Lately if you have been paying attention to tech or even mainstream media you might have seen a few stories about data breaches. Sometimes these data breaches have allowed attackers to gather unencrypted passwords or credit card numbers. In the past these types of attacks still happened, but there was not as many attacks as today and when they happened they were kept secret. With more and more internet based services becoming part of peoples lives, there is even more targets for attackers who are looking to get sensitive data.
In the world of Cloud Servers and Virtual Machines scripting and automation are top priority for any sysadmin. Recently while I was creating a script that logged into another server via SSH to run arbitrary commands, I ran into a brick wall.
$ ssh 192.168.0.169 The authenticity of host ‘192.168.0.169 (192.168.0.169)’ can’t be established. ECDSA key fingerprint is 74:39:3b:09:43:57:ea:fb:12:18:45:0e:c6:55:bf:58. Are you sure you want to continue connecting (yes/no)? To anyone who has used SSH long enough the above message should look familiar.
Are you tired of trying to memorize tons of passwords on different systems? Or do you simply want to have a faceless user SSH between two systems without being asked for a password? Well you are in luck because today we will be covering SSH keys.
SSH Servers have the ability to authenticate users using public/private keys. In the case of pass-phrase less keys this allows users to ssh from one system to another without typing a password.
Recently I was compiling a list of Linux commands that every sysadmin should know. One of the first commands that came to mind was nmap.
nmap is a powerful network scanner used to identify systems and services. nmap was originally developed with network security in mind, it is a tool that was designed to find vulnerabilities within a network. nmap is more than just a simple port scanner though, you can use nmap to find specific versions of services, certain OS types, or even find that pesky printer someone put on your network without telling you.
In a world where the Anonymous group is petitioning the US Government to make DDoS attacks a legal means of protest; For internet facing systems the threat of Denial of Service attacks are very real.
The cold harsh reality of DoS attacks are that there is no way to stop them. While there are services out there that are designed to take the brunt of the attack for you these costs a significant amount of money (update: CloudFlare seems pretty decent).
For today’s article I am going to explain how to create a basic firewall allow and deny filter list using the iptables package. We will be focused on creating a filtering rule-set for a basic everyday Linux web server running Web, FTP, SSH, MySQL, and DNS services.
Before we begin lets get an understanding of iptables and firewall filtering in general.
What is iptables? iptables is a package and kernel module for Linux that uses the netfilter hooks within the Linux kernel to provide filtering, network address translation, and packet mangling.
Access Control Lists aka ACL’s are one of those obscure Linux tools that isn’t used every day; and if you find yourself using ACL’s every day than you probably have a very complicated Linux environment.
A few years ago I had an engineer tell me “Any thing you want to solve with ACL’s can be solved with standard unix permissions” and while he may have just been justifying why he didn’t know ACL’s very well.
Allowing unprivileged users to edit files that are normally beyond their rights is a task that is easy to perform however it requires a great deal of forethought to implement without opening security holes. You can give users the ability to edit privileged files by using User/Group Permissions, ACL’s, or even sudo; but no matter which way you choose there are some things you must consider.
For an example lets take a look at 2 files /etc/services and /etc/cron.
I’m going to start this post by saying what I’m really thinking. 90% of the time if an application is running as the root user on a Unix/Linux machine; it is because the sysadmin who setup or designed the environment was being lazy.
Now before getting offended, being a lazy sysadmin is a good thing. The fact is that most systems administrators are lazy in some way, and that is the reason why most systems administration tasks end up being scripted.
Mysqldump is a great utility for backing up or exporting a database to a flat file. This flat file can then be used to import the database or databases into another mysql database or even another database server like postgre depending on the options you use.
To perform a very simple backup of the mysql database you can simply just setup a cronjob that runs mysqldump at whatever interval you want.