nixCraft » Suse Linux

20 Linux Server Hardening Security Tips

nixCraft — Fri, 30 Oct 2009 07:52:11 +0000

Securing your Linux server is important to protect your data, intellectual property, and time, from the hands of crackers (hackers). The system administrator is responsible for security Linux box. In this first part of a Linux server security series, I will provide 20 hardening tips for default installation of Linux system.

BIND 9 Dynamic Update DoS Security Update

nixCraft — Wed, 29 Jul 2009 15:47:12 +0000

BIND 9 is an implementation of the Domain Name System (DNS) protocols. named daemon is an Internet Domain Name Server for UNIX like operating systems. Dynamic update messages may be used to update records in a master zone on a nameserver. When named receives a specially crafted dynamic update message an internal assertion check is triggered which causes named to exit. An attacker which can send DNS requests to a nameserver can cause it to exit, thus creating a Denial of Service situation. configuring named to ignore dynamic updates is NOT sufficient to protect it from this vulnerability. This exploit is public. Please upgrade immediately.

Top 20 OpenSSH Server Best Security Practices

nixCraft — Fri, 24 Jul 2009 21:49:43 +0000

OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key cryptography. From time to time there are rumors about OpenSSH zero day exploit. Here are a few things you need to tweak in order to improve OpenSSH server security.

Linux Kernel Security (SELinux vs AppArmor vs Grsecurity)

nixCraft — Wed, 27 May 2009 22:29:17 +0000

Linux kernel is the central component of Linux operating systems. It is responsible for managing the system's resources, the communication between hardware and software and security. Kernel play a critical role in supporting security at higher levels. Unfortunately, stock kernel is not secured out of box. There are some important Linux kernel patches to secure your box. They differ significantly in how they are administered and how they integrate into the system. They also allow for easy control of access between processes and objects, processes and other processes, and objects and other objects. The following pros and cons list is based upon my personal experience.

Lighttpd Install mod_geoip For Country / City Level Geo Targeting

nixCraft — Sun, 29 Mar 2009 04:35:28 +0000

Geolocation software is used to get the geographic location of visitor using IP address. You can determine country, organization and guess visitors location. This is useful for:

a] Fraud detection.

b] Geo marketing and ad serving.

c] Target content.

d] Spam fighting.

e] And much more.

mod_geoip is a Lighttpd module for fast ip/location lookups. In this tutorial you will learn about mod_geoip installation and php server side examples to determine visitors country.

How To Tail (View) Multiple Files on UNIX / Linux Console

nixCraft — Mon, 09 Feb 2009 19:28:32 +0000

tail is one of the best tool to view log files in a real time (tail -f /path/to/log.file). The program MultiTail lets you view one or multiple files like the original tail program. The difference is that it creates multiple windows on your console (with ncurses). This is one of those dream come true program for UNIX sys admin job. You can browse through several log files at once and do various operations like search for errors and much more.

Linux Convert ext3 to ext4 File system

nixCraft — Fri, 23 Jan 2009 15:45:57 +0000

Some time ago ext4 was released and available for Linux kernel. ext4 provides some additional benefits and perforce over ext3 file system. You can easily convert ext3 to ext4 file system. The next release of Fedora, 11, will default to the ext4 file system unless serious regressions are seen. In this quick tutorial you will learn about converting ext3 to ext4 file system.

Important: Openssl Security Update [CVE-2008-5077]

nixCraft — Thu, 08 Jan 2009 21:58:45 +0000

Linux / BSD and UNIX like operating systems includes software from the OpenSSL Project. The OpenSSL is commercial-grade, industry-strength, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as general purpose cryptography library.

The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a malicious server, or able to effect a "man in the middle" attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client and bypass validation.

This update has been rated as having important security impact on FreeBSD, all version of Ubuntu / Debian, Red Hat (RHEL), CentOS, Fedora and other open source operating system that depends upon OpenSSL.

Download of the day: openSUSE 11.1 CD / ISO Images

nixCraft — Thu, 18 Dec 2008 14:44:53 +0000

openSUSE version 11.1 has been released and available for download (jump to download) from the official project website. The 11.1 release includes a ton of new features and improvements, an improved desktop experience with GNOME 2.24 and KDE 4.1.3, OpenOffice.org 3.0, YaST improvements, updated Linux kernel, and much more.

