tag:blogger.com,1999:blog-43691200016938686722024-03-19T11:46:11.098+08:00Linux Server & Network Admin CornerAdsense Top Paying. Free Templates for Ads BannerLinuxbox.Inchttp://www.blogger.com/profile/06337273537050966181noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-4369120001693868672.post-10319438577014049102009-05-16T01:45:00.014+08:002009-05-16T02:52:21.422+08:00VPN (PPTP) Clients Connections : How ToHi there!<br />Tonight i want to describe about how to create a clients connections to VPN Server (PPTP) focus for Microsoft OS based on Windows XP. Maybe somebody has feel to ask me why i'm jump direct to wrote about VPN clients connections without discuss about VPN Server?? :-) For who has this questions in their mind, Sorry bro because i lost my offline articel@notes about VPN Server How To a couple week before....... Insyallah i will rewrite & up the articel about that later.. Another things are because tonight i have a office tasks, need to write & send email about this to some of office mate & Mr. Boss because i already done for developing VPN Gateway Server for our office....So that's all for intro..... <span style="font-weight: bold;">Now let's start to make a "Handshake" connections </span>from <span style="font-weight: bold;">your LAN </span>to<span style="font-weight: bold;"> another LAN via WAN </span>connections (i.e Streamyx) <span style="font-weight: bold;">through VPN (PPTP) Server Gateway.....<br /></span><br />1. Accessing the Network Control Panel<br />2. Click “Create New Connection” in the left hand column of the “Network Connections” window.<br />3. You are now presented with a Wizard. Click Next to continue<br />4. Select “Connect to the Network at my Workplace” from the menu<br />5. Select Virtual Private Network connection from the next panel<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8o1rL5I2oiiCF6mxKIJDFURhEAS2MRq1cn4y4QHMu_gLKtqUGDxTyOYSGVQRck6QS2NBs1QX-RHZetvHPzIM8boa0RPbtwmuG0P4s72YIp4wZDkkBi5YMuHQl0B1gO4gHypxsHU8hExRt/s1600-h/New+Connection.jpg"><img style="cursor: pointer; width: 80px; height: 70px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8o1rL5I2oiiCF6mxKIJDFURhEAS2MRq1cn4y4QHMu_gLKtqUGDxTyOYSGVQRck6QS2NBs1QX-RHZetvHPzIM8boa0RPbtwmuG0P4s72YIp4wZDkkBi5YMuHQl0B1gO4gHypxsHU8hExRt/s320/New+Connection.jpg" alt="" id="BLOGGER_PHOTO_ID_5336117832385830578" border="0" /></a> <a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOjLeH7y0lw40V4jSHI89HuKlLp613D7T1O9Q4qFo7xok0-8LTib4eoHGpRawlbqTU38d-u9AGBZFPywC7v5cdjTe2Q36kJqpTgRmdUQWo3cPjd6SRf3htTJDEJ95jSERiqHEMIwPwox5I/s1600-h/New+Connection1.jpg"><img style="cursor: pointer; width: 80px; height: 70px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOjLeH7y0lw40V4jSHI89HuKlLp613D7T1O9Q4qFo7xok0-8LTib4eoHGpRawlbqTU38d-u9AGBZFPywC7v5cdjTe2Q36kJqpTgRmdUQWo3cPjd6SRf3htTJDEJ95jSERiqHEMIwPwox5I/s320/New+Connection1.jpg" alt="" id="BLOGGER_PHOTO_ID_5336117952208917810" border="0" /></a> <a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGrY22pLwKbpFcdibWpCgQD3JrgeTX53sjtoCFzSZabBCQuMYAG_riY9NejZORmGOsme5Lsa3vq8_jKWjJTMBnIGehE1iCn8NX7rOS9VTfG4gS3OhLuG0bm4v1PtSFoJOH2DSMeewKh_xa/s1600-h/New+Connection2.jpg"><img style="cursor: pointer; width: 80px; height: 70px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGrY22pLwKbpFcdibWpCgQD3JrgeTX53sjtoCFzSZabBCQuMYAG_riY9NejZORmGOsme5Lsa3vq8_jKWjJTMBnIGehE1iCn8NX7rOS9VTfG4gS3OhLuG0bm4v1PtSFoJOH2DSMeewKh_xa/s320/New+Connection2.jpg" alt="" id="BLOGGER_PHOTO_ID_5336118565033700386" border="0" /></a><br /><br />6. Name the connection<br />7. Now enter the IP or FQDN of the PPTP Server. (This can be any of the configured interfaces.)<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwDGT1xtH4kF8Dgb687mVjHnwdxa0TrNR4EdAzjH2YxZrQmf9RZusbGF2awnbreVac1ZmmvFLI0_yi6unTd9Jcg0IKJFcKofA2BVIb4ZHP6KNCvXBRcW43Nvd4x7Qq0z6f5Z4xkh6a7D_x/s1600-h/New+Connection3.jpg"><img style="cursor: pointer; width: 185px; height: 161px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwDGT1xtH4kF8Dgb687mVjHnwdxa0TrNR4EdAzjH2YxZrQmf9RZusbGF2awnbreVac1ZmmvFLI0_yi6unTd9Jcg0IKJFcKofA2BVIb4ZHP6KNCvXBRcW43Nvd4x7Qq0z6f5Z4xkh6a7D_x/s320/New+Connection3.jpg" alt="" id="BLOGGER_PHOTO_ID_5336119253494599698" border="0" /></a><br /><br />8. If you are the system admin you will be asked if you<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIULgM5NTnQ5kGepAKRTeGasIfpZMNh9mTMZxJDFMv7B9Ut-hyTPlUYrVflN3EWfniHSE6nWJjp9NOC8O9eAlLm9b2htKm8wRSmWVABd7NM34PZiyviqKWb4hSSM61A5vmMfwRMXGcpPFj/s1600-h/finish.jpg"><img