This document discusses securing Apache web servers using Mod Security and the Center for Internet Security (CIS) benchmark. It begins with an introduction of the speaker and an agenda. It then covers establishing a secure foundation by hardening the operating system, securing DNS, and using a dedicated Apache user account. It discusses minimizing the attack surface by disabling unnecessary modules, access controls, and limiting HTTP request methods. Finally, it provides an overview of the Mod Security web application firewall and its configuration.
The document discusses securing Apache web servers through the use of Mod Security and the Center for Internet Security (CIS) benchmark. It provides an agenda that covers establishing a secure foundation through hardening the operating system and DNS, minimizing the attack surface by disabling unnecessary modules and permissions, implementing access controls, using Mod Security for web application firewall capabilities, and logging and monitoring.
The document provides an overview of the Red Hat Certified Engineer certification courses, including the objectives and topics covered in each course. The first course, RH033 Red Hat Linux Essentials, covers basic Linux commands, file navigation, text editing, and administration. The second course, RH133 Red Hat System Administration, focuses on system installation, hardware administration, users/groups, and networking. The third course, RH253 Red Hat Networking and Security Administration, teaches network services configuration and security topics.
This document provides instructions for configuring a Squid proxy server on CentOS. It discusses obtaining information about the system like the OS distribution, hardware architecture, and installed application versions. It also outlines basic Squid configuration steps like backing up the default configuration file, checking the port Squid listens on, and ensuring the log file location is set correctly before starting Squid. Configuring access controls and caching policies would be covered in more depth in subsequent sections.
This document summarizes an advanced Apache web server training session covering security and performance tuning. The key points discussed include:
1) Methods for securing an Apache server such as restricting access, disabling unneeded server technologies, running as a non-root user, using firewalls and encryption.
2) Configuring password-based authentication for protected directories using modules like mod_auth and storing passwords in text files created by the htpasswd utility.
3) An exercise where attendees set up password protection on their local Apache server website using a .htaccess file and htpasswd.
4) Restricting access to protected directories by IP, hostname or domain using directives in httpd.conf or .
Securing Your WordPress Website - WordCamp Sydney 2012Vlad Lasky
Presentation slides from Vladimir Lasky's talk "Security for WordPress", presented on Sunday 22nd July at WordCamp Sydney 2012.
This talk is the sequel to his WordCamp Gold Coast 2011 presentation “Securing Your WordPress Website” and covers:
*Tackling the biggest Internet and WordPress security threats of 2012
*An updated list of essential plugins to harden your WordPress site
*New WordPress management services that make it easier to back up and update your sites
This document provides an overview and introduction to installing and administering a web server. It discusses hosting options, hardware requirements, operating system choices, web server software options like Apache and IIS, networking basics, DNS, and more. The course will teach students how to install and configure the Apache web server to deliver dynamic web content on a UNIX system through lectures, demonstrations and hands-on exercises.
This document summarizes an instructor-led discussion on advanced Apache topics including virtual hosting, setting up name-based and IP-based virtual hosts, enabling server-side includes, and enabling CGI (Common Gateway Interface) scripts. Key points covered include configuring Apache for virtual hosting using the VirtualHost directive, enabling CGI scripts through ScriptAlias, Options ExecCGI, and AddHandler directives, and examples of simple CGI scripts.
The document discusses securing Apache web servers through the use of Mod Security and the Center for Internet Security (CIS) benchmark. It provides an agenda that covers establishing a secure foundation through hardening the operating system and DNS, minimizing the attack surface by disabling unnecessary modules and permissions, implementing access controls, using Mod Security for web application firewall capabilities, and logging and monitoring.
The document provides an overview of the Red Hat Certified Engineer certification courses, including the objectives and topics covered in each course. The first course, RH033 Red Hat Linux Essentials, covers basic Linux commands, file navigation, text editing, and administration. The second course, RH133 Red Hat System Administration, focuses on system installation, hardware administration, users/groups, and networking. The third course, RH253 Red Hat Networking and Security Administration, teaches network services configuration and security topics.
This document provides instructions for configuring a Squid proxy server on CentOS. It discusses obtaining information about the system like the OS distribution, hardware architecture, and installed application versions. It also outlines basic Squid configuration steps like backing up the default configuration file, checking the port Squid listens on, and ensuring the log file location is set correctly before starting Squid. Configuring access controls and caching policies would be covered in more depth in subsequent sections.
This document summarizes an advanced Apache web server training session covering security and performance tuning. The key points discussed include:
1) Methods for securing an Apache server such as restricting access, disabling unneeded server technologies, running as a non-root user, using firewalls and encryption.
2) Configuring password-based authentication for protected directories using modules like mod_auth and storing passwords in text files created by the htpasswd utility.
3) An exercise where attendees set up password protection on their local Apache server website using a .htaccess file and htpasswd.
4) Restricting access to protected directories by IP, hostname or domain using directives in httpd.conf or .
Securing Your WordPress Website - WordCamp Sydney 2012Vlad Lasky
Presentation slides from Vladimir Lasky's talk "Security for WordPress", presented on Sunday 22nd July at WordCamp Sydney 2012.
This talk is the sequel to his WordCamp Gold Coast 2011 presentation “Securing Your WordPress Website” and covers:
*Tackling the biggest Internet and WordPress security threats of 2012
*An updated list of essential plugins to harden your WordPress site
*New WordPress management services that make it easier to back up and update your sites
This document provides an overview and introduction to installing and administering a web server. It discusses hosting options, hardware requirements, operating system choices, web server software options like Apache and IIS, networking basics, DNS, and more. The course will teach students how to install and configure the Apache web server to deliver dynamic web content on a UNIX system through lectures, demonstrations and hands-on exercises.
