Opensource IT Security Solutions

Implementation of SSO (Single-Sign-On) procedures according to ADAE's Requirements for Telcos, ISPs, Banks, etc. SSO Apache Authentication Against Active Directory, SSO Proxy Squid Authentication Against Active Directory, SSO vsftpd Authentication Against Active Directory. Web Content Filtering and Anti Virus Services. Integration of OpenSSH with OpenLDAP, Kerberos, Active Directory standards (SSO) with full logging and replay

Linux High Availability (Linux-HA)

Linux-HA – RHEL 5.3 x86_64 installation Notes 1.Install the following Prerequisite packages # yum install e2fsprogs-devel.x86_64 # yum install glib2-devel.x86_64 # yum install gnutls-devel.x86_64 # yum install ncurses-devel.x86_64 # yum install pam-devel.x86_64 # yum install python-devel.x86_64 # yum install perl-TimeDate.noarch 2.Download LINUX-HA Packages from openSUSE repo; http://download.opensuse.org/repositories/server:/ha-clustering/RHEL_5/x86_64/ – heartbeat-2.99.2-8.1.x86_64.rpm – heartbeat-common-2.99.2-8.1.x86_64.rpm – heartbeat-resources-2.99.2-8.1.x86_64.rpm – libheartbeat2-2.99.2-8.1.x86_64.rpm

Using Pen, mod_rewrite and mod_proxy Apache modules to perform selective url based loadbalancing/fail-over with “n” backend servers

1.Download Pen through the following link ; http://siag.nu/pen/ 2.raise the file descriptor limits by editing the /usr/include/linux/posix_types.h and /usr/include/bits/typesizes.h as follows ; change : #define __FD_SETSIZE 1024 to : #define __FD_SETSIZE 10240 and then compile Pen 3. Launch Pen as follows; ./pen -x 5000 -d -d -f 8280 server1:8280 server2:8280 4. Apache Configuration RewriteEngine on

keepalived with VRRP and LVS Support under RHEL 5.3 x86_64

# yum -y install kernel-devel # yum install openssl-devel # wget http://www.keepalived.org/software/keepalived-1.1.17.tar.gz # wget http://www.kernel.org/pub/linux/kernel/v2.6/linux- # tar zxvf linux- # cp -r linux- /lib/modules/2.6.18-128.el5/build/net/ # ./configure –with-kernel-dir=/lib/modules/2.6.18-128.el5/build Keepalived configuration ———————— Keepalived version : 1.1.17 Compiler : gcc Compiler flags : -g -O2 Extra Lib : -lpopt -lssl -lcrypto Use IPVS Framework : Yes IPVS sync