Server Security - Page 14

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Securing Your Linux Server: Understanding and Mitigating Modern Threats

In this digital age, Linux servers face unprecedented challenges posed by cyber threats. These, in turn, introduce new vulnerabilities that system administrators must address. Traditionally considered a more secure environment compared to other opera...
Oct 25, 2024
  0

Essential Server Security Security Strategies for Administrators

In the current threat landscape, Linux servers have eme...
Oct 03, 2024
  0
13.Lock StylizedMotherboard Esm H115

Ensuring Linux Server Security: A Comprehensive Guide

Linux servers form a vital backbone of today's Internet...
Oct 02, 2024
  0
22.Lock ScreenEffect Esm H115

Discover Server Security News

Apache and Setting Up SSL

Apache and Setting Up SSL

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The self-signed certificate is a certificate that you can create yourself that will provide SSL encryption but without the verification of your website from an outside source. The outside verification does cost money. In other words, you can get the protection you need, encryption by doing it yourself. One thing to note, if you are taking people's credit card information then you will need to get a signed certificate as a warning appears when you are using self-signed certificates. Have you every wanted to make your website more secure by using SSL? This article will show you everything you need to setup your own SSL Apache server.

Protecting Your MySQL Database From SQL Injection Attacks With GreenSQL

Protecting Your MySQL Database From SQL Injection Attacks With GreenSQL

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

SQL injection attacks can allow hackers to execute arbitrary SQL commands on your database through your Web site. To avoid these attacks, every piece of data supplied by a user on a Web form, through HTTP Post or CGI parameters, or other means, must be validated to not contain information that is not expected. GreenSQL is a firewall for SQL -- it sits between your Web site and MySQL database and decides which SQL statements should and should not be executed. At least that's the idea -- in execution, I found some open doors. Do you want to know how you can protect your website's MySQL server from SQL injection attacks? Then read the following article which reviews GreenSQL, a proxy which guards against these types of attacks.

Hiding Software Versions - A Step Forward to a Secure Server

Hiding Software Versions - A Step Forward to a Secure Server

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Most of you may not notice, or may not care, about the software versions that get revealed by the running services on your server. By default almost all services reveal some information to the clients that use them. Among this information is the version of the software that is being run. It has always been best practice, not to reveal more than it is needed. Why reveal the version of the service when nobody needs to know it? By letting these details be seen, you don't get anything else, but an extra chance for crackers to break into your server. Have you though about hiding your version of services to attackers? This article looks at four services VSFTPD, PHP, Apache, and Postfix and simples ways of hiding there version numbers.

Testing Web Application Security Using Googles Ratproxy

Testing Web Application Security Using Google's Ratproxy

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

To help developers audit Web application security, Google has released an open source tool called ratproxy. It is a non-disruptive tool designed for Web 2.0 and AJAX applications that produces an easy-to-read report of potential exploits. Ratproxy is a local program designed to sit between your Web browser and the application you want to test. It logs outgoing requests and responses from the application, and can generate its own modified transactions to determine how an application responds to common attacks. The list of low-level tests it runs is extensive, and includes: Have you testing out ratproxy yet? If not this article will show you how to install and use it for your self.

A Linux Server in the Palm of Your Hand

A Linux Server in the Palm of Your Hand

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Plat'Home's latest product, OpenBloks is a pint-sized Linux server that weighs in at a measly 225 grams. It's not much bigger than a deck of cards, but it can run many of the same server applications full-sized machines run. It's ideal for many surveillance and automation processes that rely heavily on reliability. Check out this article for an interesting look into alternatives for huge rack-mount, power-eating servers. What do you feel are the postivies and negatives for this implementation of Linux servers?

How To Set Up SSH With Public-Key Authentication On Debian Etch

How To Set Up SSH With Public-Key Authentication On Debian Etch

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This mini-howto explains how to set up an SSH server on Debian Etch with public-key authorization (and optionally with disabled password logins). SSH is a great tool to control Linux-based computers remotely. It's safe and secure. There's no warranty that it'll work for you. All of these settings are applicable for Debian and -like systems! There may be slightly changes on other systems as well. Know your role and your SSH! There's nothing like a concise HowTo on getting things done, and in this case you can get your SSH woes out of the way with this article. Check one of our feature stories by Ryan W. Maple for an even more in depth view SSH best practices!

Does Active Directory Top Linux Authentication Options?

Does Active Directory Top Linux Authentication Options?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

While Microsoft's Active Directory (AD) is an effective play to circumvent the inherent central authentication foibles of Linux, getting the technology synced with servers has been a complex undertaking for IT practitioners, to say the least. Integrating with Windows eventually has to happen since there is no denying the majority. However, there are obvious open source secure solutions to authentication with Windows - LDAP and Kerberos along with a touch of Samba can go a long way in providing that type of solution. Read on for a devil's advocate's view of Linux authentication in a Windows environment - do you think these solutions match up to what Microsoft can put out?

