Process Privilege Escalation with SUID
Did you know that on a Linux system running the ping command requires root privileges? Normal users are able to run the command through a special permission known as setuid
Rohan Molloylinux security
Reverse Port Forwarding with Bash
I had wondered for a while how SSH reverse port forwarding works. RPF allows you to publish any reachable port upstream to a server. This allows you to act as a server without having to open any external ports.
Rohan MolloyImproved IPtables Tutorial
This tutorial is a beginner friendly introduction to the iptables firewall and includes a number of practical examples.
Rohan MolloyComprehensive OpenVPN Tutorial
In this tutorial, we will look at managing an openvpn server and certificate authority and will provide a detailed breakdown of the configuration options Table of contents Setting up a CA Build the CA environment Generate the CA certificate Generate the CRL certificate Server Prep…
Rohan MolloyDocker Firewalling - Unpublishing a port
Intro I have a Docker container that has a port unconditionally published (e.g. -p 2368:2368). I've changed my mind and decided I don't want this port exposed to the entire internet; only the docker host should see it. How do I fix this without having to rebuild the container? Table of contents Intr…
Rohan Molloysshuttle - a VPN for the lazy
sshuttle is a Python based script that allows you to tunnel connections through SSH in a far more efficient way then traditional ssh proxying. By far the greatest perk of sshuttle is that it requires no installation on the server side. As long as you have an SSH server (with python installed) you're…
Rohan MolloyMy IPTables Configuration Script
I've talked quite a lot about iptables but haven't really shown how I actually put it into practice. Today I'll share a shell script I wrote to set up IPTables on my Fedora 25 Desktop. Download Warning: Make sure you check its appropriate for your needs and you understand its functionality before ru…
Rohan MolloyUsing Dynamic Blocklists with IPtables + IPset
In this tutorial, we will learn how to make automatically updated block lists of known bad addresses using ipset and iptables. This provides a proactive security approach that can use external datasets to discover addresses known for malicious activity and prevent them from accessing your web server…
Rohan Molloy