Archive | August, 2009

Block access to .svn folders

Posted on August 25, 2009 by admin in Apache

Here are three ways in Apache to block access to the .svn folders. With access controls: <Directory ~ “\.svn”> Order allow,deny Deny from all </Directory> With rewrite rule: RewriteRule ^(.*/)?\\.svn/ – [F,L] With redirect: RedirectMatch 404 /\\.svn(/|$) These come from the excellent MDLog:/sysadmin blog at: http://www.ducea.com/2006/08/11/apache-tips-tricks-deny-access-to-some-folders/ Bookmark on Delicious Digg this post Recommend on Facebook [...]

Here are three ways in Apache to block access to the .svn folders.

With access controls:

<Directory ~ "\.svn">
Order allow,deny
Deny from all
</Directory>

With rewrite rule:

RewriteRule ^(.*/)?\\.svn/ - [F,L]

With redirect:

RedirectMatch 404 /\\.svn(/|$)

These come from the excellent MDLog:/sysadmin blog at:

http://www.ducea.com/2006/08/11/apache-tips-tricks-deny-access-to-some-folders/

View Comments Continue Reading →

SSH session logging

Posted on August 24, 2009 by admin in General

Add the following line to /etc/profile to setup full logging of all ssh sessions: script -q /var/log/sessions/ssh-`date +%d-%M-%Y-%Hh-%Mm-%Ss`-`whoami`-$$.log && exit Of course this is a security risk and violates user privacy. Bookmark on Delicious Digg this post Recommend on Facebook share via Reddit Share with Stumblers Tweet about it Subscribe to the comments on this [...]

Add the following line to /etc/profile to setup full logging of all ssh sessions:

script -q /var/log/sessions/ssh-`date +%d-%M-%Y-%Hh-%Mm-%Ss`-`whoami`-$$.log && exit

Of course this is a security risk and violates user privacy.

View Comments Continue Reading →

ftps with lftp

Posted on August 11, 2009 by admin in Linux

lftp support ftps (different from sftp). ftps is ftp over an explicit TLS (SSL) connection. We’ve seen a few sites running MS IIS that require ftps and getting lftp to work has been tricky. To make it work verify that your lftp build has gnutls support compiled in with: lftp -v This build does not: [...]

lftp support ftps (different from sftp). ftps is ftp over an explicit TLS (SSL) connection. We’ve seen a few sites running MS IIS that require ftps and getting lftp to work has been tricky. To make it work verify that your lftp build has gnutls support compiled in with:

lftp -v

This build does not:

Libraries used: Readline 5.1, Expat 1.95.8, OpenSSL 0.9.8d 28 Sep 2006

Here’s one that does:

Libraries used: Readline 5.1, Expat 1.95.8, GnuTLS 2.6.6, zlib 1.2.3

Once you have have TLS support in your lftp build then you can put a file with something like this:

lftp -c 'open -e "set ftps:initial-prot ""; \
   set ftp:ssl-force true; \
   set ftp:ssl-protect-data true; \
   put test.txt; " \
   -u "USERNAME","PASSWORD" \
   ftps://HOSTNAME:990 '

The option sets are critical as lftp wants to do “PROT C” by default but Windows wants to see “PROT P”.

View Comments Continue Reading →