style="margin: 0pt 0pt 10px 10px; float: right; cursor: pointer; width: 225px; height: 237px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIULgM5NTnQ5kGepAKRTeGasIfpZMNh9mTMZxJDFMv7B9Ut-hyTPlUYrVflN3EWfniHSE6nWJjp9NOC8O9eAlLm9b2htKm8wRSmWVABd7NM34PZiyviqKWb4hSSM61A5vmMfwRMXGcpPFj/s320/finish.jpg" alt="" id="BLOGGER_PHOTO_ID_5336120411444396546" border="0" /></a><br />want this to be for your use only or for anyone’s use. I<br />suggest you limit it to your use only unless you want<br />the VPN network to be made available to all user<br />accounts on the workstation<br /><br />9. Next you can either just finish or add a shortcut to<br />the desktop. You are nearly done!<br /><br />10. When you launch the client for the first time<br />(hopefully from the icon you asked it to create from the wizard, if not then you will need to access the “Network Connections” window again and double click your new connection.) you will be asked for a username and password. <span style="font-weight: bold;">Click connect when you are done with this and if all goes well you will connect to the PPTP Server</span>!!Linuxbox.Inchttp://www.blogger.com/profile/06337273537050966181noreply@blogger.com0tag:blogger.com,1999:blog-4369120001693868672.post-37768450858334998222009-04-07T16:46:00.001+08:002009-04-07T16:49:10.518+08:00Linux Anti-Virus : NEED Or NOT?Windows XP, left unpatched, is vulnerable to malware that can make it shrivel up and die within a few minutes of being connected to the Internet. Even after patching, Windows is still subject to virus and spyware attacks that make third-party security tools a must. Linux, on the other hand, has a reputation for being relatively impervious to attack via the Net. But is it really immune to the threats that stalk Windows?<br /><br />The answer has long been, and still is, a qualified yes. Sure, occasionally viruses, worms, and rootkits are written specifically to compromise Linux systems. But if you avoid a couple of major blunders, those relatively few threats are unlikely to do you any real harm, for reasons I'll go into below. To sleep utterly soundly, however, you may still need to take some steps to malware-proof your Linux system.<br /><br /><span style="font-weight: bold;">The first reason your Linux system is probably safe from attack: Recent versions of Linux (kernels 2.4 and 2.6) include a built-in firewall called "iptables" that simply drops all uninvited incoming connections by default. If a worm or a person tries to break into your Linux box from afar, or not so afar, iptables simply turns away and ignores the incoming connection--the attacker won't know whether a system even exists at the attacked address.</span><br /><br />If you don't run mail, Web, FTP, or other servers on your Linux system, you'll probably never need to modify iptables' default settings. However, if you use the Samba server suite to enable file and printer sharing with other local systems, you will have to enable incoming connections to the Samba server in iptables.<br /><br /><span style="font-weight: bold;">Antivirus Just for Windows</span><br />Here's another reason Linux tends to deflect spyware: By default, most Linux distributions wisely set you up as a lower-privilege user, with a type of account that generally can't allow malicious code to take over the system. Were you to somehow permit a Linux virus or worm to run on your computer, the fact that you are not logged in on the all-powerful root account prevents the malware from attacking the system's (and other users') files. That's why you typically have to log in as root (with the root password) to change Linux system configurations. In contrast, the default Windows XP user account is the full-privilege administrator, which gives viruses and other threats greater leeway to infect and damage the PC.<br /><br />So simply by not disabling the existing firewall, and by not logging in as root for your day-to-day Web browsing and e-mail, you'll avoid the vast majority of threats. Keep yourself even safer by updating your software regularly to close the inevitable security holes that expose your machine to worms, rootkits, and other exploits.