≡ Menu

Ubuntu Linux

Top 20 OpenSSH Server Best Security Practices

Don't tell anyone that I'm free

OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key cryptography. From time to time there are rumors about OpenSSH zero day exploit. Here are a few things you need to tweak in order to improve OpenSSH server security.
[click to continue…]

If you do not control or throttle end users, your server may run out of resources. Spammers, abuser and badly written bots can eat up all your bandwidth. A webserver must keep an eye on connections and limit connections per second. This is serving 101. The default is no limit. Lighttpd can limit the throughput for each single connection (per IP) or for all connections. You also need to a use firewall to limit connections per second. In this article I will cover firewall and lighttpd web server settings to throttle end users. The firewall settings can be applied to other web servers such as Apache / Nginx and IIS server behind PF / netfilter based firewall.
[click to continue…]

I've Windows Vista installed as a guest under Ubuntu Linux using VMWARE Workstation 6.0. This is done for testing purpose and browsing a few site that only works with Internet Explorer. Since I only use it for testing I made 16GB for Vista and 5GB for CentOS and 5GB in size for FreeBSD guest operating systems. However, after some time I realized I'm running out of disk space under both CentOS and Vista. Adding a second hard drive under CentOS solved my problem as LVM was already in use. Unfortunately, I needed to double 32GB space without creating a new D: drive under Windows Vista. Here is a simple procedure to increase your Virtual machine's disk capacity by resizing vmware vmdk file.
[click to continue…]

OpenOffice.org (OOo) is a freely available, full-featured office suite. OOo is both a software product and a community of volunteers that produces and supports the software. However, new users may get lost while finding help, support and productivity enhancing extensions. This blog post covers OOo new user orientation to to discover support, tutorials, community insights, templates, clip art, extensions, and blogs for OOo. From the post:

OpenOffice.org is organized differently than its main competitor. Hoping to entice business users to purchase support and services, Sun Microsystems (recently purchased by Oracle) gives away not just the OpenOffice.org free of charge, but also its source code (the blueprints) and a significant degree of control. OpenOffice.org is organized as a community under the leadership of Louis Suarez-Potts, the community manager employed by Sun Microsystems. Sun funds the infrastructure and most of the software engineers. The community provides additional software engineers, quality assurance experts, marketers, translators, template developers, trainers, help desk staff, and other important roles. Anyone may participate in the community.

=> OpenOffice.org New User Orientation

Linux x86_64: Detecting Hardware Errors

The Blue Screen of Death (BSoD) is used by Microsoft Windows, after encountering a critical system error. Linux / UNIX like operating system may get a kernel panic. It is just like BSoD. The BSoD and a kernel panic generated using a Machine Check Exception (MCE). MCE is nothing but feature of AMD / Intel 64 bit systems which is used to detect an unrecoverable hardware problem. MCE can detect:

  • Communication error between CPU and motherboard.
  • Memory error - ECC problems.
  • CPU cache errors and so on.

[click to continue…]

The ss command is used to show socket statistics. It can display stats for PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets, and more. It allows showing information similar to netstat command. It can display more TCP and state information than other tools. It is a new, incredibly useful and faster (as compare to netstat) tool for tracking TCP connections and sockets. SS can provide information about:

  • All TCP sockets.
  • All UDP sockets.
  • All established ssh / ftp / http / https connections.
  • All local processes connected to X server.
  • Filtering by state (such as connected, synchronized, SYN-RECV, SYN-SENT,TIME-WAIT), addresses and ports.
  • All the tcp sockets in state FIN-WAIT-1 and much more.

[click to continue…]

Linux kernel is the central component of Linux operating systems. It is responsible for managing the system's resources, the communication between hardware and software and security. Kernel play a critical role in supporting security at higher levels. Unfortunately, stock kernel is not secured out of box. There are some important Linux kernel patches to secure your box. They differ significantly in how they are administered and how they integrate into the system. They also allow for easy control of access between processes and objects, processes and other processes, and objects and other objects. The following pros and cons list is based upon my personal experience.
[click to continue…]