Posts Tagged security

Use Openssl to create a root CA

In Openssl after a root CA has ben generated here are the following commands to create an intermediate CA;

as root

/etc/pki/tls/misc/CA –newca

/etc/pki/tls/misc/CA -newreq

some Generic Certificate Authority (usually a server)
Enter Enter

/etc/pki/tls/misc/CA –signCA
PassPhrase: Demo

newreq.pem is key with CSR request inside
newcert.pem is certificate
new_to_open_ssl is offline

How to Create Self-Signed SSL Certificates with OpenSSL
http://www.xenocafe.com/tutorials/linux/centos/openssl/self_signed_certificates/index.php

, ,

No Comments

redWall, a bootable CD-ROM Firewall

redWall is a bootable CD-ROM Firewall. It’s goal is to provide a feature rich firewall solution, with the main goal, to provide a webinterface for all the logfiles generated!

http://www.redwall-firewall.com/

,

No Comments

online site to gen passwords

good online site to gen passwords
http://www.goodpassword.com

good tools to manage your passwords
http://www.clipperz.com/open_source/clipperz_community_edition

we can also use the following script:

#!/bin/sh
cat /dev/urandom| tr -dc ‘0-9a-zA-Z!@#$%^&*_+-‘|head -c 10;echo

No Comments

install hping hping needs pcap.h

install hping
hping needs pcap.h, bpf.h, we should install libpcap-devel
wget http://www.hping.org/hping3-20051105.tar.gz

there is sth need to change
ln -s /usr/include/pcap-bpf.h /usr/include/bpf.h

vi libpcap_stuff.c script.c
change the net/bpf.h into bpf.h

./configure && make && make install

but it is easy in FreeBSD
cd /usr/ports/net/hping-devel
make && make install

hping has much features to test the network!

http://www.securityfocus.com/infocus/1787
http://www.securityfocus.com/infocus/1791

,

No Comments

focus on security of Linux this weekend

focus on security of Linux this weekend.

APF (Advanced Policy Firewall) and more tools
http://www.rfxn.com/projects/
there are all written in shell, such as APF based on iptables. good example in sys admin with shell.

OSSEC is an Open Source Host-based Intrusion Detection System.
It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows.
it is C/S model, just one server and server agentd, can monitor the system.
http://www.ossec.net/


Some tips on optimize the MySQL database

MySQL Performance Tuning Primer Script – http://www.day32.com/MySQL/

MySQLTuner – http://rackerhacker.com/mysqltuner/

MONyog – MySQL Monitor and Advisor – http://www.webyog.com/en/

More links:
http://www.mysqlperformanceblog.com/2006/09/29/what-to-tune-in-mysql-server-after-installation/
http://tag1consulting.com/MySQL_Engines_MyISAM_vs_InnoDB
http://www.profitpapers.com/papers/performance-tuning-mysql-for-load.php
http://hackmysql.com/mysqlreport
http://www.mysqlperformanceblog.com/tools/
http://video.google.com/videoplay?docid=2524524540025172110

,

No Comments

mod_evasive/security to secure Apache

mod_evasive/security to secure Apache server

http://www.zdziarski.com/projects/mod_evasive/
http://www.modsecurity.org

No Comments

TripWire-系统完整性检查工具

今晚看iptables的书的时候,看到TripWire,以前也看过。但是没怎么注意
正好做了一下实验
http://sourceforge.net/projects/tripwire/
下载安装
wget http://nchc.dl.sourceforge.net/sourceforge/tripwire/tripwire-2.4.1.2-src.tar.bz2
tar xvf tripwire-2.4.1.2-src.tar.bz2
cd tripwire-2.4.1.2-src
./configure –prefix=/srv/tripwire && make && make install

初始化数据库
/srv/tripwire/sbin/tripwire -m i
检测某个软件的完整性
/srv/tripwire/sbin/tripwire -m c
e.g. sudo /srv/tripwire/sbin/tripwire -m c /bin/echo
Integrity checking objects specified on command line…
……..
Total objects scanned: 1
Total violations found: 0
……..

具体用法:
Database Initialization: tripwire [-m i|–init] [options]
Integrity Checking: tripwire [-m c|–check] [object1 [object2…]]
Database Update: tripwire [-m u|–update]
Policy Update: tripwire [-m p|–update-policy] policyfile.txt
Test: tripwire [-m t|–test] –email address

No Comments