This is a follow up of the ‘how to install the ELK stack on CentOS 8’. That is a basic setup with no security at all. There is no encryption, no username and password setup, nothing. Not even firewall rules to filter ports. And as it’s known security can’t only rely on one factor but […]
How to secure the ELK stack on CentOS 8
How to use Fail2ban with WordPress
In a previous article we did an install of Fail2ban on a FreeBSD server. This tool can help us to protect our WordPress install, independatly from if we are using the FAMP stack or the LAMP stack. As I mentioned on that article Fail2ban is a complementary tool to our firewall. It works by scanning […]
Abandon Linux. How to export and import FreeBSD Jails ‘a la Docker’
FreeBSD Jails is an awesome tool similar to Docker but much older which allows administrators and developers alike to have several securely contained userland environments sharing one kernel. Does it sound familiar? This is operating-system-level virtualization and it’s different than what you find on KVM or Xen camps. For more detailed information I’ve published some […]
How to test SSL/TLS configurations
If you are in charge of any site with SSL/TLS conenctions enabled you are always in the chase to get the best possible and most secure configuration. This isn’t always the case and the lack of time does take its toll on many administrators. Those individuals are always asked to do more with less and […]
How to update FreeBSD with freebsd-update
Anytime you set a clean fresh FreeBSD install or just any other operating system you must update it. This should be the first thing. If you are a bit security aware (read paranoid) you can first set up the firewall rules and then update the system to the latest release where you have all the […]
How to synchronize system and network time in FreeBSD
For several applications it is necessary to synchronize your server to the network time. The protocol is called Network Time Protocol (NTP) and is basically giving the correct time to the world nowadays. Reading the Wikipedia entry is very interesting. FreeBSD comes with the ntp client. To set this up you will just add the […]
List of Speculative Execution Vulnerabilities
Vulnerability CVE Exploit name Public vulnerability name Firmware changes Spectre 2017-5753 Variant 1 Bounds Check Bypass (BCB) No Spectre 2017-5715 Variant 2 Branch Target Injection (BTI) Yes Meltdown 2017-5754 Variant 3 Rogue Data Cache Load (RDCL) No Spectre-NG 2018-3640 Variant 3a Rogue System Register Read (RSRE) Yes Spectre-NG 2018-3639 Variant 4 Speculative Store Bypass (SSB) […]
How to install Nessus 10 on FreeBSD 12
Nessus is a professional vulnerability scanner from the reputable cybersecurity company Tenable. I have already written about it in the past but installing it on a GNU/Linux distro. This very article will guide anyone to install Nessus 10 on FreeBSD, since Tenable is releasing binaries for FreeBSD 11 and 12 as of the time of […]
How to use Cloudflare’s Argo Tunnel service to publish a website on FreeBSD 12/13
What is the Cloudflare Argo Tunnel service? In short, a tunneled connection between a host and Cloudflare’s network. A longer depiction can be read in a blog entry of theirs, but I would put it as a secure way to connect the services you want to publish using their network as a shield. An example […]
How to find vulnerabilities in your WordPress with WPScan
Vulnerability scanners are useful tools for administrators and security analysts alike. For the casual WordPress user tools like WPScan may look excessive and complicated for their knowledge, they just need their blog, web page, whatever they’re doing up and running. Any complex administration bothers them to the max, and there are good and valid reasons […]