Security Archives - Experiencing Technology https://blog.tinned-software.net/category/security/ Tinned-Software Blog Tue, 20 Feb 2024 21:38:58 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 FIDO2 security key management via commandline https://blog.tinned-software.net/fido2-security-key-management-via-commandline/ Tue, 20 Feb 2024 21:38:58 +0000 https://blog.tinned-software.net/?p=2969 FIDO2 Security keys are starting to take off. Many online services use support them ad the number is growing every day. At this point it seems FIDO Security keys are the way forward. FIDO2 being the second iteration of the … Continue reading

The post FIDO2 security key management via commandline appeared first on Experiencing Technology.

Related posts:

  1. What’s the fuss about FIDO
  2. Secure authentication and how it changed over time
  3. Harden SSH server settings
]]> What’s the fuss about FIDO https://blog.tinned-software.net/whats-the-fuss-about-fido/ Sat, 28 Oct 2023 20:58:14 +0000 https://blog.tinned-software.net/?p=2958 So many discussions are everywhere about FIDO, so what is all that fuss about? Lets look into why FIDO is argued to be the next big thing in authentication. Before getting into it, let me say thanks to all the … Continue reading

The post What’s the fuss about FIDO appeared first on Experiencing Technology.

Related posts:

  1. Secure authentication and how it changed over time
  2. Harden SSH server settings
  3. Verifying SSH configuration with a scan
]]> Secure authentication and how it changed over time https://blog.tinned-software.net/secure-authentication-and-how-it-changed-over-time/ Thu, 13 Jul 2023 19:38:25 +0000 https://blog.tinned-software.net/?p=2939 For decades, users have authenticated on systems with usernames and passwords. This method of authentication has not changed since the beginning of the Internet. As the Internet became a more hostile place and threats emerged, password rules were introduced. Those … Continue reading

The post Secure authentication and how it changed over time appeared first on Experiencing Technology.

Related posts:

  1. Create a luks encrypted partition on Linux Mint
  2. Automount a luks encrypted volume on system start
  3. Create GnuPG key with sub-keys to sign, encrypt, authenticate
]]> Setup sftp only account using openssh and ssh-key https://blog.tinned-software.net/setup-sftp-only-account-using-openssh-and-ssh-key/ Mon, 07 Jan 2019 22:06:53 +0000 https://blog.tinned-software.net/?p=2674 There are different ways to lock a user into his home directory. A very special case is to grant sftp-only access, which does not require a full chroot jail to be set up. The sftp subsystem built into openssh allows … Continue reading

The post Setup sftp only account using openssh and ssh-key appeared first on Experiencing Technology.

Related posts:

  1. Restrict Linux User to SCP to his home directory
  2. Debug SSH Connection issue in key exchange
  3. SSH passwordless login with SSH-key
]]> Docker container on RHEL fails to start without error https://blog.tinned-software.net/docker-container-on-rhel-fails-to-start-without-error/ Mon, 23 Jul 2018 10:27:03 +0000 https://blog.tinned-software.net/?p=2638 Recently a Docker container refused to start for me without any hint about why in the OS or Docker container’s logs. It turns out that SELinux jumped in and blocked access without logging its interference. Containers which were running in … Continue reading

The post Docker container on RHEL fails to start without error appeared first on Experiencing Technology.

Related posts:

  1. yum – install package that contains a specific file
  2. Change SSH port in CentOS with SELinux
  3. Set up apache and the log path with SELinux
]]> Set the iLO password from Linux using hponcfg https://blog.tinned-software.net/set-the-ilo-password-from-linux-using-hponcfg/ Mon, 25 Jun 2018 19:30:03 +0000 https://blog.tinned-software.net/?p=2568 No matter if you are looking for a way to manage the iLO settings from the Linux command line or just have lost or forgotten the iLO password, as long as you have access to the Linux system running on … Continue reading

The post Set the iLO password from Linux using hponcfg appeared first on Experiencing Technology.