This document summarizes an instructor-led discussion on advanced Apache topics including virtual hosting, setting up name-based and IP-based virtual hosts, enabling server-side includes, and enabling CGI (Common Gateway Interface) scripts. Key points covered include configuring Apache for virtual hosting using the VirtualHost directive, enabling CGI scripts through ScriptAlias, Options ExecCGI, and AddHandler directives, and examples of simple CGI scripts.
The document discusses securing WordPress installations. It provides general considerations for security like maintaining software updates, best practices for core software, and monitoring tools. It discusses WordPress security principles such as avoiding default settings, implementing security standards, and restricting public access. It also outlines steps for installing WordPress securely, including creating directories and database accounts, configuring .htaccess files, and using plugins.
A webinar that looks into the new features that the Windows Server 2016 will offer in the DNS, DHCP and IPv6 space.
Showcase of some of the new stuff using the latest tech preview and the aim is to give administrators a quick overview of the Windows Server 2016 and enough information to decide if early adoption is worthwhile.
This document outlines a seminar presentation on Linux system administration certification (RHCSA/RHCE). The presentation covers topics such as what Linux is, features of Red Hat Enterprise Linux 6.4, user and file system management, logical volume management, server configuration, shell scripting, and text user interfaces. It provides an introduction to the RHCSA/RHCE certification and its focus on competencies for senior Linux system administrators. An agenda with timing is included, as well as conclusions about the benefits of Linux being an open source, customizable, portable, and stable operating system.
Debugging IBM Connections for the Impatient Admin - Social Connections VIIMartin Leyrer
With relational databases, LDAP servers, files shares and a lot of Java components, IBM Connections is a complex environment to install and operate. A diverse set of settings and tools is needed in case something does not work as expected.
In this talk I will present you the “Best Practices” and debugging settings for Connections that will offer additional information quick, in case something goes wrong. Also, I will offer you recommendations for tools your customer should provide you on the server so you can work out any issues efficiently.
This document summarizes an instructor-led meeting about advanced Apache topics including virtual hosting, setting up name-based and IP-based virtual hosts, enabling server-side includes, and enabling CGI scripts. Key points covered include configuring Apache for virtual hosting using VirtualHost blocks, setting up name-based virtual hosting with NameVirtualHost, and enabling CGI scripts through ScriptAlias directives or directory options.
The Zumasys Technical Support Team, led by Director Kevin Fitzpatrick, hosted a session covering various tips and tricks for using Citrix. The session agenda included accessing local files, disconnecting vs logging off, using dual monitors, prudent application use, changing passwords, session management, troubleshooting frozen sessions, printing issues, shortcut keys, and tips for Mac and iPad users. Additional resources on Citrix quick tips and installing Receiver were also provided.
The document discusses proxies and caching. Proxies act as intermediaries between local networks and external networks like the Internet. They can improve performance by caching frequently requested web pages. Squid is an open source proxy caching server that operates by checking its cache for requested objects, retrieving objects from origin servers if needed, and storing cacheable objects in its local cache.
CONFidence 2018: Attacking web servers via run time configuration (Eldar "Wir...PROIDEA
This document discusses attacking web servers by abusing runtime configuration files like .htaccess in Apache. It begins by providing background on htshells, a tool for creating web shells using runtime configuration. It then explains how runtime configuration works and can be used to change server behavior. Several attacks are described like information disclosure, command execution, and authentication bypass. Methods for placing files on servers like file uploads and XXE are also covered. The document concludes by discussing detection and defense techniques as well as updating htshells for newer techniques.
This document summarizes different caching techniques that can be used with PHP, including caching content, database caching, and memory caching using APCU, Memcached, and Redis. It provides code examples for storing, getting, and deleting values from the cache with each technique. Specifically, it shows how to cache objects in memory and check the cache before querying a database to improve performance.
Red Hat Enterprise Linux (RHEL) is a Linux-based operating system from Red Hat designed for businesses. RHEL can work on desktops, on servers, in hyper visors or in the cloud. Red Hat and its community-supported counterpart, Fedora, are among the most widely used Linux distributions in the world.
The document discusses configuring various services on a Red Hat Enterprise Linux system. It includes instructions for setting up a Yum repository, configuring SELinux, modifying cron access, adding a boot parameter, mounting an ISO file, setting up an FTP server allowing anonymous access only from the local network, creating an email alias, and more.
This document provides a guide to configuring the Apache web server. It begins with basic setup instructions, covering verifying the installation, editing configuration files, creating HTML documents, starting the server, and accessing the website locally and externally. It then covers more advanced topics like using directory, files, and location tags; redirecting URLs; setting up virtual hosts; loading modules; using .htaccess files; and securing the server with encrypted sessions and SSL/TLS certificates. The document is intended to help new Linux and Windows users become proficient with Apache.
Apache web server installation/configuration, Virtual Hostingwebhostingguy
The document describes the history and development of the Apache web server. Some key points:
- Apache was originally developed by the Apache group in 1995 as an open source alternative to NCSA httpd. It was called "A PAtCHy server" as it was initially developed through people contributing patch files to NCSA httpd.
- The first official public release was version 0.6.2 in April 1995. Key early features included adaptive pre-fork child processes and a modular/extensible structure and API.
- Apache quickly gained popularity and overtook NCSA httpd as the most widely used web server on the Internet after releasing version 1.0 in December 1995.
Keeping DNS server up-and-running with “runitMen and Mice
A traditional Unix/Linux init system like SystemV-Init or BSD rc does start a DNS server process on server boot, but it does not restart the service in case of an abnormal termination. Modern init replacements like systemd provide process supervision, but bring extra complexities and possible stability and security issues.
This webinar demonstrates an alternative, open source process supervision system called “runit”.
“runit” is lean and fast and sticks to the Unix tradition to do one thing, and do that right.
In this webinar you will learn how to manage DNS server processes such as BIND 9, Unbound and NSD from runit.
Squid Proxy Server on RHEL introduces Squid, a free and open-source proxy server software that provides caching, authentication, bandwidth management, and web filtering capabilities. It discusses configuring Squid on Red Hat Linux including installing packages, editing configuration files, starting services, and testing the proxy functionality. Browser and client settings are also covered to allow systems to route traffic through the Squid proxy server.
This document provides instructions for installing and configuring the Apache web server on UNIX systems. It discusses downloading and unpacking the Apache source code, running the configure script, compiling the code, and installing the Apache files. It also explains how to configure Apache by editing the httpd.conf file to set parameters like the listening port, document root, and virtual directories. The document outlines how to start, stop and restart Apache using the apachectl script for easy management.
The document provides information about the Apache HTTP Server software. It discusses that Apache is notable for playing a key role in the growth of the World Wide Web. It is the most popular web server software, serving over half of all websites. The document then covers Apache's features, uses, performance capabilities, and how to install and configure it in Linux.
This document discusses securing Apache web servers with Mod Security and the Center for Internet Security (CIS) benchmark. It provides an overview of Mod Security features for web application firewall protection and filtering. It also covers recommendations for securing the Apache configuration such as disabling unnecessary modules, access controls, limiting HTTP methods, and logging/monitoring.
Ch 22: Web Hosting and Internet Serverswebhostingguy
Web hosting involves providing space on a server for websites. Linux is commonly used for hosting due to its maintainability and performance. A web server software like Apache is installed to handle HTTP requests from browsers. URLs identify resources on the web using protocols like HTTP and FTP. CGI scripts allow dynamic content generation but pose security risks. Load balancing distributes server load across multiple systems. Choosing a server depends on factors like robustness, performance, updates, and cost. Apache is widely used and configurable using configuration files that control server parameters, resources, and access restrictions. Virtual interfaces allow a single server to host multiple websites. Caching and proxies can improve performance and security. Anonymous FTP allows public file downloads.
The document discusses securing WordPress installations. It provides general considerations for security like maintaining software updates, best practices for core software, and monitoring tools. It discusses WordPress security principles such as avoiding default settings, implementing security standards, and restricting public access. It also outlines steps for installing WordPress securely, including creating directories and database accounts, configuring .htaccess files, and using plugins.
A webinar that looks into the new features that the Windows Server 2016 will offer in the DNS, DHCP and IPv6 space.
Showcase of some of the new stuff using the latest tech preview and the aim is to give administrators a quick overview of the Windows Server 2016 and enough information to decide if early adoption is worthwhile.
This document outlines a seminar presentation on Linux system administration certification (RHCSA/RHCE). The presentation covers topics such as what Linux is, features of Red Hat Enterprise Linux 6.4, user and file system management, logical volume management, server configuration, shell scripting, and text user interfaces. It provides an introduction to the RHCSA/RHCE certification and its focus on competencies for senior Linux system administrators. An agenda with timing is included, as well as conclusions about the benefits of Linux being an open source, customizable, portable, and stable operating system.
Debugging IBM Connections for the Impatient Admin - Social Connections VIIMartin Leyrer
With relational databases, LDAP servers, files shares and a lot of Java components, IBM Connections is a complex environment to install and operate. A diverse set of settings and tools is needed in case something does not work as expected.
In this talk I will present you the “Best Practices” and debugging settings for Connections that will offer additional information quick, in case something goes wrong. Also, I will offer you recommendations for tools your customer should provide you on the server so you can work out any issues efficiently.
This document summarizes an instructor-led meeting about advanced Apache topics including virtual hosting, setting up name-based and IP-based virtual hosts, enabling server-side includes, and enabling CGI scripts. Key points covered include configuring Apache for virtual hosting using VirtualHost blocks, setting up name-based virtual hosting with NameVirtualHost, and enabling CGI scripts through ScriptAlias directives or directory options.
The Zumasys Technical Support Team, led by Director Kevin Fitzpatrick, hosted a session covering various tips and tricks for using Citrix. The session agenda included accessing local files, disconnecting vs logging off, using dual monitors, prudent application use, changing passwords, session management, troubleshooting frozen sessions, printing issues, shortcut keys, and tips for Mac and iPad users. Additional resources on Citrix quick tips and installing Receiver were also provided.
The document discusses proxies and caching. Proxies act as intermediaries between local networks and external networks like the Internet. They can improve performance by caching frequently requested web pages. Squid is an open source proxy caching server that operates by checking its cache for requested objects, retrieving objects from origin servers if needed, and storing cacheable objects in its local cache.
CONFidence 2018: Attacking web servers via run time configuration (Eldar "Wir...PROIDEA
This document discusses attacking web servers by abusing runtime configuration files like .htaccess in Apache. It begins by providing background on htshells, a tool for creating web shells using runtime configuration. It then explains how runtime configuration works and can be used to change server behavior. Several attacks are described like information disclosure, command execution, and authentication bypass. Methods for placing files on servers like file uploads and XXE are also covered. The document concludes by discussing detection and defense techniques as well as updating htshells for newer techniques.
This document summarizes different caching techniques that can be used with PHP, including caching content, database caching, and memory caching using APCU, Memcached, and Redis. It provides code examples for storing, getting, and deleting values from the cache with each technique. Specifically, it shows how to cache objects in memory and check the cache before querying a database to improve performance.
Red Hat Enterprise Linux (RHEL) is a Linux-based operating system from Red Hat designed for businesses. RHEL can work on desktops, on servers, in hyper visors or in the cloud. Red Hat and its community-supported counterpart, Fedora, are among the most widely used Linux distributions in the world.
