Difference between revisions of "Short Notes on Security"
From PaskvilWiki
(Created page with "== Apache == ==== Note - serving of local files ==== '''Note''': Often the initial installation of Apache has <tt><Directory /></tt> directive (directive for the root of ...") |
|||
| Line 26: | Line 26: | ||
to '''/etc/apache2/ports.conf''' and restart Apache. | to '''/etc/apache2/ports.conf''' and restart Apache. | ||
| + | |||
| + | == Other == | ||
| + | |||
| + | ==== Password Generators ==== | ||
| + | |||
| + | * '''PHP''' ''(run from bash)'' - replace the '16' with length of the generated password (28 is most you can get): | ||
| + | <pre>$ php -r "echo substr(str_replace(array('$1$', '$2$', '$2a$', '$', '.', '/'), '', crypt(php_uname() . microtime())), 0, 16).\"\\n\";" | ||
| + | 1hlNxRwBr4mCZWQF</pre> | ||
| + | |||
| + | * '''Bash''' - replace the '64' with length of the generated password (no real limit here), and change the characters class in <tt>tr -d</tt> as you please, to control what characters can be contained in the password; the characters class presented here are all characters that are treated as a part of the word in terminal (i.e. you can double-click the word and it gets selected as a whole): | ||
| + | <pre>$ cat /dev/urandom | tr -d -c "a-zA-Z0-9@#%&\-\_+=:,.?/" | head -c 64; echo | ||
| + | uQ,XGSG4qPtE4.&UQT,jPA#=a8j-mhy+qjQUg:m#s7g1@c2-#J8D-,3zQFd+o_-W</pre> | ||
== External Links == | == External Links == | ||
| + | |||
| + | === Apache === | ||
* [http://httpd.apache.org/docs/2.0/howto/htaccess.html .htaccess files in Apache2] | * [http://httpd.apache.org/docs/2.0/howto/htaccess.html .htaccess files in Apache2] | ||
| Line 33: | Line 47: | ||
* [http://httpd.apache.org/docs/2.0/howto/auth.html Authentication, Authorization and Access Control in Apache2] | * [http://httpd.apache.org/docs/2.0/howto/auth.html Authentication, Authorization and Access Control in Apache2] | ||
* [http://www.yatblog.com/2007/02/27/how-to-create-a-ssl-certificate/ How to create your own (aka self-signed) SSL Certificate] | * [http://www.yatblog.com/2007/02/27/how-to-create-a-ssl-certificate/ How to create your own (aka self-signed) SSL Certificate] | ||
| + | |||
| + | === Other === | ||
| + | |||
| + | * [http://blogs.sun.com/jkini/entry/how_to_scp_scp_and How To scp, ssh and rsync without prompting for password] | ||
Revision as of 22:11, 1 July 2011
Contents
Apache
Note - serving of local files
Note: Often the initial installation of Apache has <Directory /> directive (directive for the root of the filesystem) set to "Allow from All", in [Apache config dir]/sites-available/default! This means that server can server any file from the file system, not just the files in the htdocs document folder, which you typically want!
To avoid this, simply change this to "Deny from All".
Enable SSL/HTTPS in Apache
HowTo: Use the following virtual host definition:
<VirtualHost *:443> ServerName ssl-name DocumentRoot /var/www/ssl/root SSLEngine on SSLCertificateFile /etc/apache2/server.crt SSLCertificateKeyFile /etc/apache2/server.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown </VirtualHost>
where certificate file and the certificate key file are either authority-signed or self-signed certificate files (see below), and add
NameVirtualHost *:443 Listen 443
to /etc/apache2/ports.conf and restart Apache.
Other
Password Generators
- PHP (run from bash) - replace the '16' with length of the generated password (28 is most you can get):
$ php -r "echo substr(str_replace(array('$1$', '$2$', '$2a$', '$', '.', '/'), '', crypt(php_uname() . microtime())), 0, 16).\"\\n\";"
1hlNxRwBr4mCZWQF
- Bash - replace the '64' with length of the generated password (no real limit here), and change the characters class in tr -d as you please, to control what characters can be contained in the password; the characters class presented here are all characters that are treated as a part of the word in terminal (i.e. you can double-click the word and it gets selected as a whole):
$ cat /dev/urandom | tr -d -c "a-zA-Z0-9@#%&\-\_+=:,.?/" | head -c 64; echo uQ,XGSG4qPtE4.&UQT,jPA#=a8j-mhy+qjQUg:m#s7g1@c2-#J8D-,3zQFd+o_-W
External Links
Apache
- .htaccess files in Apache2
- htpasswd utility in Apache2
- Authentication, Authorization and Access Control in Apache2
- How to create your own (aka self-signed) SSL Certificate
