static

Just so you know - Guarddog (my personal fave) creates your firewall rules (as mentioned above) but doesn't need to be running. Basically, the rules are created or changed by guarddog, then you can close it. The system will apply the rules whenever the network interface is started (including while you're booting up) so you don't necessarily need a firewall service running all the time like you would in windows. Hope that helps ;)

Good point about the path - my coworker had put it there for some reason; I'm with you on that. As far as the commenting out of that command, I included the console prompt # (as opposed to $) to show I was root, not a user.

Thanks for your replies! OldHarry77: If you're wondering why the line in the apache config is commented, it's just because when I tried it, nothing changed, so I commented it out again to leave the server as it was until I can figure out something else to try... I will look into the "require" as you said in #1 of your first post. uralmasha: Wow! Yours looks complicated, but I am going to do some more reading concerning some of those options. This is great! There may be light at the end of the tunnel...

Sorry to pester you guys, but they are considering switching to Windows Server 2003 soon if I can't help them... They need to protect the data displayed on these pages at all costs, even if it means using something else (and less secure overall). I can't think of any other way to get it to ask for a username/password that is effective and secure. No one has any ideas to get it working? I'm completely stumped considering how easy it usually is to get it working... Thanks for any or all suggestions - I really want them to keep using Linux if I can help it.

OK - here's the goods! The .htaccess file iteself, in /var/www/html/vpa/web_site/ AuthUserFile /var/www/html/vpa/web_site/access/.htpasswd AuthGroupFile /dev/null AuthName "Restricted Area" AuthType Basic and I tried running the following command from the web_site directory: #htpasswd -c access/.htpasswd Here's some of the config for apache - it seems to be fine... Can anyone see anything I'm doing wrong? # Tons of (hopefully irrelevant) stuff above the following... # # UseCanonicalName: Determines how Apache constructs self-referencing # URLs and the SERVER_NAME and SERVER_PORT variables. # When set "Off", Apache will use the Hostname and Port supplied # by the client. When set "On", Apache will use the value of the # ServerName directive. # UseCanonicalName Off # # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # DocumentRoot "/var/www/html" # # Each directory to which Apache has access can be configured with respect # to which services and features are allowed and/or disabled in that # directory (and its subdirectories). # # First, we configure the "default" to be a very restrictive set of # features. # <Directory /> Options -All -Multiviews AllowOverride None <IfModule mod_access.c> Order deny,allow Deny from all </IfModule> </Directory> # # Note that from this point forward you must specifically allow # particular features to be enabled - so if something's not working as # you might expect, make sure that you have specifically enabled it # below. # # # This should be changed to whatever you set DocumentRoot to. # <Directory "/var/www/html"> # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs-2.0/mod/core.html#options # for more information. Options -Indexes FollowSymLinks MultiViews ################################################################# # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit AllowOverride None # Test from static to get .htaccess working (comment out the above line # to try this) NOTE: DIDN'T WORK! # AllowOverride All ################################################################# # Controls who can get stuff from this server. <IfModule mod_access.c> Order allow,deny Allow from all </IfModule> </Directory> # # DirectoryIndex: sets the file that Apache will serve if a directory # is requested. # # The index.html.var file (a type-map) is used to deliver content- # negotiated documents. The MultiViews Option can be used for the # same purpose, but it is much slower. # <IfModule mod_include.c> <IfModule mod_dir.c> DirectoryIndex index.shtml </IfModule> </IfModule> <IfModule mod_dir.c> DirectoryIndex index.html index.html.var index.cgi index.pl index.htm Default.htm default.htm index.xml </IfModule> # # AccessFileName: The name of the file to look for in each directory # for additional configuration directives. See also the AllowOverride # directive. # AccessFileName .htaccess # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # <IfModule mod_access.c> <Files ~ "^\.ht"> Order allow,deny Deny from all </Files> </IfModule> # # TypesConfig describes where the mime.types file (or equivalent) is # to be found. # <IfModule mod_mime.c> TypesConfig conf/mime.types </IfModule> # # DefaultType is the default MIME type the server will use for a document # if it cannot otherwise determine one, such as from filename extensions. # If your server contains mostly text or HTML documents, "text/plain" is # a good value. If most of your content is binary, such as applications # or images, you may want to use "application/octet-stream" instead to # keep browsers from trying to display binary files as though they are # text. # DefaultType text/plain # # The mod_mime_magic module allows the server to use various hints from the # contents of the file itself to determine its type. The MIMEMagicFile # directive tells the module where the hint definitions are located. # <IfModule mod_mime_magic.c> MIMEMagicFile conf/magic </IfModule> # .......and tons more Anyone? This is super important...

