14 October 2012

Easy way to config iptables working with ftp

Today I need to build up an Linux server to provide ftp service to my intranet users, I've choose vsftpd as the ftp server because it is default shipped with CentOS. Everything works fine, I can upload and download files through ftp service. Later that I need to secure the server with firewall - iptables of course, the built in firewall for linux - I config the rule to allow tcp destination port :21.

Now I can only logon to ftp sevice and I can not list or download any files. What the hill happen to my server ? After a while calm down, I realize that ftp is a multi ports protocol. It uses port 20/21 for command, and some random port bigger than 1024 for data transfer. Yes, a range of random ports to send or receive data - so to archive this goal, how can I config the iptables to allow these random ports !?

Config ftp server trigger upload file to call external script

In some previous, I can do post action on an http server, which means make a call to an external script after user has download a file, no matter success or failed of downloaded. Now I need to do the same thing but this time is with an ftp server. This time, after user has uploaded a file, the ftp server will execute an script corresponding. I have searched many time and found alot of ftp server but no one has kind of this function, include from vsftpd to proftpd.

Fortunately, at last I found something called "upload script" looks like the same the function that I need. Very thanks to pureftpd with this function. Pureftpd is an ftp server like vsftpd or proftpd but having a cool funtion named upload script which can be used to trigger upload file to call an external script after a file has been uploaded. I want this function to build up a virus/spyware scanner station and my intranet users just upload the untrusted file to the server by ftp.

13 October 2012

Disable crontab email alert

Everytime I log on to my linux server, after I open the console terminal, I recieve a lot of email notification about crontab has done on its task. Messages notification on cronjob minutely, hourly, daily job, blah blah blah .... I dont really care about these actually, but it keeps sending me these email. I saw them as spam-mail no more. I really get upset with them.

08 October 2012

Config sshd for faster login access

Everytime I connect to my Linux servers, I notice that after I have entered the password it always take a while (about 10 to 15 seconds) before the command line cursor to apprear. This is really un-comfortable for me and maybe for you too. Many times like that, until I get upset with it, I decided to investigate to see what happen behind the sense.

To see what did happen after I have typed the password, I decide to enable verbose mode of ssh connection by using -v parametter. The info appeare is so very helpful, according to that I see openssh-server seems to use lot of authentication method beside traditional password method, something likes gssapi-with-misc, gssapi-keyex, ... The server is waiting for these modules but by default I dont use these methods and I have not config them yet, so the server have to wait for them until timed out. I need to config the sshd to disable these module for faster access.

07 October 2012

Another way customize winxp run on usb by embedded studio

Well, Microsoft has released Windows 8 as the next generation windows, which promises to take user to a new look and feel surface interactive enviroment. And Win8 has a very interesting feature which can make itself to be run on a usb disk ! Yes. The demand of using a portable OS is reality. It's really comfortable for using by that way, all settings and user profile just stay on an usb disk. When need to work on it, just plug the usb to any PC.

Today, there are a lot of Linux flavors that natively support booting and running from a usb disk. But with the old version of window, running from usb is really another story ! For a long time, alot of people have a dream of running a full winxp on usb disk, but all they get is just a small piece of XP called winPE (just an installation environment of windows). Yes, winPE can run, but it's not a full windows environment, you can only use it for an rescueing environment not for working nor entertainment.

28 August 2012

Boot hiren cdrom iso image from http server


Up coming to boot winxp from http server , now we will take GPXE to boot an iso disc image through http protocol. This time I tried with an Hiren BootCD iso image - a very famous and popular All-in-One BootCD. It takes about less than 30 seconds to load and boot the image using 100Mbps LAN network. If move to Gigabit network, the time will be much better.

23 August 2012

Boot winxp from http server

Traditional PXE booting uses TFTP for loading the image file. The TFTP is simple protocol and based on UDP so it has some dis-advantages as slow speed, not reliable, not WAN capable, maybe blocked by firewall. While GPXE is a modern way to boot from network, it does support loading the image file from http, ftp, iscsi ... which based on TCP protocol. By that way GPXE gains of high speed, reliable and can be used in WAN (internet) network. 

18 August 2012

How to run winxp in ram memory


As you know, PC memory (RAM) works at super fast speed. Maybe it is the second fasted factor in PC architechture (slower than CPU cache memory). This post will show you how to load and run winxp in RAM to see how fast it does run.

15 August 2012

Make winxp to minimal size with nlite

In normal circumstance, after installing, a full version of windows xp takes around 1GB (after turn off paging file) hard disk space. Windows XP has been shipped with alot of components which maybe you dont need and maybe never use them like : support for netware network, transmeta cpu, netmeeting, help and supports, driver and dll caches, ...

While alot of people want to run winxp in minimal space environment like usb disk or ram disk, it's a good idea to remove those un-needed components and just leave the most needed components stay. This post will show you how to reduce winxp size with the nLite tool - a very popular tool to slimdown winxp.

14 August 2012

How to install and run a full winxp on usb disk

Winxp is really a good member of windows family. It is maybe the most common version of windows has ever used until now. This post will show you how to put a full winxp on usb disk to use it anywhere.

Create SSL self signed certificate using with Apache and Windows IIS

You have a website which uses form-login to authenticate users, so you will need to run https to protect the user credential (username/password) agains of snippers on the internet. This post will show you how to create self signed certificate using with apache and IIS.

Bypass ie warning message when using with self signed certificate

This post will show you how to bypass IE warning/error message when accessing to a site which using self-signed certificate.

Requirement :

  • No special requirement.

Steps in detail :

13 August 2012

Authenticate users with client certificates on Apache and IIS

Objective :

You want to authenticate users with client ssl certificates instead of traditional password form (weakness) ?! This post will show you how to do that with OpenSSL and Apache/IIS.



Requirement :

  • Understanding off ssl Private | Public Key infrastructure.
  • Let's suppose that we will use 3 separate servers :

Functions of each server :

  • CA Server : This server will act as a CA provider, it uses openssl-tools to create, sign, ... certificates for the two web servers and clients. 
  • Apache Server : This server will serve https service by apache (httpd). 
  • IIS Server : This server will serve https service by windows IIS.

Alternative software :

This post is based on Linux system and did use openssl package for deploying.

If you are not familiar with Linux stuff, you can download openssl edition for Windows, it will work as the same on Linux.

ssh public key authentication

So, you dont want to type any password every time making ssh to your server but still providing fully securities factors. This post will show you how to do that with Private | Public key authentication.

Requirement :

Understanding off Public | Private key infrastructrure.

Terminology :

  • Public key  : it looks like the lock, it will stay on the server that you want to ssh to.
  • Private key : it looks like the key, it stays on your pc and you have to make it as secret as possible. No one will see this key except just you.
  • Both keys use a pair of mathematically related cryptographic keys. If one key is used to encrypt information, then only the related key can decrypt that information. 

Nginx post action to trigger successfully download file

As you know nginx is a lightweigh but very powerful http server, and it has a lot of cool features.

Suppose that you have an nginx server hosts some files, and you want to track how many people has successfully download and how many has fails or cancel. This post will show you how to do that with nginx post_action directive.