Jul 31, 2013

Richard Stallmann on Ubuntu, Spyware, and the Ubuntu Phone



Richard Stallman Talks About Ubuntu & its privacy invasion (according to EFF and FSF) Features. He goes on to say that "non-free" distros like Ubuntu, have ethical flaws. For instance they contain non-free software, thereby making their distros about convenience rather than freedom.

Jul 30, 2013

Hacker-Proof Your WiFi During Travel

Not everyone knows the risks that come with using public Wi-Fi. If you're traveling this summer, learn the basics of secure Wi-Fi use, so hackers don't get your personal information and commit fraud with it.

Staying Safe While Cybersurfing

Most places that offer public Wi-Fi make it pretty easy for customers to get online. There are usually minimal login requirements, and to avoid encryption compatibility issues, they tend to disable many of the security features that are built into the wireless device. However, without encryption, your data passes unprotected, just like a radio signal.
According to the identity theft experts Life Lock, always check the network names. Thieves often create near-identical networks to the public networks people are accessing, and these signals can be intercepted by anyone who has a compatible receiver and some basic, easily acquired tools. If the Wi-Fi you're using isn't encrypted, your data is open to theft. From a login and password at your bank to a private email you've sent, it's all fair game to cybercriminals.

Wi-Phishing

A tech-savvy hacker is armed with the skills, tools and patience needed to work around the limited protection measures many Wi-Fi hosts employ. For example, some use social engineering methods to trick Wi-Fi users into divulging their most sensitive information.
Through wi-phishing, a cybercriminal is able to hijack a wireless signal and replace it with one of his own. He can spoof the network name and replace the sign-in page with a duplicate. You'll then supply your information to the hacker, not the Wi-Fi provider. From there, you may be redirected to other fraudulent or virus-filled websites. You might even be tricked into providing credit card numbers or other sensitive information.

Protecting Yourself on Wi-Fi

  • Don't allow your device to automatically join Wi-Fi networks. Manually select the desired network after connecting.
  • Be sure you're on a legitimate network; check with the business offering the Wi-Fi to confirm the details.
  • Stay aware of your surroundings. Ensure that nobody is looking over your shoulder when logging in to your accounts.
  • Don't leave your computer unattended.
  • Don't bring sensitive data on your hard drive when traveling.
  • Disable file sharing.
  • Don't do online banking at a public hotspot.
  • Don't surf pages you wouldn't want others to know you're viewing.
  • Limit email to casual communications; don't send anything sensitive.
  • Turn off your wireless card when not in use.
Public Wi-Fi hotspots can be convenient while you're traveling, but you should take some precautions when using them. Protect your computer, your data, your identity and your privacy by following the tips above. When you know you're safe online, you'll be able to relax and enjoy your trip to the fullest.

Jul 29, 2013

Three Plugins You Can Use To Make Thunderbird Work With Microsoft Exchange

Now that I am using Bauer-Puntu Linux on my company laptop, I no longer have the luxury of using Microsoft Outlook which works seamlessly with Microsoft Exchange.

As many of you know, Microsoft Exchange is more than just email. If also handles contacts, calendars, tasks etc. out of the box, but Thunderbird doesn't handle that stuff. True, you can configure Thunderbird to connect to Exchange using IMAP over SSL, but that only gives you email and none of the other goodies.

That's why I am using the following plugins to make Thunderbird work with my companies email system which happens to be Office365, but that uses Exchange 2013 on the backend:
With those three plugins, I am able to use Thunderbird with Office365 without issue.

Jul 26, 2013

How To Configure Pidgin To Use Microsoft Lync in Ubuntu Linux

I mentioned recently that I replaced Windows 7 on my company laptop with Bauer-Puntu 13.04. One of the items I had to do to make the transition a little more seamless was to get company instant messaging working.

We currently using Office365 for email and instant messaging. On the back end Office365 is using Lync and Exchange to provide those services so this works on that, and should also work if you using in-house Lync.

