{"id":34258,"date":"2019-02-15T10:54:05","date_gmt":"2019-02-15T08:54:05","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=34258"},"modified":"2019-02-15T10:54:12","modified_gmt":"2019-02-15T08:54:12","slug":"how-to-secure-a-linux-server","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/15\/how-to-secure-a-linux-server\/","title":{"rendered":"How To Secure A Linux Server"},"content":{"rendered":"<!-- google_ad_section_start -->\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/github.com\/imthenachoman\/How-To-Secure-A-Linux-Server\">How To Secure A Linux Server<\/a> is a nice collection of tips and tricks on improving the security of a Linux server.  There are some well-known bits like SSH key authentication and firewall configuration, as well as some less common bits like multi-factor authentication and RAM disk for  <em>\/tmp<\/em>.<\/p>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>How To Secure A Linux Server is a nice collection of tips and tricks on improving the security of a Linux server. There are some well-known bits like SSH key authentication and firewall configuration, as well as some less common bits like multi-factor authentication and RAM disk for \/tmp.<\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"How To Secure A Linux Server #SysAdmin #DevOps #Linux #security","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_links_to":"","_links_to_target":""},"categories":[1,6,133,62],"tags":[3069,200],"keyring_services":[],"class_list":["post-34258","post","type-post","status-publish","format-standard","hentry","category-general","category-linux","category-sysadmin","category-technology","tag-best-practices","tag-security"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":7517,"url":"https:\/\/mamchenkov.net\/wordpress\/2004\/05\/21\/fix-for-fedora-linux-core-2-ldap-authentication-problem\/","url_meta":{"origin":34258,"position":0},"title":"Fix for Fedora Linux Core 2 LDAP authentication problem","author":"Leonid Mamchenkov","date":"May 21, 2004","format":false,"excerpt":"Just few minutes after posting to Fedora mailing, I've managed to find the solution to my problem with LDAP authentication in Fedora Linux Core 2. Murphy's law in action. :) It seems that there was an undocumented change in default behavior. File \/etc\/ldap.conf (provided by nss_ldap) says: # OpenLDAP SSL\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":17884,"url":"https:\/\/mamchenkov.net\/wordpress\/2013\/03\/14\/ssh-dynamic-black-list\/","url_meta":{"origin":34258,"position":1},"title":"SSH dynamic black list","author":"Leonid Mamchenkov","date":"March 14, 2013","format":false,"excerpt":"Slashdot runs the post on how bots are now trying higher ports for SSH password guessing. \u00a0This is not a problem for those who do key-based authentication, but for those who have to have password authentication enabled, there is plenty of good advice in the comments to the post. \u00a0One\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":12267,"url":"https:\/\/mamchenkov.net\/wordpress\/2010\/03\/19\/copy-ssh-key-to-remote-machine\/","url_meta":{"origin":34258,"position":2},"title":"Copy SSH key to remote machine","author":"Leonid Mamchenkov","date":"March 19, 2010","format":false,"excerpt":"Those of us who use secure shell (SSH) for logging in to remote machines, already know about key authentication, which is so much easier and sometimes more secure than password authentication.\u00a0 We also know that in order to make it work you need to: generate a pair of keys with\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27966,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/09\/08\/radicale-free-and-open-source-caldav-and-carddav-server\/","url_meta":{"origin":34258,"position":3},"title":"Radicale &#8211; Free and Open-Source CalDAV and CardDAV Server","author":"Leonid Mamchenkov","date":"September 8, 2017","format":false,"excerpt":"Radicale is a free and Open Source CalDAV and CardDAV server. \u00a0Here are some of the features: Shares calendars through CalDAV, WebDAV and HTTP. Shares contacts through CardDAV, WebDAV and HTTP. Supports events, todos, journal entries and business cards. Works out-of-the-box, no installation nor configuration required. Can warn users on\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":16722,"url":"https:\/\/mamchenkov.net\/wordpress\/2012\/09\/19\/zabbix-the-enterprise-class-monitoring-solution\/","url_meta":{"origin":34258,"position":4},"title":"Zabbix &#8211; The Enterprise-class Monitoring Solution","author":"Leonid Mamchenkov","date":"September 19, 2012","format":"link","excerpt":"Zabbix - The Enterprise-class Monitoring Solution Zabbix is the ultimate open source availability and performance monitoring solution. Zabbix offers advanced monitoring, alerting, and visualization features today which are missing in other monitoring systems, even some of the best commercial ones. Below is a short list of features available in Zabbix:\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":12254,"url":"https:\/\/mamchenkov.net\/wordpress\/2010\/03\/17\/openssh-5-4-released\/","url_meta":{"origin":34258,"position":5},"title":"OpenSSH 5.4 released","author":"Leonid Mamchenkov","date":"March 17, 2010","format":false,"excerpt":"Now that I have a bit more time on my hands, I am catching up with all the RSS feeds, news, and announcements that I've missed recently.\u00a0 One of them was the release of OpenSSH 5.4 - a tool for pretty much every Linux user.\u00a0 There are a few interesting\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/34258","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=34258"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/34258\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=34258"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=34258"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=34258"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=34258"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}