Systems Admin Simplified

The following procedure demonstrates how to enable Debian-based Linux distributions to access, via Samba protocols, printers hosted on Windows machines. This process has been tested on Epson L210 Series inkjet printers. ========== 1. Open the Samba configuration file. user@host: $ sudo nano -c /etc/samba/smb.conf 2. Under "Global Settings", specify the following protocols. # BEGIN CODE # ... [global] client min protocol = CORE client max protocol = NT1 # ... # END CODE 3. Temporarily stop the "Common Unix Printing System" (CUPS) service. user@host: $ sudo service cups stop 4. Open the CUPS printer configuration file. user@host: $ sudo nano -c /etc/cups/printers.conf 5. Find and modify (or add) the following directive. # BEGIN CODE # ... # UUID ... AuthInfoRequired username,password # This allows the printer service to receive user/pass authentication. # The words "username,password" must be written as is, not as actual user/pass. # ... # END CODE 6. Start

After enabling HTTPS on the web server in FreeBSD, remote users can be redirected to this secure protocol by automatically rewriting the URL. ========== 1. Log in to "root". Regular users must be part of the "wheel" group in order to do this. user@host: $ su - 2. Open the Apache main configuration file. root@host: # ee /usr/local/etc/apache24/httpd.conf 3. Find and uncomment the following Apache directives. # BEGIN CODE # ... LoadModule rewrite_module libexec/apache24/mod_rewrite.so # Apache rewrite engine Include etc/apache24/Includes/*.conf # Custom configuration files # ... # END CODE 4. Create a custom config file in the "Includes" directory. root@host: # ee /usr/local/etc/apache24/Includes/myrewrite.conf 5. Place the following code in the custom config file. # BEGIN CODE # ... RewriteEngine On # Enables directives for rewriting. RewriteCond %{HTTPS} !=on # Verifies that the connection is not yet in HTTPS. RewriteRule ^/?(.*) https://%{SERVER_NAME}/$

The following procedure activates HTTPS for the Apache web server in FreeBSD. This secure protocol uses TLS/SSL certificates to encrypt the data transferred between the remote user and the web server. Sensitive information is protected from being captured by malicious actors using sniffing tools along the network route. ========== 1. PREREQUISITES 1.1. Make a self-signed SSL certificate. [  Details  ] 2. ACTIVATION 2.1. Log in to "root". Regular users must be part of the "wheel" group in order to do this. user@host: $ su - 2.2. Open the Apache main configuration file. root@host: # ee /usr/local/etc/apache24/httpd.conf 2.3. Find and uncomment the following Apache directives. # BEGIN CODE # ... LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so # Needed by the "SSLSessionCache" directive in httpd-ssl.conf # ... LoadModule ssl_module libexec/apache24/mod_ssl.so # Needed by the "SSLCipherSuite" directive in httpd-ssl.conf # ...

The following procedure shows how to apply self-signed certificates to the Apache web server in FreeBSD. After  creating and installing the TLS/SSL certificate/key pair, they can be utilized to secure FreeBSD web services with encryption during the development and testing process. It is important to keep in mind that self-signing may be deemed UNTRUSTWORTHY in a production environment. ========== 1. Log in to "root". Regular users must be part of the "wheel" group in order to do this. user@host: $ su - 2. Go to the directory containing the Apache site configuration files. root@host: # cd /usr/local/etc/apache24/extra 3. BACK UP the default HTTPS configuration file for the secure site. root@host: # cp httpd-ssl.conf httpd-ssl-conf.back 4. Open the default HTTPS configuration file. root@host: # ee httpd-ssl.conf 5. Find and modify the following Apache directives. # BEGIN CODE # ... SSLCertificateFile "/usr/local/etc/apache24/server.crt" # The self-signe

Hide server details from potential online threats in a few easy steps. ========== 1. Log in to "root". Regular users must be part of the "wheel" group in order to do this. user@host: $ su - 2. Open the Apache main configuration file. root@host: # ee /usr/local/etc/apache24/httpd.conf 3. Find and uncomment the following Apache directive. # BEGIN CODE # ... Include etc/apache24/extra/httpd-default.conf # Default config for the Apache web server. # ... # END CODE 4. Open the Apache default settings configuration file. root@host: # ee /usr/local/etc/apache24/extra/httpd-default.conf 5. Find and modify the following Apache directives. # BEGIN CODE # ... ServerTokens Prod # "Prod" reduces Apache info sent by the server in its HTTP response header. # ... ServerSignature Off # "Off" removes info on server, host, and port from error pages and other auto-generated docs. # ... # END CODE 6. Open the PHP configuration file. root@host: # ee /usr/local/etc/ph

The following steps provide all directories and files in the "data" folder with the appropriate ownership and permissions to ensure smooth operation of the web server. This also prevents unauthorized users from viewing and modifying them. ========== 1. Log in to "root". Regular users must be part of the "wheel" group in order to do this. user@host: $ su - 2. Change ownership of all items to user "root" and group "www". root@host: # chown -R root:www /usr/local/www/apache24/data 3. Change permission modes to 750 for directories only. User "root" can (r)ead, (w)rite, and e(x)ecute directories. Users included in the group "www" can (r)ead and e(x)ecute but NOT write to directories. All other users are excluded. root@host: # find /usr/local/www/apache24/data -type d -exec chmod 750 {} + 4. Change permission modes to 640 for files only. User "root" can (r)ead and (w)rite but NOT execute files. Users included i

After installing FreeBSD, regular users are not allowed to log in as the "root" user via the "su -" command. The following procedure shows how to grant superuser access for administrative convenience, assuming that the regular user knows the superuser password. ========== 1. Access "root" from login screen. login: root Password: 2. Add a user to the "wheel" group. root@host: # pw groupmod wheel -m username 3. Check if such user has been added to the "wheel" group. root@host: # pw groupshow wheel /* The added user needs to log out and log in again for the changes to take effect. */ 4. Remove a user from the "wheel" group. root@host: # pw groupmod wheel -d username 5. Log out from "root". root@host: # exit ========== REFERENCES 1. The FreeBSD Documentation Project. FreeBSD Handbook. Section 3.3, "Users and Basic Account Management".  https://docs.freebsd.org/en/books/handbook/basics/#users-synopsis ==========