Category: personal

Projet personnel : serveur dédié Kimsufi

Hier soir, j’ai installé Munin sur les conseils de Matthias le guru ^^ J’ai même crée un sous-domaine avec l’interface OVH auquel j’ai rattaché un vhost : ça fait beaucoup plus propre et j’aime bien le concept du sous-domaine =)

<VirtualHost *:80>

        ServerAdmin  ***@renaudmalingre.fr
        ServerName   renaudmalingre.fr
        ServerAlias  ***.renaudmalingre.fr
        DocumentRoot /var/cache/munin/www

        Alias /munin /var/cache/munin/www
        <Directory /var/cache/munin/www>
                Order allow,deny
                Allow from all
                Options None
                AllowOverride None

                AuthUserFile /etc/***/***-htpasswd
                AuthName "Accès restreint"
                AuthType Basic
                Require valid-user

                <ifmodule mod_expires.c="">
                        ExpiresActive On
                        ExpiresDefault M310
                </ifmodule>
        </Directory>

        LogLevel warn
        ErrorLog ${APACHE_LOG_DIR}/error_***.log
        CustomLog ${APACHE_LOG_DIR}/access_***.log combined

</VirtualHost>

Ça fonctionne formidablement bien : la pléthore d’informations est tout simplement impressionante (et bien au delà de mes besoins, je dois l’avouer)

Un petit screenshot :

munin

Il subsiste un petit bug avec Dynazoom, mais j’ai trouvé une solution que j’appliquerais ASAP. Avec logwatch et désormais Munin, j’ai suffisamment d’informations pour gérer la prod’ efficacement.

@+

Personal project : Kimsufi dedicated server

Hello,

It’s been a while since I last posted, so I’ll take a few minutes to tell you what work have been done.

After I bought renaudmalingre.fr, I changed the DNS type A with my OVH pannel and set it up so that the value would match the one of my dedicated server (see the post of 04/03/2015 below).
Then I updated the contents of my online resume (which was previously on cybermaohi.com, a DNS I’ve been owning for years; you may also note that the default page on this DNS is also my online resume : I will keep it like this for some time until I will find something more suitable to publish on cybermaohi.com) and transferred it to renaudmalingre.fr. You can check ^^

About 2 weeks ago, I finally managed to set apache virtual hosts properly and this work perfectly, meaning I can host a tremendous number of websites on my dedicated server from now on.

In order to test this, I bought sabnature.fr which was previously owned by a friend but she didn’t have the time to manage her website and pay the fees so, eventually, the DNS was not renewed and it became accessible. She kindly allowed me to buy it as I told her months ago I would like to play around with a website and hers was a good idea. 3 years ago I made a Proof Of Concept of her website with Drupal and hosted it on cybermaohi.com, even though she already had one.At the moment, the website sabnature.fr is quite empty. I used WordPress but I may change this to Drupal or even something lighter.
Anyway, it allowed me to learn how to install WP and fully set it up with the command line. I even used the mysql shell to set up the database parameters instead of PHPMyAdmin : that’s pretty basical and straightforward.

Before I can install ownCloud, ISPConfig and Open-Xchange, I have one last thing to do : I must properly install and set up Dovecot and protect the dedicated server from incoming emails (hence the POP3/IMAP protocols) their lots of viruses and spams (i.e. anti-virus and anti-spam softwares). SMTP is working great with Postfix and doesn’t require any extra security layer as the server stands for now.

I’ll post a few pics as proofs that both DNS, renaudmalingre.fr and sabnature.fr are pointing at the same IP address, and you can check they do not display the same websites. It means the virtual hosts are nicely configured ^^

More later!

[edit]
here are the pics I promised before, enjoy =)

renaudmalingre.frsabnature.fr[/edit]

Personal project : Kimsufi dedicated server

Hello,

Well, it’s been 2 weeks I have not posted anything and since I visited a friend yesterday who gave me a very knowledgeable security course, this is the perfect time for posting my improvements in building a secure server =)

Over the past 2 weeks, there were 1400 failed logins on ssh and 66 errors in the apache log. I manually banned more than 50 IPs. Hopefully noone broke in and these were more like ‘sympathetic’ knock-knocks from my fellow hackers =)
At least I’ve learned that ANY server (at the very least mine) is attacked on a daily basis (from 8 to 252 times a day). The security I implemented was quite enough but not as good as my friend, Matthias, told me.

