Category Archives: linux

Definitive instructions for installing secure Proftpd with OpenSSL – Part 2

In part 1 of this guide we:

  • prep’d the server to compile our own installations of ProFTPd and OpenSSL
  • downloaded the latest OpenSSL source
  • compiled and installed OpenSSL

Now we’re going to do this for the latest version of ProFTPd.

Note: In this part of the guide we’re simply doing the basics and won’t be configuring ProFTPd in any way. We want to be sure we can get ProFTPd installed and running in debug mode with a default configuration before we get into the weeds. In later parts of this guide, we’ll configure the FTP server and I’ll go over the options I use and why I use them, in addition to making sure SSL works as intended. Continue reading Definitive instructions for installing secure Proftpd with OpenSSL – Part 2

Definitive instructions for installing secure Proftpd with OpenSSL – Part 1

Proftpd is a remarkably versatile Unix/Linux FTP server daemon that has been in under active maintenance for more than 20 years. Downloading the base package from a stable Linux repository or performing a default installation from the latest source will net you a solid and easy to use server.

But what if you want more that just a default installation? There are hundreds of configurable options and more than a few dozen contributed or 3rd party modules, each with their own quirks/caveats that can lead a mostly Windows person down a thousand rabbit holes if you aren’t careful or have a strong background in Linux administration. In addition, while the base install of ProFTPd / OpenSSL from a stable repository will work “out of the box”, there’s a good chance that you won’t have the latest version of ProFTPd and OpenSSL (or source) due to delays from extensive vetting by Canonical.

This multi-part tutorial is my re-cap of months of monkeying around with Proftpd, following hundreds of different links, reading pages and pages of info, finally getting it to work they way I want it to.

Please link back to these instructions so others may find them on Google. (You know how it works — only pages with the highest number of incoming links get the best search position. If this guide helped you, help others find it too.)

Assumptions

  • You are a Windows professional or advanced user who “tinkers” with Linux as a hobby or as a non-critical part of your job. Expert Linux isn’t required, but you should understand basic commands like cat, tail, ls, grep, etc. You need to know how to use “vi” or some other command line text editor.
  • You have a [mostly] vanilla installation of ubuntu 10.04.04 LTS server that has been fully updated with all security patches and application updates. It’s entirely probable newer versions of Ubuntu will work fine (12.04 as of this writing) but this guide has only been tested with 10.04. The SSH server daemon needs to be installed either manually or as a part of an initial server load.
  • I make use of the Webmin utility to handle several basic Linux administrative tasks. As I mentioned, the audience for this guide is a mostly Windows person who tinkers. You’re not here to learn how to create new user accounts from a command line.

We’ll be compiling, installing, and configuring ProFTPd to use a non-standard port number, SSL, behind a firewall, and on a non-routable IP block.

Let’s get started…
Continue reading Definitive instructions for installing secure Proftpd with OpenSSL – Part 1

BIND 9 Error “has no address records (A or AAAA)”

The title of this post is important.

It’s important because the string in quotes above, “has no address records (A or AAAA)”, is the Google search that eventually lead me to solving a major annoyance and a likely broken BIND zone. The actual error I got was “zone INTERNET-NEXUS.COM/IN: NS 'NS.KELLEYFAMILY.COM.INTERNET-NEXUS.COM' has no address records (A or AAAA)“. Obviously this error is so isolated that Google wouldn’t return any results. Searching various versions of this error didn’t produce better results.

Finally, I stripped the error down to the key pieces (the quoted text in the post title) and found a solution to my problem. The solution to this problem, by the way, was bang-your-head-on-a-brick-wall stupid. Continue reading BIND 9 Error “has no address records (A or AAAA)”

Instagram Engineering

I’m a big fan of startups and generally lots of different technologies — particularly cool stuff I’ve never even heard of. One business that’s been kicking ass and taking names is Instagram. Their engineering prowess is impressive, if, for no other reason, they explain it in a fundamental, easy to understand way for those who have been around technology for a while and understand a lot of the core competencies. One could make the argument, though, that by telling the planet what your back-end looks like, you open yourself up to easy competition. Granted the details are missing and like anything else It’s not as easy as it looks, but just knowing what tools work well together is a HUGE migraine you won’t have to worry about. At any rate, Instagram engineering irregularly posted these design snippets to a Tumblr blog.

A few days ago, Instagram, after a mere 2 years in operation was acquired by Facebook for a paltry 2 billion US dollars. I don’t know if they’re headed toward corporate assimilation, or if, as Zuckerberg claimed, they will stay independent. I’m not taking any chances that the very cool write-ups they did will eventually be wiped from the Internet. What follows are all the entries (as of today) from http://instagram-engineering.tumblr.com/ for the simple fact that I hate digging for cool articles that have been removed.

Good luck guys. I hope it was a good decision.

Continue reading Instagram Engineering