security

Do Not Run Dockerized Applications as Root

Learn about the all too common mistake of running Dockerized Applications as Root. What the concequences are, and how to avoid them.

Using stunnel and TinyProxy to obfuscate HTTP traffic

Recently there has been a lot of coverage in both tech and non-tech news outlets about internet privacy and how to prevent snooping both from service providers and governments. In this article I am going to show one method of anonymizing internet traffic; using a TLS enabled HTTP/HTTPS Proxy. In this article we will walk through using stunnel to create a TLS tunnel with an instance of TinyProxy on the other side.

Sending redis traffic through an SSL tunnel with stunnel

Lately if you have been paying attention to tech or even mainstream media you might have seen a few stories about data breaches. Sometimes these data breaches have allowed attackers to gather unencrypted passwords or credit card numbers. In the past these types of attacks still happened, but there was not as many attacks as today and when they happened they were kept secret. With more and more internet based services becoming part of peoples lives, there is even more targets for attackers who are looking to get sensitive data.

10 nmap Commands Every Sysadmin Should Know

Recently I was compiling a list of Linux commands that every sysadmin should know. One of the first commands that came to mind was nmap. nmap is a powerful network scanner used to identify systems and services. nmap was originally developed with network security in mind, it is a tool that was designed to find vulnerabilities within a network. nmap is more than just a simple port scanner though, you can use nmap to find specific versions of services, certain OS types, or even find that pesky printer someone put on your network without telling you.

NFS: Setting up a basic NFS file system share

While there are many distributed file systems out there; especially with the rise of cloud & virtual computing. The Network File System or NFS protocol has by far held its title as an easy to use, fast to implement and very efficient distributed file system. In today's article I will be covering how to set up a basic NFS share. This article will assume that you have already created a file system, if not hop over to this article and then come back for the NFS steps.

Sudoedit: Securely allow users to edit files

Allowing unprivileged users to edit files that are normally beyond their rights is a task that is easy to perform however it requires a great deal of forethought to implement without opening security holes. You can give users the ability to edit privileged files by using User/Group Permissions, ACL's, or even sudo; but no matter which way you choose there are some things you must consider. For an example lets take a look at 2 files /etc/services and /etc/cron.

Why you should avoid running applications as root

I'm going to start this post by saying what I'm really thinking. 90% of the time if an application is running as the root user on a Unix/Linux machine; it is because the sysadmin who setup or designed the environment was being lazy. Now before getting offended, being a lazy sysadmin is a good thing. The fact is that most systems administrators are lazy in some way, and that is the reason why most systems administration tasks end up being scripted.