On Tuesday, October 14, 2014, iSIGHT Partners and Microsoft announced a Zero-Day vulnerability named “Sandworm” found in all versions of Microsoft Windows and Windows Server 2008 and 2012. The vulnerability has been exploited in a small number of cyberespionage attacks against NATO, energy companies, a US academic organization and many others. Microsoft has since created […]
Because fail2ban is not available from CentOS, we should start by downloading the EPEL repository: rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm Follow up by installing fail2ban: yum install fail2ban The default fail2ban configuration file is location at /etc/fail2ban/jail.conf. The configuration work should not be done in that file, however, and we should instead make a local copy of […]
Whitelisting is setup in the jail.conf file using a space separated list. [DEFAULT] # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space separator. ignoreip = 127.0.0.1 192.168.1.0/24 220.127.116.11 […]
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store ortransmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID (MID). General requirements for compliance Firewall Intrusion Drevention Systems Intrusion Prevention Systems Dedicated IP addresses PCI […]
According to The Register, a serious vulnerability in SSL v3 will be disclosed tomorrow on October 15th. Some people are recommending disabling SSL v3 in various daemons until further notice. A vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker. SSL […]
Products Affected: Product/Channel Fixed in package Remediation details Red Hat Enterprise Linux 7 bash-4.2.45-5.el7_0.2 Red Hat Enterprise Linux Red Hat Enterprise Linux 6 bash-4.1.2-15.el6_5.1 Red Hat Enterprise Linux bash-4.1.2-15.el6_5.1.sjis.1 Red Hat Enterprise Linux bash-4.1.2-9.el6_2.1 Red Hat Enterprise Linux 6.2 AUS bash-4.1.2-15.el6_4.1 Red Hat Enterprise Linux 6.4 EUS Red Hat Enterprise Linux 5 bash-3.2-33.el5.1 Red Hat […]
Source: http://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators-two-factor-authentication/ Also, for CentOS: http://www.tecmint.com/ssh-two-factor-authentication/ Want to secure your SSH server with easy-to-use two-factor authentication? Google provides the necessary software to integrate Google Authenticator’s time-based one-time password (TOTP) system with your SSH server. You’ll have to enter the code from your phone when you connect.
Check the server if it is root compromised. lsattr /usr/bin Root compromised output. All of those files are set to immutable and append only. That’s what the “ia” you see is. [root@mail ~]# lsattr /usr/bin s—ia——- /usr/bin/bzcmp s—ia——- /usr/bin/getkeycodes s—ia——- /usr/bin/enc2xs s—ia——- /usr/bin/mail-files s—ia——- /usr/bin/chage s—ia——- /usr/bin/mdeltree s—ia——- /usr/bin/nslookup s—ia——- /usr/bin/semodule_link s—ia——- /usr/bin/mbchk s—ia——- /usr/bin/rpcgen […]