February 2024


February 2024

Freeipa Centos 6.7

FreeIPA is a solution for managing users, groups, hosts, services, and much, much more. It uses open source solutions with some Python glue to make things work. Identity Management made easy for the Linux administrator. FreeIPA is an open source alternative to Microsoft Directory Server. It provides the following functionality:

Centralised LDAP based authorisation Kerberos […]

CentOS6.x risk vulnerabilities

This article is only for the Green League vulnerability scan results, in RHEL / CentOS / OEL5.x x64-bit versions exist as high-risk vulnerabilities, where finishing solutions, again through vulnerability scanning, vulnerability has been patched. High-risk OpenSSH ‘schnorr.c’ remote memory corruption vulnerability (CVE-2014-1692) OpenSSH J-PAKE licensing issues Vulnerability (CVE-2010-4478) OpenSSH GSSAPI remote code execution vulnerability (CVE-2006-5051) […]

Encrypt/Decrypt string with openssl

Sometimes it can be helpfull to encrypt/decrypt strings on Linux.

Of course we can install tools like crypt but is not always available after default installation.

Good thing is that we also have openssl which is nearly always installed on a linux server.

How to encrypt a string with openssl :

$ echo “juicy” […]

GPG file encryption command line in Linux

GPG file encryption using key pair GPG basic file encryption doesn’t required public/private key. But to make a encrypted file more secure you can use RSA/DSA algorithms. These algorithms generates public and private keys to encrypt file.

There are three criteria to use GPG file encryption.

1. Encrypt/Decrypt file locally for same user account. 2. […]

Linux Security

Centralized SSH Keys

There are times when it is beneficial to take control of SSH key management on a server. This brief tutorial will centralize all user SSH keys to a single location and allow root to manage them.

We will be keeping all keys in a single directory located in /etc/ssh/authorized_keys. Within the directory, […]

OpenSSL Usage

List available Ciphers: openssl ciphers -v openssl ciphers -v tls1 #only TLS ciphers openssl list-cypher-commands openssl ciphers -v ‘HIGH’ #only good ciphers

Test OpenSSL Speed: openssl speed openssl speed rsa #test only rsa

Generate self-signed cert: openssl req \ -x509 -nodes -days 365 \ -newkey rsa:1024 -keyout mycert.pem -out mycert.pem OR openssl req […]


To create ssh keys:ssh-keygen -t dsa -d 2048Optionally leave the passphrase blankThis will create a ~/.ssh/id_dsa and ~/.ssh/id_dsa.pub file.

Check for validity:ssh-keygen -l -f ~/.ssh/id_dsa.pub

Copy the key to the remote server:cat ~/.ssh/id_dsa ssh remote_host ‘sh -c “cat – >>~/.ssh/authorized_keys”‘

Convert commercial (SECSH) ssh private / public key to OpenSSHssh-keygen -i -f id_dsa.pub > id_dsa_openssh.pub […]

GPG Management Commands

Generates key pair:gpg –gen-key

Lists public and private current keys:gpg –list-keysgpg –list-secret-keys

Exports public key / private key:gpg –armor –export jaz@example.comgpg –export-secret-key –armor “jaz@example.com” > private.key

Imports a public key / private key:gpg –import joe.cagpg –allow-secret-key-import –import private.key

Delete public / private key:gpg –delete-key “jaz@example.com”gpg –delete-secret-key “jaz@example.com”

Encrypt a document with someone’s public key:gpg –output […]

ClamAV Virus Scanning

Thankfully Linux isn’t a platform which has a significant problem with Viruses, however it is always better to be safe than sorry. Luckily ClamAV is an excellent free anti-virus solution for Linux servers. However, at least on RedHat Enterprise 5 (RHEL5) the default install doesn’t offer any automated scanning and alerting. So here is what […]

OSSEC Server Installation on CentOS

OS: CentOS 5.6 i386, CentOS 6.2 i386 Ossec Version: 2.6 Hardware: Virtual Machine (VirtualBox 4.1.14) About

OSSEC is an opensource Host Intrustion Detection System (HIDS). OSSEC let you monitor log files, integrity of files and detects root kits in a client-server environment.

OSSEC Server Installation Install wget and update your system yum install wget […]