<br /><br />However, should someone you know lose their head and log in as root, and then run a program that happens to be infected with one of the few Linux viruses known to exist in the wild, that virus could definitely destroy or steal user data. And even if you think you're smart enough to avoid infection, the files moving through your mailbox, Samba file shares (shared files mounted as drives), and other storage mechanisms could still contain viruses destined to infect other systems. These are valid reasons why you might want to use antivirus software on your Linux computer.<br /><br />Although commercial Linux antivirus products exist, save your money and start with one of several excellent free utilities instead. Even better, pick one that is not only free but open source: the delightfully named Clam AntiVirus. In addition to binary packages (no compiling necessary) for most major Linux distributions, ClamAV is also available for Windows and Mac OS X.<span id="fullpost"><br /><br /></span>Linuxbox.Inchttp://www.blogger.com/profile/06337273537050966181noreply@blogger.com0tag:blogger.com,1999:blog-4369120001693868672.post-15801710524317182942009-02-11T11:56:00.005+08:002009-03-15T03:19:07.304+08:00How To Implement The Mail Server With Anti-Virus & Spam Control Gateway (Postfix, Dovecot, ClamAV, SpamAssasins+Amavis)Building a complete email system with spam and antivirus protection is not as hard as you might think. This guide will walk you through installing and configuring everything you need for sending and receiving email, filtering spam, and scanning for viruses in email.<br /><span id="fullpost"><span id="fullpost"></span><br />For our system, we'll use the <a href="http://www.postfix.org/">Postfix</a> mail transport agent (MTA); <a href="http://www.dovecot.org/">Dovecot</a>, a secure, open source IMAP and POP3 server for Linux/Unix-like systems; <a href="http://www.squirrelmail.org/">SquirrelMail</a>, a standards-based Webmail package written in PHP 4; <a href="http://spamassassin.apache.org/">SpamAssassin</a>, a powerful open source spam filter; and <a href="http://www.clamav.net/">ClamAV</a>, a GPLed virus scanner. To tie everything together we'll use <a href="http://www.ijs.si/software/amavisd/">amavisd-new</a>, a high-performance interface between MTAs and content checkers such as virus scanners and spam filters.<div id="featurecontent" class="xar-align-left"> <p>The system will be configured so that users will have POP, secure POP, IMAP, and secure IMAP (IMAPS) access, and will also be able to access their email from the Web using SquirrelMail. Every email sent or received will be scanned for viruses and checked for possible spam content.</p> <p>The email applications will run on <a href="http://fedora.redhat.com/">Fedora Core</a> 4 and Red Hat Enterprise Linux Advanced Server 4.</p> <p>To install the packages for this project we will use the <a href="http://linux.duke.edu/projects/yum/">Yellow Dog Updater, Modified</a> (Yum). In order to get all the packages that you need, make sure you have the <a href="http://fedora.redhat.com/projects/extras/">Fedora Extras</a> repository (/etc/yum.repos.d/fedora-extras.repo; it's included in the distribution and enabled by default) and <a href="http://dries.studentenweb.org/rpm/">Dries</a> repository enabled and configured. You will need both repositories in order to install all the packages needed.</p> <p> <strong>Installation</strong> </p> <p>To begin, you'll want to make sure your system is up-to-date. Run <code>yum update</code> if you haven't already.</p> <p>Now configure the Dries repository for use by creating a file called /etc/yum.repos.d/dries.repo, with the following entries:</p><p><code><span class="fullpost"></span></code></p><pre>[dries]<br />name=Extra Fedora rpms dries - $releasever - $basearch<br />baseurl=http://ftp.belnet.be/packages/dries.ulyssis.org/fedora/<br /> linux/$releasever/$basearch/dries/RPMS/<br />enabled=1<br />gpgcheck=1<br /></pre> <p>Next, install the <a href="http://en.wikipedia.org/wiki/GNU_Privacy_Guard">GPG</a> key for this repository:</p> <p> <code>rpm --import http://dries.ulyssis.org/rpm/RPM-GPG-KEY.dries.txt</code> </p> <p>Now that you have the repositories ready, you can install the packages that we need:</p> <p> <code>yum install postfix dovecot spamassassin squirrelmail clamav clamav-server clamav-update clamav-lib clamav-data amavisd-new</code> </p> <p>Wait until all the packages and dependencies are installed. </p> <p>By default, Fedora and Red Hat distributions come with sendmail set as the MTA for the system. You can check or change the default MTA with the system-switch-mail utility. If you don't have it installed yet, install it now:</p> <p> <code>yum install system-switch-mail system-switch-mail-gnome</code> </p> <p>Simply run the <code>system-switch-mail</code> tool and select Postfix as your default MTA.