In addition, Bri has written several articles for SecurityFocus:
- Filtering E-Mail with Postfix and Procmail. Discusses the UCE/UBE filters available
in the Postfix mail server, integrating spam prevention and filtering strategies
in the Procmail local mail delivery agent, and two top-notch filters, Vipul's Razor
and SpamAssasssin.
part one part two part three part four
- An Overview of LIDS, the Linux Intrusion Detection System,
teaches you in depth about how LIDS can extend
the traditional Linux security model to enforce stricter
file and capabilities ACLs.
part one part two part three part four
- Firewall-related /proc entries on Linux, an expanded version of
one of the Linux Security: Tips, Tricks, and Hackery newsletters.
Bri Hatch also writes the "Linux Security: Tips, Tricks, and Hackery" newsletter which you can sign up for at http://lists.onsight.com. All articles are reprinted here for your convienience, and include formatting (bold/italics/etc) that may not render as well in the text version sent in email.
27-Nov-2004: The big Hiatus
Bri take some time off writing about SSH ... to write about SSH.23-Sep-2004: SSH Bouncing - How to get through firewalls easily, Part 2.
Often you'll have firewalls or other network equipment that doesn't allow direct SSH access to machines behind it. Using a bit of trickery, you can get through without seemingly jumping through any hoops.30-Aug-2004: SSH Bouncing - How to get through firewalls easily.
Often you'll have firewalls or other network equipment that doesn't allow direct SSH access to machines behind it. Using a bit of trickery, you can get through without seemingly jumping through any hoops.05-Jul-2004: SSH Users beware: The hazards of X11 forwarding
Logging into another machine can compromise your desktop...08-Jun-2004: The ease of (ab)using X11, Part 2
Abusing X11 for fun and passwords.13-May-2004: The ease of (ab)using X11, Part 1
X11 is the protocol that underlies your graphical desktop environment, and you need to be aware of its security model.27-Apr-2004: File and email encryption with GnuPG (PGP) part six
Signing public keys is your way of telling GnuPG and other people that you've verified the owner of the key.14-Apr-2004: File and email encryption with GnuPG (PGP) part five
Verifying public keys.11-Mar-2004: File and email encryption with GnuPG (PGP) part four
Importing and Exporting public keys.19-Feb-2004: File and email encryption with GnuPG (PGP) part three
Encrypting and decrypting is as easy as pie, assuming you still remember your passphrase.31-Dec-2003: File and email encryption with GnuPG (PGP), part two
Creating your PGP key takes just a minute, and is the first step to PGP security.14-Dec-2003: The mysteriously persistently exploitable program explained.
/bin/rm doesn't mean remove, it means unlink, and it has security repercussions.04-Dec-2003: File and email encryption with GnuPG (PGP) part one
File and mail security is easy to achieve with the right tools. PGP has proven itself the leader, and GnuPG is the tool of choice in the Linux world..11-Nov-2003: Contest - The mysteriously persistently exploitable program.
How can a program be exploitable by an attacker, even after it's been deleted?06-Oct-2003: Nmap Version Detection Rocks
The newest version of Nmap can fingerprint the protocol and software versions that it discovers, giving you a more accurate picture of your network.11-Sep-2003: The wrong way to upgrade your RPMs
Keeping your machine up to date requires that you update your software. If your distro uses RPM packages, be sure you aren't accidentally installing new software when you upgrade.25-Aug-2003: Running custom DNS queries - stealthily managing iptables rules remotely, Part 3
Now that we have our DNS sniffer running, we need to send it commands.14-Aug-2003: Running programs in response to sniffed DNS packets - stealthily managing iptables rules remotely, Part 2
In combination to the watch_dns program which uses Net::Pcap to sniff DNS packets, we complete our stealthy remote execution setup.30-Jul-2003: Sniffing with Net::Pcap to stealthily managing iptables rules remotely, Part 1
Net::Pcap allows you to process captured network packets and set up routines to process them in any mode imaginable.22-Jul-2003: Using iptables chains to simplify kernel ACL management.
By creating new chains that are called by the INPUT chain, you can easily tweak kernel ACLs without recreating the entire ruleset each time.09-Jul-2003: Ten minute host firewall, Part 2
Create a simple but effective host firewall for your machine in ten minutes or less.03-Jul-2003: Ten minute host firewall, Part 1
Create a simple but effective host firewall for your machine in ten minutes or less.23-Jun-2003: Linux file locking mechanisms - Mandatory Locking
Mandatory Locking can enforce file locks at the kernel level.16-Jun-2003: Linux file locking mechanisms - Flock, Lockf, and Fcntl
Multitasking operating systems can be prone to race conditions, but implementing proper file locking routines can prevent programming mistakes.02-Jun-2003: Challenge yourself to get rid of insecure software.
System setups that are known to be buggy can persist for far too long unless you force yourself to take the time to revisit them periodically.22-May-2003: /proc/config offers a post-intrusion clue
A non-standard kernel patch provides some insight into a cracker's activities.15-May-2003: Who's listening on that port?