Here’s what we had done for a couple of hours yesterday :

  • ssh access restricting : easiest way to protect ssh is A. to not allow root to be able to log in and B. to allow only some users who may ‘su -p’ (PermitRootLogin and AllowUsers parameters in /etc/ssh/sshd_config)
  • firewall configuring : Matthias used a set of optimized scripts from one of his previous projects; the firewall rules were finely tuned to match with my security requirements, i.e. he commented a lot of lines (some with bandwidth management, for instance)
  • administration reporting : he also installed quite a few softwares (especially Logwatch) plus more personal scripts and crontab’ed the report so I would at least get one report in my emailbox @ 7am from Logwatch and also what packages needed to be updated
  • overall optimization : 3 open sockets were removed by the firewall and also we removed unnecessary services, like bind and vsftp for instance.

I’m very happy of what we accomplished yesterday : the current security level is very high for the current non-production status of this server.
I still have some reporting tools to install like Munin and some more tuning to perform, but as it stands for now, we met my security requirements.

Next projects : web hosting and ownCloud.

Projet personnel : blog iT3k

Juste quelques news sur ce blog :

1. La migration entre blog.cybermaohi.com et cybermaohi.com/iT3k s’est très bien déroulée et bien plus vite que prévu (voir ICI)
J’aurais préféré créer un sous-domaine iT3k mais ça ne fonctionne pas, donc pour l’instant l’URL va rester comme tel, sans sous-domaine. Je réfléchirais à une solution plus tard : bien que cela soit purement esthétique, ça a son importance aussi.
NB : changer l’URL du blog en mettant en place un sous-domaine impactera évidemment sur les pushs vers mes réseaux sociaux (cf. 3. plus bas) : il faudra trouver une solution acceptable et définir le périmètre d’impact pour pouvoir migrer rapidement.

2. Puisque le blog est migré, je vais fermer le précédent au 1er mars 2015. Vous êtes prévenus ^^

3. Actuellement, je gère un petit problème avec le module Jetpack : chaque fois que je publie, le sous-module Publicize “push” mes comptes Facebook, Twitter et LinkedIn. Cette fonctionalité est vraiment géniale.
Mais puisque j’ai implémenté Publicize sur mon premier blog, les URL pointent erratiquement sur blog.cybermaohi.com.
Rien de très grave, surtout que mes comptes officiels FB et Twitter sont relativement vides. Ceci étant, autant les alimenter avec de vraies informations, c’est pourquoi je suis en contact avec l’équipe Jetpack et j’éspère résoudre le problème rapidement.
EDIT : je viens de vérifier et les liens sont OK sur LinkedIn et Facebook … Twitter est le seul rebelle ^^
EDIT 2 : j’ai fait les modifications préconisées par le support de Jetpack. J’attends leur validation : j’ai bon espoir et tout devrait rentrer dans l’ordre. Je profiterais de ce contact pour discuter de l’éventuel impact d’un changement d’URL (cf. 1.) et prendre les devants, principe de précaution oblige.

4. Depuis 1 semaine ou 2, mes publications sont très réduites : je travaille activement sur a. ma recheche d’emploi, b. mes cours de Licence E-Mi@ge et c. sur mon projet de serveur dédié …
Dès que j’aurais pris le rythme de mes modules de licence, je retrouverais progressivement plus de temps à consacrer au blogging de ma veille technologique.

 

transmission ends

Projet personnel : serveur dédié Kimsufi

Hello ^^

Bon alors, j’ai quelques nouvelles neuves!

J’ai fait une refonte complète de mon serveur : j’ai réinstallé une Debian Wheezy 64bits toute neuve ainsi qu’apache2, PHP et MySQL.

Pour l’instant je teste la sécurité du serveur et je commence à pas trop mal me débrouiller avec les services lancés et les ports associés (sshd et ceux du serveur web), les programmes de sécurité (iptables et fail2ban notamment) ainsi que leurs fichiers de log. D’ailleurs fail2ban, qui empêche les attaques par force brute, marche à merveille :

auth.log.20150208échecs d’autorisation des vilains =/

 fail2ban.log.20150208la réponse de fail2ban ^^

on remarque qu’au bout d’un certain nombres d’échecs dans un certain laps de temps, fail2ban banni l’ip du vilain temporairement <3

Ca ronronne! D’ailleurs je vais mettre en place des procédures de sécurité et écrire des scripts d’administration pour automatiser toutes les commandes de consultation des logs des différents programmes et aussi celles associées à netsat, nmap, iptables, etc.

