How to install Bind DNS in a chroot jail

Posted on June 3rd, 2008 in Servers by admin

It is assumed that you already know how to configure and use BIND (the Berkeley Internet Name Domain). If not. It is also assumed that you have a basic familiarity with compiling and installing software on your UNIX-like system.

This document describes some extra security precautions that you can take when you install BIND. It explains how to configure BIND so that it resides in a “chroot jail,” meaning that it cannot see or access files outside its own little directory tree. We shall also configure it to run as a non-root user.

The idea behind chroot is fairly simple. When you run BIND (or any other process) in a chroot jail, the process is simply unable to see any part of the filesystem outside the jail. For example, in this document, we’ll set BIND up to run chrooted to the directory chroot/named. Well, to BIND, the contents of this directory will appear to be/ the root directory. Nothing outside this directory will be accessible to it. You’ve probably encounted a chroot jail before, if you’ve ever used ftp to log into a public system.

Because the chroot process is much simpler with BIND 9, I have started to expand this document slightly, to include more general tips about securing a BIND installation. Nevertheless, this document is not (and is not intended to be) a complete reference for securing BIND. If you do only what is outlined in this document, you’re not finished securing your nameserver!
The idea behind running BIND in a chroot jail is to limit the amount of access any malicious individual could gain by exploiting vulnerabilities in BIND. It is for the same reason that we run BIND as a non-root user.
This should be considered as a supplement to the normal security precautions (running the latest version, using access control, etc.), certainly not as a replacement for them.

Secure the Apache Web Server

Posted on May 14th, 2008 in Apache, LAMP, Security by admin

Here are some things you can do to make your apache configuration more secure.

Some of these suggestions may decrease performance, or cause problems due to your environment. It is up to you to determine if any of the changes I suggest are not compatible with your requirements. In other words proceed at your own risk.

Setting up samba with password protection

Posted on May 2nd, 2008 in Networking, Samba, Windows by admin

To easily share your files to linux and windows clients, samba is still the preferred choice. In this guide I will show how to setup a samba server on centos 5 machine, that can be accessed only by certain people protected by password.

Related Reading: How to setup a Samba Server

Password protect Grub Bootloader

Posted on April 9th, 2008 in Apache, Security by admin

You’re thinking a lot about computer security lately, and that’s a good thing. You certainly made the right choice going to Linux, and Debian was wise, too. That’s not the end of your thought about security I hope. This short tutorial will show you how to password protect your Grub boot loader rendering your machine un-boot-able (that’s not even close to being a real word!) to the casual snoop, or anyone else without the ability to get around this; which for all intents and purposes is just about anybody you know. This is by no means absolute security for your machine, far from it - it’s merely a wrinkle in the road.

Basics of PHP #1

Posted on March 20th, 2008 in Php by admin

You’ll notice we’ve been covering the basics of MySQL and Apache, we will also be covering the basics of PHP. And why under the server section? Databases and scripting languages don’t necessary make a server, but they are integral to the most common stack you find on the web, which is called LAMP. (Linux-Apache-MySQL-PHP).

The first thing we want to do is make sure we have the latest stable apache and php installed.

  • On Debian/Ubuntu: sudo apt-get install apache2 libapache2-mod-php5 php5
  • On Fedora (as root): yum install httpd php
  • On OpenSuse(as root): zypper in apache2 apache2-mod_php5 php5

And just to make sure apache is running: /etc/init.d/apache2 restart

Absolute Basics of Apache

Posted on March 19th, 2008 in Apache, Basics, Linux+, Servers by admin

Apache is the world’s most common web server and it runs on just about anything, Linux, Unix, Mac OS X, Windows, BSD, you name it and it’s typically the web server of choice in the Linux world. Apache is developed and maintained by an open community of developers under the auspices of the Apache Software Foundation. It is free in cost and is licensed under the Apache license, one of man open source licenses.

Basics of MySql on the Commandline #3

Posted on March 19th, 2008 in Basics, Mysql, Servers by admin

In this tutorial we’re going to cover how to Alter Records, Update Records, and how to Delete Records.

Please see these prerequisites:

  1. Basics of MySql on the Commandline #1
  2. Basics of MySql on the Commandline #2

Basics of MySql on the Commandline #2

Posted on March 15th, 2008 in Basics, Mysql, Servers by admin

Please read Basics of MySql on the Commandline #1 first. In this MySql basics tutorial we will be covering a number of items. How to backup databases, delete tables, delete databases, and how to restore databases.

(Video to Come)

Basics of MySql on the Commandline #1

Posted on March 14th, 2008 in Basics, Mysql, Servers by admin

MySQL is a multithreaded, multi-user SQL database management system (DBMS) which has more than 11 million installations. The basic program runs as a server providing multi-user access to a number of databases.

Originally financed in a similar fashion to the JBoss model, MySQL was owned and sponsored by a single for-profit firm, the Swedish company MySQL AB, now a subsidiary of Sun Microsystems, which holds the copyright to most of the codebase. The project’s source code is available under terms of the GNU General Public License, as well as under a variety of proprietary agreements.

This tutorial is to get you familiar with the basics of mysql. It is not meant to be an end-all resource, but a starting point. Later we will discuss more advanced functions of mysql and how to manage databases via web interfaces such as phpMyAdmin.

(Video to Come)

How to setup a Samba Server

Posted on March 6th, 2008 in Networking, Samba, Servers, Windows by admin

Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients.” Samba is freely available, unlike other SMB/CIFS implementations, and allows for interoperability between Linux/Unix servers and Windows-based clients. If you would like to setup a server so Windows users can access shared directories, this tutorial is for you.

Next Page »