Here is what did to get it to work:
  • Installed the pidgin-sipe plugin

    sudo apt-get install pidgin-sipe
  • Add a new account, and selected Office Communicator as the protocol
  • For the username and login I used my email address, and of course I entered my password.
  • On the Advanced tab change the connection type to Auto
  • Use the following for User Agent: UCCAPI/4.0.7577.314 OC/4.0.7577.314
  • Change authentication scheme to TLS-DSK
  • Uncheck the Single Sign-On box
  • Click Save
That's it, after that Lync worked flawlessly on Pidgin! Pidgin is also great because it supports every other protocol so you can use all your IM accounts in one application.
[Thanks to Dataforce]

Jul 25, 2013

How To Configure A Lenovo Thinkpad T530 With Docking Station For Dual Monitors in Ubuntu

At my day job I have a pretty awesome Lenovo T530 laptop, and up until yesterday I was running Windows 7 on it. I decided to install Bauer-Puntu 13.04 on it instead, and for anything Windows related I would use Remmina to RDP to a server, or use a Windows 7 VM in Virtualbox.

By default the T530 has Nvidia Optimus enabled in the bios which is great for Windows 7 or Windows 8, but it doesn't work so well in Ubuntu. I have read where people had success using Bumblebee to make Ubuntu play well with it, but I didn't have any luck. So this is how I got dual monitors to work for me
  • Switch to discrete graphics mode in your bios



  • Install the latest Nvidia drivers from the Ubuntu repositories

    sudo apt-get update
    sudo apt-get install nvidia-current
  • Edit your grub config and append nox2apic after "quiet splash"

    sudo nano /etc/default/grub

    Change

    GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"


    to:

    GRUB_CMDLINE_LINUX_DEFAULT="quiet splash nox2apic"


  • Update grub

    sudo update-grub


  • Reboot
After I did that I was able to go into the Nvidia X Server Settings and setup  my screens to use TwinView.


Did you get it to work a different way? Were you successful with Bumblebee? If so, what did you do differently? Let us know in the comments.

Jul 24, 2013

How To Run Netflix in Ubuntu 13.04

I really love my wife! The other day she broke down and let me wipe out the install of Windows 8 on her laptop, and let me replace it with Lubuntu Linux. It's lighter, has better performance and it is not Microsoft which is a part of the NSA's PRISM program.

Well, her only stipulations were that it must play CD's and DVD's, she had to be able to surf the web easily like she did in Windows, and she had to be able to watch Netflix.

All of them were easy enough except Netflix. That's because Netflix is the only company in the world I think that built their web-based application on the obsolete Silverlight by Microsoft, and it just doesn't want to run on Linux.

Well, I got it to work, but you have to install a third party package called Netflix-Desktop.

To install it run the following from the terminal:
sudo apt-add-repository ppa:ehoover/compholio
sudo apt-get update
sudo apt-get install netflix-desktop
After that it will create a nice little Netflix-Desktop icon in your Sound & Video menu, at least that is where it created mine in Lubuntu. You can also launch it from the terminal by running netflix-desktop.


After I installed it and showed it to my wife she was happy as a clam, and so was I because I got rid of one more Windows PC from my life! Woot!

Jul 23, 2013

Citrix Made XenServer Open Source Again. All Enterprise Features Are Now Free!

I use XenServer in my office environment. I switched us over to it shortly after I started at my day job because the free version of XenServer at the time had better features than VMWare's ESXi product. Features like clustering, and XenMotion were appealing to me, and my company couldn't afford the price tag of VMWare Professional or better.

The problem with the free XenServer version we are using is that it doesn't have high availability features or Alerts. I figured it was still fine for regular in-house business apps though, which it has been. It would just be nice to have all features.

Well a friend of mine who runs the infrastructure for TTR Corp in San Diego said that they were moving away from VMWare over to XenServer. When I asked why he said that the new version of XenServer (6.2) now has all enterprise features available for free!

I did some checking and he is right! From their release notes:
XenServer 6.2.0 includes the following new features and ongoing improvements:
Licensing Simplification

As part of our commitment to ease of use, this release sees the introduction of XenServer 6.2.0 which replaces the previous XenServer Free, Advanced, Enterprise, and Platinum editions. Functionality previously available within premium versions of XenServer is now available free of charge. With this simplification we have also introduced per-socket licensing. Licenses no longer enable specific XenServer features, instead they signify that a XenServer is under a valid support contract. XenServer 6.2.0 no longer requires a license server or licence file to enable features, as all features are enabled for free in unlicensed mode. Licenses are only required to receive Citrix Support and to enable the use of XenCenter for the installation of security and feature hotfixes. Hotfixes can continue to be installed on unlicensed hosts using the xe command line interface.
So basically everything is free unless you want support! If you are not using XenServer for your hypervisor needs you should consider taking a closer look at it for cost savings. If you are already using it like me, then you need to look at upgrading soon!

