14 October 2012

Easy way to config iptables working with ftp

Today I need to build up an Linux server to provide ftp service to my intranet users, I've choose vsftpd as the ftp server because it is default shipped with CentOS. Everything works fine, I can upload and download files through ftp service. Later that I need to secure the server with firewall - iptables of course, the built in firewall for linux - I config the rule to allow tcp destination port :21.

Now I can only logon to ftp sevice and I can not list or download any files. What the hill happen to my server ? After a while calm down, I realize that ftp is a multi ports protocol. It uses port 20/21 for command, and some random port bigger than 1024 for data transfer. Yes, a range of random ports to send or receive data - so to archive this goal, how can I config the iptables to allow these random ports !?

Config ftp server trigger upload file to call external script

In some previous, I can do post action on an http server, which means make a call to an external script after user has download a file, no matter success or failed of downloaded. Now I need to do the same thing but this time is with an ftp server. This time, after user has uploaded a file, the ftp server will execute an script corresponding. I have searched many time and found alot of ftp server but no one has kind of this function, include from vsftpd to proftpd.

Fortunately, at last I found something called "upload script" looks like the same the function that I need. Very thanks to pureftpd with this function. Pureftpd is an ftp server like vsftpd or proftpd but having a cool funtion named upload script which can be used to trigger upload file to call an external script after a file has been uploaded. I want this function to build up a virus/spyware scanner station and my intranet users just upload the untrusted file to the server by ftp.

13 October 2012

Disable crontab email alert

Everytime I log on to my linux server, after I open the console terminal, I recieve a lot of email notification about crontab has done on its task. Messages notification on cronjob minutely, hourly, daily job, blah blah blah .... I dont really care about these actually, but it keeps sending me these email. I saw them as spam-mail no more. I really get upset with them.

08 October 2012

Config sshd for faster login access

Everytime I connect to my Linux servers, I notice that after I have entered the password it always take a while (about 10 to 15 seconds) before the command line cursor to apprear. This is really un-comfortable for me and maybe for you too. Many times like that, until I get upset with it, I decided to investigate to see what happen behind the sense.

To see what did happen after I have typed the password, I decide to enable verbose mode of ssh connection by using -v parametter. The info appeare is so very helpful, according to that I see openssh-server seems to use lot of authentication method beside traditional password method, something likes gssapi-with-misc, gssapi-keyex, ... The server is waiting for these modules but by default I dont use these methods and I have not config them yet, so the server have to wait for them until timed out. I need to config the sshd to disable these module for faster access.

07 October 2012

Another way customize winxp run on usb by embedded studio

Well, Microsoft has released Windows 8 as the next generation windows, which promises to take user to a new look and feel surface interactive enviroment. And Win8 has a very interesting feature which can make itself to be run on a usb disk ! Yes. The demand of using a portable OS is reality. It's really comfortable for using by that way, all settings and user profile just stay on an usb disk. When need to work on it, just plug the usb to any PC.

Today, there are a lot of Linux flavors that natively support booting and running from a usb disk. But with the old version of window, running from usb is really another story ! For a long time, alot of people have a dream of running a full winxp on usb disk, but all they get is just a small piece of XP called winPE (just an installation environment of windows). Yes, winPE can run, but it's not a full windows environment, you can only use it for an rescueing environment not for working nor entertainment.