Debian Administration Blog

Easily forwarding arbitrary TCP connections with rinetd

Tue, 01 Jul 2008 04:41:27 -0700

In the past we've examined the use of firewall rules for forwarding incoming connections from one machine to another. But there is a simpler approach using the rinetd package. Read on to learn about this tool.

Make your own configuration deployment system, part 1

Mon, 30 Jun 2008 12:42:36 -0700

In this series of articles, I describe the steps to making a flexible configuration deployment system tailored to your needs. It can be as simple or as complete as you care to make it. And since you made it, you can understand it intimately.

Question: Best tool for bare metal restore of Debian servers?

Wed, 04 Jun 2008 03:49:52 -0700

I've been doing a bit of searching through the Debian Administration (http://www.debian-administration.org/) archives and one thing that doesn't seem to have been discussed very much is full system recovery. There are plenty of discussions on different backup (/tags/backups) options, but nothing targeted at what seems to me the simplest possible backup scenario: protecting a single machine (specifically a server) so that if it is compromised it can be rolled back to a previous state.

Calculate network, broadcast, netmask, etc with ipcalc

Tue, 03 Jun 2008 08:27:46 -0700

Ipcalc is a simple tool to calculate network, broadcast, netmask, etc. from an IP address. It also gives the class of the IP. It might facilitate the work of network admins. :-)

Calcul network, broadcast, netmask... with ipcalc

Tue, 03 Jun 2008 07:27:06 -0700

Ipcalc is a simple tool to calculate network, broadcast, netmask, etc. from an IP address. It also gives the class of the IP. It might facilitate the work of network admins. :-)

Monitoring with Munin

Fri, 23 May 2008 06:06:42 -0700

In this article I will describe how to install munin (http://munin.projects.linpro.no/) on 2 computers, but you can add more if you want to, this will allow us to remotely monitor system performance and activity.

Critical security update for openssl

Tue, 13 May 2008 07:05:40 -0700

A new security advisory has recently been released relating to the Debian openssl package, and whilst most security updates are not news-worthy this one is. Read on for a brief overview of the problem.

Need a generic iptables tcp proxy?

Tue, 13 May 2008 02:05:56 -0700

Do you ever find yourself in need of a generic TCP proxy? Do you wish you could do it with netfilter? Do you want to proxy a connection to a given port on a given IP address to a completely different port on a totally different host or network?

How to use any command in FTP ?

Fri, 25 Apr 2008 04:11:14 -0700

I wanted to use the "find" command on a FTP space but it's not possible to use this command with any "normal" FTP client. So, I looked for a solution.

Logical Volume Management: How PVs form VGs for LVs

Tue, 22 Apr 2008 09:10:43 -0700

When I set out to build my first system using Logical Volume Management I was surprised by the lack of information about how LVM relates to more "traditional" disk-level partitioning. There were plenty of articles with examples of how to use 'vgcreate' and 'lvresize' and no short supply of advice and white noise from the forums, but there was very little practical information about what the various strata of LVM were actually for or how they related to each other. In fact I was well into my search for information before I figured out where to put the file system.

Making Apache2 execute CGI scripts, globally?

Mon, 14 Apr 2008 04:45:57 -0700

I have set up a Debian etch system with apache2, perl etc, but I cannot get apache to actually execute my scripts..

Using the dynamic DNS editor: nsupdate

Wed, 09 Apr 2008 08:45:40 -0700

nsupdate is the little-known brother of nslookup. It is used to make edits on a dynamic DNS without the need to edit zone files and restart the DNS server. If you have declared a zone dynamic, this is the way that you should be making edits.

OpenSSH SFTP chroot() with ChrootDirectory

Tue, 01 Apr 2008 03:44:54 -0700

The upcoming version of OpenSSH (4.8p1 for the GNU/Linux port) features a new configuration option : ChrootDirectory. This has been made possible by a new SFTP subsystem statically linked to sshd.

Checking password strength for squirrelmail

Fri, 28 Mar 2008 03:43:41 -0700

I have successfully used the method below to configure the change_ldappass plugin of Squirrelmail to perform password strength checks using cracklib. I made a few assumptions, but it should be easy to adapt it to your own situation.

Introduction BackupPC part 1

Thu, 27 Mar 2008 03:43:25 -0700

This HOWTO will describe how to install BackupPC (http://backuppc.sourceforge.net/) and how to create a simple backup using backuppc. BackupPC can offer a nice solution for both simple and complex backups.

pam_mount and sshfs with password authentication

Wed, 26 Mar 2008 09:43:19 -0700

pam_mount is "a Pluggable Authentication Module that can mount volumes for a user session". It is used to automatically mount a network share or volume when a user logs in, and unmount it when the user logs out sshfs is a FUSE filesystem that allows mounting a directory using the SSH sftp subsystem.

Using pam-mount to create a sandboxed home directory

Tue, 25 Mar 2008 02:43:02 -0700

My biggest fear when using a public computer is that the data I enter might fall into the wrong hands. One way for developers to combat data theft is to hold personal info only for as long as is absolutely necessary, thereby shortening the window of opportunity for an attacker. This is possible in Linux through a combination of tmpfs and unionfs.

OpenLDAP installation on Debian

Wed, 19 Mar 2008 03:42:13 -0700

The purpose of this article is to give you a straight-forward, Debian-friendly way of installing and configuring OpenLDAP. By the end of this guide, you will have a functional LDAP server that will serve as a central authentication system for user logins onto all machines in the network, without the need to manually create users' accounts on individual machines.

Struggling to implement PCI compliance

Fri, 14 Mar 2008 04:41:50 -0700

I'm striving to comply with PCI standards (http://www.pcicomplianceguide.org/), but I'm running into a wall - due mostly to confusing, out-of-date, contradictory, and-or incomplete documentation. Or maybe just my own dense mentality. Does anybody have any guidance help me walk through the security thickets of setting up my Debian-based web store?

Debian amd64: iceweasel with i386 plugins, outside a chroot

Sun, 09 Mar 2008 23:41:14 -0700

If you weren't already convinced that closed source sucked before, then surely the experience of trying to browse the net with an amd64 machine will have won you over;

Redirect if a website root is empty?

Wed, 05 Mar 2008 16:40:55 -0800

This should be a simple problem to solve, but I've yet to find a good solution, so any assistance would be most welcome. If you'd like to redirect to another website if a directory root has no files in it, how would you do so?