Security

Here’s a pretty weird kernel panic that I came across the other day:

I was recently working on a server where a user on the server was concerned with these log messages:

When you create a CSR and private key to obtain an SSL certificate, the private key has some internal data called a modulus.

Lots of PCI Compliance and vulnerability scan vendors will complain about TRACE and TRACK methods being enabled on your server.

Plesk has a (somewhat annoying) default firewall configuration that you can adjust from within the Plesk interface.

Sometimes servers just have the weirdest SSL problems ever.

One of the main reasons people like passive FTP is that it’s easier to get through firewalls with it.

If you have postfix installed with OpenSSL support compiled in, you can enable SSL connections by editing two configuration files.

If you want to remove all of the open_basedir restrictions for all sites in Plesk, simply create a file called /etc/httpd/conf.

If you find yourself with the ever-so-peculiar 500 OOPS error from vsftpd when you attempt to login over SSH, there could be a few different things at play.

If you find that someone has done a recursive chmod or chown on a server, don’t fret.

One of the nifty things about FreeBSD’s kernel is that it will limit closed port RST responses, which, in layman’s terms, just means that if someone repeatedly hits a port that’s closed, the kernel won’t respond to all of the requests.

If you receive the following error, your PIX does not have a key set up for use with SSH:

Installing snort from ports on FreeBSD is pretty straightforward, but there are some ‘gotchas’ that you need to be aware of.

If you have an open_basedir restriction that is causing issues with a domain, you can remove the restriction easily.

When Plesk is installed, the default certificate for the Plesk interface itself is a self-signed certificate that is generated during the installation.

Thanks to a highly awesome technician on my team, we’ve discovered the perfect permissions setup for Joomla and Plesk:

If you’re checking through your mail logs, or you catch a bounced e-mail with “554 relay access denied” in the bounce, the issue can be related to a few different things:

To enable SSL/TLS support in proftpd, add the following to the proftpd.

To add a chrooted FTP user outside of Plesk properly, you need to:

If you have weird SSL errors and this one appears, you are trying to speak SSL to a daemon that doesn’t understand it:

To pretty much completely disable SSH timeouts, simply adjust the following directives in /etc/ssh/sshd_config:

As with most things, turning off SSLv2 in Lighttpd is much easier than in Apache.

If you’ve forgotten the root password for a MySQL server, but you know the system root, you can reset the MySQL root password pretty easily.

First, you have to get the certificate and key out of Windows in a pfx (PKCS #12) format.

If you can’t use PHP to force HTTPS, you can use mod_rewrite instead.

To force HTTPS with a PHP script, just put this snippet near the top:

I rarely try to toot my own horn, but I’ve created a pretty handy site.

To disable SSLv2 server-wide on a Plesk server, add this in your /etc/httpd/conf.

If you want to hide the current version of Apache and your OS, just replace

If you’ve ever worked on a linux system, chances are that you’ve used chmod many times.

If odd bounced e-mails are coming back to the server or the server is listed in a blacklist, some accounts may be compromised on the server.

You can delete them based on what they’re doing:

Check for a SYN flood:

If you have a Cisco device logging to RHEL, here’s all that’s necessary:

TCP: Treason uncloaked!

If you’re looking to get PCI/CISP compliance, or you just like better security, disable SSL version 2.

Okay, so you’ve verified that the correct admin password is being used, but you still can’t login?

If you work on enough servers, you discover that a lot of people put the security of their MySQL server on the back burner.

Sticky bits help you take file permissions to the next level.

If you think you have a rooted RHEL box, you’ll want to run the usual rkhunter, chkrootkit, and you will want to inspect for rogue processes.