Security

Linux / FreeBSD: PDFCrack A Command Line Password Recovery Tool For PDF Files

Posted on in Categories FreeBSD, Linux, Linux desktop, Security last updated June 6, 2012

I already written about howto remove a password from all PDF files under Ubuntu or any other Linux distribution in a batch mode. However, many user want a simple command to recover password from pdf files. This is useful if you forgotten your password for pdf file. It is also useful for data-archaeologists, computer forensics professionals, people who want to test their password-strength (pdf files generated by webpass) and many more.

Linux: 25 PHP Security Best Practices For Sys Admins

Posted on in Categories php, RedHat/Fedora Linux, Security, Sys admin, Tuning last updated November 23, 2011

PHP is an open-source server-side scripting language, and it is a widely used. The Apache/Nginx/Lighttpd web server provides access to files and content via the HTTP OR HTTPS protocol. A misconfigured server-side scripting language can create all sorts of problems. So, PHP should be used with caution. Here are twenty-five php security best practices for sysadmins for configuring PHP securely.

Top 20 Nginx WebServer Best Security Practices

Posted on in Categories Howto, Linux, Security last updated March 6, 2010

Nginx is a lightweight, high performance web server/reverse proxy and e-mail (IMAP/POP3) proxy. It runs on UNIX, GNU/Linux, BSD variants, Mac OS X, Solaris, and Microsoft Windows. According to Netcraft, 6% of all domains on the Internet use nginx webserver. Nginx is one of a handful of servers written to address the C10K problem. Unlike traditional servers, Nginx doesn’t rely on threads to handle requests. Instead it uses a much more scalable event-driven (asynchronous) architecture. Nginx powers several high traffic web sites, such as WordPress, Hulu, Github, and SourceForge. This page collects hints how to improve the security of nginx web servers running on Linux or UNIX like operating systems.

20 Linux Server Hardening Security Tips

Posted on in Categories Debian Linux, fedora linux, Gentoo Linux, GNU/Open source, Howto, Linux, Monitoring, Networking, package management, RedHat/Fedora Linux, Security, Suse Linux, Sys admin, Tips, Ubuntu Linux last updated October 30, 2009

Securing your Linux server is important to protect your data, intellectual property, and time, from the hands of crackers (hackers). The system administrator is responsible for security Linux box. In this first part of a Linux server security series, I will provide 20 hardening tips for default installation of Linux system.

Use a Linux LiveCD to Avoid Windows Malware For Netbanking

Posted on in Categories Apache, Debian Linux, Howto, Linux, Linux desktop, RedHat/Fedora Linux, Security, Sys admin, Tips, Ubuntu Linux, UNIX, Windows, windows vista last updated October 15, 2009

Internet has revolutionized the way online users can shop and avail banking services like internet Banking from anywhere, anytime without visiting bank. But, how safe is your money with online net-banking which allows to carry out money transfer? Companies and in some case individuals lost anywhere from $10,000 to $500,000 dollars because of a single malware infection. The cyber crooks are targeting innocent MS-Windows user. If you are concerned about how best to protect yourself from this type of fraud, use Linux LiveCD for online banking and avoid Microsoft Windows at all cost.

Top 5 Email Client For Linux, Mac OS X, and Windows Users

Posted on in Categories Business, Download of the day, GNU/Open source, Linux desktop, Linux laptop, OS X, Reviews, Security, Windows, windows vista last updated August 8, 2009

Linux comes with various GUI based email client to stay in touch with your friends and family, and share information in newsgroups with other users. The following software is similar to Outlook Express or Windows Live Mail and is used by both home and office user.

Webmail interfaces allow users to access their mail with any standard web browser, from any computer, rather than relying on an e-mail client. However, e-mail client remains extremely popular in a large corporate environment, small business, home and power users. An e-mail client (also mail user agent (MUA)) is a frontend computer program used to manage e-mail. Mail can be stored on the client, on the server side, or in both places. Standard formats for mailboxes include Maildir and mbox.

The following are top five amazing piece of cross-platform software from various projects to make your life easy with wide variety of plug-ins / add-ons.

BIND 9 Dynamic Update DoS Security Update

Posted on in Categories BIND Dns, CentOS, Debian Linux, fedora linux, FreeBSD, Howto, Linux, Networking, package management, RedHat/Fedora Linux, Security, Solaris, Suse Linux, Sys admin, UNIX, Windows server last updated July 29, 2009

BIND 9 is an implementation of the Domain Name System (DNS) protocols. named daemon is an Internet Domain Name Server for UNIX like operating systems. Dynamic update messages may be used to update records in a master zone on a nameserver. When named receives a specially crafted dynamic update message an internal assertion check is triggered which causes named to exit. An attacker which can send DNS requests to a nameserver can cause it to exit, thus creating a Denial of Service situation. configuring named to ignore dynamic updates is NOT sufficient to protect it from this vulnerability. This exploit is public. Please upgrade immediately.

Top 20 OpenSSH Server Best Security Practices

Posted on in Categories CentOS, Debian Linux, fedora linux, FreeBSD, Gentoo Linux, Howto, Linux, Networking, package management, RedHat/Fedora Linux, Security, Suse Linux, Sys admin, Tips, Ubuntu Linux, UNIX last updated July 24, 2009
Don't tell anyone that I'm free

OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key cryptography. From time to time there are rumors about OpenSSH zero day exploit. Here are a few things you need to tweak in order to improve OpenSSH server security.

20 Linux System Monitoring Tools Every SysAdmin Should Know

Posted on in Categories CentOS, Debian Linux, Howto, Linux, Monitoring, Networking, RedHat/Fedora Linux, Security, Sys admin last updated June 27, 2009

Need to monitor Linux server performance? Try these built-in commands and a few add-on tools. Most Linux distributions are equipped with tons of monitoring. These tools provide metrics which can be used to get information about system activities. You can use these tools to find the possible causes of a performance problem. The commands discussed below are some of the most basic commands when it comes to system analysis and debugging server issues such as:

  1. Finding out bottlenecks.
  2. Disk (storage) bottlenecks.
  3. CPU and memory bottlenecks.
  4. Network bottlenecks.

Lighttpd Traffic Shaping: Throttle Connections Per Single IP (Rate Limit)

Posted on in Categories Apache, CentOS, fedora linux, FreeBSD, Howto, Iptables, lighttpd, Linux, Networking, PF Firewall, RedHat/Fedora Linux, Security, Ubuntu Linux, UNIX last updated June 21, 2009

If you do not control or throttle end users, your server may run out of resources. Spammers, abuser and badly written bots can eat up all your bandwidth. A webserver must keep an eye on connections and limit connections per second. This is serving 101. The default is no limit. Lighttpd can limit the throughput for each single connection (per IP) or for all connections. You also need to a use firewall to limit connections per second. In this article I will cover firewall and lighttpd web server settings to throttle end users. The firewall settings can be applied to other web servers such as Apache / Nginx and IIS server behind PF / netfilter based firewall.