TAG: security

Basic Apache Security Recipes There are some (very basic) tunables that should be modified to improve the overall security of your default apache installation. I only specify parameters I recommend to change. Server Config Don't expose too much information and fix some issues: ,
logcheck aptitude install logcheck logcheck-database [...] # Controls the level of filtering: # Can be Set to "workstation", "server" or "paranoid" for different # levels of filtering. Defaults to server if not set. REPORTLEVEL="paranoid" # Controls the address mail goes to: # *NOTE* the script does not set a default value for this variable! # Should be set to an offsite "emailaddress@some.domain.tld" SENDMAILTO="you@example.com" [...]
nmap How to use nmap for some basic scans. Some useful nmap switches: * -T change the speed of your scans. Range is from 0 (slowest) to 5 (fastest, less accurate, easier to detect) * -0 fingerprint/guess the operating system Syn Scan This is the default scan for nmap. It is faster than the TCP connect scan because it only completes the first two steps of the tree-way-handshake. ,
OpenSSL How do you verify a certificate of a given mail server? Check the IMAPS service: echo | openssl s_client -connect mail.example.com:imaps 2>&1 | \ sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | \ openssl x509 -text Check SMTP/TLS
SSH Useful information regarding SSH and public keys can be found here: <http://sial.org/howto/openssh/publickey-auth/> generate a public key ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa # or ssh-keygen -t rsa -C "username `date +%Y-%m`" -b 4096 -f ~/.ssh/id_rsa copy puplic key to destination , ,
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready