Docker Containers Crash Course

Docker Crash Course As Hypervisor is slow to boot and use a lot of resources and needs full installation the Container Technology not that old we used to use LXC – openVZ extra but what a cool about Docker is it really lightweight with awesome images build  and we can ship many services in one […]

audit keystrokes with pam

The pam_tty_audit PAM module is used to enable or disable TTY auditing. By default, the kernel does not audit input on any TTY this module is part of auditd and it takes  3 parameters 1 – disable  is a pattern to disable the module in specified users u can use =* to disable it globally […]

Protect Boot & Single user mode

as a physical security is the main factor in our security perspective we all need to protect unauthorised access to our Linux box after we protect bios and we all know that anyone can rest the root password via accessing the single mode so we have 3 ways 1st thing to disable single user mode entirely […]

SSH Tunnelling

the most famous method is using D parameter in ssh connection to bind a port local in your machine and this port tunnel back to our remote box to send our traffic to this server example

then you can configure your application and browser to use your local IP 127.0.0.1 with the port 1337 […]

Secure/Lock accounts with PAM tally2

pam_tally2 is a PAM module to allow interaction in users interfaces on numbers of failed login attempt it can reset count on success, can deny access if too many attempts fail. this module is unique because it  not just reflect remote connection but also reflect the ttys and any system login method as it uses PAM example […]

password policy with pam_cracklib

cracklib pam module is a method to check the password against dictionary list and gives you availability to check the strength of the password and set rules to identify the poor passwords   here is the most important parameters for this module  minlen minimal password length dcredit maximum number of digits ucredit maximum uppercase letters […]

Pluggable Authentication Modules

Linux comes with Pam Modules to help you to interact with the running services in hardening way and custom the security of the service as you need. PAM is extra Rules to Control user interfaces ( Auth, Account, Session)  layers for the applications the applications/services should be compiled with libpam.so here is an example for […]

Regex to find mac address

today i was doing some forensics to find mac address inside syslog in linux systems i wrote this simple grep command to filter mac address from log files grep ‘[0-9a-zAz]\{2\}:[0-9a-zAz]\{2\}:[0-9a-zAz]\{2\}:[0-9a-zAz]\{2\}:[0-9a-zAz]\{2\}:[0-9a-zAz]\{2\}’     have fun

find duplicated UID in the linux system

u can identify the duplicated uid in your system this useful to identify if there some manipulation inside the users’ accounts getent passwd|cut -d : -f3 |sort -n|uniq -d it only returns the duplicated uid btw: if it returns 0 😀 you know the rest

users in shadow file explanation

this article explain the /etc/shadow this file content the users information example of the user data

username -> n1x password -> $6$UoDmVdoW$tYQQm5uHgOpeEKPygIaQ1GM/0IBbdYVrLHu8ZYF5pT17D3VM.FFKa2wS8J6gqbGKC2IpgImXy7SYVJK9r/fdw. last date password update since 1970-1-1 -> 16631 you can calculate it simply in python

minmum password age -> 7 maximum password age -> 15 warning days -> 2 inactive days […]