Correct SSH Directory permissions
- Feb
- 27
If you are trying to setup Public-Key Authentication and see this error in the logs: Authentication refused: bad ownership or modes for directory Your problem is related to permissions and/or ownership. The following commands on the user account you are trying to setup should fix the problem: chmod go-w ~/ chmod 700 ~/.ssh chmod 600 […]
read moreDenyhosts Assists
- Apr
- 10
Every so often a legitimate user will get blocked by deny hosts. When this happens you can re-enable their access with these 8 simple steps (UPDATE: or use the faster version, see below): Stop DenyHosts # service denyhosts stop Remove the IP address from /etc/hosts.deny Edit /var/lib/denyhosts/hosts and remove the lines containing the IP address. […]
read moreSSH – weak ciphers and mac algorithms
- Jun
- 25
A security scan turned up two SSH vulnerabilities: SSH Server CBC Mode Ciphers Enabled SSH Weak MAC Algorithms Enabled To correct this problem I changed the /etc/sshd_config file to: # default is aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, # aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, # aes256-cbc,arcfour # you can removed the cbc ciphers by adding the line Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour # default is hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 # […]
read morePicking a Strong Password
- Apr
- 26
Not sure of the origin of this but it is a great explanation of what makes a great password and why.
read morePutting ‘lsof’ to use
- Apr
- 19
lsof is a powerful tool that has proven very userful over the years in troubleshooting and forensic investigations. Here are some useful lsof command examples: In this example we are looking at all the files a given process has open (pid=1655 here this is the zabbix agent) lsof -p 1767 Note you can clean up […]
read moreNBC site redirecting to Exploit kit
- Feb
- 24
We became aware that the NBC[.]com website is redirecting to malicious websites that contains exploit kit. At this point it seems like most of the pages contains an iframe that is redirecting to the first stage of the RedKit exploit kit. Some twitter users are already poiting out some of these bad pages. Some of […]
read moreAaron Swartz suicide sparks Anonymous to hack US Government Sites
- Jan
- 27
Hackers working under the name of the Anonymous hacktivist collective hit a U.S. government website on Saturday, replacing its home page with a 1,340 word text detailing its frustrations with the way the American legal system works and a threat to release “secrets” gathered from U.S. government websites. The website of the U.S. Sentencing Commission, […]
read more