May 17, 2009

Ubuntu Logon Screen: Security Warning Message

Use this message as a warning on your computers, servers, etc.


"This computer system is the private property of Company Name Goes Here, whether individual, corporate, or government. It is for authorized use only. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy.


Any or all uses of this system and all files on this system may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to your employer, to authorized site, government, and law enforcement personnel, as well as authorized officials of government agencies, both domestic and foreign.

By using this system, the user consents to such interception, monitoring, recording, copying, auditing, inspection, and disclosure at the discretion of such personnel or officials. Unauthorized or improper use of this system may result in civil and criminal penalties and administrative or disciplinary action, as appropriate. By continuing to use this system you indicate your awareness of and consent to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning."

.

Posted by at 5:13 PM 1 comments
Labels: , , ,

May 16, 2009

How to: Creating a Certificate and Key for Vsftpd FTPS

In this post, we will create a Vsftpd SSL Certificate and Key using 1024 bit encryption to turn our Vsftps FTP server into a Vsftpd FTPS server.

The advantages of creating our own certificate are: we can define our company name, organization, location, and technical support contact information. This means when new users connect to our server, they will see our custom SSL Certificate with our company name and information, which will make our FTP look more formal/professional.

Overview of what we're about to do:
  1. Backup vsftpd.conf
  2. Edit our vsftpd.conf file and comment out the current certificate and key
  3. Insert the new location of our certificate and key
  4. Create our new certificate and key files
  5. Restart Vsftpd
  6. Put on our sunglasses and relax under the sun
The Guide:

1. Backup our vsftpd.conf file
sudo cp /etc/vsftpd.conf /etc/vsftpd.090522
2. Edit vsftpd.conf
sudo nano /etc/vsftpd.conf
3. Ensure that snakeoil rsa_cert_file and rsa_private_key_file are commented out. Insert the location of the new certicate and key.
#rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/vsftpd.key
4. This will create a key that will expire after 365 days in which we will have to create a new key.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:1024 \-keyout /etc/vsftpd/vsftpd.key \-out /etc/vsftpd/vsftpd.pem
5. Restart Vsftpd
sudo /etc/init.d/vsftpd restart
Test using your favorite FTPS enabled client

Good job, buddy!
.
Posted by at 12:12 PM 2 comments

May 15, 2009

Sample Vsftpd Configuration File

For those trying to create a Vsftpd FTP Server, just for reference, here's my Vsftpd configuration file configured for:
  1. PAM authentication for Virtual Users
  2. FTPS SSL
  3. No anonymous users
  4. Ports 30000-30100 for firewall access when using Passive connection
  5. Chrooted users

#Sample Vsftpd Config:
write_enable=YES
guest_enable=YES
user_config_dir=/etc/vsftpd/vusers
listen=YES
listen_port=990

local_umask=022

anon_umask=022
anonymous_enable=NO
local_enable=YES
anon_upload_enable=NO
anon_mkdir_write_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
idle_session_timeout=600
data_connection_timeout=120
ftpd_banner=**********Something goes here.************
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
pasv_min_port=30000
pasv_max_port=30100
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/vsftpd.key
hide_ids=YES
max_per_ip=2
max_clients=15

.
Posted by at 3:25 PM 0 comments
Labels: , , , , , ,

May 14, 2009

Vsftpd FTPS and FireFTP don't mix

When I was using FireFTP on a FTPS enabled Vsftpd server, my login was okay, but the connection was stuck at Directory Listing. Downloading files and uploading files were okay, just the directory listing was extrutiatingly slow for me--it took up to 2 minutes to load the directory listing. I tested using Filezilla, and it worked superbly, so I'll just post this out there in case others are running into the same problem.
.
Posted by at 11:56 AM 4 comments
Labels: , , , , ,

May 13, 2009

How to: Webmin Installation Guide


This post is an excerpt from the guide posted on Ubuntugeek.com

Install the following packages:

sudo aptitude install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl libmd5-perl


Now download the latest webmin using the following command or from here:
http://www.webmin.com/download.html

wget http://garr.dl.sourceforge.net/sourceforge/webadmin/webmin_1.4XX_all.deb


Now we have webmin_1.4XX_all.deb package install this package using the following command

sudo dpkg -i webmin_1.4XX_all.deb


This will complete the installation.

Ubuntu in particular don’t allow logins by the root user by default. However, the user created at system installation time can use sudo to switch to root. Webmin will allow any user who has this sudo capability to login with full root privileges.

Now you need to open your web browser and enter the following

https://your-server-ip:10000/

If you cannot connect, make sure to add port 10000 to your firewall.
Posted by at 10:28 AM 0 comments
Labels: ,

May 10, 2009

How to: Not display last user name on Windows Logon Screen

Instructions:
  1. Go to Run and type in Regedit
  2. Go to the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
  3. Key dontdisplaylastusername
  4. Change value to 1
  5. Restart the computer
Posted by at 2:27 PM 0 comments
Labels: , ,

May 8, 2009

1and1 Email Exchange Server Goes Down 5/8/2009 - POP, SMTP, Webmail Offline

UPDATE: MAIL SERVERS ARE BACK UP AS OF FRIDAY, MAY 8TH, 2009 11:00AM PST

1and1 Internet's email exchange servers are down as of Friday, May 8th, 2009 morning. We tried calling their technical support line, but their phone lines jammed up with other callers trying to call in for information. As a customer, it's frustrating not having updated information on the status of their service. Hey 1and1, how about using your own blog service to create a blog to update customers? Anyway, 1and1 provided good service for us in the past, so hopefully this doesn't happen again any time soon in the future.
.
Posted by at 9:35 AM 2 comments
Labels: , , , , ,
Subscribe to: Posts (Atom)