How to detect if your server is vulnerable to the Shellshock bug and fix it

Shellshock vulnerability is a security bug affecting Unix/Linux operating system through the bash shell. Disclosed on September 24 2014, it has been rated 10 (the maximum score) for severity by NIST. Debian installs bash by default so you’re probably affected!

To check if your server is vulnerable, run this command:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
Continue reading

How to detect if your server is vulnerable to the Heartbleed OpenSSL bug and fix it

HeartbleedThis is a serious bug affecting a lot of servers including Debian Wheezy. Act fast because everything is being scanned and information is being leaked right now!

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

It’s really easy to use to bug to steal information from affected systems without having any access to it or the network. To check if your server is infected and see what information it is exposing you can use this python script: hb-test.py

To use the script, make sure you have python installed and run the following command:

python hb-test.py www.example.org
Continue reading

Secure SSH with Two-Factor Authentication (using Google Authenticator) on squeeze

Two-Factor authentication adds an extra layer of security to the authentication process to prevent unauthorized users to access your services or data. Normally you only type username and password (something you know) but with Two-Factor authentications, additionally you need to provide something you have (mobile phone running Android, iOS or Blackberry with one time codes when using Google Authenticator).

Google Authenticator on iPhone1. Download and install the Google Authenticator app for you phone. Here you can find instructions: http://support.google.com/accounts/bin/answer.py?hl=en&answer=1066447 Continue reading

Scan your web server for vulnerabilities with Nikto on squeeze

Nikto is a web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.

1. Add non-free archive to apt sources (pico /etc/apt/sources.list)

deb http://ftp.uk.debian.org/debian/ squeeze main non-free
deb-src http://ftp.uk.debian.org/debian/ squeeze main non-free
Continue reading

Scan your server for rootkits with rkhunter

Rootkit hunter (rkhunter)rkhunter (Rootkit Hunter) is a tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.

1. Install rkhunter

apt-get install rkhunter
Continue reading

Prevent brute force attacks using fail2ban

fail2ban monitors log files such as /var/log/auth.log and /var/log/apache/access.log and temporarily or persistently bans failure-prone addresses by updating existing firewall rules. Currently, by default, fail2ban supports ssh/apache/vsftpd but configuration can be easily extended for monitoring any other ASCII file.

1. Install fail2ban

apt-get install fail2ban
Continue reading

Installing suPHP

suPHP is a tool for executing PHP scripts with the permissions of their owners. It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter.

1. Install suPHP

apt-get install libapache2-mod-suphp
Continue reading

Disable root login to SSH

Allowing root logins to your SSH damon is a big security threat. If the SSH port is open, hackers will probably at some time attempt to brute force your root password. It’s a good idea to disable root logins to SSH and instead use a normal user to login and type “su -” to enter the super user shell or sudo to perform tasks that require root privileges.

1. Open the SSH daemon config file and change this line: (pico /etc/ssh/sshd_config)

PermitRootLogin no
Continue reading