Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [security]

For questions relating to application security and attacks against software. Please don't use this tag alone, that results in ambiguity. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. If your question is not about a specific programming problem, please consider instead asking it at Information Security SE

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

Resources

6881 questions
64
votes
13 answers

Linux: productive sysadmins without root (securing intellectual property)?

Is there any way to make a seasoned Linux syadmin productive without giving him full root access? This question comes from a perspective of protecting intellectual property (IP), which in my case, is entirely code and/or configuration files (i.e.…
Matt
  • 1,047
  • 2
  • 14
  • 20
63
votes
9 answers

Is it OK to set up passwordless `sudo` on a cloud server?

I love the idea of accessing servers via keys, so that I don't have to type in my password every time I ssh into a box, I even lock my user's (not root) password (passwd -l username) so it's impossible to log in without a key. But all of this…
Dmitry Pashkevich
  • 713
  • 1
  • 5
  • 11
61
votes
8 answers

Why would I need a firewall if my server is well configured?

I admin a handful of cloud-based (VPS) servers for the company I work for. The servers are minimal ubuntu installs that run bits of LAMP stacks / inbound data collection (rsync). The data is large but not personal, financial or anything like that…
Aitch
  • 1,179
  • 8
  • 14
60
votes
2 answers

What Should be the Permissions of Apache SSL Directory, Certificate, and Key?

I have my cert.pem and cert.key files in /etc/apache2/ssl folders. What would be the most secure permissions and ownership of: /etc/apache2/ssl directory /etc/apache2/ssl/cert.pem file /etc/apache2/ssl/cert.key file (Ensuring https:// access…
JP19
59
votes
6 answers

Reinstall after a Root Compromise?

After reading this question on a server compromise, I started to wonder why people continue to seem to believe that they can recover a compromised system using detection/cleanup tools, or by just fixing the hole that was used to compromise the…
Zoredache
  • 130,897
  • 41
  • 276
  • 420
59
votes
40 answers

How do you manage your passwords?

Obviously seeing as how many of us here are system administrator type people, we have a lot of passwords strung out across numerous systems and accounts. Some of them are low priority, others could cause serious harm to a company if discovered…
DWilliams
  • 953
  • 2
  • 20
  • 29
58
votes
10 answers

Why not block ICMP?

I think I almost have my iptables setup complete on my CentOS 5.3 system. Here is my script... # Establish a clean slate iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -F # Flush all rules iptables -X # Delete…
Agvorth
  • 2,459
  • 4
  • 29
  • 29
56
votes
2 answers

Mysterious visitor to hidden PHP page

On my website, I have a "hidden" page that displays a list of the most recent visitors. There exist no links at all to this single PHP page, and, theoretically, only I know of its existence. I check it many times per day to see what new hits I…
Bill
  • 603
  • 6
  • 12
54
votes
2 answers

Why do I have to edit /etc/sudoers with visudo?

I've noticed that the sudoers file and cron config files act in a special way compared to other config files on Linux. They need to be edited with a special wrapper rather than any text editor. Why is this?
Brian Lyttle
  • 1,757
  • 1
  • 17
  • 17
54
votes
7 answers

Is it okay to use a SSH key with an empty passphrase?

When I first learned how to make ssh keys, the tutorials I read all stated that a good passphrase should be chosen. But recently, when setting up a daemon process that needs to ssh to another machine, I discovered that the only way (it seems) to…
mozillalives
  • 1,003
  • 2
  • 9
  • 9
52
votes
6 answers

How useful is mounting /tmp noexec?

Many people (including the Securing Debian Manual) recommend mounting /tmp with the noexec,nodev,nosuid set of options. This is generally presented as one element of a 'defense-in-depth' strategy, by preventing the escalation of an attack that lets…
Phil Miller
  • 1,755
  • 1
  • 12
  • 17
52
votes
19 answers

The IT Manager is Leaving - What do I lockdown?

The IT Manager may be leaving, and it's possible that the parting of ways may not be completely civil. I wouldn't really expect any malice but just in case, what do I check, change or lock down? Examples: Admin passwords Wireless passwords VPN…
Marko Carter
  • 4,092
  • 1
  • 30
  • 38
51
votes
4 answers

Linux: set up for remote sysadmin

Every now and then I get the odd request to provide remote support, troubleshooting and/or performance tuning on Linux systems. Larger companies often already have well established procedures to provide remote access to vendors/suppliers and I only…
HBruijn
  • 77,029
  • 24
  • 135
  • 201
51
votes
14 answers

Preventing brute force attacks against ssh?

What tool or technique do you use to prevent brute force attacks against your ssh port. I noticed in my Security logs, that I have millions of attempts to login as various users through ssh. This is on a FreeBSD box, but I imagine it would be…
grieve
  • 1,547
  • 3
  • 17
  • 18
50
votes
6 answers

How to check that an OpenVPN server is listening on a remote port without using OpenVPN client?

I need to check that an OpenVPN (UDP) server is up and accessible on a given host:port. I only have a plain Windows XP computer with no OpenVPN client (and no chance to install it) and no keys needed to connect to the server - just common WinXP…
Ivan
  • 3,398
  • 19
  • 50
  • 71
1 2 3
99 100