目的
。A 使用ssh 登入 B 不用密碼

A端
[1.] ssh-keygen -t dsa 或者 ssh-keygen -t rsa
      直接一直Enter就好，不用打密碼了

[2.] cd ./.ssh/
       scp id_dsa.pub 10.10.1.78:/root/.ssh/authorized_keys

      或參考 http://ssorc.tw/index.php?load=read&id=44

[閱讀全文]

利用設定檔方式修改並產生CA、CSR、CRT

Fedora Core release 6 (Zod) + OpenSSL 0.9.8b 04 May 2006

[1.] 製作 CA
         /etc/pki/tls/misc/CA -newca

CA certificate filename (or enter to create)
 (enter)
Making CA certificate ...
Generating a 1024 bit RSA private key
...................++++++
.........................................................................++++++
writing new private key to '../../CA/private/./cakey.pem'
Enter PEM pass phrase: (輸入密碼)
Verifying - Enter PEM pass phrase: (輸入密碼)
-----

[閱讀全文]

前提: 編輯 pg_hba.conf 設定權限存取
   vi pg_hba.conf

host all all 192.168.1.12/32 md5           # md5加密
                                                              # 雖然 password用了md5加密過，在作select等動作並未加密
host all all 192.168.1.12/32 password  # 明碼
host all all 192.168.1.12/32 trust          # 不用密碼

   pg_ctl reload

server端
[1.] vi postgresql.conf

ssl = true

[2.] cd /var/lib/pgsql/data
      openssl req -new -text -out server.req
      openssl rsa -in privkey.pem -out server.key
      rm privkey.pem
      openssl req -x509 -in server.req -text -key server.key -out server.crt
      chmod og-rwx server.key
      cp server.crt root.crt

[3.] pg_ctl restart

client端
   複製server端的server.key及server.crt到自已家目錄的".postgresql"裡
      scp server.key ~/.postgresql/postgresql.key
      scp server.crt ~/.postgresql/postgresql.crt

Fedora Linux 2.4.22-1.2115.nptl
 
套件: openssl-0.9.7a-23
 
流程:
製作Root CA
產生憑證
簽發憑證
 
測試 Apache Web (httpd-2.0.47-10)

修改 /etc/httpd/conf.d/ssl.conf

SSLEngine On
SSLCertificateFile /path/server.cert.cert
SSLCertificateKeyFile /path/server.cert.key

Run: service httpd start
# 產生訊息
Starting httpd:Apache/2.0.47 mod_ssl/2.0.47 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.
 
Server 192.168.1.111:443 (RSA)
Enter pass phrase: (輸入密碼)

[閱讀全文]

Fedora Linux core 4

套件:
。snort_inline-2.2.0a
。libnet-1.0.2a

[1.] 編譯 libnet
       wget http://www.packetfactory.net/libnet/dist/deprecated/libnet-1.0.2a.tar.gz
       tar zxvf libdnet-1.11.tar.gz
       cd libdnet-1.11
       ./configure
       make
       make install
 
    編譯 snort-inline

[閱讀全文]

web介面，用來管理 snort 的 rules ，並由中央管理其它台有snort的主機

snortcenter-console

[1.] tar zxvf snortcenter-console-3-31-05.tar.gz

      mv snortcenter-release snortcenter

      mv snortcenter /var/www/html/

[2.] install adodb

[3.] echo "CREATE DATABASE snortcenter;" | mysql -u root -p

[4.] vi /var/www/html/snortcenter/config.php

$DBlib_path = "./adodb/";
$curl_path = "";

[閱讀全文]

Quote: http://www.rtfiber.com.tw/~changyj/linuxtips/html/tripwire-easy.html

它能把檔案的特徵，如物件大小、擁有者、群組、存取權限等建立成指紋資料庫(fingerprints)，並定期執行檢查。當發現檔案現況與指紋資料庫不符合時，tripwire 會提出警告，告知你哪些項目與指紋資料庫不符。

ChangeLog: 2007/06/10

Fedora Core 6
[1.] yum install tripwire

tripwire --version
Tripwire(R) 2.4.1.1 built for i686-pc-linux-gnu

[2.] Generate the system-specific cryptographic key files
/usr/sbin/tripwire-setup-keyfiles

[閱讀全文]