Security

Certbot - Let's Encrypt certificates on Debian server with Apache webserver

How install and use certbot on Debian system, examples how create Let's Encrypt certificates for multiple domains, how handling certbot automatic renewal. It covers a apache2 webserver configuration for using cerbot generated certificates. Setup is made for Debian and debian based linux distributions

Linux Debian Security Web Servers

Certbot and Let’s Encrypt CA

What is Certbot, cerbots commands and user guide, what is Let's Encrypt Rate Limits. How works cerbot authenticators and installers, certbot commands exmaples

Linux Security Web Servers

OCSP Stapling on Nginx and Apache webserver

To understand OCSP stapling, it is necessary to understand OCSP, the Online Certificate Status Protocol. OCSP is a protocol for determining whether a certificate is revoked (for instance, becau se its private key was compromised). Every time a browser connects to an HTTPS website, it contacts the OCSP responder specified in the SSL certificate, and asks if the certificate is revoked. If the respond er replies that the certificate is revoked, the browser blocks the page from loading.

Web Servers Networking Security

ProFTPd Server with virtual users and in SFTP mode

How to configure proftpd server with virtual users and with sftp mode.

Debian Linux Networking Security

nftables geoip - continents ip

In the previous articles, we showed how to perform packet marking in nftables based on geoip source ip addresses and also how to log traffic to external files .
Today we will show how to mark packets based on which continent they come from.

The principle is that we first mark packets based on the source IP address so that we know which countries they are coming from. And then we'll find out which continent the state is on.

Linux Security Networking

nftables and GeoIP

We'll learn how we can block traffic originated from specific country or continent IPs using GeoIP database and linux nftables . This article describes the configuration for debian linux distros. nftables is the new packet classification framework that intends to replaces the existing {ip,ip6,arp,eb}_tables infrastructure. In a nutshell:

It is available in Linux kernels >= 3.13
It comes with a new command line utility nft whose syntax is different to iptables.
It also comes with a compatibility layer that allows you to run iptables commands over the new nftables kernel framework.
It provides generic set infrastructure that allows you to construct maps and concatenation. You can use this new feature to arrange your ruleset in multidimensional tree which drastically reduces the number of rules that need to be inspected until you find the final action on the packet.

I assume you have at least basic experience with the nftables configuration.

Linux Security Networking

How nftables log to external file

Logging traffic blocked by the nftables or iptables firewall rules is necessary for debugging the firewall rules and to be alerted to local software problems. Any packet matching a rule can be logged by using -j LOG target for iptables or log statement for nftables. Logging packet has no effect on the packet's disposition, however. The packet must match an accept or drop rule.

Linux Security Networking

Add or Change SSL/TLS certificate in Lotus Domino

Set up SSL on a Domino® server so that clients and servers that connect to the server use SSL to ensure privacy and authentication on the network. You set up SSL on a protocol-by-protocol basis. For example, you can enable SSL for mail protocols -- such as IMAP, POP3, and SMTP -- and not for other protocols.

Security Linux

How To Configure vsftpd to Use SSL/TLS and virtual users

In this guide, we will configure vsftpd to use SSL/TLS certificates and virtual users.

Debian Linux Networking Security

Understanding Key Differences Between FTP, FTPS and SFTP

Perhaps the most common protocols used in file transfer today are FTP, FTPS and SFTP. While the acronyms for these protocols are similar, there are some key differences among them, in particular how data are exchanged, the level of security provided and firewall considerations. Learning these key differences can help you when choosing a file transfer protocol or troubleshooting common connection issues.

Networking Security

How to Enable Full Disk Encryption with encrypted boot, root partition and ramdisk in Debian - Ubuntu Linux

This is a tutorial on how to get a step-by-step installation of Debian on a fully encrypted disk. We encrypt everything, including the kernel and the initialization ramdisk. Without a password, the thief will not even blow.

Security Debian Linux

Most secure SSL/TLS configuration for Apache, Nginx, Postfix, Dovecot, HAProxy and other

What is a cipher suite?

Cipher suites decide how secure, compatible and fast your HTTPS website is. A cipher suite is a set of information that helps determine how your web server will communicate secure data over HTTPS.
A web server uses certain protocols and algorithms to determine how it will secure your web traffic. These are the ingredients of a secure connection. A cipher suite is essentially a list of those ingredients.

Security Linux Networking Web Servers