Posts

Showing posts from August, 2020

https://www.vultr.com

The Everywhere Cloud

Deploy an instance.
Accelerate your application.


Samba Print Client in Debian-based Linux

Image
The following procedure demonstrates how to enable Debian-based Linux distributions to access printers hosted on old Windows 7 machines via Samba protocols. This process has been tested on Epson L210 Series inkjet printers. ========== 1. Open the Samba configuration file. user@host: $ sudo nano -c /etc/samba/smb.conf 2. Under "Global Settings", specify the following protocols. # BEGIN CODE # ... [global] client min protocol = CORE client max protocol = NT1 # ... # END CODE 3. Temporarily stop the "Common Unix Printing System" (CUPS) service. user@host: $ sudo service cups stop 4. Open the CUPS printer configuration file. user@host: $ sudo nano -c /etc/cups/printers.conf 5. Find and modify (or add) the following directive. # BEGIN CODE # ... # UUID ... AuthInfoRequired username,password # This allows the printer service to receive user/pass authentication. # The words "username,password" must be written as is, not as actual user/pass. # ... # END CODE 6. St

Redirect Apache HTTP to HTTPS in FreeBSD

Image
After enabling HTTPS on the web server in FreeBSD, remote users can be redirected to this secure protocol by automatically rewriting the URL. ========== 1. Log in to "root". Regular users must be part of the "wheel" group in order to do this. user@host: $ su - 2. Open the Apache main configuration file. root@host: # ee /usr/local/etc/apache24/httpd.conf 3. Find and uncomment the following Apache directives. # BEGIN CODE # ... LoadModule rewrite_module libexec/apache24/mod_rewrite.so # Apache rewrite engine Include etc/apache24/Includes/*.conf # Custom configuration files # ... # END CODE 4. Create a custom config file in the "Includes" directory. root@host: # ee /usr/local/etc/apache24/Includes/myrewrite.conf 5. Place the following code in the custom config file. # BEGIN CODE # ... RewriteEngine On # Enables directives for rewriting. RewriteCond %{HTTPS} !=on # Verifies that the connection is not yet in HTTPS. RewriteRule ^/?(.*) https://%{SERVER_NAME}/$

Enable Apache HTTPS in FreeBSD

Image
The following procedure activates HTTPS for the Apache web server in FreeBSD. This secure protocol uses TLS/SSL certificates to encrypt the data transferred between the remote user and the web server. Sensitive information is protected from being captured by malicious actors using sniffing tools along the network route. ========== 1. PREREQUISITES 1.1. Make a self-signed SSL certificate. [  Details  ] 2. ACTIVATION 2.1. Log in to "root". Regular users must be part of the "wheel" group in order to do this. user@host: $ su - 2.2. Open the Apache main configuration file. root@host: # ee /usr/local/etc/apache24/httpd.conf 2.3. Find and uncomment the following Apache directives. # BEGIN CODE # ... LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so # Needed by the "SSLSessionCache" directive in httpd-ssl.conf # ... LoadModule ssl_module libexec/apache24/mod_ssl.so # Needed by the "SSLCipherSuite" directive in httpd-ssl.conf # ...

Self-Signed Certs for Apache in FreeBSD

Image
The following procedure shows how to apply self-signed certificates to the Apache web server in FreeBSD. After  creating and installing the TLS/SSL certificate/key pair, they can be utilized to secure FreeBSD web services with encryption during the development and testing process. It is important to keep in mind that self-signing may be deemed UNTRUSTWORTHY in a production environment. ========== 1. Log in to "root". Regular users must be part of the "wheel" group in order to do this. user@host: $ su - 2. Go to the directory containing the Apache site configuration files. root@host: # cd /usr/local/etc/apache24/extra 3. BACK UP the default HTTPS configuration file for the secure site. root@host: # cp httpd-ssl.conf httpd-ssl-conf.back 4. Open the default HTTPS configuration file. root@host: # ee httpd-ssl.conf 5. Find and modify the following Apache directives. # BEGIN CODE # ... SSLCertificateFile "/usr/local/etc/apache24/server.crt" # The self-signe

Disable Web Server Signatures in FreeBSD

Image
Hide server details from potential online threats in a few easy steps. ========== 1. Log in to "root". Regular users must be part of the "wheel" group in order to do this. user@host: $ su - 2. Open the Apache main configuration file. root@host: # ee /usr/local/etc/apache24/httpd.conf 3. Find and uncomment the following Apache directive. # BEGIN CODE # ... Include etc/apache24/extra/httpd-default.conf # Default config for the Apache web server. # ... # END CODE 4. Open the Apache default settings configuration file. root@host: # ee /usr/local/etc/apache24/extra/httpd-default.conf 5. Find and modify the following Apache directives. # BEGIN CODE # ... ServerTokens Prod # "Prod" reduces Apache info sent by the server in its HTTP response header. # ... ServerSignature Off # "Off" removes info on server, host, and port from error pages and other auto-generated docs. # ... # END CODE 6. Open the PHP configuration file. root@host: # ee /usr/local/etc/ph

Owner and Perm of Web Items in FreeBSD

Image
The following steps provide all directories and files in the "data" folder with the appropriate ownership and permissions to ensure smooth operation of the web server. This also prevents unauthorized users from viewing and modifying them. ========== 1. Log in to "root". Regular users must be part of the "wheel" group in order to do this. user@host: $ su - 2. Change ownership of all items to user "root" and group "www". root@host: # chown -R root:www /usr/local/www/apache24/data 3. Change permission modes to 750 for directories only. User "root" can (r)ead, (w)rite, and e(x)ecute directories. Users included in the group "www" can (r)ead and e(x)ecute but NOT write to directories. All other users are excluded. root@host: # find /usr/local/www/apache24/data -type d -exec chmod 750 {} + 4. Change permission modes to 640 for files only. User "root" can (r)ead and (w)rite but NOT execute files. Users included i

Add or Remove Users in FreeBSD Groups

Image
After installing FreeBSD, regular users are not allowed to log in as the "root" user via the "su -" command. The following procedure shows how to grant superuser access for administrative convenience, assuming that the regular user knows the superuser password. ========== 1. Access "root" from login screen. login: root Password: 2. Add a user to the "wheel" group. root@host: # pw groupmod wheel -m username 3. Check if such user has been added to the "wheel" group. root@host: # pw groupshow wheel /* The added user needs to log out and log in again for the changes to take effect. */ 4. Remove a user from the "wheel" group. root@host: # pw groupmod wheel -d username 5. Log out from "root". root@host: # exit ========== REFERENCES 1. The FreeBSD Documentation Project. FreeBSD Handbook. Section 3.3, "Users and Basic Account Management".  https://docs.freebsd.org/en/books/handbook/basics/#users-synopsis ==========