L2TP (Ubuntu) server setup for iOS clients
For you road warriors who wish to set up their own VPN to secure their traffic when using any untrusted/unprotected networks ("free" WiFi?) when travelling, this would be the thing you use: a trusted VPN setup.
While I did dabble with OpenVPN sometime back, protocols like L2TP would be more commonly supported, especially on the "venerable" iOS device (iPhone, iPod Touch, iPad), and on Windoze machines, Android, etc.
This post will be on what you'll need to setup a L2TP server in Ubuntu for iOS devices to connect to. The server is assumed to be directly accessible from the internet. Some of the stuff are taken from other places, for my own reference here. There's also a great write up on IPsec over at Steve Friedl's Unixwiz.net Tech Tips site, for you geeks who actually want to understand a little regarding what you're using (high five!).
The L2TP server setup mainly comprises of three parts actually (surprise!). The L2TP daemon, IPsec daemon and the PPP daemon (providing DHCP services).
Main steps:
- install openswan (for IPsec), xl2tpd (L2TP) and ppp
- configure
- configure the (Linux) kernel to turn on IP forwarding, and IP masquerading if the iptables firewall is on
- configure the device itself
- take a break, have a pina colada or something
- profit!
Linux Login Detection Redux
Have almost forgotten how fun it is to mess around with a Linux server. Building another Linux server did indeed bring back some memories 
This is another scratchpad post: little to no explanation/breakdown on the script involved (unless there's the "impetus" to elaborate in future). Feel free to ask/discuss in the comments section below though.
Any user who logs in should trigger the sending of the notification email from the server immediately, and if it wasn't an expected login, well at least you'd know it's time to trigger some incident response processes.
As an improved version of the old post on the same topic, this script similarly is to be appended to /etc/profile or the relevant ~/.bash_profile per user.
echo -e "$(hostname) shell access\n$(date)\n$(who)\n\
$(for i in $(who|cut -d"(" -f2|cut -d")" -f1|cut -d":" -f1|sort -u);
do echo -e "==========\nwhois $i"; whois $i;
echo -e "\n=====\nreverse $i"; dig -x $i;
done;)" | \
mail -s "$(hostname) alert: shell access from \
$(who|cut -d"(" -f2|cut -d")" -f1|cut -d":" -f1|tr "\n" " ")" \
'youremail@domain.com'
Changes namely are the adding of whois and reverse IP (DNS PTR) lookups for all IP addresses currently logged on via SSH, and also the use of the more readable $() Bash command substitution expansion rather than the backtick (`).
You will need to have installed the mailutils package (apt-get install mailutils), and probably a MTA like postfix or exim too.
HTH.
Edit 30 Apr 2012: small bug fix in the sequence to extract all IPs from the who command output.
More automation needed
Although I've managed to configure the server such that there's a fair amount of automation for appropriate tasks (phone homes, automated monitoring and basic defenses), the time needed daily to monitor/maintain it still adds up...and is unreasonable collectively.
Looks like I'll have to look into further automating some of the tasks...