Do you use let's encrypt?





1073 votes ~ 8 comments

 

Archive for 2006

This is a document that explains how to install mixmaster and how to use it to send email, in an anonymous and secure fashion.

Now that we're at the end of the year it seems like a good time to celebrate our second anniversary! It is a little hard to believe at times, but this site has now been in existance for just over two years. During that time a great number of visitors have commented, contributed articles and polls and made this site what it is today. A big thank you to everybody who has contributed.

There are times when you'd like to conduct complex conditional actions within a CFEngine setup. Whilst it is possible to use built in classes, or dynamic tests for the existence of files, directories, or other things using an external plugin module gives you a lot of additional flexability.

Have you ever been tinkering under the hood only to discover later that you blew up one of your defaults? Say your default web-browser, so that when you click a link from email it opens Firefox instead of Konqueror or vice-versa. Well I know I have. Here we'll look at how to fix this, graphically.

This is a short guide on quickly setting up a Tor server in Debian Sarge. If you're looking for a way to use tor as a client, I suggest you read the article on that subject.

If you're looking to perform a lot of system recovery, or system installation, then network booting with PXE is ideal. PXE allows you to boot up a system and have it automatically get an IP address via DHCP and start booting a kernel over the network.

For people who like to experiment with their Debian systems, trying out new packages on a regular basis, you might be interested to know that there is a new site aiming to showcase a single package every day.

There are times when people make mistakes, and manage to do crazy things to working systems. It wasn't so long ago that a hasty deletion caused me all kinds of problems. Recently I read of an unfortunate sysadmin who managed to recursively change permissions on their root filesystem - and here is my attempted solution.

In case you missed the annoucement yesterday Debian Etch has now been frozen for release. This means that the distribution won't receive automatic updates over the next few days and weeks. Instead only "targetted" package updates will be made.

Sometimes you have to deal with lossy IP connections. Your ISP has packet loss somewhere, or a cable in your network is rotten, or a switch is soaked with traffic.

I was recently offered the opportunity to review a copy of "OpenVPN - Building and integrating Virtual Private Networks" by Markus Feilner. This book covers everything from installing OpenVPN, configuring it, and using it in mixed environments. Read on for a review of this excellent book.

This article describes how to use DHCP to supply information about static routes to the clients on your network. You may want to do this if you have two or more local networks with routers between them. The DHCP software doesn't support this out-of-the-box, but it can be configured to do so without too much effort.

Xen is great. But installing more than one network card became a pain when I tried it the first time. There are some documents describing the principle but I was unable to find a real life example somewhere else. So this is a summary about how it works here now.

There's been a lot of talk lately about encrypted partitions, and Debian is proud to offer a feature to easily create them in the etch installer since beta3. But what about existing systems? This guide walks you through setting up an encrypted partition using cryptsetup and LUKS.

You've set up gpg and can now use it for signing and encryption - but how to go about getting your key signed so that you are not only relying on the web of trust?

This is an easy way to take backups and putting them on a remote site. I invented this script in order to put backups on a reliable remote site where I unfortunatley only have a user account.

Work had some old desktop PCs going spare and I set one up for my father. Mostly because I didn't want to have to remote admin a Windows machine I decided to install Debian on it.

Recently this site was updated to avoid a potential security weakness. This article briefly describes the problem which was fixed, and explains some of the most common online security problems.

Recently there was an article on this site discussing adding colour highlighting to grep. Now we're going to look at a general purpose highlighting tool called histring.

I was answering a recent weblog post and I figured the reply was sufficiently interesting to be a short and sweet article, plus the feedback from you guys is always great. So, here it is: Making sure that network interface ordering remains constant.

You arrive at a Debian GNU/Linux server which has some history of neglection. Let's suppose someone else neglected it but if your new-year resolution is to stop neglecting your beloved server, this applies as well.

I want to sync my notebook home directory data to my Debian Sarge server using Unison. Unison is a file-synchronisation tool which allows two replicas of a collection of files and directories to be stored on different hosts (or different disks on the same host), modified separately, and then brought up to date by propagating the changes in each replica to the other.