The document discusses configuring various services on a Red Hat Enterprise Linux system. It includes instructions for setting up a Yum repository, configuring SELinux, modifying cron access, adding a boot parameter, mounting an ISO file, setting up an FTP server allowing anonymous access only from the local network, creating an email alias, and more.
This document provides a guide to configuring the Apache web server. It begins with basic setup instructions, covering verifying the installation, editing configuration files, creating HTML documents, starting the server, and accessing the website locally and externally. It then covers more advanced topics like using directory, files, and location tags; redirecting URLs; setting up virtual hosts; loading modules; using .htaccess files; and securing the server with encrypted sessions and SSL/TLS certificates. The document is intended to help new Linux and Windows users become proficient with Apache.
Apache web server installation/configuration, Virtual Hostingwebhostingguy
The document describes the history and development of the Apache web server. Some key points:
- Apache was originally developed by the Apache group in 1995 as an open source alternative to NCSA httpd. It was called "A PAtCHy server" as it was initially developed through people contributing patch files to NCSA httpd.
- The first official public release was version 0.6.2 in April 1995. Key early features included adaptive pre-fork child processes and a modular/extensible structure and API.
- Apache quickly gained popularity and overtook NCSA httpd as the most widely used web server on the Internet after releasing version 1.0 in December 1995.
Keeping DNS server up-and-running with “runitMen and Mice
A traditional Unix/Linux init system like SystemV-Init or BSD rc does start a DNS server process on server boot, but it does not restart the service in case of an abnormal termination. Modern init replacements like systemd provide process supervision, but bring extra complexities and possible stability and security issues.
This webinar demonstrates an alternative, open source process supervision system called “runit”.
“runit” is lean and fast and sticks to the Unix tradition to do one thing, and do that right.
In this webinar you will learn how to manage DNS server processes such as BIND 9, Unbound and NSD from runit.
Squid Proxy Server on RHEL introduces Squid, a free and open-source proxy server software that provides caching, authentication, bandwidth management, and web filtering capabilities. It discusses configuring Squid on Red Hat Linux including installing packages, editing configuration files, starting services, and testing the proxy functionality. Browser and client settings are also covered to allow systems to route traffic through the Squid proxy server.
This document provides instructions for installing and configuring the Apache web server on UNIX systems. It discusses downloading and unpacking the Apache source code, running the configure script, compiling the code, and installing the Apache files. It also explains how to configure Apache by editing the httpd.conf file to set parameters like the listening port, document root, and virtual directories. The document outlines how to start, stop and restart Apache using the apachectl script for easy management.
The document provides information about the Apache HTTP Server software. It discusses that Apache is notable for playing a key role in the growth of the World Wide Web. It is the most popular web server software, serving over half of all websites. The document then covers Apache's features, uses, performance capabilities, and how to install and configure it in Linux.
This document discusses securing Apache web servers with Mod Security and the Center for Internet Security (CIS) benchmark. It provides an overview of Mod Security features for web application firewall protection and filtering. It also covers recommendations for securing the Apache configuration such as disabling unnecessary modules, access controls, limiting HTTP methods, and logging/monitoring.
Ch 22: Web Hosting and Internet Serverswebhostingguy
Web hosting involves providing space on a server for websites. Linux is commonly used for hosting due to its maintainability and performance. A web server software like Apache is installed to handle HTTP requests from browsers. URLs identify resources on the web using protocols like HTTP and FTP. CGI scripts allow dynamic content generation but pose security risks. Load balancing distributes server load across multiple systems. Choosing a server depends on factors like robustness, performance, updates, and cost. Apache is widely used and configurable using configuration files that control server parameters, resources, and access restrictions. Virtual interfaces allow a single server to host multiple websites. Caching and proxies can improve performance and security. Anonymous FTP allows public file downloads.
The document summarizes the key changes and new features in Apache 2.0 compared to Apache 1.3. It discusses improvements to performance, scalability and multi-platform support through the new Apache Portable Runtime library. It also describes several standard modules introduced in 2.0 like Mod_Cache for content caching, Mod_Vhost_Alias for virtual hosting and Mod_Proxy for load balancing and reverse proxy capabilities.
The document discusses the key features and improvements in Apache 2.0 web server over Apache 1.3. It highlights the new architecture built on Apache Portable Runtime (APR) library for cross-platform support. The modular design allows customization through Multi-Processing Modules for different platforms. Standard modules like Mod_Cache, Mod_Proxy, Mod_Auth_LDAP provide improved functionality. Configuration and administration is simplified with features like virtual hosting, logging and eDirectory integration.
Apache2 BootCamp : Getting Started With ApacheWildan Maulana
This document provides an overview of installing and configuring the Apache web server. It describes the basic file structure and directories for Apache on Windows and Unix systems. It explains how configuration files and directives work, including containers and conditional evaluation. It also covers how to control and troubleshoot Apache, such as starting, stopping and restarting the server, and resolving common issues.
DotNetNuke is an open source web content management framework that allows for easy installation and hosting of multiple portals within a single application. It has a modular architecture and supports customization through additional modules, skins, and languages. The installation process involves extracting files to a directory, configuring permissions and database connectivity, and browsing to the URL to complete setup.
Presentation slides from WordCamp Toronto Developers 2012 talk.
As you begin doing any website design or development, or even just a site restructuring, you will quickly realize that a place to work, test and/or demonstrate a new site without impacting a production site is a necessity. A development site provides that place. This presentation will show you how to setup a simple local (on your pc/laptop) dev site or a hosted dev site. we’ll also see how to migrate WordPress sites, either to clone an existing site to a dev site for updates/testing or to move your finished dev site to the final production site.
This document provides an overview and summary of Apache 2.2 configuration including:
1) Apache release statuses and where development is focused;
2) Common configuration directives like Listen, DocumentRoot, and VirtualHosts;
3) Tips for modularizing configuration using Include directives and separating into files.
The document discusses configuration of the Apache 2.2 web server. It covers the status of Apache versions, multi-processing modules, common configuration directives, tips for authentication and authorization, and new features in Apache 2.3.
This document provides an overview and summary of Apache 2.2 configuration including:
1) Apache release statuses and where development is focused;
2) Common configuration directives like Listen, DocumentRoot, and VirtualHosts;
3) Tips for modularizing configuration using Include directives and separating into files.
This document discusses the steps to install and configure the Apache web server on a Linux system. It includes downloading and extracting the Apache source files, configuring the files with the ./configure command, building and installing Apache with make and make install, customizing the httpd.conf configuration file, and testing the Apache installation by accessing http://localhost in a web browser. Key configuration directives like AccessConfig, AddDefaultCharset, AllowOverride, and DefaultType are also briefly described.
AEM (CQ) Dispatcher Security and CDN+Browser CachingAndrew Khoury
This presentation cover Adobe AEM Dispatcher security and CDN and browser caching.
This presentation is the second part of a webinar on AEM Dispatcher:
http://dev.day.com/content/ddc/en/gems/dispatcher-caching---new-features-and-optimizations.html
Visit url above to view the whole presentation. Domique Pfister the primary engineer developing AEM Dispatcher covers the first part on new features.
This document provides an overview of the Domain Access module for Drupal, which allows building and managing multiple websites from the same Drupal installation and codebase. Key capabilities include:
- Setting up add-on domains, parked domains, and domain aliases that point to the same Drupal install but have separate databases and settings.
- Integrating a shared user authentication system so users can login to different sites using the same credentials.
- Configuring domain-specific settings like theme, content, navigation menus.
- Rewriting URLs and tying content visibility to the domain to present domain-specific experiences.
- Providing tools for users to create and manage subdomains through a single site.
A web proxy is a server that acts as an intermediary for client requests to access resources from other servers. Squid is a commonly used open source web proxy caching server that improves performance by caching content and controlling bandwidth usage. It provides access logging and filtering capabilities. To install Squid, it is downloaded and configured on a Linux system. Access control lists (ACLs) are defined in the configuration file to restrict access based on source/destination IP addresses, domains, URLs, or time of day.
This is a webinar done with Acquia introdcing how well you can run Drupal on Windows with a demo about WebPI and Drush.
Here's a link to the recorded webinar:
http://tinyurl.com/6rfz3px
The document discusses installing and configuring various Linux applications including Apache, PHP, MySQL, and Postgres. It covers basic Ubuntu installation, system configuration, installing packages, configuring Apache, PHP, and MySQL. Specific instructions are provided for installing Apache, configuring virtual hosts and SSL, installing PHP, and installing and configuring MySQL and phpMyAdmin.
Using filesystem capabilities with rsyncHazel Smith
As presented at the FLOSS UK Unconference 2015.
Updated 2015-02-08: added details of caveats, primarily the fact that CAP_DAC_READ_SEARCH does exactly what it says on the tin, and covering precautions like ensuring that password authentication is *never* allowed for the backuphelper user.
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. http://www.allpass4sure.com/microsoft-pdf-70-410.html
The document discusses various techniques for optimizing Apache web server performance, including:
1) Monitoring tools like vmstat and top to observe server performance and detect issues.
2) Analyzing web server logs using tools like Webalizer to understand traffic patterns.
3) Configuring Apache settings like threads and processes based on the platform.
4) Caching static content and pre-rendering dynamic pages to reduce load on the server.
Learn how Cloud Posse recently architected and implemented Wordpress for massive scale on Amazon EC2. We'll show you exactly the tools that we used and our recipe to both secure and power Wordpress setups on AWS using Elastic Beanstalk, EFS, CodePipeline, Memcached, Aurora and Varnish.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Durkee apache 2009_v7
1. Securing Apache Web Servers
with Mod Security & CIS Benchmark
Ralph Durkee, CISSP, GSEC, GCIH, GSNA, GPEN
Principal Security Consultant
rd@rd1.net
2. 2Sep 21, 2009 www.RD1.net
About Ralph Durkee
25+ years of experience
Systems and Network Security
Software Development and Systems Administration
Independent Consultant and Trainer since 1996
SANS GIAC Certified since 2000
GSEC, GCIH, GSNA, GPEN
Lead Developer, Author and Maintainer for the Center for
Internet Security: RedHat Linux, DNS BIND, Apache
Community Instructor for SANS
CISSP Certified CISSP Instructor
Rochester OWASP President & ISSA VP
3. 3Sep 21, 2009 www.RD1.net
Agenda
Need A Secure Foundation
Minimizing the Attack Surface
Limiting HTTP Request Methods
Access Control
Mod_Security –
Web Application Fire Wall
Logging and Monitoring
4. 4Sep 21, 2009 www.RD1.net
Center for Internet Security
Benchmarks
Center for Internet Security
Non-profit Organization
Develops Technical Security Standards
Uses Consensus of Industry Experts
www.CISecurity.org
Benchmarks for:
Most Unix and Windows Operating Systems
Several Servers such as Apache and BIND
Oracle and MS SQL Server Databases
Others applications are in the works
6. 6Sep 21, 2009 www.RD1.net
Start with a Security Hardened OS
Unix or Linux recommended for Internet
Apply appropriate CIS OS Benchmark
Don’t mix other high risk, or critical
services
Regularly Apply OS and Apache updates
Secure Foundation –
OS Security
7. 7Sep 21, 2009 www.RD1.net
Secure Foundation –
DNS Cache Poisoning Attacks
DNS Level attacks against your clients /customers
Secure your Authoritative and Caching DNS
Servers with CIS BIND Benchmark
DNS Pharming Attacks
Uses DNS Cache poisoning to harvest victims
Bogus IP Addresses provided to Vulnerable DNS
Cache
Typically requires guessing DNS Query-ID and port
Clients resolve domain name are directed to a spoofed
hostile website instead of trusted website
8. 8
Dan Kaminsky’s - DNS Attack
Much more effective than traditional DNS cache
poisoning. Uses:
Requests many random nonexistent host names
Send many negative responses with guessed QID
Response: Go to server NAME & IP has the answer.
