Skip to main content

Home/ Future of the Web/ Group items tagged linux configuration

Rss Feed Group items tagged

Gonzalo San Gil, PhD.

CentOS / Redhat Iptables Firewall Configuration Tutorial - 0 views

  •  
    "How do I configure a host-based firewall called Netfilter (iptables) under CentOS / RHEL / Fedora / Redhat Enterprise Linux? Netfilter is a host-based firewall for Linux operating systems. It is included as part of the Linux distribution and it is activated by default. This firewall is controlled by the program called iptables. Netfilter filtering take place at the kernel level, before a program can even process the data from the network pack"
  •  
    "How do I configure a host-based firewall called Netfilter (iptables) under CentOS / RHEL / Fedora / Redhat Enterprise Linux? Netfilter is a host-based firewall for Linux operating systems. It is included as part of the Linux distribution and it is activated by default. This firewall is controlled by the program called iptables. Netfilter filtering take place at the kernel level, before a program can even process the data from the network pack"
Gonzalo San Gil, PhD.

Linux Security Guide (extended version) - Linux Audit - 0 views

  •  
    "With so many articles about Linux security on the internet, you may feel overwhelmed by how to properly secure your Linux systems. With this guide, we walk through different steps, tools, and resources. The main goal is to have you make an educated choice on what security defenses to implement on Linux. For this reason, this article won't show any specific configuration values, as it would implicate a possible best value. Instead, related articles and resources will be available in the text. The goal is to make this guide into a go-to article for when you need to secure your Linux installation. If you like this article, help others and share it on your favorite social media channels. Got feedback? Use the comments at the bottom. This document in work in progress and last updated in September 2016"
Gonzalo San Gil, PhD.

How to configure networking on Linux | Opensource.com - 0 views

  •  
    "Connecting your Linux computer to a network is pretty straightforward, except when it is not. In this article I discuss the main network configuration files for Red Hat-based Linux distributions, and take a look at the two network startup services: the venerable network startup, and the controversial NetworkManager."
Gonzalo San Gil, PhD.

How to Secure Network Services Using TCP Wrappers in Linux | Linux.com | The source for... - 0 views

  •  
    "In this article we will explain what TCP wrappers are and how to configure them to restrict access to network services running on a Linux server. Before we start, however, we must clarify that the use of TCP wrappers does not eliminate the need for a properly configured firewall."
Gonzalo San Gil, PhD.

Configuring Linux for music recording and production | Opensource.com - 0 views

  •  
    Posted 13 Jan 2016 by Aaron Wolf "In this article, based on my talk at SCaLE 14x this year, we'll cover the basics of configuring your Linux system for music making, highlighting what works best and acknowledging the challenges with recommendations on how to find help."
  •  
    Posted 13 Jan 2016 by Aaron Wolf "In this article, based on my talk at SCaLE 14x this year, we'll cover the basics of configuring your Linux system for music making, highlighting what works best and acknowledging the challenges with recommendations on how to find help."
Gonzalo San Gil, PhD.

Build a home music server with Linux | Opensource.com - 0 views

  •  
    "In this article, I am going to focus on the hardware, software, and configuration issues that we need to resolve to set up a Linux-based music server as part of the home music system. Specifically, I'll look at the Raspberry Pi, Cubox-i, and Fit-PC as options for hosting your digital home music system. Some of the material in this article can equally be applied to my previous article on the Linux laptop as a high-quality music player"
Gonzalo San Gil, PhD.

