entry »

Tags: , , , , ,

OpenLDAP on CentOS 5.4 – Part 1 – Planning the Directory

Introduction

Lightweight Directory Access Protocol, better known as LDAP, is a great way to store any kind of data you can think of.  Address books, user accounts, system groups, network data, and much more can all be stored in an LDAP database.  The reason for that versatility stems from the way that LDAP stores data.  An LDAP database functions in the same way as any other directory service, such as telephone directories.  It uses a tree structure to organize data and is optimized for reading that data.  Consequently, it is designated as “high read, low write.”  Due to it’s ease of use, LDAP has become the standard for storing data for networks of users big or small.  However, just because it’s easy doesn’t mean you can jump right in without some planning.
Read the rest of this entry »

Tags: , , , ,

Prevent Bruteforce attacks with Fail2ban

Vigilant system administrators will notice many failed login attempts on their internet connected servers. While its good to know that you are preventing these logins, they are filling your logs and potentially making it harder to see other problems. Additionally, these failed logins are taking up bandwidth and likely trying over and over again to get into your system. Fortunately, there is a solution to preventing these attacks from continuing on a Linux based system. The following tutorial will set up Fail2ban on a RedHat based system. We will monitor failed SSH logins and failed Webmin logins. Additionally, we will set up a unique jail that will block persistant attackers for a longer period of time.

Read the rest of this entry »

Tags: , , , , ,

Install Tripwire on Fedora 11

Server security is not something that should be ignored. If an attacker gets on to your servers, do you know what they changed? Sure you’ve removed the gigabytes of malware with a virus scanner and manually cleaned up countless directories of illegal software, but is that all they left behind? Did they modify any of your important files, such as ‘su’ or ‘cp’ or ‘rm’? How would you know this? One answer is the Open Source project Tripwire. This tutorial will cover how to install, configure and maintain Tripwire on a Fedora 11 machine. This tutorial should be easily translatable to RedHat and CentOS 5.x with few (if any modifications) and to other Linux distributions with only minor changes.
Read the rest of this entry »

Tags: , , ,

SSH without password

Managing remote systems is a time consuming endeavour. Aside from just standard maintance, other things are required to be an effective System Administrator. One of those is secure system access. It wouldn’t be good for you (or your client) if your System Admin password was suddenly common knowledge. Just like everyone else, System Admins tend to select easy to remember, short passwords.

Fortunately, there is a solution. When connecting two Linux machines together – whether its because an administrator is connecting to a remote system, or you are doing a remote back up (you do store data off site, right?) – the ability to automatically connect to another machine is a huge time saver.

Read the rest of this entry »

Tags: , , ,