This script will detect if SSH has inadvertently been exposed to the outside world.
It would be neat if my wireless access point could bridge directly to my cable modem so that clients would have proper public IP addresses. Being directly connected to the internet significantly increases vulnerability so the aim is to address this with a bridge firewall.
This is an experimental script I made to store encrypted TFA credentials in the cloud. It uses GPG to protect the the uploaded data. The tokens can be accessed anywhere on anything that has access to the GPG key.
The script, using only Bash, will scan common ports, and if an open port is found, it will display a base64 encoded output of the servers response.
This tutorial will demonstrate how to create reactive firewall rules. If a device attempts to communicate with known malware command-and-control servers, the potentially compromised device will be added to a blacklist, and its internet access will be immediately disabled.
This tutorial will show you how to set up a blog using Cloudflare and Ghost. Cloudflare will improve performance and security by acting as a caching reverse-proxy.
This tutorial will look at how to configure an OpenVPN server using a certificate issued by a recognized certificate authority. An internal CA will still be used to verify clients
This tutorial will show you how to set up TOR as a daemon and host hidden services. Hidden services are only available on the TOR darknet and allow you to host services without
This tutorial creates rules to limit traffic (both ingress/egress) only to gateway. This prevents traffic from other patrons reaching you when using public wifi
Ferm is a 'frontend' for iptables written in Perl. The best way to describe it is a firewall compiler (although it can do more than that, as we'll see later). Ferm provides a syntax that is simple, rich, and flexible for writing rules, ferm then generates a list of iptables rules.
Here is a handy snippet for configuring a hardened SSL/TLS on Nginx. It receives a A+ rating when tested at Qualys. A later post will discuss the configuration options in detail, what
A primitive port scanner can be constructed using solely the bash shell via its /dev/tcp virtual file. The script will scan common ports, and if an open port is found, it will display a base64 encoded output of the servers response.
Stunnel is a tool that allows you to seamlessly add TLS to most existing services. Stunnel listens on a port, and can either receive encrypted traffic and pass it to an unencrypted destination,
Intro I have a Docker container that has a port unconditionally published (e.g. -p 2368:2368). I've changed my mind and decided I don't want this port exposed to the entire internet;
Today we will learn how to set up Nginx so that clients have to authenticate using certs. This provides additional security above basic password authentication.
I've thought it would be cool to have Two Factor Authentication operating on the command line, perhaps in some isolated container, rather than having it in a phone which can easily be lost
sshuttle is a Python based script that allows you to tunnel connections through SSH in a far more efficient way then traditional ssh proxying. By far the greatest perk of sshuttle is that
I've talked quite a lot about iptables but haven't really shown how I actually put it into practice. Today I'll share a shell script I wrote to set up IPTables on my Fedora
In this tutorial, we will learn how to make automatically updated block lists of known bad addresses using ipset and iptables. This provides a proactive security approach that can use external datasets to
This tutorial will be a short and sweet introduction into setting up ssh bastion hosts. What is a SSH bastion: SSH bastions (jump hosts) are used to middleman SSH connections between isolated networks.