Posts Tagged security

Use Openssl to create a root CA

In Openssl after a root CA has ben generated here are the following commands to create an intermediate CA;

as root

/etc/pki/tls/misc/CA –newca

/etc/pki/tls/misc/CA -newreq

some Generic Certificate Authority (usually a server)
Enter Enter

/etc/pki/tls/misc/CA –signCA
PassPhrase: Demo

newreq.pem is key with CSR request inside
newcert.pem is certificate
new_to_open_ssl is offline

How to Create Self-Signed SSL Certificates with OpenSSL

, ,

No Comments

redWall, a bootable CD-ROM Firewall

redWall is a bootable CD-ROM Firewall. It’s goal is to provide a feature rich firewall solution, with the main goal, to provide a webinterface for all the logfiles generated!


No Comments

online site to gen passwords

good online site to gen passwords

good tools to manage your passwords

we can also use the following script:

cat /dev/urandom| tr -dc ‘0-9a-zA-Z!@#$%^&*_+-‘|head -c 10;echo

No Comments

install hping hping needs pcap.h

install hping
hping needs pcap.h, bpf.h, we should install libpcap-devel

there is sth need to change
ln -s /usr/include/pcap-bpf.h /usr/include/bpf.h

vi libpcap_stuff.c script.c
change the net/bpf.h into bpf.h

./configure && make && make install

but it is easy in FreeBSD
cd /usr/ports/net/hping-devel
make && make install

hping has much features to test the network!


No Comments

focus on security of Linux this weekend

focus on security of Linux this weekend.

APF (Advanced Policy Firewall) and more tools
there are all written in shell, such as APF based on iptables. good example in sys admin with shell.

OSSEC is an Open Source Host-based Intrusion Detection System.
It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows.
it is C/S model, just one server and server agentd, can monitor the system.

Some tips on optimize the MySQL database

MySQL Performance Tuning Primer Script –

MySQLTuner –

MONyog – MySQL Monitor and Advisor –

More links:


No Comments

mod_evasive/security to secure Apache

mod_evasive/security to secure Apache server

No Comments


tar xvf tripwire-
cd tripwire-
./configure –prefix=/srv/tripwire && make && make install

/srv/tripwire/sbin/tripwire -m i
/srv/tripwire/sbin/tripwire -m c
e.g. sudo /srv/tripwire/sbin/tripwire -m c /bin/echo
Integrity checking objects specified on command line…
Total objects scanned: 1
Total violations found: 0

Database Initialization: tripwire [-m i|–init] [options]
Integrity Checking: tripwire [-m c|–check] [object1 [object2…]]
Database Update: tripwire [-m u|–update]
Policy Update: tripwire [-m p|–update-policy] policyfile.txt
Test: tripwire [-m t|–test] –email address

No Comments