Category Archives: Linux
Increase SSL and TLS security on nginx and Apache by enabling PFS and HSTS
The default configuration of SSL is fine on most Linux distributions (you will get an A-Rating at SSL Labs), but still could be done a lot better and more secure. Goals we want to achieve: Enable Perfect Forward Secrecy (PFS) Enable HTTP Strict Transport Security (HSTS) Disable SSLv2 and SSLv3 PCI compliant FIPS-ready (optional) Don’t break IE… NOTE: the configuration below will … Continue reading
Change host name of Puppet client
Here are the steps i use to change the host name of a puppet client: On the client side stop Puppet, remove old certificates and change host name: Change the host name in /etc/sysconfig/network and /etc/hosts, then reboot the client. Remove the old certificate on the server: If you’re using Foreman, change the host name there too. Finally, initialize a … Continue reading
Plesk (11) – Redirect Webmail to HTTPS
By default the webmail interfaces of Plesk is running unsecured on port 80. That’s bad, really bad (Shame on you Parallels!). There are some guides out there to fix that, but they are all wrong in my eyes. Some are made for old releases, others are changing stuff in files which are overwritten on update or regeneration of config files. But … Continue reading
Limit/prevent SSH brute force attempts
If you (have to) run a public available SSH server, you may have noticed already that there are a lot of brute force attacks trying to guess a user and password (have a look into /var/log/secure ). If you did it the correct way, you only allow public keys to authenticate of course. But maybe you can’t, because the client … Continue reading
Quick tip: [bash] Execute multiple files in a directory at once
Today i created a bunch of scripts which i have to execute one by one from time to time. The order doesn’t matter. So i simply can execute this one-liner: