PUBLIC MARKS from lecyborg with tags security & linux

Openfire (formerly Wildfire) is a real time collaboration (RTC) server dual-licensed under the Open Source GPL and commercially. It uses the only widely adopted open protocol for instant messaging, XMPP (also called Jabber). Openfire is incredibly easy to setup and administer, but offers rock-solid security and performance.

This article shows how to integrate amavisd-new into a Postfix mail server for spam- and virus-scanning. amavisd-new is a high-performance interface between MTAs such as Postfix and content checkers: virus scanners, and/or SpamAssassin. We will use ClamAV for virus scanning and SpamAssassin for spam scanning in this tutorial. I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

If you're looking for a serious script to manage your users then you're at the right place. Built with security in mind and packed with dozens of features, our PHP login script is the right solution for every webmaster looking to take his website to the next level. Trust us, we've stayed (and we still do for early versions) open-source long enough to learn what people really need.

Gestion du cryptage des données avec Bacula.

Security is best when it is handy. ssh-agent is pretty darn handy. Ssh-agent can authenticate you to a remote machine via keypairs, rather than the traditional hand-typed username/password combination, with no loss of security.

SSL côté client Pour accéder à ce serveur, le client devra posséder un certificat authentifié par (c'est à dire signé ou crypté par la clé privée de) l'autorité de certification choisie. Pour produire un tel certificat au format PKCS#12

WEP was intended to provide comparable confidentiality to a traditional wired network (in particular it does not protect users of the network from each other), hence the name. Several serious weaknesses were identified by cryptanalysts — any WEP key can be cracked with readily available software in two minutes or less — and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite the weaknesses, WEP provides a level of security that can deter casual snooping

The purpose of this document is to describe how to install OpenVPN server on an Ubuntu Linux system and have it utilize an Ethernet bridge to access your local network. Ethernet bridges essentially allow the operating system to treat multiple network interfaces as one combined port. When used with OpenVPN a bridge will allow you to easily connect external users to your internal network and have them receive all traffic as though they were locally connected. The alternative is to use OpenVPN with a route but that will not allow some forms of traffic through (such as multicast), multicast traffic is important to me as many games require multicast data.

IPTables log analizer (TODO : find a nice name for it) displays Linux 2.4 iptables logs (rejected, acepted, masqueraded packets...) in a nice HTML page (it support rough netfilter logs but also Shorewall and Suse Firewall logs). This page shall be easy to read and understand to reduce the manual analysis time. This page containts statistics on packets and links to more detailled information on a given host, port, domain and so on.

Firewall Eyes est un outil d'analyse de logs en temps réel pour le pare-feu iptables. Grâce à une interface Web, vous visualisez et supervisez simplement et efficacement l'activité réseau traversant votre firewall. Vous détectez aisément les activités suspectes et ajustez votre politique de sécurité.

This article shows how to run a file-, print-, HTTP proxy- DHCP-, and time server for small and medium enterprises (SME) on one single Debian Sarge system. It is very easy to set up, and management is done with an easy-to-use web interface called eBox so once the system is set up, you can forget about the command line. eBox was developed to administrate advanced services for corporate networks, and it was created for Debian Sarge. I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

Howto run smoothwall on Xen.

Smoothwall Express is an internet firewall, which allows you to protect your network, as well as providing NAT functionality. It is ease to use and configurable via a web-based GUI. This open source firewall distribution requires absolutely no knowledge of Linux to install or use. This workshop shows the installation and basic configuration of the current release Smoothwall Express 3.0.

Ce document a pour but d'expliquer les rudiments de la sécurité d'une machine Linux placée dans un réseau local (typiquement une maison on un appartement), reliée à Internet. Il est tout particulièrement destiné aux utilisateurs néophytes, ou n'ayant pas ou peu de connaissance sur la sécurité informatique en général, et sous Linux en particulier.

Thread de forum décrivant le fonctionnement des Pinholes sous IPcop

I’m a huge fan of IPCop. It’s a great firewall distro that makes administration a snap using a slick web interface. My goal was to use IPCop and an easy-to-use VPN client to allow access to my LAN while away from home. I ended up going with the ZERINA OpenVPN addon for IPCop and the OpenVPN GUI for Windows.

Howto for ZERINA 0.9.0b - ZERINA 0.9.4b This howto will guide you step by step on howto configure the OpenVPN addon, so that you can run an OpenVPN server on your IPCop firewall, so that roadwarrior clients (Win32 in this howto)can reach your lan. This is what we call "hassle free roadwarrior vpn" ;-)

Ou comment se connecter à une machine distante sans avoir à rentrer son mot de passe. Il existe une méthode de configuration plus rapide. Vous pouvez en une seule commande ajouter votre clé dans le fichier `authorized_keys` du serveur distant grâce à `ssh-copy-id`. Pour cela procédez comme suit :

Sandcat allows web administrators to perform aggressive and comprehensive scans of an organization's web server to isolate vulnerabilities and identify security holes. The Sandcat scanner requires basic inputs such as host names, start URLs and port numbers to scan a complete web site and test all the web applications for security vulnerabilities.

Un diagramme expliquant comment pénétrer un réseau wifi selon les différentes possibilités. Très clair.

Tutorial très détaillé avec des graphiques

Providing Active Directory authentication via Kerberos protocol in Apache

Explique comment intégrer Kerberos dans un htaccess

Permet de chopper les mots de passe des gens sur les hotspots publics

Distribution dédiée à l'apprentissage de la sécurité