For administrative purposes, SSH is used quite often. Almost everyone in IT knows it. Keywords: OpenSSH, simply using “ssh <hostname>” on your machine, PuTTY for Windows, username + password or public key authentication, TCP port 22, simple firewall rules, ignoring the fingerprints 🤦♂️, SCP and SFTP. That’s it – basically.
However, it gets much more complicated if you look into the details. You have to deal with many different types and representations of fingerprints, as well as crypto algorithms. Troubleshooting specific connection problems is challenging.
To get an overview of your SSH server’s configuration is to scan them with appropriate tools. I’m showing two of them here: ssh_scan and the Nmap script “ssh2-enum-algos“.
Continue reading Scanning SSH Servers →
In case you’re responsible for an enterprise network or data center you should care about NTP. Refer to “Why should I run own NTP Servers?“. As a hobby technician you might first think about Raspberry Pis with self soldered GPS modules. Well, good idea to play with, but not reliable at all. Way to unstable, hard to update, no alerting, no service agreements, and so on.
Hence you should use a dedicated NTP appliance such as the Meinberg LANTIME NTP Time Servers. I am using a LANTIME M200 with a DCF77 correlation receiver in my lab. With this post I am showing how to set up this NTP server, giving some insights, and listing the advantages of such an appliance compared to a Raspberry Pi or any other DIY server approach. My wish list aka feature requests to this product round things up.
Continue reading NTP Appliance: Meinberg LANTIME & SyncFire →
This is a basic tutorial on how to install BIND, the Berkeley Internet Name Domain server, on a Ubuntu server in order to run it as an authoritative DNS server. It differs from other tutorials because I am using three servers (one as a hidden primary and two secondaries as the public accessible ones), as well as some security such as denying recursive lookups and public zone transfers, as well as using TSIG for authenticating internal zone transfers. That is, this post is not an absolute beginner’s guide.
Continue reading Basic BIND Installation →
Roundcube is an email webclient which is easy and intuitive to use. I am using it for my private mails, connecting via IMAP and SMTP to my hoster. One of the great advantages is the “flag” option which is synchronized via IMAP to my Apple devices.
Following is a step-by-step installation guide for Roundcube plus an update scenario. It is a kind of “memo for myself”, but hopefully, others can use it as well.
Continue reading Roundcube Installation Guide →
If you want to use you own ownCloud installation, you can find several documentation on the Internet on how to set up this server, e.g. the official ownCloud documentation, or installation guides such as this or that or here. But none of these page alone provided enough information for installing a secure server completely from the beginning.
So here comes my step-by-step guide which surely won’t be complete, too. ;) However, hopefully it will help other people while searching for their way to install ownCloud. Additionally I am showing how to upgrade an ownCloud server.
Continue reading Yet another ownCloud Installation Guide →
When implementing new firewalls at the customers’ site it is always interesting to verify that the anti-virus scanners etc. are running as expected. For simple virus-engines, a sample virus such as the EICAR anti-malware test file can be used. If this “virus” traverses through the firewall inside various protocols such as http, ftp, or smtp, the firewall must block this connection.
However, next-generation firewalls or any other APT (Advanced Persistent Threat) solutions are able to send unknown executables to its own cloud in order to test it. If a malware is found, these products can block future connections with these files, e.g., by updating the anti-virus patterns or their URL categories.
The problem is: How to test whether the “upload unknown files” function works properly? -> My idea is to have a server that generates “dynamic” viruses. When downloading such a “fresh generated” virus, the antivirus engine does not have a pattern for it. That is, the file must be uploaded to an APT solution. The logs on the firewall should list this upload process.
Continue reading Idea: Malware for Testing Next-Gen Firewalls and APT Solutions →
Okay, I know this contains nothing new for many of you but I need it from time to time: It is simply a list of tools I need after a new Linux server installation (used with Ubuntu server) as well as some further hints for the installation process such as static IP addresses, NTP or Syslog forwarding. So, after the initial installation of a server I am doing the following steps:
Continue reading New Linux Server Program Installation →