Freeipa Centos 6.7

FreeIPA is a solution for managing users, groups, hosts, services, and much, much more. It uses open source solutions with some Python glue to make things work. Identity Management made easy for the Linux administrator. FreeIPA is an open source alternative to Microsoft Directory Server. It provides the following functionality: Centralised LDAP based authorisation Kerberos […]

Read more
CentOS6.x risk vulnerabilities

This article is only for the Green League vulnerability scan results, in RHEL / CentOS / OEL5.x x64-bit versions exist as high-risk vulnerabilities, where finishing solutions, again through vulnerability scanning, vulnerability has been patched. High-risk OpenSSH ‘schnorr.c’ remote memory corruption vulnerability (CVE-2014-1692) OpenSSH J-PAKE licensing issues Vulnerability (CVE-2010-4478) OpenSSH GSSAPI remote code execution vulnerability (CVE-2006-5051) […]

Read more
Encrypt/Decrypt string with openssl

Sometimes it can be helpfull to encrypt/decrypt strings on Linux. Of course we can install tools like crypt but is not always available after default installation. Good thing is that we also have openssl which is nearly always installed on a linux server. How to encrypt a string with openssl : $ echo “juicy” | […]

Read more
GPG file encryption command line in Linux

GPG file encryption using key pair GPG basic file encryption doesn’t required public/private key. But to make a encrypted file more secure you can use RSA/DSA algorithms. These algorithms generates public and private keys to encrypt file. There are three criteria to use GPG file encryption. 1. Encrypt/Decrypt file locally for same user account. 2. […]

Read more
Linux Security

Centralized SSH Keys There are times when it is beneficial to take control of SSH key management on a server. This brief tutorial will centralize all user SSH keys to a single location and allow root to manage them. We will be keeping all keys in a single directory located in /etc/ssh/authorized_keys. Within the directory, […]

Read more
OpenSSL Usage

List available Ciphers: openssl ciphers -v openssl ciphers -v tls1 #only TLS ciphers openssl list-cypher-commands openssl ciphers -v ‘HIGH’ #only good ciphers Test OpenSSL Speed: openssl speed openssl speed rsa #test only rsa Generate self-signed cert: openssl req \ -x509 -nodes -days 365 \ -newkey rsa:1024 -keyout mycert.pem -out mycert.pem OR openssl req \ -x509 […]

Read more
SSH PKI

To create ssh keys:ssh-keygen -t dsa -d 2048Optionally leave the passphrase blankThis will create a ~/.ssh/id_dsa and ~/.ssh/id_dsa.pub file. Check for validity:ssh-keygen -l -f ~/.ssh/id_dsa.pub Copy the key to the remote server:cat ~/.ssh/id_dsa ssh remote_host ‘sh -c “cat – >>~/.ssh/authorized_keys”‘ Convert commercial (SECSH) ssh private / public key to OpenSSHssh-keygen -i -f id_dsa.pub > id_dsa_openssh.pub […]

Read more
GPG Management Commands

Generates key pair:gpg –gen-key Lists public and private current keys:gpg –list-keysgpg –list-secret-keys Exports public key / private key:gpg –armor –export jaz@example.comgpg –export-secret-key –armor “jaz@example.com” > private.key Imports a public key / private key:gpg –import joe.cagpg –allow-secret-key-import –import private.key Delete public / private key:gpg –delete-key “jaz@example.com”gpg –delete-secret-key “jaz@example.com” Encrypt a document with someone’s public key:gpg –output […]

Read more
ClamAV Virus Scanning

Thankfully Linux isn’t a platform which has a significant problem with Viruses, however it is always better to be safe than sorry. Luckily ClamAV is an excellent free anti-virus solution for Linux servers. However, at least on RedHat Enterprise 5 (RHEL5) the default install doesn’t offer any automated scanning and alerting. So here is what […]

Read more
OSSEC Server Installation on CentOS

OS: CentOS 5.6 i386, CentOS 6.2 i386 Ossec Version: 2.6 Hardware: Virtual Machine (VirtualBox 4.1.14) About OSSEC is an opensource Host Intrustion Detection System (HIDS). OSSEC let you monitor log files, integrity of files and detects root kits in a client-server environment. OSSEC Server Installation Install wget and update your system yum install wget -y […]

Read more

Hit Counter provided by dental implants orange county