Jul 22, 2013

Ubuntu Forums Hacked. All User Accounts and Password Hashes Compromised

While looking for some information on how to get my Bauer-Puntu install on my Lenovo T530 to work with dual monitors I came across this little beauty on the Ubuntu Forums page:


Yep, apparently hacked and every username, password and email address was compromised. If you have a hard time reading the image here are the bullet points of "what they know":
  • Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
  • The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
  • Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.
If you are a user of the forums, and you happen to use the same username/password combo on any other sites you better get to changing it quickly.

How To Fully Encrypt Your Android Device

I am a huge proponent of encryption. I think if it's available, you should encrypt everything. Not just to protect yourself from hackers and thieves, but also from the government. In most cases, your decryption pass-phrase is protected under the 5th Amendment.

One thing many people overlook when it comes to security is encrypting their cell phones. If you have a smartphone, you will be surprised how much data is available about you on your phone. Because of that, it's important that you protect it. Well Android has full phone encryption built in!

Yes I know that the NSA has been inserting code into Android, so they may or may not have a backdoor into it. However it will still be able to protect your data from hackers and probably even a DHS checkpoint.

To encrypt your Android device, you must first set a screen lock password of at least 6 characters, and one must be a number. to do that do the following:
  • Go to Settings > Lock Screen > Screen Lock > Password
  • Follow the prompts to set a password
Now to encrypt your phone do the following:
  • Settings > Security > Encrypt Device 
  • Follow the prompts to encrypt your device
Encryption can take up to an hour, and your phone may reboot a few times during the encryption process. After it's done your device will be pretty damned secure. Also in the Security Settings you have the option to encrypt your SD card as well. I recommend you do that.

Do you encrypt your phone? Why or why not? Let us know in the comments.

Jul 19, 2013

How To Configure Firefox To Use Startpage From The Address Bar

If you are not using Startpage for your online searches yet, and are still using Google, Bing or Yahoo you are either a fool, or you don't feel you have a need for your 4th Amendment rights because the NSA is tracking everything you are searching on those systems. Startpage however serves up Google's awesome search results, but they anonymize you and don't collect your information. Pretty nice right?

One thing I have been doing since I made the switch back to Firefox is changing the default search options in it. It's really easy to add Startpage to the search bar in Firefox, but since I have been a Chrome user for the last few years I've gotten used to typing my search queries in the address bar. By default, Firefox uses Google to handle search via the address bar and we want to avoid that for privacy reasons right?

To change the address bar search in Firefox to use Startpage instead do the following:
  •     Type "about:config" in the browser's location bar and hit "Enter"
  •     Accept the warning message to be careful
  •     Enter "keyword.URL" in the filter on top of the page
  •     Double-click on the "keyword.URL" line that shows up
  •     In the pop-up window, replace the current string with the link found here:

    https://startpage.com/do/search?language=english&cat=web&query=
  •     Click "OK"
  •     Close the window or tab
Here's a scree shot:


Simple right? Now when you perform a search from the address bar you get the results you want with all the Big Brother you don't!

Jul 18, 2013

Open Source Alternative To Tripwire For PCI Compliance

My company has been working hard to maintain PCI compliance. By my company, I mean I have been working hard to maintain my company's PCI compliance.

It used to be easy too. Since we never actually captured or stored credit card information it wasn't too bad, but since we added a new feature a few months ago that actually captures credit card data, even for a split second, we have way more to deal with when it comes to PCI.

One of the things a recent third party audit came up with was the need for file integrity monitoring. The system our auditor recommended was a pricey little bugger called Tripwire. Since my company is still in a fledgling stage, money is not a commodity we have a lot of to spend on expensive software. Thank the sweet baby Jesus for open source right?

Enter in OSSEC, which is an open source host based intrusion detection system that has a file integrity component among other things such as log analysis, policy monitoring, rootkit detection, real-time alerting and active response.

OSSSEC also runs on most operating systems including Linux, Mac OSX, Solaris, HP-UX, AIX and of course Windows.

If you are worried about support, they also provide premium support services through Trend Micro, Inc., the company who backs OSSEC. Otherwise if you are savvy enough, you can just opt in to the users or developers mailing list for free.

For more information on how OSSEC can help you with PCI compliance, check out their link here: (OSSEC PCI/DSS)

Jul 17, 2013

Build A Bad Ass Linux Desktop For About $410

A few weeks ago my dentist had two old Windows XP desktops crap out on him. Normally I would have recommended that he go to Dell and purchase some new desktop PC's and call it a day. Well, most OEM desktops come with support for only Windows 7 or Windows 8, and finding drivers for Windows XP is a pain in the ass.

Since he is running a Windows 2003 domain, and refuses to pay the money to upgrade to a Windows 2008R2 domain, Windows XP is still the OS of choice for all of his office PC's. That's where custom builds come in, and that's what I did for him. I built him two awesome desktop computers to run Windows XP.

Well since I wouldn't recommend running Windows XP to you, I would certainly recommend building one of these awesome PC's for use with Linux. Since you can pretty much run Linux off of an old soda can and a battery, these things will scream if you put Bauer-Puntu or your favorite distro on it!

Here's the list of parts you will need:
Here's some pics of the ones I built for my dentist:



The case doesn't have a lot of frills, but it's very well made, and fairly small so it doesn't take up a lot of room. Also, the power supply is in the front of the case which is interesting, and saves space when you are installing the mother board.

The most expensive parts in this list are the processor and the mother board which is to be expected, but since I opted for the Intel I3 instead of the I7 I saved my dentist a few hundred dollars, and still gave him plenty of performance to run Windows XP. That will also be plenty of performance for most Linux installs as well.

All in all, for a little over $400 you can't go wrong here, especially for a Linux system.

Jul 16, 2013

My Personal Facebook and Twitter Accounts Have Been Deleted... For Real This Time

Back in September of last year I said that I was going to delete my personal Facebook and Twitter accounts, however I was so addicted to social networking at that time that it only lasted three days before I gave up and saved my accounts from permanent deletion.

Well if you are reading this, that means that I have finally done it for real. That's because I am writing this from in the past right after I deleted my Facebook and Twitter accounts for the last and final time on July 7th, and I scheduled this to publish now on July 16th. By now I've gone without my personal accounts long enough to realize that I don't need them anymore.

Also if you're reading this, it means that I didn't hurry up and reactivate my accounts and stop this post from publishing!

Why did I delete them? Well, for the same reason I tried to delete them back in September, because I don't want to give the government a daily play-by-play of my life. When I gave up in September, I figured I could probably slow government spying by locking down my Facebook and Twitter accounts with their privacy settings, but since news broke of the NSA's PRISM program, and how the NSA has direct access to Facebook, it would seem that Facebook's privacy settings are futile.

One thing that enabled me to break my addiction to Facebook and Twitter was that when I gave up in September, I did make the concious decision to change the way I used social networking. I stopped using services like Foursquare, and I stopped posting my daily activities on Facebook and Twitter. I restricted my use to an occasional picture, and bitching about the government. So quitting now is way easier than it was then.

I still have my fan pages and Twitter accounts for Bauer-Power and Mainwashed though, so if you were friends with me on any of those, you should switch to keep up to date with what I'm doing on the blogs. However if you want to stay up to date on my personal life, you will need to call me or email me.

Jul 15, 2013

Keep Your Firefox Settings Private By Setting Up Your Own Sync Server

I wrote yesterday about how I've switched back to Firefox for my default browser for privacy reasons.

One of the reasons I switched from Firefox over to Google Chrome in the first place was the ability to sync my settings between computers. The problem with that is that your data is stored on Google's servers, and we all know that they have no problems selling your data to third party marketers or the NSA.

Well Firefox has a sync feature too, and although I trust Mozilla more than I do Google, by default your sync settings are still stored on a 3rd party server.

The great thing about Firefox though is that they allow you to setup your own sync server so you can still sync data between computers, but you can opt to sync it on your own servers for better privacy and security. I'll show you how to set one up easily!

First you will need to have an Ubuntu LAMP server ready to go with SSL enabled, and the unzip package installed. I'll let you Google how to do that.

Once that is ready do the following:
  • Change into the /var/www directory

    cd /var/www/
  • Download the sync server files

    wget https://github.com/balu-/FSyncMS/archive/master.zip
  • Unzip the package zip archive

    unzip FSyncMS-master.zip
  • Rename the extracted directory

    mv FSyncMS-master ff
  • Change into the ff/FSyncMS-master directory

    cd ff/FSyncMS-master/
  • Copy all of the files to /var/www/ff

    cp * .. -R
  • Change into /var/www/ff and delete the FSyncMS-master directory and the master.zip file

    cd ..
    rm FSyncMS-master -R
    rm master.zip
  • Next create a database in MySQL called firefox mysql -u root -p
    CREATE DATABASE firefox;
    GRANT ALL PRIVILEGES ON firefox.* TO firefox IDENTIFIED BY "password";
    exit
  • Browse to https://servername/ff/setup.php and follow the prompts
  • When finished delete /var/www/ff/setup.php
After creating accounts by setting up sync in Firefox I recommend changing define("ENABLE_REGISTER", true); to define("ENABLE_REGISTER", false); in /var/www/ff/settings.php to prevent random people from creating accounts on your server. After all, this server needs to be publicly available. Also, make sure you change the word "password" to a more secure REAL password.

That's it, now when you want to sync other browsers you can use the pairing method like you normally would, but instead of pulling your sync data from Mozilla, you will be pulling from your new private Firefox sync server.

Jul 12, 2013

Thanks To Google's Collusion With The NSA, I've Switched Back To Firefox For My Browser of Choice

I have been using Google Chrome for many years now. Before that I was an avid Firefox supporter, but Chrome wooed me with it's less bulky interface, and really cool sync feature. It made me not care about my privacy so much. I mean, who cares if Google is tracking all my online activities and browsing habits, and basically selling me to third party marketers?

Well, I started caring when I found out about Google's participation in Prism, and I realized that there is a very high probability that Google isn't just selling my every browsing move to marketers, they are probably handing them over to Big Brother as well. I figured it was time to get rid of all the Google products I could. Chrome was next on the chopping block.

So what makes Firefox better? For one, Mozilla was not named in the Prism documents. Another is that Mozilla is still open source, so if you can read code you can verify that there are no backdoors in Firefox. Finally, Mozilla themselves, along with Fight For The Future have started the StopWatching.us campaign to organize people to fight government surveillance.

From their blog:
Last week, media reports emerged that the US government is requiring vast amounts of data from Internet and phone companies via top secret surveillance programs. The revelations, which confirm many of our worst fears, raise serious questions about individual privacy protections, checks on government power and court orders impacting some of the most popular Web services.
Today Mozilla is launching StopWatching.Us — a campaign sponsored by a broad coalition of organizations from across the political and technical spectrum calling on citizens and organizations from around the world to demand a full accounting of the extent to which our online data, communications and interactions are being monitored.
There is one more thing privacy wise that makes Mozilla better than Chrome. That's the fact that you can setup your own Sync server to sync your settings so they never have to traverse Mozilla's servers if you don't want. Do you think Google would ever let you do that? I don't think so.

The last big Google product I have to get rid of now is my Android phone. What are my alternatives? iPhone? Windows Mobile? I think not, both Apple and Microsoft have been named as being a part of the Prism program as well. I suppose I can go with Blackberry, but I despise Blackberry. I guess I will wait until the Ubuntu Mobile OS is available, or Mozilla's phone.

What about you? Are you going to keep suckling on Google's teat? Why or why not? Let us know in the comments.

