Yubikey + Roundcube mail = Two factor authentication webmail client

Second time updating roundcube mail to support OTP with yubikey. Process was fairly simple following instructions in https://github.com/northox/roundcube-yubikey-plugin

Install the code from https://github.com/northox/roundcube-yubikey-plugin.git

Add to config/main.inc.php:

$rcmail_config['plugins'] = array('yubikey_authentication');

Add to plugins/yubikey_authentication/config.inc.php and set the id and API key from Yubico:
$rcmail_config['yubikey_api_id'] = '';
$rcmail_config['yubikey_api_key'] = '';

Then, within roundcube webmail, in each user you can select if you want to set up a yubikey or not under settings.

Voilà, two factor authentication webmail https://mail.luisaranguren.com

https://www.ssllabs.com

SSL LABS has a SSL server test, checking https://luisaranguren.com on it made me realize it wasn’t doing too bad but there was some room for improvement. Overall rating was 64 “C”. Scored 100 except on protocol support, because I was still using SSL v2, which is deemed insecure and 40 in key exchange.

First step is to modify to protocol support, for that I changed the httpd-ssl.conf file to:

#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
#By Luis Aranguren 2011-12-12
#ssllabs.com suggestions/test
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:+EXP:+eNULL

Thus removing the SSLv2 support with !SSLv2 and removing all low strength ciphers with !LOW. Just those two changes increase my score to 85 “A”. With protocol support to 85 and Key Exchange to 80. This only removed the ciphers from the protocol and not the protocol itself, so I need to add the following to the same file:

SSLProtocol ALL -SSLv2

This removed the protocol, but did not improve the score.

Torrage + Apache

A while ago I tried to install Torrage with Apache and not the suggested lighthttpd. I had to modify the suggested “README-lighttpd.txt” in the docs directory to suit an apache .htaccess in the main folder.


RewriteEngine On
RewriteCond %{HTTP_HOST} ^torrage.luisaranguren.com$
RewriteRule ^torrent/([0-9A-F]{2,2})([0-9A-F]{2,2})([0-9A-F]{36,36}).* /t/$1/$2/$3.torrent [R=301,L]
<FilesMatch "\.torrent">
Header set Content-Encoding "gzip"
</FilesMatch>

<FilesMatch "\.ghtml">
Header set Content-Encoding "gzip"
</FilesMatch>

This definitely did the trick and got Torrage working flawlessly with Apache.

ZNC + MySQL

Been meaning to do this for some time, in the end was quite easy. All the information needed is in http://wiki.znc.in/MySQL_Log

  1. Download the mod
  2. Build with znc-buildmod mysql_log.cpp
  3. Copy compiled mod to the modules directory in ZNC
  4. Create database and table in MySQL
  5. Load with loadmod mysql_log <DB user> <DB password> <DB host> <DB name> <Table name>

It’s alive!

 

http://www.prxjdg.com

Well since the proxy judge I added to luisaranguren.com has created so much traffic recently, I decided to set it up in its own domain. This script has been around forever, and I guess it deserves a little recognition.

www.prxjdg.com

Hopefully will catch on and become the place to judge your proxy.

I don’t know much about the original creator of this script besides the information that is on the script itself “prxjdg – created by PRX4EVER thanx to Team Cr[y]ackerz”, thanks to them.

ZNC + Minbif + irssi

For some time I’ve been using the mix of ZNC (an IRC bouncer) with Minbif (an IRC-like interface multiprotocol IM client), this gives me an stable connection to IRC thru the server running those two servers. I just then use my prefered IRC client to connect to ZNC and voila, I have connection to all my IM accounts from everywhere since it supports multiple clients connected at the same time.

Also I use ZNC to connect to regular IRC networks, so on the same IRC client I have all my IM and all my IRC, with all connections handled by the server running ZNC. I think it’s a very elegant solution, and much better than handling everything from the client machine, running windows, rebooting every two days because this and that security patch.

For ZNC to handle several connections to different networks, you need to set up different accounts with different user names, I am not going to go into that and assume this has been already done, but because of this I was having a little bit of trouble setting up irssi to auto-connect whenever it ran. The solution was as follows:

First, in ZNC, I set up one network for each connection I want to do to ZNC

/network add <network1>
/network add <network2>

then I add a server to each network

/server add -auto -network <network1> -ssl <server> <port> <login1:password>
/server add -auto -network <network2> -ssl <server> <port> <login2:password>

and that was it, now whenever I run irssi, it autoconnects to my IRC and my IM.