Archive for December, 2009

IPTables Examples

As it is a table of rules, the first rule has precedence. If the first rule dis-allows everything then nothing else afterwards will matter. * INIVIDUAL REJECTS FIRST * THEN OPEN IT UP * THEN BLOCK ALL List iptable rules: iptables -n -L (-n prevents slow reverse DNS lookup) Add rule to Reject all from […]

Identifying Rogue Processes in IIS

Bring up a command prompt and execute: iisapp.vbs This gives you a mapping of process id to application pool.  Next bring up the task manager and identify the process that you are interested in.  If process ids are not currently shown, go to the view menu, select Choose Columns and tick PID. You should now […]

Test HTTP with Telnet

# Telnet to server on port 80 GET /index.html HTTP/1.0 Host: For HTTPS you will need to use openssl: openssl s_client -connect localhost:443 GET /index.html HTTP/1.0 openssl s_client -connect localhost:443

Horde Plesk enforce signature

To enforce a signature/footer on all users: Edit /usr/share/psa-horde/imp/config/trailer.txt

Horde Plesk disable IP checks

The Horde webmail client checks to ensure that its users sessions always originate from the same IP once open.  This can be problematical if the user has an intermittent connection or a roaming IP etc: edit /usr/share/psa-horde/config/conf.php set $conf[‘auth’][‘checkip’] = false;

Encrypted email script using GPG and PHP

#First grab the public key into a file for the GPG enabled email address and import it into a new keyring called public_key.gpg mkdir .gnupg to add the keyring files.  Probably outside httpdocs would be a good idea! gpg –no-default-keyring –keyring /var/www/vhosts/  –import public_key #you can list keys in the keyring by: gpg –no-default-keyring –keyring […]

Install GIT on Plesk

Install GIT on a Plesk/Centos Box doesn’t actually involve much other than a yum install and setting up key auth. Enable RPMforge repo yum install git Enable /bin/bash shell for the user in plesk. make a .ssh directory in their homedir with 700 perms Generate a keypair, or get public key of clients keypair: ssh-keygen […]

FTPS and SFTP on Plesk with ProFTP

SFTP (SSH-FTP) ————— You can add: /usr/libexec/openssh/sftp-server To /etc/shells And then select this in the account as their shell. This will give them access to only sftp with no additional software required. FTPS (FTP over SSL) ——————- Either purchase a certficate or create one:

ProFTP Enable Transfer Resume

Edit proftpd.conf # Allow uploads to resume AllowStoreRestart    on # Allow downloads to resume AllowRetrieveRestart    on

RedHat Enabled Passive FTP

// List the modules installed lsmod // Load the ip_conntrack_ftp module modprobe ip_conntrack_ftp Edit /etc/sysconfig/iptables-config to include: IPTABLES_MODULES=”ip_nat_ftp ip_conntrack_ftp”