SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting and Conformance) are email authentication protocols that are becoming increasingly necessary to run a working email server. Even if you have valid MX, A, and PTR DNS records for your mail server, you may find that your emails are getting rejected […]
One common requirement for a web site, especially in the age of mandatory SSL, is to ensure that its address is a) consistent, and b) forwards to SSL. In other words, when a visitor types in http://www.mysite.com/, http://mysite.com/, OR https://mysite.com/, they should be sent to https://www.mysite.com/. To do this, we’ll set up some Nginx server […]
Running a secure web site provides a better experience for anyone using your site. These days (2018), search engines also favor web sites that use SSL/HTTPS, so utilizing SSL is an important aspect of SEO. But buying a new SSL certificate every couple of years can get expensive, particularly if you run multiple web sites […]
Update April 2018: I’d suggest using Let’s Encrypt for this instead. How to create and install an SSL certificate for Nginx 1.10 on Ubuntu 16. (Apache setup here.) This setup also gets you an A on the SSL Labs SSL Server Test. Part I: Create and Obtain your SSL Cert 1. Create your key and […]
Note: This article describes setting up SpamAssassin 3 to work with a Postfix/Dovecot email server on Ubuntu 16, and it applies to other Debian/Ubuntu variants that use systemd. There are some significant differences in the SpamAssassin config between distros that use systemd and those that use upstart. For the Ubuntu 12/14 version of this article, […]
OSSEC is a HIDS (Host-based Intrusion Detection System) that can perform real-time logfile analysis, rootkit detection, file integrity checking, and notification. Resources: The home page, documentation, and current code. OSSEC works by assembling a “safe” profile of your system and then continuously checking files and processes for deviation from this profile. In particular, for a […]
logwatch is a utility that helps you track your system’s log files, and it can monitor them on a schedule and email you a daily summary of its findings. Like most security packages, logwatch itself isn’t a magic bullet, but it can be a useful component of a secure setup. If nothing else, it can […]
This article details how to install and use rkhunter, the Rootkit Hunter anti-rootkit utility, on Ubuntu Server 16.04. Install and Update rkhunter root@ubuntu:/# apt-cache madison rkhunter rkhunter | 1.4.2-5 | http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages rkhunter | 1.4.2-5 | http://us.archive.ubuntu.com/ubuntu xenial/universe i386 Packages root@ubuntu:/# apt-get install rkhunter root@ubuntu:/# rkhunter –versioncheck [ Rootkit Hunter version 1.4.2 ] […]
ufw, or the Uncomplicated Firewall, is a convenient front end for managing iptables on your Ubuntu server. This article provides a brief tutorial on some of the most commonly used commands. ufw is available in Ubuntu from the 8.04 release onward, and the commands here should apply to any current version. Viewing the ufw Status […]
My previous instructions for setting up a Postfix/Dovecot/MySQL mail server on Ubuntu 12.04 work mostly as-is for Ubuntu 16.04, but there are a couple of gotchas. These workarounds are necessary due to some different locations of utilities on the filesystem and some changes to Ubuntu’s internals. We’ll go through these differences one by one. Mail […]