Using VirtualHosts on a ProFTPd server

When using ProFTPd you may want to have the server listening on different ports, for example if you want to use FTP and SFTP at the same time. Here is an example: <VirtualHost ftp.example.net> SFTPEngine off Port 21 DefaultRoot ~ Umask 022 022 AllowOverwrite on </VirtualHost> <VirtualHost sftp.example.net> SFTPEngine on Port 2222 SFTPLog /var/log/proftpd/sftp.log SFTPHostKey /etc/ssh/ssh_host_rsa_key SFTPHostKey /etc/ssh/ssh_host_dsa_key SFTPAuthorizedUserKeys file:/etc/proftpd/authorized_keys/%u SFTPCompression delayed SFTPAuthMethods publickey DefaultRoot ~ Umask 022 022 AllowOverwrite on </VirtualHost> You Read more…


Installing ProFTPd with Public Key Authentication on Ubuntu 16.04

First install proftpd: apt-get update apt-get install proftpd Next, change the following lines in /etc/proftpd/proftpd.conf: ServerName “sftp.example.net” DefaultRoot ~ Put in your hostname (if it resolves) or IP address as ServerName. The second line will jail the user to his home directory. Next, create the file /etc/proftpd/conf.d/sftp.conf with the following content: <IfModule mod_sftp.c> SFTPEngine on # If you want your SFTP server on a different port, change the following # line accordingly Port 2222 # Log Read more…


Installing Postgres 9.4.5 on Ubuntu Trusty

By default on Ubuntu Trusty there is only Postgres 9.3 available This shows how to get the latest version installed. Add the Postgres Repository: echo "deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main" > /etc/apt/sources.list.d/postgres.list Import the repository key, and run an update: wget https://www.postgresql.org/media/keys/ACCC4CF8.asc apt-key add ACCC4CF8.asc apt-get update Install Postgres: apt-get install postgresql-9.4


Encrypting and Decrypting data using SSL Key

First generate the RSA key (key.pem): openssl genrsa -out key.pem 4096 openssl rsa -in key.pem -text -noout   Then save the public key in pub.pem: openssl rsa -in key.pem -pubout -out pub.pem openssl rsa -in pub.pem -pubin -text -noout   As an example we're creating a simple text file and encrypt it: echo test12345 > file.txt openssl rsautl -encrypt -inkey pub.pem -pubin -in file.txt -out file.bin   Decrypting the file: openssl rsautl -decrypt -inkey key.pem Read more…


Securing SSH access with Port Knocking using iptables

This is working for Ubuntu and Debian and might be slightly different for other distributions. However, the rules that are implemented will work on every distribution's iptables. First install the package iptables-persistent: apt-get install iptables-persistent Do not save the current configuration when asked as we will create a new one. Now put the following contents into /etc/iptables/rules.v4: *filter :OUTPUT ACCEPT :INPUT DROP :FORWARD DROP :KNOCKING – [0:0] # Allows all loopback (lo0) traffic and drop Read more…


How to secure SSH server access with MFA

First install Google Authenticator: apt-get install libpam-google-authenticator This works well on Ubuntu (Trusty or newer). Next, login to your server with the user you’re going to use MFA with, execute google-authenticator and follow the steps as indicated below. You may scan the QR-Code which is shown on the console with your phone (for example using the Google Authenticator App or Authenticator Plus) which is certainly the easiest option as it will be added right away. Do you want authentication tokens Read more…

PHP / Perl / Rb / Py

Installing PHP7-FPM with Apache2 Worker on Ubuntu

First add some prerequesites and add the PHP7 repository: apt-get update apt-get install software-properties-common python-software-properties LC_ALL=en_US.UTF-8 add-apt-repository ppa:ondrej/php-7.0 Then install the actual PHP packages (remove those form the list that you do not need): apt-get install php7.0-fpm php7.0-cli php7.0-common php7.0-json php7.0-opcache php7.0-mysql php7.0-phpdbg php7.0-dbg php7.0-gd php7.0-imap php7.0-ldap php7.0-pgsql php7.0-pspell php7.0-recode php7.0-snmp php7.0-tidy php7.0-dev php7.0-intl php7.0-gd php7.0-curl Then install Apache worker: apt-get install apache2-mpm-worker Now let's modify the apache configuration, so that you're using PHP7-FPM. Edit /etc/apache2/sites-enabled/000-default.conf and add Read more…

HA / Perf / Cache

Backup and Restore Redis-Server Database

The server can be installed using: apt-get update apt-get install redis-server Next, verify in /etc/redis/redis.conf for these two lines: dbfilename dump.rdb dir /var/lib/redis The first one is the name of the backup dump file that will be generated and the second line describes the folder where it will be located. This command will launch the actual backup: redis-cli bgsave You can pickup the backup file /var/lib/redis/dump.rdb and copy it for example to a backup drive. Read more…


How to configure DKIM for your Domain with Postfix

First install opendkim: apt-get update apt-get install opendkim opendkim-tools Append the following content to /etc/opendkim.conf: AutoRestart             Yes AutoRestartRate         10/1h UMask                   002 Syslog                  yes SyslogSuccess           Yes LogWhy                  Yes Canonicalization        relaxed/simple ExternalIgnoreList     Read more…