≡ Menu


Linux: Hide Processes From Other Users

I run a multi-user system. Most users access resources using ssh client. How can I stop leaking process information to all users on Linux operating systems? How do I prevent users from seeing processes that do not belong to them on a Debian/Ubuntu/RHEL/CentOS Linux server?
[click to continue…]

Linux: Log Suspicious Martian Packets / Un-routable Source Addresses

I run a web-server and I would like to log packets with un-routable source addresses on Linux operating system. How can I log spoofed packets on Debian / Ubuntu / CentOS / RHEL / Linux based server? How can I log a Martian packet (packet from Mars) on Linux operating systems?
[click to continue…]

Increase NFS Client Mount Point Security For a Web-Server noexec, nosuid, nodev Options

I am using NFS server version 4.x on a CentOS/RHEL based system. I'm mounting my shared /var/www/ directory on five Apache based nodes using the following syntax:

mount -t nfs4 -o rw,intr,hard,proto=tcp rocknas02:/httproot/www /var/www/

I noticed that due to bug in my app user can sometime upload executable or other device files to get out of chrooted Apache server. How can I prevent such security issues on a CentOS or RHEL based NFS client and sever setup?
[click to continue…]

Nginx: Allow All But Block Certain POST Request URLS For Selected Spammer IP Address/CIDR

I am a small business and ecom site owner. I also run a WordPress based blog to connect with my customers. However, I get too much spam from certain IPs and net-blocks. How do I block access to certain url(s) such as example.com/blog/wp-comments-post.php for selected IP address and CIDRs? How do I allow everyone including IP address to access my blog but block IP address accessing only example.com/blog/wp-comments-post.php? How do I block POST requests for selected IPs/CIDR on nginx?
[click to continue…]

Ubuntu Linux: Turn On Exec-Shield Buffer Overflow Protection

I am trying to set exec-shield protection on Linux as described here but getting the following error on Ubuntu Linux server version 12.04 LTS:

sysctl -w kernel.exec-shield=1
error: "kernel.exec-shield" is an unknown key

How do I fix this problem and make sure exec-shield buffer overflow protection security feature turned on Ubuntu Linux?
[click to continue…]

Debian / Ubuntu: Set Port Knocking With Knockd and Iptables

My iptables based firewall allows only port TCP 80 and 443. I also need tcp port # 22, but I do not have static IP at my home. How do I open and close TCP port #22 on demand under Debian or Ubuntu Linux based server systems? How do I install a port-knock server called knockd and configure it with iptables to open tcp port #22 or any other ports?

[click to continue…]

Nginx: Block URL Access (wp-admin/wp-login.php) To All Except One IP Address

I am the small business owner and runs my own web-site. I have noticed increased cracking activity against by blog. What's the best way to block WordPress URLs such as example.com/blog/wp-login.php and example.com/blog/wp-admin/ in the nginx web-server?
[click to continue…]

Linux: Turn On TCP SYN Cookie Protection

I am under DoS attack. My cloud based server hosting company asked me to enable TCP SYN cookie protection to save my domain from SYN Attack. How do I turn on TCP Syn cookie protection under Ubuntu or CentOS Linux based server?
[click to continue…]

Linux Iptables Setup Firewall For a Web Server

I have setup an Apache web server on CentOS Linux. How do I configure firewall to allow or block access? How do I setup firewall for a web server under RHEL or CentOS Linux v6.x?
[click to continue…]

OpenBSD: Configure Network Interface As A Bridge / Network Switch

I have Soekris single board communication embedded computers which is optimized for low power and network usage. The server has four Ethernet ports. How do I setup IPv4 software bridge using OpenBSD operating systems so that the rest of four ports act as a network switch?
[click to continue…]