Hide specific files and folders on ProFTPd

Adding this to your proftpd configuration will hide files and folders starting with a dot which are hidden on linux anyway as well as shell scripts: <Directory /home/*> HideFiles (^\..*|\.sh$) <Limit ALL> IgnoreHidden On </Limit> </Directory>


Using VirtualHosts on a ProFTPd server

When using ProFTPd you may want to have the server listening on different ports, for example if you want to use FTP and SFTP at the same time. Here is an example: <VirtualHost 0.0.0.0 ftp.example.net> SFTPEngine off Port 21 DefaultRoot ~ Umask 022 022 AllowOverwrite on </VirtualHost> <VirtualHost 0.0.0.0 sftp.example.net> SFTPEngine on Port 2222 SFTPLog […]


Installing ProFTPd with Public Key Authentication on Ubuntu 16.04

First install proftpd: apt-get update apt-get install proftpd Next, change the following lines in /etc/proftpd/proftpd.conf: ServerName “sftp.example.net” DefaultRoot ~ Put in your hostname (if it resolves) or IP address as ServerName. The second line will jail the user to his home directory. Next, create the file /etc/proftpd/conf.d/sftp.conf with the following content: <IfModule mod_sftp.c> SFTPEngine on # […]


Installing Postgres 9.4.5 on Ubuntu Trusty

By default on Ubuntu Trusty there is only Postgres 9.3 available This shows how to get the latest version installed. Add the Postgres Repository: echo "deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main" > /etc/apt/sources.list.d/postgres.list Import the repository key, and run an update: wget https://www.postgresql.org/media/keys/ACCC4CF8.asc apt-key add ACCC4CF8.asc apt-get update Install Postgres: apt-get install postgresql-9.4


Encrypting and Decrypting data using SSL Key

First generate the RSA key (key.pem): openssl genrsa -out key.pem 4096 openssl rsa -in key.pem -text -noout   Then save the public key in pub.pem: openssl rsa -in key.pem -pubout -out pub.pem openssl rsa -in pub.pem -pubin -text -noout   As an example we're creating a simple text file and encrypt it: echo test12345 > […]


Securing SSH access with Port Knocking using iptables

This is working for Ubuntu and Debian and might be slightly different for other distributions. However, the rules that are implemented will work on every distribution's iptables. First install the package iptables-persistent: apt-get install iptables-persistent Do not save the current configuration when asked as we will create a new one. Now put the following contents […]


How to secure SSH server access with MFA

First install Google Authenticator: apt-get install libpam-google-authenticator This works well on Ubuntu (Trusty or newer). Next, login to your server with the user you’re going to use MFA with, execute google-authenticator and follow the steps as indicated below. You may scan the QR-Code which is shown on the console with your phone (for example using the Google Authenticator […]


Installing PHP7-FPM with Apache2 Worker on Ubuntu

First add some prerequesites and add the PHP7 repository: apt-get update apt-get install software-properties-common python-software-properties LC_ALL=en_US.UTF-8 add-apt-repository ppa:ondrej/php-7.0 Then install the actual PHP packages (remove those form the list that you do not need): apt-get install php7.0-fpm php7.0-cli php7.0-common php7.0-json php7.0-opcache php7.0-mysql php7.0-phpdbg php7.0-dbg php7.0-gd php7.0-imap php7.0-ldap php7.0-pgsql php7.0-pspell php7.0-recode php7.0-snmp php7.0-tidy php7.0-dev php7.0-intl php7.0-gd php7.0-curl Then […]


Backup and Restore Redis-Server Database

The server can be installed using: apt-get update apt-get install redis-server Next, verify in /etc/redis/redis.conf for these two lines: dbfilename dump.rdb dir /var/lib/redis The first one is the name of the backup dump file that will be generated and the second line describes the folder where it will be located. This command will launch the […]


How to configure DKIM for your Domain with Postfix

First install opendkim: apt-get update apt-get install opendkim opendkim-tools Append the following content to /etc/opendkim.conf: AutoRestart             Yes AutoRestartRate         10/1h UMask                   002 Syslog                  yes SyslogSuccess         […]