How to install and secure egroupware - Directory UMM

More documents

Recommendations

Info

� You need a separate key pair for every user you want to connect to the server with. 6.1.4.2.1 Creating a secure shell key pair You must create the ssh key pair on the client side as follows: [user@client home]$ ssh-keygen - t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/user/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /user/.ssh/id_dsa. Your public key has been saved in /user/.ssh/id_dsa.pub. The key fingerprint is: f0:00:f7:95:e9:73:37:11:aa:e8:06:3e:60:9e:0d:25 user@yourserver 6.1.4.2.2 Copying your public key to the server You must copy your new public key (*.pub) from your local client to the server: [user@client home]$ scp .ssh/id_dsa.pub useratserver@yourserver:/home/yoursername/ Install the public key on your server: [user@client home]$ ssh yourserver [user@server home]$ cat id_dsa.pub >> .ssh/authorized_keys [user@client home]$ chmod 600 .ssh/authoritzed_keys Now, if you connect to the server, the server asks you for the password which you typed when you created the SSH key pair. If you don’t want type it every time when you connect to the server, you can use ssh- add. 6.1.4.2.3 The ssh-add tool If you connect to your server (or different servers) frequently, you can use the ssh-add tool to store the password from your ssh key. Then you can just type your password once and it is stored for you permanently: [user@client home]$ ssh-add Enter passphrase for /home/youruser/.ssh/id.dsa: Identify added: /home/youruser/.ssh/id.dsa (/home/youruser/.ssh/id.dsa) 6.1.4.2.4 Securing your SSH client Reiner Jung Install and Secure eGroupWare Page 26 of 67
There is one important line in the configuration file from the SSH client. The make sure the following line exists in your ssh_config file: Protocol 2 This allows your clients connections with the version 2 of the SSH protocol only. 6.1.4.2.5 Securing your SSHD For your SSH daemon you can use the following values to make it more secure: Protocol 2 PermitRoot Login no PubKeyAuthentication yes Passwor dAuthentication no PermitEmptyPassword no 6.1.5 Installing software to monitor your server logs Analyzing your log files is a must for every administrator. When you don’t monitor your log files, you have no chance of seeing security problems or anomalies. There are several products on the market that can help you to monitor your log files: logcheck logwatch logsurfer Logcheck is recommended. Logcheck will work under Linux, BSD, Sun, and HP-UX. It is easy to install and make clear reports. To install logcheck type the following from the logcheck root after you have untar’d the file: [ root @server logcheck-1. 1. 1]# make linux To run it automatically, you must add a line to your crontab file. Under RedHat, it is /etc/crontab. Open the file and add the following line: 00 * * * * root /bin/sh /usr/local/etc/logcheck.sh Edit the logcheck shell script to add the recipient to the log report. The recipient is the value of the SYSADMIN variable in the script. [root@egroupware logcheck-1.1.1]# vi /usr/local/etc/logcheck.sh To receive better detailed reports, advanced users can also edit the follow files: logcheck.violations logcheck.violations.ignore logcheck.hacking logcheck.ignore Reiner Jung Install and Secure eGroupWare Page 27 of 67
Page 1 and 2: How to Install and Secure eGroupWar
Page 3 and 4: Index Index .......................
Page 5 and 6: 7.5.3 Step 3 - Set Up Your User Acc
Page 7 and 8: 2 Express Install HOWTO This “How
Page 9 and 10: 4) Ensure that your web server and
Page 11 and 12: and for initial setup only 12) Mana
Page 13 and 14: 4 Updating eGroupWare 4.1 Updating
Page 15 and 16: [root@server root]# gpg --list-keys
Page 17 and 18: [user@server tmp]$ md5sum eGroupWar
Page 19 and 20: [user@server tmp]$ unzip /tmp/eGrou
Page 21 and 22: Conclusion: Minimum necessary open
Page 23 and 24: • strings.c: quick and dirty stri
Page 25: � If possible, use only SSHv2 con
Page 29 and 30: verbose=5 report_url=file:/var/log/
Page 31 and 32: [ -z "$MAILTO" ] && MAILTO="root" i
Page 33 and 34: Inode : 111362 , 111363 MD5 : UM0er
Page 35 and 36: # The name of the audit log file Se
Page 37 and 38: Handler: cgi-script ---------------
Page 39 and 40: %description devel The php-devel pa
Page 41 and 42: 6.4.4 Web interface Turck MMCache c
Page 43 and 44: log_errors = On ; Store the last er
Page 45 and 46: localityName = Locality Name (eg, c
Page 47 and 48: 6.7 The web server Secure your web
Page 49 and 50: 7 Setup eGroupWare 7.1 Creating you
Page 51 and 52: 7.4 Creating your header.inc.php Mo
Page 53 and 54: Click Re-Check My Installation: If
Page 55 and 56: � Enter the hostname of your serv
Page 57 and 58: 7.5.4 Step 4 - Manage Languages The
Page 59 and 60: 9.5 Cannot get past the Check Insta
Page 61 and 62: 10 Software Map AIDE, Advanced Intr
Page 63 and 64: php project Platform Linux / BSD /
Page 65 and 66: * Sun Nov 22 2003 Reiner Jung 0.3
Page 67: 13 Humanly-Readable License Attribu

How to install and secure egroupware - Directory UMM

Create successful ePaper yourself

Delete template?

Save as template?