Schoorbs is a system to make room and resource
bookings through a Web 2.0 GUI. You can also
interact with it through a REST API. It allows you to book rooms and resources grouped by areas. Activity can be logged via a simple logging interface. The code is automatically tested by several unit tests. The interface can easily be styled through the usage of a template system. Schoorbs produces valid XHTML 1.1 output, has packages for Debian and Ubuntu, and is well documented online.

License: GNU General Public License (GPL)

Changes:

“https connections exist to help ensure that when somebody is engaged in a financial transaction over the internet they are actually connected to the correct site - such as a bank, online vendor, and so forth. However, due to an error in the OpenSSL library used by the Debian Linux distribution, weak cryptographic keys have been generated and put to use during a period of about one and a half years. If certificates using these weak keys are used, not only could criminals decode encrypted traffic, they could conceivably mimic https sites in the name of the online bank or vendor – this would typically be done in order to steal personal details such as credit card information, passwords, and so forth.

Here's a quick HOWTO for setting up your own secure pseudo-dynamic DNS (DDNS) server.

It's not a "real" DDNS service, i.e. you won't be able to use standard DNS tools or protocols to talk to the server, but it covers 98% of all functionality I expect from a service such as DynDNS or similar ones: It tells me the IP address of a certain box which doesn't have a static IP address (e.g. my home-server).

Requirements

You'll need:

dar is a fast and easy command-line driven backup program which is efficient and reliable.
tripwire is a security tool which practically monitors files and directories and tells you when any change occurs.

Whether you hire outside consultants or do the testing yourself, here are some tips for making sure your time and money are well spent.

1. Set goals. Make sure you know before you start your penetration testing what you want the results to encompass. Adding in too many systems can be overwhelming and costly.

On Open Enterprise blog.

I wasn't going to post about this, but it seems that, for my own sanity, I must. As you might know by now, a Debian Security Advisory came out, talking about a problem that affected the OpenSSL package, not only for Debian but for its derivatives too, like Ubuntu.

My first two remarks, and probably the most important ones for my thoughts about this issue:

You may have heard of it: I’m speaking about DSA-1571-1. Read more about it on the pages “Key Rollover“, or “SSLkeys“.

And no, I don’t put it off lightly, like tuxchick did lately, nor do I blame any Debian people or anyone else - we’re only human, after all. But think about the consequences, like Erich did.

Tor is a network of virtual tunnels that allows people and
groups to improve their privacy and security on the Internet.
It also enables software developers to create new
communication tools with built-in privacy features. It
provides the foundation for a range of applications that allow
organizations and individuals to share information over
public networks without compromising their privacy.
Individuals can use it to keep remote Websites from tracking
them and their family members. They can also use it to
connect to resources such as news sites or instant
messaging services that are blocked by their local Internet
service providers (ISPs).

Following the security problem on openssl/openssh specific to Debian (apparently, a lack of randomness in the generation of the keys for the whole OpenSSL library), it is time to renew your SSL certificates and SSH keys (a bit of cleaning). Why not turn it into the occasion to test a new certificate with the capability of answering to different names (with only one certificate and IP), as explained here?

Even with a fully encrypted system (root and swap partitions), your data is still vulnerable while your computer is on. That's why Bruce Schneier recommends a two-tier encryption strategy.

The idea is that infrequently used files are moved to a separate partition, encrypted with a different key. That way, the bulk of your data files is protected even if your laptop is hijacked or if an intruder manages to steal some files while your main partition is decrypted.

The swap partition can hold a lot of unencrypted confidential information and the fact that it persists after shutting down the computer can be a problem.

Encrypting a swap partition however is slightly tricky if one wants to also support suspend-to-disk (also called hibernation). Here's a procedure that worked for me on both Debian Lenny and Ubuntu 7.10 (Gutsy Gibbon):

0- Install the cryptsetup package:

apt-get install cryptsetup

1- Setup the encrypted partition as root:

swapoff -a
cryptsetup -h sha256 -c aes-cbc-essiv:sha256 -s 256 luksFormat /dev/hda2
cryptsetup luksOpen /dev/hda2 cswap
mkswap /dev/mapper/cswap

2- Add this line to /etc/crypttab:

In this post, I include a script that can generate Self-signed X509 certificates (for use with https for example) with several names for the server. This is required because the certificate exchange is made on a lower level than the protocol exchange. For example, Apache can deliver to different domain names, but only one certificate can be used because it is asked before the domain name negotiation. So aliases must be included in the certificate or warnings are printed to the user.

So here is the script. Just run it with the main name for the server in first place, and the other names after it.

Do not hesitate to change the default values in the auxiliary and mandatory openssl-conf.cnf file.

Just in case you haven't heard of this yet: GnuPG <= 1.4.5 contains a remotely exploitable security issue which has been fixed in 1.4.6.

You should really upgrade ASAP, as this problem can (theoretically) occur when GnuPG decrypts/checks encrypted email messages/signatures (for example).

If you're running Debian unstable: apt-get install gnupg

I figured out how to set up an encrypted partition on Ubuntu the other day. There are a bunch of ways of doing it but I found this to be the simplest. It should work on Debian too, since all the relevant packages are Debian ones anyway. In my example I’m encrypting an LVM partition (logical volume), but it should work with any device, including removable USB keys (see end notes). UPDATE: This is broken in Edgy but I figured out a simple fix, see below.

Install the cryptsetup package from apt

# apt-get install cryptsetup

Choose a partition you’d like to encrypt.

In my case, I’m encrypting an LVM logical volume on a sata harddisk: