Valtiokonttori
Valtion ympärivuorokautisen tietoturvatoiminnan kehittämishanke, SecICT
Erityisasiantuntija Kimmo Janhunen, valtiovarainministeriö
Valtio Expo 20.5.2014
FOSDEM2021: MariaDB post-release quality assurance in Debian and UbuntuOtto Kekäläinen
Presentation slides from FOSDEM 2021.
Talk covers the MariaDB packaging in two of the most widely-used Linux distros, Debian and Ubuntu, including the strict requirements demanded by distros, and the impact on fixing bugs “upstream” in MariaDB itself.
Search in WordPress - how it works and howto customize itOtto Kekäläinen
WordPress search customization is a topic we at Seravo get asked about on a frequent basis. There are many different ways to customize the search, and customers understandably want to learn the best practices. The search can be customized quite easily with small changes on PHP code level, and by utilizing MariaDB database’s built-in search functionality. You can also choose a more robust way to do this, and build a new ElasticSearch server just for your case.
These slides are from the webinar on January 14th, 2021: https://seravo.com/blog/webinar-search-function-and-how-to-customize-it/
MariaDB quality assurance in Debian and UbuntuOtto Kekäläinen
MariaDB post-release quality assurance in Debian and Ubuntu
Presentation from MariaDB Server Minifest Dec 9th, 2020.
See https://mariadb.org/minifest2020/distros/
DebConf 2020: What’s New in MariaDB Server 10.5 and Galera 4?Otto Kekäläinen
MariaDB has now reached the 10th major release since the original authors of MySQL started taking the code base in another direction than where MySQL is going under Oracle’s ownership. Today MariaDB has many more features than Oracle MySQL and it is the default MySQL variant in Debian.
This presentation covers what new features landed in MariaDB 10.5 and also touches on how the long existing features have evolved to today, and naturally what is their state and best practices for Debian users. MariaDB has also built-in support for Galera master-master replication and Galera 4 has recently landed in Debian, so it will also be covered.
Valtiokonttori
Valtion ympärivuorokautisen tietoturvatoiminnan kehittämishanke, SecICT
Erityisasiantuntija Kimmo Janhunen, valtiovarainministeriö
Valtio Expo 20.5.2014
FOSDEM2021: MariaDB post-release quality assurance in Debian and UbuntuOtto Kekäläinen
Presentation slides from FOSDEM 2021.
Talk covers the MariaDB packaging in two of the most widely-used Linux distros, Debian and Ubuntu, including the strict requirements demanded by distros, and the impact on fixing bugs “upstream” in MariaDB itself.
Search in WordPress - how it works and howto customize itOtto Kekäläinen
WordPress search customization is a topic we at Seravo get asked about on a frequent basis. There are many different ways to customize the search, and customers understandably want to learn the best practices. The search can be customized quite easily with small changes on PHP code level, and by utilizing MariaDB database’s built-in search functionality. You can also choose a more robust way to do this, and build a new ElasticSearch server just for your case.
These slides are from the webinar on January 14th, 2021: https://seravo.com/blog/webinar-search-function-and-how-to-customize-it/
MariaDB quality assurance in Debian and UbuntuOtto Kekäläinen
MariaDB post-release quality assurance in Debian and Ubuntu
Presentation from MariaDB Server Minifest Dec 9th, 2020.
See https://mariadb.org/minifest2020/distros/
DebConf 2020: What’s New in MariaDB Server 10.5 and Galera 4?Otto Kekäläinen
MariaDB has now reached the 10th major release since the original authors of MySQL started taking the code base in another direction than where MySQL is going under Oracle’s ownership. Today MariaDB has many more features than Oracle MySQL and it is the default MySQL variant in Debian.
This presentation covers what new features landed in MariaDB 10.5 and also touches on how the long existing features have evolved to today, and naturally what is their state and best practices for Debian users. MariaDB has also built-in support for Galera master-master replication and Galera 4 has recently landed in Debian, so it will also be covered.
