Go back to fronty page View most popular entries View latest additions Submit tutorials to UnixTutorials.info
UnixTutorials logo

Security related tutorials

Solaris

Enforcing a Two Man Rule Using Solaris 10 RBAC

Post date: April 28, 2005, 02:04 Category: Security Views: 5232 Comments
Tutorial quote: The "two man rule" (also sometimes called the "four eyes rule") has its origins in military protocol although for quite some time it has been welcomed into the stockpile of IT security controls used by organizations around the world. The "two man rule" specifies that there must be two individuals that must act in concert in order to perform some action.
Linux

Secure your Server with iptables

Post date: April 20, 2005, 11:04 Category: Security Views: 3649 Comments
Tutorial quote: Central to securing a Linux server that's connected to the Internet is having a good firewall and specific policies in place. Numerous options exist for those considering firewalls for Linux, however, a free and included solution is onoffer through Netfilter and iptables.
Gentoo

GCC extension for protecting from stack-smashing attacks

Post date: April 20, 2005, 10:04 Category: Security Views: 3811 Comments
Tutorial quote: The Stack-Smashing Protector (SSP, formerly ProPolice) is perhaps one of the most sophisticated yet simplistic protective compiler technologies to date which makes use of canary values by rearranging local variables and function pointers. When (ssp) is enabled it can prevent many forms of the common return-to-libc attack. It is implemented as a patch to GCC which will automatically insert protection code into your programs at compile time. It is developed by Hiroaki Etoh at IBM.
Unix+clones

DNS Common Abuses

Post date: April 17, 2005, 09:04 Category: Security Views: 2929 Comments
Tutorial quote: In paper I have present several features of DNS to make the reader familiar with the basics of the Domain Name System. I have also covered several well known and wide spread attacks that are used to exploit DNS. These attacks are by no means theoretical. In truth they grow more and more common as attackers become more sophisticated. The suggested defense methods outlined at the end of each section cover only the basic recommendations that can be used to thwart attackers.
Fedora+Core

Tripwire on your Fedora Box

Post date: April 16, 2005, 00:04 Category: Security Views: 5521 Comments
Tutorial quote: Tripwire is an Intrusion Detection System. This can be used to alert users whenever their system is compromised. Tripwire detects and reports changes in system files. It will alert you through email whenever a change is detected. If the change is due to normal system activity, you can instruct Tripwire not to report the change to that file in future. If the change is not due to normal system activity, then it is a clear indication that something is wrong and you need to act immediately and fix the issue. Thus tripwire comes very handy to maintain the integrity of the system.

There is lot of information on the web about Tripwire. Some people might argue that AIDE (Advanced Intrusion Detection Environment) is better than tripwire and so on. This comparison is beyond the scope of this article. This is an introductory article for novice users who are interested in installing Tripwire on their Fedora Box. Advanced users can refer to the web for relevant information or they can contact appropriate mailing lists like fedora users mailing list.
Unix+clones

Chkrootkit Portsentry Howto

Post date: April 15, 2005, 23:04 Category: Security Views: 3374 Comments
Tutorial quote: This document describes how to install chkrootkit and portsentry. It should work (maybe with slight changes concerning paths etc.) on all *nix operating systems.

Chkrootkit "is a tool to locally check for signs of a rootkit" (from http://www.chkrootkit.org).

"The Sentry tools provide host-level security services for the Unix platform. PortSentry, Logcheck/LogSentry, and HostSentry protect against portscans, automate log file auditing, and detect suspicious login activity on a continuous basis" (from http://sourceforge.net/projects/sentrytools/).

This howto is meant as a practical guide.
RedHat

Taking advantage of SELinux in Red Hat Enterprise Linux

Post date: April 15, 2005, 21:04 Category: Security Views: 4515 Comments
Tutorial quote: The release of Red Hat Enterprise Linux 4 debuts the first commercially supported inclusion of Security-Enhanced Linux (SELinux). An installation of Red Hat's latest enterprise operating system has SELinux installed and enabled by default. In the past SELinux has been criticized for a lack of commercial support, many big sites were unable to use it due to the lack of support (Fedora Core 3 doesn't have the support that they require). Now in Red Hat Enterprise Linux 4, SELinux is a supported part of the OS, and such objections to the use of SELinux have gone away. SELinux is now widely regarded as being suitable for the largest sites.
Linux

Sawing Linux Logs with Simple Tools

Post date: April 14, 2005, 12:04 Category: Security Views: 3298 Comments
Tutorial quote: So there you are with all of your Linux servers humming along happily. You have tested, tweaked, and configured until they are performing at their peak of perfection. Users are hardly whining at all. Life is good. You may relax and indulge in some nice, relaxing rounds of TuxKart. After all, you earned it.

Except for one little remaining chore: monitoring your log files. [insert horrible alarming music of your choice here.] You're conscientious, so you know you can't just ignore the logs until there's a problem, especially for public services like Web and mail. Somewhere up in the pointy-haired suites, they may even be plotting to require you to track and analyze all sorts of server statistics.

Not to worry, for there are many ways to implement data reduction, which is what log parsing is all about. You want to slice and dice your logs to present only the data you're interested in viewing. Unless you wish to devote your entire life to manually analyzing log files. Even if you only pay attention to logfiles when you're debugging a problem, having some tools to weed out the noise is helpful.
Unix+clones

Using Afick To Aid In Intrusion Detection

Post date: April 13, 2005, 01:04 Category: Security Views: 3346 Comments
Tutorial quote: Afick is a fast and portable utility which acts as an aid in intrusion detection as well as helping to monitor the general integrity of your system. Afick was written by Eric Gerbier and is distributed under the GNU General Public License. It is available for a number of platforms in both binary and source formats.
Linux

Chrooting Apache

Post date: April 13, 2005, 00:04 Category: Security Views: 3267 Comments
Tutorial quote: The chroot daemon allows you to run a program and have it see a given directory as the root (/) directory. This effectively locks the process into its very own filesystem ("chroot jail") isolated from the real / filesystem. In this article we will look at how to install the Apache Web server in such an environment.
Web-based applications and online marketing solutions - LumoLink