1- Speed
2. Stability
3. Security
4. Efficiency
5.Support
get a FC today
http://download.fedoraproject.org/pub/fedora/linux/releases/11/Live/i686/Fedora-11-i686-Live.iso
Monday, September 21, 2009
Saturday, September 19, 2009
10 quick tips to secure a linux server(part 1)
In this first part, I will list just 5 steps. The second part will list the next 5 steps.
I usually like to outline the levels of quick security as
- Physical
- Network
- Remote access
- File
- Application access
The reason for this priority is this, the first access is usually physical if an attack is local, if physical attack fails, the next is usually a network attack, then remote attack, the access to files with loose permissions and security then applications. Application attacks usually comes with Network level attacks. You can however create your own order depending on what service you are offering. Lets get to the quick steps.
1) remove unwanted users-gopher,games,operator,uucp: You do not want exploitation of these accounts. They are not so useful when running a server, therefore delete them and confirm they have been safely deleted.
2)rename halt,poweroff,reboot in /etc/security/console.apps/ directory: You do not want some guy to pop into your server room and power off your server. Restrict what users can do when they login remotely unless there is power failure. Im assuming every server has a UPS. Connect the UPS to the server to monitor UPS activities. Restrict access to the UPS configs and logs.
3)/etc/inittab comment out ctrl+Alt+del and set runlevel to 3: This is pretty straight forward. You dont want anyone restarting your server. So you say you are a pro linux user, what do you need X,Gnome,KDE for if you will login over ssh?? Run the server in runlevel 3. This gives you several advantages including system performance. This way you save memory for other services that require them.
4) set login times /etc/login.defs:Whiles you are off during the weekend you do not want a compromised user account to get into the system and escalate privileges and end up setting up backdoors. I have a script that checks possible backdoors as well as possible logins at odd hours. This way Im informed over SMS and email if any stranger logs into my servers or tries to brute my servers.
5) Enable SELinux: I have heard lots of people complaining about SELinux denials,so they disable it after setting up a Fedora server. SELinux is the next step to defence after iptables,never disable it. Learn its internals and it will guard your path. In another article I will do a mini how to for SELinux. I think this will help most people appreciate the strength and essence of SELinux in a server setup. It is pretty straight forward when using SELinux. SELinux policies can be used to protect backup files so that unprivileged users do not have access.Its a preference over AppArmor for me. Start at Enforcing the SELinux rules. Its an addon to making you a pro administrator.
Get started now. In the second part of this article, I will wrap up with the last 5 quick steps. i will also post my script here to share with you. Im sure this will help most people as a quick measure to monitoring/securing their servers. I will later on write on what quick steps will help you detect if your server has been hacked and what damage control measures to put in place immediately. For those of you running web services I will put up a checklist too.
Till then.. happy tuxing...
feel the power of Fedora.... Infinity, Freedom and Friends...
I usually like to outline the levels of quick security as
- Physical
- Network
- Remote access
- File
- Application access
The reason for this priority is this, the first access is usually physical if an attack is local, if physical attack fails, the next is usually a network attack, then remote attack, the access to files with loose permissions and security then applications. Application attacks usually comes with Network level attacks. You can however create your own order depending on what service you are offering. Lets get to the quick steps.
1) remove unwanted users-gopher,games,operator,uucp: You do not want exploitation of these accounts. They are not so useful when running a server, therefore delete them and confirm they have been safely deleted.
2)rename halt,poweroff,reboot in /etc/security/console.apps/ directory: You do not want some guy to pop into your server room and power off your server. Restrict what users can do when they login remotely unless there is power failure. Im assuming every server has a UPS. Connect the UPS to the server to monitor UPS activities. Restrict access to the UPS configs and logs.
3)/etc/inittab comment out ctrl+Alt+del and set runlevel to 3: This is pretty straight forward. You dont want anyone restarting your server. So you say you are a pro linux user, what do you need X,Gnome,KDE for if you will login over ssh?? Run the server in runlevel 3. This gives you several advantages including system performance. This way you save memory for other services that require them.
4) set login times /etc/login.defs:Whiles you are off during the weekend you do not want a compromised user account to get into the system and escalate privileges and end up setting up backdoors. I have a script that checks possible backdoors as well as possible logins at odd hours. This way Im informed over SMS and email if any stranger logs into my servers or tries to brute my servers.
5) Enable SELinux: I have heard lots of people complaining about SELinux denials,so they disable it after setting up a Fedora server. SELinux is the next step to defence after iptables,never disable it. Learn its internals and it will guard your path. In another article I will do a mini how to for SELinux. I think this will help most people appreciate the strength and essence of SELinux in a server setup. It is pretty straight forward when using SELinux. SELinux policies can be used to protect backup files so that unprivileged users do not have access.Its a preference over AppArmor for me. Start at Enforcing the SELinux rules. Its an addon to making you a pro administrator.
Get started now. In the second part of this article, I will wrap up with the last 5 quick steps. i will also post my script here to share with you. Im sure this will help most people as a quick measure to monitoring/securing their servers. I will later on write on what quick steps will help you detect if your server has been hacked and what damage control measures to put in place immediately. For those of you running web services I will put up a checklist too.
Till then.. happy tuxing...
feel the power of Fedora.... Infinity, Freedom and Friends...
Wednesday, July 29, 2009
5 Reasons why you should use Fedora Linux
"I just got a blue screen...."
"my laptop just keeps restarting and i don't know why..."
"I want to do an RHCE can my Ubuntu help me???...."
"I'm getting too many mails I did not subscribe for...."
These are FAQ's I see on several IT forums. I am going to tell you 5 reasons why you should use Fedora Linux.
