sorted by: recent | see :
popular
Content Tagged with configure + in
Howto Configure IPv6 Tunnel in Ubuntu
If you want to setup IPv6 tunnel under Ubuntu you need to use tspc (tunnel setup protocol client) so you can browse IPv6 ready websites using IPv4.
(...)
Read the rest of Howto Configure IPv6 Tunnel in Ubuntu (211 words)
© admin for Ubuntu Geek, 2008. |
Permalink |
2 comments |
Add to
del.icio.us
digg
Who's linking ?
Technorati
BlogPulse
Google
Want more on these topics ? Browse the archive of posts filed under General.
Related Articles
Ubuntu: Ubuntu Geek - Ubuntu Tutorials,Howto's,Tips and Tricks
Howto install and configure gDesklets in Ubuntu hardy
gDesklets is a system for bringing mini programs (desklets), such as weather forecasts, news tickers, system information displays, or music player controls, onto your desktop, where they are sitting there in a symbiotic relationship of eye candy and usefulness. The possibilities are really endless and they are always
there to serve you whenever you need them, just one key-press away. The system is not restricted to one desktop environment, but currently works on most of the modern Unix desktops (including GNOME, KDE, Xfce).
(...)
Read the rest of Howto install and configure gDesklets in Ubuntu hardy (174 words)
© admin for Ubuntu Geek, 2008. |
Permalink |
4 comments |
Add to
del.icio.us
digg
Who's linking ?
Technorati
BlogPulse
Google
Want more on these topics ? Browse the archive of posts filed under General.
Related Articles
Ubuntu: Ubuntu Geek - Ubuntu Tutorials,Howto's,Tips and Tricks
NTP Server and Client Configuration in debian
The Network Time Protocol (NTP) is a protocol for synchronizing the clocks of computer systems over packet-switched, variable-latency data networks. NTP uses UDP port 123 as its transport layer. It is designed particularly to resist the effects of variable latency (Jitter).
Using NTP is a great way to keep your system clock set correctly. It works by contacting a number of servers around the world, asking them for the time and then calculating what the correct local time is from their responses.
Install NTP server in Debian
#apt-get install ntp ntpdate ntp-server
This will install all the required packages for NTP
Configuring NTP Server
By Default main configuration file located at /etc/ntp.conf
Default configuration file looks like below
#/etc/ntp.conf, configuration for ntpd
driftfile /var/lib/ntp/ntp.drift
statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example
# pool.ntp.org maps to more than 300 low-stratum NTP servers.
# Your server will pick a different set every time it starts up.
# *** Please consider joining the pool! ***
# *** ***
server 0.debian.pool.ntp.org iburst
server 1.debian.pool.ntp.org iburst
server 2.debian.pool.ntp.org iburst
server 3.debian.pool.ntp.org iburst
# By default, exchange time with everybody, but don't allow configuration.
# See /usr/share/doc/ntp-doc/html/accopt.html for details.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1
# Clients from this (example!) subnet have unlimited access,
# but only if cryptographically authenticated
#restrict 192.168.123.0 mask 255.255.255.0 notrust
# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255
# If you want to listen to time broadcasts on your local subnet,
# de-comment the next lines. Please do this only if you trust everybody
# on the network!
#disable auth
#broadcastclient
Example Configuration
You need to add a number of servers to the server list. The Debian default is pool.ntp.org which works but isn’t always amazingly accurate because it makes no attempt to use time servers near you. If you want more accuracy use the time servers either on your continent (for instance europe.pool.ntp.org) or your country (for instance uk.pool.ntp.org) one of your local country servers.The optimal number of servers to listen to is three but two will also give a good accuracy. If your ISP runs a time server for you it is worth including it in your server list as it will often be more accurate than the pooled servers and will help keep the load down on the pool.
I am using the following two servers for my configuration
server ntp0.pipex.net
server ntp1.pipex.net
Restrict the type of access you allow these servers. In this example the servers are not allowed to modify the run-time configuration or query your Linux NTP server.
restrict otherntp.server.org mask 255.255.255.255 nomodify notrap noquery
restrict ntp.research.gov mask 255.255.255.255 nomodify notrap noquery
The mask 255.255.255.255 statement is really a subnet mask limiting access to the single IP address of the remote NTP servers.
