Linuxaria

sslh – a ssl/ssh multiplexer for Linux

Jul 222012

Sometimes you have some firewall that don’t allows you to accept connection other than some specific ports let’s say that you can connect on your VPS or remote server only on the ports 80 (http) and 443 (https), but you need a port also for ssh to manage your vps/server but the port 443 is used by your Web server with its https protocol, so what can you do ?

This is where sslh comes in. It’s a really simple tool that wraps incoming connections to a port and then depending on protocol redirects it onto sshd back on port 22, or to your web server on localhost:443.
Continue reading »

Find me on Google+

OpenVAS – Open Source Vulnerability Scanner

Howto, Review 2 Responses »

May 212012

I thank Maurizio Pagani for allowing me to publish and translate his interesting presentation, published on http://babel.it.

OpenVAS is a framework that includes services and tools for scanning and the complete managment of vulnerability.
A vulnerability scanner is a tool that allows you to scan a target system (IP/HOSTNAME) based on a range of ports and a set of policies. The tool is supported by a database that is used from the vulnerability scanner to analyze possible problems whenever you find a listening service. The tool that scans receives daily updates from the database Network Vulnerability Tests “NVTs”.
Continue reading »

Find me on Google+

How to put Varnish in front of your Webserver without doing any change.

Article, Howto 9 Responses »

Apr 302012

Varnish is an open source “web accelerator” which you can use to speed up your website.

It can cache certain static elements, such as images or javascript but you can also use it for other purposes such as Load balancing or some additional security, in general most of the people want to try it and test their website to see if it’s really so amazing (IMO yes, but test it yourself).

The traditional guides will tell you to move your webserver to another port, perhaps 81,8080 or just bind to localhost, configure Varnish to listen to port 80 and use the web server as backend, the server where Varnish will forward requests not found in his cache.

This is the “normal” configuration and it works fine, but sometimes you just want to make a quick Test or perhaps you are using a Control Panel, such as Cpanel, Kloxo or ISPConfig and in my experience change the standard listening ports of Apache is not a decision to be taken lightly with these tools.

So in a VPS (with Kloxo) I’ve used a different approach: iptables.
Continue reading »

Find me on Google+

Simple security by evaluating open ports

09/07/2011
Simple security by evaluating open ports
Posted by linuxari at 22:09
5 Responses
Article, Howto
Tagged with: ip connections, linux, localhost, lsof, netstat, network, ports, security, ubuntu

Article by Dominique Cimafranca first published on his blog regarding Ubuntu, and Linux in general. A simple but effective procedure for evaluating security on your computer is to check what sites it’s connecting to, or what sites are connecting to it. Most critical malware nowadays turn computers into zombies for botnets — typically zombified hosts will [...]