</p> <p>Now that you have all the necessary applications and tools installed, it's time to configure them to work together.</p> <p> <strong>Setting up Postfix</strong> </p> <p>To configure Postfix, edit the main Postfix configuration file /etc/postfix/main.cf and change these entries as follows:</p> <pre>#This is your fully qualified domain name (FQDN):<br />myhostname = mail.srv.dyndns.org<br /><br />#myorigin specifies the default domain name that is appended<br />myorigin = $mydomain<br /><br />#By the parameter "all" we allow the connections to our server<br /># from anywhere, not only from localhost<br />inet_interfaces = all<br /><br />#The mydestination parameter specifies the list of domains that<br />#this machine considers itself the final destination for.<br />mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost<br /><br />#Reject the unknown users<br />local_recipient_maps = unix:passwd.byname $alias_maps<br /><br />#With this parameter we make sure that our server<br />#won't be an open relay server<br />mynetworks_style = host<br /></pre> <p>The configuration file is well commented, so if you need more info about the configuration, dig into it. For even more information on Postfix, see the Postfix.org <a href="http://www.postfix.org/documentation.html">documentation</a>.</p> <p>Next, start the Postfix service with the command <code>service postfix start</code>. Also make sure the service is automatically started at boot time:</p> <p> <code>chkconfig postfix on</code> </p> <p> <strong>Setting up Dovecot</strong> </p> <p>Now it's time to set up Dovecot. Edit the Dovecot config file, /etc/dovecot.conf, to suit your needs. In this case we want to enable POP3, secure POP3, IMAP, and secure IMAP services as shown:</p> <pre>protocols = imap imaps pop3 pop3s<br />imap_listen = *<br />pop3_listen = *<br />imaps_listen = *<br />pop3s_listen = *<br /></pre> <p>After that's done, start the Dovecot service and make sure that it's started at boot time:</p> <p> <code>service dovecot start</code><br /><code>chkconfig dovecot on</code> </p> <p> <strong>Setting up Squirrelmail</strong> </p> <p>In order to be able to use webmail, you need to have Apache's httpd service up and running. It shouldn't be necessary to do any extra configuring of httpd config file for this task, so you can just use it as is. Start the service and make sure it's started at boot time:</p> <p> <code>service httpd start</code><br /><code>chkconfig httpd on</code> </p> <p>The installation of Squirrelmail will not change your httpd.conf file. Instead, Squirrelmail creates the file squirrelmail.conf in /etc/httpd/conf.d. This file links the /webmail/ virtual folder to the actual Squirrelmail folder installation located at /usr/share/squirrelmail.</p> <p>Edit the /usr/share/squirrelmail/config/config.php file and change the <code>domain$</code> variable to match your domain name, in order to make the <code>from-domain</code> setting (when sending email from Web) correct. For our server, it looks like this:</p> <p> <code>$domain = 'srv.dyndns.org';</code> </p> <p>To test webmail, go to http://localhost/webmail/ or http://your_domain_name/webmail/ and log in to check your email and send a few test messages.</p> <p> <strong>Blocking spam and viruses</strong> </p> <p>SpamAssassin is configured right out of the box when you install it, so you shouldn't need to change anything here. However, to reduce the chance that a false positive will tag known addresses, you can whitelist addresses. The file /etc/mail/spammassassin/local.cf should list known email addresses, in a format similar to:</p> <pre>whitelist_from anzevi@some-strange-domain.com<br />whitelist_from anze@out-there-somewhere.net<br /></pre> <p>Spamassassin will be called by <code>amavisd-new</code>, so we don't need to configure the SpamAssassin daemon to start at boot time.