The 5 most common reasons for a slow WordPress site and how to fix them – ext...Otto Kekäläinen
Presentation given in WP Meetup in October 2019.
Includes fresh new tips from summer/fall 2019!
A Must read for all WordPress site owners and developers.
How to investigate and recover from a security breach in WordPressOtto Kekäläinen
Talk given at the first ever WordCamp Nordic on March 8th, 2019.
How to investigate and recover from a security breach – real-life experiences with WordPress
Sometimes the bad guys get in, despite all the protections and precautions. If that happens, there are many techniques that can be used to stop further damage, track down what the intruder did and how they got in. Finally the site needs to be cleaned up and re-opened for visitors. In this talk the most important techniques are presented along with real-life examples when they were used.
Automatic testing and quality assurance for WordPress plugins and themesOtto Kekäläinen
Talk given at WP Helsinki Meetup 7.11.2018
See also:
* https://developer.wordpress.org/themes
* https://developer.wordpress.org/plugins
* https://travis-ci.org/Seravo
* https://seravo.com/blog/coding-wordpress-in-style-with-phpcs/
10 things every developer should know about their database to run word press ...Otto Kekäläinen
Talk from WordCamp Barcelona 2018
https://2018.barcelona.wordcamp.org/session/10-things-every-developer-should-know-about-their-database-to-run-wordpress-optimally/
The database is perhaps the most important piece of your infrastructure. The database contains all your important e-commerce data and must be kept secured. The database performance often defines the overall performance of your WordPress site. In this talk I the most important things every WordPress developer should know about MariaDB/MySQL to be able to build and operate their site optimally.
Automatic testing and quality assurance for WordPress pluginsOtto Kekäläinen
Talk given at WordCamp Jyväskylä 2018
WordPress plugins have a reputation of low quality. Help us prove them wrong. Start using automatic quality testing!
WordPressin tietoturva: Mikä on olennaista – ja mikä ei?
Esitys WP Seinäjoki Meetupissa 28.11.2017
Tietoa kaikille jotka omistavat WordPress-sivuston tai kehittävät WordPress-sivustoja.
Improving WordPress Performance with Xdebug and PHP ProfilingOtto Kekäläinen
Presentation given at WordCamp Europe 2017 in Paris 2017-06-16.
Xdebug is a tool for developers to gain insight into how PHP is executed. Using it for profiling is a very effective, fast and precise method to find bottlenecks in your WordPress site. In this talk I explain how to use it with Webgrind, how to find potential optimization targets, show examples of real cases when Xdebug helped fix a performance problem and also explain what Xdebug is not suitable for and what can be used instead. If you are not a developer, you’ll learn what Xdebug is capable of and when to ask a developer to use it.
MariaDB adoption in Linux distributions and development environmentsOtto Kekäläinen
Presentation given at the M|17 MariaDB User Conference 2017
https://m17.mariadb.com/
Linux, Apache, MySQL and PHP used to be the most widely used web application stacks. As technology evolves, this is no longer the case. For the M part, MariaDB has replaced MySQL in numerous Linux distributions and development environments, and is becoming the new M in most production environments as well. This talk presents how the landscape looks today, and why and how web developers are migrating to MariaDB around the globe.
Presentation given at the WP Jyväksylä Meetup March 21st, 2017. This revised version contains references to the WordPress security news that circulated in February 2017.
WordPress security 101 - WP Turku Meetup 2.2.2017Otto Kekäläinen
WordPress-sivustojen tietoturva: myytit ja parhaat käytännöt.
Esitelmä WordPress Turku -meetupissa 2.2.2017.
https://www.meetup.com/Turku-WordPress-Meetup/events/235736922/
The 5 most common reasons for a slow WordPress site and how to fix them – ext...Otto Kekäläinen
Presentation given in WP Meetup in October 2019.
