Wednesday, July 14, 2010

OpenSSH Security

OpenSSH is the way the administrators to manage servers. Sometimes some people are trying to conduct an experiment to infiltrate into the deep. And do a lot of vandalism which is very dangerous. Here are a few tricks to secure OpenSSH from people who are not responsible:

1. Make sure to use the Password somewhat complicated but easy to remember, a combination of numbers, letters and paste some of the symbols on the password.

2. Do not let the root user can perform the login.
because I use ubuntu, search PermitRootLogin yes in /etc/ssh/sshd_config and change into PermitRootLogin no
save and then restart ssh with the command: sudo /etc/init.d/ssh restart

3. Restrict ssh accessed, open access to only certain IP addresses or network.
Restrictions can be accessed using tcpwrapper (hosts.allow, hosts.deny) or use iptables.
case study: Network 192.168.44.0/24 IP 192.168.45.11 and all I can do SSH.
what to do:
edit the file: / etc / hosts.deny add sshd: all
edit the file: / etc / hosts.allow add
sshd: 127.0.0.0/255.255.255.0
sshd: 192.168.45.11
sshd: 192.168.44.0/255.255.255.0

or if we are using UFW can type:
sudo ufw allow proto tcp from 127.0.0.0/24 to any port 22
sudo ufw allow proto tcp from 192.168.45.11 to any port 22
sudo ufw allow proto tcp from 192.168.44.0/24 to any port 22

4. Use DenyHosts
Sometimes people try to enter the server with user and password guessing.
If lucky to get broken, and it's also because the manager server is too easy to write down passwords.

To prevent can use denyhosts
install with the following command:
sudo apt-get install denyhosts
safer if the password is sent back via email with how to edit files
/etc/denyhosts.conf search words ADMIN_EMAIL add a
ADMIN_EMAIL = airaku22@yahoo.com

5. Change the default SSH port
edit the file /etc/ssh/sshd_config Port 22 instead of search papers say the Port in 2000. save and restart the SSH
to use the command ssh: ssh 192.168.45.11-l-p 2000 airaku

6. Regularly updated System
sudo apt-get update & & sudo apt-get upgrade

Good luck, and try OpenSSH for your server.
 Read More

Posted by Linux and Web at 4:03 PM 0 comments
Labels:

Sperm for Beauty

Sperm for beauty? perceptions do not wrong first. It sounds a bit weird, how ordinary and how it can. A healthy sex was not only beneficial to the body for blood flow, but also for her beauty. Here among others.

- Sperm to smooth the skin. Which turned out to contain sperm good for skin smoothing. In fact, because of the discovery, a cosmetics company in Norway, named Bioforksning create synthetic sperm facials and sold as medicine in America.


- Sperm can push the mood, reports New Scientist website. A study conducted in 2002 found that women who commit sexual activity and sperm exposed for not using condoms, are experiencing levels of depression than women who are not exposed to sperm or no sex at all.
Although there are also factors the possibility that women who engaged in unprotected sex are in a more stable relationship, commitment, and it makes them happy. However, the researchers also say that semen contains a hormone that is able to change the mood, such as testosterone and estrogen. The substance enters the bloodstream woman several hours after sperm entry into the vagina.

- Blood flow is more fluid. Physical activity that makes sweating and panting sounded like he was exercising? Yes, the smoldering sexual activity is accepted as sports. While on a thrilling sexual activity, your heart pumps blood faster and remove toxins from the body through sweat. When achieving orgasms, women will usually look flushed cheeks.

- Hormone released during sex can help alleviate pain. As reported by the Bulletin of Experimental Biology and Medicine, the increase of the hormone oxytocin endorphins that comes out when you're having sex can reduce pain in the body. Oxytocin also known as the "hormone of love," which came out of our bodies after sex with other people and make us smile.

- Sex hormone helps us sleep better. Thanks to the hormone oxytocin, we will feel more comfortable, more restful sleep is also helpful, as reported by WebMD. Of course, sleep soundly and well, both for beauty, right?. You can try at home now, sperm for beauty. Remember, this for adult only.
 Read More

Posted by Linux and Web at 10:33 AM 0 comments
Labels:

Tuesday, July 13, 2010

Squid Setting Ubuntu

Ubuntu squid simple, I happened to use the following Ubuntu squid easily.

First install squid first via synaptic or via a terminal:
yoyok@yoyok-desktop: ~ $ apt-get install squid
Once completed, the direct Squid can be configured in a way:
yoyok@yoyok-desktop: ~ $ sudo vim /etc/squid/squid.conf

But before the first backup before editing the original file so that if damaged can be returned to the default:
yoyok@yoyok-desktop: ~ $ sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.bak

New script and then configure Squid:
yoyok@yoyok-desktop: ~ $ sudo vim /etc/squid/squid.conf

Then it will appear Squid configuration file is very long, follows the steps that must be considered

HTTP Port: This port is used to run Squid
http_port 3128

Visible Host Name: So if an error occurs Squid can find a valid hostname
visible_hostname airaku.com

Cache Manager: To define the email address of the Squid Cache Manager
cache_mgr airaku22@yahoo.com

Squid Cache Directory: Defining the location and magnitude squid directory.
Figures 500 show directory size in MB
Figure 16 shows the number of sub-directory one level
Figures 256 show the number of subdirectories subdirectory level 2 level 1
The number above the bigger the better

UFS cache_dir /var/spool/squid 500 16 256

Filtering: This is an important part of the Squid, by this we can set a rule-rule, starting from anyone who can access the internet until what websites are allowed to access. Access List: Anyone who can access the Internet

command: acl user src 192.168.1.1/255.255.255.255

acl: an access list command
user: username or group that has an IP
src: source ip is used, could use the range if you want to create a group

ex: acl src laros 192.168.1.1-192.168.1.12/255.255.255.255

Time Filtering: Provides access permissions based on time and day

command: acl-access time of 08:00 to 16:00 time MTWHFA

acl: access list command
Access time: caption for command acl
time: Squid command to define the time
MTWHFA: Squid is a command to define the time
M: Monday, T: Tuesday, etc ... ..

