Suricata is a Network Intrusion Detection and Prevention System as well as a Network Security Monitoring engine. For now I am using Suricata as an IPS and here I’ll show you how to set it up.
Continue reading Setting up Suricata in Debian Bookworm running in KVM with af-packet as IPSTag: security
Setup a central logging instance (and use it to block traffic using fail2ban)
A very light-weight approach for storing logs centralized is by just using rsyslog. My virtual machines all use rsyslog. That rsyslog sends it’s logs to another internal virtual machine which runs rsyslog as well. A fail2ban instance is checking all these logs and sending a block command to the firewalls. Here is how.
Continue reading Setup a central logging instance (and use it to block traffic using fail2ban)Encrypting existing volumes in ZFS using zfs send and zfs recv
Let’s say you want to encrypt your previously not encrypted data – in my example a ZFS pool. A good way to do so is to simply use zfs send and zfs receive. These commands can be used to transfer ZFS data streams. The procedure is pretty simple. Create a snapshot, transfer this snapshot using zfs send and receive it using zfs receive.
Continue reading Encrypting existing volumes in ZFS using zfs send and zfs recvEncryption of ZFS volumes using a remote / external key-system written in PHP
I thought a long time about what security benefits I have if I store the encryption key of a volume on the same system (locally). Let me share some of these thoughts with you. Then I’ll show you my approach using a self-written key-system in PHP (using RedBeanPHP and Sqlite) and finally I’ll show you how to use this with ZFS.
Continue reading Encryption of ZFS volumes using a remote / external key-system written in PHPHow I configure my sites in NGINX
Tuning / Improving your security using external online tools would be another possible headline for this article. There are a few pages I regularly use to optimize my configuration. Here’s a small guide.
Continue reading How I configure my sites in NGINXAmavisd-new and DKIM
Currently I’m playing around with amavisd-new and amavis-milter. Trying to analyse a maybe-bug I temporarily disabled DKIM signing. Then I had the glory idea to send an E-Mail to the amavis maillinglist. It sort of caused some mail reporting storm back to me. In this article I’ll show you, how you can configure amavisd-new to do DKIM verification and DKIM signing. But first, here’s one of those reports:
Continue reading Amavisd-new and DKIMSetup MTA-STS and TLSRPT
What is MTA-STS (MTA Strict Transport Security) about?
MTA-STS basically enforces TLS for your mail communication, similar to HTTP Strict Transport Security (HSTS) for HTTP/HTTPS traffic. By telling the sender that TLS has to be used one can reduce / stop Man-in-the-Middle (MITM) attacks. A probably better explanation is found in the abstract of the RFC:
Continue reading Setup MTA-STS and TLSRPT