Overview Released in 1998, OpenSSL is a cryptography library available for Linux, Windows, BSD and Mac OS systems. The library allows users to do a variety of tasks such as but not limited to creating CSR’s / private keys, convert certificates to different formats and validiate existing certificates. Over the years I’ve written down commands… Read more »
Automate SSH Key Rotation on Ubuntu with Ansible
Overview Changing your SSH keys is as important as changing your underpants daily, running this script on a frequent basis will ensure access to the servers are changed on a regular basis. Use Ansible to do ssh key rotation in your sleep!
Blocking Postfix traffic using Fail2ban
So if you are reading this then you have probably seen what appears to be every bot in China connecting to your Postfix server to attempt anything from relaying to auth attacking. Well, have I got the solution for you! Now before you implement this, I will warn you, this is very restrictive, it doesn’t… Read more »
Hardening SSHD for Security
The secure shell daemon should be hardened to prevent unauthorised access before being put into a production environment or exposed to the internet. 1. Verify the /etc/ssh/sshd_config file contains the following lines and that they are not commented out:
| 1 2 3 4 5 6 7 8 9 | Protocol 2 IgnoreRhosts yes HostbasedAuthentication no PermitRootLogin no PermitEmptyPasswords no AllowTcpForwarding no (unless needed) X11 Forwarding no (unless needed) AllowUsers <username1> <username2> (Optional) DenyUsers <username1> <username2> (Optional) |
Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If… Read more »
Deny ICMP Ping on Outside Dialer Interface (Cisco Router)
Deny ICMP Ping on Outside Dialer Interface for a Cisco Router I am a firm believer of “if you don’t need it, turn it off”, icmp ping is no exception. Doing such reduces the surface area of attack, as most port scanners initially ping the target to see if there is a replying host at… Read more »