Includes fresh new tips from summer/fall 2019!
A Must read for all WordPress site owners and developers.
How to investigate and recover from a security breach in WordPressOtto Kekäläinen
Talk given at the first ever WordCamp Nordic on March 8th, 2019.
How to investigate and recover from a security breach – real-life experiences with WordPress
Sometimes the bad guys get in, despite all the protections and precautions. If that happens, there are many techniques that can be used to stop further damage, track down what the intruder did and how they got in. Finally the site needs to be cleaned up and re-opened for visitors. In this talk the most important techniques are presented along with real-life examples when they were used.
Automatic testing and quality assurance for WordPress plugins and themesOtto Kekäläinen
Talk given at WP Helsinki Meetup 7.11.2018
See also:
* https://developer.wordpress.org/themes
* https://developer.wordpress.org/plugins
* https://travis-ci.org/Seravo
* https://seravo.com/blog/coding-wordpress-in-style-with-phpcs/
10 things every developer should know about their database to run word press ...Otto Kekäläinen
Talk from WordCamp Barcelona 2018
https://2018.barcelona.wordcamp.org/session/10-things-every-developer-should-know-about-their-database-to-run-wordpress-optimally/
The database is perhaps the most important piece of your infrastructure. The database contains all your important e-commerce data and must be kept secured. The database performance often defines the overall performance of your WordPress site. In this talk I the most important things every WordPress developer should know about MariaDB/MySQL to be able to build and operate their site optimally.
Automatic testing and quality assurance for WordPress pluginsOtto Kekäläinen
Talk given at WordCamp Jyväskylä 2018
WordPress plugins have a reputation of low quality. Help us prove them wrong. Start using automatic quality testing!
WordPressin tietoturva: Mikä on olennaista – ja mikä ei?
Esitys WP Seinäjoki Meetupissa 28.11.2017
Tietoa kaikille jotka omistavat WordPress-sivuston tai kehittävät WordPress-sivustoja.
Improving WordPress Performance with Xdebug and PHP ProfilingOtto Kekäläinen
Presentation given at WordCamp Europe 2017 in Paris 2017-06-16.
Xdebug is a tool for developers to gain insight into how PHP is executed. Using it for profiling is a very effective, fast and precise method to find bottlenecks in your WordPress site. In this talk I explain how to use it with Webgrind, how to find potential optimization targets, show examples of real cases when Xdebug helped fix a performance problem and also explain what Xdebug is not suitable for and what can be used instead. If you are not a developer, you’ll learn what Xdebug is capable of and when to ask a developer to use it.
MariaDB adoption in Linux distributions and development environmentsOtto Kekäläinen
Presentation given at the M|17 MariaDB User Conference 2017
https://m17.mariadb.com/
Linux, Apache, MySQL and PHP used to be the most widely used web application stacks. As technology evolves, this is no longer the case. For the M part, MariaDB has replaced MySQL in numerous Linux distributions and development environments, and is becoming the new M in most production environments as well. This talk presents how the landscape looks today, and why and how web developers are migrating to MariaDB around the globe.
Presentation given at the WP Jyväksylä Meetup March 21st, 2017. This revised version contains references to the WordPress security news that circulated in February 2017.
WordPress security 101 - WP Turku Meetup 2.2.2017Otto Kekäläinen
WordPress-sivustojen tietoturva: myytit ja parhaat käytännöt.
Esitelmä WordPress Turku -meetupissa 2.2.2017.
https://www.meetup.com/Turku-WordPress-Meetup/events/235736922/
4. SUSE ja tietoturva
”SUSE Linux Enterprise 11 meets the latest Linux
Foundation's Carrier Grade Linux 4.0 standard and is CGL
registered.”
”FIPS (Federal Information Processing Standard) 140-2
validation [...] certified by NIST (CMVP).”
