Tag: security

Firewalld Cheat Sheet

Notes and Tips To list all services firewalld is aware in an easy to read format use command firewall-cmd –get-services | tr ” ” “\n” Default firewalld service .xml files can be found under /usr/lib/firewalld/services For all commands that support the –zone= option if no zone is provided it will use the default zone. To…


Shell Script to Locate and Check the Version of all Java Binaries

Rather your public or private industry at some point your system will be audited. As part of this audit there may include a search for old versions of Java that have not been patched. Even though you may patch your OS consistently often COTS software such at Symantec NetBackup, Oracle and so on will install…


Script to Find World Writable Files

Notes Script works on all Linux operating systems In the middle of the while loop you can add something like chmod o-w ${file} to remove the world writable flag


Secure Your SSH Server

Before Beginning Backup your /etc/ssh/sshd_config file before making any changes For more detailed info on the options in this guide check the sshd_config man page man sshd_config Do not blindly set these security settings design them around your environments security policy Step 1: Disable Root Login Before disabling PermitRootLogin make sure you have an generic…


Bind mysql Port to Localhost

Step 1: Verify that mysql port 3306 is listening on all ports using netstat and/or nmap.

Output will resemble

Nmap is generally run from an remote system.

Output will resemble

Step 2: Backup your /etc/my.cnf file.

Step 3: Open your /etc/my.cnf file with vi.

Step 4: Add the line…


Troubleshooting VAS/QAS on Red Hat Enterprise Linux and Solaris

This document details the basic steps used to troubleshoot Quest Authentication Services (QAS) also known as Vintela Authentication Services (VAS). Important Files Files Details /etc/opt/quest/vas/host.keytab Encrypted host key /etc/opt/quest/vas/group-override Maps accounts to groups /etc/opt/quest/vas/users.allow Lists groups that are granted access to the server /etc/opt/quest/vas/xjoin.keytab File used to join server to domain /etc/opt/quest/vas/vas.conf Primary VAS configuration…


Increase System Entropy on RHEL & CentOS 6 and 7

The document details the process of creating entropy using the Intel rdrand instruction set built into certain Intel CPUs. Entropy is the randomness of the data that is used when an application or operating system uses cryptography. An example would be SSL connections to your web server. Verify CPU Supports the rdrand Instruction In this…