1) Security
System Security - Need I say much about this. 1 major default line of defence over Ubuntu;SELinux. Fedora comes preconfigured with SELinux and a RH-Firewall settings.
Mail security - Spamassasin is free. Get it. You can create your own MDA.
No more blue screens. Kiss the blue screen away and welcome Fedora Core 11. Virus free.
Guess what! Download Open Office for free. It has all the MS Office stuff you need and more..
2) Standardization - RedHat distros are used by enterprises usually due to support and strict standard implementation. A good way to learn Linux is to use a RedHat based distro. Fedora Linux is the choice for most web servers across the world. RHCE is one of the hottest certifications in the United States and several part of Europe. If you learn from Fedora or Red Hat you can easily administer any Linux distro. If you learn from Ubuntu, you have several things to learn to cover up. Several CDC devices run on RH based strips.
3) Speed - So you have full power to recompile and tune the kernel to improve performance.
Linux doesn't wait for one year to fix vulnerabilities like Microsoft. Read It...
4) Userability - You can choose KDE, Fluxbox or Gnome. All provide lots of frontend apps to cli functions.
5) Application support - Of course there are thousands of forums for Linux and Open source products. If you use a RedHat then you can get support too.
What are you waiting for download Fedora Core 11 and feel the power Infinity, Freedom and Friends...
"my laptop just keeps restarting and i don't know why..."
"I want to do an RHCE can my Ubuntu help me???...."
"I'm getting too many mails I did not subscribe for...."
These are FAQ's I see on several IT forums. I am going to tell you 5 reasons why you should use Fedora Linux.
1) Security
System Security - Need I say much about this. 1 major default line of defence over Ubuntu;SELinux. Fedora comes preconfigured with SELinux and a RH-Firewall settings.
Mail security - Spamassasin is free. Get it. You can create your own MDA.
No more blue screens. Kiss the blue screen away and welcome Fedora Core 11. Virus free.
Guess what! Download Open Office for free. It has all the MS Office stuff you need and more..
2) Standardization - RedHat distros are used by enterprises usually due to support and strict standard implementation. A good way to learn Linux is to use a RedHat based distro. Fedora Linux is the choice for most web servers across the world. RHCE is one of the hottest certifications in the United States and several part of Europe. If you learn from Fedora or Red Hat you can easily administer any Linux distro. If you learn from Ubuntu, you have several things to learn to cover up. Several CDC devices run on RH based strips.
3) Speed - So you have full power to recompile and tune the kernel to improve performance.
Linux doesn't wait for one year to fix vulnerabilities like Microsoft. Read It...
4) Userability - You can choose KDE, Fluxbox or Gnome. All provide lots of frontend apps to cli functions.
5) Application support - Of course there are thousands of forums for Linux and Open source products. If you use a RedHat then you can get support too.
What are you waiting for download Fedora Core 11 and feel the power Infinity, Freedom and Friends...
Saturday, June 20, 2009
Croc Project
The Croc,pronounced (crock) as in cock, is a short form for Crocodile. The inspiration is taken from the death roll and powerful jaws of the reptile.
This project is to simplify the usage of varying security tools for security experts by putting all that in one toolbox.
Security Expert John Gichuki and Lead Programmer Kwabena Sanni-Thomas will be working with security team members from around the world to make this project a success.
The basic knowledge required are TCP/IP, Network Programming in C, Linux and Bash scripting.
Further details of the project will be posted. You can follow the postings on the site http://crocproject.blogspot.com for more information on the project.
This project is to simplify the usage of varying security tools for security experts by putting all that in one toolbox.
Security Expert John Gichuki and Lead Programmer Kwabena Sanni-Thomas will be working with security team members from around the world to make this project a success.
The basic knowledge required are TCP/IP, Network Programming in C, Linux and Bash scripting.
Further details of the project will be posted. You can follow the postings on the site http://crocproject.blogspot.com for more information on the project.
Thursday, June 4, 2009
Securing your Linux laptop: Part 1
Security has never been finite. We own the tux and nix boxes but there is more than the default security any distro provides. I list a few things which should be of concern to you:
1. Disable all services you do not need running in the background.eg.chkconfig smbd off
2. Ensure that your first line of defense is clearly secured;iptables.
3. Ensure that proper permissions are set on sensitive files like /etc/passwd.
4. tcpdump is an effective tool for examining packets arriving on your computer.
5. Setup IDS like snort and tripwire.
6. Monitor your logs for errors. "Logs don't lie". That is the power of the nix and nux over Windozze.
1. Disable all services you do not need running in the background.eg.chkconfig smbd off
2. Ensure that your first line of defense is clearly secured;iptables.
3. Ensure that proper permissions are set on sensitive files like /etc/passwd.
4. tcpdump is an effective tool for examining packets arriving on your computer.
5. Setup IDS like snort and tripwire.
6. Monitor your logs for errors. "Logs don't lie". That is the power of the nix and nux over Windozze.
Wednesday, May 20, 2009
Install PC-BSD without messing up my Grub loader
I want to try out PC-BSD on my lappie. problem is a friend of my told me that its
disastrous since PC-BSD 7.1 installs its own grub without loading pre existing operating systems.
has any one ever installed both Linux and PC-BSD on the same machine?
disastrous since PC-BSD 7.1 installs its own grub without loading pre existing operating systems.
has any one ever installed both Linux and PC-BSD on the same machine?
Monday, May 18, 2009
How do I get music tracks to show in Pidgin chat status?
Lots of Linux newbies are having fun with Pidgin chat.
Install this plugin and get all your chat buddies to know what music you are listening to.
http://code.google.com/p/pidgin-musictracker/
Install this plugin and get all your chat buddies to know what music you are listening to.
http://code.google.com/p/pidgin-musictracker/
Subscribe to:
Posts (Atom)