Victim caches the IP address of “DNS” server
Game over the “DNS” server was the target
Only Complete Prevention requires DNSSEC
Securing the Caching DNS Server helps
Sep 21, 2009 www.RD1.net
9. 9Sep 21, 2009 www.RD1.net
Apache User Account
Don’t run Apache as root
Use dedicated locked Account
Account with Invalid Shell such as /dev/null
Locked, with no valid password
Example Server Configuration
User apache
Group apache
# grep apache /etc/passwd /etc/shadow
apache:x:48:48:Apache:/var/www:/dev/null
apache:!!:14428:0:99999:7:::
10. 10Sep 21, 2009 www.RD1.net
Set Minimal Permissions
Ownership and Permissions
Apache Configuration Files
Read-write by group Web Admin
Owned by Root
No access for Other
Apache reads these as root, before starting
Document Root (and most sub-directories)
Read-write by group Web Development
Readable by Other
Owned by root
11. 11Sep 21, 2009 www.RD1.net
Set Minimal Permissions (2)
More Ownership and Permissions
CGI-BIN Directories
Read-write by group Web Admin
Readable & Executable by Other
Owned by root
Apache bin files (apachectl and httpd)
Read & Execute by Wed Admin
Read & Execute by root
12. 12Sep 21, 2009 www.RD1.net
Subscribe to Security Advisories
Web Admin and System Admin should subscribed
to appropriate advisories
Apache
http://httpd.apache.org/lists.html
CERT
https://forms.us-cert.gov/maillists/
Sun
https://subscriptions.sun.com
Fedora Core
https://www.redhat.com/mailman/listinfo
/fedora-announce-list
14. 14Sep 21, 2009 www.RD1.net
Disable Unnecessary Modules
Modules you probably DON’T need
mod_dav - Distributed Authoring and
Versioning (WebDAV) functionality
mod_dav_fs – File System for mod_dav
mod_status – Provide Web Server status info.
mod_proxy – HTTP Proxy
mod_autoindex - Directory listings
mod_cern_meta - CERN HTTPD Meta file
semantics (old not used)
15. 15Sep 21, 2009 www.RD1.net
Use only Necessary Modules
Modules you might need
mod_log_config – Provides flexible for
Logging of Requests
mod_logio – Provides I/O bytes per request
mod_mime – Determines MIME type /
Handler by file extension
mod_env – Controls environment passed to
CGI
mod_expires - Generation of Expires and
Cache-Control HTTP headers
16. 16Sep 21, 2009 www.RD1.net
Check Config Include Directories
Check any config include directories
Red Hat Linux uses /etc/httpd/conf.d
All *.conf files are auto included
Remove the rpm, not just the file
Or comment out the file content
Example:
rpm –qf /etc/httpd/conf.d/manual.conf
httpd-manual-2.2.xx-xx.x
rpm -e httpd-manual
17. 17Sep 21, 2009 www.RD1.net
Remove Any Default Files
Default HTML Files
Manual
Welcome page
Directory Index icons
Sample CGI files (e.g. printenv)
Apache source code files
Apache user files (.bashrc etc)
18. 18Sep 21, 2009 www.RD1.net
Other Resources for Modules
Modules list available On-line
http://httpd.apache.org/docs/2.0/mod/
http://httpd.apache.org/docs/2.2/mod/
Also Review Module recommendations in CIS
Benchmark Appendix
Some Modules have their own website, (such as
modsecurity.org) check your favorite search
engine.
19. 19Sep 21, 2009 www.RD1.net
Options Directive
Apache 2.2 docs
Description: Configures what features are available
in a particular directory
Syntax: Options [+|-]option [[+|-]option] ...
Default: Options All
Context: server config, virtual host, directory,
.htaccess
Override: Options
Module: core
23. 23
Auth and Authz Modules
mod_authz_host (was mod_access) - Access
based on IP address or hostname.
mod_authz_user , mod_authz_groupfile
Mod_auth - user authentication using text files
Sep 21, 2009 www.RD1.net
24. 24Sep 21, 2009 www.RD1.net
Access Control Directives (1)
Protecting Root (httpd.conf)
<Directory />
Options None
AllowOverride None
deny from all
</Directory>
Allowing All Access
<Directory "/var/www/html/">
Order allow,deny
allow from all
</Directory>
25. 25Sep 21, 2009 www.RD1.net
Access Control Directives (2)
Allowing Limited Access
Usage of IP Address or partial IP Address
<Directory "/var/www/html/">
Order allow,deny
deny from all
allow from 10.10.2.
</Directory>
Domain and Host names also work
26. 26Sep 21, 2009 www.RD1.net
HTTP Basic Authentication
Requires mod_auth enabled
Send base64 encoded username and password sent
with every request.
Needs SSL to protect username/password
No password guessing protection built-in
Sample Configuration
<Directory /var/www/html/members>
AuthType Basic
AuthName “Memebers Access"
AuthUserFile /path/to/passwordfile
Require valid-user
</Directory>
27. 27Sep 21, 2009 www.RD1.net
HTTP Basic Authentication (2)
Setup Apache Password file
htpasswd -c /path/to/passwordfile jsmith
New password: password
Re-type new password: password
Adding password for user jsmith
Don’t place Password file in the DocRoot
Apache needs Read-only access
Don’t allow other read access.
