After my recent break in I have looked into ways of protecting SSH and my server resources. I employ fail2ban on my main server, it has the resources to run such a programme - my Linksys NSLU2’s however do not. The solution is to use iptables to limit the number of connections any host can make in a given time frame. I wrote up a quick how to on this over at my wiki. Enjoy.
So today I come to you with a confession, I discovered one of my boxen had been successfully attacked and the attacker had by the looks of things used it for launching DDoS attacks. I feel particularly stupid because the entire thing was my fault, I left the root password as root. Although I must stress I didn’t set it to this, I was using a pre-build debian install because the d-i installer was broken under arm and forgot to change the root password to something a little more secure.
Ekiga is a VoIP client for GNOME. I recently registered with SIPGate.co.uk as I am planning to have a go at setting up Asterisk sometime in the near future. Sadly it wasn’t a well documented process and after searching Google, SIPGate’s website and Ubuntu Forums for help I found some tips on debugging Ekiga. Armed with this knowledge ekiga --debug=[1-6] I managed to discover the required ports for successful NAT traversal. They are as follows:
I am sure they could be refined and there maybe some that are unnecessary but it Works or Me™, use them at your own risk.
So, this is the second time I have tried to address the problem I was getting with some Subversion repositories I was trying to configure to be served by Apache. I was trying to use the SVNPath directive to serve one repository but it was not having any of it, so instead I ended up serving them as a temporary measure using SVNParentPath in the format http://svn.example.com/~name/repos/ which is not what I wanted. I am using the Location container in Apache configuration to configure up my repositories, the path I had specified was /~name/. This is where the problem comes in, I would try to checkout the repository over the network and be greeted with a 405 Method Not Allowed error like so:
svn: PROPFIND request failed on '/~name' svn: PROPFIND of '/~name': 405 Method Not Allowed (http://svn.example.com)
This stuck me as odd, it seemed the Apache was not serving the repository URI using the WebDAV module. When I gave up on an earlier attempt I reverted to using SVNParentPath and accessing the repository over the URI http://svn.example.com/~name/repos/ which worked perfectly and I couldn’t spot why. Turns out I made a single character mistake, my Apache configuration was set to use the path of /~name/ I should have used /~name because SVN truncates the trailing slash even if you specify it on the command line. Bugger!
Thunderbird’s default sorting is the wrong way around, IMHO. This has always annoyed me, I found out how to reverse it.
So for ages I have been using Thunderbird combined with server side mail sorting, what has been annoying me for a year or so is that Thunderbird only checks the Inbox folder. I had to manually check all the others and that got a little tedious, fortunately I discovered how to get around this.
The trick is to open the configuration editor (Edit -> Preferences -> Advanced) and set the mail.check_all_imap_folders_for_new preference to true. Bingo!
I have been playing with packaging for Ubuntu and Debian for a while now and I have one fairly useful package called rsnapshot-scripts which contains a bunch of scripts for use with rsnapshot. It allows you to backup other data sources like MySQL, DPKG and Subversion.
So how do I get Postfix to verify and sign messages with the DKIM system, under Debian? Here is how.
$ sudo aptitude install libdigest-sha{,1}-perl libemail-{address,mime-encodings}-perl libnet-{dns,server}-perl libcrypt-openssl-rsa-perl liberror-perl make libmailtools-perl
$ sudo cpan install Mail::DKIM
$ perl Makefile.PL $ make $ make install
$ ./configure --prefix=/usr/local $ make install
$ sudo adduser --system --shell /bin/false --home /var/run/dkimproxy --group dkimproxy
$ sudo mkdir /etc/dkimproxy/ $ cd /etc/dkimproxy/ $ sudo openssl genrsa -out private.key 1024 $ sudo openssl rsa -in private.key -pubout -out public.key $ sudo chown -R root:dkimproxy . $ sudo chmod -R a=,u=rwX,g=rX,o=rX . $ sudo chmod o= private.key
Sorry, this solution will not run nicely on my NSLU2 so I have abandoned the rest of this documentation - it should help you somewhat though, hence I am publishing it anyway.
So, at home currently rather than at university, this poses a problem when trying to connect to some resources, such as internal machines and private resources. I know Network Manager in Ubuntu has VPN support but I had never tried it out, so, I gave it a go. Issue the following command to install the required package, provides Microsoft VPN support to Network Manager.
$ sudo aptitude install network-manager-pptp
Now you can load my configuration by downloading the configuration file and click on the network manager applet, find the VPN Connections
sub menu and hit Configure VPN…
. Hit Forward
, from the list choose PPTP tunnel
, press Forward
again and now press Import Saved Configuration…
. Find the configuration file I told you to download and select it, now press Forward
and then click Apply
. Bingo!
All content on this site are my own thoughts and opinions not those of my employer or projects I contribute to.
You are currently browsing the archives for the Internet category.
Chris is excited new Metallica single and album soon :D. (12 hours ago)
Previously:
It is currently Thu Aug 21, 2008 11:27 pm BST