Fail2Ban Description Fail2Ban is a very good tool if you want to protect yourself from intruders and you want to have a good inside of your architecture in terms of access. According with the official description (https://www.fail2ban.org/wiki/index.php/Main_Page) Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious…

DUO as a second factor authentication Description In this post I would like to share a solution that can be used as a second  factor authentication. In this moment on the market there are a few solutions that are doing the same thing, but I really think that DUO is…

Tcpdump and some useful filters Description In this post I would like to share a small solution that is using tcpdump to track only external connections that are new. This script can be very useful especially when you want to migrate some Internet facing servers and after a very long…

Nmap for scanning your infrastructure Description In this post I would like to share a small solution that checks your infrastructure for open ports other than necessary ones that you explicitly want to open. Explanation – The proposed solution is providing a small implementation that checks on regular basis or…

Centralized rsyslog server Description We have a centralized rsyslog server that receives all syslog messages from the servers and networking devices from our infrastructure. We’ll not discuss the redundancy part of the architecture so I’ll consider having a single rsyslog server with all necessary resources for storing and processing logs….

This blog is a technical one and is addressed to technical and non technical persons. The main goal is to address security issues, but in a real word IT security should be treated in correlation with the entire environment. Following capabilities should be protected and assured by security in my…