I recently was required to redirect all traffic for a domain over an HTTPS connection. Using the Apache’s .htaccess files and the RewriteEngine, this task is trivial.
Archive for category Security
Securing SSH
Jan 19
SSH is how most administrators connect to their servers. It is also one of the most commonly attacked ports on a Linux Server. If you followed my previous tutorial about how to install fail2ban, you’ve probably noticed that you receive many emails about failed attacks. In this tutorial, I’ll show a few more steps that can be taken to lock down the SSH daemon and your server even further.
Read the rest of this entry »
Vigilant system administrators will notice many failed login attempts on their internet connected servers. While its good to know that you are preventing these logins, they are filling your logs and potentially making it harder to see other problems. Additionally, these failed logins are taking up bandwidth and likely trying over and over again to get into your system. Fortunately, there is a solution to preventing these attacks from continuing on a Linux based system. The following tutorial will set up Fail2ban on a RedHat based system. We will monitor failed SSH logins and failed Webmin logins. Additionally, we will set up a unique jail that will block persistant attackers for a longer period of time.
Server security is not something that should be ignored. If an attacker gets on to your servers, do you know what they changed? Sure you’ve removed the gigabytes of malware with a virus scanner and manually cleaned up countless directories of illegal software, but is that all they left behind? Did they modify any of your important files, such as ‘su’ or ‘cp’ or ‘rm’? How would you know this? One answer is the Open Source project Tripwire. This tutorial will cover how to install, configure and maintain Tripwire on a Fedora 11 machine. This tutorial should be easily translatable to RedHat and CentOS 5.x with few (if any modifications) and to other Linux distributions with only minor changes.
Read the rest of this entry »