Tag Archives: Security

Proxmox using iptables in openvz guests

I recently upgraded Proxmox and noticed iptables was not working in the guests. Turns out a small edit is required to /etc/vz/vz.conf (we need to add some more modules to be used in the openvz guests). Using any editor, open … Continue reading

Posted in Linux | Tagged | 6 Comments

selinux MCS

This is the second post regarding selinux arising from security discussions at our LUG. Introduction Selinux uses MAC, or mandatory access control, to grant or deny access to files or processes. Multi-Category Security (MCS) is a method of giving users … Continue reading

Posted in Linux | Tagged , , | 1 Comment

selinux sandbox

This is the second in a series of blogs arising from security discussions in my LUG. This month we covered selinux and here I will show some examples of using the selinux sandbox. Dan Walsh explains a selinux sandbox Introducing … Continue reading

Posted in Linux | Tagged , , | 5 Comments

Apparmor privoxy profile

This blog is an extension of a discussion we had at our LUG regarding security. We are reviewing both apparmor and selinux and started with apparmor. One advantage of apparmor is that it is relatively easy to learn, but a … Continue reading

Posted in Linux | Tagged , | 9 Comments

SSH logs as a Honeypot

You can use your logs as a "poor mans" honey pot. Review your logs and modify the following awk command to suit your needs. The exact syntax will vary depending on your authentication (passwords or keys) and server. Debian: awk … Continue reading

Posted in Linux | Tagged , | 5 Comments

Fire SSH

Just a quick blog about a openssh client I came across recently, FireSSH, a firefox extension. The most notable features are: FireSSH is by definition cross platform. Unlike putty, FireSSH uses openssh keys. FireSSH will use proxies (such as privoxy … Continue reading

Posted in Linux | Tagged , | 3 Comments

Privoxy on Fedora 15

I am a fan of Privoxy and initially had some problems on Fedora 15 in that privoxy failed to start on boot. A work around is to enable both privoxy and network service at boot. su -c "systemctl enable privoxy.service" … Continue reading

Posted in Linux | Tagged , , | 1 Comment

Transfer firefox 4 passwords

Just a brief post on transferring Firefox 4 passwords from one installation to another. There are several online resources to sync bookmarks and passwords and while you may be "OK" using these services for bookmarks, you may not wish to … Continue reading

Posted in Linux | Tagged , | 5 Comments

Prevent DOS with iptables

After a recent conversation on the Ubuntu Forums I wanted to post an example of using iptables. Of course there are several types of DOS attacks , in this post I will demonstrating the use if iptables to limit the … Continue reading

Posted in Linux | Tagged | 35 Comments

Ubuntu how to faillog

I cam across an interesting command – faillog With faillog you can lock a user’s account after x number of failed log in attempts. HOWEVER – it is not so straight forward – see man pam_tally In order to enable … Continue reading

Posted in Linux | Tagged | 13 Comments