Security

Using Hiera with Puppet

With Hiera, you can externalize your systems' configuration data and easily understand how those values are assigned to your servers. With that data separated from your Puppet code, you then can encrypt sensitive values, such as passwords and keys. more>>

Urgent Kernel Patch for Ubuntu

Linux is engineered with security in mind. In fact, the most fundamental security mechanisms are built right in to the kernel itself, which makes it extremely hard for malicious code to bypass. more>>

Mumblehard--Let's End Its Five-Year Reign

Linux has a well deserved reputation as being one of the most secure platforms for individuals and businesses. This is largely due to the way security is integrated into the system, but there is a great risk in being too complacent. Recent events serve to remind us that there is no such thing as an uncrackable system. more>>

Drupageddon: SQL Injection, Database Abstraction and Hundreds of Thousands of Web Sites

Drupal is a very widely used open-source content management system. It initially was released in 2001, and recent statistics show Drupal as the third-most popular content management system, with just less than 800,000 Web sites utilizing Drupal as a content management system. more>>

Flexible Access Control with Squid Proxy

Large enterprises and nuclear laboratories aren't the only organizations that need an Internet access policy and a means of enforcing it. My household has an Internet access policy, and the technique I've used to enforce it is applicable to almost any organization. In our case, I'm not too concerned about outside security threats. more>>

Tighten Up SSH

SSH is a Swiss Army knife and Hogwart's magic wand all rolled into one simple command-line tool. As often as we use it, we sometimes forget that even our encrypted friend can be secured more than it is by default. For a full list of options to turn on and off, simply type man sshd_config to read the man page for the configuration file. more>>

Security in Three Ds: Detect, Decide and Deny

Whenever a server is accessible via the Internet, it's a safe bet that hackers will be trying to access it. Just look at the SSH logs for any server you use, and you'll surely find lots of "authentication failure" lines, originating from IPs that have nothing to do with you or your business. more>>

Nmap—Not Just for Evil!

If SSH is the Swiss Army knife of the system administration world, Nmap is a box of dynamite. It's really easy to misuse dynamite and blow your foot off, but it's also a very powerful tool that can do jobs that are impossible without it. more>>

Real-Time Rogue Wireless Access Point Detection with the Raspberry Pi

Years ago, I worked for an automotive IT provider, and occasionally we went out to the plants to search for rogue Wireless Access Points (WAPs). A rogue WAP is one that the company hasn't approved to be there. So if someone were to go and buy a wireless router, and plug it in to the network, that would be a rogue WAP. more>>

Sharing Admin Privileges for Many Hosts Securely

The problem: you have a large team of admins, with a substantial turnover rate. Maybe contractors come and go. Maybe you have tiers of access, due to restrictions based on geography, admin level or even citizenship (as with some US government contracts). more>>

January 2015 Issue of Linux Journal: Security

Security: a Method, Not a Goal

The Security issue of Linux Journal always makes me feel a little guilty. It turns out that although I have a fairly wide set of technology skills, I'm not the person you want in charge of securing your network or your systems. By default, Linux is designed with a moderate amount of security in mind. For that, I am incredibly grateful. more>>

Readers' Choice Awards 2014

It's time for another Readers' Choice issue of Linux Journal! The format last year was well received, so we've followed suit making your voices heard loud again. I couldn't help but add some commentary in a few places, but for the most part, we just reported results. Please enjoy this year's Readers' Choice Awards! more>>

The Awesome Program You Never Should Use

I've been hesitating for a couple months about whether to mention sshpass. Conceptually, it's a horrible, horrible program. It basically allows you to enter an SSH user name and password on the command line, so you can create a connection without any interaction. A far better way to accomplish that is with public/private keypairs. more>>

Big Bad Data

Obsession with Big Data has gotten out of hand. Here's how. more>>

Encrypt Your Dog (Mutt and GPG)

I have been focusing a lot on security and privacy issues in this year's columns so far, but I realize some of you may expect a different kind of topic from me (or maybe are just tired of all this security talk). Well, you are in luck. more>>

Syndicate content
Geek Guide
The DevOps Toolbox

Tools and Technologies for Scale and Reliability
by Linux Journal Editor Bill Childers

Get your free copy today

Sponsored by IBM

Webcast
8 Signs You're Beyond Cron

Scheduling Crontabs With an Enterprise Scheduler
On Demand
Moderated by Linux Journal Contributor Mike Diehl

Sign up and watch now

Sponsored by Skybot