I added an htpasswd.txt to sites-avaiable/default to protect my site: Now that i’m trying to remove it, I can’t get rid of a .htpasswd protection I set up previously. I’ve tried everything from creating .htaccess in the root of my site with satisfy any like this post suggests and this, to de…
Tag: security
How to limit privileged user access at Linux Kernel level?
I found this answer on learning Linux Kernel Programming and my question is more specific for the security features of the Linux Kernel. I want to know how to limit privileged users or process’s access rights to other processes and files in contrast to full access of root. Until now I found: user and gr…
Is it possible to break out of a restricted (custom) shell?
Not sure if this is the right place to ask. Say I write a shell that takes stdin input, filters this input so let’s say only certain commands like ls (list contents of binary directory and subdirectory) update (git clone) build (go build) test (go test) start (systemctl start this.service only) stop (sy…
How to perform memory dump to docker container from outside
I’m trying to find a way to perform a memory dump on a docker container in order to perform memory forensics (to detect malware exploits for example). I would like to be able to perform the same methods I use on a virtual machine. The problem is that docker containers (and any kind of linux containers) …
How to upgrade OpenSSL in CentOS 6.5 / Linux / Unix from source?
How do I upgrade OpenSSL in CentOS 6.5? I have used these commands, but nothings happens: After using this command, I get the old version Answer Try this config line instead to overwrite the default. It installs to prefix /usr/local/ssl by default in your setup when you leave off the prefix. You probably have…
iptables LOG and DROP in one rule
I am trying to log outgoing connections with iptables. What I want is, drop and accept connection while logging them also. I have found that -j option takes DROP/REJECT/ACCEPT/LOG. But I want to do something like DROP and LOG or ACCEPT and LOG. Is there a way to achieve this ? Answer Example: Log Exampe: Othe…
I have to run node as root to send icmp echo packages for ping – how can I make it secure?
I’m using node’s net-ping to enable my front end to ping by connecting to node via websockets. Because linux will only let root users send out ping requests I’m having to run the script via sudo. I’m not at all comfortable doing this but I don’t think I have very much choice. Wha…
Best practices when running Node.js with port 80 (Ubuntu / Linode) [closed]
Closed. This question is opinion-based. It is not currently accepting answers. Want to improve this question? Update the question so it can be answered with facts and citations by editing this post. Closed 6 years ago. Improve this question I am setting up my first Node.js server on a cloud Linux node and I a…
What is vulnerable about this C code?
The way I understand it, the code above allows arbitrary code (or program) execution — what makes this vulnerable, and how does one take advantage of this? Answer You can override the PATH variable to point to a directory with your custom version of echo and since echo is executed using env, it isn’t tr…
Limiting syscall access for a Linux application
Assume a Linux binary foobar which has two different modes of operation: Mode A: A well-behaved mode in which syscalls a, b and c are used. Mode B: A things-gone-wrong mode in which syscalls a, b, c and d are used. Syscalls a, b and c are harmless, whereas syscall d is potentially dangerous and could cause in…