28. 28Sep 21, 2009 www.RD1.net
HTTP Digest Authentication
Requires mod_auth and mod_digest enabled
Uses Challenge – Response
Response is encrypted with the password
Does not protect data, still needs SSL
No password guessing protection built-in
Sample Configuration
<Directory /var/www/html/members>
AuthType Digest
AuthName “Members Access"
AuthUserFile /path/to/passwordfile
Require valid-user
</Directory>
29. 29
New ChrootDir Directive
Description: Directory for apache to run chroot(8) after
startup.
Syntax: ChrootDir /path/to/directory
Default: none
Context: server config
Module: event, prefork, worker
Compatibility: Available in Apache 2.2.10 and later
Example:
ChrootDir /var/www/chroot
Sep 21, 2009 www.RD1.net
30. 30
New ChrootDir Directive (2)
Apache Disclaimer:
Note that running the server under chroot is not
simple, and requires additional setup, particularly if
you are running scripts such as CGI or PHP. Please
make sure you are properly familiar with the
operation of chroot before attempting to use this
feature.
Sep 21, 2009 www.RD1.net
31. 31
New ChrootDir Directive (3)
Makes chroot easier, but still work required.
Some typical directories required:
CHR=/var/www/chroot/
mkdir –p $CHR/var/www
mv /var/www/* /var/www/chroot/var/www/
mkdir $CHR/var/run
mkdir $CHR/tmp
mkdir –p $CHR/ /var/lib/php/session
Usually others? Your Mileage Will vary!
Sep 21, 2009 www.RD1.net
32. 32
Apache and SELinux
an Alternative to chroot
A different (easier?) approach to chroot
Implements Mandatory Access Controls
Use SELinux in targeted mode
In /etc/selinux/config, set
SELINUXTYPE=targeted
To test, start with
SELINUX=permissive
Switch to
SELINUX=enforcing
Sep 21, 2009 www.RD1.net
33. 33
Apache SELinux Polices
httpd_selinux(8) man page defines contexts types:
httpd_sys_content_t - all content access
httpd_sys_script_exec_t – for scripts
/etc/selinux/targeted/contexts/files/
file_contexts – labels directories with types
/var/www/cgi-bin(/.*)?
system_u:object_r:httpd_sys_script_exec_t:s0
/var/www(/.*)?
system_u:object_r:httpd_sys_content_t:s0
Sep 21, 2009 www.RD1.net
34. 34
Checking SELinux Labels
Use –Z option on ls to see SELinux labels
ls -Z /var/www
drwxr-xr-x root root
system_u:object_r:httpd_sys_script_exec_t cgi-bin
drwxr-xr-x root root
system_u:object_r:httpd_sys_content_t error
drwxr-xr-x root root
system_u:object_r:httpd_sys_content_t html
drwxr-xr-x root root
system_u:object_r:httpd_sys_content_t icons
drwxr-xr-x webalizer root
system_u:object_r:httpd_sys_content_t usage
Sep 21, 2009 www.RD1.net
36. 36
HTTP Request Methods?
RFC 2616 defines HTTP/1.1 Methods
GET - Most used – retrieves content
HEAD – Doesn’t return body, used to check
for existence and updates
POST – Typically used for FORM submissions
PUT – Push a resource up to the server
DELETE – Remove a resource
TRACE – For Debugging
CONNECT – for SSL Proxy connections
Sep 21, 2009 www.RD1.net
37. 37Sep 21, 2009 www.RD1.net
Limiting HTTP Request Methods
Limit Methods to HEAD, GET and POST
<Directory "/var/www/html">
Order allow,deny
Allow from all
<LimitExcept GET POST>
deny from all
</LimitExcept>
Options None
AllowOverride None
</Directory>
TRACE is not limited by this!
HEAD is included with GET
38. 38Sep 21, 2009 www.RD1.net
Deny HTTP Trace
Mod_Rewrite Technique
TRACE method part of RFC HTTP protocol
Reflects the request back to the client
Intended for Debug
Used for XST (Cross-Site Tracing vulnerabilities)
Use mod_rewrite to deny TRACE Method
[F] Flag returns 403 Forbidden
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
39. 39Sep 21, 2009 www.RD1.net
Deny HTTP Trace
New TraceEnable Directive
Description: Determines the behavior on TRACE requests
Syntax: TraceEnable [on|off|extended]
Default: TraceEnable on
Context: server config
Module: core
Compatibility: Available in Apache 1.3.34, 2.0.55 and later
Example:
TraceEnable off
41. 41Sep 21, 2009 www.RD1.net
Mod_Security Features
Open Source Web Application Firewall
Features:
Request filtering
Anti-evasion techniques - paths and parameters
are normalized
Understands the HTTP protocol
Performs very specific and fine grain filtering.
POST payload analysis
42. 42Sep 21, 2009 www.RD1.net
Mod_Security Features (2)
More Features:
Audit logging - Full details can be logged for
later analysis
HTTPS – Analysis performed after decryption
Inspect and Filter Any Headers
Buffer Overflow Protection
Attack Detection and Prevention
43. 43Sep 21, 2009 www.RD1.net
Mod_security Configuration
Easily Installed via package, or build from
source.
Configuration mod_security.conf
Rename file if using include conf.d/
LoadModule security_module modules/mod_security.so
<IfModule mod_security.c>
# Turn the Filtering and Audit engine, On
SecFilterEngine On
SecAuditEngine RelevantOnly
44. 44Sep 21, 2009 www.RD1.net
Mod_security Configuration (2)
More Basic Feature Configuration
# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On
# Unicode encoding check
SecFilterCheckUnicodeEncoding On
# Only allow bytes from this range
SecFilterForceByteRange 1 255
# Cookie format checks.
SecFilterCheckCookieFormat On
# The name of the audit log file
SecAuditLog logs/audit_log
# Should mod_security inspect POST payloads
SecFilterScanPOST On
# Default action set
SecFilterDefaultAction "deny,log,status:406"
45. 45Sep 21, 2009 www.RD1.net
Mod_security Filters (1)
Basic Recommended Filters
# Require HTTP_USER_AGENT and HTTP_HOST headers
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
# Only accept request encodings we how handle
# we exclude GET requests because some (automated)
# clients supply "text/html" as Content-Type
SecFilterSelective REQUEST_METHOD "!^GET$" chain
SecFilterSelective HTTP_Content-Type "!(^$|
^application/x-www-form-urlencoded$|^multipart/form-
data)"
46. 46Sep 21, 2009 www.RD1.net
Mod_security Filters (2)
More Basic Recommended Filters
# Require Content-Length to be provided with
# every POST request
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"
# Don't accept transfer encodings we don't handle
SecFilterSelective HTTP_Transfer-Encoding "!^$"
48. 48Sep 21, 2009 www.RD1.net
Logging Directives
LogLevel
Controls Verbosity
Values are emerg, alert, crit, error, warn, notice,
info and debug
Notice is recommended
ErrorLog – File name for logging errors
LogFormat – Defined format of log entries
CustomLog logs/acces_log combined
49. 49Sep 21, 2009 www.RD1.net
Logging Directives (2)
Sample Logging Configuration
LogLevel notice
ErrorLog logs/error_log
LogFormat "%h %l %u %t "%r" %>s %b "%{Accept}i" "%
{Referer}i" "%{User-Agent}i"" combined
CustomLog logs/access_log combined
Combined format is fairly standard and handled
well by log analysis software
Use Swatch or LogWatch for log monitoring.
50. 50Sep 21, 2009 www.RD1.net
Log Monitoring
Sample LogWatch output with Web Attacks
Requests with error response codes
404 Not Found
//README: 2 Time(s)
//chat/messagesL.php3: 1 Time(s)
//graph_image.php: 1 Time(s)
/PhpMyChat//chat/messagesL.php3: 1 Time(s)
/horde-3.0.5//README: 2 Time(s)
406 Not Acceptable
/: 2 Time(s)
/robots.txt: 1 Time(s)
51. 51
Log Monitoring (2)
More Samples of Web Scans / Attacks
Looking for open proxy & phone apps?
400 Bad Request
http://www.wantsfly.com/prx.php?hash=457F6 ...
404 Not Found
/apple-touch-icon.png: 1 Time(s)
/iphone/: 2 Time(s)
/mobi/: 2 Time(s)
/mobile/: 2 Time(s)
/pda/: 2 Time(s)
/sql/: 1 Time(s)
Sep 21, 2009 www.RD1.net
52. 52
Abuse Reports
Why Report Attacks on your Servers?
Makes it a more difficult for the attacker
(Yeah, mostly for the script kiddies)
Educates organizations on the state of their system and their need
for response
Helps make the Internet a better place
Choose your “favorites” to report
Use whois on IP address of the source IP to abuse email
contact
Reporting to questionable organizations may not be
helpful, or helpful in the wrong way.
Sep 21, 2009 www.RD1.net
53. 53
Abuse Reports – How to (2)
Keep it Simple Just the facts.
To: abuse@example.com
Subject: web vulnerability attack from IP xx.xx.xx.xx
Logs are included below of a web vulnerability attack from the above
address. This system may have been compromised or infected. Please
take action to prevent further abuse. An e-mail reply is appreciated.
Thank you for taking action on this.
-- Ralph Durkee, CISSP, GSEC, GCIH, GSNA, GPEN
Information Security Consultant
USA 585-624-9551
Logs are NTP time synced in USA EDT TZ
Sep 21, 2009 www.RD1.net
55. 55
Abuse Reports (3)
Some Recent Interesting User Agent in Logs
xx.xx.xx.xx - - [03/Sep/2009:20:04:50 -0400] "GET
/ HTTP/1.0" 200 67 "-" "Mozilla/5.0 (iPhone; U;
CPU like Mac OS X; en) AppleWebKit/420+
(KHTML, like Gecko) Version/3.0 Mobile/1A543a
Safari/419.3“
xx.xx.xx.xx - - [03/Sep/2009:20:05:01 -0400] "GET
/apple-touch-icon.png
HTTP/1.0" 404 218 "-" "Mozilla/5.0 (iPhone; U;
CPU like Mac OS X; en)
AppleWebKit/420+ (KHTML, like Gecko)
Version/3.0 Mobile/1A543a Safari/419.3"
Sep 21, 2009 www.RD1.net
56. 56
Abuse Responses
From: Amazon EC2 Abuse ec2-abuse-team@amazon.com
Thank you for submitting your abuse report.
We have received your report of Intrusion Attempts originating from our network.
We have completed an initial investigation of the issue and learned that the
activity you noticed did indeed originate from an Amazon EC2 instance. These
intrusion attempts that you report were not, however, initiated by Amazon.
One of the biggest advantages of Amazon EC2 is that developers are given
complete control of their instances. . . .
That said, we do take reports of unauthorized network activity from our
environment very seriously. It is specifically forbidden in our terms of use. This
instance has since been terminated.
Sep 21, 2009 www.RD1.net
57. 57
OSSEC.net
OSSEC – Open Source HIDS, central logging and
monitoring solution – aka SIM/SEM/SIEM
Supports most platforms
Linux/Unix/Windows/Mac
Real-time alerting
Active response - blocking of attacks
Agent and Agentless monitoring
File Integrity Monitoring
Rootkit detection
Sep 21, 2009 www.RD1.net