Imminent Web Services

Reference:

In short, you can issue this command from your terminal to do ssh tunneling:

$ ssh -f -N -L 8081:127.0.0.1:3000 username@hostname.com

"-f" is to requests ssh to go to background just before command execution.

"-N" tells SSH client not to execute a remote command.

"-L [bind_address:]port:host:hostport" is to specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side.

For convenience, we will setup a profile in ~/.ssh/config:

To Install VMware Tools under BackTrack 3, here are the steps:

Someone left a comment in this blog introducing a trojan removal tool from search-and-destroy.com. So we decided to take a look.

That website looks very skeptical, with no real contact information at all. It displays some security seals, but god knows where those seals come from.

With a couple more searches, we found some comments on that website, telling that it is a misleading software. Here are the links:

To use Cisco VPN on Linux, you have a couple of options:

Here are some user guides for using GPG:

• The GNU Privacy Handbook and User guides - GnuPG.org
• GnuPG Gentoo User Guide 
• How to Use Gnu Privacy Guard - Community Ubuntu Documentation
• PGP User's Guide

Google released an open source tool called ratproxy, which aims for helping developers to audit Web application security. It is a non-disruptive tool designed for Web 2.0 and AJAX applications that produces an easy-to-read report of potential exploits.

Linux.com has a review on it today.

First, please check the Apache website for

• Apache HTTP Server Version 2.2 Security Tips 
• Apache HTTP Server Version 2.0 Security Tips 

http://xianshield.org/guides/apache2.0guide.html has some nice tips on how to harden your apache server. Especially, check your httpd.conf and make sure the configurations are fine.

Note: This is still a work in progress. I will gradually add items to the list. You are welcome to contribute your points. Thanks.

Harden Your Web Server

Harden the web server's setup and configuation

If you use Apache, here is howto harden Apache.

If you use lighttpd, here is howto configure lighttpd for security. Note: you will need to enable mod_rewrite, mod_redirect.

If your network admin complains that your computer is flooding the network with icmp requests, and if you are not aware of any program that need to do this, you should pay attention and find out what's going on.

To see a statistic report on your computer's icmp activities:

root# netstat -sp

This displays summary statistics for each protocol. Look under the section "Icmp:" for icmp related statistics report.

To see icmp traffic on your computer:

root# tcpdump icmp