Lynis 2.2.0 Released - Security Auditing and Scanning Tool for Linux Systems - 0 views

  •  
    " Lynis is an open source and much powerful auditing tool for Unix/Linux like operating systems. It scans system for security information, general system information, installed and available software information, configuration mistakes, security issues, user accounts without password, wrong file permissions, firewall auditing, etc."
  •  
    " Lynis is an open source and much powerful auditing tool for Unix/Linux like operating systems. It scans system for security information, general system information, installed and available software information, configuration mistakes, security issues, user accounts without password, wrong file permissions, firewall auditing, etc."
Paul Merrell

Use Tor or 'EXTREMIST' Tails Linux? Congrats, you're on the NSA's list * The Register - 0 views

  • Alleged leaked documents about the NSA's XKeyscore snooping software appear to show the paranoid agency is targeting Tor and Tails users, Linux Journal readers – and anyone else interested in online privacy.Apparently, this configuration file for XKeyscore is in the divulged data, which was obtained and studied by members of the Tor project and security specialists for German broadcasters NDR and WDR. <a href="http://pubads.g.doubleclick.net/gampad/jump?iu=/6978/reg_security/front&sz=300x250%7C300x600&tile=3&c=33U7ZK6qwQrMkAACSrTugAAAP1&t=ct%3Dns%26unitnum%3D3%26unitname%3Dwww_top_mpu%26pos%3Dtop%26test%3D0" target="_blank"> <img src="http://pubads.g.doubleclick.net/gampad/ad?iu=/6978/reg_security/front&sz=300x250%7C300x600&tile=3&c=33U7ZK6qwQrMkAACSrTugAAAP1&t=ct%3Dns%26unitnum%3D3%26unitname%3Dwww_top_mpu%26pos%3Dtop%26test%3D0" alt=""></a> In their analysis of the alleged top-secret documents, they claim the NSA is, among other things:Specifically targeting Tor directory servers Reading email contents for mentions of Tor bridges Logging IP addresses used to search for privacy-focused websites and software And possibly breaking international law in doing so. We already know from leaked Snowden documents that Western intelligence agents hate Tor for its anonymizing abilities. But what the aforementioned leaked source code, written in a rather strange custom language, shows is that not only is the NSA targeting the anonymizing network Tor specifically, it is also taking digital fingerprints of any netizens who are remotely interested in privacy.
  • These include readers of the Linux Journal site, anyone visiting the website for the Tor-powered Linux operating system Tails – described by the NSA as "a comsec mechanism advocated by extremists on extremist forums" – and anyone looking into combining Tails with the encryption tool Truecrypt.If something as innocuous as Linux Journal is on the NSA's hit list, it's a distinct possibility that El Reg is too, particularly in light of our recent exclusive report on GCHQ – which led to a Ministry of Defence advisor coming round our London office for a chat.
  • If you take even the slightest interest in online privacy or have Googled a Linux Journal article about a broken package, you are earmarked in an NSA database for further surveillance, according to these latest leaks.This is assuming the leaked file is genuine, of course.Other monitored sites, we're told, include HotSpotShield, FreeNet, Centurian, FreeProxies.org, MegaProxy, privacy.li and an anonymous email service called MixMinion. The IP address of computer users even looking at these sites is recorded and stored on the NSA's servers for further analysis, and it's up to the agency how long it keeps that data.The XKeyscore code, we're told, includes microplugins that target Tor servers in Germany, at MIT in the United States, in Sweden, in Austria, and in the Netherlands. In doing so it may not only fall foul of German law but also the US's Fourth Amendment.
  • ...2 more annotations...
  • The nine Tor directory servers receive especially close monitoring from the NSA's spying software, which states the "goal is to find potential Tor clients connecting to the Tor directory servers." Tor clients linking into the directory servers are also logged."This shows that Tor is working well enough that Tor has become a target for the intelligence services," said Sebastian Hahn, who runs one of the key Tor servers. "For me this means that I will definitely go ahead with the project.”
  • While the German reporting team has published part of the XKeyscore scripting code, it doesn't say where it comes from. NSA whistleblower Edward Snowden would be a logical pick, but security experts are not so sure."I do not believe that this came from the Snowden documents," said security guru Bruce Schneier. "I also don't believe the TAO catalog came from the Snowden documents. I think there's a second leaker out there."If so, the NSA is in for much more scrutiny than it ever expected.
Gonzalo San Gil, PhD.