08:00 to 16:00: It is time that is allowed to provide Internet access to penggunaFiltering Website: Filter any website which should not be accessed by the user.

Previously must be made before a document containing the list of url-list to be blocked.

example:
yoyok@yoyok-desktop: ~ $ sudo vim /etc/squid/pornourl.txt

then input by:
worldsex com
17tahun

Then give the command squid squid.conf file with the command:

acl blokporno dstdomain "/etc/squid/pornourl.txt"

Keyword Filtering: Filter keywords entered by users, suppose a user enters the word 'sex' in google, then Squid will membloknya.Sebelum add a command in the squid.conf, you must create a file containing those keywords will be blocked with the command:

yoyok@yoyok-desktop: ~ $ sudo vim /etc/squid/keywordblock.txt

Then fill with words that will be on the block:

example: sex, fuck
And give commands in squid.conf with the command:

url_regex keywordblok acl-i "/etc/squid/keywordblock.txt"

Commands such filter is enough to make a simple Squid Server, the next step is to give permissions on the rules that have been made previously. Http_access in Squid command is called. The command is as follows:

http_access deny blokporno # mendeny all urls contained in acl blokporno
http_access deny keywordblock # mendeny keywords that exist on keywordblock acl
http_access time it_user # Allow access acl acl-time access to user micokelana
http_access deny all # Mendeny all users who are not registered in the squid.conf
http_reply_access allow all # default
acp_access allow all # default

Then do not forget to save the configuration file squid.conf we have to edit using the command:
:WQ # w: save q: out (Command vim)

Then in the command you are typing the command terminal;

yoyok@yoyok-desktop: ~ $ squid-z

Function: to create a cache directory that we have made on the command squid.

Transparent Proxy

Squid is a technique to be a transparent proxy or not visible, that is if we normally enter the proxy address on every browser, if applied to the transparent proxy will not be visible on your browser we enter our proxy addresses. Before entering the command on squid transparent proxy, then we must do in order to redirect the command iptable existing ports on the client computer. That is, if we set squid on port 3128, then the client requests the Internet generally are in the port 80 then we have to redirect port 80 from client to our proxy port that is on port 3128. IP Forwarding, so transparent proxy can be implemented, then we must enable IP forwarding by providing a value in the file "/proc/sys/net/ipv4/ip_forward" by:

yoyok@yoyok-desktop: ~ $ echo 1> /proc/sys/net/ipv4/ip_forward

But should we run the command auto startup, so if the computer dead squid repot2 we need not run the command continuously. Next we have to run so that clients can redirect ip_tables squid port our server with the command:

yoyok@yoyok-desktop: ~ $ iptables-A PREROUTING-t nat-p tcp-dport 80-j REDIRECT-to-port 3128

Everything that can be recorded on the file / etc / rc.local (probably could be discussed on the other time)
Then restart the proxy with the command:

yoyok@yoyok-desktop: ~ $ squid-k reconfigure

enjoy it, try this setting for your server for a better connectivity.
 Read More

Posted by Linux and Web at 3:40 PM 2 comments
Labels:

Auto Mount Ubuntu Lucid Lynx

Auto mount on Ubuntu 10:04 Lucid Lynx occasionally make the user be careful in mengakases a partition. Just imagine if someone can access a partition or a directory with no password asked again. This version, is very easy for nuebi at ubuntu.

For that there are some tricks that are used to maintain security. There are two options in the resolution of this issue is with the terminal or GUI.

A. With the GUI
1. Install pysdm (Storage Device Manager)
2. Could use: apt-get install pysdm or by searching in sypnaptic pysdm
3. Search in the System - administration - Storage Device Manager
4. Open and Click sda or hda
5. After clicking Ok, Choose Assistant
6. There will appear the options to auto-mount or not when booting ubuntu
7. Apply and make Once completed reboot

B. Terminal
1. Open a terminal window on your computer
2. Type sudo vi / etc / fstab
3. Determine which partition will be mounted or not
for example like this: (sda5 will automount)
#
proc / proc proc defaults 0 0
# / Was on / dev/sda5 During installation
UUID = 30d28e71-a8d6-48be-b463-f79b610bc838 / ext3 relatime, errors = remount-ro 0 1

The above also applies to folders or directories, it's just easier to manage. Do rename like this:

original name: coba_coba
destination name. coba_coba
command: mv coba_coba. coba_coba

The most important thing is to know the permissions from the folder, chmod-rwx can use to determine the permission of the folder.


Read More

Posted by Linux and Web at 10:43 AM 2 comments
Labels:
Subscribe to: Posts (Atom)