Howto Configure PFSense Site-to-Site IPSec VPN Tunnel For Remote Access

in Categories , , last updated February 28, 2015

I work from a small office/home office and I need to set up an IPSec site-to-site VPN between a Cisco/OpeNBSD IPSec-enabled gateway and firewall running PFSense. How do I configure the VPN tunnel so that I can access remote subnet and servers behiend a Cisco firewall/router securely? How do I setup a tunnel mode configuration which will provide you with an encrypted site-to-site network, allowing networks at multiple remote locations to be able to securely communicate using my PFSense located in my SOHO?

Increase NFS Client Mount Point Security For a Web-Server noexec, nosuid, nodev Options

in Categories , , , , , last updated May 3, 2017

I am using NFS server version 4.x on a CentOS/RHEL based system. I’m mounting my shared /var/www/ directory on five Apache based nodes using the following syntax:

mount -t nfs4 -o rw,intr,hard,proto=tcp rocknas02:/httproot/www /var/www/

I noticed that due to bug in my app user can sometime upload executable or other device files to get out of chrooted Apache server. How can I prevent such security issues on a CentOS or RHEL based NFS client and sever setup?