Posts Tagged security
Use Openssl to create a root CA
In Openssl after a root CA has ben generated here are the following commands to create an intermediate CA;
as root
/etc/pki/tls/misc/CA –newca
/etc/pki/tls/misc/CA -newreq
some Generic Certificate Authority (usually a server)
Enter Enter
/etc/pki/tls/misc/CA –signCA
PassPhrase: Demo
newreq.pem is key with CSR request inside
newcert.pem is certificate
new_to_open_ssl is offline
How to Create Self-Signed SSL Certificates with OpenSSL
http://www.xenocafe.com/tutorials/linux/centos/openssl/self_signed_certificates/index.php
redWall, a bootable CD-ROM Firewall
redWall is a bootable CD-ROM Firewall. It’s goal is to provide a feature rich firewall solution, with the main goal, to provide a webinterface for all the logfiles generated!
http://www.redwall-firewall.com/
online site to gen passwords
good online site to gen passwords
http://www.goodpassword.com
good tools to manage your passwords
http://www.clipperz.com/open_source/clipperz_community_edition
we can also use the following script:
#!/bin/sh
cat /dev/urandom| tr -dc ’0-9a-zA-Z!@#$%^&*_+-’|head -c 10;echo
install hping hping needs pcap.h
install hping
hping needs pcap.h, bpf.h, we should install libpcap-devel
wget http://www.hping.org/hping3-20051105.tar.gz
there is sth need to change
ln -s /usr/include/pcap-bpf.h /usr/include/bpf.h
vi libpcap_stuff.c script.c
change the net/bpf.h into bpf.h
./configure && make && make install
but it is easy in FreeBSD
cd /usr/ports/net/hping-devel
make && make install
hping has much features to test the network!
http://www.securityfocus.com/infocus/1787
http://www.securityfocus.com/infocus/1791
focus on security of Linux this weekend
focus on security of Linux this weekend.
APF (Advanced Policy Firewall) and more tools
http://www.rfxn.com/projects/
there are all written in shell, such as APF based on iptables. good example in sys admin with shell.
OSSEC is an Open Source Host-based Intrusion Detection System.
It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows.
it is C/S model, just one server and server agentd, can monitor the system.
http://www.ossec.net/
Some tips on optimize the MySQL database
MySQL Performance Tuning Primer Script – http://www.day32.com/MySQL/
MySQLTuner – http://rackerhacker.com/mysqltuner/
MONyog – MySQL Monitor and Advisor – http://www.webyog.com/en/
More links:
http://www.mysqlperformanceblog.com/2006/09/29/what-to-tune-in-mysql-server-after-installation/
http://tag1consulting.com/MySQL_Engines_MyISAM_vs_InnoDB
http://www.profitpapers.com/papers/performance-tuning-mysql-for-load.php
http://hackmysql.com/mysqlreport
http://www.mysqlperformanceblog.com/tools/
mod_evasive/security to secure Apache
mod_evasive/security to secure Apache server
http://www.zdziarski.com/projects/mod_evasive/
http://www.modsecurity.org
TripWire-系统完整性检查工具
今晚看iptables的书的时候,看到TripWire,以前也看过。但是没怎么注意
正好做了一下实验
http://sourceforge.net/projects/tripwire/
下载安装
wget http://nchc.dl.sourceforge.net/sourceforge/tripwire/tripwire-2.4.1.2-src.tar.bz2
tar xvf tripwire-2.4.1.2-src.tar.bz2
cd tripwire-2.4.1.2-src
./configure –prefix=/srv/tripwire && make && make install
初始化数据库
/srv/tripwire/sbin/tripwire -m i
检测某个软件的完整性
/srv/tripwire/sbin/tripwire -m c
e.g. sudo /srv/tripwire/sbin/tripwire -m c /bin/echo
Integrity checking objects specified on command line…
……..
Total objects scanned: 1
Total violations found: 0
……..
具体用法:
Database Initialization: tripwire [-m i|--init] [options]
Integrity Checking: tripwire [-m c|--check] [object1 [object2...]]
Database Update: tripwire [-m u|--update]
Policy Update: tripwire [-m p|--update-policy] policyfile.txt
Test: tripwire [-m t|--test] –email address