The blog which tells everything ! Blog posts, videos and tutorial pages on Debian GNU/Linux, drones, photography, video, audio, electronic.
The pages, tags, categories, screenshots and videos are really made in several languages, these are not automatic translations.
10 last posts
Debian11, Server, Logcheck to notify about any unknown activity
Logcheck installation and configuration with tuning. Logcheck parses the system logfiles, removing known legitimate patterns and sends the remaining lines to the administrator. It reports all the unusual activity, helping to detect attack attempts or successful attacks that would not be catched by other tools. I prefer to have less notifications, and to read them all, instead of having too many and skip them.
Debian11, Server, Tripwire to detect penetration
Tripwire is one of my favorite security tool, probably one of the most efficient. How to install and configure tripwire on a Linux Debian 11 Bullseye server to detect a penetration and react quickly. It takes securized footprints of files in the filesystem and periodically check that they did not change.
Debian11, Server, RKHunter to check for malwares and corruptions
RKHunter installation and configuration to check for critical files changes against automatic snapshots and for known rootkits. It also checks for processus with open descriptor on deleted files, for binaries which are actually scripts, … This helps to detect when a system was compromised.
Debian11, Server, Portsentry to block port scans
Installing and configuring Portsentry as a second line of defense against port scanning, after IPTables lscan and psd rules. It will ban attacker’s machines temporarily of definitely, but will whitelist my own network and IP addresses.
Debian11, Server, fail2ban install to ban attackers
Fail2ban parses log files, looking for attack attempts and take countermeasures to ban the attacker temporarily or permanently using IPTables and TCPWrapper rules. Configuration with TARPIT IPtables targets to “punish” attackers. This post describe the basic and common installation setup, I specialize it depending on the server type (public or gateway/router) in the next posts.
Debian11, Server, CronApt to keep the system up-to-date
cron-aptinstallation and configuration for a Debian 11 Bullseye server. It automatically updates the list of available packages, downloads the available upgrades for the installed packages, sends a notification email to the admin, and can also automatically upgrade the system.
Debian11, Server, mSMTP-MTA to send emails alerts
Every server is not a mail server. There is no need for a full Mail Transport Agent (MTA) on each. A simple relay, such as
msmtpis higly sufficient for the server to send email to a smart host. I use it as an
eximreplacement to provide simple email feature without local delivery on my workstations and servers. This documentation is partially inspired by yakati 1, in French.
Debian11, Server, IPTables
The Linux iptables firewall feature is already included in the kernel and the client application is already installed. I will install a wrapper to persist the firewall rules on the disk and to automatically reload them at reboot. I also prepare a default evolutive ruleset with one specificity : it forbids also OUTPUT connections by default. If someone gain access to my server an can execute a script, the script will probably be blocked to send the feedbacks to the attacker. I use CHAOS and TARPIT rules against obvious attacker and ratelimiting rules, as passive replies to attacks.
Debian11, Server, TCPIP tuning
How to activate some basic attack protections in the linux kernel network stack, against spoofing, flooding, smurfing, Man in the middle (MITM) or ICMP attacks.
Debian11, Server, SSH and Sudo root lock
I’ll never have to connect to my servers from the console, and I’ll never need a password authenticated sudo command, thus I don’t need any password based authtication. I’ll always connect through ssh with keys, thus I can lock the passwords for both the root account and the named account.