• ssh how to verify your host key / avoid MIM attacks


    SSH helps keep us secure in many ways, one of those is the host-key fingerprint which is unique. If you have been connecting to an SSH server that you've made no changes to and suddenly ssh warns that the key doesn't match then you have a problem. But how about connecting to an existing server for the first time on a new machine or client? A lot of new clients calculate it using an SHA256 hash but it is not as easy on your host machine to produce the sam........
  • Avocent DSR8020 KVM/IP - Network Connect Error - Solution


    This error is commonly due to Java security or TLS settings but there is a second issue with forwarded ports that also causes it. 1. Java Security/TLS Settings issue: This article has the solution to change them all in Linux automatically 2. Port Forwarding Issue if your Avocent DSR is behind NAT/private IP........
  • How to verify SSL SHA-1 Certificate Fingerprnit Signature of your mail/web server to avoid hijacking/man-in-the-middle attacks


    This is especially helpful if you run your own servers. If you are presented with an error message or warning that the signature has changed or does not match the IP/domain you are connecting to you always want to verify manually. So your e-mail/web client will show you an SHA-1 fingerprint like this: "Could not verify this certificate because the issuer is unkown" or other reasons such as a mismatch in IP/domain. It will also show you........
  • How to Properly Secure SSL/TLS Apache Settings against Heartbleed Poodle (TLS) Poodle (SSLv3) FREAK BEAST CRIME


    Many users still are not aware but simply patching OpenSSL does not secure you against many known and easy to exploit attacks that will render your encryption useless by an attacker. Use the following setings in /etc/httpd/conf.d/ssl.conf SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !CAMELLIA !SEED !3DES !RC4 !aNULL !eNULL !LOW !MD5 !EXP !PSK !........
  • Asterisk iptables block bruteforce attacks howto with fail2ban


    yum -y install fail2ban vi /etc/fail2ban/jail.conf [asterisk-tcp] enabled = true filter = asterisk action = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp] sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com] logpath = /var/log/asterisk/messages maxret........
  • Linux/Centos how to block SSH bruteforce/dictionary attacks automatically with denyhosts


    A lot of people become nervous (and understandably so) when checking their auth or security logs, in Centos /var/log/secure and see dozens, hundreds of even thousands of attempted logins to various services, especially SSH. Of course you could manually block these people/IPs but no one has time to read the logs like that, what if some program or script could do it for you? This is what denyhosts does for you, it checks the logs and based on a certain number of failed SSH attem........
  • Telus + 2Wire 2700 Router Horrible


    Telus + 2Wire 2700 Router HorribleWell first of all let me say this is the only router/switch that sometimes seems to crash/disconnect computers on the local network. This device also thought it would be smart to block VOIP packets coming from my Sipura ATA VOIP adapters so I disabled the [quote:cb89ba7bff]"Invalid TCP Flag Attacks (NULL/XMAS/Other)"[/quote:cb89ba7bff] option Then all of a sudden I couldn't get onto any web pages, the wireless........
  • Intruder detection device uses behavioural analysis


    Intruder detection device uses behavioural analysisIntruder detection device uses behavioural analysis by Antony Savvas Monday 13 June 2005 Symantec is introducing a new intrusion detection product that uses behavioural analysis to block potential attacks on enterprise networks. The new Critical System Protection 4.5 system uses technology that Symantec acquired through last year’s purchase of Platform Logic. It is designed to protect deskt........
  • Latest Articles

  • RTL8821AU Setup Configure Wifi Realtek 8821 in Linux Debian Mint Ubuntu Howto
  • How To Tell Which Repository a Package Comes From Debian Mint Ubuntu
  • How To Reload All Kernel Modules And List Required Moduels for Each Device - Linux Mint Debian Ubuntu Troubleshooting
  • Debian Ubuntu Mint How To Change Default Display Manager
  • Ubuntu Mint Debian Howto Execute Command / Script / Program Upon Wakeup From Sleep
  • Linux Debian Mint Ubuntu How To Add Non-Free Repositories and Contrib
  • Debian Ubuntu Mint DHCP dhclient quits and how to make it persistent if first attempt to get DHCP lease fails
  • ssh Too many authentication failures not prompting for password
  • LightDM Mint Ubuntu Debian won't start errors Nvidia Graphics
  • WARNING: Unable to determine the path to install the libglvnd EGL vendor library config files. Check that you have pkg-config and the libglvnd development libraries installed, or specify a path with --glvnd-egl-config-path. Linux Ubuntu Mint Debian E
  • How To Upgrade Linux Mint 18.2 to 18.3 to 19.x and 20.x
  • MP3s Won't Play / ID3 Version 2.4 Issues in Cars and Other MP3 Players/CDs/DVDs Solution
  • LXC Containers LXD How to Install and Configure Tutorial Ubuntu Debian Mint
  • GlusterFS HowTo Tutorial For Distributed Storage in Docker, Kubernetes, LXC, KVM, Proxmox
  • Ubuntu Mint audio output not working pulseaudio "pulseaudio[13710]: [pulseaudio] sink-input.c: Failed to create sink input: too many inputs per sink."
  • How To Shrink Dynamically Allocated VM QEMU KVM VMware Disk Image File
  • How To Enable Linux Swapfile Instead of Partition Ubuntu Mint Debian Centos
  • 404 Not Found [IP: 151.101.194.132 80] apt update Debian 11 Bullseye Solution The repository 'http://security.debian.org bullseye/updates Release' does not have a Release file.
  • WARNING: Can't download daily.cvd from db.local.clamav.net freshclam clamav error solution
  • (firefox:9562): LIBDBUSMENU-GLIB-WARNING **: Unable to get session bus: Failed to execute child process "dbus-launch" (No such file or directory) Solution