Many Debian users use grep regularly. But did you know that grep can highlight the text it matches in color?

The Wikipedia article on Diwali renders with unicode symbol 0x25CC missing on my unstable desktop in Firefox.

If you're running a popular website you'll most likely notice that some clients are less well-behaved than others. Greedy clients can do anything from make numerous requests, to attempting to spider your entire site. One simple way of preventing these clients from slowing down your server is with the mod_bwshare module for Apache2.

This content is taken from the linux kernel source documentation. I'm throwing it out here to make it easier for users to find. The sysreq key is a "magical" key combination to which your Linux kernel will respond, regardless of whatever it is doing.

Upgraded recently, and an important package broke? Not sure which of the upgrades to roll back to an earlier snapshot? Use which-pkg-broke, from the debian-goodies package.

SSH is not only the secure replacement for rlogin, rsh and telnet, which has been used in the past to do remote administration work, but there are also neat tricks like port forwarding, vpn tunneling and file transfers that you can do with minimal configuration work, leaving only one port open to the internets.

Not sure if a manual page does what you need? Want to read the manual page first, before installing it? Use debman, from the debian-goodies package.

You probably know about man, and how to read manual pages in the console. But did you know that man can display manual pages many other ways, such as in a browser, or in a printer-friendly form?

gpg, the GNU Privacy Guard, provides a means for secure encryption and signing of all kinds of data, such as email, software distributions, or Debian packages. gnupg-agent safely stores your passphrase for use by gpg, giving you the convenience of not entering a passphrase frequently without the insecurity of a passphraseless key.

Generally, when using GPG, you want others to have the ability to verify your signatures or encrypt data to you. In order to do so, they need your public key. To help them obtain it conveniently, you can put it on a public keyserver.

If your GPG private key becomes compromised, you need to revoke it to warn others not to trust future signatures or encrypt data to your public key. However, by the time a key compromise happens, you might not have your GPG key available, such as if it resided on hardware stolen from you, or the attacker removed it after accessing it. This article shows you how to generate and preserve a revocation certificate now, before you actually need it.

SSH has numerous uses beyond just logging into a remote system. In particular, SSH allows you to forward ports from one machine to another, tunnelling traffic through the secure SSH connection. This provides a convenient means of accessing a service hosted behind a firewall, or one blocked by an outgoing firewall.

Over the past few months there has been a dramatic rise in a new type of spam mailings, which comprise of semi-random words and a real message embedded inside an image. How do you deal with this?

Recently I was given the task of rolling out a number of PCs running Linux for a student lab. The roll out isn't complete yet, but I thought that this trick was so nice for lab based environments that I'd use it to try my hand at a debian-administration article.

Here is a very short (but in my opinion very useful) how-to for creating an USB boot device, which enables you to boot Debian from your memory stick.

Debian does not provide an initscript for iptables by default. This does however not mean that it is impossible to get firewall rules to survive a reboot.

SSL-Explorer is the world's first open-source, browser-based SSL VPN solution. This unique remote access solution provides users and businesses alike with a means of securely accessing network resources from outside the network perimeter using only a standard web browser.

We are distributing Debian and Mozill Firefox on all the machines in our school, but are having problems setting up the browser homepage automatically.

Resetting the root password of a MySQL database is trivial if you know the current password if you don't it is a little tricker. Thankfully it isn't too difficult to fix, and here we'll show one possible way of doing so.

This article is primarily focussed on the Greek users of Debian out there, and I hope there are quite a few of us! I am using Debian as a server myself and it is quite important to be able to at least show the full greek character set in the console, as some of my files may have greek filenames. Typing Greek in the console is of less importance, although this article covers it as well.

I needed a method for sharing a secret that required multiple agents to coordinate before the secret could be recovered. This is useful for encrypting keys used in critical backups. I decided to use an implementation of Shamir's Secret Splitting Scheme (The S in RSA).

If you're using the unstable or testing distribution of Debian GNU/Linux you will almost certainly have noticed that apt-get uses daily-diffs for its package updates. In many common situtations this is more bandwidth efficient, however it isn't always appropriate.

