Internal – Page 3 – My Thoughts

Thinkpad R51

Model: 18299MG
Dock II/Mini Dock Port Replicator II
Bios: 1RETDHWW (3.13) 10/29/2004
Systemeinheit: 99WRGTO 4N09MGE
Platine: J1YPW51S2FX
UUID: 93132C01476411CB-A3D8C1
FFC2011EFF S/N 24R7787/62

rsyslog – remote logging including TLS encryption

I just enhanced my logging with rsyslog by enabling remote logging form other machines and here are the config sniplets:
on

logging server side

$ModLoad imtcp # enable TCB module $InputTCPServerRun # bind rsyslog remote logging to specific port


$AllowSender TCP, 127.0.0.1, / # restrict access to specified network

$template REMOTE,"/var/log/system-%HOSTNAME%.log" # template to seperate logfiles received from remote hosts if $fromhost-ip startswith '' then -?REMOTE # from local ones #&~ # do not discard messages because we wont to keep all
and on

client side

$ModLoad imtcp # enable TCP module for rsyslog *.* @@ # just send everything to remote logging host

Do not forget to adjust the firewall settings in order to allow remote access to the specified port.

And now to the encryption. On server side the following directivs are necessary:# make gtls driver the default $DefaultNetstreamDriver gtls


# certificate files

$DefaultNetstreamDriverCAFile /path/to/contrib/gnutls/ca.pem

$DefaultNetstreamDriverCertFile /path/to/contrib/gnutls/cert.pem

$DefaultNetstreamDriverKeyFile /path/to/contrib/gnutls/key.pem
$ModLoad imtcp # load TCP listener

$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode $InputTCPServerStreamDriverAuthMode anon # client is NOT authenticated $InputTCPServerRun 10514 # start up listener at port 10514
On client side only the following directives are necessary:# certificate files - just CA for a client $DefaultNetstreamDriverCAFile /path/to/contrib/gnutls/ca.pem

# set up the action $DefaultNetstreamDriver gtls # use gtls netstream driver $ActionSendStreamDriverMode 1 # require TLS for the connection $ActionSendStreamDriverAuthMode anon # server is NOT authenticated *.* @@(o)server.example.net:10514 # send (all) messages

apache config – wordpress

wordpress

##############################################
ServerAdmin olkn@gmx.net
DocumentRoot /var/www/wordpress/
DirectoryIndex index.php
ProxyRequests off
SSLProxyEngine On
# ProxyHTMLLogVerbose On
ProxyPreserveHost On
##############################################

# problem with wordpress image upload
Options FollowSymlinks
Order Deny,Allow
Allow from all
AllowOverride All

apache config – squirrel

squirrelmail

##############################################
# squirrel webmail
##############################################
Alias /squirrelmail /usr/share/squirrelmail

Options FollowSymLinks

php_flag register_globals off

DirectoryIndex index.php

# access to configtest is limited by default to prevent information leak

order deny,allow
deny from all
allow from 127.0.0.1

apache config – owncloud

owncloud

##############################################
# owncloud
##############################################
Alias /owncloud /var/www/owncloud

Options +FollowSymLinks
AllowOverride None
order deny,allow
allow from all
# AuthType Basic
# AuthName “owncloud”
# AuthUserFile /etc/apache2/htpasswd
# Require user olkn

apache config – acidbase

acidbase

############################################################
# acidbase config
##############################################

Alias /acidbase “/var/www/acidbase”

Options +FollowSymLinks
AllowOverride None
order deny,allow
deny from all
allow from 192.168.4.0/255.255.255.0
AuthType Basic
AuthName “acidbase”
AuthUserFile /etc/apache2/htpasswd
Require user olkn

php_flag magic_quotes_gpc Off
php_flag track_vars On
php_value include_path .:/usr/share/php

apache config – cacti

cacti

##############################################
# cacti website for traffic graphing
##############################################
Alias /cacti /var/www/cacti/site

Options +FollowSymLinks
AllowOverride None
order allow,deny
allow from all
AddType application/x-httpd-php .php

php_flag magic_quotes_gpc Off
php_flag short_open_tag On
php_flag register_globals Off
php_flag register_argc_argv On
php_flag track_vars On
# this setting is necessary for some locales
php_value mbstring.func_overload 0
php_value include_path .

DirectoryIndex index.php

apache config – glype

glype

##############################################
# proxy website for glype
##############################################
Alias /proxy /var/www/glype

Order Deny,Allow
Allow from all
AllowOverride All

apache config – webdav

webdav

##############################################
# webdav Freigabe
##############################################
Alias /webdav /var/www/webdav

ForceType text/plain
AllowOverride None
SSLRequireSSL
dav on
AuthType Basic
AuthName “WebDav”
AuthUserFile /etc/apache2/htpasswd
Require user olkn

apache config – tine

tine2.0

##############################################
# Tine2.0 installation
##############################################
Alias /tine /var/www/tine

Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# tine needs some memory
php_admin_value memory_limit 64M
# tine insists on this
php_admin_flag magic_quotes_gpc off

RewriteEngine on
RewriteRule /Microsoft-Server-ActiveSync(.*) /var/www/tine/index.php$1 [E=REDIRECT_ACTIVESYNC:true,E=REMOTE_USER:%{HTTP:Authorization}]