Related posts:

  1. SSH passwordless login with SSH-key
  2. Manage SSH-keys with the SSH-agent
  3. Verifying SSH configuration with a scan
]]> Manage SELinux boolean policies https://blog.tinned-software.net/manage-selinux-boolean-policies/ Mon, 05 Mar 2018 08:58:37 +0000 https://blog.tinned-software.net/?p=2515 Configuring a new service often means dealing with SELinux. The easiest way is most of the time to set an SELinux boolean. But what are SELiunx booleans and what exactly do they do? I will try to shed a little … Continue reading

The post Manage SELinux boolean policies appeared first on Experiencing Technology.

Related posts:

  1. Change SSH port in CentOS with SELinux
  2. yum – install package that contains a specific file
  3. Set up apache and the log path with SELinux
]]> Auditing Linux system security using lynis https://blog.tinned-software.net/auditing-linux-system-security-using-lynis/ Mon, 08 Jan 2018 06:29:31 +0000 https://blog.tinned-software.net/?p=2511 Lynis is a security auditing tool for UNIX and Linux based systems. It performs a security scan on the system and provides suggestions for best practices for system hardening. The report from lynis shows a lot of suggestions to harden … Continue reading

The post Auditing Linux system security using lynis appeared first on Experiencing Technology.

Related posts:

  1. Harden SSH server settings
  2. Verifying SSH configuration with a scan
  3. Debug SSH Connection issue in key exchange
]]> Apache document root in users home directory with SELinux https://blog.tinned-software.net/apache-document-root-in-users-home-directory-with-selinux/ Mon, 11 Dec 2017 14:37:40 +0000 https://blog.tinned-software.net/?p=2525 Serving web-content from a user’s home directory allows the user to conveniently upload files. By default, the apache configuration in many Linux distributions assumes content is uploaded to a single directory owned by the webserver’s user, but it might be … Continue reading

The post Apache document root in users home directory with SELinux appeared first on Experiencing Technology.

Related posts:

  1. Set up apache and the log path with SELinux
  2. SELinux allow webserver to send email
  3. Change SSH port in CentOS with SELinux
]]> Create GnuPG key with sub-keys to sign, encrypt, authenticate https://blog.tinned-software.net/create-gnupg-key-with-sub-keys-to-sign-encrypt-authenticate/ Mon, 10 Jul 2017 08:47:13 +0000 https://blog.tinned-software.net/?p=2385 In order to use a GnuPG key on a smartcard or Yubikey, a GnuPG key needs to be created. This post will show you how to create a GnuPG key with sub-keys for signing, encryption and authentication. The authentication key can … Continue reading

The post Create GnuPG key with sub-keys to sign, encrypt, authenticate appeared first on Experiencing Technology.

Related posts:

  1. Create a luks encrypted partition on Linux Mint
  2. Automount a luks encrypted volume on system start
  3. Increase the size of a LUKS encrypted partition
]]> apt – install the package that contains a specific file https://blog.tinned-software.net/apt-install-the-package-that-contains-a-specific-file/ Mon, 19 Jun 2017 11:29:30 +0000 https://blog.tinned-software.net/?p=2372 Sometimes a command that you execute complains about a dependency being missing on the system. From the file name in the error message it is often not possible to know exactly which package needs to be installed to resolve the … Continue reading

The post apt – install the package that contains a specific file appeared first on Experiencing Technology.

Related posts:

  1. Automount a luks encrypted volume on system start
  2. Install HP ProLiant Management Utilities
  3. SSH passwordless login with SSH-key
]]> Increase the size of a LUKS encrypted partition https://blog.tinned-software.net/increase-the-size-of-a-luks-encrypted-partition/ Mon, 08 May 2017 16:24:45 +0000 https://blog.tinned-software.net/?p=2431 Even encrypted discs or partitions sometimes need to have their size increased. A LUKS encrypted volume consists of different layers which all need to be resized. To resize an encrypted volume, multiple steps have to be performed to use the additional … Continue reading

The post Increase the size of a LUKS encrypted partition appeared first on Experiencing Technology.