One can do a lot more with ssh than use it for remote terminal session. Here we'll show how to copy files using ssh, use ssh as part of a pipe, vnc or samba forwarding via ssh and mounting filesystems using ssh (fuse + sshfs)

The Debian stable release, code-named Sarge, has been upgraded to 3.1r3. This is a minor update mostly consisting of security updates.

Debian makes heavy use of it's bug-tracking system, (BTS) to coordinate work, and for developers to know that a problem needs fixing.

One of the unofficial Debian project resources which doesn't get the attention it deserves is the Debian Snapshot site. The site contains a mirror of old Debian packages, which can be very useful for system recovery.

From the server room, I found an old RS/6000 43P Model 150 installed with AIX 4.3 (i.e. it works.) I decided to give it a try to install a Debian powerpc version on it. But I ran into problems booting it.

mount is a command which most people take for granted, once they've mounted their local filesystems it doesn't get used very often. Recently I've come to appreciate one of the more unusual mount facilities; the ability to mount something in multiple locations.

As a not completely new Linux user I have been frustrated over and over again at all the extra bloat and apps that I will never use that gets loaded onto my system when I do an install. Debian was the second distro that I tried and have used many others since, but I keep coming back.

The one absolute truth every sysadmin confronts is "I need to document my network infrastructure, How do I do it?" I hope, with your help, to get this question solved here, now, today, once and for all.

This document describes installing Oracle 10g Express Edition (formerly known as HTML DB) on a Debian based system. My original document can be found here.

This article will describe you how to install a complete solution to manage users that have access to your network devices and also how to automatically backup your network devices configurations with a cvs based storage in order to have diffs on it. You'll also be able to script commands you want to run on your routers/switches to have easier administration.

In this article I will describe how to setup a nearly complete encrypted system using Debian Etch and cryptsetup with LUKS. The goal is: encrypt all partitions except /boot. The user should enter a password at boot time or provide a keyfile on an USB device to decrypt the root partition. Keyfiles for additional partitions are located on the root, so the user does not need to enter a password for every partition.

... I have backported security fixes recently announced by mozilla for firefox and thunderbird to the old branch which we have in Debian Sarge (stable). Now these packages need more testing.

When it comes to installing new installations of Debian GNU/Linux there is one tool which should not be ignored. Whether you're dealing with a real system, or a virtualised one, the debootstrap tool is ideal for quickly installing new Debian environments.

Setting a printer in Debian Sarge from scratch and make it available for Windows XP clients on a LAN can be difficult, but using CUPS and samba it should be fairly straightforward if you have a supported printer. Here we will demonstrate how to do this.

Although rather straightforward, I couldn't find an easy step-by-step guide, so here I'll describe how I ended up growing my ext3 partion on a RAID-1 array.

There is a great howto about installing Xen on Debian Unstable. It is really easy to do and it runs fine. Nevertheless, on production servers, that's not an optimal solution. Debian Unstable has too many updates and things change too often. On production machines, a Xen host system should be stable, secure and should not need much attention. That is where Sarge comes in. If you pull the Xen packages from backports and install them on Debian stable you've got the best of both worlds. Let's do so!

Using XML-RPC it is possible to write software that can be accessed remotely by multiple means, from Ruby and Python to Perl and Ajax. Using a couple of simple libraries it is possible to setup a simple server in only a few minutes, with no need to worry about argument parsing, anything complex.

We have currently 184 production debian servers in various states of out-of-date. We also maintain a local mirror of the i386 distribution. My goal is to develop an easy way to keep these 184 servers up to date.

We've all been there. We press the wrong key, we do some silly mistake, and suddenly, one or more of our file systems refuse to work. Whenever this happens, the first thing we hear is "You should have made a backup", the dreaded sentence that we'll never listen to. Let's face it, we're stupid, and we don't backup.

So you've got a webserver and you'd like to be able to send/receive SMS? You've seen adverts that read "Send FOO to to get ..." and would like something similar? With the gnokii package and a supported phone you should be able to do all that and more.