Tracking down your network daemons is extremely easy if you use the right tools.27-Apr-2003: Linux: the Securable Operating System
Every security hook in the Linux kernel. Hopefully.24-Apr-2003: Linux File Permission Confusion pt 2
File permissions, the most basic form of security control that exists on Unix-like systems, is still misunderstood by many.17-Apr-2003: Linux File Permission Confusion
File permissions, the most basic form of security control that exists on Unix-like systems, is still misunderstood by many.09-Apr-2003: The Upgrade Process: Restarting vs Rebooting.
Upgrading your software is a constant task. But when does it require a reboot, and when can you get by without?01-Apr-2003: Vulnerabilities in the Media -- who to trust?
There are a variety of people and entities that publish information about security problems. Who should you trust?23-Mar-2003: Beware the Ides of March
Everyone needs a good reminder about when it's time to change their passwords. For me, it's March 15th.16-Mar-2003: SSH Tunneling part 3 - Where does the crypto end?
Want to encrypt an otherwise cleartext transmission? SSH Tunneling may be the tool for you.09-Mar-2003: SSH Tunneling part 2 - Remote Forwarding
Want to encrypt an otherwise cleartext transmission? SSH Tunneling may be the tool for you.28-Feb-2003: SSH Tunneling part 1 - Local Forwarding
Want to encrypt an otherwise cleartext transmission? SSH Tunneling may be the tool for you.20-Feb-2003: Preventing Syslog Denial of Service attacks.
Syslog servers can be subjected to DoS attacks both locally and remotely - take steps to protect your logs from abuse.13-Feb-2003: Egress filtering for a healthier Internet.
Security is not just protecting yourself from others, you must protect others from yourself. Egress filtering is an important part of any firewall setup.05-Feb-2003: Cracking an algorithm bit by bit conclusion.
We complete our reverse engineering of a terribly-lame encryption algorithm.29-Jan-2003: Cryptography Contest: Cracking an Algorithm bit by bit.
This week, we begin to reverse engineer the home-grown encryption algorithm discussed last week.22-Jan-2003: Home grown crypto is bad crypto. (+contest)
Every programmer tries to build their own encryption algorithm at some point. In one word: Don't.15-Jan-2003: The Authprogs SSH Command Authenticator (Passwordless SSH part 4)
09-Jan-2003: Secure Passwordless Logins with SSH Part 3
How to create passwordless logins to allow remote administration tasks securely with SSH - restricting possible actions for SSH identities.26-Dec-2002: Secure Passwordless Logins with SSH Part 2
How to create passwordless logins to allow remote administration tasks securely with SSH - setting up your SSH identities.11-Dec-2002: Secure Passwordless Logins with SSH Part 1
How to create passwordless logins to allow remote administration tasks securely with SSH05-Dec-2002: /etc/inittab - The Most Overlooked Cracker Haven
Crackers can cause their software to be run by adding entries to /etc/inittab, a file frequently missed by administrators.27-Nov-2002: Challenge: How Did These Processes Get Here?
A cracker caused software to run at bootup, but the administrator couldn't figure out how.20-Nov-2002: Keeping User-Level Access When Locked Out
Incomplete user-locking procedures can fail, leaving opportunities for them to maintain access to your system without your consent.13-Nov-2002: Identifying a deleted account.
Locking out old and suspect users is a good thing, but it's imperative that you keep a log of locked users to be able to investigate anything they've left behind.06-Nov-2002: Audit trails are vital for post-compromise investigations.