”Common Criteria Certificate at Evaluation Assurance Level
EAL4, augmented by ALC_FLR.3 (EAL4+) for SUSE Linux
Enterprise Server 11 SP2 including KVM virtualization. ”
CC myös nimellä ISO/IEC 15408.
https://www.suse.com/security/certificates.html
7. Tietoturvahyökkäysyritysten
havaitseminen ja seuranta
Jos joku yrittää murtautua palvelimellesi,
huomaisitko asian?
Panostatko tietoturvaan satunnaisesti vai
suhteessa mitattuun uhkaan?
Voiko hyökkäysyrityksiä havaita ja tilastoida
automatisoidusti?
11. SSH-kirjautumisyrityksiä
Väärällä nimellä:
Nov 19 14:46:37 wp sshd[1680]: Invalid user eikukaan from 84.20.150.110
Nov 19 14:46:37 wp sshd[1680]: input_userauth_request: invalid user eikukaan [preauth]
Nov 19 14:46:43 wp sshd[1680]: pam_unix(sshd:auth): check pass; user unknown
Nov 19 14:46:43 wp sshd[1680]: pam_unix(sshd:auth): authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=84.20.150.110
Nov 19 14:46:45 wp sshd[1680]: Failed password for invalid user eikukaan
from 84.20.150.110 port 1024 ssh2
Nov 19 14:46:49 wp sshd[1680]: Connection closed by 84.20.150.110 [preauth]
12. Yrityksiä / väärä käyttäjätunnus
14 admin
5 operator
3 asfa
7 support
4 vyatta
3 aaa
7 info
4 test
2 tss
7 guest
4 seravo
2 nagios
6 ubnt
4 amy
2 magnos
6 pi
3 ruser
2 john
5 PlcmSpIp
3 oracle
2 jack
13. SSH-kirjautumisyrityksiä
Oikealla nimellä mutta väärällä salasanalla:
Nov 19 14:45:48 wp sshd[1675]: pam_unix(sshd:auth): authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=84.20.150.110 user=tero
Nov 19 14:45:48 wp sshd[1675]: pam_ldap: error trying to bind as
user "uid=tero,ou=Users,dc=seravo,dc=fi" (Invalid credentials)
Nov 19 14:45:50 wp sshd[1675]: Failed password for tero
from 84.20.150.110 port 1158 ssh2
Nov 19 14:45:54 wp sshd[1675]: Connection closed by 84.20.150.110 [preauth]
14. Yrityksiä / oikea käyttäjätunnus
516 root
8 nobody
7 bin
1 zabbix
1 samuel
1 mysql
19. Pohdintaa
Kohdistuuko hyökkäys yhteen koneeseen?
Useaan samassa IP-avaruudessa?
Useaan saman verkkotunnuksen alatunnukseen?
Onko hyökkäyksellä tietty kohde?
21. Hyökkäysliikenteen määrä korreloi
yleisen liikennemäärän kanssa
1778 seravo.fi
176 www.mediakomppania.fi
168 coss.fi
58 tuijabrax.fi
(olettaen että sivustoilla vain vähän aitoja 404-virheitä)
23. Mitä paremmin tietää, sitä paremmin tekee päätöksiä.
Kartoitus suunnittelu priorisointi investoinnit
Tietoturva(kin) on prosessi
24. Tietoturvahyökkäysyritysten
havaitseminen ja seuranta
Vastaukset esityksen alun kysymyksiin: Kyllä!
Kerää tilastoa automatisoidusti.
Jos joku on yrittänyt murtautua palvelimellesi,
voit käydä katsomassa monestiko, koska ja mistä
päin.
Panosta tietoturvaan suhteessa mitattuun uhkaan.
25. Ota yhteyttä kun haluat Seravo Oy:n
kehittämään tai ylläpitämään
Linux-pohjaisia tietojärjestelmiänne
Lisätietoa yrityksestä: seravo.fi
Lisätietoa teknologioista: seravo.fi/blog