android bsd linux unix & open-source world


SSH Security: How To Block SSH Brute Force Attacks with SSHGuard

SSHGuard monitors logging activity and reacts to attacks by blocking their source IP addresses. sshguard has born for protecting SSH servers from the today's widespread brute force attacks, and evolved to an extensible log supervisor for blocking attacks to applications in real-time.

SSHGuard is given log messages in its standard input. By means of a parser, it decides whether an entry is normal activity or attack. After a number of attacks, the IP address is blocked with the firewall.

These are the available blocking backends:

  • SSHGuard with PF (OpenBSD, FreeBSD, NetBSD, DragonFly BSD)
  • SSHGuard with IP FILTER (FreeBSD, NetBSD, Solaris)
  • SSHGuard with IPFW (FreeBSD, Mac OS X)
  • SSHGuard with netfilter/iptables (Linux)
  • SSHGuard with TCP wrappers / hosts.allow (almost any UNIX system)
Print This Post Print This Post

FreeBSD Tools: portaudit – FreeBSD’s Third Party Security Audit

Portaudit is a software vulnerability auditing tool for FreeBSD systems. FreeBSD's Portaudit provides a system to check if installed ports are listed in a database of published security vulnerabilities.

The ports-mgmt/portaudit port polls a database for known security issues. This database is updated and maintained by the FreeBSD Security Team and ports developers.

To begin using Portaudit, install it from the Ports Collection:

cd /usr/ports/ports-mgmt/portaudit
make install clean
Print This Post Print This Post

FreeBSD Optimizations: /etc/make.conf

The file make.conf contains system-wide settings that will apply to every build using make and the standard file. The purpose of make.conf is to control the compilation of the FreeBSD sources, documentation, and ports.

The system build procedures occur in the following areas: the world, the kernel, documentation and ports. Variables set in make.conf may be applicable in one, two, or all four of these areas. In addition, control variables can be specified for a particular build via the -D option of make or in environment.

Print This Post Print This Post

How To Install and Configure Squid as Transparent Proxy Server under Linux and FreeBSD

Squid is a proxy server and web cache daemon. It has a wide variety of uses: caching web, filtering traffic, caching DNS and other computer network lookups for a group of people sharing network resources.

Squid is primarily designed to run on Unix-like systems but it also runs on Windows-based systems. In this tutorial I'll show you how to install and configure squid proxy server to run under Linux and FreeBSD.

A proxy server software is based on the TCP/IP protocol. It monitors a special port such as 3128 or 8080. A computer who runs a proxy server software is called a proxy server. If other computer want to connect to Internet through the proxy server, it should know the proxy server's IP address and proxy port.

Print This Post Print This Post

FreeBSD: How To Install Lighttpd with PHP5-FastCGI and MySQL Support in FreeBSD 8

In this article I'll show you how to install and configure Lighttpd web server on FreeBSD 8.1 with PHP5 support (through FastCGI) and MySQL support.

1. FreeBSD port tree update

Update FreeBSD ports using the following command:

portsnap fetch update

Once is done, we can proceed with the next step.

Print This Post Print This Post

How To Set Up an OpenBSD Router – Step-by-Step Tutorial

This article is a step-by-step guide about how to set up OpenBSD system that will act as a network router that takes advantage of the OpenBSD's PF packet filter.

1. OpenBSD Installation

Install OpenBSD by using this tutorial.

Now that you have OpenBSD installed, lets proceed with the next step.

2. OpenBSD Network Configuration

The network interface is configured at boot time using the /etc/hostname.if files, where if will be replaced by the full name of your interface, for the example above, /etc/hostname.xl0.

The layout of this file is simple:

address_family   address   netmask   broadcast   [other options]

Print This Post Print This Post

How To Install and Integrate eAccelerator into PHP5

eAccelerator is an open source PHP accelerator, optimizer, and dynamic content cache which provides a bytecode cache. eAccelerator increases the performance of PHP scripts by caching them in their compiled state, so that the overhead of compiling is almost completely eliminated. It also optimizes scripts to speed up their execution. eAccelerator typically reduces server load and increases the speed of your PHP code by 1-10 times.

1. Install prerequisites

There is no eAccelerator package in the official repositories, therefore we must compile and install it from the sources. Before we can do this, we need to install some prerequisites.

Print This Post Print This Post

UNIX Tools: tcpdump – packet analysis tool

tcpdump is a common network packet analyzer that runs under the command line. It allows the user to intercept and display packets being transmitted or received over a network to which the computer is attached. tcpdump is mandatory for anyone desiring a thorough understanding of TCP/IP.

tcpdump works on most Unix-like operating systems: BSD, Linux, Mac OS X, Solaris, HP-UX and AIX among others. In those systems, tcpdump uses the libpcap library to capture packets. There is also a port of tcpdump for Windows called WinDump and it uses WinPcap, which is a port of libpcap to Windows.

Print This Post Print This Post

FreeBSD: Complete Virtualization using VirtualBox

VirtualBox is a virtualization software,originally created by German software company innotek GmbH, purchased by Sun Microsystems, and now developed by Oracle Corporation as part of its family of virtualization products. It is installed on an existing host operating system; within this application, additional guest operating systems, each known as a Guest OS, can be loaded and run, each with its own virtual environment.

In this article I'll show you how to install VirtualBox under FreeBSD.

VirtualBox is available as a FreeBSD port and may be installed using the following commands:

Print This Post Print This Post

FreeBSD: How To Create a Network Bridge

A device that connects two networks together into two separate network segments without having to create IP subnets and use a router to connect the segments together is called a "bridge".

To create a bridge use ifconfig command:

ifconfig bridge create

A bridge interface is created and is automatically assigned a randomly generated Ethernet address.

Print This Post Print This Post