</p> <p>To block viruses, we need to configure ClamAV to connect daily to an Internet-based antivirus database and fetch new virus definitions. You need to have a <a href="http://en.wikipedia.org/wiki/Cron">cron</a> daemon running in order for ClamAV to fetch the virus definitions.</p> <p>First, edit /etc/sysconfig/freshclam and comment out the following line:</p> <p> <code>#FRESHCLAM_DELAY=disabled-warn # REMOVE ME</code> </p> <p>Next, edit /etc/freshclam.conf and change the antivirus database to the closest mirror to your location:</p> <pre>#Example<br />DatabaseMirror db.de.clamav.net<br /></pre> <p>You can see a list of available mirrors <a href="http://www.iana.org/cctld/cctld-whois.htm">here</a>.</p> <p>To test ClamAV, run the <code>clamscan</code> command in your home folder. The AV client should check your home directory and subdirectories for viruses. Since you are running this check on a Linux box for local files, I'm pretty sure ClamAV won't find any viruses on your machine.</p> <p>To test updating the virus definitions, run <code>freshclam</code>.</p> <p> <strong>Setting up amavisd-new</strong> </p> <p>Now we'll set up amavisd-new. The user amavis is automatically created at amavisd-new install time, but we still need to create the following directories and make sure the owner is amavis, as shown below:</p> <pre>mkdir /var/run/amavis<br />mkdir /var/run/clamav<br />chown amavis /var/run/amavis<br />chown amavis /var/run/clamav<br /></pre> <p>You may leave the group permissions of the folders set to root. Copy the sample config file to /etc:</p> <pre>cp /usr/share/doc/clamav-server-<em>X.XX.X</em>/clamd.conf<br />/etc/clamd.conf<br /></pre> <p>Replace the <code> <em>X.XX.X</em> </code> with the version you're using. Then, make the following changes to your /etc/clamd.conf file:</p> <pre>#Example<br />User amavis<br />#TCPSocket 3310<br />#PidFile /var/run/clamd.<service>/clamd.pid<br />#LocalSocket /var/run/clamd.<service>/clamd.sock<br /></service></service></pre> <p>After making the changes, start the service with <code>service amavisd start</code>, and set it to start at boot with <code>chkconfig amavisd on</code>.</p> <p>Now, test your configuration to see that everything works. Telnet to port 10024 and you should see something like this:</p> <pre>[root@mail ~]# telnet localhost 10024<br />Trying 127.0.0.1...<br />Connected to localhost.localdomain (127.0.0.1).<br />Escape character is '^]'.<br />220 [127.0.0.1] ESMTP amavisd-new service ready<br />quit<br />221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel<br />Connection closed by foreign host.<br /></pre> <p>If you are able to telnet to port 10024 and you are greeted by amavisd-new, you've done a good job and you may continue with the configuration. If you're unable to connect to that port, make sure the amavisd service is running, and look for errors in /var/log/messages.</p> <p> <strong>Additional Postfix configuration</strong> </p> <p>Once amavisd is configured and working correctly, you need to configure Postfix so it knows how to communicate with amavisd-new. Copy the following lines to the bottom of your existing /etc/postfix/master.cf file:</p> <pre>smtp-amavis unix - - y - 2 smtp<br />-o smtp_data_done_timeout=1200<br />-o smtp_send_xforward_command=yes<br />-o disable_dns_lookups=yes<br />-o max_use=20<br /></pre> <p> </p><pre>127.0.0.1:10025 inet n - y - - smtpd<br />-o content_filter=<br />-o local_recipient_maps=<br />-o relay_recipient_maps=<br />-o smtpd_restriction_classes=<br />-o smtpd_delay_reject=no<br />-o smtpd_client_restrictions=permit_mynetworks,reject<br />-o smtpd_helo_restrictions=<br />-o smtpd_sender_restrictions=<br />-o smtpd_recipient_restrictions=permit_mynetworks,reject<br />-o mynetworks_style=host<br />-o mynetworks=127.0.0.0/8<br />-o strict_rfc821_envelopes=yes<br />-o smtpd_error_sleep_time=0<br />-o smtpd_soft_error_limit=1001<br />-o smtpd_hard_error_limit=1000<br />-o smtpd_client_connection_count_limit=0<br />-o smtpd_client_connection_rate_limit=0<br />-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks<br /></pre> <p>You can find more information how this work in the amavisd documentation in your /usr/share/doc folder. For example, since we're running amavisd 2.3.3, we would check the /usr/share/doc/amavisd-new-2.3.3/README.postfix file.</p> <p>Save the file and reload the Postfix service, then test it by using telnet to connect to port 10025:</p> <pre>[root@mail ~]# telnet localhost 10025<br />Trying 127.0.0.1...