3DES Strength - Effective key strength of 3DES encryption explained
ACLs - Support for POSIX ACLs and similar fine-grained permission systems on Linux
Apache HTTP Methods Patch - Patch to remove insecure HTTP methods from Apache httpd 1.3.x.
Apache Security Tips - Security tips for the Apache httpd
Attacking Linux - How to improve your Linux security by thinking like an attacker; article by Rick Moen
Auditor LiveCD - Auditor Security Collection is a Linux live CD with an extensive collection of tools for examining compromised systems.
Authfail - Tool to monitor logs for repeated authentication failures and generate netfilter DROP or REJECT rules, foiling brute-force login attacks
Break-in without Remote Exploit - Explains why it's not enough to just keep patch-levels updated and use encrypted transports.
Buffer Overflow - Techniques to eliminate security risks from buffer overflows
Challenge-Response - Critique of Challenge-Response software by Karsten Self
Debian Compromise 2003 - Analysis and lessons to draw from the Nov. 2003 compromise of several Debian developer servers
Extended File Attributes - chattr, lsattr, and extended file attributes.
fail2ban - Python utility 'fail2ban' scans logfiles like /var/log/pwdfail and then bans via iptables rules IPs that generate too much password failures
Firewalls - Complete text of Cheswick and Bellovin's classic book 'Firewalls and Internet Security: Repelling the Wily Hacker', first edition
Firewall Builders - Tools available on Linux for easily building and managing iptables IP-filtering rulesets
Firewall Limitations - Editorial making the point that people relying on 'firewalls' for security are deluded, and that the perimeter security model is severely broken
Firewall Piercing - Tunneling SSH through firewalls using httptunnel, proxytunnel, or corkscrew
FISH Protocol - The FIles over SsH protocol extension
Forensics - Basic security detective techniques
FTP Daemons - List of all known ftp daemons for Linux and *BSD, with recommendations for anonymous-only deployments.
iptables logs - Guides and tools for interpreting iptables and ipchains logs, by Manfred Bartz
GnuPG Lecture - Lecture notes from a technical overview lecture about GnuPG (gpg), by Rick Moen.
GnuPG with Mutt - Everything You Need to Know to Start using GnuPG, but Justin R. Miller
Halted Firewalls - Constructing a hardened firewall using a Linux host that deliberately runs in a system-shutdown state
Identd for Firewalls - How to set up an identd for firewalls
IDS Lecture at BayLISA, March 2002 - Notes on John S. Flowers's highly-regarded intrusion detection software lecture
IDSes - Presentation by David B. Allen at LinuxWorld Conference and Expo 2003 on Linux Intrusion Detection Systems
IDSes - Rick Moen and other mailing list participants' rundown on Intrusion Detection System software options
IP Tables - IP Tables Quick Reference (unfinished)
Linspire Root Issues - What is and is not true about LinspireOS (formerly LindowsOS) and the trait of running routinely as the root user
mod_security - Ivan Ristic's ONLamp.com article on configuring and using Apache's mod_security module
Network Monitoring - Rundown of tools commonly used to monitor networks
NFS - How to Secure NFS, article about Debian 4.0 Etch, but broadly applicable
NTLM Auth - How to do NTLM authentication on Linux, required to talk through IIS / MS Proxy Server firewalls
Overview - Overview of Linux system and network security
PAM - Documentation about the Programmable Authentication Modules (PAM) framework
PAM Delay - Module for PAM that foils brute-force login attacks by introducing an enforced delay between login attempts of any given login name. (See also Authfail.)
PAM LDAP - Configuring PAM to authenticate to an LDAP directory
Passwords - How to deal with humans' inability to remember strong passwords reliably and in sufficient number
Password Safes - Applications for storing passwords in encrypted form
PHP - Information on security issues and remedies for PHP applications
Ping of Death - How the Ping of Death worked against perennially vulnerable Microsoft OSes, circa 1997
Port Forwarding - Various techniques for forwarding ports across networks
Portsentry Considered Harmful - Comparison of Psionics's proprietary Portsentry dynamic scanning-detection and port-blocking utility with snort, explaining why the former category is actively bad for system security
Resources/Deter - Matthew Deter's security resources
Resources/Farmer - Dan Farmer's security resources
Resources/Stokely - Resources for system administrators from Stokely Consulting
Root Compromise - Outlines for a talk on response to Linux system root compromise
Root Password Lost - How do I recover a lost root password?
Root w/X11 - List of methods for running X11 applications with root-user authority (without having to run X11 generally as root)
ROPE iptables scripting - ROPE Iptables module: scripting engine that runs inside the kernel, helps write iptables match modules for complex protocols, e.g., blocking gnutella and bittorrent.
SATAN on Linux - Modifications to make the (now-obsolete) SATAN security-checker compile and run on Linux
scp Shells - Shells for naive-user access to sftp/scp/sftp2
Security Breach - What should I do if I detect that my systems have been security-compromised?
Security HOWTO Corrections - Corrections to the Linux Security HOWTO, unfortunately ignored by its maintainers
Security Tools - Fyodor's catalogue of the top 100 network security tools. Indispensible.
Smoothwall GPL - Analysis of claims that Smoothwall's maintainers violated the GNU GPL (they didn't)
Squid Transparent Proxy - How to set up a transparent proxy with Squid, in three easy steps
ssh-agent Tip - Tips for integrating ssh-agent into one's desktop setup
SSH Agent - Mark A. Hershberger's tips on use of ssh-agent
SSH Agent - Radu Rugina's tips on use of ssh-agent
SSH Hints - Tips for effective use of ssh
SSH Public-key Process - Safely automating inter-host processes using ssh keypairs
SSH Quoting Syntax - Avoiding problems with shells parsing quoted strings intended to be passed to ssh
SSH scp-Emulation - Emulating scp using only bare ssh
sshd Always Running - Tip to make sure sshd always respawns, using init's 'respawn' directive
sshd Debugging - Tip for debugging sshd problems
SSH OPIE - Configuration details for running OpenSSH with OPIE one-time password authentication
SSH Software - SSH-Protocol Software for Sundry Platforms — most-comprehensive list known
SSL Cert Self-signing - Creating and self-signing SSL site certificates
Tips - General security tips
Tools/Fyodor - List of security tools maintained by Fyodor, author of nmap
VPNs - Virtual Private Network options on Linux
VPNs by N. Treadway - Virtual Private Network options on Linux, list maintained by Nathan Stratton Treadway
Virus - Linux software for detecting/purging MS-Windows viruses
VXing - Cyneox's Linux virus and security site.
Wireless Security - How and why to use WPA2-AES-Enterprise and a RADIUS server for your wireless security if security matters
Zimmermann-Sassaman Protocol - Details a method for conducting rapid mass GPG/PGP keysigning events
Home | Suggest new link
Except where otherwise noted, this knowledgebase's contents are freely redistributable under the Creative Commons Attribution-ShareAlike 3.0 licence.