Related posts:

  1. Create a luks encrypted partition on Linux Mint
  2. Automount a luks encrypted volume on system start
  3. Create GnuPG key with sub-keys to sign, encrypt, authenticate
]]> Certificate Transparency and unauthorized certificates https://blog.tinned-software.net/certificate-transparency-and-unauthorized-certificates/ https://blog.tinned-software.net/certificate-transparency-and-unauthorized-certificates/#comments Mon, 06 Mar 2017 09:47:09 +0000 https://blog.tinned-software.net/?p=2379 I own a domain which was bought a few months back which is managed by CloudFlare's service in DNS-only mode. As I intended to only use CloudFlare's DNS service, I disabled every option except the DNS related features. You can imagin the surprise to see certificates issued for my domain without my knowledge. Continue reading

The post Certificate Transparency and unauthorized certificates appeared first on Experiencing Technology.

Related posts:

  1. Migrate WordPress site with minimal downtime
  2. Apache document root in users home directory with SELinux
  3. Reverse proxy with exception for Let’s Encrypt
]]> https://blog.tinned-software.net/certificate-transparency-and-unauthorized-certificates/feed/ 1 Verifying SSH configuration with a scan https://blog.tinned-software.net/verifying-ssh-configuration-with-a-scan/ Mon, 23 Jan 2017 10:20:04 +0000 https://blog.tinned-software.net/?p=2281 Managing a number of Linux servers and keeping them secure can be a challenge. Certain tools can make the life of an admin a lot easier. To ensure an ssh daemon complies with a desired security configuration the admin can use a scanner … Continue reading

The post Verifying SSH configuration with a scan appeared first on Experiencing Technology.

Related posts:

  1. Harden SSH server settings
  2. Debug SSH Connection issue in key exchange
  3. Subversion via ssh using authorized_keys
]]> Debug SSH Connection issue in key exchange https://blog.tinned-software.net/debug-ssh-connection-issue-in-key-exchange/ Mon, 02 Jan 2017 09:41:21 +0000 https://blog.tinned-software.net/?p=2284 Securing a server means hardening the SSH server settings, but doing so can also cause issues with ssh clients. Finding the cipher or algorithm causing a failled connection can be tricky. Depending on the client used, the error message might be very … Continue reading

The post Debug SSH Connection issue in key exchange appeared first on Experiencing Technology.

Related posts:

  1. Harden SSH server settings
  2. Verifying SSH configuration with a scan
  3. SSH passwordless login with SSH-key
]]> Automount a luks encrypted volume on system start https://blog.tinned-software.net/automount-a-luks-encrypted-volume-on-system-start/ Mon, 12 Dec 2016 07:21:58 +0000 https://blog.tinned-software.net/?p=2273 Linux supports encrypted volumes with luks. When a luks encrypted volume is set up during installation to be booted from, the volume is already configured and set up. When an encrypted volume is set up afterwards, the volume remains locked until … Continue reading

The post Automount a luks encrypted volume on system start appeared first on Experiencing Technology.

Related posts:

  1. Create a luks encrypted partition on Linux Mint
  2. Increase the size of a LUKS encrypted partition
  3. apt – install the package that contains a specific file
]]> Harden SSH server settings https://blog.tinned-software.net/harden-ssh-server-settings/ Mon, 31 Oct 2016 08:17:09 +0000 https://blog.tinned-software.net/?p=2279 Many Linux Administrators use ssh on a daily basis. Many of the ssh servers are in their default configuration. Not changing the default configuration puts the security of the server at risk. That is why it is important to follow a few … Continue reading

The post Harden SSH server settings appeared first on Experiencing Technology.

Related posts:

  1. Verifying SSH configuration with a scan
  2. Debug SSH Connection issue in key exchange
  3. Subversion via ssh using authorized_keys
]]> Manage SSH-keys with the SSH-agent https://blog.tinned-software.net/manage-ssh-keys-with-the-ssh-agent/ Mon, 08 Aug 2016 09:01:33 +0000 https://blog.tinned-software.net/?p=2176 Many webservices generate ssh keys to access their service. With the amount of services the number of SSH keys grows. To avoid dealing with the keys in the command line and the ssh_config(5), you can simply add the ssh-key to the … Continue reading

The post Manage SSH-keys with the SSH-agent appeared first on Experiencing Technology.

