Allow macOS blocked system extension remotely

Now for something completely different, a rather peculiar problem I had with macOS Gatekeeper which I would like to share and potentially save you a lot of time. Besides all hours at the office, I work remotely a lot and recently I had a project where huge amounts of data had to be transported to…

Continue Reading

Debian DirectAdmin installation – SSL

A bit more on security. I don’t know if it’s normal but getting SSL going was a bit more complicated as one would have expected, but certainly doable from the CLI. What I’m also explaining below, is how to prevent (new) users from logging in via SSH on your DirectAdmin server. This is somewhat default…

Continue Reading

Debian DirectAdmin installation – Firewall followup

Our basis for DirectAdmin is pretty secure now after installing the firewall and AppArmor. Check out this followup though. After the CSF/LFD firewall installation on Debian, we also need to tweak some essential settings from the DirectAdmin console. It’s not too complicated, but nevertheless important. You can now login at https://yourserver.yourdomain.com:2222 with the credentials that…

Continue Reading

Debian DirectAdmin installation – AppArmor

This is a great followup on the previous firewall post: getting AppArmor to play nice with DirectAdmin and secure it some more. AppArmor has been subject of one or more posts before but since this some while ago, I’ll start with the basics how to set it up. It’s like SELinux, which I like a…

Continue Reading

Debian DirectAdmin installation – Firewall

After a couple of easy ones, now a bit more work. To secure our DirectAdmin enabled server, we’re installing the CSF/LFD Firewall by Configserver which has DirectAdmin special software. I must say, I’m using CSF/LFD now for a couple of months, and have a love / hate relationship with it. On the one hand it…

Continue Reading

Linux security system scans

Roaming around the internet you’ll discover A LOT of systems and services that can check your systems for security holes and improvements. These scans can help you a lot by giving you more insight in your security. I’ve already mentioned some before, but always keep searching for alternatives. In the last couple of months I’ve…

Continue Reading

CSF / LFD regular expressions

In my last post I talked about two additions on my existing CSF / LFD configurations. The first one was a more transparent approach to the login failure deamon. The second one is regular expressions to stop malicious IPs that aren’t being stopped via the build-in mechanism. Simply put: not all attacks are recognized as…

Continue Reading

CSF / LFD brute force settings

Not too long ago I wrote about being pretty happy with CSF / LFD as a replacement for my firewalld or ufw firewall. Using it for a while now, there are two additions I want to make. The first addition is a more granular and universal approach to the brute force mechanism (the LFD part,…

Continue Reading

CSF / LFD Firewall and Security on Debian 9

For my work I had to setup a DirectAdmin server (which was a great pain to setup perfect) and I was bothered by enormous amounts of brute force attempts, mostly on Exim ports. First thing on the agenda was of course look for a way to block these fuckers and in comes the CSF /LFD…

Continue Reading

Security headers in HTML site

I’ve written about the wonderful mechanism of securing your WordPress site a bit more with Security Headers before. I still think it’s pretty awesome, all these small things to make your site a bit more secure. Well, now I needed these headers for a one page HTML site. It’s definitely not hard but you just…

Continue Reading

SELinux deep dive

At the start of my Linux adventure, I’ve read a lot about installing software xyz and then of course tried it myself. What I thought was odd, was that so many guides advocate to disable SELinux. I didn’t even understand what SELinux was at the time, but I did know it was a security mechanism….

Continue Reading

Linux random security related stuff

Security. A couple of points I came across in the last couple of weeks. Some random ramblings really, how to make your Linux server (I myself am running CentOS 7.4 server) a bit more secure. There are way more elaborate posts on this blog, but every little bit counts. Since this year I have a…

Continue Reading

Cleaning unneeded kernel images on CentOS 7.4

Running OpenVAS I was shocked about a couple of high security warnings. Closer inspection thought me I had an old kernel that was vulnerable against attacks. I immediately ran yum update but there was nothing to update. Huh? A uname -r and I was relieved: I was actually up to date, but looking in /boot…

Continue Reading

Install OpenVAS on Fedora 26

After a lot of security related installations and modifications on my test server, I want to test if it is indeed secure. A couple of online scanners were discussed here and here for example, but I want to take it a few steps further. I came across OpenVAS in a training video and will be…

Continue Reading

Securing SSL / HTTPS

Securing SSL and HTTPS might seem like a contradiction to you, because SSL and HTTPS are secure right? Well, not entirely and always. There are some awesome tools out there that will get your website from an F to an A+. Check this out. This is a good example of always being on top of…

Continue Reading