How To Patch and Protect Linux Server Against the Glibc GHOST Vulnerability # CVE-2015-0235

Posted on in Categories , , , , last updated January 29, 2015

A very serious security problem has been found in the GNU C Library (Glibc) called GHOST. How can I fix GHOST vulnerability and protect my Linux server against the attack? How do I verify that my server has been fixed against the Glibc GHOST vulnerability?

How To PFSense Configure Network Interface As A Bridge / Network Switch

Posted on in Categories , , , last updated January 16, 2015

I have Soekris single board communication embedded computers which is optimized for low power and network usage. The server has four Ethernet ports. I’ve installed PFSense firewall on it and configure WAN + LAN ports. How do I setup IPv4 software bridge using PFSense so that the rest of ports act as a network switch?

Increase NFS Client Mount Point Security For a Web-Server noexec, nosuid, nodev Options

Posted on in Categories , , , , , last updated February 19, 2014

I am using NFS server version 4.x on a CentOS/RHEL based system. I’m mounting my shared /var/www/ directory on five Apache based nodes using the following syntax:

mount -t nfs4 -o rw,intr,hard,proto=tcp rocknas02:/httproot/www /var/www/

I noticed that due to bug in my app user can sometime upload executable or other device files to get out of chrooted Apache server. How can I prevent such security issues on a CentOS or RHEL based NFS client and sever setup?