PUBLIC MARKS from camel with tags secure & linux

This article explains how you can install and configure apache2-mpm-peruser on a Debian Etch server. apache2-mpm-peruser is an MPM (Multi-Processing Module) for the Apache 2 web server, very similar to apache2-mpm-itk, but faster (almost as fast as apache2-mpm-prefork). mpm-peruser allows you to run each of your vhosts under a separate UID and GID - in short, the scripts and configuration files for one vhost no longer have to be readable for all the other vhosts. It is based on metuxmpm, a working implementation of the perchild MPM. The result is a sane and secure web server environment for your users, without kludges like PHP's safe_mode.

In this HowTo, I will explain how you can secure your network from virus and other malware, by installing ClamAV and integrating it with SafeSquid, to scan all in-coming content for virus, and block all infected content at the HTTP Gateway, even before it enters your network. Virus Security In SafeSquid SafeSquid has built-in connectivity to various daemon based anti virus software like ClamAV, Sophos, Avast, F-Prot, NOD32 and Kaspersky. It also has a universal ICAP (Internet Content Adaptation Protocol) client that can be used to connect to ICAP based security software like Dr.Web ICAP, Kaspersky Antivirus for Proxy Server, Trend Micro InterScan Web Security and Symantec Scan Engine. You can even use multiple anti virus software with SafeSquid to simultaneously scan in-coming content. This does not cause any significant latency, since SafeSquid has a multi-threaded architecture.

djbdns is a very secure suite of DNS tools that consists out of multiple parts: dnscache, a DNS cache that can be used in /etc/resolv.conf instead of your ISP's name servers and that tries to sort out wrong (malicious) DNS answers; axfrdns, a service that runs on the master DNS server and to which the slaves connect for zone transfers; and tinydns, the actual DNS server, a very secure replacement for BIND.

djbdns is a very secure suite of DNS tools that consists out of multiple parts: dnscache, a DNS cache that can be used in /etc/resolv.conf instead of your ISP's name servers and that tries to sort out wrong (malicious) DNS answers; axfrdns, a service that runs on the master DNS server and to which the slaves connect for zone transfers; and tinydns, the actual DNS server, a very secure replacement for BIND.

SSL-based VPNs were designed to eliminate the need for complex configurations on the user's PC. Unfortunately, that was before the dangers of public WiFi networks and tougher regulatory requirements came into being. Thanks to WiFi, many attacks that were difficult are now quite simple. In particular, a man-in-the-middle attack can intercept SSL-encrypted traffic, rendering SSL-based VPNs useless - even if it's protected by a typical one-time password system. The man-in-the-middle can easily feed the one-time password into the SSL-based VPN within the alloted time.

Vous avez envie de chiffrer des fichiers super secrets, comme par exemple votre liste de mot de passe qui est dans un simple fichier texte, ou les fichiers sur votre clé USB pour éviter que l'on vous l'empreinte et récupère votre plan pour dominer le monde ? Cryptsetup est votre ami, il peut faire pleins de choses, grâce au chiffrement.

Today it is possible to create a secure website with relative ease by requiring a client to present a digitally signed certificate. A digitally signed certificate is simply a piece of information that contains data about the subject, public key, dates of validity, identification of the Certificate Authority (CA), and the digital signature. There are typically two ways to go about creating a secure website. First is by the use of a self-signed certificate. The second way is by using a Trusted Certificate signed by a CA. The choice is up to you, and this tutorial will show you how to do both. Go ahead and su into root and let's begin!

Manuel de sécurisation de Debian

Secure PHP installation - Lorenzo Alberton