David L. Bompart

Debian already has WebGUI support If you want to install WebGUI on a Debian GNU/Linux you can use the readily available packages from Debian's repository. Bear in mind that Debian carries the latest stable WebGUI releases, usually available a day or two after Plainblack's release. Installation is done using either aptitude from the command line or synaptic from your preferred desktop environment. Debian Sid (Unstable) If you are running an up to date Debian Sid (unstable) system, you only need to aptitude install webgui in order to get the latest available package installed, including all its dependencies. If you want to have MySQL in the same server, you will need to aptitude install mysql-server in order to get it installed. Debian Lenny (stable) If you are running an up to date Debian Lenny (stable) sytem, you need to do a few extra things in order to use the WebGUI and YUI packages from Sid, while keeping the rest of your system in Lenny. Start by adding a prope...

Herramientas de Monitoreo: The commands discussed below are some of the most basic commands when it comes to system analysis and debugging server issues such as: Finding out bottlenecks. Disk (storage) bottlenecks. CPU and memory bottlenecks. Network bottlenecks. #1: top - Process Activity Command The top program provides a dynamic real-time view of a running system i.e. actual process activity. By default, it displays the most CPU-intensive tasks running on the server and updates the list every five seconds. Fig.01: Linux top command Commonly Used Hot Keys The top command provides several useful hot keys: Hot Key Usage t Displays summary information off and on. m Displays memory information off and on. A Sorts the display by top consumers of various system resources. Useful for quick identification of performance-hungry tasks on a system. f Enters an interactive configuration screen for top. Helpful for setting up top for a specific task. o ...

Asegurando un servidor, Consejos: #1: Encrypt Data Communication All data transmitted over a network is open to monitoring. Encrypt transmitted data whenever possible with password or using keys / certificates. Use scp, ssh , rsync, or sftp for file transfer. You can also mount remote server file system or your own home directory using special sshfs and fuse tools. GnuPG allows to encrypt and sign your data and communication, features a versatile key managment system as well as access modules for all kind of public key directories. Fugu is a graphical frontend to the commandline Secure File Transfer application (SFTP). SFTP is similar to FTP, but unlike FTP, the entire session is encrypted, meaning no passwords are sent in cleartext form, and is thus much less vulnerable to third-party interception. Another option is FileZilla - a cross-platform client that supports FTP, FTP over SSL/TLS (FTPS), and SSH File Transfer Protocol (SFTP). OpenVPN is a cost-effective, lightweight SSL...

Mejores Prácticas sobre el uso de OpenSSH (seguridad): Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys or ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the user’s account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP 22 SSH Session in Action #1: Disable OpenSSH Server Workstations and laptop can work without OpenSSH server. If you need not to provide the remote login and file transfer capabilities of SSH, disable and remove the SSHD server. CentOS / RHEL / Fedora Linux user can disable and remove openssh-server with yum command: # chkconfig sshd off # yum erase openssh-server Debian...

CHROOT: Para limitar a los usuarios vía ssh a trabajar sobre sus /home/%u únicamente. In /etc/ssh/sshd_config : You need to configure OpenSSH to use its internal SFTP subsystem. Subsystem sftp internal-sftp Then, I configured chroot() ing in a match rule. Match group sftponly ChrootDirectory /home/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp The directory in which to chroot() must be owned by root. After the call to chroot() , sshd changes directory to the home directory relative to the new root directory. That is why I use / as home directory. # chown root.root /home/user # usermod -d / user # adduser user sftponly This seems to work as expected : $ sftp user@host Connecting to host... user@host's password: sftp> ls build cowbuildinall incoming johnbuilderclean sftp> pwd Remote working directory: / sftp> cd .. sftp> ls build cowbuildinall incomin...