Protect Boot & Single user mode

as a physical security is the main factor in our security perspective we all need to protect unauthorised access to our Linux box after we protect bios and we all know that anyone can rest the root password via accessing the single mode so we have 3 ways 1st thing to disable single user mode entirely […]

Regex to find mac address

today i was doing some forensics to find mac address inside syslog in linux systems i wrote this simple grep command to filter mac address from log files grep ‘[0-9a-zAz]\{2\}:[0-9a-zAz]\{2\}:[0-9a-zAz]\{2\}:[0-9a-zAz]\{2\}:[0-9a-zAz]\{2\}:[0-9a-zAz]\{2\}’     have fun

AIDE : Intrusion Detection Environment

this article about Intrusion Detection for file system changes like modification changing owner extra, for critical files or directories in our environment we using a software called AIDE Advanced Intrusion Detections Environment this software base on a library called mhash this lib used to calculate file hashes and AIDE save the file info inside DB […]

umask permissions explanation

what is umask? umask is the default permissions for writing a file in the system where the settings for umask? 1 – /etc/profile 2 – /etc/bashrc

RPM integrity and scripts

Yum repository comes with gpg  and md5 support to verify the validity of the package You can list installed gpg keys in your system via

It will show the unique id for the installed keys in your  system gpg-pubkey-e8562897-459f07a4 gpg-pubkey-217521f6-45e8a532 To list all information related to a key rpm -qi pgp-key-unique-id

  It […]

RedHat Packaging Security with yum

RedHat comes with a mitigated package called RHSA (RedHat security advisory) This RHSA comes with a unique id  like CVE Contain the date of fix and these type packages  come for the applications that shipped from RedHat Example RHSA-2015:0291 For listing available updates for application

For quick installation to security batches