Category: Security

Keeping safe

The Mega Guide to Hardening and Securing CentOS 7 – Part 2

Continuing the previous tutorial on how to secure CentOS 7, in this article we’ll discuss other security tips that will be presented on the below checklist. Hardening and Securing of CentOS 7 Server Requirements The

The Mega Guide To Harden and Secure CentOS 7 – Part 1

This tutorial only covers general security tips for CentOS 7 which can be used to harden the system. The checklist tips are intended to be used mostly on various types of bare-metal servers or on

Connecting to Let’s Encrypt SSL sites via cURL from MAMP

This is a brief lesson in diagnostics that some may find helpful. The Scenario I develop websites on a Mac running MAMP. On my Mac I have an installation of InfiniteWP that connects to each

Lynis 2.5.5 Released – Security Auditing and Scanning Tool for Linux Systems

Lynis is an open source and much powerful auditing tool for Unix/Linux like operating systems. It scans system for security information, general system information, installed and available software information, configuration mistakes, security issues, user accounts

The Ultimate Guide to Secure, Harden and Improve Performance of Nginx Web Server

Nginx Security Hardening Tips Based on the wonderful things you have heard about Nginx, perhaps you decided to give it a try. You may have liked it so much that are considering replacing your Apache

How to Block SSH and FTP Access to Specific IP and Network Range in Linux

Block SSH and FTP Access Using IPtables/FirewallD Typically we all use SSH and FTP services often to access the remote servers and virtual private servers. As a Linux administrator, you must aware about how to

What is WordPress XML-RPC and How To Stop an Attack

The WordPress XML-RPC is a specification that aims to standardize communications between different systems. It uses HTTP as the transport mechanism and XML as encoding mechanism which allows for a wide range of data to be

How to remove the security hole in WordPress comment HTML

Before reading further, you should read my earlier post, Your WordPress site comments are giving information to hackers, since this post provides a neater solution to the problem described in that post. Summary of Problem

RHCSA Series: Mandatory Access Control Essentials with SELinux in RHEL 7 – Part 13

During this series we have explored in detail at least two access control methods: standard ugo/rwx permissions (Manage Users and Groups – Part 3) and access control lists (Configure ACL’s on File Systems – Part

Your WordPress site comments are giving information to hackers

Something I recently discovered: if you run a WordPress site and make a comment on a post yourself while logged in, information relating to your username is added to the HTML that makes up the

RHCSA Series: Installing, Configuring and Securing a Web and FTP Server – Part 9

A web server (also known as a HTTP server) is a service that handles content (most commonly web pages, but other types of documents as well) over to a client in a network. A FTP

7 Tools to Encrypt/Decrypt and Password Protect Files in Linux

Encryption is the process of encoding files in such a way that only those who are authorized can access it. Mankind is using encryption from ages even when computers were not in existence. During war

Single User Mode: Resetting/Recovering Forgotten Root User Account Password in RHEL/CentOS 7

Have you ever encountered a situation when you missed your user account password on a Linux System? And the situation can be worse if you forgot the root password. You cannot perform any system wide

How to Install and Use Linux Malware Detect (LMD) with ClamAV as Antivirus Engine

Malware, or malicious software, is the designation given to any program that aims at disrupting the normal operation of a computing system. Although the most well known forms of malware are viruses, spyware, and adware,

Protect Apache Against Brute Force or DDoS Attacks Using Mod_Security and Mod_evasive Modules

For those of you in the hosting business, or if you’re hosting your own servers and exposing them to the Internet, securing your systems against attackers must be a high priority. mod_security (an open source

25 Useful Apache ‘.htaccess’ Tricks to Secure and Customize Websites

Websites are important parts of our lives. They serve the means to expand businesses, share knowledge and lots more. Earlier restricted to providing only static contents, with introduction of dynamic client and server side scripting

Password-protecting an entire WordPress site

It’s quite a common scenario – you’ve developed a great WordPress site, and you need to show it to your client, but you don’t want the rest of the world (or even worse, a search

How to Lockdown Your WP Admin Login

Why should you lockdown your WP Admin Login? Because if you don’t take action to prevent this type of thing from happening then one morning you’re going to wake up and instead of seeing that income-generating

L

LUKS: Linux Hard Disk Data Encryption with NTFS Support in Linux

LUKS acronym stands for Linux Unified Key Setup which is a widely method of disk-encryption used by Linux Kernel and is implemented with the cryptsetup package. The cryptsetup command line encrypts a volume disk on

S

Secure Files/Directories using ACLs (Access Control Lists) in Linux

As a System Admin, our first priority will be to protect and secure data from unauthorized access. We all are aware of the permissions that we set using some helpful Linux commands like chmod, chown,