Jul 11, 2013

5 Reasons to Consider a Windows Phone 8

You probably aren't using a Windows Phone 8. With ZDNet reporting the phone only has 1.2 percent of the smartphone market share, it's clear Android and iOS are the definite dominant operating systems. But while Windows 8 gets a lot of flack for its distribution and functionality on desktop and laptop computers, it shines on a touch screen and is a worthy consideration if you're in the market for a new smartphone — especially if you do a lot of business on your phone, with its integration of Microsoft Office. And with rumors of sexy updates coming soon, according to InformationWeek, consider a Windows Phone 8:

Photo of a Windows Phone 8 by Nicola since 1972 via Flickr

1. The Kernel

The Windows 7 phone experience was based on the Windows CE kernel, but this time around, Microsoft has based the mobile Windows 8 operating system on the full-fledged version of Windows 8. This gives developers more resources and flexibility, which leads to better performing applications. The Windows 8 OS is more powerful on a technical level than Android or iOS, although that might not be immediately apparent when you look at the surface. The OS does require power hardware to run it, so cheap cell phones at T-Mobile are not going to be able to handle the Windows 8 experience. Microsoft's OEM requirements for the Windows 8 phone operating system includes the Qualcomm Snapdragon S4 dual-core processor, 512 megs of RAM, 4 gigs in Flash memory, DirectX support and multi-touch screen.

2. People Hub

While Windows 8 phones are lacking in several major apps that many people consider essential to their smartphone life, such as Instagram and Google Maps, it does have good software options. The People Hub, for example, brings all of your social media feeds together into one app. You can easily go from Facebook to Twitter, looking through the latest updates and keeping up with your friends. The Hub concept carries over into other aspects of the phone, such as a media hub.

3. The User Interface

Windows 8 might be clunky in some areas, but it delivers on the user interface. The Metro UI that's so reviled on laptops and desktops makes perfect sense on a touch-screen smartphone. It's a big difference from the way Android and& iOS handles navigation and the UI, so it has a learning curve to it. Once you've gotten used to the way Windows 8 organizes things, you're going to wonder why the other mobile operating systems don't handle things the same way. The main interface gives you the essential elements you need, and situational options are contained within a sleek bottom bar. If you don't like the way the interface is set up, you can customize it so the information that you need is right there.

4. Microsoft Office Support

If you use Microsoft Office for your business or personal life, Windows 8 phones offer a full-fledged Office experience. Android and iOS phones have apps to view Word docs and other Office files, but you cannot manipulate them, in most cases. Microsoft's mobile version of Office doesn't have that restriction, so it makes a lot of sense to deploy Windows 8 phones in a business that relies heavily on these applications.

5. Carrier Customization Restriction

Some Android smartphones are heavily branded by the wireless service provider, with bloatware galore, custom UIs and even essential operating system features locked away or tweaked in a consumer-unfriendly fashion. Windows 8 does not allow these types of carrier customizations, although carriers are able to load applications onto the phone. It's a lot easier to uninstall some apps than edit out a ton of branding and carrier tweaks.

Have you tried out a Windows Phone 8? What did you think? Tell us in the comments.
Enhanced by Zemanta

Jul 10, 2013

My Local City's Website For Paying The Water Bill Is Not PCI Compliant

One of the many facets of my day job is making sure my company's public facing web servers are PCI compliant because we do a lot of business with Banks and financial institutions and they require it. The funny thing is, we don't really store any personally identifiable information that really requires it.

Now, if you've ever had to make sure your systems are compliant, you know what a pain in the butt it can be sometimes. That's why I get really ticked off when I see a government website that is accepting credit card information, and should be PCI compliant, isn't. I get particularly ticked off when I have to enter my credit card information in on their site to pay my bills!

Well, that is exactly the case with the city of Escondido in California. I decided to check how well they implemented their SSL on their water utility bill pay site using SSL Labs test tool. The good news is that it's not terrible. The bad news is that it wouldn't pass a PCI compliant security scan, which it should be able to do since they are accepting credit cards!


This isn't the first time I've seen poor SSL implementation from a government agency. Last year I found out that my company's help desk ticketing system had better SSL implementation than the friggin' CIA!

Anyway, the main point here is that if the website belongs to the government, whether it's federal, state, city or county, they need to implement their security the right way.

Do you agree? Disagree? Why or why not? Let us know in the comments.

Enhanced by Zemanta

Jul 9, 2013

How To Generate A CSR in Linux Using OpenSSL

Cryptographically secure pseudorandom number g...
 (Photo credit: Wikipedia)
One of the main points of Bauer-Power is that it is my own personal knowledge base. I can't remember everything, so I often times will write up a how-to here on Bauer-Power so I can easily go back later and look it up in one place. That is what this post is about.

