≡ Menu

Security

Debian / Ubuntu: Set Port Knocking With Knockd and Iptables

My iptables based firewall allows only port TCP 80 and 443. I also need tcp port # 22, but I do not have static IP at my home. How do I open and close TCP port #22 on demand under Debian or Ubuntu Linux based server systems? How do I install a port-knock server called knockd and configure it with iptables to open tcp port #22 or any other ports?

[click to continue…]

Nginx: Block URL Access (wp-admin/wp-login.php) To All Except One IP Address

I am the small business owner and runs my own web-site. I have noticed increased cracking activity against by blog. What’s the best way to block WordPress URLs such as example.com/blog/wp-login.php and example.com/blog/wp-admin/ in the nginx web-server?
[click to continue…]

Linux: Turn On TCP SYN Cookie Protection

I am under DoS attack. My cloud based server hosting company asked me to enable TCP SYN cookie protection to save my domain from SYN Attack. How do I turn on TCP Syn cookie protection under Ubuntu or CentOS Linux based server?
[click to continue…]

Linux Iptables Setup Firewall For a Web Server

I have setup an Apache web server on CentOS Linux. How do I configure firewall to allow or block access? How do I setup firewall for a web server under RHEL or CentOS Linux v6.x?
[click to continue…]

OpenBSD: Configure Network Interface As A Bridge / Network Switch

I have Soekris single board communication embedded computers which is optimized for low power and network usage. The server has four Ethernet ports. How do I setup IPv4 software bridge using OpenBSD operating systems so that the rest of four ports act as a network switch?
[click to continue…]

Ubuntu Linux: Disable Apparmor For Specific Profile / Service Such As Mysqld Server

AppArmor (“Application Armor”) is a security module for the Linux kernel and integrated into both kernel and Ubuntu Linux. How do I disable AppArmor protection for mysql profile / service under Ubuntu or Novell Suse Enterprise Linux?
[click to continue…]

tar and rsync: Archive and Preserve SELinux Contexts, Extended Attributes, And ACLs

How do I use tar and rsync command that can preserve the ACLs, extended attributes and SELinux contexts under CentOS / RHEL / Fedora Linux server while making backups?
[click to continue…]

Linux / UNIX: Encrypt Backup Tape Using Tar & OpenSSL

How do I make sure only authorized person access my backups stored on the tape drives (DAT, DLT, LTO-4 etc) under Linux or UNIX operating systems? How do I backup /array22/vol4/home/ to /dev/rmt/5mn or /dev/st0 in encrypted mode?
[click to continue…]

Nginx Block And Deny IP Address OR Network Subnets

How do I block or deny access based on the host name or IP address of the client visiting website under nginx web server?
[click to continue…]

Linux Default Services Which Are Enabled at Boot

Can you provide a guidance on default CentOS / Fedora / RHEL / Redhat enterprise Linux services which are enabled at boot time by a default? Can you provide set of recommendations for all default services and which to keep for performance and security and which to turn off?
[click to continue…]