Thursday, June 25, 2009
This site has years and years of port iterations, meaning it's painless and easy to get an older version of a port for yourself.
Wednesday, June 24, 2009
I prefer host based authentication - meaning that the server I am connecting to will only allow the server I'm connecting from to login, using DSA or RSA keys for the authentication process.
For clarity, Source means the server/workstation you are connecting FROM, Destination means the server you are connecting TO.
To setup the whole thing, you need to generate a private/public keypair on your Source server, do this with ssh-keygen:
ssh-keygen -t dsa
Follow the prompts and you DONT have to fill in a password if you dont want to, but it adds a level of security. The following files will be created in $HOME/.ssh :
Cat the id_dsa.pub file, and copy the output, this is going to need to be placed on the Destination server. Login to your destination server as the user you normally connect as. Make sure there is a $HOME/.ssh directory and then create a file called "authorized_keys" (Case and spelling sensitive). Paste the previous output of the id_dsa.pub file into this file and save it.
Now you might need to edit your /etc/ssh/sshd_config file to allow host-based key authentication, make sure the following parameters are set:
PermitRootLogin yes (ONLY if you NEED root login, rather su to root)
RSAAuthentication yes (Allow RSA as well as DSA Keys)
PubkeyAuthentication yes (Allow Public key authentication)
AuthorizedKeysFile .ssh/authorized_keys (Location of the Server authorized keys)
Restart sshd, or HUP it (pkill -HUP sshd).
For added security, I disable PAM authentication in the /etc/ssh/sshd_config file:
This prevents ANY type of password authentication, meaning bruteforce attacks are impossible to conduct against your SSH Server.
Should you wish to allow tunnelling through your SSH Server, set these parameters in your /etc/ssh/sshd_config:
Again, restart SSHD.
Thats it - a pretty secure SSH system, which is usually the first point of attack for UNIX Hackers.
Thursday, June 11, 2009
Link is here: http://tredosoft.com/Multiple_IE
Wednesday, June 10, 2009
The SSL Offload does SSL encryption calculations on the Layer4 switch, using onboard floating-point processors, meaning NO SSL encode/decode on the servers themselves. The switches can handle 115,000 concurrent connections, so plenty space to grow.
I designed and implemented the entire system, barring the existing MSSQL implementation. Casino is now handling 200,000 spins per day.
Just cant say "which" casinos....
See my System Diagram here:
First, in the ACL section, create the ACL for ads:
acl ads_block_list dstdomain -i "/usr/local/etc/squid/blocks/ads_block.list"
Above all your normal http_access/http_deny rules, place this one:
deny_info ERR_BLOCKED_ADS ads_block_list
http_access deny ads_block_list
Now, create the file /usr/local/etc/squid/blocks/ads_block.list and populate it (I've just shown a head from my file):
[root@nas /usr/local/etc/squid/blocks]# head ads_block.list
You can get anti-ads lists such as mine from various locations, use google to search.
Now edit the custom error message for the ads_block_list ACL, which is: ERR_BLOCKED_ADS
[root@nas /usr/local/etc/squid/errors/English]# cat ERR_BLOCKED_ADS
That last line, you'll notice the ! character which means don't display the standard squid error message.
once all is complete, reload your configs with "squid - k reconfigure" and try access pages now. Ads are blocked, and all you see is the page background. This way you can save large amounts of bandwidth on your internet lines, without creating errors or graphical problems on user viewed pages.
To install pkg-get use the folowing command.
"pkgadd -d http://www.opencsw.org/pkg_get.pkg".
edit the mirror url using.
"vi /opt/csw/etc/pkg-get.conf" and changing the default site url to.
url=ftp://ftp.heanet.ie/pub/opencsw/stable (This is Ireland's repository - closest one for SA)
run "pkg-get -U" to update catalog.
pkg-get is now ready.
"pkg-get -a |grep package" to find the desired packages, then:
"pkg-get -i packagename" to install it.
Very simple and powerful, even allows upgrading of the complete CSW subsystem in Solaris.
Monday, June 8, 2009
Found a great tool which increased stability on my router (DG834PN), as well as including about 100 features not seen on the standard firmware - even SNR increase/reduction to affect speed/stability.
You can grab the firmware for most of the 834 series routers here: http://dgteam.ilbello.com
I did this on a DG834 straight router, connection speeds (synchronised ADSL) went from 2908Kbps to 3824Kbps - On the SAME LINE !! No connection drops - 34 hours on the same PPPoE session.
Well I hacked mine to the latest iXtreme firmware v1.6 - I'm now able to play the 65 XBOX backups I have. Quite a convaluted procedure involving drive door positioning, soldering the PCB to unlock the developer mode on the drive, then extracting the DVD keys and re-inserting them into the hacked firmware, erasing the drive (scary) and then flashing the hacked firmware back.
Been enjoying "Battlestations Pacific" over the weekend :)
Wednesday, June 3, 2009
For personal note, i'll be firmware updating my XBOX360 tonight, as well as doing the technical drawings for my "PC in and XBOX 360" project...More on that later.
Seems I'm missed at work, 8 days off and systems crashing in flames always ensures job security when you're away :D