Securing your Linux server is important to protect your data, intellectual property, and time, from the hands of crackers (hackers). The system administrator is responsible for security Linux box. In this first part of a Linux server security series, I will provide 20 hardening tips for default installation of Linux system.
BBC’s blogger Rory Cellan-Jones took Ubuntu Karmic Koala for 24 hours test drive and predicated that – “… Ubuntu will remain a very niche product – but it’s Google’s Android which could bring open-source to the mass consumer market…“.
“After The Software Wars”, is a new book in which former Microsoft employee Keith Curtis explores the worlds of proprietary and free software. Quoting from the article:
While I came to not be all that thrilled with Fedora itself, I was floored merely by the installation process. It contained a graphical installer that ran all the way to completion, it resized my NTFS partition — which I considered a minor miracle, setup dual boot, and actually did boot, and let me surf the Web. I didn’t have a clue what to do next, but the mere fact that this all worked told me more about the potential of Linux than anything I had read so far. You cannot, by accident, build an airplane that actually flies.
=> How a Microsoft veteran learned to love Linux, and why it matters
The ss command is used to show socket statistics. It can display stats for PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets, and much more. It allows showing information similar to netstat command. It can display more TCP and state information than other tools. It is a new, incredibly useful and faster (as compare to netstat) tool for tracking TCP connections and sockets. SS can provide information about:
- All TCP sockets.
- All UDP sockets.
- All established ssh / ftp / http / https connections.
- All local processes connected to X server.
- Filtering by state (such as connected, synchronized, SYN-RECV, SYN-SENT,TIME-WAIT), addresses and ports.
- All the tcp sockets in state FIN-WAIT-1 and much more.
Lets see how much effort it is going to take to convert this configuration to entirely different firewall platform – PF on OpenBSD. There are different ways to do this. I could make a copy of each member firewall (linux-test-1 and linux-test-2), set platform and host OS in the copy to PF and OpenBSD and then create new cluster object. This would be a sensible way because it preserves old objects which helps to roll back in case something does not work out. However, to make the explanation shorter, I am going to make the changes in place by modifying existing objects.