<br />Connected to localhost.localdomain (127.0.0.1).<br />Escape character is '^]'.<br />220 mail.srv.dyndns.org ESMTP Postfix<br />quit<br />221 Bye<br />Connection closed by foreign host.<br /></pre> <p>If this works for you, you have a working configuration, and you are ready to make the final changes to Postfix.</p> <p>Add this line to the end of /etc/postfix/main.cf:</p> <p> <code>content_filter = smtp-amavis:[127.0.0.1]:10024</code> </p> <p>Once you've done this, Postfix will send all incoming and outgoing mail directly through the content filter that you configured earlier.</p> <p> <strong>Conclusion</strong> </p> <p>All you have to do now is send yourself some clean email messages and some spam, junk, and viruses, and see what's happening on your mail server. You can find sample messages with spam and virus content in /usr/share/doc/amavisd-new-X.X.X/test-messages folder. The best way to see in real time what is going on your mail server is to watch /var/log/maillog for entries using <code>tail -f /var/log/maillog</code>.</p> <p>That's all you need to do to configure Postfix and the helper applications to provide antivirus, spam filtering, webmail, POP, and IMAP access. Enjoy your new mail server!</span></p></div>Linuxbox.Inchttp://www.blogger.com/profile/06337273537050966181noreply@blogger.com0tag:blogger.com,1999:blog-4369120001693868672.post-51684534145046232582009-02-10T22:33:00.000+08:002009-03-13T20:06:48.065+08:00Surf The Net With SonyPlaystation 3 Linux!!<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwvSC1zcjwjDytKPglt4CUeu0r_3LWLQ8UMDdhH2FTeD_uo48xQpbDAnd5EcdhjLbJ6xZuG2ndG7JtvMf7KfsmxWoS0bS9r1CaOtJl1X3amSHBORtnXstxLpHVrfdXGkL1bSm9oyDXHECu/s1600-h/linux-on-ps3-1.png"><img style="margin: 0pt 0pt 10px 10px; float: right; cursor: pointer; width: 320px; height: 200px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwvSC1zcjwjDytKPglt4CUeu0r_3LWLQ8UMDdhH2FTeD_uo48xQpbDAnd5EcdhjLbJ6xZuG2ndG7JtvMf7KfsmxWoS0bS9r1CaOtJl1X3amSHBORtnXstxLpHVrfdXGkL1bSm9oyDXHECu/s320/linux-on-ps3-1.png" alt="" id="BLOGGER_PHOTO_ID_5301177277901607362" border="0" /></a><a href="http://www.sony.com/" target="_blank">Sony</a> actually contracted with <a href="http://www.terrasoftsolutions.com/" target="_blank">Terra Soft Solutions</a><span><span> to produce a version of its Yellow Dog Linux (henceforth YDL) for the <span class="IL_SPAN"><input name="IL_MARKER" type="hidden">Playstation 3</span>, a smart move considering that Linux people were going to cobble together a solution anyway. Terra Soft initially produced YDL for the IBM-chip-based Mac PowerPC systems, offering up a quite capable Linux alternative to </span><span class="IL_SPAN"><input name="IL_MARKER" type="hidden">Mac OS X</span>.<br /><br /></span>Now I can start to analyze whether the YDL installation is actually a configuration that addresses my earlier stated needs for a software solution that makes the PS3 a useful Internet machine, and a quick visit to <a href="http://www.linuxjournal.com/" target="_blank">linuxjournal.com</a> confirms that, yes, it works fine, it’s darn fast, and eminently usable. Nice!<br /><p>One of the sites I use as a test is Google’s <a href="http://mail.google.com/" target="_blank">Gmail</a> service. It’s complex behind the scenes and quite powerful, so the question is always whether it works and renders properly on a new system. YDL came through like a champ, working just fine and letting me navigate through my email securely through Firefox. Thunderbird is also pre-installed and ready to go, and configuring a POP3-based email account is pretty straightforward for most Linux users, so there are at least two good avenues for accessing your email.</p> <p>That means, of course, that YDL does indeed meet my primary criteria for usability, letting me surf the Web and interact with my email, all from the comfort of my easy chair and with a simple USB keyboard added onto my slick Playstation 3 device.</p> <p>But Linux offers a lot more capability, and as an experiment, I launched <a href="http://sourceforge.net/projects/rhythmbox" target="_blank">Rhythmbox</a> and quickly concluded that I have had my expectations of music players really screwed up by using <a href="http://www.apple.com/itunes/" target="_blank">iTunes</a> for so many years. I<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhs3fUVGiU4NVswIQOyoSLMoi4sGXSaVUx_LWBJKeSVGq6IJ8LaBrSQV5p01CNRJIsBkOS0Woj0dlmdIR2Q7fZnVZTHniXbMoSMBlRmhRr9HeblWr_04qJHPkk1l5DfsiR3-7nn0uqhyphenhyphenzdS/s1600-h/linux-on-ps3-ydl.