Category Archives: Security

Auditing Linux system security using lynis

Lynis is a security auditing tool for UNIX and Linux based systems. It performs a security scan on the system and provides suggestions for best practices for system hardening. The report from lynis shows a lot of suggestions to harden … Continue reading

Posted in Security | Tagged , , | Leave a comment

Apache document root in users home directory with SELinux

Serving web-content from a user’s home directory allows the user to conveniently upload files. By default, the apache configuration in many Linux distributions assumes content is uploaded to a single directory owned by the webserver’s user, but it might be … Continue reading

Posted in Security, Web technologies | Tagged , , , | Comments Off on Apache document root in users home directory with SELinux

Create GnuPG key with sub-keys to sign, encrypt, authenticate

In order to use a GnuPG key on a smartcard or Yubikey, a GnuPG key needs to be created. This post will show you how to create a GnuPG key with sub-keys for signing, encryption and authentication. The authentication key can … Continue reading

Posted in Encryption, Security | Tagged , , , , , , | Comments Off on Create GnuPG key with sub-keys to sign, encrypt, authenticate

apt – install the package that contains a specific file

Sometimes a command that you execute complains about a dependency being missing on the system. From the file name in the error message it is often not possible to know exactly which package needs to be installed to resolve the … Continue reading

Posted in Linux Administration, Security | Tagged , , , , , , , | Comments Off on apt – install the package that contains a specific file

Increase the size of a LUKS encrypted partition

Even encrypted discs or partitions sometimes need to have their size increased. A LUKS encrypted volume consists of different layers which all need to be resized. To resize an encrypted volume, multiple steps have to be performed to use the additional … Continue reading

Posted in Encryption, Linux Administration, Security | Tagged , , , , , | Comments Off on Increase the size of a LUKS encrypted partition

Certificate Transparency and unauthorized certificates

I own a domain which was bought a few months back which is managed by CloudFlare’s service in DNS-only mode. As I intended to only use CloudFlare’s DNS service, I disabled every option except the DNS related features. You can imagin the surprise to see certificates issued for my domain without my knowledge. Continue reading

Posted in Security, Web technologies | Tagged , , , , , | 1 Comment

Verifying SSH configuration with a scan

Managing a number of Linux servers and keeping them secure can be a challenge. Certain tools can make the life of an admin a lot easier. To ensure an ssh daemon complies with a desired security configuration the admin can use a scanner … Continue reading

Posted in Linux Administration, Security | Tagged , , , | Comments Off on Verifying SSH configuration with a scan

Debug SSH Connection issue in key exchange

Securing a server means hardening the SSH server settings, but doing so can also cause issues with ssh clients. Finding the cipher or algorithm causing a failled connection can be tricky. Depending on the client used, the error message might be very … Continue reading

Posted in Linux Administration, Security | Tagged , , , , | Comments Off on Debug SSH Connection issue in key exchange

Automount a luks encrypted volume on system start

Linux supports encrypted volumes with luks. When a luks encrypted volume is set up during installation to be booted from, the volume is already configured and set up. When an encrypted volume is set up afterwards, the volume remains locked until … Continue reading

Posted in Encryption, Linux Administration, Security | Tagged , , , , , , | Comments Off on Automount a luks encrypted volume on system start

Harden SSH server settings

Many Linux Administrators use ssh on a daily basis. Many of the ssh servers are in their default configuration. Not changing the default configuration puts the security of the server at risk. That is why it is important to follow a few … Continue reading

Posted in Linux Administration, Security | Tagged , , , | Comments Off on Harden SSH server settings