Written on 14. January 2023

Apache2 as reverse proxy with ModSecurity and OWASP Ruleset on Debian

Here I will describe as mentioned in article https://stangneth.com/2022/12/27/nginx-as-reverse-proxy-with-waf-modsecurity-on-debian/ how to install a reverse proxy with WAF based on Apache2.

Installation

To install Apache2 on Debian, use the following command:

apt install apache2 -y

Next, we need to enable the necessary modules. We will be using the proxy and proxy_http modules to configure reverse proxy functionality and the headers module to add custom headers to the proxied traffic:

Read more…

No Comments on Apache2 as reverse proxy with ModSecurity and OWASP Ruleset on Debian

Written on 13. July 2022

VMware ESXi free backup with ghettoVCB

For some servers, which run in a development enviromente on a free ESXi, I needed a solution to backup them daily. I deciced to do it with https://github.com/lamw/ghettoVCB, because it is easy to handle. Unfortunately it only takes full backups, which can be a problem in the duration of a very large vm, but for the development system it works perfectly.

Prerequisites

The ssh services needs to be permanently activated on the ESXi Server.

Read more…

No Comments on VMware ESXi free backup with ghettoVCB

Written on 1. March 2022

FreeRadius, LDAP and dynamic VLAN assignment

A long time ago I was interested in find out how I can use my installed FreeRadius to dynamically assign a VLAN based on an Actice Directory Group. First I’ll show my current setup:

  1. Microsoft Active Directory Domain Controller (Windows Server 2012 R2)
  2. FreeRadius (openSUSE Leap 15.3) – Installation instruction https://stangneth.com/2021/05/26/freeradius-on-opensuse/
  3. HP ProCurve 2810-24G
  4. Client (Windows 10 21H2)

Active Directory group

After creating a local security group in Active Directory I assigned it to a User.

Read more…

No Comments on FreeRadius, LDAP and dynamic VLAN assignment

Written on 26. May 2021

FreeRadius on openSUSE

I changed my private wifi from WPA2 to WPA2-Enterprise. I no longer have to enter a one-time password, but can enable authentication using a username and password. For this scenario I’m using my MS Active Directory and a FreeRadius Server. Following you can find my configuration. Feel free to write comments or corrections in the comment-section.

Requirements

  • Static IP
  • /etc/hosts is showing to the Hostname /etc/HOSTNAME
  • DNS Server is an Active Directory Domain Controller or can dissolve all Active Directory entries
  • Chrony configured

Read more…

No Comments on FreeRadius on openSUSE

Categories
Last entries
  • Enhancing PowerShell Security with the Activation of Constrained Language Mode
  • Powershell Signing
  • Move FSMO Roles and demote old Domain Controller
  • How to Update VMware ESXi 8.x
  • Basic Security on Debian Server
  • Apache2 as reverse proxy with ModSecurity and OWASP Ruleset on Debian
  • Synology Active Backup for Business - Last backup to USB drive