Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [security]

For questions relating to application security and attacks against software. Please don't use this tag alone, that results in ambiguity. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. If your question is not about a specific programming problem, please consider instead asking it at Information Security SE

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

Resources

6881 questions
50
votes
6 answers

SSL for devices in local network

Initial question We make devices which run a webserver and the user can control some functionality of the device by browsing directly to the IP of the device. This can be a fixed IP when a direct WiFi or ethernet connection is used but in most cases…
Daan Pape
  • 601
  • 1
  • 4
  • 5
49
votes
8 answers

Are zipped EXE files harmless for Linux servers?

I ran a malware scanner on my site, and it marked a bunch of zipped EXE files as potential risk files (these files got uploaded by users). Since I'm able to uncompress the files on my Mac I assume these are real ZIP files and not just something like…
Xavin
  • 592
  • 4
  • 8
48
votes
2 answers

Why was I able to delete a file owned by root in my home directory without being root?

So I was doing some maintenance on my server earlier today and noticed I was able to delete a file owned by root in my home directory. I was able to reproduce a sample: [cbennett@nova ~/temp]$ ls -al total 8 drwxrwxr-x. 2 cbennett cbennett 4096 Oct…
Carl Bennett
  • 783
  • 3
  • 7
  • 14
48
votes
8 answers

What are best practices for managing SSH keys in a team?

I work with small teams (<10) of developers and admins with the following characteristics: Most members of the team have >1 personal computer, most of which are portable Team members have access to 10-50 servers, usually with sudo I think this is…
Evan Prodromou
  • 757
  • 1
  • 6
  • 9
47
votes
6 answers

How do you avoid network conflict with VPN internal networks?

While there's a wide variety of private non-routable networks across 192.168/16 or even 10/8, sometimes in being thoughtful of potential conflict, it still occurs. For example, I set up an installation OpenVPN once with the internal VPN network on…
jtimberman
  • 7,587
  • 2
  • 34
  • 42
46
votes
4 answers

Ansible security best practices

I am going to introduce Ansible into my data center, and I'm looking for some security best practice on where to locate the control machine and how to manage the SSH keys. Question 1: the control machine We of course need a control machine. The…
Mat
  • 1,873
  • 7
  • 25
  • 41
46
votes
6 answers

Is it safe for a production server to have make installed?

During the setup of my virtual server instances I require some applications to be built using make. Are there any security risks associated with having make installed? Or should I clean it up before the instance is deployed? I also have the gcc…
S-K'
  • 1,301
  • 3
  • 11
  • 15
44
votes
9 answers

How to hide a password passed as command line argument?

I'm running a software daemon that requires for certain actions to enter a passphrase to unlock some features which looks for example like that: $ darkcoind masternode start Now I got some security concerns on my headless debian…
q9f
  • 640
  • 3
  • 10
  • 21
44
votes
3 answers

What's best practice for communication between Amazon EC2 instances?

I've been setting up Amazon EC2 instances for an upcoming project. They are all micro instances, running Ubuntu Server 64bit. Here's what I've setup so far: Web Server -- Apache Database Server -- MySQL Development Server -- Apache & MySQL File…
ks78
  • 849
  • 2
  • 10
  • 20
43
votes
5 answers

User per virtual host in Nginx

Is it possible in nginx configure different user per virtual host? Something like server { user myprojectuser myprojectgroup; ... }
Alex Netkachov
  • 585
  • 1
  • 6
  • 9
43
votes
2 answers

Can someone please explain Windows Service Principle Names (SPNs) without oversimplifying?

I have wrestled with service principle names a few times now and the Microsoft explanation is just not sufficient. I am configuring an IIS application to work on our domain and it looks like some of my issues are related to my need to configure http…
Chris Magnuson
  • 3,771
  • 10
  • 42
  • 46
42
votes
4 answers

I updated my CentOS 7 system. Why is Meltdown/Spectre only partially mitigated?

Like many of us, I spent yesterday updating a whole lot of systems to mitigate the Meltdown and Spectre attacks. As I understand it, it is necessary to install two packages and…
Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
42
votes
4 answers

Allow linux root user mysql root access without password

On cPanel when I am logged in as root and type "mysql" without hostname and password it gives me direct access to mysql root user. I would like to do this for one of my non-cpanel server where the linux root user gets password less logon to mysql…
user1066991
  • 481
  • 2
  • 5
  • 6
41
votes
6 answers

Avoid to keep command in history

I use bash and I would like to avoid some commands being kept in the history. Is it possible to do that for the next command only? Is it possible to do that for the entire session?
Luc M
  • 3,110
  • 4
  • 26
  • 27
41
votes
7 answers

Reasons to disable / enable SELinux

In the line of this question on StackOverflow and the completely different crowd we have here, I wonder: what are your reasons to disable SELinux (assuming most people still do)? Would you like to keep it enabled? What anomalies have you experienced…
wzzrd
  • 10,409
  • 2
  • 35
  • 47
1 2 3
99 100