I am just about to undergo a new peice of freelance work myself on Bind 9, but it has been ages since I have done this, this was on my own LAN with port 53? Blocked from outside, so mine is not public facing.
But this project is, what should I setup to make this truely secure, just to recap on my thoughts aswell, forward resolving is Domain -> IP is not it? Then Reverse is IP->Domain is not it?
I'm sure this is possible... I'm just not sure how. Yet! I have three machines. One is at home behind my firewall and has a dynamic IP. That's fine as I don't really want to open any ports on my home firewall. The second is at work sitting behind the firewall there- and I'm not even going to ask for approval to NAT an IP to my PC at work :-).
The third is in a data center far away. I only have a shell account on this server but other than that shell account not being root, I can do most anything I like with that account. What I would like to do is SSH to this server simultaneously from my home and work PCs and, via this third machine, make them talk.
This is pure geekery so it doesn't matter what they say to each other; I just want to make them talk. Maybe one uploads a file and the other just pulls down that file. Maybe one opens a FIFO on the remote server and starts writing to it while the other starts snarfing that data. In fact, I like this latter idea best, I think. How would you do it? What scripts (fired by cron if need be since I'm ostensibly away from at least one of the PCs at any given time) would you use?
I'd like to know if this is common security flaw or normal to open up FTP to the public which is of course protected with password for 3rd party access to maintain our public facing / production website ?
If yes, what sort of FTP application to install in Ubuntu ?
Within the documentation of example OpenVPN setups there is a setup that shows an OpenVPN Server with two network interfaces. One interfaces is plugged into the public internet network and the second interface is plugged into the private network.
Normally I assume that it would be best to place the OpenVPN system inside the network behind the router and firewall and open only the ports needed on the router to allow access to the OpenVPN system. All other router ports would be closed. This is the first example they show. To see what I am talking about see page(s) 6-7 here -> [URL]
If one were to use the two interface public facing setup, when would that setup best be justified? I guess if you didn't want to open any ports on the router/firewall then this could be justified but then you have to lock down this public system individually instead of having it protected by the network firewall.
I'd like to know if this is common security flaw or normal to open up FTP to the public which is of course protected with password for 3rd party access to maintain our public facing / production website ? If yes, what sort of FTP application to install in your Linux webserver?
View 7 Replies View RelatedI'm trying to find a secure way to backup files on my Prod Server to Backup Server. It must be automated, so I will need to run a command with cron which will login to Prod Server from Backup Server and backup data. 1. Do you think it would be secure enough to do this by creating an passwordless RSA private key on Backup Server and adding it's public key to authorized_hosts file on Prod Server? I can't think of a way to Automate this without having to enter any passwords without passwordless RSA key. Is there another. more secure way? 2. Should I create a special user for backup, which will only have read access to all files in the directory that I am backing up? If so, How can I run a check that this new backup user indeed has read access to ALL files in the folder that I intent to back up? How can I ensure the backup process will not skip files due to some permission problem? 3. I'm thinking of using rsnapshot tool, which uses rsync.
View 10 Replies View RelatedI am going to be away semi permanently and want to create a VPN that will allow me to act as if my laptop was connected to my home network.
All I want is for the drives to be accessible so I can use them for primary access as if they are in the laptop.
Questions:
1. Can I set up a Linux VPN that is secure using public WiFi (or however I connect to the net) when I am on the road?
2. I will be using a desktop (32 bit) as the server, what version of Linux would be best for this?
3. If my server is linux and the server drives are NTFS will they be accessible using a windows machine? (I will be double booting the laptop)
4. I would like to set up a pass-code that is stored on the laptop so that only that machine can get access.
This can be up to 255 characters and encrypted so it would be very hard to break. Even I would not know what it is. (I would store it on a pen drive and be able to recover it from there.)
One more. I might want to add separate users that only have access to their one drive, not the server drive. Is that OK?
I need to publish my local webserver from my lan to access outside using internet, I have public ips provided by ISP my local webserver address is 192.168.1.5 and I want to bind this local address to a public ip (Ex: 61.8.153.212) to use it out side my lan through squid.
View 11 Replies View RelatedI have a small network at my office (3 workstations, 1 ubuntu desktop that I'm using as a file server). I'm using a WRT54G2 router for networking and internet connectivity. Here's what I'm trying to accomplish: I want to be able to access my little file server from home, across town. I think ssh might be the best way to go now. What I don't know: How do I set up the ssh server on my machine/network without compromising my network security and the security of my server? Do I just set up port/ip forwarding on my router, install openssh, and that's it?
View 9 Replies View RelatedI'm trying to decide on how to host and serve files to multiple operating systems (Linux, Mac OS X, Windows XP and Windows 7) over the internet. I'd like this to be secure (obviously), but don't want to use SSH tunnelling.Ideally, this would be something which could be persistently mounted on the client machine (a network drive in Windows, likewise in Mac OS X and Linux) and wouldn't require the installation of extra software on the clients. I thought about samba, but I'm not sure if it's secure enough to be internet-facing. Would FTP fit?resumably it's possible to have encrypted connections only and limit connections to a specified number of client IPs.
View 2 Replies View Relatedwhat is bind vs bind-chroot vs caching-nameserver ?what is the different between eatch others ?
View 7 Replies View RelatedI'm trying to write a p2p file sharing program using python's built-in libraries. Everything is going well. The only thing is that i'd like to be able to use openssl public and private keys so only a host with the public key could access/decrypt the filesharing. I've gotten these libraries (httplib, basehttpserver, ssl, os) to work using just a pem file containing both the public and private keys but no success with them seperately. Can someone point me in the right direction or offer an alternative? PS, the goal of the project is to create an anonymous, decentralized, secure file sharing program. I want to be able to upload this to sourceforge so everyone can use it, if that's any incentive
View 2 Replies View RelatedI run the following file with the >log.log redirector and it does not capture errors.
#!/bin/bash
echo ************************BEGIN LOG******************************
date +"%m/%d/%Y %H:%M:%S $HOSTNAME"
cp -f /scripts/original/clamscans.log /scripts
[code]....
The following errors show up when I run from the file from the term window, but are not written to log.log:
tar: /public/public/clamscans/*.txt: Cannot stat: No such file or directory
tar: Error exit delayed from previous errors
mv: cannot stat `/public/public/clamscans/*.txt': No such file or directory
I know with windows you can add the 2>&1 to capture error data. Is there such a thing for Linux?
I'm new to send mail. I have a server with a public address and domain name. But I only want to implement a small sendmail network on our 20-user LAN. Can I turn my public server into a sendmail server? Are there any simple step-by-step instructions for this?
View 1 Replies View RelatedENV: openssh-server-5.4p1-1.fc13.i686 Problem: I am unable to ssh using Putty (when using ssh-auth/pki) to a fedora box . I get the message: Server refused our key. Here's what I tried so far:
- Tried generating rsa (as well as dsa) keys on the linux server and put the generated public key in the ~/.ssh/authorized_keys. Then I converted the private key using PuttyGen.
- Also, tried generating keys using PuttyGen and then converted the public key and placed it on the server
- Configured the sshd server (ssh_config) for using RSAAuthentication=yes. Tried all combinations and purmutations; however, I still get the "Server refused our key" error.
How can I forward all traffic from a public IP to another public IP. Let's say I have a first debian box named box1 with eth0 = 1.1.1.1 and eth0:1 = 1.1.1.2 and I want to forward all traffic from 1.1.1.2 to "box2" located somewhere else over the internet and having for eth0 2.2.2.2 Both 1.1.1.0/24 and 3.3.3.0/24 are public IP ranges.
View 1 Replies View RelatedI and setting up a home web server using Ubuntu 10.04 server (local only). I am currently using Webmin 1.53 to access it remotely all is going great very easy to use. Webmin - Check, ftps-fileZilla - Check, Apache -It Works BUT I cant seam to set up Apache as a named server using Bind DSN. Tried most of the help in the fourms and ..... I think my problems is in the master server selection, do i have to use [URL]... or can i just use myservername. I have tryed both with no luck. First time with the server addition.
[code]...
i need to create a SSH server in my home and i should able to log in my SSH server over the internet from out site. what are the setup i have to do?
