Archive for the ‘Security’ Category.
November 19, 2009, 2:56 pm
A hotly debated topic this week has been a decision made with the latest release of Fedora. The 12th release has made it so that local users can install signed packages from the repositories, without root access.
You can read all the nerd-rage here:
Fedora 12 allows any user to install software on a machine without the root password. Drama on the mailing list.
Oddly enough they didn’t see this important enough to include on the release notes. Some will argue this is not much of an issue, well I would ask you to consider this security breach of the Fedora signing servers a little more than a year ago:
https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html
With that taken into consideration, this is a pretty big deal.
Jeff Garzik’s replies seem to be the most eloquent arguments for reverting to the F11 security posture, in case anyone here thinks this change is a good thing:
Now for what this blog usually does, which is gives more solutions than commentary, here is how you fix your Fedora 12’s broken security model:
Simply run:
pklalockdown –lockdown org.freedesktop.packagekit.package-install
This will re-enable the old (better) behavior for installing signed packages with a known key. Once this is done your Fedora 12 will no longer be on par with Windows98, enjoy.
October 16, 2009, 10:15 am
Tor is a free software implementation of second-generation onion routing – a system which claims to enable its users to communicate anonymously on the Internet. Its primary goal is to protect its users against traffic analysis attacks. The Tor Project’s home page has a great simplified write up about how Tor actually works here: http://www.torproject.org/overview.html.en
Originally sponsored by the US Naval Research Laboratory, Tor became an Electronic Frontier Foundation (EFF) project in late 2004, and the EFF supported Tor financially until November 2005. Tor software is now developed by the Tor Project, which since December 2006 is a research/education non-profit organization based in the United States of America that receives a diverse base of financial support.
Getting Tor working both as a client and as a server is no sweat on Arch Linux and below are the steps.
Continue reading ‘Installing Tor Server and Client on Arch Linux’ »
October 15, 2009, 8:00 am
Most of you know that you need to save your iptables changes using service iptables save before rebooting on Redhat, or else you’lllose all your rules. I brought up the setting IPTABLES_SAVE_ON_STOP to “yes” in /etc/sysconfig/iptables-config. There’s some pretty cool settings in there . Read on for details.
Continue reading ‘/etc/sysconfig/iptables-config in RHEL/CentOS’ »
June 23, 2009, 10:21 am
Edit /etc/sysconfig/SuSEfirewall2:
#do not open ssh ports here
FW_SERVICES_EXT_TCP=""
FW_CONFIGURATIONS_EXT=""
#add this rule
FW_SERVICES_ACCEPT_EXT="0.0.0.0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"
#Restart firewall:
rcSuSEfirewall2 restart
Now attacker will just have three attempts to break in.
June 3, 2009, 8:52 am
There are a number of things I like about FreeBSD, more than any Linux distribution I’ve ever used. Some of those are advantages shared by no Linux distribution I’ve used, and some are advantages shared by a few Linux distributions but not others — but no Linux distribution shares all of these advantages (even discounting things no Linux distribution has, like a BSD-licensed kernel).
Continue reading ‘Make vulnerability auditing easy with portaudit on FreeBSD’ »
April 27, 2009, 10:24 am
In this document I will try to explain what it takes to get an encrypted fileserver.
I chose to have a server with one disk where the OS resides and all ‘big disks’ to be mounted into the directory-tree but that’s not something that’s necessary or such. I did not attempt to have the OS itself encrypted, to me it seemed unneedingly complicated and way to much a ‘single-point-of-failure’ solution to what I was looking for. I did however choose for the most secure OS out there (imho), OpenBSD :-)
From this point I assume you have an OpenBSD-box with OpenBSD 3.6 (or newer) and a generic kernel (there’s plenty of excellent literature on www.openbsd.org to help you with that) and have all the services you want installed (ftp/samba/etc.).
Continue reading ‘HOWTO: OpenBSD 3.6 encrypted disk’ »
April 7, 2009, 8:28 am
PAM (Pluggable Authentication Modules) is one of those dark corners of Linux where most users don’t venture – in fact, I’d be willing to bet that the majority of Linux users don’t even know what it is. And yet, PAM is at the heart of every single thing in Linux to do with authentication.
Take our guided tour of PAM, join our science lab and perform our experiments (no bunsen burner necessary!) and see how PAM gives you fine-grain control over your security policy.
Continue reading ‘How PAM works’ »
December 5, 2008, 3:26 pm
One of the most important advantages that Linux has over Windows is the file security, but many users do not try to keep safe his private data. In this little guide I am going to talk about three ways to do that, in two of them we encrypt the files.
Continue reading ‘3 ways to keep safe your files’ »
December 4, 2008, 9:36 am
Want an easy way to shred (delete and rewrite over the data with junk) files via right clicking in nautilus, see below.
Continue reading ‘Shred files from right-click in Nautilus’ »
December 2, 2008, 11:36 am
Below is simple example on how to scan any file right in Nautilus via the right click menu. Enjoy.
Continue reading ‘Add right-click virus scanning capability to Nautilus’ »