Recently the Debian project was compromised after a user account was escalated to root via a bug in GNU/Linux kernel. This bug doesn't affect the Sarge kernel(s), but it might affect you if you're running a different distribution. Here we'll cover a couple of hot-fixes.

Several people have asked for information about the unavailability of one of the Debian projects main servers, gluck. This machine has been taken offline due to being compromised.

Qmail is a good solution for an email server, but I think the current official qmail-src package is outdated and not good for using on a modern mail server. That is why I created an unofficial qmail-src package with some suitable patches.

After two very competant and thorough bids have been submitted and evaluated it was decided yesterday that the venue for the 2007 Debconf will be Edinburgh, Scotland.

As those who have read my blog, and my article on Postfix spam prevention, I'm not keen on content filtering to detect spam, as it inevitably leads to false positives, and it doesn't require much imagination to work around it if you are a spammer.

Despite being both great and free the online service thumbshots, which is used to create images of what a website looks like, can't be used for professional use. Here we'll demonstrate how to reproduce that service ourselves.

One of the most common Apache2 questions I've seen on Debian mailing lists is from users who wonder how to host multiple websites with a single server. This is very straightforward, especially with the additional tools the Debian package provides.

My company has only one external IP address and a DNS host name from the same Internet Provider. There are also two Exchange 2000 servers, mxbsas and mxrng. Until now the users could access OWA (Outlook Web Access) from outside the company only via mxbsas, this is because you can't use IIS as a front-end and the Standard version of MSEX2000 does not support this feature.

The logical volume manager allows you to create and manage the storage of your servers in a very useful manner; adding, removing, and resizing partitions on demand. Getting started with LVM can be a little confusing to newcomer so this guide intends to show the basics in a simple manner.

Sometimes you might have a host which you wish to disable IPv6 upon, this can be useful if you're having DNS timeouts when software attempts to resolve hostnames, and for other reasons.

Since we last covered the use of Stack Smashing Protection (SSP) the default compiler for Debian Sid has been upgraded to include it, with no need for custom patching. Read on for a brief demonstration of how it can be used to prevent attacks.

There are several times when you'll be writing a script, or a program, which needs to communicate with the desktop user and here we'll look at two of the more modern approaches.

There are situations where it is common to want to update multiple machines running Debian GNU/Linux whilst minimizing the bandwidth used for downloading packages and updates. There are several different solutions for this problem and here we'll look at one of them: apt-proxy.

This article details the steps taken to transport photos from the compact flash card of my camera onto one of my systems for archival and display.

This has already been announced upon the Debian website, but it is worth repeating here for people still using Debians old-stable release, codenamed Woody. Security support for Woody is due to cease at the end of June 2006.

If you are using LDAP or NIS to manage users you might discover users having problems because they don't have a home directory on each machine they can connect to. Thankfully there is a simple solution for creating home directories upon demand for users.

One thing that I've noticed on my mailserver in recent months has been a large number of spam mails which identify themselves as being sent from my own IP address. Since they never are blocking them is a useful thing to do before any more intensive filtering is done.

Getting wireless networking working with the ndiswrapper driver is fairly straightfoward if your card has an associated Windows driver. Here we'll look at getting wireless networking working for a Dell Inspiron 1300, you should be able to follow the recipe for most other wireless networking cards which are supported ndiswrapper.

If you're a Debian user it is likely that you're subscribed to several of the mailing lists which the project uses for discussion, development coordination, etc. There are a lot of lists available, some quiet, and some very busy. If you're subscribed to several of them you might be looking for a simple way of organizing them, thankfully procmail makes it easy.

In the office I needed a way to block some websites permanently and others outside of break times. After looking at some inline solutions I realised that I could easily do what was needed with squid alone. Here's how

We've described setting up a small network of hosts managed by CFEngine previously, but once installed what do you do with it? Well one common job for automating is to ensure that you have particular packages installed upon all your clients. With CFEngine this is simple.

If you control satellite systems which need to relay their mail through a centralized host for sending then you have several choices. Perhaps the simplest software to use is the nullmailer program.