If this server is also going to provide time for other computers, such as PCs, other Linux servers and networking devices, then you’ll have to define the networks from which this server will accept NTP synchronization requests. You do so with a modified restrict statement removing the noquery keyword to allow the network to query your NTP server. The syntax is:
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
In this case the mask statement has been expanded to include all 255 possible IP addresses on the local network.
We also want to make sure that localhost (the universal IP address used to refer to a Linux server itself) has full access without any restricting keywords
restrict 127.0.0.1
Save the file and exit
Now you need to run the ntpdate command against your server
#ntpdate ntp0.pipex.net
restart NTP for these settings to take effect using the following command
#/etc/init.d/ntp restart
You can now configure other Linux hosts on your network to synchronize with this new master NTP server in a similar fashion.
Determining If NTP Is Synchronized Properly
Use the ntpq command to see the servers with which you are synchronized. It provided you with a list of configured time servers and the delay, offset and jitter that your server is experiencing with them. For correct synchronization, the delay and offset values should be non-zero and the jitter value should be under 100.
#ntpq -p
Output looks like below
A star by any one of the names means that the system clock is synchronising with the NTP clock. If you don’t have a star (as in the example above) it means that the clocks are unreachable, already synchronized to this server or has an outrageous synchronization distance. Try running ntpdate (you will need to stop the ntp server) with your first ntp server as an argument. This will set your system clock fairly accuratly and mean that the server will be able to choose a clock to synchronize with.
Firewall Configuration for NTP
NTP servers communicate with one another using UDP with a destination port of 123. Unlike most UDP protocols, the source port isn’t a high port (above 1023), but 123 also. You’ll have to allow UDP traffic on source/destination port 123 between your server and the Stratum 1/2 server with which you are synchronizing.
NTP Client Configuration
If you want to configure ntp client you need to install the following packages
#apt-get install ntp ntp-simple ntpdate
Configuring NTP client
You need to edit the /etc/ntp.conf file you need to point the following settings to NTP server ip address
Server configuration settings
server 192.168.1.1
Restrict the type of access you allow these servers. In this example the servers are not allowed to modify the run-time configuration or query your Linux NTP server.
restrict default notrust nomodify nopeer
Localhost configuration
restrict 192.168.1.1
In this case the mask statement has been expanded to include all 255 possible IP addresses on the local network.
We also want to make sure that localhost (the universal IP address used to refer to a Linux server itself) has full access without any restricting keywords
restrict 127.0.0.1
Now you need to save and exit the file
run ntpdate command against your server
ntpdate 192.168.1.1
Restart ntp service using the following command
/etc/init.d/ntp restart
If you use the date command to change time, it is worth setting also the hardware clock to the correct time. Otherwise, the time is wrong after the next reboot, since the hardware clock keeps the time when power is turned off. When the clock in the operating system shows the correct time, set the hardware clock like this
#hwclock --systohc
se the ntpq command to see the servers with which you are synchronized
#ntpq
#ntpdc -p
Tags: configure ntp server, configuring ntp client debian, firewall configuration for ntp, install ntp client in debian, install ntp server debian, ntp server debianconfigure ntp server, configuring ntp client debian, firewall configuration for ntp, install ntp client in debian, install ntp server debian, ntp server debian
Debian: Debian Admin Step By Step Tutorials and articles with screenshots
Setup CUPS (Common UNIX Printing System) Server and Client in Debian
The Common UNIX Printing SystemTM, or CUPS, is the software you use to print from applications like the web browser you are using to read this page. It converts the page descriptions produced by your application (put a paragraph here, draw a line there, and so forth) into something your printer can understand and then sends the information to the printer for printing.
Now, since every printer manufacturer does things differently, printing can be very complicated. CUPS does its best to hide this from you and your application so that you can concentrate on printing and less on how to print. Generally, the only time you need to know anything about your printer is when you use it for the first time, and even then CUPS can often figure things out on its own.
Install CUPS printer server in Debian
#apt-get install cupsys cupsys-driver-gutenprint foomatic-db-gutenprint foomatic-filters fontconfig libtiff4 libfreetype6
NOTE:- If your network use DHCP it’s a good idea to set up your server to use static IP. I will use as 172.20.22.74 for the server and 172.20.22.150 for administration workstation.
