Scanners For Security Linux Servers

This article covers a few good scanners for securing #Linux Servers.
ClamAV ranked 13 out of 16 for Linux malware and viruses beating McAfee, Comodo and F-prot.
To run a ClamAV scan in Linux, you can open a terminal and insert “sudo apt-get install clamav” and press enter.
You may also build ClamAV from sources to benefit from better scanning performance.
To update the signatures, you type “sudo freshclam” on a terminal session and press enter.
Now we are ready to scan our system.
clamscan is a #command line tool which uses libclamav to scan files and/or directories for viruses. Unlike clamdscan , clamscan does not require a running clamd instance to function. Instead, clamscan will create a new engine and load in the virus database each time it is run.
Clam AntiVirus (#ClamAV) is one such open-source antivirus software that helps to detect many types of malicious software including viruses.

Rootkits are a type of malware that are designed so that they can remain hidden on your computer. But while you might not notice them, they are active. Rootkits give cybercriminals the ability to remotely control your computer.

Read More

Django Application with Kubernetes

This article covers deploying a Scalable and Secure Django Application. Kubernetes is a powerful open-source container orchestrator.
Kubernetes is a powerful open-source container orchestrator that automates the deployment, scaling and management of containerized applications.
Kubernetes objects like ConfigMaps and Secrets allow you to centralize and decouple configuration from your containers, while controllers like Deployments automatically restart failed containers and enable quick scaling of container replicas.
TLS encryption is enabled with an Ingress object and the ingress-nginx open-source Ingress Controller.
The cert-manager Kubernetes add-on renews and issues certificates using the free Let’s Encrypt certificate authority.

Read More

Manage Networking with NetworkManager in RHEL CentOS 8

This article covers NetworkManager daemon for managing the networking service to dynamically configure and control network devices and keep connections up and active when they are available.
Netstat is a command line utility that can be used to list out all the network (socket) connections on a system.
It lists out all the tcp, udp socket connections and the unix socket connections.
To reboot Linux using the command line: To reboot the Linux system from a terminal session, sign in or “su”/”sudo” to the “root” account.
Then type “ sudo reboot ” to reboot the box. Wait for some time and the Linux server will reboot itself.

To troubleshoot network connectivity with Linux server:
i. Check your network configuration.
ii. Check the network configuration file.
iii. Check the servers DNS records.
iv. Test the connection both ways.
v. Find out where the connection fails.
vi. Firewall settings.
vii. Check Host status information.

To change the hostname in Linux Ubuntu:
i. Type the following command to edit /etc/hostname using nano or vi text editor: sudo nano /etc/hostname. Delete the old name and setup new name.
ii. Next Edit the /etc/hosts file: sudo nano /etc/hosts.
iii. Reboot the system to changes take effect: sudo reboot.

To reinstall #network service in #Linux (#Ubuntu / #Debian):
i. Use the following command to restart the server networking service. # sudo /etc/init.d/networking restart or
# sudo /etc/init.d/networking stop # sudo /etc/init.d/networking start else # sudo systemctl restart networking.
ii. Once this done, use the following command to check the server network status.

Read More

Ansible error Shared connection to server closed

This article covers the Shared connection to server closed error which occur when we run an Ansible command to execute commands on two newly deployed CentOS 8 servers.
Ansible is an open-source automation tool, or platform, used for IT tasks such as configuration management, application deployment, intraservice orchestration, and provisioning.
While you can write Ansible modules in any language, most Ansible modules are written in Python, including the ones central to letting Ansible work. By default, Ansible assumes it can find a /usr/bin/python on your remote system that is either Python2, version 2.6 or higher or Python3, 3.5 or higher.

A quick fix to Ansible error Shared connection to server closed is to just add the path to python 3 in your inventory file.
It would look something like this:
ip_address ansible_python_interpreter=/usr/bin/python3
Then you could test if it works with the ping module:
ansible -m ping all

From the error details, the connection failed because the shell(s) in the remote system couldn't find the Python interpreter (/usr/bin/python) as indicated by the line: "module_stdout": "/bin/sh: /usr/bin/python: No such file or directory\r\n".
After checking the remote hosts, we discovered that the systems don't have Python 2 installed.
Check Python Binary
They have Python 3 installed by default and its binary is /usr/bin/python3.

According to the Ansible documentation, Ansible (2.5 and above) works with Python version 3 and above only.
Also, Ansible is supposed to automatically detect and use Python 3 on many platforms that ship with it.
However, if it fails to, then you can explicitly configure a Python 3 interpreter by setting the ansible_python_interpreter inventory variable at a group or host level to the location of a Python 3 interpreter.

Read More

Tips to secure mail server

This article covers some tips to secure a mail server.

Email on the internet is sent by the Simple Mail Transfer Protocol (SMTP). Where a mail flow between servers is not encrypted, it could be intercepted by an ISP or government agency and the contents can be read by passive monitoring.
Basically, When emails are sent between two parties, unless BOTH parties use encryption the message is open and can be read by anyone who intercepts it.
Any emails sent to and received from mailboxes that only send cleartext emails should be considered as security liabilities.

Tips on how to secure your mail server:
1. Encryption: When securing your mail server, make sure you are using secure connections. Encrypt POP3 and IMAP authentication and use SSL and TLS.

2. Mail relay configuration: Avoid being an open relay for spammers by specifying which domains/IP addresses your mail server will relay mail for.

3. Connections and default settings: To avoid DoS attacks, limit the number of connection and authentication errors that your systems will accept. Remove unneeded server functionality by disabling any unnecessary default settings. Have a dedicated mail server and move other services like FTP to other servers. Keep total, simultaneous, and maximum connections to your SMTP server limited.

4. Access Control: To protect your server from unauthorized access, implement authentication and access control. For example, SMTP authentication requires users to supply a username and password to be able to send mail from the server. Make sure access to your servers is on a need-to-have basis and is shared with as few people as possible.

5. Abuse prevention: Check DNS-based blacklists (DNSBLs) and reject email from any domains or IPs listed on them. Check Spam URI Real-time Blocklists (SURBL), and reject any messages containing invalid or malicious links.
Also, maintain a local blacklist and block any IP addresses that specifically target you. Employ outbound filtering and use CAPTCHA/reCAPTCHA with your web forms.

Read More

DirectAdmin invalid characters in mail autoresponder

This article covers tips to resolve invalid character error in mail-in DirectAdmin.
The reason for this error is that Oracle sees a character that it considers invalid.
If you use a special character in a table or column name, then try putting double quotation-marks around the name.
If you use a special character in a value, put quotation marks around it.
If you look closely, you'll notice a punctuation mark of some sort between "Character" and "Invalid."
This means you have included punctuation marks in the information you typed into that field.
Remove all punctuation marks, symbols, or other special characters and you will be able to proceed.

To fix #DirectAdmin #error: Invalid characters in mail autoresponder:
1. You have to set correct encoding for Directadmin theme that is used. In this case, default “enhanced” theme was used so I edited accordingly:
vi /usr/local/directadmin/data/skins/enhanced/lang/en/lf_standard.html
2. Then find variable “LANG_ENCODING” and correct it to your needs. In my case:

Read More

Focus on your business, not your servers.

Click Here to Learn More

Recent Post