Related posts:

  1. SSH passwordless login with SSH-key
  2. Restrict SSH login using SSH keys to a particular IP address
  3. SSH-Key authentication is not working – SELinux
]]> Create a luks encrypted partition on Linux Mint https://blog.tinned-software.net/create-a-luks-encrypted-partition-on-linux-mint/ Mon, 18 Jul 2016 08:03:19 +0000 https://blog.tinned-software.net/?p=2203 Encryption is not only for someone who has something to hide. There are simple concerns like a lost or stolen laptop that justify a full disk encryption. There are only a few steps necessary to create a encrypted partition. In … Continue reading

The post Create a luks encrypted partition on Linux Mint appeared first on Experiencing Technology.

Related posts:

  1. Automount a luks encrypted volume on system start
  2. Increase the size of a LUKS encrypted partition
  3. Create GnuPG key with sub-keys to sign, encrypt, authenticate
]]> Perform a portscan using netcat https://blog.tinned-software.net/perform-a-portscan-using-netcat/ Mon, 14 Mar 2016 22:10:57 +0000 http://blog.tinned-software.net/?p=2119 To perform a port scan, most of the time we think about a separate program. Sometimes it is not necessary to look that far. On most Linux systems netcat is already installed or can be installed easily from a repository. Continue reading

The post Perform a portscan using netcat appeared first on Experiencing Technology.

Related posts:

  1. Set up apache and the log path with SELinux
  2. SELinux allow webserver to send email
  3. SSH-Key authentication is not working – SELinux
]]> Restrict SSH access to port forwarding to one specific port https://blog.tinned-software.net/restrict-ssh-access-to-port-forwarding-to-one-specific-port/ Tue, 01 Mar 2016 18:49:19 +0000 http://blog.tinned-software.net/?p=2083 Allowing access to an unprotected service on a server is always a problem. Sometimes the easiest way is to not expose this service to the network but allow access via ssh port-forwarding, but how to limit the SSH account to … Continue reading

The post Restrict SSH access to port forwarding to one specific port appeared first on Experiencing Technology.

Related posts:

  1. Subversion via ssh using authorized_keys
  2. SSH remote host identification has changed
  3. Restrict Linux User to SCP to his home directory
]]> Generate public SSH key from private SSH key https://blog.tinned-software.net/generate-public-ssh-key-from-private-ssh-key/ Mon, 15 Feb 2016 18:32:20 +0000 http://blog.tinned-software.net/?p=1987 A lost SSH public-key or a web service generates an SSH key but does not provide the public-key part to you. What to do now? There is a solution for this situation. Continue reading

The post Generate public SSH key from private SSH key appeared first on Experiencing Technology.

Related posts:

  1. SSH passwordless login with SSH-key
  2. Restrict SSH login using SSH keys to a particular IP address
  3. SSH-Key authentication is not working – SELinux
]]> Restart hanging gpg-agent automatically using swatch on MacOSX https://blog.tinned-software.net/restart-hanging-gpg-agent-automatically-using-swatch-on-macosx/ Mon, 28 Sep 2015 17:41:34 +0000 http://blog.tinned-software.net/?p=1981 With a smart card reader, you can store your gpg keys on a card to sign, encrypt and even authenticate. What if you try to sign an email but your email client is not responding while signing the email? Or … Continue reading

The post Restart hanging gpg-agent automatically using swatch on MacOSX appeared first on Experiencing Technology.

Related posts:

  1. apt – install the package that contains a specific file
  2. Create GnuPG key with sub-keys to sign, encrypt, authenticate
  3. Change file time on Linux or Mac OS X
]]> Harden the SSL configuration of your mailserver https://blog.tinned-software.net/harden-the-ssl-configuration-of-your-mailserver/ Mon, 13 Apr 2015 13:44:10 +0000 http://blog.tinned-software.net/?p=1663 I described in one of my earlier post how to Setup Postfix with SMTP-AUTH and TLS on CentOS. I will follow up on this article describing how to harden the configuration of your mail server related to SSL. Continue reading

The post Harden the SSL configuration of your mailserver appeared first on Experiencing Technology.

