Top 20 OpenSSH Server Best Security Practices

Posted on in Categories CentOS, Debian Linux, fedora linux, FreeBSD, Gentoo Linux, Howto, Linux, Networking, package management, RedHat/Fedora Linux, Security, Suse Linux, Sys admin, Tips, Ubuntu Linux, UNIX last updated January 31, 2016
Don't tell anyone that I'm free

OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key cryptography. From time to time there are rumors about OpenSSH zero day exploit. Here are a few things you need to tweak in order to improve OpenSSH server security.

Top 10 Open Source Web-Based Project Management Software

Posted on in Categories data center, Download of the day, GNU/Open source, Links, Linux, Networking, Software, Sys admin, Troubleshooting, UNIX last updated April 20, 2017

Project management software is not just for managing software based project. It can be used for variety of other tasks too. The web-based software must provide tools for planning, organizing and managing resources to achieve project goals and objectives. A web-based project management software can be accessed through an intranet or WAN / LAN using a web browser. You don’t have to install any other software on the system. The software can be easy of use with access control features (multi-user). I use project management software for all of our projects (for e.g. building a new cluster farm) for issue / bug-tracking, calender, gantt charts, email notification and much more.

Obviously I’m not the only user, the following open source software is used by some of the biggest research organizations and companies world wild. For e.g. NASA’s Jet Propulsion Laboratory uses track software or open source project such as lighttpd / phpbb use redmine software to keep track of their projects.

20 Linux System Monitoring Tools Every SysAdmin Should Know

Posted on in Categories CentOS, Debian Linux, Howto, Linux, Monitoring, Networking, RedHat/Fedora Linux, Security, Sys admin last updated August 5, 2015

Need to monitor Linux server performance? Try these built-in commands and a few add-on tools. Most Linux distributions are equipped with tons of monitoring. These tools provide metrics which can be used to get information about system activities. You can use these tools to find the possible causes of a performance problem. The commands discussed below are some of the most basic commands when it comes to system analysis and debugging server issues such as:

  1. Finding out bottlenecks.
  2. Disk (storage) bottlenecks.
  3. CPU and memory bottlenecks.
  4. Network bottlenecks.

Lighttpd Traffic Shaping: Throttle Connections Per Single IP (Rate Limit)

Posted on in Categories Apache, CentOS, fedora linux, FreeBSD, Howto, Iptables, lighttpd, Linux, Networking, PF Firewall, RedHat/Fedora Linux, Security, Ubuntu Linux, UNIX last updated February 9, 2010

If you do not control or throttle end users, your server may run out of resources. Spammers, abuser and badly written bots can eat up all your bandwidth. A webserver must keep an eye on connections and limit connections per second. This is serving 101. The default is no limit. Lighttpd can limit the throughput for each single connection (per IP) or for all connections. You also need to a use firewall to limit connections per second. In this article I will cover firewall and lighttpd web server settings to throttle end users. The firewall settings can be applied to other web servers such as Apache / Nginx and IIS server behind PF / netfilter based firewall.

Slowloris DoS Tool: It Can Bring Down Apache 1.x/2.x

Posted on in Categories Apache, Networking, News, PF Firewall, RedHat/Fedora Linux, Security Alert, UNIX, Windows server last updated June 19, 2009

Apache Security Update – a flaw In Apache can be used to carry out DoS. Slowloris is a new Apache DoS tool which can use slow Internet links to bring down Apache servers, rather than flooding networks. Most D/DoS tool requires faster net connections but this tool works with minimal bandwidth. This tool can lead to a DoS attack on Apache 1.x, 2.x, dhttpd, GoAhead WebServer, and Squid, while MS IIS6.0, IIS7.0, and lighttpd are confirmed not vulnerable to this attack.

Linux x86_64: Detecting Hardware Errors

Posted on in Categories CentOS, Debian Linux, fedora linux, Gentoo Linux, Hardware, Howto, kernel, Linux, Linux distribution, Networking, package management, RedHat/Fedora Linux, Shell scripting, Sys admin, Tips, Troubleshooting, Ubuntu Linux last updated June 18, 2009

The Blue Screen of Death (BSoD) is used for the error screen displayed by Microsoft Windows, after encountering a critical system. Linux / UNIX like operating system may get a kernel panic. It is just like BSoD. The BSoD and a kernel panic generated using a Machine Check Exception (MCE). MCE is nothing but feature of AMD / Intel 64 bit systems which is used to detect an unrecoverable hardware problem.

Program such mcelog decodes machine check events (hardware errors) on x86-64 machines running a 64-bit Linux kernel. It should be run regularly as a cron job on any x86-64 Linux system. This is useful for predicting server hardware failure before actual server crash.

ss: Display Linux TCP / UDP Network and Socket Information

Posted on in Categories Debian Linux, Howto, Linux, Monitoring, Networking, RedHat/Fedora Linux, Sys admin, Tips, Troubleshooting, Ubuntu Linux last updated September 1, 2014

The ss command is used to show socket statistics. It can display stats for PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets, and more. It allows showing information similar to netstat command. It can display more TCP and state information than other tools. It is a new, incredibly useful and faster (as compare to netstat) tool for tracking TCP connections and sockets. SS can provide information about:

  • All TCP sockets.
  • All UDP sockets.
  • All established ssh / ftp / http / https connections.
  • All local processes connected to X server.
  • Filtering by state (such as connected, synchronized, SYN-RECV, SYN-SENT,TIME-WAIT), addresses and ports.
  • All the tcp sockets in state FIN-WAIT-1 and much more.