It is imperative that you can determine what state a machine was in before you can ascertain how crackers compromised your security measures.30-Oct-2002: Use illegal networks when discussing your systems
Don't use real IP addresses or host names when talking to outsiders or giving advice.22-Oct-2002: Vet the code or pay the price
Too many people blindly execute commands from anonymous strangers without checking to see what lays hidden, and leave themselves open to malicous attacks.15-Oct-2002: Firewalling /proc entries
There are several network-related protections you can enable with simple change to the Linux kernel via /proc pseudo files.08-Oct-2002: Ten minute Firewall
Create a simple but effective firewall for your home network in ten minutes or less.01-Oct-2002: Creating an Anonymous FTP server with Publicfile
Step-by-step instructions that guide you through creating a secure anonymous ftp site.24-Sep-2002: A Slap Upside the Head
Proactive security would have blocked the Linux Slapper worm and could help stop future worms in their tracks.17-Sep-2002: Greasing the Squeaky Wheels
A healthy dose of paranoia is good for the soul, not to mention your IT infrastructure's security position, but overdosing can make the system less usable for you and your users.10-Sep-2002: Stunnel 4.00 Builds on Prior Success
The recent release of Stunnel version 4.00 picks up where previous versions left off by improving encryptions capabilities and simplifying installation and configuration.27-Aug-2002: Executing Code From Non-executable Files
With a little creativity and effort, those innocuous looking, non-executable file formats may be made more dangerous than they appear.20-Aug-2002: An SSL Vulnerability for the Masses
The latest SSL bug affecting Internet Explorer presents an equally dangerous threat to other, non-Microsoft browsers as well.13-Aug-2002: Wrapping Up DJBDNS
This week, Bri wraps up the DJBDNS discussion by explaining how to import your existing BIND zones into tinydns data format and then start up the axfrdns server to let you finally become BIND-free.06-Aug-2002: Making the Conversion: From BIND to tinydns
Once your dns caching service is setup, it's time to start converting your BIND datafiles to tinydns data format.30-Jul-2002: DJBDNS: The Pieces
DJBDNS is only as effective as the sum of its parts. Understanding the different pieces that constitute DJBDNS is the first step to effectively deploying it.23-Jul-2002: Installing the DJBDNS Software
Before installing the DJBDNS software, installing the documentation to your local system could prove to be an invaluable resource as the installation process moves forward.16-Jul-2002: Using DJBDNS and Getting Out of a BIND
DJBDNS eases DNS management and improves security over BIND alternatives by taking a different approach to serving and caching DNS answers.09-Jul-2002: A Rash of Vulnerabilities Come to Light
A rash of recent vulnerabilities has caused a minor uproar regarding the method and timeliness of their disclosure, but it also provided vendors an opportunity to showcase their firefighting abilities.02-Jul-2002: Another Backdoor to Root Access
Although sulogin will prevent some forms of access to a root shell, preventing other methods of passing command-line arguments to the kernel requires a bit more.25-Jun-2002: Hardening LILO Against Unauthorized Access
While the LILO boot loader's ability to take command line arguments can allow you to repair boot problems, it can also allow unauthorized root access to your system.18-Jun-2002: Boot Access is Root Access
Mistakes happen. More importantly though, how do you access your machine to clean up after they happen? Yet even more importantly, can you stop unauthorized users from exploiting these same techniques?11-Jun-2002: Architecture Diversity: A Security Perspective
Bri's old Sparc 5 running Linux proved to be a poor choice for a Honeypot, but an excellent lesson in architecture diversity.04-Jun-2002: Linux Goes a la Carte with UnitedLinux
Ignoring some trepidation regarding per-seat licenses and questionable GPL practices, UnitedLinux is generating excitement among business users eagerly anticipating the array of features compiled from the best Linux suites on the market.28-May-2002: Sign Everything, My Friends
By including a digital signature on your emails, you establish a concrete accounting system for all emails you send and verify to recipients that the emails are actually being sent by you.21-May-2002: Our Continuing /proc and lsof Investigation
Following up on last week's useful /proc and lsof investigative tools, Bri goes back and addresses the tidbits he didn't have time for last week.14-May-2002: Investigating Processes, Part 1
This week, Bri shares some more /proc tricks for investigating programs running on your machine.07-May-2002: Recovering files from /Proc
The ability to use files seemingly deleted from the /proc directory helps savvy attackers avoid detection and remove incriminating files.30-Apr-2002: Solution to Challenging the Man in the Middle
This week, Bri solves the mystery surrounding the man-in-the-middle attacks.23-Apr-2002: SSL is Not a Magic Bullet
Although SSL does provide an encrypted layer of protection to Web transactions, it is not the answer to every security concern. This week, Bri overviews SSL and casts a critical eye on its advantages and disadvantage.16-Apr-2002: Challenging the Man-in-the-Middle
This week, Bri presents our readers with a challenge to help solve the man-in-the-middle attack.09-Apr-2002: Our Electronic Entry System
The best security will usually cause your employees the greatest number of hassles, but aren't your assets worth it?02-Apr-2002: The Hazards of Inconsistency
Linux's inconsistencies can open dangerous vulnerabilities when unsuspecting admins don't stay up to date on the latest news about their tools.26-Mar-2002: Where to Go for Security Summaries
Weekly Security summaries are an indespensible part of staying on top of issues that affect your machines and networks.19-Mar-2002: No Reboot Necessary
A motto appropriate for both boy scouts and security admins: Always be prepared. When a vulnerability surfaces, it could mean the difference between remotely patching a hole and driving across town to your server room.12-Mar-2002: Security with Obscurity is Great
Security through Obscurity is not a scheme to build your security plan around, but it still has its merit as a means to increase your overall security.05-Mar-2002: Where to Go for Timely Alerts
A little knowledge can go a long way, especially when that knowledge is about the latest threats to your system. But where does the savvy admin go for such information?26-Feb-2002: Ready, Set, Patch!
SNMP launched this week's panicky rush to patch vulnerable machines and caused many system administrators to reacquaint themselves with an old friend, nmap.19-Feb-2002: Everyone Needs Backup
Every great hero has had an equally great partner for a safety net. Managing your system's security as a lone wolf may earn you all the glory, but it also leaves you a much smaller margin of error.