HP to Ship Compaq Business PC with Pre Installed Suse Linux

nixCraft — Thu, 11 Dec 2008 03:28:53 +0000

Good news for all holiday buyers and open source software supporters. HP today announced the plans to introduce Linux as an operating system choice for business desktop customers. After Dell, HP the leader in worldwide Linux server shipments and revenue, has introduced a new desktop offering with SUSE Linux Enterprise Desktop from Novell on the HP Compaq dc5850. The offerings are designed to help small businesses enhance their productivity and ease their management of technology. You will get lots of productivity software like Openoffice.org and others.

BASH Shell: For Loop File Names With Spaces

nixCraft — Tue, 09 Dec 2008 19:18:29 +0000

BASH for loop works nicely under UNIX / Linux / Windows and OS X while working on set of files. However, if you try to process a for loop on file name with spaces in them you are going to have some problem. for loop uses $IFS variable to determine what the field separators are. By default $IFS is set to the space character. There are multiple solutions to this problem.

fold: Wrap Text File / Line / Words To Fit in Specified Width

nixCraft — Tue, 25 Nov 2008 11:42:21 +0000

fold is really nifty command line utility to make a text file word wrap. This is useful for large number of text files processing. There is no need to write a perl / python code or use a word processor.

Linux: Should You Use Twice the Amount of Ram as Swap Space?

nixCraft — Wed, 19 Nov 2008 08:50:49 +0000

Linux and other Unix-like operating systems use the term "swap" to describe both the act of moving memory pages between RAM and disk, and the region of a disk the pages are stored on. It is common to use a whole partition of a hard disk for swapping. However, with the 2.6 Linux kernel, swap files are just as fast as swap partitions. Now, many admins (both Windows and Linux/UNIX) follow an old rule of thumb that your swap partition should be twice the size of your main system RAM. Let us say I've 32GB RAM, should I set swap space to 64 GB? Is 64 GB of swap space really required? How big should your Linux / UNIX swap space be?

Linux / UNIX: Find Out If a Directory Exists or Not

nixCraft — Sun, 16 Nov 2008 17:13:15 +0000

I've already written a small tutorial about finding out if a file exists or not under Linux / UNIX bash shell. However, couple of our regular readers like to know more about a directory checking using if and test shell command.

RAID 5 vs RAID 10: Recommended RAID For Safety and Performance

nixCraft — Wed, 22 Oct 2008 12:48:43 +0000

A Redundant Array of Independent Drives (or Disks), also known as Redundant Array of Inexpensive Drives (or Disks) (RAID) is an term for data storage schemes that divide and/or replicate data among multiple hard drives. RAID can be designed to provide increased data reliability or increased I/O performance, though one goal may compromise the other. There are 10 RAID level. But which one is recommended for data safety and performance considering that hard drives are commodity priced?

Nagios: System and Network Monitoring Book

nixCraft — Sat, 18 Oct 2008 13:59:12 +0000

The convenience and reliability that monitoring programs offer system administrators is astounding. Whether at home, commuting, or on vacation, admins can continuously monitor their networks, learning of issues long before they become catastrophes.
Nagios, the most popular open source solution for system and network monitoring, is extremely robust, but it's also intensely complex.

Install Linux on Fujitsu Siemens ESPRIMO E5720

nixCraft — Thu, 25 Sep 2008 02:10:38 +0000

I was trying to install Redhat ( RHEL 5) / CentOS 5 server on a Fujitsu Siemens ESPRIMO E5720 and got problem with the installer.

Gnome Desktop Tip: Quickly Open Any File / URL / Write Email

nixCraft — Fri, 22 Aug 2008 09:20:38 +0000

There are three ways to open any file under Gnome Linux / UNIX Desktop. gnome-open is the quickest and easiest way to open any file or url.

Paid Support From Novell / Red Hat Not Important for Linux Adoption

nixCraft — Sat, 09 Aug 2008 07:30:06 +0000

Companies are increasingly choosing free community-driven Linux distributions instead of commercial offerings with conventional support options from Red Hat or Novell due to dissatisfaction with the cost of support services.

Debugging Linux pppd / PPTP VPN Problems

nixCraft — Wed, 30 Jul 2008 11:10:25 +0000

I've already written about setting up PPTP VPN client for proprietary Microsoft Point-to-Point vpn server using Linux pptp client. Learn how to troubleshoot and resolve common PPTP network connection problems.