20 Linux Server Hardening Security Tips

Posted on in Categories Debian Linux, fedora linux, Gentoo Linux, GNU/Open source, Howto, Linux, Monitoring, Networking, package management, RedHat/Fedora Linux, Security, Suse Linux, Sys admin, Tips, Ubuntu Linux last updated October 30, 2009

Securing your Linux server is important to protect your data, intellectual property, and time, from the hands of crackers (hackers). The system administrator is responsible for security Linux box. In this first part of a Linux server security series, I will provide 20 hardening tips for default installation of Linux system.

How To: Upgrade Red Hat Enterprise Linux 5.3 to v5.4

Posted on in Categories GNU/Open source, Hardware, Howto, Linux, Linux distribution, News, package management, RedHat/Fedora Linux last updated September 2, 2009

Red Hat Enterprise Linux v5.4 has been released and available via RHN for immediate update. The new version includes the kernel-based virtual machine (KVM) virtualization, next generation of developer features and tools including GCC 4.4, a new malloc(). Also included clustered, high-availability filesystem to support Microsoft Windows storage needs on Red Hat Enterprise Linux.

BIND 9 Dynamic Update DoS Security Update

Posted on in Categories BIND Dns, CentOS, Debian Linux, fedora linux, FreeBSD, Howto, Linux, Networking, package management, RedHat/Fedora Linux, Security, Solaris, Suse Linux, Sys admin, UNIX, Windows server last updated July 29, 2009

BIND 9 is an implementation of the Domain Name System (DNS) protocols. named daemon is an Internet Domain Name Server for UNIX like operating systems. Dynamic update messages may be used to update records in a master zone on a nameserver. When named receives a specially crafted dynamic update message an internal assertion check is triggered which causes named to exit. An attacker which can send DNS requests to a nameserver can cause it to exit, thus creating a Denial of Service situation. configuring named to ignore dynamic updates is NOT sufficient to protect it from this vulnerability. This exploit is public. Please upgrade immediately.

Top 20 OpenSSH Server Best Security Practices

Posted on in Categories CentOS, Debian Linux, fedora linux, FreeBSD, Gentoo Linux, Howto, Linux, Networking, package management, RedHat/Fedora Linux, Security, Suse Linux, Sys admin, Tips, Ubuntu Linux, UNIX last updated July 24, 2009
Don't tell anyone that I'm free

OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key cryptography. From time to time there are rumors about OpenSSH zero day exploit. Here are a few things you need to tweak in order to improve OpenSSH server security.

Download Fedora 11 CD / DVD ISO

Posted on in Categories Download of the day, fedora linux, Gnome, Linux, Linux desktop, Linux distribution, Linux Multimedia, package management, RedHat/Fedora Linux last updated June 10, 2009

Fedora Linux version 11 has been released and available for download ( jump to download link ). Fedora Linux is a community-based Linux distribution. Fedora is sponsored by Red Hat, Inc.

One of Fedora’s main objectives is not only to contain free and open source software, but also to be on the leading edge of such technologies. Fedora 11, codenamed “Leonidas”, was released on June 9, 2009. The features include ext4, a 20-second startup, and the latest GNOME, KDE and XFCE releases. Firefox 3.5 and Thunderbird 3’s latest pre-releases are available as well.

Linux x86_64: Detecting Hardware Errors

Posted on in Categories CentOS, Debian Linux, fedora linux, Gentoo Linux, Hardware, Howto, kernel, Linux, Linux distribution, Networking, package management, RedHat/Fedora Linux, Shell scripting, Sys admin, Tips, Troubleshooting, Ubuntu Linux last updated June 2, 2009

The Blue Screen of Death (BSoD) is used for the error screen displayed by Microsoft Windows, after encountering a critical system. Linux / UNIX like operating system may get a kernel panic. It is just like BSoD. The BSoD and a kernel panic generated using a Machine Check Exception (MCE). MCE is nothing but feature of AMD / Intel 64 bit systems which is used to detect an unrecoverable hardware problem.

Program such mcelog decodes machine check events (hardware errors) on x86-64 machines running a 64-bit Linux kernel. It should be run regularly as a cron job on any x86-64 Linux system. This is useful for predicting server hardware failure before actual server crash.

FreeBSD 7.2 Review: Improved Virtualization

Posted on in Categories FreeBSD, Hardware, News, package management last updated May 2, 2009

FreeBSD is just plain old good UNIX with rock solid networking stack. It is quite popular amongst hosting companies, ISPs, portals (such as Yahoo) and a few large financial institutions because of its reliability, robustness and performance.

A new version of the FreeBSD is scheduled for release next week (4-May-2009). A beta 2 was made available for download few weeks ago for final round of testing before the official launch.

Lighttpd Install mod_geoip For Country / City Level Geo Targeting

Posted on in Categories CentOS, Debian Linux, FreeBSD, Gentoo Linux, Howto, lighttpd, Linux, Networking, package management, RedHat/Fedora Linux, Suse Linux, Ubuntu Linux, UNIX last updated March 29, 2009

Geolocation software is used to get the geographic location of visitor using IP address. You can determine country, organization and guess visitors location. This is useful for:

a] Fraud detection.

b] Geo marketing and ad serving.

c] Target content.

d] Spam fighting.

e] And much more.

mod_geoip is a Lighttpd module for fast ip/location lookups. In this tutorial you will learn about mod_geoip installation and php server side examples to determine visitors country.

Tips To Protect Linux Servers Physical Console Access

Posted on in Categories Debian Linux, Hardware, Howto, Kde, Linux, Linux desktop, Linux distribution, package management, RedHat/Fedora Linux, Sys admin, Tips, Ubuntu Linux last updated March 12, 2009

This is an user contributed article.

Linux computer console is a physical device to operate a computer / server. Here are few steps which, if taken, make it more difficult for an attacker to quickly modify a system from its console.

How To Tail (View) Multiple Files on UNIX / Linux Console

Posted on in Categories data center, Debian Linux, Download of the day, fedora linux, File system, FreeBSD, Gentoo Linux, GNU/Open source, Howto, Linux, Linux Log Management, Monitoring, package management, RedHat/Fedora Linux, Suse Linux, Sys admin, Tip of the day, UNIX last updated February 9, 2009

The tail command is one of the best tool to view log files in a real time using tail -f /path/to/log.file syntax on a Unix-like systems. The program MultiTail lets you view one or multiple files like the original tail program. The difference is that it creates multiple windows on your console (with ncurses). This is one of those dream come true program for UNIX sys admin job. You can browse through several log files at once and do various operations like search for errors and more.