What was the second NIC for? As far as the modem - you should simply be able to use a network cable instead of the USB, which, btw, would be faster too (except that your ISP probably isn't going to give you internet at 100MB/s ;) )

So... there's no way to get .htaccess to work? It isn't usually all that hard, which is why I'm extremely confuzzled. When we set it up the first time it was just a matter of creating the file, running htpasswd, and voila! I'll post the .htaccess file and server paths in a few, as soon as they're e-mailed to me... Thanks for anything you guys can think of - this was my shot to get the Feds on linux!

A shot in the dark: try fish://192.168.254.1:22

Hi guys - I have a question for a buddy at work (as much as for myself). I helped him set up a web server at work using mandrake 10.1, and one subsection of the website we protected using .htaccess. Everything worked great until last week when we upgraded to mandriva 2006. We did the upgrade (not a fresh install) to keep all the users, etc. Everything else seems to be working fine. We re-did the .htaccess file because it was a new install of apache, and I re-ran htpasswd, but it no longer asks for a username/password for the protected pages. I will come back to post the exact paths/configs, but for now, does anyone know why it is no longer working? Thanks in advance! This is for very important protected information...

Wow - thanks a lot guys! Good to see some of the old names still around! I had taken a hiatus from computing in general after college - getting home every day after 8 hours of using one at work sours you a little, but my ssh server is running mandriva and soon I should be getting my new MacBook Pro, so I'll be jumping back in with both feet!

For some strange reason I keep hearing about problems getting the full gigabit speeds out of the realtek chipsets... maybe not <shrug>

Does anyone know of any 32-bit PCI gigabit ethernet NICs that work well in any disto that I can buy for my P3 server? I was looking at the 3COM 3C2000-T, which has linux drivers on their page, but if possible I would prefer to use built-in kernel modules rather than screwing with (possibly closed-source) vendor drivers... Thanks in advance guys!

hey aRTee - congratulations on getting your review on slashdot!!

I say start with mandriva or mandrake. It's easy, first off, the people here are great and can provide a lot of help, and a lot of the differences between windows and linux are slightly less apparent compared to other distros; which, in my opinion, is what makes the linux learning curve larger than it should be. Lots of things will be where you expect them to be (or not far from it at least). Redhat/Fedora was one of the worst for me - the menus were a mess, gnome is gnome, etc. Which brings me to the misplaced KDE vs. Gnome discussion... Through a lot of testing of multiple types of hardware/configs, KDE has shown to be faster than Gnome (only slightly) and the default menu layouts are much nicer. Keep in mind that most of my KDE usage has been with mandrake, vs my Gnome experience with Redhat. Both distros also modify the menu structures a lot (compared to the defaults for both these desktop enviroments). The reality of it is they are both way too slow, and fluxbox (0.9x) is just so sweet. Any window manager will be faster than full-blown desktop environments, as DE's are usually trying to emulate windows to start with, and step one of that process seems to be "let's slow it all down"! (This is all from personal experience. No flames please. Also, about the DE's emulating windows? I am fully aware that M$ ripped the whole shabang from Apple to begin with... but it's true. Windows is what most people know, so it becomes the logical source for interface-layout copying!) Linux is all about choice, so try 2 or 3 distributions, and try out KDE, Gnome, and fluxbox on every distro you try.