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 320px; height: 241px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhs3fUVGiU4NVswIQOyoSLMoi4sGXSaVUx_LWBJKeSVGq6IJ8LaBrSQV5p01CNRJIsBkOS0Woj0dlmdIR2Q7fZnVZTHniXbMoSMBlRmhRr9HeblWr_04qJHPkk1l5DfsiR3-7nn0uqhyphenhyphenzdS/s320/linux-on-ps3-ydl.png" alt="" id="BLOGGER_PHOTO_ID_5301178056745986498" border="0" /></a>t’s astonishing to me that I can choose “Internet radio stations” and not get a list of available stations, but instead have to figure out the URL of the station I desire so I can “tune in” to it. Unfortunately, all these years into the Linux evolution, there are still too many apps that are rough around the edges like this.</p> <p>I went to Firefox, searched for “internet radio station jazz”, found one through the popular Live365 site, selected the channel, had it try to download a streaming file that caused the launch of the <a href="https://player.helixcommunity.org/" target="_blank">Helix</a> player, just to find that it doesn’t have the capability of playing back that type of content. Next stop, <a href="http://www.accuradio.com/" target="_blank">AccuRadio</a>, but it wanted me to install a new plugin. Yech. New Orleans Jazz channel <a href="http://www.wwoz.org/" target="_blank">WWOZ</a> offered up a URL, so I pasted that into Rhythmbox just to find it didn’t work either. To heck with it! How the heck is someone like my Mom supposed to survive so much hassle to get audio in YDL?</p> <h2>AT THE END OF THE DAY, IT’S A LINUX SYSTEM</h2> <p>As I expected, it may be slick and fast running on the Sony Playstation 3 with its powerful Cell processor system, but it’s still the same Linux that we’ve gotten used to with no exciting new capabilities, no easier way to work with the various media on the Web, and the same rough edges I’ve been bothered by for over a decade now.</p> <p>Unlike most Linux systems, however, YDL on PS3 at least lets you reboot and go back into the world of the Playstation, where you can easily run photo slideshows, upload and enjoy your music library, watch DVD and Blu-ray HD video and, of course, play some of the amazing games available for the Playstation.</p> <p>Really, it’s one heck of a combination and if you know someone who would like to have access to all the power and capabilities of the Cell processor through Terra Soft Solution’s YDL system, along with the fun and power of the Playstation 3, it’s really one heck of a combination. Even if you just want to hack, it’s cool to have a foreign OS on the system as an option at boot time too.</p>Linuxbox.Inchttp://www.blogger.com/profile/06337273537050966181noreply@blogger.com0tag:blogger.com,1999:blog-4369120001693868672.post-86258366417629853232009-01-24T10:46:00.001+08:002009-03-14T02:03:50.288+08:00Speed'Up Your Network Access To Internet With The Intelligent "SQUID-CACHE" Proxy ServerSo tired with slow internet connections while surfing the net at your office, lab, home network..? Or does your webpage view so slowly...? Now i need to describe one more module you can used on your linux server to speed'up your internet connections.... They call internet "Squid-Cache Proxy Server".. A Cache server works by storing frequently used web pages locally. So then when a web page request comes in, it simply grabs it locally if it is cached. This is all done transparently, so the user would only perceive the performance boost. In addition, it can cache various different types of data such as web pages, FTP sites, and gopher traffic. Plus, it can accelerate your web-server by sitting between the web server and the Internet. It then will cache web-server requests, and reduce the web server's workload. On my experience at my office network, with this proxy server i can increase up to 58% after i used this server module. Which means our Cache server was off loading up to half the traffic from our web servers, and Internet connection. So what do you need?" The Squid project is an open source Proxy/Cache system available for download on there web-site at http://squid-cache.org.