Dans une semaine quand j’aurais un peu plus blindé mon cyberbunker, je continuerais sur mes autres projets :

  • hébergement web (pour moi essentiellement, mais j’ai déjà quelqu’un d’intéressé =)
  • cloud privé avec ownCloud
  • administration avec ISPconfig

OH! Cerise sur le gâteau, hier j’ai passé la nuit (ok j’éxagère !o) à configurer vsftpd et il est enfin fonctionnel =) Il me reste encore à tester la sécurité des échanges et gérer les utilisateurs, mais je suis pas mal fier de moi ^^

 

cybermaohi out!

 

NEWS : formerly posted on blog.cybermaohi.com

Published on: 27 Jan 2015 @ 17:28

GREAT! The migration of this blog is almost done to this other blog.
I had to play a little bit with phpMyAdmin, but it was not really hard to change the hard coded links in the database dump and then to inject the current content of this blog in the new blog’s database.

FINAL step : I’ll have to upload the current medias (I can count 54 of them), find the impacted posts and finally re-link medias in posts. I’ll do that tomorrow!
Although, I do believe some people already coded some automated migration procedures, it won’t take that long to do this on my own. By the way, if that task would have required more than 1-2 hrs to complete, I surely would have used such procedures ^^

EDIT : FINAL step done :: it was really easier than I thought.
I thought WP was timestamping the uploaded medias, but not at all. I tried blind and it worked ..

HENCE, this is my last post on this OVH WP module … now everything will be published here :

http://www.cybermaohi.com/iT3k/

last update :

this blog is no longer maintained

it will be closed on the 1st of march, 2015

the new version of this blog is here :

iT3k

Work In Progress : dedicated server @ kimsufi.com

Published on: 2 Feb 2015 @ 15:53

Quick update on security :

I’ve decided to postpone a bit my current projects and focus on one major subject which is security. Since I do want to make this right, I need some more time to collect and digest information on security. I already bookmarked tons of links about security :

Despite there is a default security protection on my dedicated server, this is hightime for me to learn more about serious security concepts.

As a result, I stopped every server that wasn’t necessary at the moment : vsftpd, apache2 and mysql for instance. I might even reinstall a fresh debian when I’ll be done reading and then I’ll configure properly what needs to be protected prior the DAMP (Debian Apache MySQL PHP) installation.
Once all of the above will work OK with sufficient security, I’ll install ownCloud.

Stay tuned ^^

 

 

Published on: 1 Feb 2015 @ 21:53

Even though I’ve been buzy IRL (In Real Life) lately, I’m still working on this ownCloud project of mine =)

Right now, I’m getting more used to the Kimsufi dedicated server (KDS) and in order to own the ‘Beast’, I’m exploring the file system and I also set up some procedures, like changing the .profile, etc.

In the meanwhile, I’m also reading loads of documents about VSFTPD to set this application right. I guess I’d need some SSL functionality and thus work my way through openssl too =)
Once VSFTPD will be correctly configured and securized, I’ll be able to upload files to my KDS. Then, installing ownCloud looks like a walk in the park :

ownCloud

Afterwards, I’ll be working on the web hosting functionality I want to provide to my friends, and why not, future clients. This whole thing is mainly for testing and playing around with a dedicated server but who knows ^^
Thus the apache configuration needs to be modified (especially the virtualhosts directive) and, while I’m at it, I’ll finely tune everything I can =)

More later ^^

 

Published on: 28 Jan 2015 @ 23:00

I managed to properly configure a web server on my debian dedicated server! I installed the following applications :

  1. apache2
  2. php5
  3. MySQL
  4. php5-mysql
  5. PhpMyAdmin (see picture below)
  6. bin9 was already installed
  7. Postfix
  8. VSFTPD

Right now I’m configuring Apache2 (virtualhosts especially) then I’ll configure the FTP and Postfix and I guess I’ll be almost done. Afterwards, I’ll run some tests and see how I can improve this base, but it’s going pretty well ^^

 

image of the default index (of course, I coudn’t resist to personalize it =)

screenshot-37 187 116 168 2015-01-28 21-35-22

image of phpMyAdmin (PHP_test = OK, MySQL_test = OK)

screenshot-37-187-116-168-2015-01-28-21-36-50

 

Published on: 27 Jan 2015 @ 15:18

The reason why I’ve published just a few articles lately is that I was searching for a solution for personal cloud : I wanted something I could entirely manage, i.e. my ownCloud.

After a few talks with the OVH’s commercial support (awesome thanks Alexis M.) I decided to buy a dedicated server at kimsufi.com

I will keep my OVH account for now and once I’ll be done sorting what I really want to keep and the tons of websites I used to play with, I’ll make a decision about migrating everything on Kimsufi or keeping my OVH account (FYI, I formerly bought cybermaohi.com and a OVH account 15ish years ago – which was discontinued when I was in French Polynesia from 2006 to 2008, though)

First and foremost, I’ll have to migrate this blog contents to another wordpress I will create from scratch today.
Lazy as I am, I didn’t foresee how efficient and huge this blog would be and I just hit the “create a blog in one click” button. I must admit this OVH feature is a real great opportunity for people who have no-to-very-few technical knowledge, but now I need to modify scripts and finely tune my blog so it can be a lot more awesome than it is right now. (done @ 2015-01-27-17h58m)

Secondly, I’ll start to play with my dedicated server and figure out what I would need to install ownCloud. Cool thing is that I will be able to host stuff from friends, like files with my perso cloud, but also websites!
I’m guessing I’ll need a LAMP first : its quite a tough task, especially for me who is not a shell guru bit nothing’s impossible when it comes to a challenge =)

Stay tuned!

 

 

Below, some pics of what I’ve done this early morning :

screenshot-www-kimsufi-com-2015-01-27-01-46-49

login test with Putty : w00t it r000xXXX!!!

putty

 

Imitation Game

The Imitation Game

From Wikipedia, the free encyclopedia

The Imitation Game is a 2014 historical thriller film about British mathematician, logician, cryptanalyst and pioneering computer scientist Alan Turing. Turing was a key figure in cracking Nazi Germany‘s naval Enigma code which helped the Allies win the Second World War, only to later be criminally prosecuted for his homosexuality. The film stars Benedict Cumberbatch as Turing, and is directed by Morten Tyldum, with a screenplay by Graham Moore based on the biography Alan Turing: The Enigma by Andrew Hodges.

The film’s screenplay topped the annual Black List for best unproduced Hollywood scripts in 2011. After a bidding process against five other studios, The Weinstein Company acquired the film for $7 million in February 2014, the highest amount ever paid for US distribution rights at the European Film Market. It had its world premiere at the 41st Telluride Film Festival in August 2014. It also featured at the 39th Toronto International Film Festival in September where it won “People’s Choice Award for Best Film”, the highest award of the festival. It had its European premiere as the opening film of the 58th BFI London Film Festival in October and was released theatrically in the United Kingdom on 14 November, and in the United States on 28 November.

The Imitation Game was both a critical and commercial success. The film was included in both the National Board of Review‘s and American Film Institute‘s “Top 10 Films of 2014”. At the 87th Academy Awards, it has been nominated in eight categories including Best Picture, Best Director for Tyldum, Best Actor for Cumberbatch and Best Supporting Actress for Keira Knightley. It also garnered five nominations in the 72nd Golden Globe Awards and was nominated in three categories at the 21st Screen Actors Guild Awards including Outstanding Performance by a Cast in a Motion Picture. In addition, it received nine British Academy of Film and Television Arts nominations including Best Film and Outstanding British Film. Its cast and crew were honoured by LGBT civil rights advocacy and political lobbying organisation Human Rights Campaign for bringing Turing’s legacy to a wider audience. As of January 2015, the film has grossed a total of $84.5 million worldwide against a $15 million production budget.

In terms of historical accuracy, while the broad outline of Turing’s life as depicted in the film is true, a number of historians have noted that elements within it represent distortions of what actually happened, especially in terms of Turing’s work at Bletchley Park during the war and his relationship with friend and fellow code breaker Joan Clarke.