Configure CUPS
Default configuration file located at /etc/cups/cupsd.conf in this file you need to configure the following sections to make it work.
First, check the encryption setting and change
# Default authentication type, when authentication is required…
DefaultAuthType Basic
to
# Default authentication type, when authentication is required…
DefaultAuthType Basic
DefaultEncryption IfRequested
Then we need to tell it to listen for the server change
# Only listen for connections from the local machine.
Listen localhost:631
Listen /var/run/cups/cups.sock
to
# Only listen for connections from the local machine.
Listen localhost:631
Listen 172.20.22.74
Listen /var/run/cups/cups.sock
We need it to be visible to the entire network
# Show shared printers on the local network.
Browsing On
BrowseOrder allow,deny
BrowseAllow @LOCAL
what machines that may access the server change
# Restrict access to the server…
<Location/>
Order allow,deny
Allow localhost
</Location>
to
# Restrict access to the server…
<Location/>
Order allow,deny
Allow localhost
Allow 172.20.22.*
</Location>
And the same for the configuration files change
# Restrict access to configuration files…
<Location /admin/conf>
AuthType Basic
Require user @SYSTEM
Order allow,deny
Allow localhost
</Location>
to
# Restrict access to configuration files…
<Location /admin/conf>
AuthType Basic
Require user @SYSTEM
Order allow,deny
Allow localhost
Allow 172.20.22.150
</Location>
Other configuration i left default one so need to change anything.
Now you need to restart CUPS using the following command
#/etc/init.d/cupsys restart
You should now be able to connect to the CUPS web interface from the administrator workstation (IP 172.20.22.150 in this example) by pointing your web browser at http://172.20.22.74:631/ once it opens you should see the following screen
If you got the correct drivers installed and your printer is connected to the server, Now you need to add your printer under the “Administration” tab.Setup your printer and finish the setup and verify that it works by printing the CUPS test page.
Setting up the CUPS clients
The CUPS clients are easy to set up and the config is identical on all machines.You need to install the following packages for client
#apt-get install cupsys cupsys-client
Configuring CUPS Client
You need to create /etc/cups/client.conf as root
#touch /etc/cups/client.conf
Now you need to edit the /etc/cups/client.conf file
#vi /etc/cups/client.conf
Enter the following information the server IP and the encryption requirement
# Servername
ServerName 172.20.22.74
# Encryption
Encryption IfRequested
Save the file, then restart the client
#/etc/init.d/cupsys restart
Adding Printers
Now you need to add printer in GNOME go to Desktop—>Administration—>Printing
Once it opens you should see the following screen
Select Printer—>Add printer
Once it opens you should see the following screen
In the above screen select Network Printer option,select CUPS Printer and enter the URl and click on Forward
Select your printer manufacturer and model or install printer drivers and click on apply
After finishing the setup you should see the similar to the follwoing screen now your printer is ready for printing.
Tags: configure cups server debian, configuring cups client debian, cups printer debian, install cups printer debian, Install CUPS printer server in Debianconfigure cups server debian, configuring cups client debian, cups printer debian, install cups printer debian, Install CUPS printer server in Debian
Debian: Debian Admin Step By Step Tutorials and articles with screenshots
Configure GMail in Evolution, Thunderbird or KMail
Many of us would like to use our GMail accounts in Evolution, and to a lesser degree Thunderbird and KMail. Here is a step by step guide on how to configure Evolution, Thunderbird and KMail to access you GMail account.
The first step is to log in to your GMail account and to click on Settings and click on the Forwarding and POP tab. Under POP Download select Enable POP for all mail and click Save Changes.
Log out of GMail and go to your UBUNTU or Linux install.
Evolution
Start Evolution
If you have not used Evolution before, or haven’t set up an account the New Account Wizard will launch. Click Forward.
Type in your Full Name and your Gmail Email Address and click Forawrd.
Select SMTP as the Server Type. The Server is smtp.gmail.com. Encryption is TLS, Authentication is Plain and fill in your full Gmail Email Address. Click Forward.
