The blog which tells everything ! Blog posts, videos and tutorial pages on Debian GNU/Linux, drones, photography, video, audio, electronic.
The pages, tags, categories, screenshots and videos are really made in several languages, these are not automatic translations.
10 last posts
Avis, installation et utilisation de la tablette Huion Inspiroy WH1409 sous Debian
Comment installer, configurer et utiliser une tablette graphique Huion Inspiroy WH1409 sous Linux Debian Buster. Installation d’un pilote (driver), configuration du serveur XOrg, configuration des paramètres de la tablette pour les boutons, configuration multi-écran. Configuration et utilisation dans Blender, Krita, OpenToonz, Compiz, StoryBoarder, Zoom, Microsoft Teams, Google Hangout, GoToMeeting, BigBlueButton, Open Broadcast Studio (OBS), Compiz …
Debian11, Server, FWLogWatch for a daily firewall log analysis
FWLogWatch installation and configuration to parse the IPTables logs and report them groupped in very few summary lines by email. It helps to very quickly identify potential attacks and maintain the filter rules.
Debian11, Server, LogWatch for a daily aggregated log analysis
Whereas LogCheck is low level and hourly log lines extractions, LogWatch is higher level daily log analysis with aggregation to have behavior statistics and detect trends, slow scans or slow attacks. The email reports are shorter and consolidated. This is a very short basic default installation documentation blog post. Part of my default server installation.
Debian11, Server, Logcheck to notify about any unknown activity
Logcheck installation and configuration with tuning. Logcheck parses the system logfiles, removing known legitimate patterns and sends the remaining lines to the administrator. It reports all the unusual activity, helping to detect attack attempts or successful attacks that would not be catched by other tools. I prefer to have less notifications, and to read them all, instead of having too many and skip them.
Debian11, Server, Tripwire to detect penetration
Tripwire is one of my favorite security tool, probably one of the most efficient. How to install and configure tripwire on a Linux Debian 11 Bullseye server to detect a penetration and react quickly. It takes securized footprints of files in the filesystem and periodically check that they did not change.
Debian11, Server, RKHunter to check for malwares and corruptions
RKHunter installation and configuration to check for critical files changes against automatic snapshots and for known rootkits. It also checks for processus with open descriptor on deleted files, for binaries which are actually scripts, … This helps to detect when a system was compromised.
Debian11, Server, Portsentry to block port scans
Installing and configuring Portsentry as a second line of defense against port scanning, after IPTables lscan and psd rules. It will ban attacker’s machines temporarily of definitely, but will whitelist my own network and IP addresses.
Debian11, Server, fail2ban install to ban attackers
Fail2ban parses log files, looking for attack attempts and take countermeasures to ban the attacker temporarily or permanently using IPTables and TCPWrapper rules. Configuration with TARPIT IPtables targets to “punish” attackers. This post describe the basic and common installation setup, I specialize it depending on the server type (public or gateway/router) in the next posts.
Debian11, Server, CronApt to keep the system up-to-date
cron-aptinstallation and configuration for a Debian 11 Bullseye server. It automatically updates the list of available packages, downloads the available upgrades for the installed packages, sends a notification email to the admin, and can also automatically upgrade the system.
Debian11, Server, mSMTP-MTA to send emails alerts
Every server is not a mail server. There is no need for a full Mail Transport Agent (MTA) on each. A simple relay, such as
msmtpis higly sufficient for the server to send email to a smart host. I use it as an
eximreplacement to provide simple email feature without local delivery on my workstations and servers. This documentation is partially inspired by yakati 1, in French.