Blogs

Disallow direct root login to SSH...

On follow up of the comment at: secure ssh...

To disallow direct root login via SSH, edit the "/etc/ssh/sshd_config" file with a text editor and find the following line:

#PermitRootLogin yes

Change the yes to no and remove the comment character at the beginning of the line:

PermitRootLogin no

Restart the sshd service.

# service sshd restart

It is also recommended to restrict access to your system by limiting users root access with the su command.

Add trusted users to the special administrative group called wheel via:

# usermod -G wheel <username>

Next open the PAM configuration file for su, "/etc/pam.d/su" in a text editor and remove the comment [#] from the following line:

auth  required /lib/security/pam_wheel.so use_uid

The root user is part of the wheel group by default and doing this will permit only members of the administrative group wheel to use the program.

Additionally, you can change the permission on the 'su' binary as below:

# chgrp wheel /bin/su
# chmod 4750 /bin/su

Verifying which ports are listening...

There are two basic approaches for listing the ports that are listening on the network. The less reliable approach is to query the network stack by typing commands such as `netstat -an` or `lsof -i`. This method is less reliable since these programs do not connect to the machine from the network but rather check to see what is running on the system. For this reason, these applications are frequent targets for replacement by attackers in an attempt to cover their tracks if they open unauthorized network ports.

A more reliable way to check which ports are listening on the network is to use a port scanner such as nmap.

Limit SSH users with PAM

PAM (Pluggable Authentication Module) can be used to limit users who have access to a certain service based on a list. For example, you can limit SSH connections via PAM.

In "/etc/pam.d/sshd", add the following line:

auth required /lib/security/pam_listfile.so onerr=fail item=user sense=allow file=/etc/ssh_allow.pamlist

This will allow a user to login via sshd if they are listed in the "/etc/ssh_allow.pamlist" file. The options specified have the following meanings:

Wow...dunno what I started.

Today is the first day that I begin using Fedora..dunno what version even. Any help will be appreciated. I've been trying to make my sound work for the last several hours. Frustration is upon me.

Protection with SmoothWall

SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Linux is the ideal choice for security systems; it is well proven, secure, highly configurable and freely available as open source code. SmoothWall includes a hardened subset of the GNU/Linux operating system, so there is no separate OS to install. Designed for ease of use, SmoothWall is configured via a web-based GUI, and requires absolutely no knowledge of Linux to install or use.

Find out more...

Default installation & software upgrades not enough!

Default installation & software upgrades not enough!

Firstly, I'm writing my first tutorial... so I'd love to be DoSssed with suggestions. The article is purely aimed to scare you &push you towards better security practices. The article is aimed for those ppl. who have a fair knowledge about the technology. This article just aims to scratch the surface of everything.............

==================================================
Lets start with the obvious... basics:
""""""""
# Obviously, Default Installation doesn't come with a virus/spy ware / Trojan scanner. If your PC isn't a single user OS, there is even a likelihood of mail ware, Trojan, spy wares running with user privileges... or worst a root kit.

Learning Java using Web Resources...

Below are some of the excellent web resources I have utilized to get me started on Java. Hope this helps others too.

  1. MITs Open Courseware: 1.00 Introduction to Computers and Engineering Problem Solving, Fall 2002
  2. Sofia Project: Introduction to Java Programming
  3. Bruce Eckels Free eBook from MindView.net: Thinking in Java, 3rd Edition

Intel Corp. PRO/Wireless 2200BG on Fedora Core 3

On a Dell Latitude D800 with an Intel Corp. PRO/Wireless 2200BG card, intel has a project to support the miniPCI adapter on Linux at ipw2200.sourceforge.net.

In order to use the IPW2200 driver you will need the following:

  1. Linux with a 2.6.4+ kernel. See the INSTALL document for information on specific options required to be enabled in the kernel.
  2. Wireless Extensions (v16) and Tools (v27-pre23).

Fedora Core 3 upgrade issue with grub.conf and udev using NVIDIA driver

I had no trouble while upgrading from FC1 to FC3. However, on reboot the system seemed to hang on "configuring kernel parameters" during the boot process and fail to remount filesystems as read-write, with consequent hang while trying to start system logger. The boot process would be fine as long as the system is not booting to runlevel 5.

The fix was to remove "rhgb" from "/etc/grub.conf" kernel parameters, since this attempts graphical install before nvidia is ready. On reboot without "rhgb" in grub, it makes it to all the way to the text login screen, but X cant start and comes up with an error message saying it cant initialise the nvidia kernel module.

Winik - a new kind of distro

What is Winik

Winik is a cygwin distro that users can install in Windows like other applications program. Winik is unix like and users can select program from Start button and menus. Users can select other wm such as KDE, Gnome, Icewm, Wmaker, Xfce etc.

Winik give a taste of *nix to windows users. Winik are based on x/cygwin. Users can install Winik modules just likes other Windows application. Winik are modular and users can choose modules that suite their needs.

Winik is free of charge

Winik is an attempt to do something that shows free software doesn't have to be bad.

Winik installs easily on Windows

Comment