How to Scan for Rootkits, backdoors and Exploits Using 'Rootkit Hunter' in Linux - 0 views

  •  
    "This article will guide you a way to install and configure RKH (RootKit Hunter) in Linux systems using source code."
Paul Merrell

Microsoft starts distributing open-source Drupal | The Open Road - The Business and Pol... - 0 views

  • The single biggest distributor of Drupal just might be Microsoft. As I discovered from Dries Buytaert's blog on Wednesday, Microsoft's Web Application Installer comes with out-of-the-box support for Drupal, OScommerce, and other popular open-source Web applications. The Web Application Installer Beta is designed to help get you up and running with the most widely used Web applications freely available for your Windows Server. Web AI provides support for popular ASP.net and PHP Web applications, including Graffiti, DotNetNuke, WordPress, Drupal, OSCommerce, and more. With just a few simple clicks, Web AI will check your machine for the necessary prerequisites, download these applications from their source location in the community, walk you through basic configuration items, and then install them on your computer.
  •  
    Microsoft attempts to co-opt the FOSS web app scene with a new installer. Will this Microsoft action will cause the FOSS community to make it easier to install web apps on Linux? At present, some Linux distribution repositories include installer packages for a very few, very popular web applications such as Mediawiki. Many web apps require expertise with the LAMP stack to install and resolve often complex dependencies and configuration details, perhaps most importantly security details. Documentation tends to be very poor for FOSS web apps, assuming knowledge most software users lack. Will this Microsoft move trigger a web app installer war with the FOSS community? Stay tuned.
Gonzalo San Gil, PhD.

How to configure peer-to-peer VPN on Linux - Xmodulo - 0 views

  •  
    "Last updated on October 9, 2014 Authored by Dan Nanni Leave a comment A traditional VPN (e.g., OpenVPN, PPTP) is composed of a VPN server and one or more VPN clients connected to the server. When any two VPN clients talk to each other, the VPN server needs to relay VPN traffic between them. The problem of such a hub-and-spoke type of VPN topology is that the VPN server can easily become a performance bottleneck as the number of connected clients increase"
  •  
    "Last updated on October 9, 2014 Authored by Dan Nanni Leave a comment A traditional VPN (e.g., OpenVPN, PPTP) is composed of a VPN server and one or more VPN clients connected to the server. When any two VPN clients talk to each other, the VPN server needs to relay VPN traffic between them. The problem of such a hub-and-spoke type of VPN topology is that the VPN server can easily become a performance bottleneck as the number of connected clients increase"
Gonzalo San Gil, PhD.

Getting started with SaltStack - 0 views

  •  
    "I came across Salt while searching for an alternative to Puppet. I like puppet, but I am falling in love with Salt :). This maybe a personal opinion but I found Salt easier to configure and get started with as compared to Puppet. Another reason I like Salt is that it let's you manage your server configurations from the command line, for example:"
Gonzalo San Gil, PhD.

How to Create Virtual Machines in Linux Using KVM (Kernel-based Virtual Machine) - Part 1 - 0 views

  •  
    "This tutorial discusses KVM introduction, deployment and how to use it to create virtual machines under RedHat based-distributions such as RHEL/CentOS7 and Fedora 21."
  •  
    "This tutorial discusses KVM introduction, deployment and how to use it to create virtual machines under RedHat based-distributions such as RHEL/CentOS7 and Fedora 21."
Gonzalo San Gil, PhD.

Network Commands - 0 views

  •  
    "Table of Contents Network Configuration Internet Specific Commands Remote Administration Related"
Gonzalo San Gil, PhD.