Now that the Xen 3.0 packages have made it to Debians unstable distribution installation has become much more straightforward. Here we'll take a look at installing and getting started with it upon a generic unstable machine.

An article on Debian-Administration.org already covered ADS set up with Kerberos. But I was looking for the most lightweight and nimble ADS integration so I can achieve the less ambitious goal of single username and password.

Anyone doing Debian installations regularly might be interested in the preseed method of the Debian installer. This document describes how to use this technique.

Mondo is a great system duplication/imaging tool. With Mondo you can create a boot disks that will completely restore your system to a previous state. This can be vital in disaster recovery or duplication. I use it for both testing, duplication and disaster recovery in my environment and I would be lost without it.

We've previously seen how to install the Jabber cross-platform, and open, chat server. Sadly - some people insist on using the closed source IM clients. What should we do?

The #debian IRC channel on freenode very often sees people who don't know how to get PHP running with Apache. This is nearly always caused by missing packages - particularly the Apache mod_php module.

One common server bottleneck is DNS lookups. Many common server tasks such as from looking up hostnames to write Apache logfiles and processing incoming mail require the use of DNS queries. If you're running a high-traffic system it might be useful to cache previous lookups.

Our current server setup is composed of 25 or so servers running Debian sarge. I use openldap for managing authentication and userinfo. Everything works quite well when the LDAP server is up and running, however whenever it goes down, havoc ensues across all our servers.

There are a lot of Linux filesystems comparisons available but most of them are anecdotal, based on artificial tasks or completed under older kernels. This benchmark essay is based on 11 real-world tasks appropriate for a file server with older generation hardware (Pentium II/III, EIDE hard-drive).

We all appreciate the locate command when we are such in a hurry we cannot afford a full and in-elegant find. What we like a little less, though, is the updatedb script consuming up all our disk bandwidth at each boot, summoned by anacron.

There are many times when it is convenient to allow non-root users to run services, or daemons, which bind to "privileged ports". There are several approaches to this problem each with its own set of pros and cons. Read on for a brief look at the most common approaches.

I'm configuring a Debian Sarge/Exim4 host to act as an email gateway between the internet and a private LAN email server. The intent is to forward incoming email messages for some users not only to the internal email host, but also back out to their home email addresses.

In many small and medium sized companies there are a number of servers which have organically grown, with no directory management. I'm curious to know how people would handle adding users in this scenario.

The target of this tutorial is to have a successful installation of the ftp-daemon pureftpd working with virtual user accounts. You should already know about installing pureftpd.

I'm writing this article in hopes that it helps someone else, later. I just spent two days configuring my new e-mail server. It would have only been an afternoon if I'd know what I'm about to share.

If you work with the DNS server bind you'll probably be used to updating the serial number for your zone files manually after making changes. If you're an Emacs user there is a simple automatic way of doing the job.

Previously we learned how to use munin to monitor Debian machines. Now - we need to add some Windows boxes to the mix.

Here's a brief tutorial how to connect a single server to 'the Internet' using multiple physical connections and route various services over different interfaces using a mechanism called 'policy routing'.

After going through the article on Gnu Privacy Guard (GPG) you've got gpg up and running. But - every time you need to encrypt, decrypt or sign, you need to enter your passphrase.

Debian suits perfectly for use as a gateway for computers on your LAN. However once bandwidth usage grows it could be handy to just add another internet uplink to your gateway. Debian does not cater for this out of the box so this document describes how to setup your debian gateway for multiple uplinks.

This began as a presumed problem with Debian, since the issue showed up when I upgraded from kernel 2.4.x to 2.6.x, resulting in total loss of functionality of my externally connected PS2 mouse. The Synaptic Touchpad on my Dell Latitude continued to work, however.

GNU Privacy Guard, or GPG, is a free replacement for the famous encryption tool PGP written by Phil Zimmermann. It is a tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. Here we'll provide a quick introduction to generating a key-pair and using it for basic tasks.

Today I started to set up a SVN repository for our final year project. I tried to setup a SVN server using Apache2 so that the SVN repository is available to the client through the WebDAV/DeltaV protocol. Read on for a trial-and-error introduction.

If you want use PostgreSQL 8.1 on your stable Debian 3.1 it is not a problem. Here is a quick walkthrough of the required steps of rebuilding the Debian package for Sarge.

In the past we've discussed adding new init scripts to a Debian GNU/Linux system so that programs or daemons can be started when a machine is rebooted. That works very well if you're root, but for non-root users it isn't an option.

Suppose you want to experiment a little with web pages and CGI's, but you don't want the hassle of installing the full Apache package. This quick and dirty shell script could just be what you need.

I've been using the tutorials/reviews information from this site to try and set up my laptop to automatically detect the active network (cable at work, wireless at home) and set up the environment as appropriate. This has been slow going, due to a WEP problem I have. This begins with an Archos PMA430 (an audio/video/PIM hand held device) that has built in wireless networking. And it runs a Linux OS, using Qtopia (the most important secondary reason for its purchase).

These days I have to deploy an environment for a team of developers, some of them prefer stable (Sarge), some can't live without packages from unstable (Sid). I intend to use Sarge (stable) for a server itself, so there's no problem to provide an nfsroot of it. But how is this possible to hit both targets?

Firefox has a fairly useful bookmarking concept - quick searches. In the default 1.5 package under sid I see examples of this in the bookmarks Quick Searches folder.

I thought I would run a few tests to check the differences between the two ways of writing to NTFS partitions: Captive-FUSE and NTFS-FUSE.

There appear to be no uncomplicated introductions to the subject of traffic monitoring on the internet anywhere. So here is one. The objective is to get traffic graphs for the primary interface on your server, workstation or firewall quickly and efficiently.

A while ago, the company where I work purchased (in true dot-com style) another small company overnight, and those guys moved in cells to us. Now, they have this huge windows2003 banner with lively colors, as well as serveral other redmond-praising textiles. I'm not the jealous type, but I find myself in need to balance things a little.

This documents my adventure of setting up a spam/virus fighting mail server on Sarge. It is not the most fancy way of doing it, but should be suitable for an environment with not too many users, nor a bunch of road warriors. It's also probably a decent starting point for building more advanced configurations. The end product is a server that dicards virus-infected mail, identifies spam, and sorts it into a local user's junk folder. Courier's Maildrop is used instead of procmail, Maildir directories are used instead of mbox, and the SSL enabled version of Courier IMAP is used for mail retrieval by users.

I stick to the mantra that the stable branch is for production servers and unstable/testing is only for people who know how to fix things when they break or can afford to take a box offline. But stable gets old fast. Its security updates are only for issues that effect, well, security and not application stability.

I've just been reading Michael Jang's "Linux Patch Management". The chapter on Debian isn't very detailed, and I was wondering if this is a solved problem under Debian.

What good advice do you have for setting up and managing logging on a Debian box? I come from a Red Hat 9.0 environment, where there was a rather convenient integrated GUI that let you browse the various logfiles - very useful to see all the failed logins to your SSH account as people tried to break in, for example.

I've been running Xen for a few weeks now and until now I've been happy with the default networking setup installed. Only when I decided to install Xen upon the server which is hosting this website did I need to explore the way Xen sets up networking.

Alright. I'm fed up. I've tried everything I can find on the net (which is _very_ little I'm sad to say), and now I'm more than willing to admit my ignorance on the whole subject since I can't get this working.

If you have control over your DNS you can setup 'wildcard hosting', which means you can have a webserver accept connections for any given subdomain. This can be enormously useful for community websites, or other hosting purposes.

This documents my adventure setting up a LAMP server on Sarge with Apache2, PHP5, MySQL5, phpMyAdmin, Smarty, and ADODB. It covers installation and just enough sample code to test everything. It turned out to be pretty long. I should point out that I have deviated from the "Debian Way" by downloading phpMyAdmin, Smarty, and ADODB directly from their respective websites and installing them in /usr/local. I could find no backports for these, and kept running into dependecies on PHP4 which I did not want to install.

So you switched to the AMD64 architecture, installed the 'pure64'; flavour of Debian on it? Well, get prepared for some problems: no flashplugin for Firefox, no win32 codecs for MPlayer, no OpenOffice.

This tutorial shows you how to configure BIND9 DNS server to serve an internal network and a external network at the same time with different set of information. To accomplish that goal, a new feature of BIND9 called view is used. As a tutorial it'll walk you through the whole set up, but initial knowledge of BIND and DNS is required, there are plenty of documents that cover that information on the Internet.

I'm in the process of trying to migrate an existing, and dying, server to a new Debian Sarge box. The existing server is running RedHat 7. I've got the basics working. However, I have to allow users to connect to the server using Macromedia Contribute, until such time that we can build a administration system for the site. I'm trying to get Contribute to use SFTP and connect to OpenSSH (ssh 1:3.8.1p1-8.sarge.4).

Microsoft ISA Server is a common proxy server within Windows-based networks. It is not very Linux friendly. NTLM Authorization Proxy Server helps us out with this.

Recently I inheritted ownership of an SVN server which was misbehaving. Trying to determine why it wasn't working correctly involved a few hours of testing, careful thought, and caffeine. Eventually I got it working correctly using the often-overlooked tool strace.

This document will describe the setup I made for automating the backup tasks for all laptops here in the house. My servers use the same backup server and infrastructure, but right now they don't have the checks and scripts because they are online 24/7 and my backup server is triggering the backup process. This is however not true at all for the laptops.

Using more than one hard drive to achieve better performance and fault tolerance is very common. Less well known is that it's also possible to aggregate more than one network interface into a single logical interface. In Linux, this is handled by the bonding driver. Benefits of doing this are much the same as the benefits of aggregating discs using RAID: if one device dies, your server carries on working and by using two devices in parallel, performance can be improved.

With the introduction of the Apache2 packages in Debian it is much simpler to create and use a secure SSL protected webserver than in the old days with Apache 1.3, here we'll show how it is done.

I'm looking for a way to make a Debian web cluster completely fail-tolerant. There is heartbeat, a MySQL cluster and I have two firewalls in a redundant setup. The only thing missing is a file-system, that is completely distributed (i.e. symmetric).

Videochatting and amateur pornography are all well and good, but have you ever wondered what else you can do with that webcam?
Well, thanks to the efforts of many dedicated open-source coders, any half-decent PC can be turned into a motion-detecting, snapshot-making, video-recording D.I.Y. security solution.

Gather round the hearth, young nerdlings and I will tell you a tale...just let me settle my creaking bones into my rocking chair, let me wipe my rheumy eyes and nose - there, that's better. Now pass me my ear trumpet. Do give me a little prod if I nod off or my voice wavers too much. Are we all settled in now? Yes? Marvellous! Now let me tell you about ftp upload.

I have built a firewall using Debian Sarge, Shorewall etc. on a VIA EPIA PD6000. I'm very happy with the performance, but I would like to get rid of the keyboard, mouse and monitor and administer the system remotely using VNC, SSH, etc.

I'm running a number of Debian Sarge-based systems, with each using the Gnome Display Manager (gdm) to present a login screen after booting. From here the default is to log in to a KDE session.

For the average home computer user there is no need to install a complex package such as the Internet Software Consortium's BIND DNS or DHCP server, since there are far simpler lower resource tools to use, for example dnsmasq. For those who you wish to learn how to use ISC's BIND and DHCP, for example as a learning exercise, this is how I got it all to work in Debian Sarge, the current stable version of Debian GNU/Linux.

Brute force attacks are a weekly issue on my Debian box and until now, I've manually managed my hosts.allow and hosts.deny files. The issue isn't so much the actual security threat as brute force attacks are usually unsuccessful, but seeing log files that are just loaded up with thousands of failed login attempts is unnerving at best.

Many of the higher end servers have an Intelligent Platform Management Interface, that lets you observe a whole host of hardware parameters. Usually these systems also support plug-in remote management cards (for example DELL RAC cards), that allow remote resets, and other remote diagnostics.

