Hello,
Today I gave a lecture for FOSsiL ( Free/Open Source software in Libya) group, the presentation about ” Is Linux by Default, Secure your webserver ( Apache ). we just get in hot topics ACL, MAC, Kerenl Patch , Linux Basic permisson , suPHP, mod_security and more about Apache security assumption. the presentation available for download here .
From ubuntugeek
If you have multiple servers with similar or identical configurations (such as nodes in a cluster), it’s often difficult to make sure the contents and configuration of those servers are identical. It’s even more difficult when you need to make configuration modifications from the command line, knowing you’ll have to execute the exact same command on a large number of systems .
In this tutorial we will see some tools to execute one command on multiple remote servers using ssh.First you need to make sure you have ssh installed in your machine or you can install using the following command
sudo aptitude install ssh
If you have multiple servers with similar or identical
configurations (such as nodes in a cluster), it’s often difficult to
make sure the contents and configuration of those servers are
identical. It’s even more difficult when you need to make configuration
modifications from the command line, knowing you’ll have to execute the
exact same command on a large number of systems .In this tutorial we will see some tools
to execute one command on multiple remote servers using ssh.First you
need to make sure you have ssh installed in your machine or you can
install using the following commandsudo aptitude install ssh
Now we are going to see the following tools which does the required job we are looking for
1) Pssh
2) cluster ssh
3) Multixterm
1) Pssh
pssh provides a number of commands for executing against a group of
computers, using SSH. It’s most useful for operating on clusters of
homogenously-configured hosts.The package contains:
- Parallel ssh (parallel-ssh, upstream calls it pssh), executes commands on multiple hosts in parallel
- Parallel scp (parallel-scp, upstream calls it pscp), copies files to multiple remote hosts in parallel
- Parallel rsync (parallel-rsync, upstream calls it prsync), efficiently copies files to multiple hosts in parallel
- Parallel nuke (parallel-nuke, upstream calls it pnuke), kills processes on multiple remote hosts in parallel
- Parallel slurp (parallel-slurp, upstream calls it pslurp), copies
files from multiple remote hosts to a central host in parallelThese tools are good for controlling large collections of nodes, where faster alternatives
Its goal is to provide a comprehensive compilation of tools which, when working together, grant a network/security administrator with detailed view over each and every aspect of his networks/hosts/physical access devices/server/etc…
Besides getting the best out of well known open source tools, some of which are quickly described below these lines, ossim provides a strong correlation engine, detailed low, mid and high level visualization interfaces as well as reporting and incident managing tools, working on a set of defined assets such as hosts, networks, groups and services.
There are times when you want to connect to the Internet through unknown and/or insecure networks such as WiFi hotspot. If you aren’t careful, you might make it all too easy for someone to sniff your connection using Ettercap.
One of the best ways to secure your connection is to use a VPN, but that isn’t always practical. So here’s a way to securely connect to the net using only an SSH client and a remote box that you control/trust.
Requirements:
Just follow these steps…
1. Create a new PuTTY session
Run PuTTY and create a new session in PuTTY to connect to the remote host that is running OpenSSH. Fill in the hostname, the port (usually 22), make sure SSH is checked, give it a session name and hit Save:
2. Configure a secure tunnel
Click on “Tunnels” on the left and set up dynamic fowarding for a local port (e.g. 7070). Under “Add new forwarded port” type in 7070 for the source port, leave the destination blank, and check Auto and Dynamic. Then it the Add button. If you did it correctly, you’ll see D7070 listed in the Forwarded Ports box:
That’s it for tunnels, as there is no need to create more than one. Remember to save your session profile in PuTTY so you don’t have to set up the tunnel next time.
3. Connect to the remote SSH box
Double click on the connection profile and type in your username and password when prompted.
4. Configure Firefox
Go to Tools, Options, General, and then click on Connection Settings…
Check Manual Proxy Configuration, leave most of the fields blank, but fill in 127.0.0.1 for the SOCKS v5 host with a port of 7070 (or whatever you used in Step 2):
5. Configure Gaim
Fire up Gaim and hit the Preferences button:
Then select Network on the left and set up the Proxy Server. The Proxy Type should be SOCKS 5. The host is 127.0.0.1 and the port is 7070 (or whatever you chose in Step 2).
There’s no need for a user or password. Then hit close.
6. Enjoy
That’s it. From now on, as long as you first log into the remote ssh host with PuTTY, your Firefox and IM traffic will be routed over a secure tunnel to the remote host and then out to the Net. Good stuff.
* Yes, PuTTY is available for Linux. It’s even in Portage!
Update (Email): Actually, the setup for Thunderbird to securely proxy your email traffic is pretty much the same as it is for Firefox.
And then type in 127.0.0.1 and your port number:
That’s it.
Malware (for “malicious software”) is any program or file that is harmful to a computer user. Thus, malware includes computer viruses, worms, Trojan horses, and also spyware, programming that gathers information about a computer user without permission.
Ignoring the threat of malware is one of the most reckless things you can do in today’s increasingly hostile computing environment. Malware is malicious code planted on your computer, and it can give the attacker a truly alarming degree of control over your system, network, and data - without your knowledge
Now, you can get complete protection from such malware by using/configuring the Malware Block List with squid so that you, your network and your users are protected.
Visit : http://www.malware.com.br for more information of the Malware Block List
To use the Malware Block List on a Squid proxy to block user access to URLs that contain Malware you need to perform the following simple steps:
* Download the block list:
wget -O - http://malware.hiperlinks.com.br/cgi/submit?action=list_squid > malware_block_list.txt
* Create an ACL in the main configuration file (squid.conf) pointing to a file which will have the list URLs:
acl malware_block_list url_regex -i "/etc/squid/malware_block_list.txt"
* Enable the ACL created previously:
http_access deny malware_block_list
deny_info http://malware.hiperlinks.com.br/denied.shtml malware_block_list
* Force Squid reconfiguration:
squid -k reconfigure
To have an up-to-date block list, create a cron job to run every 4 hours, pointing to a script like this:
#!/bin/sh
wget -O - http://malware.hiperlinks.com.br/cgi/submit?action=list_squid > /etc/squid /malware_block_list.txt
squid -k reconfigure
* Testing time: After reloading the squid, try to visit the following site (”www.uploadhut.com”), you should see something like ..
Don’t panic if you deleted /etc/fstab by mistake you can recover it from /proc by the following this way :
cat /proc/mounts > /etc/fstab
chmod 644 /etc/fstab
The “proc” filesystem, which is /proc/mounts, is used to handle sytem configuration parameters, it is a virtual filesystem.
From the “time to update” files:
Mozilla has issued four security advisories as part of its Firefox 3.0.2 and 2.0.0.17 updates, two of which are labelled as critical.
MFSA 2008-41 details a privilege escalation issue by way of the XPCnativeWrapper. The flaw could potentially have allowed a maliciously crafted XSLT to create/run scripts that don’t get validated.
MFSA 2008-42 is an advisory that is seemingly common with Mozilla, it’s a “Crashes with evidence of memory corruption” issue. The interesting part this time around (for me at least) is that some of these crashes were reported by Apple to Mozilla. The Mozilla advisory notes that, “Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code.” Good to hear the Apple is sharing security information with Mozilla (and vice versa).
On the less critical but still interesting security side is a flaw titled “forced mouse drag.” MFSA 2008-40 explained that:
Mozilla developer Paul Nickerson reported a variant of a click-hijacking vulnerability discovered in Internet Explorer by Liu Die Yu. The vulnerability allowed an attacker to move the content window while the mouse was being clicked, causing an item to be dragged rather than clicked-on. This issue could potentially be used to force a user to download a file or perform other drag-and-drop actions.
Ever needed to umount a device or file system or needed to umount your portable USB drive
but you can’t as you keep getting a “Device is busy” error.You cannot umount a file system that has open files, file handles, or if the file system is currently in use. not knowing what is using the device or what is keeping it busy can be extremely frustrating.
fuser to the rescue.
fuser will tell you what processes are using a file system and keeping it busy, fuser will also allow you to kill the processes that are preventing you from umounting the filesystem or device.
Lets say it is your usb memory stick on /dev/sda1 that you cannot umount.
Type
fuser -v /dev/sda1will show you what and who is locking your device.
Then type
fuser-km /dev/sda1
to kill all the processes that are locking up and keeping your device busy.
then you will be able to umount your device without any errors.fuser will also tell you what process or user is accesing a specific file.
Typefuser -v /filenameeg
fuser -v /home/gbloody/filename.txt
and if you wanted to kill the process that is locking up the file, simply type
fuser -km /home/gbloody/filename.txt
For those of you who don’t know, Vyatta is an open source network appliance that functions as a router, firewall, and VPN device, all running on a customized version of Debian Linux. I have been following the progress of Vyatta for over a year now, and things are looking very promising. The latest release is called VC4 (Vyatta Community edition) and it includes a bunch of useful new features:
As you can see, a lot of exciting changes have been made in the short six months since the previous release. The routing improvements are related to the change from XORP to Quagga. The added QoS capabilities will make Vyatta a good fit for VoIP deployments. The only negative to this release is that Vyatta had to temporarily remove the GUI web-interface until they can integrate it, which is scheduled for July, 2008. Overall, Vyatta is becoming a a compelling option for replacing some of your over-priced network equipment. Read the rest of this entry »
Devil-Linux is a CD-based Linux distribution for firewalls and routers. The goal of Devil-Linux is to have a small, customizable and secure Linux. The future of Devil-Linux will go far beyond an ordinary router, it will provide a lot of other services, but the distribution will still be easy and fast to maintain.
Features:
* Boots from CD
Traditionally Devil Linux boots from a CD-ROM which is read-only by nature. This means an intruder will not be able to install i.e. an “ordinary” root kit.
* Boots from USB pendrive
As all movable parts in your computer, the CD-ROM is prone to failure. This is the reason why we provide a script to install the entire system on an USB pendrive. Note: You need a computer which is able to boot from USB harddisks, in order to use this feature.
* Configuration is saved on a floppy disc or on a USB Flash Media
Due to the read-only nature of CD-ROMs, you need a place to save your configuration files. This can either traditionally be on a floppy disc or on a USB flash media (like a pendrive), to increase the reliability.
* Configuration can be burned on CD
There are cases when you have to ensure that the configuration can’t be modified. This is the reason why we provide the feature for loading the configuration archive from the (read-only) CD-ROM.
Loading ...
WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.
|