SSL stands for Secure Sockets Layer and it an old implementation of a crytographic protocol. TLS, or Transport Layer Security, is a new one. They are both used to have privacy in the communications between different parties. They are used to secure email, web browsing, instant messaging, etc These protocols work in a complex way […]
A brief introduction to SSL/TLS certificates
Abandon Linux. How to install iocage to manage FreeBSD Jails
The iocage program is a python 3 piece created to manage FreeBSD Jails leveraging the underpinning ZFS file system on FreeBSD. As already explained on previous articles the FreeBSD operating system offers an OS-level virtualization system called Jails. And as described on past articles it can benefit administrators and developers alike. This is a simple […]
How to patch OpenSSH in FreeBSD 12.2
The default version of OpenSSH in FreeBSD 12.2 today, and it’s been this for quite some time, is not the most recent published by the OpenBSD guys, which by the way are the ones developing OpenSSH. Not only is not the latest but it has a few vulnerabilities affecting it, medium risk ones but nevertheless […]
How to use Cloudflare’s Argo Tunnel service to publish a website on FreeBSD 12/13
What is the Cloudflare Argo Tunnel service? In short, a tunneled connection between a host and Cloudflare’s network. A longer depiction can be read in a blog entry of theirs, but I would put it as a secure way to connect the services you want to publish using their network as a shield. An example […]
How to analyze suspicious email
Millions of emails are sent and received every day. Most of them are just junk. And many among those are potentially harmful. Phishing still is one of the most effective ways for malicious actors to penetrate into well secured networks. The weakest link, too often, is the human factor. Training can help mitigate this 24×7 […]
Lynis or how to quickly audit your system’s security configuration
A colleague of mine pointed me out to Lynis, a system’s configuration audit tool which checks the hardening of any running UNIX or UNIX-like system, including the BSDs. This tool has a built in check list and a set of sane and safe configurations and compares them to the target system. As output we find […]
How to install the bash shell on FreeBSD
Believe it or not the Bash shell does not come installed on the system. By default FreeBSD uses the sh shell (after the rewrite under the BSD license on 1989 of the original Bourne Shell found on UNIX, which had inherited the ‘sh’ name from the original’s Thomson shell), the C shell or the tcsh […]
How to setup MariaDB master-slave replication on FreeBSD
Having all the data in just one server is not the best idea. Especially when talking about a database server. Spreading information in several boxes is a good measure to prevent data loss but also for performance. A MySQL/MariaDB master-slave replication scheme is often used as a good solution for both, data redundancy and speed. […]
How to mitigate Spectre and Meltdown on an HP Proliant server with Ubuntu
As recently announced in a previous article I wanted to write a couple of guides on how to mitigate Spectre and Meltdown vulnerabilities in GNU/Linux and UNIX environments. It is always a good and I hope a standard practice to have your systems patched and if they aren’t for whatever the reason (that legacy thing […]
How to mitigate DoS attacks with mod_evasive on FreeBSD
Denial of Service attacks or the distributed version of them (DDoS) have been growing throughout the years with their ups and downs. In my view the only thing that will happen to them is even bigger growth. With the advent of IoT devices the next decade will see an increase in these kind of attacks. […]