I occasionally have to use SSL on Apache web servers in Linux, but I don't do it often enough that I remember all of the OpenSSL commands that I need to get things done. For instance, the command needed to generate a Certificate Signing Request (CSR) that I can use to obtain an SSL certificate from a third party certificate authority (CA).

That command is:
openssl req -nodes -newkey rsa:4096 -keyout SSL.key -out SSL.csr
That will start off some prompts that you can fill out to generate your private key file, as well as the  CSR you will need to get a certificate from your third party SSL provider.

Note, you can change the bits number to 2048 or 1024 if you want, I prefer a stronger RSA key though. You can also change the names of the key and csr file to whatever you want.

Anyway, if you already knew how to do this, awesome! Like I said, this post is mainly for me :-P
Enhanced by Zemanta

Jul 8, 2013

Fix Untrusted Chain Issue With Firefox and GnuTLS

I have GnuTLS setup on numerous Apache web servers. It's just better than OpenSSL because with GnuTLS I can use the more secure TLSv1.1 or TLSv1.2. The only problem I've had with it, until now is that it's trusted by every browser I've used with the exception of Firefox.

When I browse to one of my GnuTLS enabled sites in Firefox I get an error saying The certificate is not trusted because no issuer chain was provided.


In the Apache config files using OpenSSL it's easy, you can specify a chain file, but in GnuTLS you can't. There is a way of making it work though.

Just open your server certificate with your favorite text editor, and open the intermediate certificate in another text editor, then copy the contents of the intermediate certificate to the end of your server certificate and save it. Restart Apache and you should be right as rain now!

If you are doing this on your server you can append the end of the intermediate cert to your server cert by running the following command:
cat intermediate.crt >> server.crt
If you have any questions, let me know. For some reason there isn't a lot of documentation out there for GnuTLS yet.

Enhanced by Zemanta

Jul 5, 2013

Manage Amavis Spam/AV Quarantine For Free in iRedMail With Amacube

This may very well be my final post about my new anti-NSA Linux email server I setup on an Ubuntu VPS using iRedMail... No seriously, I think this should cover it.

iRedMail is a free Linux package you can use to stand up a really awesome email server that combines Roundcube, Postfix, Dovecot, Spamassasin, ClamAV, Amavis and others in a matter of minutes. The problem with the free version is that it doesn't allow you to easily manage your spam quarantine. For that, they want you to spend upwards of $600 for iRedMail pro.

Well if you are on a budget like me, $600 is too much, but I found a free alternative that is pretty easy to use. It takes advantage of the fact that the webmail interface iRedMail uses is Roundcube, which is fairly popular and has many different plugins you can add.

One of those plugins, Amacube, let's users manage their own email spam/virus quarantines!

After it's installed, it puts a little quarantine button in the upper right corner of the Roundcube interface:


Inside the quarantine you can see any messages that have been quarantined and the user can then delete, or release them if they want. I would show you a screen shot, but I deleted the quarantine before I wrote this up.

Anyway, if you want to manage your spam quarantine easily with Roundcube in iRedMail, you don't need to spend $600. Just get the Amacube plugin.
Enhanced by Zemanta

Jul 4, 2013

Get Rid Of The Stupid Landscape Advertisement In Ubuntu Server

I am one of the few people in this world that like to add a little something to my motd in Ubuntu so when I ssh into one of my servers it's a little less boring. I love putting ASCII art in my motd.tail file so I have something fun to look at when I login.

In fact, here is what it looks like when you login to my email server:



One of the things I don't like is the annoying advertisement for Canonical's Landscape. You know, the string that says, "Graph this data and manage this system at https://landscape.canonical.com/".

I have never used it, and will likely never use it, so stop bugging me about it!

Well, to turn it off without losing the other useful system information, all you need to do is create a client.conf file in /etc/lanscape with the following information:
[sysinfo]
exclude_sysinfo_plugins=LandscapeLink
Now with that there, you will get everything you want, and none of the Lanscape crap you don't!

[Via Kember]
Enhanced by Zemanta



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam