If your ftp server is behind a NAT router, the regular ftps configuration steps you find in most tutorials in the Internet may not work for you. Hope these steps help.
1. Chroot (chain or jail) users to their home directory by adding the line below to proftpd.conf
DefaultRoot ~
2. Generate certificate keys, in this case, in the directory /etc/proftpd/ssl/
$openssl req -new -x509 -days 365 -nodes -out /etc/proftpd/ssl/server.cert.pem -keyout /etc/proftpd/ssl/server.key.pem
3. Add this lines to proftpd.conf
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSOptions NoCertRequest
TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem
TLSVerifyClient off
TLSRequired on
4. Allow a range of passive ports to be forwarded to your ftp server by the firewall and set those ports in your ftp config file – proftpd.conf in this case.
PassivePorts 60000 60100
5. Masquerade the ftp server’s address to the external IP of the NAT server/router.
MasqueradeAddress x.x.x.x
Got this advice from a CTO – hot topics for system administrators:
1. performance monitoring
2. capacity planning
3. virtualization
4. Disaster recovery(DR) planning
By default, any error message in your php script will be visible to site visitors on the browser and will be logged to apache error log file – most commonly in “/var/log/httpd/error.log”. In a production server it is advisable to prevent the error message from appearing on browser and has to be silently sent to a custom log file, specifically created for logging only php error messages. Following these steps might help:
1. Create the file under /var/log –
$touch /var/log/php-error.log
2. change permission to 644 –
$chmod 644 /var/log/php-error.log
3. set ownership –
$chown root.apache /var/log/php-error.log
(if httpd is running under apache, could be www-data, nobody…)
4. Edit /etc/php.ini and make sure the following options are set correctly
error_reporting = E_ALL
display_errors = OFF
error_log =/var/log/php-error.log
log_errors = ON
5. Write a php script with some syntax error in it and check whether the error notification is logged or not
$tail -f /var/log/php-error.log
It is not advisable to use password based login for ssh any more. One of the most secure ways of remote login through ssh is to use public key authentication. But in order to do that you have to generate both private and public keys using ssh-keygen, for RSA the default file names would be id_rsa (private key) and id_rsa.pub (public key). Since you have already generate those keys with a passphrase and want to change the passphrase now, execute the following command:
$ ssh-keygen -f id_rsa -p
type your new passphrase, you are done!
Have you locked yourself out of your linux machine? If by any chance you forgot the root password of your linux box and you have physical access to that machine, booting linux in single user mode will do the trick. Restart your computer using one of the following commands:
$shutdown -r now
OR
$init 6
OR
$reboot
Then select the Linux kernel from the boot menu, type “e” (for edit). Then select the second line which starts with the word “kernel” and type “e”. Then press “space bar” and type “single” (for linux single user mode). Finally press “Enter” and type “b” for boot. Go ahead change the password now with
$passwd
Typical scenario: guy goes to a bar, does a quick scanning of the people inside the bar and walks straight to a blonde sitting all alone at the corner…the story goes. What about the Linux/Unix version of the story?
#who | grep -i "blonde" | echo "hi" | date; \
cd ~/bedroom ; unzip; touch; strip; finger; \
mount; gasp; yes; uptime; umount; sleep
You might find this link interesting too, the war on terror for dummies – the way Linux geeks interpret and analyse the war on terror.
Filed under:
Linux, Scripting
