If you follow current IT security vulnerabilities and security breaches, you’ll probably agree that keeping systems up to date is becoming increasingly important. Unattended upgrades for Debian/Ubuntu have been around for as long as I can remember and it’s a pretty easy way to achieve that. Here’s how.
Continue reading Automatic / Unattended (Security) Updates in DebianTag: security
How to setup WireGuard VPN with ChromeOS client
You read my last post about strongSwan because you wanted to setup a VPN for yourself? Too complicated? Well, give Wireguard a try then.
Continue reading How to setup WireGuard VPN with ChromeOS clientstrongSwan IPsec VPN IKEv2 with ChromeOS client
strongSwan is a complete IPsec solution. It can be used to secure the communication between your servers and clients by authentication and encryption.
Continue reading strongSwan IPsec VPN IKEv2 with ChromeOS clienteBPF bypass with Suricata 7.0.2 in Debian 12 Bookworm
This does not work out-of-the-box currently. I saw a bug report that the currently shipped .bpf files are not working with current libbpf (version >1.0). However, here’s how you can compile them yourself.
Continue reading eBPF bypass with Suricata 7.0.2 in Debian 12 BookwormYour site is unable to reach wordpress.org or dokuwiki plugin store through suricata?
I had some trouble with Suricata as an IPS with wordpress and dokuwiki. My wordpress was unable to reach wordpress.org and my dokuwiki was unable to reach the plugin/extension store of dokuwiki. While I’m (still) not sure what exactly is causing this, I found a work-around for it.
Continue reading Your site is unable to reach wordpress.org or dokuwiki plugin store through suricata?Hardening your OpenSSH Configuration – Do you know about the tool ssh-audit? [updated]
OpenSSH usually comes with a default configuration which provides high compatibility. So even old clients can still connect. However, this compatibility comes at a price because some of the ciphers / algorithms used may be open to vulnerabilities. If you want to strengthen the encryption and get an overview about known vulnarabilities with your OpenSSH Server or Client configuration, ssh-audit is for you.
Continue reading Hardening your OpenSSH Configuration – Do you know about the tool ssh-audit? [updated]Digitization of documents in Linux with paperless-ngx Part 1 – Installing and securing it
When I read about paperless-ngx I liked the idea of having all my documents in a central storage so that I could access them from all my devices. Furthermore those documents would be indexed (also using OCR) so that I could search (fulltext) in all of them. Due to the tagging system – if done correctly – exporting all my documents for my yearly tax declaration should just take seconds…
Continue reading Digitization of documents in Linux with paperless-ngx Part 1 – Installing and securing itBlock Bogons with Suricata
I believe in my old blog I’ve shown how to block bogons with iptables and later with nftables. Here’s how to do it with Suricata.
Continue reading Block Bogons with SuricataCreate a suricata rules file using fail2ban
In my last posts I’ve shown a central syslog which feeds fail2ban, suricata as an intrusion prevention system (IPS) and here is the final piece which feeds suricata with the results of fail2ban by creating a .rules file for suricata-update.
Continue reading Create a suricata rules file using fail2banWorking with suricata
This is a follow up to my last post in which I described how to setup suricata as a IPS which bridges traffic between two interfaces using af-packet (and all that in a virtual machine). Here I’m showing how to work with suricata in general – or rather – how I work with suricata.
Continue reading Working with suricata