Configuring WINE with Winetricks - 0 views

  •  
    "If winecfg is a screwdriver, winetricks is a power drill. They both have their place, but winetricks is just a much more powerful tool. Actually, it even has the ability to launch winecfg. While winecfg gives you the ability to change the settings of WINE itself, winetricks gives you the ability to modify the actual Windows layer. It allows you to install important components like .dlls and system fonts as well as giving you the capability to edit the Windows registry. It also has a task manager, an uninstall utility, and file browser. Even though winetricks can do all of this, the majority of the time, you're going to be using it to manage dlls and Windows components."
Gonzalo San Gil, PhD.

voip-info.org - voip-info.org - 0 views

  •  
    "This Wiki covers everything related to VOIP, software, hardware, VoIP service providers, reviews, configurations, standards, tips and tricks and everything else related to voice over IP networks, IP telephony and Internet Telephony. Your contributions are welcome, please read the How to add information to this wiki page and the Posting Guidelines before you post."
Gonzalo San Gil, PhD.

IPTABLES VS FIREWALLD | Unixmen - 0 views

  •  
    "Today we will walk through iptables and firewalld and we will learn about the history of these two along with installation & how we can configure these for our Linux distributions."
Gonzalo San Gil, PhD.

Home - FirewallD - 0 views

  •  
    "Welcome to the FirewallD project homepage! FirewallD provides a dynamically managed firewall with support for network/firewall zones to define the trust level of network connections or interfaces. It has support for IPv4, IPv6 firewall settings and for ethernet bridges and has a separation of runtime and permanent configuration options. It also supports an interface for services or applications to add firewall rules directly."
Gonzalo San Gil, PhD.

hackerthreads.org * View topic - Securing Linux: methodology, firewalls, daemons, root ... - 0 views

  •  
    "Postby weazy » Fri May 30, 2003 5:19 pm Methodology Simplicity The simplicity methodology seeks to increase security by reducing vulnerability. In the rest of this tutorial you will learn to: 1. Reduce network access to your machine using a firewall (we'll teach you how to build your own) 2. Decrease the number of priveleged programs. You help yourself by decreasing priveleged programs because you reduce the ways ppl can gain access 3. Tighten configuration of those priveleged programs you want to keep 4. Reduce number of paths to root, that is restrict access of non-priveleged users 5. Deploy intrusion detection by using file integrity checking "
Paul Merrell

Google Chrome Listening In To Your Room Shows The Importance Of Privacy Defense In Depth - 0 views

