So, last few weeks have been very busy with lot of security issues, so I thought of having a local CVE Search app. But all I could find on google and github.com were on python and nothing that I could use quickly. So here is link to one that I wrote quickly:
It’s in php. So just download in some folder and access from a web-server and you are done.
Continue readingApache/httpd is something which you would like to have contained. And now fedora provides a native way/mechanism to to so with virt-sandbox-service. With this, you can create a virtualized sanbox service and then connect/list/manage such with virsh.
We will be using LXC.
Basically its couple of commands and you have a contained service running.
# List all the containers virsh -c lxc:/// list # Create the sandbox, all default parameters. Will take dhcp address. virt-sandbox-service create -C --username amitag -u httpd.service httpd_conta # Create the container with static IP. virt-sandbox-service create -C --username amitag -u httpd.service -N \ address=192.168.122.11/24%192.168.122.255 httpd_conta#Enable and start the service. virt-sandbox-service start httpd_conta virt-sandbox-service enable httpd_conta#Delete the container if not required any more. virt-sandbox-service delete httpd_conta
Continue reading
First we will setup cgroup to limit cpu and memory usage, so here we go:
Add the configuration in /etc/cgconfig.conf
#------start cgconfig---------------- #new group group firefox { perm { task { #user your login id and group here, so that you can control this group uid = amitag; gid = amitag; } admin { # same as above, set to your login id and group. uid = amitag; gid = amitag; } } # set the limits for cpu.. by default there are 1024 shares of cpu with no other groups, # so share of 102 would be around 10% . cpu{ cpu.shares="102"; } # limit the cpus to be used to only 0-1 cpuset{ cpuset.cpus=0-1; cpuset.mems=0; } # limit the maximum memory to 700Mb. memory { memory.limit_in_bytes="700M"; memory.max_usage_in_bytes="0"; } } #------end cgconfig----------------
Continue reading
It is good practice to keep iptables/firewall enabled. But configuring it is difficult, do you agree. Not any more 🙂
Install firewall-config
sudo yum install firewall-config
This will install a GUI application, which you can run with “Firewall” application in the dash or with “firewall-config” in terminal. It is pretty straight forward to use this tool, even if you don’t have much knowledge on Firewall/iptables.
Continue reading
Last couple of years, I just used to disable iptables on my system, this time I decided not to disable it and keep it enabled.
So far so good, now comes the tricky part, I have http server enabled on my system and since this is on local network with already firewall and other security in place so I can allow all incoming to my system and similarly I need to enable XDMCP outgoing. So, I can add the rules like this :
Continue reading
Today I was looking for some way to put the output of the mysql output in an array in a bash script. Quick google search yeilded to results something like this:
|
1
|
The problem with the above approach is that all the words go into separate index. So if you have a line that has space then that is split into multiple index’s. Not good…
Continue readingSnort is a very good security tool to install if you are concerned about the security of your system. I find it really useful but the problem is I keep forgetting to monitor the logs so what did I do, I installed snort and configured cron to send to logs everyday, here’s how.
On fedora, snort is available in the repository but the rules are not. So to install snort just type in the following in a terminal:
Continue reading