Linux Security

To erase an existing user account, or login from a Linux machine, you can use userdel, be sure to use this with care, as its actions can not be undone.

usermod - modify a user account

Once a user is already created, you can still modify its options and data, to do that use usermod

This is a command all Linux administrators should know, because they are the people in charge of creating users accounts, this will be one of three different posts about managing users.

useradd, creates a new user or update default new user information.

The users of a Linux Operating system computer, should always take care about security and if you are the admin of a Linux box with lots of users, you are responsible for the security of it, and maybe you should "force" the other users to change their passwords from time to time, to make this use the command chage

whowatch is a console application that lets you monitor what different users are doing on the Linux operating system in a given moment, it works in real time.

First install it

sudo aptitude install whowatch

nmap is a wonderful tool specially for debugging, there are lots of times when you need to know if a port is open in a server, or maybe blocked by a firewall, or just to test your iptables rules.

Here we will learn how to use it at the command line, and using its GUI front end, nmapFE and Knmap.

NMAP(1) Nmap Reference Guide NMAP(1)

NAME
nmap - Network exploration tool and security / port scanner

SYNOPSIS
nmap [Scan Type...] [Options] {target specification}

DESCRIPTION
Nmap (“Network Mapper”) is an open source tool for network exploration
and security auditing. It was designed to rapidly scan large networks,
although it works fine against single hosts. Nmap uses raw IP packets
in novel ways to determine what hosts are available on the network,

I have posted a new thread in the Forum.

Please help me to create a great Linux blog's list, my goal is to have at least 100, but the more the better, please post your own blogs or any other blog you may know, you can post more than one, pleas provide a Link to it, if it is frequently updated or if it is not being updated any more, and a small description of the blog.

Really please go the thread and post your blog's links and description, and I will make a list with all your posts, which I hope could be useful for everybody of us.

Please go here and post your suggestions.

Starting this year I posted about DenyHosts, which is a must have tool to avoid dictionary attacks to port 22 (ssh).

This kind of tools are really needed by sysadmins because the normal user refuse to make strong password, If the admin gives them a strong password, they will write it down, and then it stops being "strong", If the admin tells the normal users, they need to remember their passwords and not to write them down, they will come with weak passwords like their son's name, looking for new ways to secure the servers against dictionary attacks or brute force attacks, I have found this other tool that can do the job, I think this one is more flexible than DenyHosts, and also it works with Iptables.

SmoothWall 3.0 Express (Code name: Polar) is now released, and ready to be downloaded.

You can expect to find an easier to install and configure SmoothWall according to its announcement.

It now has an improved VPN support, comes with Clamav to protect your Microsoft machines, also has the ability to monitor and record instant messages that passes trough it, and also to block some words the admin would find not appropriate. (This includes MSN, Yahoo, ICQ and AOL)

If you ever loose your mysql root password (remember is not the same as the system root password) you can recover it following this steps

Start MySQL in safe mode

mysqld_safe --skip-grant-tables

Enter the console as root

mysql -u root

Set the new password

UPDATE mysql.user SET Password=PASSWORD('new_password') WHERE User='root';

Update the privileges

FLUSH PRIVILEGES;

When I was today installing openvpn once I had everything configured, I got these errors.

On the server side.

Connection refused (code=111)

and on the client side.

TLS Error: Unroutable control packet received

After googling for a while I found the solution, all have to be with the time in both sides (server and client) so the solution is.

install rdate

apt-get rdate

and then sync the clocks on both pcs.

rdate -s 129.6.15.28

This how to is a summary of the How to you can find on the official site of OpenVPN.

You can follow this step by step and should success to create your VPN

Preliminaries

These are the assumptions

1. We have two computers each with two NICs
One connected to the Internet the other to an internal network
2. I have installed Debian on both of them.

Both PCs have only the base system installed, but you can install the graphical interface if you want to.

With more and more people trying to get your passwords, and security information, and also stealing identities, as lots of virus does, sending emails to you as if they were some other people, people you know but who never sent you those emails.

Just for you to know what I am talking about, lots of virus, actually seek in the contact list and send emails to all of them with the reply-to field pointing to some other address of you contact list, that way some of your friends will receive an email as if it was sent by some other of your friends. (For Microsoft users only).

Taken from: http://www.debianadmin.com/securing-apache-web-server-from-information-l...

A lot of more interesting content, for Debian, visit: http://www.debianadmin.com/

By default, most pre-packaged apache installations come with full information leakage, so if you telnet to port 80 on your webserver you can check, just type in the GET / HTTP/1.1 line, then hit enter twice

For security reasons it is not a good idea to permit ssh root direct login, it is better to login as another user, and then switch to root using the 'su -' comand, to do this, you need to disable root from login directly using ssh protocol, this will decrease the possibility of a hacker breaking your linux box, as now he will have to guess your user name and your password

Ok, let's go and see to make this.

To be almost 100% that your data is secure, and I said almost because you are never 100% secure!
Ok, Here we will see how to use together ssh (scp) and duplicity to encrypt your backed up data and to copy it to another server using an encrypted tunnel.

If you have two servers, could be a good idea to make cross backups of the important data, so if any of them fails you can always restore from the other.

Here we will use rsync and ssh to make this possible, rsync is used to sync files between folders on the same machine or between machines, ssh will open an encrypted tunnel so the data could be secure on the transfer.

Suppose you have a layer 2 switch with support for 802.1q, and want to route traffic from one VLAN to another VLAN you can use a linux box for that.

How to make your $HOME directory only for your eyes.