Linux comes with a host based firewall called Netfilter. The netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack. This Linux based firewall is controlled by the program called iptables to handles filtering for IPv4, and ip6tables handles filtering for IPv6. I strongly recommend that you first read our quick tutorial that explains how to configure a host-based firewall called Netfilter (iptables) under CentOS / RHEL / Fedora / Redhat Enterprise Linux. If you are using Ubuntu/Debian Linux, see how to setup UFW for more info. This post lists most simple iptables solutions required by a new Linux user to secure his or her Linux operating system from intruders.
Server provisioning is nothing but installs the Linux or UNIX like operating systems automatically. One can install actual operating systems, device drivers, data, and make a server ready for network operation without any user input. Typically you select a server from a pool of available servers, load the operating systems (such as RHEL, Fedora, FreeBSD, Debian), and finally customize storage, network (IP, gateway, bounding etc), drivers, applications, users, ssh keys and more. Using the following tools, you can perform automated unattended operating system installation, configuration, set virtual machines and much more. The following software can be used to install a lot (say thousands) of Linux and UNIX systems at the same time.
CentOS is a community-supported, freely-available operating system based on Red Hat Enterprise Linux. Lance Davis created CentOS and now he goes absent without leave. In an open letter from his fellow CentOS developers:
You have long promised a statement of CentOS project funds; to this date this has not appeared. You hold sole control of the centos.org domain with no deputy; this is not proper. You have, it seems, sole ‘Founders’ rights in the IRC channels with no deputy ; this is not proper.
The ss command is used to show socket statistics. It can display stats for PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets, and more. It allows showing information similar to netstat command. It can display more TCP and state information than other tools. It is a new, incredibly useful and faster (as compare to netstat) tool for tracking TCP connections and sockets. SS can provide information about:
- All TCP sockets.
- All UDP sockets.
- All established ssh / ftp / http / https connections.
- All local processes connected to X server.
- Filtering by state (such as connected, synchronized, SYN-RECV, SYN-SENT,TIME-WAIT), addresses and ports.
- All the tcp sockets in state FIN-WAIT-1 and much more.
Dunnington is Intel’s first multi-core CPU – features a single-die six- (or hexa) core design with three unified 3 MB L2 caches (resembling three merged 45 nm dual-core Wolfdale dies), and 96 KB L1 cache (Data) and 16 MB of L3 cache. It features 1066 MHz FSB, fits into the Tigerton’s mPGA604 socket, and is compatible with the Caneland chipset. These processors support DDR2-1066 (533 MHz), and have a maximum TDP below 130 W. They are intended for blades and other stacked computer systems.
Last week one or more of Red Hat’s servers got cracked. Now, it has been revealed that both Fedora and Red Hat servers have been compromised. As a result Fedora is changing their package signing key. The intruder was able to sign a small number of OpenSSH packages relating only to Red Hat Enterprise Linux 4 (i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64 architecture only). This update has been rated as having critical security impact.