Give your account a name, it does not have to be anything Logical. Click Forward.
Select the current Time Zone and click Forward.
Click Apply.
If the New Account Wizard doesn’t launch, then in Evolution go to Edit – Preferences and click on Mail Accounts. Edit the info so that it matches the information above and you will be able to send and receive GMail.
Thunderbird
Start Thunderbird
Select “File,” “New,” Account, the New Account Wizard will launch. On the window that pops up select “email account,” and next.
Then type in your name in the top box, and your full GMail email address in the bottom, and click next.
On the next window select “POP” as the type of incoming server, then name the incoming server “pop.gmail.com”.
It doesn’t matter if “Use Global Inbox is enabled” is checked, it makes all of your email accounts report to the same inbox, check it or uncheck it as you wish, and click next.
After that make your user name is the same as your email address and click next
Then type in an account name (eg: inbox, gmail, home) this is what you click on to access this account and can be whatever you want, and click next.
Click Finish.
Next click on Edit - Account Settings in Thunderbird and from the menu of the new window select “server settings.” Click SSL and the port will automatically switch to 995.
Click on Outgoing Server (SMTP) and specify smtp.gmail.com as the outgoing mail server, and select SSL as the encryption and the port will automatically switch to 465. Type in your full GMail email address and click ok.
Kmail
Start Kmail
Go to “Settings,” then “Configure Kmail”
Click on accounts
Click “Add”
Select POP3 on the window that pops up and OK
On this window type in whatever you want your account to be called under “Account Name.” Then type your login, which is your entire email address, and your password. Next for the host type in “pop.gmail.com,” and change the port to 950. Change the rest of the settings to your liking.
Then on the top tab, arrow over to “Extras” For encryption select “Use ssl for secure mail download,” and for Authentication Method, select “Clear Text.”
Here’s how to configure gmail outbound in Kmail.
Go to settings, configure kmail
Go to accounts and sending
Go to add, on the box that pops up select smtp and OK
The host is smtp.gmail.com
The port is 465
Check the box that says server requires authentication
*Your login is your email address (with the @gmail.com at the end)
Type your password
Go to security and check the ssl box.
Click OK, then apply
Go to identities, click modify, and type in your email address.
You can find the full article with screenshots here
Tags: Configure GMail in Evolution, Configure GMail in kmail, Configure GMail in thunderbirdConfigure GMail in Evolution, Configure GMail in kmail, Configure GMail in thunderbird
Debian: Debian Admin Step By Step Tutorials and articles with screenshots
How to Enable SSL version 3 and TLS (Transport Layer Security) version 1 in Apache hosts
If you want to install apache2 with SSL support check here once you have everything ready you need to configure your SSL for good security.
SSL is the most known and the most popular, it is not the only protocol that has been used for the purpose of securing web transactions. It is important to know that since invention of SSL v1.0 (which has never been released, by the way) there have been at least five protocols that have played a more-or-less important role in securing access to World Wide Web, as we see below:
SSL v2.0
Released by Netscape Communications in 1994. The main goal of this protocol was to provide security for transactions over the World Wide Web. Unfortunately, very quickly a number of security weaknesses were found in this initial version of the SSL protocol, thus making it less reliable for commercial use:
weak MAC construction
possibility of forcing parties to use weaker encryption
no protection for handshakes
possibility of an attacker performing truncation attacks
SSL v3.0
Released in 1996 by Netscape Communications. SSL v3.0 solved most of the SSL v2.0 problems, and incorporated many of the features of PCT. Pretty quickly become the most popular protocol for securing communication over WWW.
TLS v1.0 (also known as SSL v3.1)
Published by IETF in 1999 (RFC 2246). This protocol is based on SSL v3.0 and PCT and harmonizes both Netscape’s and Microsoft’s approaches. It is important to note that although TLS is based on SSL, it is not a 100% backward compatible with its predecessor. IETF did some security improvements, such as using HMAC instead of MAC, using a different calculation of the master secret and key material, adding additional alert codes, no support for Fortezza cipher suites, and so on. The end result of these improvements is that these protocols don’t fully interoperate. Fortunately enough, TLS has also got a mode to fall back to SSL v3.0.
