Tag: Security


Modsecurity 2.5 Review Coming

The folks over at Packt Publishing are kind enough to send me out an advance copy of the upcoming Modsecurity book by Magnus Mischel. I have written about mod security before, but really haven’t had a chance to look into it recently. I am anxious to see where its advanced to in version 2.5. If …

By eric

Redacted On A Feedback Loop

This post is a little more of a rant than I usually make, but I think its warranted. If you don’t know what a feedback loop is, read here. I’m not sure who thinks its a good idea to replace all instances of an email addresses in a feedback loop with [redacted]@feedbackloopcompany.com, but it is …

By eric

Checking Roles in Views Using RoleRequirement

One of the rails projects I am working on is using the RoleRequirement plugin. This is a great plugin for seamless integration of roles into the controller level, but there wasn’t really much documentation on integrating this into the views themselves. So I figured I would put this little gem out there which has done …

By eric

Checking For A DoS

Working on groups of web servers, especially ones that are highly susceptible to attack, it is a good idea to have a string of commands that will allow you to check what is going on. Check for DDos: 1netstat -n | grep EST | awk '{ print $5 }' | cut -d: -f1 | sort …

By eric

10 More Tips Towards Securing Your Linux System

Since everyone seemed to enjoy my first round of tips and tricks to securing a linux system, I figured I would throw together a few more. Enjoy. There are files that get changed very infrequently. For instance, if your system won’t have any users added anytime soon then it may be sensible to chattr immutably …

By eric

10 Tips To Start Securing Your Linux System

A while back I had been asked to write a few quick tips that as an administrator, one would find helpful. They published in one form or another and are now available here. There are MANY more, but these are just a few. Enjoy. Users who may be acting up or aren’t listening can still …

By eric

Patching Procedure vs. Exploitation Potential

When you talk to many security experts, they pretty much agree that when a vulnerability hits, that it’s necessary that it be patched and that its only a matter of time until the sh*t hits the fan and some real knowledgable black hat has put something together for the script kiddies to play with. But …

By eric

Configuring mod_security for EnGarde Secure Linux

Introduction This document is intended to guide a user through initially setting up and understanding a mod_security+Apache2 under EnGarde Secure Linux setup. Once you have completed reading this document, you should be able to understand the basics of mod_security, what it is used for, and why it may apply to you and your environment. Why …

By eric

Follow My Travels

Buy My Book

Archives

  • 2014
  • 2013
  • 2012
  • 2011
  • 2010
  • 2009
  • 2008
  • 2007
  • 2006

writing