linuxsecurityresource.blogspot.com
Linux Security Resource: keep user accessible data on separate disk partitions
http://linuxsecurityresource.blogspot.com/2010/10/keep-user-accessible-data-on-separate.html
Wednesday, October 20, 2010. Keep user accessible data on separate disk partitions. Separation of the operating system files from user files may result in a more secure system. ideally the following filesystems should be mounted on separate partitions:. I also suggest separate partitions for Apache and FTP server roots. Edit /etc/fstab file and make sure you add the following configuration options:. Do not set execution of any binaries on this partition (prevents execution of binaries but allows scripts).
linuxsecurityresource.blogspot.com
Linux Security Resource: Lock accounts after failed login attempts
http://linuxsecurityresource.blogspot.com/2010/10/check-for-accounts-that-dont-have.html
Tuesday, October 12, 2010. Lock accounts after failed login attempts. You can use the faillog command to set login failure limits and to display a list of failed login attempts. To unlock an account you can use:. Faillog –r –u accountname. You can also use the passwd file to lock or unlock accounts manually. Passwd –l accountname. Passwd –u accountname. Subscribe to: Post Comments (Atom). Review your Log Data. Keep user accessible data on separate disk partiti. Establish password aging policies. I've bee...
linuxsecurityresource.blogspot.com
Linux Security Resource: Disk Performance Trending in Linux:
http://linuxsecurityresource.blogspot.com/2011/03/disk-performance-trending-in-linux.html
Wednesday, March 30, 2011. Disk Performance Trending in Linux:. The Disk i/o system is often the slowest subsystem on the computer and one of the biggest bottlenecks in system performance. Disk i/o is critical for certain applications,. This document is a summary of the key factors that affect overall disk performance on the system and references for some tools that can be used to measure these factors on Linux Servers. Timing buffered disk reads: 154 MB in 3.01 seconds = 51.14 MB/sec. Here is the same d...
linuxsecurityresource.blogspot.com
Linux Security Resource: System Monitoring Commands
http://linuxsecurityresource.blogspot.com/2010/10/system-monitoring-commands.html
Monday, October 25, 2010. I’ve been doing a large system monitoring project the past month and have setup a centralized monitoring solution that tracks over 800 servers using Nagios. As part of that we established multiple trending reports and taught the network operations center support staff how to run various tools in LInux for server monitoring (Most of the NOC staff at this company is MS Centric with limited exposure to linux.). The commands we covered are:. 8211; displays running processes. 8211; c...
linuxsecurityresource.blogspot.com
Linux Security Resource: March 2010
http://linuxsecurityresource.blogspot.com/2010_03_01_archive.html
Friday, March 12, 2010. Fedora 13 Alpha Release. Below is the press release from RedHat. F13 Alpha release announcement. Jump to: navigation, search. The Fedora 13 "Goddard" Alpha release is available! What's next for the free operating system that shows off the best new technology of tomorrow? You can see the future now at:. What is the Alpha release? Among the top features for end users, we have:. Redesigned user management interface. The user account tool has been completely redesigned, and the ac...
linuxsecurityresource.blogspot.com
Linux Security Resource: December 2009
http://linuxsecurityresource.blogspot.com/2009_12_01_archive.html
Thursday, December 3, 2009. 1 Only run the services that you need to run for the services provided by the machine. For instance if the server is a database server you most likely don't need the same box to run apache, ftp and sendmail. every extra service running on a box steals performance from the systems primary function and possibly opens up new security vulnerabilities. 2 you can use lsof or a similar tool to determine what ports are listening on the computer. Ns003: # lsof -i. 4 Don't allow root lo...
linuxsecurityresource.blogspot.com
Linux Security Resource: January 2010
http://linuxsecurityresource.blogspot.com/2010_01_01_archive.html
Thursday, January 21, 2010. Multi-Party Authorization basically requires that at least 2 authorized individuals need to authenticate before the data can be accessed. This "2 key" approach is sort of like the launch control for a nuclear Missile that requires 2 different people to turn keys before blowing up some small corner of the world. Subscribe to: Posts (Atom). Open SuSE Security Page. Red Hat Security Page. Knoppix Security Tool Distribution. Hardening Your Linux System (from OpenSuSE.org). I've be...
linuxsecurityresource.blogspot.com
Linux Security Resource: January 2011
http://linuxsecurityresource.blogspot.com/2011_01_01_archive.html
Friday, January 21, 2011. Creating Certificates with Multiple Hostnames. And www.example.org. You need to tell openssl to create a CSR that includes x509 V3 extensions and you also need to tell openssl to include a list of subject alternative names in your CSR. In my openssl.cnf I have the following:. In the [req] section. Req extensions = v3 req. In the v3 req section. Extensions to add to a certificate request. KeyUsage = nonRepudiation, digitalSignature, keyEncipherment. SubjectAltName = @alt names.
linuxsecurityresource.blogspot.com
Linux Security Resource: September 2010
http://linuxsecurityresource.blogspot.com/2010_09_01_archive.html
Tuesday, September 28, 2010. Use aide to monitor core system configuration files. AIDE (Advanced Intrusion Detection Environment) can be used to help track file integrity by comparing a 'snapshot' of the system's files prior to and after a suspected incident. It is a freeware version of Tripwire, AIDE uses a database to accumulate key file attributes like permissions, mtime, ctime, and number of links for a system. The idea is to build the database before 2 things occur:. Then i have the aide.log mai...
SOCIAL ENGAGEMENT