Related posts:

  1. Setup Sieve mail filter with Postfix and Dovecot
  2. SPF and multiple domain mailserver
  3. Setup Postfix with SMTP-AUTH and TLS on CentOS
]]> SSH-Key authentication is not working – SELinux https://blog.tinned-software.net/ssh-key-authentication-is-not-working-selinux/ https://blog.tinned-software.net/ssh-key-authentication-is-not-working-selinux/#comments Mon, 05 Jan 2015 13:44:32 +0000 http://blog.tinned-software.net/?p=1414 When configuring SSH passwordless login with ssh-key the ssh-key generated and transfered to the server seems to not work when I try to login. Whay is the ssh-key authentication failing? Continue reading

The post SSH-Key authentication is not working – SELinux appeared first on Experiencing Technology.

Related posts:

  1. SSH passwordless login with SSH-key
  2. Change SSH port in CentOS with SELinux
  3. Restrict SSH login using SSH keys to a particular IP address
]]> https://blog.tinned-software.net/ssh-key-authentication-is-not-working-selinux/feed/ 1 SELinux allow webserver to send email https://blog.tinned-software.net/selinux-allow-webserver-to-send-email/ Fri, 14 Nov 2014 08:35:09 +0000 http://blog.tinned-software.net/?p=1090 When Wordpress tries to send email and you see "your host may have disabled the mail() function" it might be that SELinux is blocking it. Here is how to enable it. Continue reading

The post SELinux allow webserver to send email appeared first on Experiencing Technology.

Related posts:

  1. Set up apache and the log path with SELinux
  2. Change SSH port in CentOS with SELinux
  3. yum – install package that contains a specific file
]]> Migrate WordPress site with minimal downtime https://blog.tinned-software.net/migrate-wordpress-site-with-minimal-downtime/ Sat, 20 Sep 2014 10:46:05 +0000 http://blog.tinned-software.net/?p=1087 Migrating a Wordpress installation from one server to the other sounds like a simple task. Just move the files, copy the database for Wordpress and lets go. But when you start dealing with the DNS entries the whole story gets tricky. Continue reading

The post Migrate WordPress site with minimal downtime appeared first on Experiencing Technology.

Related posts:

  1. SELinux allow webserver to send email
  2. Migrate Baikal with minimal downtime
  3. SPF and multiple domain mailserver
]]> Set up apache and the log path with SELinux https://blog.tinned-software.net/set-up-apache-and-the-log-path-with-selinux/ Thu, 17 Apr 2014 20:44:22 +0000 http://blog.tinned-software.net/?p=1052 Depending on your backup strategy you might run into troubles of backup the entire /etc directory. Running a default installed Apache on CentOS will have the log directory of Apache linked from within the /etc/httpd/ directory. If you backup solution would backup those as well, the backups would contain the logs and get huge. Continue reading

The post Set up apache and the log path with SELinux appeared first on Experiencing Technology.

Related posts:

  1. Change SSH port in CentOS with SELinux
  2. yum – install package that contains a specific file
  3. SELinux allow webserver to send email
]]> Restrict SSH login using SSH keys to a particular IP address https://blog.tinned-software.net/restrict-ssh-logins-using-ssh-keys-to-a-particular-ip-address/ Tue, 18 Mar 2014 09:40:24 +0000 http://blog.tinned-software.net/?p=1328 Because most passwords are quite short so you can remember them as well as it is annoying to type the password all the time, You might have already considered creating SSH-keys and configured the SSH passwordless login with SSH-key for your server. But how to secure the access with SSH-key? Continue reading

The post Restrict SSH login using SSH keys to a particular IP address appeared first on Experiencing Technology.

Related posts:

  1. SSH passwordless login with SSH-key
  2. Subversion via ssh using authorized_keys
  3. Restrict Linux User to SCP to his home directory
]]> Secure SSH server access https://blog.tinned-software.net/secure-ssh-server-access/ Mon, 03 Mar 2014 07:17:36 +0000 http://blog.tinned-software.net/?p=1023 With a server running, SSH is one of the services nearly instantly gets checked out. Only after a couple of hours of going live with your server, you might already notice someone trying to login with passwords from a dictionary. There are some things you can do to reduce those hacking attempts to your SSH server. Continue reading

The post Secure SSH server access appeared first on Experiencing Technology.

Related posts:

  1. Restrict Linux User to SCP to his home directory
  2. Change SSH port in CentOS with SELinux
  3. Restrict SSH login using SSH keys to a particular IP address
]]>