Linux comes with a host based firewall called Netfilter. The netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack. This Linux based firewall is controlled by the program called iptables to handles filtering for IPv4, and ip6tables handles filtering for IPv6. I strongly recommend that you first read our quick tutorial that explains how to configure a host-based firewall called Netfilter (iptables) under CentOS / RHEL / Fedora / Redhat Enterprise Linux. If you are using Ubuntu/Debian Linux, see how to setup UFW for more info. This post lists most simple iptables solutions required by a new Linux user to secure his or her Linux operating system from intruders.
Unhide is a little handy forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. This tool works under Linux, Unix-like system, and MS-Windows operating systems.
PHP is an open-source server-side scripting language, and it is a widely used. The Apache/Nginx/Lighttpd web server provides access to files and content via the HTTP OR HTTPS protocol. A misconfigured server-side scripting language can create all sorts of problems. So, PHP should be used with caution. Here are twenty-five php security best practices for sysadmins for configuring PHP securely.
XPenguins is a program for animating cute cartoons animals in your root window. By default it will be penguins they drop in from the top of the screen, walk along the tops of your windows, up the side of your windows, levitate, skateboard, and do other similarly exciting things. Now you can send an army of cute little penguins to invade the screen of someone else on your network.
Tux Paint is a simple graphics educational painting programs for young children. It is free, Open Source software, distributed under the terms of the GNU General Public License. The program can be installed all all versions of Microsoft Windows, Apple OS X v10.3+, Linux, BeOS, Haiku, FreeBSD and NetBSD operating systems. It combines an easy-to-use interface, fun sound effects, and an encouraging cartoon mascot who guides children as they use the program.
The last time I wrote about basic “Linux Server Hardening Security” tips. In this post I will write about the /proc/sys/kernel/cap-bound file which act as a powerful Linux hardening tool. This file holds the value of the kernel capability bounding set (expressed as a signed decimal number). This set is ANDed against the capabilities permitted to a process during exec. You can make changes to this file (bit value of cap-bound) and you can restrict many capabilities of process and put restrictions on root related process too. Using capability you can enable or disable Linux kernel modules loading, firewall, routing, raw sockets, locking of memory segments, restrictions on changing file ownership, restrictions on read and search of files and directories, sending signals to processes owned by others, modification of immutable and append-only file attributes, use of chroot(), rebooting the system, conman sys admin tasks such as mount, quotas, swapping and much more.
Linux is a free and open source operating system. Linux and another open source operating system can use and load device drivers without publicly available source code. These are vendor-compiled binary drivers without any source code. Commonly known as Blobs. Die-hard open source fans and Free Software Foundation (FSF) recommends completely removing all proprietary components including blobs. This posts list seven best Linux distribution that meets the FSF’s strict guidelines and contains no proprietary components such as firmware and drivers.
A DVD ripper software allows you to copying the content of a DVD to a hard disk drive. You transfer video on DVDs to different formats, or make a backup of DVD content, and to convert DVD video for playback on media players, streaming, and mobile phone. A few DVD rippers software can copy protected disks so that you can make discs unrestricted and region-free.
If you are a developer, you will re-use code provided by others. Usually /lib, /lib64, /usr/local/lib, and other directories stores various shared libraries. You can write your own program using these shared libraries. As a sys admin you need to manage and install these shared libraries. Use the following commands for shared libraries management, security, and debugging problems.