Let face it, the Secure Shell (SSH) daemon running on your VPS is the most sensitive service open to attack on your system. Any hacker worth their salt will first try to gain access to your VPS via SSH and 99.9% of all VPS connected to the internet run this service by default and on their public IP.
If somebody gains access to your VPS via the SSH service, you can kiss your data and entire VPS goodbye. This is the ultimate goal for any would-be hacker and as such, needs to be the first thing you secure as a VPS administrator.
In this article I’m going to show you how to take three simple precautions with the SSH service that will stop most hackers and script kiddies in their tracks.
Note that while the article and title makes reference to a Virtual Private Server (VPN), there is no reason these techniques would not work with any version of Linux that offers SSH access.
This is a small tutorial, which will show you how to set up a local Raspberry to serve as a so-called SOCKS 5 proxy-server for your local network. The Raspberry itself will connect to a remote server, which will then make the requests to other Internet servers with it’s own IP, thus masquerading the original requestor’s.
All computers on your local network can be configured to connect to the Raspberry, so they all can share the same connection to the remote server.
When using ssh -D to setup a socks proxy, DNS queries and DNS traffic are not sent through the ssh tunnel. However, with Firefox a config change can be made to send DNS traffic through the ssh tunnel. Here’s how it works!
On my desktop I use Xubuntu 12.04, and today i noticed that this distribution shipped by default the Zeitgeist daemon, a thing that I’m not using at all, for what i know.
Zeitgeist is a service which logs the users’s activities and events, anywhere from files opened to websites visited and conversations. It makes this information readily available for other applications to use in form of timelines and statistics. It is able to establish relationships between items based on similarity and usage patterns by applying data association algorithms such as “Winepi” and “A Priori”
Zeitgeist is the main engine and logic behind GNOME Activity Journal which is currently seen to become one of the main means of viewing and managing activities in GNOME version 3.0
Personally i don’t use any tool that use the Zeitgeist Framework and I’d prefer to open a terminal and use locate or find to search for files than having something that log all my activity and so slow down my system, so I’ve decided to remove this daemon totally from my system, please note that if you use Gnome 3 or Unity you could have some side effect, or perhaps the system will just become more faster, like the author of the article: Removing Zeitgeist Sped Up Unity .
Just remember that the information collected by Zeitgeist are stored for use in various forms in Unity: showing what were the last application you used, what are the applications you use most, which are the files that were used lately, the music you listen, among many other aspects. If you think you can live without these information probably your system will gain a good sped up.
Fail2ban is an intrusion prevention framework written in the Python programming language. It is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally (such as, iptables or TCP Wrapper).
Fail2ban’s main function is to block selected IP addresses that may belong to hosts that are trying to breach the system’s security. It determines the hosts to be blocked by monitoring log files (e.g. /var/log/pwdfail, /var/log/auth.log, etc.) and bans any host IP that makes too many login attempts or performs any other unwanted action within a time frame defined by the administrator.
Today I want to show you some configurations that you can use to improve the security of your Apache.
This is an edited version of a post that originally appeared on a blog called The Michigan Telephone Blog, which was written by a friend before he decided to stop blogging. It is reposted with his permission. Comments dated before the year 2013 were originally posted to his blog.
If you are a Mac user, you’ve probably heard of Little Snitch. It’s a commercial (as in, not free) program that lets you allow or deny connections to the Internet from individual applications. One reason for using such a program is to detect software that should have no reason to connect to the Internet nevertheless attempting to do so. For example, you download a free screensaver (dumb move to start with) and it sends all the personal information it can find on you to some group of hackers on the other side of the world. A program like Little Snitch would let you know that the screensaver is trying to connect to the Internet, and allow you to deny that connection. In the Windows world, I believe that ZoneAlarm has a similar capability, and it’s also a commercial (as in, not free) program.
It appears that these is a similar program for Linux users, and it IS free! It’s called Leopard Flower and it’s described as a “Personal firewall for Linux OS (based on libnetfilter_queue) which allows to allow or deny Internet access on a per-application basis rather than on a port/protocol basis.”
Looking at the screenshot it appears to have very much the same per-application blocking functionality you’d get in one of those other programs. I have not personally tried it yet, but I wanted to create a post about it so if someday in the future I am trying to remember the name of this program, I’ll know where to find it (yes, this blog does sort of serve as my long-term memory!). 🙂
The only downside to this one is that as of this writing the only available package is for Arch Linux but if you want to try to build it for a Ubuntu or Debian system, they provide a page showing the needed dependencies.
There is an older similar program called TuxGuardian but apparently is hasn’t been updated since 2006, so I have no idea if it will even work with current versions of Linux. And as for you Android users, try the NoRoot Firewall app.
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here:
Cookie Policy
Recent Comments