I’ve learned some very easy and useful techniques for performing threat modeling in order to evaluate and improve a system’s security. This stuff is a mandatory, documented step in developing for the DoD. I used to be intimidated by trying to analyze the security of a system. No more. Now that I have a clue about it, and [...]
06
Oct
Log In To Linux Using SSH Keys
There is an easier way to connect to your Linux box than having to remember and type passwords to gain access. We use git with a secured repository on a remote linux server. Often we want to push code, but having to answer the password prompts for every submodule can be a pain. There [...]
21
Jan
Language string failed to load: tls
We recently ran into this error while trying to get a mail service working from within PHP. Our email service provider requires TLS security to validate our account before we are allowed to send mail through their system. This is a good practice as it keeps rogue email traffic from flooding the outbound network [...]
16
Aug
cPanel Brute Force Protection – regaining access
cPanel comes with a great feature called brute force protection. The problem is, if you mis-type your password 5x in a row or if you have multiple people in the office, like we do, that try to get into various services and they combine to have 5 missed passwords in a row (ssh, mail, and [...]
30
Jun
Cyber Sprocket IP Blacklist
The following IP addresses have been blacklisted on our servers due to excessive break-in attempts. If your internet service provider (ISP) or internet presence provider/web host (IPP) is on this list your servers (or desktop computer) will not be able to access any of the Cyber Sprocket servers or the servers we manage for our [...]
31
May
Upgrading Logwatch on CentOS 5
Introduction I finally got tired at looking at the thousand-plus line daily reports coming to my inbox from Logwatch every evening. Don’t get me wrong, I love logwatch. It helps me keep an eye on my servers without having to scrutinize every log file. If you aren’t using logwatch on your Linux boxes I strongly [...]
09
Dec
SFTP Tips & Tricks
Using Keyfiles To Access SFTP Services You can use the private key .pem files to allow you to connect via SFTP on a server that only allows key access. The trick is to get the .pem file that Amazon gives you onto the sever that you will be using to connect to the EC2 instance. [...]
12
Nov
Logon To Your Linux Box Using SSH Keys
I’ve been recently working with AWS EC2 instances and have found that the SSH keys that they require for secure login practices actually have some nice benefits. For one thing, once I’ve generated a keyfile that uniquely identifies me on my local PC, I can use that keyfile to quickly and easily login to any [...]
05
Mar
IP Based Firewall with cPanel
CPanel/WHM Based Systems If you are using a web server from a web hosting company, chances are the CPanel/WHM is the system admin interface you use to manage your server. The current revision of CPanel/WHM (Mar 5th, 2008) appears to rely on the host access file as a method of preventing access to the system. [...]
20
Feb
Creating and Installing SSL Certs via SSH
Certificate Signing Request (CSR) Apache + Open SSL Login as root cd /usr/bin/ (/your path to openssl/) openssl genrsa -des3 -out <name_of_your_certificate>.key 1024 You will need to enter a passphrase for your key here, and then enter it again in the next step. openssl req -new -key <name_of_your_certificate>.key -out <name_of_your_certificate>.csr At this point you’ll have [...]
Talk To Me...
Enter your email below to sign up for the monthly Store Locator Plus newsletter. Click the Facebook icon to get almost-daily updates on what I'm working on now. The RSS feed icon will bring my bi-weekly blog posts to your feed reader.
