Bash script that blocks web server (apache/nginx/litespeed) scanners. It checks the 400-408 errors or any other in the log you will choose to scan and extracts IP addresses of scanners which are trying to scan a web server and adds IP addresses to the ipset which drops the connection.Continue reading “Bash script that blocks web server (apache/nginx/litespeed) scanners.”
I’m trying to gather the knowledge related to logwatch, but there is a lot of learning to understand kernel error codes.
I will update this post with what I find and what I will learn. So far, I will try to present what I understand so far in a simple way.Continue reading “logwatch auditd analysis”
If you have any kind of server connected to the Internet, you are no doubt aware that no matter how small or unimportant it might seem, it is frequently probed, tested or subject to various attempts at abuse. These attacks come from so many malicious hosts that it is impossible to keep track by hand. So I started looking for a way to implement an automated blocklist to use with iptables and firewalld which I use on my servers.Continue reading “Using blocklist with iptables and firewalld”
For a tutorial about mod_security installation for apache, and maybe one day for nginx will come the time. Today I will explain how to add rules in whitelist.conf file so that mod_security doesn’t block WordPress functionality.Continue reading “Mod_security rules for WordPress”
Note, the following tutorial is a part of my engineering work entitled “Hardening of a Linux-based network server” under the direction of Ph. D. Kordian Smolinski in the Department of Theoretical Physics WFiIS UŁ defended in June 2019.
To install Fail2Ban on CentOS 7.6, you will first need to install the EPEL (Extra Packages for Enterprise Linux) repository. EPEL contains additional packages for all versions of CentOS, one of these additional packages is Fail2Ban.Continue reading “fail2ban – installation and configuration”
I’m not an SELinux expert, but when I read many tutorials on the subject and saw dozens of tips that all said in one voice: turn off SELinux, because it causes problems, I thought it was time to challenge this thesis and prove that SELinux could be easy to use.
In a situation where a service does not run because of problems with permissions, creating a process ID (PID) file, you should update SELinux’s policy on enforcing the rules against the application, which by default is not included in SELinux’s Type Enforcement (TE) policies.Continue reading “SELinux security policy”