Not just that, but in reality 64-bit systems run a little slower than their 32-bit counterparts. (i.e. a 32-bit OS is faster on the same hardware) The only exception is running 32-bit binaries on 64-bit operating systems, because they need to be run through an emulator... so they are slower than 32-bit bin's on a 32-bit OS. I'd stick with 32-bit if I were you (I have the FX-51 CPU and I run 32-bit only now). In most cases, the only difference on a linux system is how the drivers/binaries were compiled... not so much one supporting more hardware than the other. There isn't much of a disadvantage to running in 64-bit except a tiny speed hit (in linux!! windows is practically still beta, and slower and crappier I might add; I tried it extensively myself to see) The advantage to have a 64-bit system is the ability to access much more RAM (up to 4 terabytes I believe, rather than 2 gigs...) Great for huge servers, no real bonus to a home user. Go with 32-bit!

He may have bought a router, but you learned something really cool! Not to mention that iptables (a firewall) is much safer than the simple NAT'ing a broadband router does for you... You new mission, should you choose to accept it, is to try to use both! This post will self-destruct in 5 seconds.....

Does anyone know the syntax to separate different ranges? (eg to allow for 192.168.anything, 179.23.45.anything or 140.212.123.anything) Do you use a space, semi-colon, comma or what to make a list....?

What security level is your SSH server at? If it's on "Higher" or "Paranoid" you need to add the following to your /etc/hosts.allow file: sshd:ALL Otherwise, no-ip isn't your problem, they forward all ports to the same destination. Make sure that your router is forwarding 666 to your server, your server has 666 open, and /etc/ssh/sshd_config is listening on 666 (most of which you mentioned you already did - I'm just being clear for those who just walked into the room). Then, when you try to connect with a client app, like Tectia, FileZilla, Putty, or BitVise, make sure it's set to the SFTP using SSH2 protocol, and replace 22 for the port setting with ... you guessed it folks ... 666. That really should be all you have to do. Keep at it - it will work!

Well, it's not a solution in terms of knowing how to do it manually, but settting the msec Security Level setting to "Higher" robs users of the ability to reboot or halt the machine, and that's what matters. Now that I can run the SSH server successfully at that setting anyway, I guess I can remove the tin-foil hat and sleep for the first time in days ;) Thanks for your help guys! static

Thanks a lot for your reply! I learned a lot... Turns out all you need is to add the following in your /etc/hosts.allow file: sshd:ALL Now I can run my SSH server at the Higher Security Level setting! Thanks again! <I re-read your post after struggling for a long time... I had put sshd:ANY instead of ALL in /etc/hosts.allow so it still wasn't working! This also solves my problem with users being able to shut the system down!!! AWESOME! >

That's a good idea - I'll have to learn sudo (reading here I come) but I first need to remove the rights from the other users who can currently run those commands! If I have to su to root just to reboot that's fine - it's a server and won't get rebooted a whole lot anyway. The problem is learning how to take the power away from the rapidly growing list of users... <shudder> It's only a matter of time before one of them tries "reboot" just to see what happens... </shudder>

Hey anon! Still kickin' @$$ with the site, I see Unfortunately any user can shut the whole system down or reboot it - I think it's tied to the fact that I had to choose the [High or Standard, can't remember] security setting to get SSH to work... I'm pretty sure that at the "Higher" setting regular users do get that message.

In another thread we are trying to figure out how to get SSH working with a higher security setting... if anyone is having the same problem and you'd rather leave the security setting at "Higher" but still run an SSH server please follow this thread. The only other option to successfully run an SSH server at the moment is to lower your Security setting.

I started with 8.0, but the best was 9.2 for server-related use. 9.2 was rock solid for my PIII-733... I like the 10.x series for desktop OS's, and 10.1 gets better and better with the updates.

I have the same problem - as soon as you put it on "Higher" you feel great, because it says "At this security level using it as a server becomes possible" - but it won't serve anything! I too want to run an SSH server at this level, but for now level 3 is working fine and I'm not too worried about it... Any ideas on getting it work anyone?