The perfect weapon

Based on a best-selling book by New York Times national security correspondent David E. Sanger, The Perfect Weapon explores the rise of cyber conflict as the primary way nations now compete with and sabotage one another. ‌

Directed by Emmy-winning filmmaker John Maggio (Panic: The Untold Story of the 2008 Financial Crisis) and featuring interviews with top military, intelligence, and political officials on the frontlines of cyberterrorism, the documentary brings to light the combatants and innocent victims caught in the crosshairs of a hidden war that has been going on for decades — a war that America started, but has no idea how to finish.‌

Traveling from the deserts of Iran and Las Vegas to the back alleys of Beijing and Moscow, the film chronicles America’s pursuit of enemies who have plotted against its institutions, its economy, and its democracy. A never-before-seen look inside the secret world of spies, hackers, and scammers in the lead-up to the 2020 U.S. elections, for which fear of cyberattacks has mounted to an all-time high, The Perfect Weapon is a timely reflection on the ultimate price — and potential “victors” — of this high-stakes conflict.

https://www.hbo.com/documentaries/the-perfect-weapon

Using blocklist with iptables and firewalld

If you have any kind of server connected to the Internet, you are no doubt aware that no matter how small or unimportant it might seem, it is frequently probed, tested or subject to various attempts at abuse. These attacks come from so many malicious hosts that it is impossible to keep track by hand. So I started looking for a way to implement an automated blocklist to use with iptables and firewalld which I use on my servers.

Continue reading “Using blocklist with iptables and firewalld”

How to setup and secure Telegraf, InfluxDB and Grafana on Linux

The tutorial is for Red Hat family server distributions like CentOS 7.x, Red Hat 7.x, Fedora29 or newer (current version is 32), etc.

For Debian family server distributions like (Debian, Ubuntu etc.) I recommend to read this article: How To Setup Telegraf InfluxDB and Grafana on Linux, however it does not contain the own domain and fail2ban setup.

Continue reading “How to setup and secure Telegraf, InfluxDB and Grafana on Linux”

fail2ban – installation and configuration

Note, the following tutorial is a part of my engineering work entitled “Hardening of a Linux-based network server” under the direction of Ph. D. Kordian Smolinski in the Department of Theoretical Physics WFiIS UŁ defended in June 2019.

To install Fail2Ban on CentOS 7.6, you will first need to install the EPEL (Extra Packages for Enterprise Linux) repository. EPEL contains additional packages for all versions of CentOS, one of these additional packages is Fail2Ban.

Continue reading “fail2ban – installation and configuration”

Web server installation on mikr.us using MariaDB and MyISAM engineWeb server installation on mikr.us using MariaDB and MyISAM engine

Hi,

There was an opportunity like a blind chicken grain long ago and I hunted the domain for free sysadmin.info.pl. Originally the idea was to use it for engineering work and so it happened. Three months later again an opportunity came up, which I couldn’t miss. This time the virtual machine on OpenVZ for funny money. If you are interested, please contact https://mikr.us. After clicking on the link you will get a 5% discount on the server for the year

Continue reading “Web server installation on mikr.us using MariaDB and MyISAM engineWeb server installation on mikr.us using MariaDB and MyISAM engine”

WordPress configuration for connecting to a remote database

Hello,

I will describe here step by step configuration of WordPress in configuration of two servers. These can be physical servers, or installed on virtual machines, either using VirtualBox or HyperV.

Usually we encounter these configurations above, of course there are also other solutions, such as in the case of the hosting service provider, which has a database elsewhere, and in another location keeps a directory on the files of the website, but I will deal with the classic case, when we distinguish between two different servers.

Why such a solution? For a simple reason – security. There is no external access to the database server, i.e. from the Internet. It is in favour of the so-called NAT.

I will describe the solution that I implemented at home on two laptops, which serve as servers at home for my own learning purposes.

Have you reached this place? Great! Let’s get started.

Continue reading “WordPress configuration for connecting to a remote database”

SELinux security policy

I’m not an SELinux expert, but when I read many tutorials on the subject and saw dozens of tips that all said in one voice: turn off SELinux, because it causes problems, I thought it was time to challenge this thesis and prove that SELinux could be easy to use.

In a situation where a service does not run because of problems with permissions, creating a process ID (PID) file, you should update SELinux’s policy on enforcing the rules against the application, which by default is not included in SELinux’s Type Enforcement (TE) policies.

Continue reading “SELinux security policy”