Archive for the ‘Linux’ category

« Older Entries
Newer Entries »

Setup linux server to alert you on login

April 29th, 2010

To improve the security of a Linux server, especially a web server, which is exposed to the Internet and possible worldwide hackers, it’s best to enable the server to automatically send a notification email to predefined email address anytime someone logs in as root to the host. To configure the automatic email alert notification to a default email address on each incident of root log on on the server, use the following guide.

1. Login to the server via SSH using as root ID.
2. Ensure that you’re at home directory of root. Then open up the .bash_profile for editing using pico or vi by typing one of the following commands at command shell line:

Using Pico# pico .bash_profile
Using Nano# nano .bash_profile
Using Vi# vi .bash_profile

3. Scroll down to the end of the file and add the following line:

“echo ‘ALERT – echo ‘ALERT – Root Shell Access (YourserverName) :’ `date` `who` | mail -s “Alert: Root Access from `who | cut -d”(” -f2 | cut -d”)” -f1`” user@example.com” (Without the quotes)

4. Replace user@email.com with the actual email account address that you want to the root access alert notification been sent to. Note that you can change the text contains in the email alert too. You will want to change the (YourserverName) to your actual server name or hostname.

Now logout and login again as root, you should receive an email alert at your inbox. This works on most popular flavor of Linux such as RedHat, CentOS, Ubuntu, FreeBSD , etc.

No comments »

Posted in Linux

Tags:

How to disable reverse lookups with Qmail in Plesk

March 9th, 2010

To disable reverse lookups in qmail with Plesk,  you can  add -Rt0 to the server_args line in /etc/xinetd.d/smtp_psa


service smtp
{
socket_type = stream
protocol = tcp
wait = no
disable = no
user = root
instances = UNLIMITED
server = /var/qmail/bin/tcp-env
server_args = -Rt0 /usr/sbin/rblsmtpd -r sbl-xbl.spamhaus.org /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}

Once you have made the change, you will need to restart the Xinetd service;

# /etc/init.d/xinetd restart

*DNS reverse lookups will no longer be called. Please note if you make any changes in Plesk regarding mail it will overwrite the change that you just made.*

No comments »

Posted in Linux, Plesk, Qmail

Creating additional FTP Users In Plesk (Linux)

February 12th, 2010

Plesk for Linux, by default only allows one ftp users (While it does let you add multiple web users, they are locked to the same directory as the main ftp user). However you can get around this limitation by creating additional FTP users by creating them outside of Plesk, using SSH / Shell. The process is fairly simple as well and you can setup any directory structure that you want the new user to connect to, even for adding ftp access behind the root of a web directory if you like.

To do this, we simply need to do the following;

*Prior to doing this, make sure you already have an existing ftp user in place, as you will need their ID#

1. Log into your Linux server (Only applies to a dedicated server, colo server or virtual server – VPS).

2. Once you have logged in, you need to find an ID of an existing FTP user. To do this, simply type the following:

$id user     (user is the name of the existing ftp user)

3. If you have the user, you will be given an output that looks like this;

# uid=10002(user) gid=2524(psacln) groups=2524(psacln)

4. Take the uid number as you will need this to setup the new user.

5. Now, create the new user by using this command. Also with this command, you can set the directory you want them to have access to.;

/usr/sbin/useradd -u 10002 -o -d /var/www/vhosts/example.com/custom_folder -g psacln -s /bin/false newuser    (newuser is the name if the new account)

6. The new user has been created. Now you have to assign a password to it. To do this, type the following *make sure the password is not the same as the main Plesk ftp account*;

$passwd newuser password (Change password to the password you want to assign to the user)

7. It will then ask for you to confirm the password, type the password again. If done correctly, you will get the following message;

passwd: all authentication tokens updated successfully.

That’s it, the ftp user has been created. If you ever want to remove the user, you have to do it via command line as Plesk will not sure the user. To do this, simply type the following;

$/usr/sbin/userdel username

No comments »

Posted in FTP, Linux, Plesk

Tags:

How to disable anonymous FTP access in Vsftp

December 17th, 2009

1. SSH to the server that has VsFTP, and SU to it.
2. Edit file /etc/vsftpd/vsftpd.conf, find line
anonymous_enable=YES
change to
anonymous_enable=NO
3. Do /sbin/service vsftpd restart
4. Try to ftp to domain or IP without providing a user/password. Access will be rejected.

Anonymous FTP has been rejected!

No comments »

Posted in FTP, Linux

Tags:

Setting Up Spam Protection Based on DomainKeys in Plesk

December 11th, 2009

*Please note that Plesk only supports the use of Domainkeys as of 8.6 and up*.

To switch on spam protection based on DomainKeys:

  1. Click the Server shortcut in the navigation pane.
  2. Click the Mail icon in the Services group.
  3. Under the DomainKeys spam protection group, select the following options:
    • Allow signing outgoing mail. Selecting this option allows you and your customers to switch on support for DomainKeys e-mail signing on a per-domain basis through the domain administration screens of the control panel (Domains > domain name > Mail > Preferences > Use DomainKeys spam protection system to sign outgoing e-mail messages option). It does not automatically switch on signing of outgoing e-mail messages.
    • Verify incoming mail. Selecting this option will configure the DomainKeys system to check all e-mail messages coming to e-mail users under all domains hosted on the server.
  4. Click OK.

Now your mail server will check all incoming e-mail messages to ensure that they come from the claimed senders. All messages, sent from the domains that use DomainKeys to sign e-mail, which fail verification will be discarded. All messages, sent from the domains that do not participate in the DomainKeys program and do not sign e-mail, will be accepted without verifying.

To switch on signing outgoing e-mail messages for a single domain:

  1. Go to Domains > domain name > Mail > Preferences.
  2. Select the Use DomainKeys spam protection system to sign outgoing e-mail messages check box.
  3. Click OK.

To switch on signing outgoing e-mail messages for a number of domains at once:

  1. Click Domains.
  2. Select the check boxes to the left of the domain names you need. To select all domains in the list, select the upper left check box in the column heading.
  3. Click Group Operations.
  4. Under Preferences, select the Switch on option next to the Use DomainKeys spam protection system to sign outgoing e-mail messages field.
  5. Click OK.

Now, the following will happen for the selected domains:

  • Private keys are generated and placed in the server’s database.
  • Public keys are generated and placed in the TXT resource records created in the domains’ DNS zones.
  • The sender’s policy advertised in the DNS TXT resource records is set to “all e-mail messages sent from this domain must be cryptographically signed; if someone receives an e-mail message claiming to originate from this domain, which is not signed, then this e-mail must be discarded.”
  • Outgoing e-mail messages are digitally signed: the “DomainKeys-Signature” header containing a signature based on a private key is added to the message headers.

No comments »

Posted in Linux, Plesk

Tags: