ssh trick – ssh to remote host with bastion host

2019-09-16 1 min read bash Learning Linux
Lot of times, you have to ssh to a server with bastion host. If you dont know what is bastion host then see this: Now, in such cases, either you add an entry in “~/.ssh/config” to route the ssh through the bastion host or do ssh to bastion host and then ssh from there to the actual host. But wait, there is always a better way: ssh -t <bastion host> ssh -t <actual host> You can use the usernames as required for the 2 hosts and then you will have to enter passwords, first for the bastion host and then the actual host. Continue reading

https site available now with cert from cacert.org

2015-05-30 1 min read Wordpress
More about cacert.org : CAcert.org is a community-driven Certificate Authority that issues certificates to the public at large for free. CAcert’s goal is to promote awareness and education on computer security through the use of encryption, specifically by providing cryptographic certificates. These certificates can be used to digitally sign and encrypt email, authenticate and authorize users connecting to websites and secure data transmission over the internet. Any application that supports the Secure Socket Layer Protocol (SSL or TLS) can make use of certificates signed by CAcert, as can any application that uses X. Continue reading

Search CVE – web interface with php

2014-11-03 1 min read Uncategorized
So, last few weeks have been very busy with lot of security issues, so I thought of having a local CVE Search app. But all I could find on google and github.com were on python and nothing that I could use quickly. So here is link to one that I wrote quickly: CVE Search PHP It’s in php. So just download in some folder and access from a web-server and you are done. Continue reading

Sandbox apache (httpd) for better security.

2014-03-26 1 min read Fedora
Apache/httpd is something which you would like to have contained. And now fedora provides a native way/mechanism to to so with virt-sandbox-service. With this, you can create a virtualized sanbox service and then connect/list/manage such with virsh. We will be using LXC. Basically its couple of commands and you have a contained service running. # List all the containers virsh -c lxc:/// list # Create the sandbox, all default parameters. Will take dhcp address. Continue reading

Sandbox Firefox – First step to security

2014-03-19 2 min read Fedora Firefox
First we will setup cgroup to limit cpu and memory usage, so here we go: Add the configuration in /etc/cgconfig.conf #------start cgconfig---------------- #new group group firefox { perm { task { #user your login id and group here, so that you can control this group uid = amitag; gid = amitag; } admin { # same as above, set to your login id and group. uid = amitag; gid = amitag; } } # set the limits for cpu. Continue reading
Older posts