  • Yesterday, news broke that Google has been stealth downloading audio listeners onto every computer that runs Chrome, and transmits audio data back to Google. Effectively, this means that Google had taken itself the right to listen to every conversation in every room that runs Chrome somewhere, without any kind of consent from the people eavesdropped on. In official statements, Google shrugged off the practice with what amounts to “we can do that”.It looked like just another bug report. "When I start Chromium, it downloads something." Followed by strange status information that notably included the lines "Microphone: Yes" and "Audio Capture Allowed: Yes".
  • Without consent, Google’s code had downloaded a black box of code that – according to itself – had turned on the microphone and was actively listening to your room.A brief explanation of the Open-source / Free-software philosophy is needed here. When you’re installing a version of GNU/Linux like Debian or Ubuntu onto a fresh computer, thousands of really smart people have analyzed every line of human-readable source code before that operating system was built into computer-executable binary code, to make it common and open knowledge what the machine actually does instead of trusting corporate statements on what it’s supposed to be doing. Therefore, you don’t install black boxes onto a Debian or Ubuntu system; you use software repositories that have gone through this source-code audit-then-build process. Maintainers of operating systems like Debian and Ubuntu use many so-called “upstreams” of source code to build the final product.Chromium, the open-source version of Google Chrome, had abused its position as trusted upstream to insert lines of source code that bypassed this audit-then-build process, and which downloaded and installed a black box of unverifiable executable code directly onto computers, essentially rendering them compromised. We don’t know and can’t know what this black box does. But we see reports that the microphone has been activated, and that Chromium considers audio capture permitted.
  • This was supposedly to enable the “Ok, Google” behavior – that when you say certain words, a search function is activated. Certainly a useful feature. Certainly something that enables eavesdropping of every conversation in the entire room, too.Obviously, your own computer isn’t the one to analyze the actual search command. Google’s servers do. Which means that your computer had been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by… an unknown and unverifiable set of conditions.Google had two responses to this. The first was to introduce a practically-undocumented switch to opt out of this behavior, which is not a fix: the default install will still wiretap your room without your consent, unless you opt out, and more importantly, know that you need to opt out, which is nowhere a reasonable requirement. But the second was more of an official statement following technical discussions on Hacker News and other places. That official statement amounted to three parts (paraphrased, of course):
  • ...4 more annotations...
  • 1) Yes, we’re downloading and installing a wiretapping black-box to your computer. But we’re not actually activating it. We did take advantage of our position as trusted upstream to stealth-insert code into open-source software that installed this black box onto millions of computers, but we would never abuse the same trust in the same way to insert code that activates the eavesdropping-blackbox we already downloaded and installed onto your computer without your consent or knowledge. You can look at the code as it looks right now to see that the code doesn’t do this right now.2) Yes, Chromium is bypassing the entire source code auditing process by downloading a pre-built black box onto people’s computers. But that’s not something we care about, really. We’re concerned with building Google Chrome, the product from Google. As part of that, we provide the source code for others to package if they like. Anybody who uses our code for their own purpose takes responsibility for it. When this happens in a Debian installation, it is not Google Chrome’s behavior, this is Debian Chromium’s behavior. It’s Debian’s responsibility entirely.3) Yes, we deliberately hid this listening module from the users, but that’s because we consider this behavior to be part of the basic Google Chrome experience. We don’t want to show all modules that we install ourselves.
  • If you think this is an excusable and responsible statement, raise your hand now.Now, it should be noted that this was Chromium, the open-source version of Chrome. If somebody downloads the Google product Google Chrome, as in the prepackaged binary, you don’t even get a theoretical choice. You’re already downloading a black box from a vendor. In Google Chrome, this is all included from the start.This episode highlights the need for hard, not soft, switches to all devices – webcams, microphones – that can be used for surveillance. A software on/off switch for a webcam is no longer enough, a hard shield in front of the lens is required. A software on/off switch for a microphone is no longer enough, a physical switch that breaks its electrical connection is required. That’s how you defend against this in depth.
  • Of course, people were quick to downplay the alarm. “It only listens when you say ‘Ok, Google’.” (Ok, so how does it know to start listening just before I’m about to say ‘Ok, Google?’) “It’s no big deal.” (A company stealth installs an audio listener that listens to every room in the world it can, and transmits audio data to the mothership when it encounters an unknown, possibly individually tailored, list of keywords – and it’s no big deal!?) “You can opt out. It’s in the Terms of Service.” (No. Just no. This is not something that is the slightest amount of permissible just because it’s hidden in legalese.) “It’s opt-in. It won’t really listen unless you check that box.” (Perhaps. We don’t know, Google just downloaded a black box onto my computer. And it may not be the same black box as was downloaded onto yours. )Early last decade, privacy activists practically yelled and screamed that the NSA’s taps of various points of the Internet and telecom networks had the technical potential for enormous abuse against privacy. Everybody else dismissed those points as basically tinfoilhattery – until the Snowden files came out, and it was revealed that precisely everybody involved had abused their technical capability for invasion of privacy as far as was possible.Perhaps it would be wise to not repeat that exact mistake. Nobody, and I really mean nobody, is to be trusted with a technical capability to listen to every room in the world, with listening profiles customizable at the identified-individual level, on the mere basis of “trust us”.
  • Privacy remains your own responsibility.
  •  
    And of course, Google would never succumb to a subpoena requiring it to turn over the audio stream to the NSA. The Tor Browser just keeps looking better and better. https://www.torproject.org/projects/torbrowser.html.en
1 - 20 of 20
Showing 20 items per page