View 14 Replies View RelatedI'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
I am configuring bind9 on fedora 9(sulphur).I have configured /etc/named.conf and created zone file in /var/named/I have started the service but when I am executing the command nslookup mydomain.com it is not able to resolve the name.Another problem I am facing when I do telnet localhost 53,I am able to connect.but when I do telnet myip 53 it does not connect.Seems to be a firewall problem but I ve disabled iptables selinux completely even I ve disabled dnsmasq but still not working.
View 1 Replies View RelatedI am facing a problem while configuring a sendmail AS MY MTA.My problem is when is try to send mail from root to local user account(Any user existing in my local machine) , i m getting a unknown user error but normal users can successfully send a mail to root but root account does not.I can successfully compile a sendmail.mc without any error and sendmail deamons start successfully.When I Try to send mail from root account to local user Account , i got a Returned mail:see transcript for detail (which Has A following Detail )
View 5 Replies View Relatedwe have a remote linux server and its /var/log/secureile is fully filled with unauthorized ssh users,of course they cannot able to log in successfully but they were making continuous ssh requests to log in, it some times results in server down problem. so how to secure our server from their ssh attempts.i know blocking unauthorized ip addresses can solve this problem and we can also change the ssh port numbers but what are the other possible ways of solving this.
View 4 Replies View RelatedI have a BIND server that I'm setting up with different views. There is another server out on the public Internet that currently handles all inquiries for this domain. I had installed the Yum packages, chroot, etc. and edited the config files by hand. When that didn't work, I erased the server and started over using Webmin to build everything for me. Same result. I want to setup and verify everything is working on this new server before I take it into production.This is in /var/log/messagesQuote:
Jun 13 21:33:20 dns1 named[13838]: starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -u named
Jun 13 21:33:20 dns1 named[13838]: adjusted limit on open files from 1024 to 1048576
[code]...
I need to know how to configure the address of the next level DNS server in my BIND server. im in a FEDORA 10 system.
View 3 Replies View RelatedI want to join standalone windows xp machine to Linux Domain (Redhat 9)..
View 3 Replies View RelatedI have the opportunity to set up our local public library with a linux server. The primary need is for the server to land wifi users to a hotspot splash screen where they will accept terms of use and indicate what town they are from by checking a box or selecting from a dropdown menu. Users of terminals in the library would also have to indicate what town they are from. Things such as content filtering may come later. What distro would be recommended for this? Ease of use and configuration is important. They basically want to track use of the internet.
View 5 Replies View RelatedI have configured web server in my home. it is working in LAN. but every one should be accessed from out site from LAN. how is possible ? i would like to access as http://123.123.123.123 Then i dont need the host name? My public IP http://123.123.123.123. My LAN IP [URL]... i did the port forwarding in my router. when i access the web from outside automatically logging into my ADSL router.
View 13 Replies View RelatedI'm trying to setup DNS server. But i'm getting this strange problem.normally nslookup and workin for other sites.problem only with my local setup. can't see what i'm doing wrong.i've had setted up DNS server before but had no problems.can't see any solution on google.
So...
centos 5.6
bind 9.7 (from repository)
[code]...
I am still quite new to all this but I guess we were all beginners once, this forum seems very helpful.Here is my situation, I will give as much detail as I can.I have a dedicated server which is running CentOS release 5.5.Initially I had Plesk installed, but when I upgraded PHP I damaged the Plesk configuration, and so I installed Webmin instead.
All seems to be fine with this, apart from the DNS configuration / BIND server.I know this because I have one site which uses an external DNS server and this works fine (i.e I can access it from a browser). All the others don't resolve - i.e the ones I set up in Plesk.I've done a bit of investigating to see what is going on, but I'm stabbing in the dark a little.
I've been looking for a good tutorial for setting up a BIND DNS server for my local network. What I want to do is..Have BIND running on my home server receiving all DNS requests.Have certain zones (my.zone.lan) pointing to custom IP addresses (I.E. server.lan points to 192.168.{server IP})Zones that don't exist should be passed on to OpenDNS for processing.
View 6 Replies View Related