fail2ban can be run as non-root using systemd This is a process to configure fail2ban to run as a dedicated system user,
Instead of the packaged WordPress I run the version provided by WordPress. It is installed using a different userid from the userid the web server runs as. To enable updates from the Admin Dashboard, I enabled sftp (ssh). This is how I did it. Using the sftp option requires the php ssh module. This command […]
When installing third-party applications, they often default to running as root. The server applications for TeamSite/LiveSite are among those. I have applied a simple modification to the init.d scripts that starts them as a non-root user. It also allows the scripts to be run by members of an administration group via sudo. This approach is […]
i recently had an issue with frequent login attempts against on of my services. These were almost all from countries that should not be accessing my service. To resolve the issue I implemented geo blocking with TCP Wrappers. This is how I went about geo blocking connections.
I’ve done a little tuning to my WordPress setup. In order to keep up to date, I’ve switched from the Ubuntu installation to a downloaded installation under /opt/wordpress. This is owned by my user and served by apache running as www-data. Updates are done using the sftp add-on. Securing /opt/wordpress I added myself to the […]
I use eximstats to report my daily email traffic. I have a fairly high rate of rejections, and wanted hostnames listed in the rejection reports. To resolve this I developed a patch to capture the hostname related to the IP address, and add this data to the rejection reports. The enhanced list saves me the […]
How to provide DNS server addresses to IPv6 clients using Router Announcements.
Back up Windows PCs and Laptops using BackuPC. Includes installing rsycnd on Windows.
Set up a BackupPC Server on Ubuntu. Includes configuration of Linux and OpenWrt clients using rsyncd.
Configuring a common login for Dovecot IMAP(s) and Exim SMTP. Also Exim Submission port and TLS (SSL) configuration.