[ …]

{{ source }}

Personal tools and applications

Operating Systems :

  • Windows 7 64 bits (main – homemade rig)
  • Linux : Kubuntu 14.10 (notebook Acer Extenza 5620Z), Raspbian Wheezy (Raspberry PI model B+), Android 4.4 (Samsung Galaxy Note 3)

Applications (main) :

(1) addons : AdBlock Plus, Avast Online Security, Better Privacy, Click & Clean, Disconnect, F.B. Purity, Fasterfox, Firebug, Flagfox, HTTPS -Everywhere, Nimbus Screen Capture, Print pages to PDF, QuickJava, Web Developper
(2) modules : HTML5, Tools, Developping Netbeans, Java FX2, Java SE, Groovy, User Installed Plugins, Java ME, Base IDE, Java Web and EE, PHP, Service Registry, Java Card, C/C++
(3) Java EE, PHP
(4) I do not use this a lot anymore since I just test & work on www.cybermaohi.com; even though the last update was in nov. 2014, I did not check if WAMP projects are very active (like XAMPP, etc.). On a side note, IF I was to use such a thing, I would rather install a LAMP on my notebook or my Raspberry from scratch and configure it manually with a console : it’s not really hard and there are some great tutos out there. Now that I’m reading some more here which will probably lead to a post about Bitnami
(5) linked to my main gmail account, I also use some other Google Apps, like Docs, Agenda, Maps, Google +, Google Apps Script : I’m a happy G Fan!
(6) why ? in brief, this is mainly because OpenOffice is a project from the Apache Software Foundation, but I do recommend you to choose your very own version after reading this OpenOffice vs LibreOffice discussion

 

 

 

Histoire des codes secrets. De l’Égypte des pharaons à l’ordinateur quantique

Histoire des codes secrets. De l’Égypte des pharaons à l’ordinateur quantique

L’Histoire des codes secrets : De l’Égypte des pharaons à l’ordinateur quantique est un livre écrit par Simon Singh (titre original en anglais : The code Book) publié pour la première fois en 1999. Le livre se décompose en 8 parties chacune passant en revue l’évolution de la cryptographie des pharaons, passant par Marie Stuart reine d’Écosse et la machine Enigma, jusqu’à l’ordinateur quantique.

Sommaire

Exercices

Le livre permet grâce à 10 exercices de mettre en application les techniques vues dans le livre. D’une difficulté croissante, les premiers se résolvent en quelques heures alors que les derniers sont d’un niveau quasi-professionnel. Le concours mis en place à la première édition du livre sorti en 1999 avait pour récompense 10 000 livres sterling. Le 7 octobre 2000, les solutions furent trouvées après plus d’un an de recherche.

Critiques

D’après Sciences & Avenir, le livre « se lit comme un polar. C’est aussi une magistrale vulgarisation des techniques de chiffrement et de déchiffrement »1.

D’après France Culture, le livre a le mérite d’attirer l’attention sur l’enjeu actuel de respect de la vie privée2.

Chapitres

  • Chapitre 1: Le chiffre de Marie, reine d’Écosse
  • Chapitre 2: le chiffre indéchiffrable
  • Chapitre 3: La mécanisation du codage
  • Chapitre 4: A l’attaque d’Enigma
  • Chapitre 5: La barrière de la langue
  • Chapitre 6: Alice et Bernard s’affichent en public
  • Chapitre 7: Pretty Good Privacy
  • Chapitre 8: Saut quantique dans le futur

Annexes

  • Annexe A: Premier paragraphe de A Void
  • Annexe B: Quelques conseils élémentaires sur l’analyse de fréquence
  • Annexe C: Le code dit de la Bible
  • Annexe D: Le chiffre Pigpen (L’enclos des cochons)
  • Annexe E: Le chiffre de Playfair
  • Annexe F: Le chiffre ADFGVX
  • Annexe G: Pourquoi il ne faut pas utiliser deux fois un chiffre à clef jetable
  • Annexe H: Solutions des mots croisés
  • Annexe I: Quelques exercices pour le lecteur intéressé
  • Annexe J: Les mathématiques du système RSA

Notes et références

Voir aussi

Article connexe

Liens externes

{{ source }}