FreeBSD Tools: portaudit – FreeBSD’s Third Party Security Audit
Portaudit is a software vulnerability auditing tool for FreeBSD systems. FreeBSD's Portaudit provides a system to check if installed ports are listed in a database of published security vulnerabilities.
The ports-mgmt/portaudit port polls a database for known security issues. This database is updated and maintained by the FreeBSD Security Team and ports developers.
To begin using Portaudit, install it from the Ports Collection:
cd /usr/ports/ports-mgmt/portaudit make install clean
Print This Post
Linux Security: Access Rights and Permissions for Files and Directories
1. Introduction
The Linux security model is based on the one used on UNIX operating systems. On a Linux system, every file is owned by a user and a group user. There is also a third category of users, those that are not the user owner and don't belong to the group owning the file. For each category of users, read, write and execute permissions can be granted or denied.
The file permissions for these three user categories are indicated by the nine characters that follow the first character, which is the file type indicator at the beginning of the file properties line. The first three characters in this series of nine display access rights for the actual user that owns the file. The next three are for the group owner of the file, the last three for other users.
The permissions are always in the same order: read, write, execute for the user, the group and the others.
Print This Post
SSH Security Tips – OpenSSH hardening security
In this article I'll show you some tricks to help you securing your OpenSSH service. Here you will find useful information on how to secure sshd and prevent ssh dictionary attack.
1. SSH security by tweaking sshd_config
The OpenSSH server configuration file is located in /etc/ssh/sshd_config. You need to restart sshd after every change you make to that file in order for changes to take effect.
- Change port number
Moving the SSH daemon off of port 22 protects you against automated attacks which assume that sshd is running on port 22.
Port 34912
- Allow only SSH protocol 2
Only SSH protocol version 2 connections should be permitted. Version 1 of the protocol contains security vulnerabilities. The default setting shipped in the configuration file is correct, but it's important to check.
Protocol 2
Print This Post
FreeBSD: How To Prevent Users from seeing information about processes owned by others
FreeBSD has inbuilt security measure to disallow users to see processes that are being run under another UID to avoid information snooping. To enable this security feature via sysctl, type the following commands:
sysctl security.bsd.see_other_uids=0 sysctl security.bsd.see_other_gids=0
To enable this security feature on boot, add the following lines to /etc/sysctl.conf:
# Hide UID and GID from other users security.bsd.see_other_gids=0 security.bsd.see_other_uids=0
Print This Post
PHP Security Tips – Securing PHP by hardening PHP configuration
When it comes to security, ignorance is definitely not blissful. There are several methods to increase the security of your PHP environment.
In this article I will discuss how to secure PHP by hardening PHP 5 configuration.
1. allow_url_fopen ( enabled by default )
This directive allows PHP's file functions ( file_get_contents, include and require statements ) to retrieve data from remote locations, like FTP or HTTP.
If an attacker can manipulate the arguments to those functions, they can use a URL under their control as the argument and run their own remote scripts. The vulnerability is called Remote file inclusion or RFI.
; Disable allow_url_fopen in php.ini for security reasons
allow_url_fopen = Off
The setting can also be applied in apache's httpd.conf :
# Disable allow_url_fopen for security reasons
php_admin_flag allow_url_fopen Off
It prevents URLs from being used in PHP. A command like include ("http://www.example.com/evil_script.php") will not be allowed to execute. Only files that reside within your site can be included: include("/var/www/html/config.inc.php").
Print This Post
“Smart” meters have security holes
SAN FRANCISCO — Computer-security researchers say new "smart" meters that are designed to help deliver electricity more efficiently also have flaws that could let hackers tamper with the power grid in previously impossible ways.
At the very least, the vulnerabilities open the door for attackers to jack up strangers' power bills. These flaws also could get hackers a key step closer to exploiting one of the most dangerous capabilities of the new technology, which is the ability to remotely turn someone else's power on and off.
Read more directly from the source.
Print This Post
China’s Great Firewall spreads overseas
A networking error has caused computers in Chile and the U.S. to come under the control of the Great Firewall of China, redirecting Facebook, Twitter, and YouTube users to Chinese servers.
Security experts are not sure exactly how this happened, but it appears that at least one ISP recently began fetching high-level DNS (domain name server) information from what's known as a root DNS server, based in China. That server, operated out of China by Swedish service provider Netnod, returned DNS information intended for Chinese users, effectively spreading China's network censorship overseas. China tightly controls access to a number of Web sites, using technology known colloquially as the Great Firewall of China.
Read more directly from the source.
Print This Post
Researchers Find Way To Zap RSA Algorithm
Three University of Michigan computer scientists say they have found a way to exploit a weakness in RSA security technology used to protect everything from media players to smartphones and e-commerce servers. Read more via networkworld.com.
Print This Post
Subscribe
Calendar
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | |||||
Polls
Loading ...Quote of the day
- Janis Joplin -
Recent Posts
- Ubuntu: How to install the Classic Desktop in Ubuntu 11.10 (Oneiric Ocelot)
- FreeBSD: How to set up an UPnP Internet Gateway Device (IGD) with MiniUPnP and FreeBSD 9.0
- Ubuntu: How to build and install Linksys AE1000 Wireless-N linux driver on Ubuntu 11.10
- FreeBSD: How to Install and Configure a PPTP VPN server with mpd5 on FreeBSD 8.2
- UNIX Tips: How to find broken symbolic links
Recent Comments
- on FreeBSD: How To Upgrade FreeBSD 7 to 8 Stable Release
- on FreeBSD: How to Install Adobe Flash in FreeBSD 8
- on How To Reset Keyring Password in Ubuntu
- on Ubuntu: How to build and install Linksys AE1000 Wireless-N linux driver on Ubuntu 11.10
- on FreeBSD: How to set up an UPnP Internet Gateway Device (IGD) with MiniUPnP and FreeBSD 9.0
Blogs
Links
Archives
- March 2012 (1)
- February 2012 (1)
- January 2012 (1)
- December 2011 (1)
- November 2011 (4)
- October 2011 (1)
- September 2011 (1)
- August 2011 (1)
- July 2011 (3)
- June 2011 (1)
- May 2011 (1)
- December 2010 (1)
- November 2010 (1)
- October 2010 (4)
- September 2010 (4)
- August 2010 (5)
- July 2010 (3)
- June 2010 (9)
- May 2010 (13)
- April 2010 (23)
- March 2010 (18)
- February 2010 (6)