Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Wed Jun 28, 2017 2:31 pm


News News of Linux / BSD and Network Security

Site map of Linux / BSD and Network Security » Forum : Linux / BSD and Network Security

Firewals, computer, server and network security, kernel and applications security of FreeBSD/Linux/AIX systems.

Message
 Post subject: Iptables: List rules as commands
PostPosted: Sun Mar 15, 2015 5:52 pm 
To list Iptables rules as commands ready to be entered, use the -S iptables option:
Quote:
-S, --list-rules
Print all rules in the selected chain. If no chain is selected, all chains are printed like iptables-save. Like every other iptables command, it applies
to the specified table (filter is the default).

List iptables forward rules as commands


Code:
# iptables -S

List iptables NAT rules as commands


Code:
# iptables -S -t nat

Read more : Iptables: List rules as commands | Views : 1202 | Replies : 0

Top
 Post subject: Find php scripts that use mail() function to spam in your Linux server
PostPosted: Tue Jan 27, 2015 6:56 am 
Find php scripts that use mail() function to spam in your Linux server

Every shared web hosting provider runs into this issue at least monthly when a customer experiments with or leaves unattended a php script that is either designed for testing purpopses or designed to serve the contact / feedback page of his website and accepts HTTP GET or POST data as input data for mail function in PHP.
The worst case is when ...

Read more : Find php scripts that use mail() function to spam in your Linux server | Views : 9090 | Replies : 0

Top
 Post subject: OpenSSL certificate authority (CA) - how to copy x509 extensions from CSR to signed PEM
PostPosted: Thu Jan 08, 2015 11:59 am 
How to copy x509 extensions from CSR to signed PEM with OpenSSL

Edit openssl.cnf, go to the authority section, my case "" and uncomment the following line:
Code:
# Extension copying option: use with caution.
copy_extensions = copy


This is often required for x509 extension Subject Alternative Name. SubjectAltName is a x509 extension that permits various literal values to be included in the signed certificate. It is used for ipsec VPNs, more ...

Read more : OpenSSL certificate authority (CA) - how to copy x509 extensions from CSR to signed PEM | Views : 998 | Replies : 0

Top
 Post subject: OpenSSL signing error: The countryName field needed to be the same in the CA certificate and the req
PostPosted: Thu Jan 08, 2015 11:38 am 
OpenSSL CSR signing error: The countryName field needed to be the same in the CA certificate and the request

Code:
# openssl ca -cert certs/ca.crt -keyfile certs/ca.key -in certs/testfed.csr -out certs/testfed.pem
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
The countryName field needed to be the same in the
CA certificate (NL) and the request (RO)


This is a generic OpenSSL error that occurs when the certificate signing request ...

Read more : OpenSSL signing error: The countryName field needed to be the same in the CA certificate and the req | Views : 2401 | Replies : 0

Top
 Post subject: IPv6 enablement for Ivorde.ro
PostPosted: Wed Jun 18, 2014 11:17 am 
So today I finally allocated some time to enable IPv6 for the forum. I did this via HE tunnel broker free service (IPv6 /64 in ipv4 tunnel).

Since I chose to enable IPv6 in packet-mode on the SRX (packets are forwarded without security inspection), the server needed some security hardening: disable all daemons on IPv6, except for web server.

Few useful notes:
1. Use following lsof commands to check your IPv6 running daemons:
- lsof ...

Read more : IPv6 enablement for Ivorde.ro | Views : 348 | Replies : 0

Top
 Post subject: Centos command to disable SELINUX
PostPosted: Tue Jan 28, 2014 11:54 am 
This is not recommended if SElinux is a requirement. Using it only for test:
Code:
# setenforce 0
setenforce: SELinux is disabled

Read more : Centos command to disable SELINUX | Views : 342 | Replies : 0

Top
 Post subject: Using CURL to test a restricted web resource (URL for authenticated users) sending cookies headers.
PostPosted: Wed Jan 15, 2014 10:16 am 
When accessing an URL that is protected and intended for authenticated users, the browsers authenticates to the server with a cookie (PHPSESSID or whatever else). Based on that cookie, the server does internal checks to see if the user is authenticated or not.

If you have access to that URL and you want to test it from CLI, here is how to test it with CURL.

First, I'll test this such resource with curl without ...

Read more : Using CURL to test a restricted web resource (URL for authenticated users) sending cookies headers. | Views : 1768 | Replies : 0

Top
 Post subject: How to check HTTPS site certificate chain with OpenSSL
PostPosted: Fri Oct 04, 2013 10:39 am 
Some free Certificate Authorities on the internet are not root CAs, but are intermediate level. This means that they will sign one's SSL certificate, but they are not recognized by the browser because most of the browsers only recognize root CAs.

How to see certificate chain of a HTTPS website:
# openssl s_client -connect ivorde.ro:443 -tls1
CONNECTED(00000003)
depth=2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
--- ...

Read more : How to check HTTPS site certificate chain with OpenSSL | Views : 916 | Replies : 0

Top
 Post subject: CentOS Install Nemesis packet crafting tool + Libnet
PostPosted: Fri Sep 24, 2010 4:00 am 
You can download Nemesis tool from http://nemesis.sourceforge.net/ and libnet library from http://code.google.com/p/ips-builder/downloads/detail?name=libnet-1.0.2a.tar.gz&can=2&q=

Untar Libnet first and enter the directory:
Code:
$ ./configure
...
$ sudo make && make install


make sure your PATH variable contains the directory where libnet-config is. (after installing libnet, it should be in /usr/lib)
Install nemesis:
Code:
$ ./configure
...
$ sudo make && make install


Now Nemesis is ready to use.

Read more : CentOS Install Nemesis packet crafting tool + Libnet | Views : 1790 | Replies : 1

Top
 Post subject: Ssh disable DNS reverse lookups
PostPosted: Thu Apr 01, 2010 11:03 am 
How to disable ssh daemon reverse lookups for clients IP addresses.

What are IP reverse lookups


It is the DNS PTR (Pointer) query that maps an IP address to a fully qualified domain name or hostname. IP reverse lookups can be manually resolved with dig or nslookup commands:
Code:
# dig -x 8.8.8.8 +short
google-public-dns-a.google.com.


SSH reverse lookups


According to man sshd_config SSH daemon will do a reverse lookup of incoming connection source IP and then ...

Read more : Ssh disable DNS reverse lookups | Views : 8238 | Replies : 4

Top

Last 10 active topics


Virtualization

No new posts SSH Login to Vmware ESXi with ssh keys
View the latest post
No new posts How to retrieve Vmware ESXi license from ssh shell command line
View the latest post

Shell Scripting and Programming

No new posts How to use $variable in conditional sentences?
View the latest post
No new posts Scan IP range using nmap
View the latest post
No new posts Password generator with user inputs bash script
View the latest post

TCP/IP Networking

No new posts TCP ack after two packets
View the latest post

Junos Tips & Tricks

No new posts MTR / My traceroute in Junos
View the latest post

VPS Hosting & Security

No new posts Host a gmod server on a vps or shared host?
View the latest post

Juniper virtual MX (vMX)

No new posts Juniper Virtual MX (vMX) 14.2R5.3 Phase 2 (RE and MPC on different VMs)
View the latest post

OpenLDAP - Lightweight Directory Access Protocol

No new posts cannot login in linux system with ldap user after changing the ldap user password
View the latest post

Login

Username:   Password:   Log me on automatically each visit  

Statistics

Statistics

Total posts 600 | Total topics 969 | Total members 1193



News News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO