Before moving into the article, let me tell you how this article has been written. This article starts with the introduction to knockd, and proceeds with the implementation of port knocking by using iptables. Note that the same port knocking can be achieved using knockd, as well, which will be discussed in the upcoming article.
Full article here:
Port knocking: Enhance Security Using knockd and/or Iptables From Basics (Unixmen)
Let face it, the Secure Shell (SSH) daemon running on your VPS is the most sensitive service open to attack on your system. Any hacker worth their salt will first try to gain access to your VPS via SSH and 99.9% of all VPS connected to the internet run this service by default and on their public IP.
If somebody gains access to your VPS via the SSH service, you can kiss your data and entire VPS goodbye. This is the ultimate goal for any would-be hacker and as such, needs to be the first thing you secure as a VPS administrator.
In this article I’m going to show you how to take three simple precautions with the SSH service that will stop most hackers and script kiddies in their tracks.
Full article here:
How to Really Secure Your Linux VPS SSH Service (Linuxaria)
Note that while the article and title makes reference to a Virtual Private Server (VPN), there is no reason these techniques would not work with any version of Linux that offers SSH access.
This is a small tutorial, which will show you how to set up a local Raspberry to serve as a so-called SOCKS 5 proxy-server for your local network. The Raspberry itself will connect to a remote server, which will then make the requests to other Internet servers with it’s own IP, thus masquerading the original requestor’s.
All computers on your local network can be configured to connect to the Raspberry, so they all can share the same connection to the remote server.
Full article here:
Raspberry Pi SOCKS 5 Proxy Server (AKA browse the web with an IP from a different country) (pi3g Blog)
When using ssh -D to setup a socks proxy, DNS queries and DNS traffic are not sent through the ssh tunnel. However, with Firefox a config change can be made to send DNS traffic through the ssh tunnel. Here’s how it works!
Full article here:
Tunnel DNS through ssh -D socks proxy (scottlinux.com)
Quoting from the article:
On my desktop I use Xubuntu 12.04, and today i noticed that this distribution shipped by default the Zeitgeist daemon, a thing that I’m not using at all, for what i know.
From Wikipedia:
Zeitgeist is a service which logs the users’s activities and events, anywhere from files opened to websites visited and conversations. It makes this information readily available for other applications to use in form of timelines and statistics. It is able to establish relationships between items based on similarity and usage patterns by applying data association algorithms such as “Winepi” and “A Priori”
Zeitgeist is the main engine and logic behind GNOME Activity Journal which is currently seen to become one of the main means of viewing and managing activities in GNOME version 3.0
Personally i don’t use any tool that use the Zeitgeist Framework and I’d prefer to open a terminal and use locate or find to search for files than having something that log all my activity and so slow down my system, so I’ve decided to remove this daemon totally from my system, please note that if you use Gnome 3 or Unity you could have some side effect, or perhaps the system will just become more faster, like the author of the article: Removing Zeitgeist Sped Up Unity .
Just remember that the information collected by Zeitgeist are stored for use in various forms in Unity: showing what were the last application you used, what are the applications you use most, which are the files that were used lately, the music you listen, among many other aspects. If you think you can live without these information probably your system will gain a good sped up.
The remainder of the article at Linuxaria gives provides the actual removal instructions.
These are from an interesting site called Make Tech Easier, listed in order from oldest to newest:
Around 2 years ago I wrote an article about fail2ban.
Fail2ban is an intrusion prevention framework written in the Python programming language. It is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally (such as, iptables or TCP Wrapper).
Fail2ban’s main function is to block selected IP addresses that may belong to hosts that are trying to breach the system’s security. It determines the hosts to be blocked by monitoring log files (e.g. /var/log/pwdfail, /var/log/auth.log, etc.) and bans any host IP that makes too many login attempts or performs any other unwanted action within a time frame defined by the administrator.
Today I want to show you some configurations that you can use to improve the security of your Apache.
Read the rest here:
How to protect Apache with Fail2ban (Linuxaria)
There are probably at least two or three things on this list that you use almost every day, and some of you may use all of them:
10 Annoying Apps We’re All Stuck Using (and How to Make Them Better) (Lifehacker)
From the CentOS Wiki comes this list of suggestions for Securing OpenSSH. Most, if not all of them will work on other Linux distros as well.
GiottoPress by Enrique Chavez
Recent Comments