Language Selection

English French German Italian Portuguese Spanish

felosi's blog

How to install ffmpeg on centos/rhel, The simple way!

Filed under
Howtos

Easy way to get ffmpeg going on your box. Source : http://nix101.com/2007/06/07/how-to-install-ffmpeg-on-centosrhel/

Quick way to stop apache and connect floods with csf

Filed under
Howtos

Quick and simple way to mitigate small to large apache floods. source : http://nix101.com

Grsecurity Patched Kernel Install Script For Redhat based Pentium 4 servers

Filed under
Howtos

After a lil work getting the config right for s hosting/shell server I finally came up with the script that will patch, compile, and install the gresecurity patched kernel. You just run the shell script and it will download the kernel and patch, patch the kernel, download the config, and then compile and install.

The config I got made up is for Pentium4/Xeon/Celeron based servers.

Looking for people to share server with

Filed under
Just talk

The last few months I have been using a server for security research, kernel testing, mod security rules testing, firewalls, dos protection, you name it. As well as to host my ircd and site. We basically have the server for development and testing although it is ran just like any other hosting server. In order to do the research we do we must keep a server.

Cpanel Wins for Security, A Short Review

Filed under
Reviews

This is a short review I wanted to write about cpanel. I never have been the greatest fan of it since it is only compatible with apache1 and all but after using other control panels I realized how secure and practical cpanel is for a multiple user server and hosting enviorment.
Read it here http://www.evolution-security.com/modules.php?name=News&file=article&sid=291

CentOS and Redhat, Best for the Server

Filed under
Reviews

Short review of CentOS and Red Hat and how Ubuntu is not gonna push anyone out of the server and enterprise market especially these two.

Fix Apf ipt_state error on new kernels

Filed under
Howtos

For those using apf on the new kernels and getting ipt_state error, since 2.6.15 they changed the name of them kernel modules and apf does not recognize them. Do not enable monokern as some people suggest, this will screw up your passive ftp and will not work good

GrSecurity Kernel Script

Filed under
Howtos

GrSecurity kernel upgrade and patch script. Downloads the 2.6.17.7 kernel and the latest grsecurity patch and then unpacks and patches the kernel, after that it tells you what to do next.

Mod Security rules.

Filed under
Howtos

After extenisve testing I have found what I think are the best mod security rules you can have for a basic server with average php scripts.

Quick Guide to Securing a Lamp Server

Filed under
Howtos

In the last few years on the Internet the price of dedicated servers have went down and more people are beginning to use them for their sites, game servers, or small hosting companies. With this comes as I was talking about in my last article inexperienced admins. Lots of people I spoke too are too intimated by the linux shell and try to administer their server completely from the control panel.

HOWTO: Installing Grsecurity patched kernel in debian/ubuntu

Filed under
Howtos

Walkthrough for compiling and installing grsecurity patched kernel on debian based systems.

first post- kernels and whatnot

Filed under
News

Well I signed up at the site after I seen they posted on of my howtos which I am thankful for. It was the one on the grsecurity patched kernel. I think it should help quite a few people as there are so many local root exploits out now and most distro's security and dev teams are doing nothing about it.

Syndicate content

More in Tux Machines

Security Leftovers

  • Security updates for Thursday
  • Security Tips for Installing Linux on Your SysAdmin Workstation
    Once you’ve chosen a Linux distro that meets all the security guidelines set out in our last article, you’ll need to install the distro on your workstation.
  • Fedora 26 crypto policy Test Day today (2017-03-30)!
  • Open-source developers targeted in sophisticated malware attack
    For the past few months, developers who publish their code on GitHub have been targeted in an attack campaign that uses a little-known but potent cyberespionage malware. The attacks started in January and consisted of malicious emails specifically crafted to attract the attention of developers, such as requests for help with development projects and offers of payment for custom programming jobs. The emails had .gz attachments that contained Word documents with malicious macro code attached. If allowed to execute, the macro code executed a PowerShell script that reached out to a remote server and downloaded a malware program known as Dimnie.
  • A scramble at Cisco exposes uncomfortable truths about U.S. cyber defense
    When WikiLeaks founder Julian Assange disclosed earlier this month that his anti-secrecy group had obtained CIA tools for hacking into technology products made by U.S. companies, security engineers at Cisco Systems (CSCO.O) swung into action. The Wikileaks documents described how the Central Intelligence Agency had learned more than a year ago how to exploit flaws in Cisco's widely used Internet switches, which direct electronic traffic, to enable eavesdropping. Senior Cisco managers immediately reassigned staff from other projects to figure out how the CIA hacking tricks worked, so they could help customers patch their systems and prevent criminal hackers or spies from using the same methods, three employees told Reuters on condition of anonymity.
  • NTPsec: a Secure, Hardened NTP Implementation
    Network time synchronization—aligning your computer's clock to the same Universal Coordinated Time (UTC) that everyone else is using—is both necessary and a hard problem. Many internet protocols rely on being able to exchange UTC timestamps accurate to small tolerances, but the clock crystal in your computer drifts (its frequency varies by temperature), so it needs occasional adjustments. That's where life gets complicated. Sure, you can get another computer to tell you what time it thinks it is, but if you don't know how long that packet took to get to you, the report isn't very useful. On top of that, its clock might be broken—or lying. To get anywhere, you need to exchange packets with several computers that allow you to compare your notion of UTC with theirs, estimate network delays, apply statistical cluster analysis to the resulting inputs to get a plausible approximation of real UTC, and then adjust your local clock to it. Generally speaking, you can get sustained accuracy to on the close order of 10 milliseconds this way, although asymmetrical routing delays can make it much worse if you're in a bad neighborhood of the internet.
  • Zelda Coatings
    I assume that every permutation of scams will eventually be tried; it is interesting that the initial ones preyed on people's avarice and dishonesty: "I will transfer millions to your bank account, then you share with me" - with subsequent scams appealing to another demographic: "I want to donate a large sum to your religious charity" - to perhaps capture a more virtuous but still credulous lot. Where will it end ?

Tizen and Android

Linux and Linux Foundation

Mesa and Intel Graphics