Configuring SSLv3 and TLSv1 in Apache Hosts
If you want to enable SSL Version 3 and TLS v1.0 for more security you need to add the following lines under SSL section in your apache hosts configuration file
SSLProtocol -all +SSLv3 +TLSv1
SSLCipherSuite SSLv3:+HIGH:+MEDIUM
Once you add these line you need to restart your apache webserver with the following command
#/etc/init.d/apache2 restart
Testing your SSL Version
If you want to test your ssl version details of perticular host use the following command
#openssl s_client -connect localhost:443
You need to replace localhost to your website hostname
Output looks like below
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : SSLv3
Cipher : DHE-RSA-AES256-SHA
Session-ID: 62EA68A5750511917CC42A1B134A8F218C27C9C0241C35C53977A2A8BBB9986A
Session-ID-ctx:
Master-Key: 303B60D625B020280F5F346AB00F8A61A7C4BEA707DFA0ED8D2F52371F8C4F087FB6EFFC02CE3B48F912D2C8929DB5BE
Key-Arg : None
Start Time: 1101164382
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
—
Debian: Debian Admin Step By Step Tutorials and articles with screenshots
How to Enable SSL version 3 and TLS (Transport Layer Security) version 1 in Apache hosts
If you want to install apache2 with SSL support check here once you have everything ready you need to configure your SSL for good security.
SSL is the most known and the most popular, it is not the only protocol that has been used for the purpose of securing web transactions. It is important to know that since invention of SSL v1.0 (which has never been released, by the way) there have been at least five protocols that have played a more-or-less important role in securing access to World Wide Web, as we see below:
SSL v2.0
Released by Netscape Communications in 1994. The main goal of this protocol was to provide security for transactions over the World Wide Web. Unfortunately, very quickly a number of security weaknesses were found in this initial version of the SSL protocol, thus making it less reliable for commercial use:
weak MAC construction
possibility of forcing parties to use weaker encryption
no protection for handshakes
possibility of an attacker performing truncation attacks
SSL v3.0
Released in 1996 by Netscape Communications. SSL v3.0 solved most of the SSL v2.0 problems, and incorporated many of the features of PCT. Pretty quickly become the most popular protocol for securing communication over WWW.
TLS v1.0 (also known as SSL v3.1)
Published by IETF in 1999 (RFC 2246). This protocol is based on SSL v3.0 and PCT and harmonizes both Netscape’s and Microsoft’s approaches. It is important to note that although TLS is based on SSL, it is not a 100% backward compatible with its predecessor. IETF did some security improvements, such as using HMAC instead of MAC, using a different calculation of the master secret and key material, adding additional alert codes, no support for Fortezza cipher suites, and so on. The end result of these improvements is that these protocols don’t fully interoperate. Fortunately enough, TLS has also got a mode to fall back to SSL v3.0.
Configuring SSLv3 and TLSv1 in Apache Hosts
If you want to enable SSL Version 3 and TLS v1.0 for more security you need to add the following lines under SSL section in your apache hosts configuration file
SSLProtocol -all +SSLv3 +TLSv1
SSLCipherSuite SSLv3:+HIGH:+MEDIUM
Once you add these line you need to restart your apache webserver with the following command
#/etc/init.d/apache2 restart
Testing your SSL Version
If you want to test your ssl version details of perticular host use the following command
#openssl s_client -connect localhost:443
You need to replace localhost to your website hostname
Output looks like below
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : SSLv3
Cipher : DHE-RSA-AES256-SHA
Session-ID: 62EA68A5750511917CC42A1B134A8F218C27C9C0241C35C53977A2A8BBB9986A
Session-ID-ctx:
Master-Key: 303B60D625B020280F5F346AB00F8A61A7C4BEA707DFA0ED8D2F52371F8C4F087FB6EFFC02CE3B48F912D2C8929DB5BE
Key-Arg : None
Start Time: 1101164382
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
—
Tags: configure apache support sslv3, ssl version 3 support in apache2, sslv3 apache, tlsv1, webserverconfigure apache support sslv3, ssl version 3 support in apache2, sslv3 apache, tlsv1, webserver
Debian: Debian Admin Step By Step Tutorials and articles with screenshots