Running the PuTTY SSH Client on a Nokia E61

Running the PuTTY SSH Client on a Nokia E61

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

PuTTY allows you to use your Symbian-powered mobile device to connect securely to a remote computer no matter where you are located. With this tool you can perform various tasks and I bet many of you would like to be able to control their server from the road, we all know problems occur at the least opportune time.

Entering A Safe Mirror When Logging In With Unionfs And Chroot

Entering A Safe Mirror When Logging In With Unionfs And Chroot

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Guests can never be trusted. Whether they're just anonymous users poking around your server or house guests that never seem to flush the toilet, you can never really entrust the integrity of your system to someone you don't know. Well, how about putting them in a sandbox environment? Not good enough? What about sandbox-within-a-sandbox? Read on to learn about combining the powers of chroot with Unionfs which enables you to put untrusted users into a safe, secure environment where damage is highly mitigated.

Nagios with BMC Patrol, Setting Up SSH and More

Nagios with BMC Patrol, Setting Up SSH and More

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

When ten plus people are yelling at you at the same time, who do you listen to? It wouldn't matter if everyone was yelling out the scores from yesterday's ball game, however, what if they were yelling about which box / server / service is down? Organize and get your battle plan set by having Nagios sort it all out for you. In fact, make sure everything is working properly with a secured SSH server first and you'll have an easier time bouncing around your network to mitigate any damages.

How To Block Spam Before It Enters The Server (Postfix)

How To Block Spam Before It Enters The Server (Postfix)

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The last few weeks have seen a dramatic increase in spam (once again). Estimates say that spam makes now up for 80 - 90% of all emails, and many mail servers have difficulties in managing the additional load caused by the latest spam, and spam filters such as SpamAssassin do not recognize large parts of that spam as they did before. Fortunately, we can block a big amount of that spam at the MTA level, for example by using blacklists, running tests on the sender and recipient domains, etc.

Google: Attack code more likely on Microsoft IIS

Google: Attack code more likely on Microsoft IIS

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Web sites running Microsoft Corp.'s Web server software are twice as likely to be hosting malicious code as other Web sites, according to research from Google Inc. Last month, Google's Anti-Malware team looked at 70,000 domains that were either distributing malware or hosting attack code. "Compared to our sample of servers across the Internet, Microsoft IIS features twice as often as a malware-distributing server," wrote Google's Nagendra Modadugu, in a Tuesday blog posting.

Backing up MySQL data

Backing up MySQL data

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Backing up files and directories is relatively easy; databases, however, have some special quirks that you need to address. Our examples use MySQL, but the same principles apply to PostgreSQL and other relational databases. This article is excerpted from O'Reilly's recently published book Linux System Administration .

Rootsh terminal logger keeps watch on root users

Rootsh terminal logger keeps watch on root users

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Rootsh is a shell that logs everything a root user sees on his terminal. This is useful if you have more than one system administrator for a server and you want a record of exactly what any given user does. Despite the fact that the latest rootsh release was in March 2005, it still does its job great.

Rootkits: The next big enterprise threat?

Rootkits: The next big enterprise threat?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Late at night, a system administrator performed a routine check of a crashed server, one of 48 systems comprising a major online infrastructure that generated about $4 million per month in revenue. He was a bit surprised that the system had gone down, as it had been humming for months without any indication of being prone to crashing. The check uncovered three encrypted files. The administrator called on MANDIANT to analyze them.

Wheres the Virtual Security?

Where's the Virtual Security?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Deployment of products that transform physical servers into "virtual machines" has resulted in nothing short of a data centre revolution. But virtualization of everything from operating systems to applications increasingly has critics asking: Where's the security? "Traffic is going from virtual machine to virtual machine," points out Neil MacDonald, vice president of research firm Gartner. "Where's the monitoring, the intrusion-detection and protection?"

Put your OpenSSH server in SSHjail

Put your OpenSSH server in SSHjail

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Jailing is a mechanism to virtually change a system's root directory. By employing this method, administrators can isolate services so that they cannot access the real filesystem structure. You should run unsecured and sensitive network services in a chroot jail, because if a hacker can break into a vulnerable service he could exploit your whole system. If a service is jailed, the intruder will be able to see only what you want him to see -- that is, nothing useful. Some of the most frequent targets of attack, which therefore should be jailed, are BIND, Apache, FTP, and SSH. SSHjail is a patch for the OpenSSH daemon. It modifies two OpenSSH files (session.c and version.h) and allows you to jail your SSH service without any need for SSH reconfiguration.

SMTP Authentication Update

SMTP Authentication Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It's about 2 and a half years since the standards bodies threw up their hands and left SMTP authentication to the industry. Implementation progress has been slow but positive. And there have been some surprises.

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved