Blog

I saved it as script.sh, gave it chmod u+x script.sh executable permissions and ran it as root ./script.sh, although I know that scripts should be run from sudo for security. But I know what I’m doing and why. Everything is described with comments in English. User was created during installation of the system, hence the change. I use sudo and user on a daily basis. Here it is a quick solution. These commands can be executed equally well using sudo. ...

Bash script that blocks web server (apache/nginx/litespeed) scanners Bash script that blocks web server (apache/nginx/litespeed) scanners. It checks the 400-408 errors or any other in the log you will choose to scan and extracts IP addresses of scanners which are trying to scan a web server and adds IP addresses to the ipset which drops the connection. ...

Rules in /etc/audit/rules.d/audit.rules ##################### # This is an example configuration suitable for most systems # Before running with this configuration: # - Remove or comment items that are not applicable # - Check paths of binaries and files ##################### ##################### # Remove any existing rules ###################### -D ##################### # Buffer Size # Might need to be increased, depending on the load of your system. ##################### -b 8192 ##################### # Failure Mode ##################### # 0=Silent # 1=printk, print failure message # 2=panic, halt system -f 1 ##################### # Audit the audit logs. ##################### -w /var/log/audit/ -k auditlog ##################### # Auditd configuration ##################### ## Modifications to audit configuration that occur while the audit (check your paths) -w /etc/audit/ -p wa -k auditconfig -w /etc/libaudit.conf -p wa -k auditconfig -w /etc/audisp/ -p wa -k audispconfig ##################### # Monitor for use of audit management tools ##################### # Check your paths -w /sbin/auditctl -p x -k audittools -w /sbin/auditd -p x -k audittools ##################### # Special files ##################### -a exit,always -F arch=b32 -S mknod -S mknodat -k specialfiles -a exit,always -F arch=b64 -S mknod -S mknodat -k specialfiles ##################### # Mount operations ##################### -a exit,always -F arch=b32 -S mount -S umount -S umount2 -k mount -a exit,always -F arch=b64 -S mount -S umount2 -k mount ##################### # Changes to the time ##################### -a exit,always -F arch=b32 -S adjtimex -S settimeofday -S stime -S clock_settime -k time -a exit,always -F arch=b64 -S adjtimex -S settimeofday -S clock_settime -k time -w /etc/localtime -p wa -k localtime ##################### # Use of stunnel ##################### -w /usr/sbin/stunnel -p x -k stunnel ##################### # Schedule jobs ##################### -w /etc/cron.allow -p wa -k cron -w /etc/cron.deny -p wa -k cron -w /etc/cron.d/ -p wa -k cron -w /etc/cron.daily/ -p wa -k cron -w /etc/cron.hourly/ -p wa -k cron -w /etc/cron.monthly/ -p wa -k cron -w /etc/cron.weekly/ -p wa -k cron -w /etc/crontab -p wa -k cron -w /var/spool/cron/crontabs/ -k cron ##################### # user, group, password databases ##################### -w /etc/group -p wa -k etcgroup -w /etc/passwd -p wa -k etcpasswd -w /etc/gshadow -k etcgroup -w /etc/shadow -k etcpasswd -w /etc/security/opasswd -k opasswd ##################### # Monitor usage of passwd command ##################### -w /usr/bin/passwd -p x -k passwd_modification ##################### # Monitor user/group tools ##################### -w /usr/sbin/groupadd -p x -k group_modification -w /usr/sbin/groupmod -p x -k group_modification -w /usr/sbin/addgroup -p x -k group_modification -w /usr/sbin/useradd -p x -k user_modification -w /usr/sbin/usermod -p x -k user_modification -w /usr/sbin/adduser -p x -k user_modification ##################### # Login configuration and stored info ##################### -w /etc/login.defs -p wa -k login -w /etc/securetty -p wa -k login -w /var/log/faillog -p wa -k login -w /var/log/lastlog -p wa -k login -w /var/log/tallylog -p wa -k login ##################### # Network configuration ##################### -w /etc/hosts -p wa -k hosts -w /etc/network/ -p wa -k network ##################### # system startup scripts ##################### -w /etc/inittab -p wa -k init -w /etc/init.d/ -p wa -k init -w /etc/init/ -p wa -k init ##################### # Library search paths ##################### -w /etc/ld.so.conf -p wa -k libpath ##################### # Kernel parameters and modules ##################### -w /etc/sysctl.conf -p wa -k sysctl -w /etc/modprobe.conf -p wa -k modprobe ##################### # PAM configuration ##################### -w /etc/pam.d/ -p wa -k pam -w /etc/security/limits.conf -p wa -k pam -w /etc/security/pam_env.conf -p wa -k pam -w /etc/security/namespace.conf -p wa -k pam -w /etc/security/namespace.init -p wa -k pam ##################### # Puppet (SSL) ##################### -w /etc/puppetlabs/puppet/ssl -p wa -k puppet_ssl ##################### # Postfix configuration ##################### -w /etc/aliases -p wa -k mail -w /etc/postfix/ -p wa -k mail ##################### # SSH configuration ##################### -w /etc/ssh/sshd_config -k sshd ##################### # Hostname ##################### -a exit,always -F arch=b32 -S sethostname -k hostname -a exit,always -F arch=b64 -S sethostname -k hostname ##################### # Changes to issue ##################### -w /etc/issue -p wa -k etcissue -w /etc/issue.net -p wa -k etcissue ##################### # Log all commands executed by root ##################### -a exit,always -F arch=b64 -F euid=0 -S execve -k rootcmd -a exit,always -F arch=b32 -F euid=0 -S execve -k rootcmd ##################### # Capture all failures to access on critical elements ##################### -a exit,always -F arch=b64 -S open -F dir=/etc -F success=0 -k unauthedfileacess -a exit,always -F arch=b64 -S open - F dir=/bin -F success=0 -k unauthedfileacess -a exit,always -F arch=b64 -S open -F dir=/home -F success=0 -k unauthedfileacess -a exit,always -F arch=b64 -S open -F dir=/sbin -F success=0 -k unauthedfileacess -a exit,always -F arch=b64 -S open -F dir=/srv -F success=0 -k unauthedfileacess -a exit,always -F arch=b64 -S open -F dir=/usr/bin -F success=0 -k unauthedfileacess -a exit,always -F arch=b64 -S open -F dir=/usr/local/bin -F success=0 -k unauthedfileacess -a exit,always -F arch=b64 -S open -F dir=/usr/sbin -F success=0 -k unauthedfileacess -a exit,always -F arch=b64 -S open -F dir=/var -F success=0 -k unauthedfileacess ##################### # su/sudo ##################### -w /bin/su -p x -k priv_esc -w /usr/bin/sudo -p x -k priv_esc -w /etc/sudoers -p rw -k priv_esc ##################### # Poweroff/reboot tools ##################### -w /sbin/halt -p x -k power -w /sbin/poweroff -p x -k power -w /sbin/reboot -p x -k power -w /sbin/shutdown -p x -k power ##################### # Make the configuration immutable ##################### -e 2

Based on a best-selling book by New York Times national security correspondent David E. Sanger, The Perfect Weapon explores the rise of cyber conflict as the primary way nations now compete with and sabotage one another. Directed by Emmy-winning filmmaker John Maggio (Panic: The Untold Story of the 2008 Financial Crisis) and featuring interviews with top military, intelligence, and political officials on the frontlines of cyberterrorism, the documentary brings to light the combatants and innocent victims caught in the crosshairs of a hidden war that has been going on for decades — a war that America started, but has no idea how to finish. ...

Hello, I’m trying to gather the knowledge related to logwatch, but there is a lot of learning to understand kernel error codes. I will update this post with what I find and what I will learn. So far, I will try to present what I understand so far in a simple way. For the analysis I will use auditd, which I described here: https://sysadmin.info.pl/en/blog/selinux-security-policy/ Logwatch Logwatch is the classic log file email utility that emails a daily status of activity from Linux logs. On CentOS, the default install of logwatch does not have many fancy features enabled. I will show you how to configure logwatch. ...

If you have any kind of server connected to the Internet, you are no doubt aware that no matter how small or unimportant it might seem, it is frequently probed, tested or subject to various attempts at abuse. These attacks come from so many malicious hosts that it is impossible to keep track by hand. So I started looking for a way to implement an automated blocklist to use with iptables and firewalld which I use on my servers. ...

The basic installation and configuration of Cloudflare are described here: Installation of a Web Server on mikr.us Using MariaDB and MyISAM Engine In this tutorial, we will focus on configuring a full strict connection between your server and Cloudflare. For the purposes of this tutorial and initial testing, you should first disable the orange cloud icon (click on it) in the DNS section of your domain on Cloudflare so that it becomes gray, and save the changes using the save button. This way, you can verify whether the Let’s Encrypt certificate has been correctly installed, and every browser shows that your website is using SSL and a certificate from Let’s Encrypt. ...

Article shows how to solve the issue with missing swap and plymouthd sigrtmin error, when swap is not created as LVM, but as a standard swap. Boot-Message: 1 2 3 dracut-initqueue[279] Warning: Could not boot dracut-initqueue[279] Warning; /dev/mapper/rhel_…-root does not exit sigrtmin+20 from PID 297 plymouthd Last error is because of mounting swap failed. The solution is really simple. Check is standard swap is on with command: 1 swapon -s Check where swap is mounted in /etc/fstab ...

The tutorial is for Red Hat family server distributions like CentOS 7.x, Red Hat 7.x, Fedora29 or newer (current version is 32), etc. For Debian family server distributions like (Debian, Ubuntu etc.) I recommend to read this article: How To Setup Telegraf InfluxDB and Grafana on Linux, however it does not contain the own domain and fail2ban setup. I decided to copy some parts from tutorials. References are at the end of this tutorial: ...

Full guide for conky with themes, cava and tilda.