Posts with the tag Security
The vpn software tinc has full support for IPv6 according to its projects' web site.
Here are the features in short:
- Encryption, authentication and compression
- Automatic full mesh routing
- Easily expand your VPN
- Ability to bridge ethernet segments (check this)
- Runs on many operating systems and supports IPv6
On OpenWrt Routers:
opkg update opkg...
The REINER SCT cyberJack RFID komfort is a smartcard and RFID card reader popular in Germany as it supports the German identity card and its RFID technology. Here are my notes on the device, some tweaks and how to use it.
As of 2011-12-28 I'm having a couple of problems with...
If you get an error message like the following when changing the color scheme / color set of the Bartik theme in Drupal 7 you might have PHP Safe Mode enabled.
* The specified file themes/bartik/logo.png could not be copied, because the destination directory is not properly configured. This...
To make a backup of the saved passwords in Ubuntu just make a backup of the folder
~/.gnome2/keyrings/. This is where Gnome stores its password keyrings (named something like
You can also export all your passwords from the Gnome Keyring using the python module keyring as described in <a...
Get rid of an additional password prompt after Gnome login to unlock the default keyring when you changed your login password
If you get a password prompt like the following when logging on to Gnome on Ubuntu Linux your login password might differ from your keyring password file (
An application wants access to the keyring 'default' but it is locked.
So to get arround this and have the default keyring...
I have an old hard disk and I want to waste it. So I want to make sure there is no data left on the device:
Overwrite the hard disk /dev/sdd using 1 run:
sudo shred -vn 1 /dev/sdd
A fast alternative:
sudo sh -c 'cryptsetup -d /dev/urandom -c aes-xts-plain...
ssh -D 8080 someuser@somecomputertouseasgateway
then setup the browser on this machine to use
denyhost can help keep out unwanted guests from your ssh server.
# # /etc/hosts.deny # ALL: ALL: DENY # End of file
# # /etc/hosts.allow # sshd: ALL EXCEPT /etc/hosts.evil # End of file
When someone has taken your IP, react!
Set your IP to the correct one (belonging to you):
sudo ifconfig eth0 188.8.131.52 netmask 255.255.255.0
and run arping to get the IP back on your side:
sudo arping -U -c 3 -I eth0 184.108.40.206 sudo arping -A -c 3 -I eth0 220.127.116.11
sudo aptitude install pwgen
pwgen can generate safe passwords for you. It is a command line tool and can be used like this:
pwgen -s -y 8 1
-s means create a secure password, -y means it should contain at least one special character, 8 means it...
An easier solution just by setting a line in the configuration of the ssd daemon can be found in the blog post Chroot SFTP users.
sudo aptitude install scponly
sudo -s cd /usr/share/doc/scponly/setup_chroot gunzip setup_chroot.sh.gz chmod +x setup_chroot.sh ./setup_chroot.sh
this adds the user etc...
To warn unauthorized users logging in via ssh, you can add a ssh banner.
echo "Banner /etc/issue.net" | sudo tee -a /etc/ssh/sshd_config > /dev/null cat << EOF | sudo tee /etc/issue.net *************************************************************************** ...
AqBanking is used as a backend for gnucash and therefore very mature. It features a CLI to query CSV files of transactions and more.
It may happen that your system is slow for some reason, it may fail completely, be under an attack, it can even have a troyan and you do not even know. I found a script recently which integrates into your system via a daily cronjob. It uses logrotate. So it...
Filter the authentication log file for failed authentications and count the attempts (lines in the log file):
grep -i fail /var/log/auth.log | wc -l
Check for all attacks with non existing usernames:
grep -i "Failed password for invalid user" /var/log/auth.log | cut -d " "...
Edit the configuration file of the SSH daemon:
sudo gedit /etc/ssh/sshd_config
Change the line containing
PermitRootLogin yes to
PermitRootLogin no , save the file and restart the SSH server.
sudo /etc/init.d/ssh restart
gpg --keyserver subkeys.pgp.net --recv-keys 0x94C09C7F gpg --export 0x94C09C7F | sudo apt-key add - echo "deb http://mirror.noreply.org/pub/tor jaunty main" | sudo tee -a /etc/apt/sources.list sudo apt-get update sudo apt-get install tor
setup of a HTTP-Proxy for tor Tor being a Socks-Proxy (not a HTTP-Proxy) means you can't...
tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. It runs on many platforms including Linux, FreeBSD, OpenBSD, NetBSD, MacOS/X, Solaris, Windows 2000, XP, Vista and Windows 7.
The installation of tinc on Ubuntu Linux is...
sudo aptitude install network-manager-openvpn network-manager-pptp network-manager-vpnc
The installation of the port knocking daemon is quite simple:
sudo apt-get install knockd
To start the knockd daemon automatically: uncomment
Edit the config file
[options] logfile = /var/log/knockd.log [openSSH] sequence = <span...
OpenSSH supports jailing SFTP users to a directory (using
chroot) just by changing its configuration file:
Basically you add the users you want to jail to a linux user group (
sftp) and add the following lines to
### Comment out the following line: #Subsystem sftp /usr/lib/openssh/sftp-server ### and replace with: Subsystem sftp...