Testing SSL client certificate authentication with curl

March 28, 2013 at 07:40 AM | categories: Sysadmin, Tips, Security | View Comments
When using SSL client certificate authentication you may need to test it using command line tools. To do so run the following command: curl -v -s -k --key client.key --cert client.pem https://servername Thats it....

Setup a OpenVPN server on Centos 6

February 02, 2013 at 07:40 AM | categories: Sysadmin, Tips, Security, Centos | View Comments
OpenVPN 2 is available for Centos from the EPEL repository, so you need to have EPEL enabled. If you do not have EPEL enabled run: rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm To install OpenVPN run: yum install openvpn lzo -y...

Commandline OpenVPN client on Mac OSX with macports

January 31, 2013 at 07:40 AM | categories: Sysadmin, Mac OS X, Tips, Security, Unix | View Comments
Most people use TunnelBrick to setup OpenVPN client connections on Mac OSX, i prefer using the command line. To get OpenVPN up and running off the command line is a simple process. The commands below need to be run as...

Strongswan now supports PAM authentication

November 07, 2012 at 07:40 AM | categories: Centos, Sysadmin, RHEL, Linux, Tips, Security, IPSEC | View Comments
Strongswan release 5.0.1 includes a XAuth PAM plugin which requests username/password XAuth credentials and verifies them against Pluggable Authentication Modules (PAM). This plugin is not enabled by default to enable it you need to add the following to your ./configure...

Strongswan now supports Cisco unity extensions

November 07, 2012 at 07:40 AM | categories: Centos, Sysadmin, RHEL, Linux, Tips, Security, IPSEC | View Comments
I previously wrote about setting up split tunneling on Strongswan using the attr-sql plugin With the release of Strongswan 5.0.1 it is no longer the only way to support split tunneling. Strongswan 5.0.1 introduces the unity plugin which allows for...

Mac OSX IPSEC VPN via command line using builtin Racoon client

September 19, 2012 at 07:30 AM | categories: Mac OS X, Howto, Sysadmin, Linux, Tips, Security, IPSEC | View Comments
The Mac OSX IPSEC VPN client setup via "System preferences" only supports IPSEC/XAUTH and IPSEC/L2TP both of which give you a different IP address for your tunnel interface. System preferences on the backend uses Racoon so it is possible...

MailScanner Ubuntu and Debian packages

September 10, 2012 at 07:39 AM | categories: Sysadmin, Security, Email, Linux | View Comments
The Debian and Ubuntu MailScanner packages have not been maintained for a long time. Recently both distributions dropped support for MailScanner within their repo's. The Baruwa project provides up to date deb packages for both distributions. Packages are available for:...

IPSEC split tunneling VPN with Mac OSX and Strongswan 5 on Centos/RHEL 6

September 01, 2012 at 10:08 AM | categories: Centos, Mac OS X, Howto, Sysadmin, RHEL, Linux, Tips, Security, IPSEC | View Comments
In my previous post i described how to setup an IPSEC VPN for use with Iphone, Ipad and Mac OSX IPSEC VPN clients. This post describes how to enable split tunneling which is supported by the Mac OSX IPSEC...

Iphone/Ipad/Mac OSX IPSEC VPN with Strongswan 5 on Centos/RHEL 6

August 23, 2012 at 10:21 AM | categories: Centos, Mac OS X, Howto, Sysadmin, RHEL, Linux, Tips, Security, IPSEC | View Comments
This howto describes setting up an IPSEC VPN for use with the Iphone, Ipad and Mac OSX VPN clients on Centos/RHEL 6. I am using the 5.x branch of Strongswan which is now the mainline actively maintained branch. At...

MailScanner book now free

May 01, 2012 at 12:39 PM | categories: Sysadmin, Security, Email, Linux | View Comments
Julian Field the author of MailScanner and the of the MailScanner book has just announced that the MailScanner Book is now available for free. So head off and get your copy....

TIP: Block Spam from domains on the South Africa ISPA Spam Hall of Shame using DNSBL

April 22, 2012 at 09:30 AM | categories: Postfix, Howto, Exim, Email, Linux, Tips, Security | View Comments
The South Africa Internet service providers association (ISPA) maintains a list of known spammers dubbed the Spam Hall of Shame. The list is contains both domains as well as email addresses, this list is published on a webpage without downloadable...

How to setup a Cisco Lab on Linux (Centos 5.2)

August 17, 2008 at 06:23 PM | categories: Howto, Security, CCSP, Cisco, Certification | View Comments
I recently decided to study for the Cisco CCSP certification. My main concern in the beginning was the fact that most of the lab simulation software that i found out there could only run on Windows, this was a...