This article will show you how to install Samba 3.X on Debian Linux 3.1 (Sarge) and make it authenticate against a Windows server running Active Directory. It is not intended on replacing the actual official Samba 3 manual - which is a quite good read anyway.

It is fairly clear how to burn CDs with a 2.6 kernel, but I wonder what is the correct way to configuring Debian Sarge to read/write CDs with the default 2.4.27-2 kernel.

Maybe, like me, you've got more than one Debian box on your network - either at home or at work and you want to keep them up to date with apt but are on a slow link or metered bandwidth? If so, apt-proxy could be the answer for you.

In the first part of this text, we introduced the principal concepts of Debian package building. We're now ready to build an example package of a simple command line program.

This two-part article explains how to make a Debian package of simple piece of software, presumably something you have written yourself. Although building a new package is more complex than rebuilding one or having one generated, the idea is that it is actually surprisingly simple to create basic Debian packages. In fact, if you can make software install into a temporary installation tree, you're already 90% done! This text provides a quick alternative to the more comprehensive Debian New Maintainers' Guide. Only knowledge of Makefiles and the basic Debian package tools is assumed.

If you're like me you'll most likely use a wide variety of desktop applications, and spend a lot of time setting up your desktop first thing in the afternoon when you login. Minimising some applications, setting others up to be visible upon all virtual desktops, etc. Even if you have a basic window manager you can automate this activity using Devil's Pie.

There are times when you're looking for a particular library, or file, which you know is available to Debian but you cannot find the package which contains it. This is the kind of job that the Debian packages site helped with in the past, but given its current unavailability we'll look at another approach.

Under the 2.4 series kernel - to be able to use an IDE CD burner we were forced to use SCSI emulation (via the kernel module ide-scsi). Under the 2.6 series kernel - this is deprecated - we now use ide-cd.

What is the correct right way to rebuild package in Debian whilst preventing those packages from being downgraded, without applying a hold upon them?

The "print screen" key is next to the BS key on my keyboard. Every time when I miss the BS key by hitting the "print screen" key, a screen snapshot is printed from my (InkJet) printer.

There are many occasions where it is useful to have an idea of your bandwidth usage, perhaps to know when you're going to be charged more by your ISP, or perhaps just as part of general monitoring. The vnstat tool is a simple means of doing just that.

Most of you have probably heard of Ruby on Rails and may be wondering what exactly it does and how you can try it for yourself. Put simply, Rails is a web application framework that uses the model-view-controller software design pattern to allow for rapid development of web applications. This article will cover how to install Rails on Debian and how to configure it to work with Apache and a relational database of your choice.

For free virtual private servers on linux there are several available choices User Mode Linux (UML), Xen, Linux-VServer and probably many others. If you use one; which did you choose and why?

Sometimes it is useful to know the temperature of your hardware, to prevent it from frying. This information can easily be found, if your hardware provides the sensors needed, and we have the necessary software.

I've been using Exim4 for a while now as a mail server on my home cable connection. Unfortunaly my IP is listed as a dynamic IP which means some mail servers refuse to accept mail from me as I am in blacklists for dialup users.

Many Debian newbies often have to reinstall Windows on the same machine on where Debian is installed. Usually the Windows installation does not take care of our Debian system booting process, overwriting the master boot record with Windows.

After installing Debian, often one is left with just a command line prompt waiting for the user to enter login and password. If you are coming from Microsoft Windows environment, this command line prompt looks similar to the DOS prompt. This article explains how to get a GUI environment after installing basic Debian.

Spam appears to be a fact of life for most of the online world at the moment. Here is how I personally handle the filtering of incoming mail, using a combination of Pyzor, SpamBayes and Procmail. These tools each integrate nicely, and work easily with my mail reader of choice: mutt.

Xen, the virtualisation system, is a great tool for running fresh copies of an operating system. However it doesn't allow you to run X11 programs. Here we can fix that with the help of VNC.

This article is left intentionally blank

Previous Archives