<br />At the hardware spec for deploy this server, i don't think they need a too high computer specifications. From my experience, i just need to suggested 1Gb memory, Gigabytes NIC for channel that transfer connections to your lan & at least 40Gb hard disk because they need high memory for make fasting proccessing supplied data, large hard disk space to store data on cache systems & gigabytes NIC for make sure all data can be transfer at maximum rate. Lastly tips, if your're one of advanced linux admin, take a look for tuning your kernel too, maybe your can do better that what's i have done! :-)Linuxbox.Inchttp://www.blogger.com/profile/06337273537050966181noreply@blogger.com0tag:blogger.com,1999:blog-4369120001693868672.post-52931981383702615992007-12-03T11:45:00.002+08:002009-05-16T03:01:24.514+08:00Intrusion Detections / Preventions System (IDS/IPS)<span style="font-weight: bold;">Intrusion Detections System </span><br />An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.<br /><br /><span style="font-weight: bold;">There are several ways to categorize an IDS: </span><br />misuse detection vs. anomaly detection: in misuse detection, the IDS analyzes the information it gathers and compares it to large databases of attack signatures. Essentially, the IDS looks for a specific attack that has already been documented. Like a virus detection system, misuse detection software is only as good as the database of attack signatures that it uses to compare packets against. In anomaly detection, the system administrator defines the baseline, or normal, state of the network’s traffic load, breakdown, protocol, and typical packet size. The anomaly detector monitors network segments to compare their state to the normal baseline and look for anomalies.<br />network-based vs. host-based systems: in a network-based system, or NIDS, the individual packets flowing through a network are analyzed. The NIDS can detect malicious packets that are designed to be overlooked by a firewall’s simplistic filtering rules. In a host-based system, the IDS examines at the activity on each individual computer or host.<br />passive system vs. reactive system: in a passive system, the IDS detects a potential security breach, logs the information and signals an alert. In a reactive system, the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source.<br />Though they both relate to network security, an IDS differs from a firewall in that a firewall looks out for intrusions in order to stop them from happening. The firewall limits the access between networks in order to prevent intrusion and does not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system.<br /><br /><span style="font-weight: bold;">Intrusions Preventions System </span><br />An intrusion prevention system is a computer security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. Network-based IPS, for example, will operate in-line to monitor all network traffic for malicious code or attacks. When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass. Intrusion prevention technology is considered by some to be an extension of intrusion detection (IDS) technology. The term "Intrusion Prevention System" was coined by Andrew Plato who was a technical writer and consultant for *NetworkICE.<br />Intrusion prevention systems (IPS) were invented in the late 1990s to resolve ambiguities in passive network monitoring by placing detection systems in-line. A considerable improvement upon firewall technologies, IPS make access control decisions based on application content, rather than IP address or ports as traditional firewalls had done. As IPS systems were originally a literal extension of intrusion detection systems, they continue to be related.<br /><br />Intrusion prevention systems may also serve secondarily at the host level to deny potentially malicious activity. There are advantages and disadvantages to host-based IPS compared with network-based IPS. In many cases, the technologies are thought to be complementary.<br />An Intrusion Prevention system must also be a very good Intrusion Detection system to enable a low rate of false positives. Some IPS systems can also prevent yet to be discovered attacks, such as those caused by a Buffer overflow.<br /><br />How To Deploying Network And Host IP For<br />Intrusion Preventions Active Response...?<br /><a href="http://e-grip.com.my/syed/ids.pdf">Download From My IDS/IPS E-Book Collections</a><span id="fullpost"><br /><br /></span>Linuxbox.Inchttp://www.blogger.com/profile/06337273537050966181noreply@blogger.com0