Posts Tagged security

To upgrade or not to upgrade?

That’s another great sysadmin’s dilemma: do you do updates often, trying to keep your systems at the “cutting edge” and have all the security patches upplied immediately upon official release, or do you roll the updates out as discretely as possible, not trying to fix something that’s not [still] broken? That, and the fine topic […]

, , , , , ,

No Comments

chattr for hackers

Yet another boring chapter, Chapter 5 the filesystem in the “UNIX and Linux System Administration Handbook”, bar the excellent overview of the ACL topic, still has a bit of fun going on. Linux defines a set of supplemental flags that can be set on files to request special handling. The immutable and append-only flags (i […]

, , , , ,

No Comments

sudo or not sudo

Nothing prevents you from changing the username on this [root] account or from creating additional accounts whose UIDs are 0; however, these are both bad ideas. That was the most profound saying in probably the most boring chapter of the “UNIX and Linux System Administration Handbook”, Chapter 3, about the root account and related topics. […]

, , ,

No Comments

SPF and SOHO privacy

SPF (Sender Policy Framework) is cool stuff and when implemented properly helps vanity domain owners play on par with big email service providers, like gmail. However, in its basic form it presents privacy concerns for small offices operating out of their homes, or any other small mail senders. The problem is that anyone on the […]

, , ,

No Comments

Cryptography expert needed

[This is my response to a job post on Upwork. Just for a record.] Cover Letter Hi there, You seems to have quite large list of desirable skills up there. I suppose it is not expected to be covered by a single person, otherwise I wouldn’t dare applying for the position. I have got a […]

,

No Comments

TLS in postfix SMTP client

DreamHost changed SSL cert for mail once again. There is a tricky way of adding CA certificates into Linux system’s certs repository: Put CA certificates in /usr/local/share/ca-certificates/, and NOT the system directory /usr/share/ca-certificates/ run update-ca-certificates to update the compiled list of CA certificates. Add the path to /etc/postfix/main.cf : smtp_tls_CApath = /etc/ssl/certs … but I […]

, , , , , ,

No Comments

Poor symlinks at DreamHost

DreamHost has once again introduced changes (Apache upgrade?) to symlink handling.

, , , ,

No Comments

myemptymind.com attempts to hack 123Unix.com

While revamping 123Unix!com pages I’ve set the whole of http://www.123unix.com/ to be behind a ht password. The only reason for that was to save stray visitors from confusion of half-written pages at the website. So the password wasn’t particularly strong – just a single character! Still, “real” hackers don’t brute-force passwords any more, they’ve got […]

, ,

No Comments