February 14, 2021

Disable searches via the address bar This script can be used to automate the reconfiguration of firefox #!/bin/bash -x FIREFOX_HOME=~/.mozilla/firefox DEFAULT_PROFILE=$(awk -F= '/Default=/{ print $2 ; exit }' $FIREFOX_HOME/profiles.ini) USER_JS=$FIREFOX_HOME/$DEFAULT_PROFILE/user.js cat > $USER_JS <<END // User Preferences user_pref("browser.urlbar.suggest.searches", false); user_pref("browser.fixup.alternate.enabled", false); user_pref("keyword.enabled", false); END


May 8, 2019

# Generate a password gpg --armor --gen-random 1 20 gpg --list-secret-keys # export private key to an encrypted file gpg --armor --export-secret-keys [KEYID|mail-address] | gpg --armor --symmetric --output encrypted-key.sec.asc Pinentry ~/.gnupg/gpg-agent.conf default-cache-ttl 300 max-cache-ttl 999999 enable-ssh-support pinentry-program /usr/bin/pinentry-curses # pinentry-program /usr/bin/pinentry-gnome3 disable-scdaemon Followed by: gpgconf --reload # or systemctl --user restart gpg-agent

intrusion prevention

July 8, 2016

On these pages i am going to demonstrate the usage of intrusion prevention systems, which get used in order to prevent brute force attacks primarily. Those tools track login attempts and react according to rules. To be reviewed ADMsmb – security scanner for samba


July 8, 2016

This section covers security topics in general. A crude password generator shuf -zer -n20 {A..Z} {a..z} {0..9}


January 5, 2016

If you have found this page you may already have trouble with this policykit. Afaik the major issue is, that policykit by itself does not log what it prohibits. To activate logging and debug successfully you need a special policykit rule file under /etc/polkit-1/rules.d/, which was written in javascript for some evil reason: // /etc/polkit-1/rules.d/99-logall.rules polkit.addRule(function(action, subject) { polkit.log("action=" + action); polkit.log("subject=" + subject); }); The number 99 is believed to be the last rule file in that directory, so that when it gets called it will log to syslog. ...

pfctl cheat sheet

October 3, 2015

Generic Only those commands, which you will probably require for setting pf up. pfctl -s Tables ;# lists all tables currently loaded pfctl -t [TABLENAME] -T show ;# shows content of table [TABLENAME] tcpdump -n -e -ttt -r /var/log/pflog tcpdump -n -e -ttt -i pflog0 Anchors Fail2ban has recently switched to using anchors to avoid unnecessary reloading of the whole rule set. That was the first time I had to do with anchors and since I could not figure out a simple way to display the contents of all private tables (which can be described as subtables of anchors), I came up with this solution for my collectd monitoring: ...

ipfw configuration

August 27, 2015

Here comes an ipfw-configuration on which I was working on. It should redirect some ports to the host system, others into jails and on top of that limit on which ports jails and host are allowed to communicate with outside. Additionally I have configured a one second delay for the initial SSH connection, which is supposed to render brute force attacks less attractive. # /usr/local/etc/2015-10-01.ipfw # ================================================================================ # clean up/ reset everything. ...


March 26, 2015

iptables is used to configure the linux kernel based firewall. Quite substatial is its ability to open and close ports, which I will discuss here. One should also be aware that iptables can be used to route traffic as well. View active rules To view the rules in action watch can be used like so: watch -d -n.1 iptables -L -v -n --line-numbers This will output a number of tables, called CHAIN, which are usually named INPUT, OUTPUT and FORWARD. ...

Backups: An introduction

September 22, 2014

online data redundancy Drives fail more often, than one would expect. Google has done a representative statistic concerning normal hard disk drives. In the FAQ of LUKS I learned, that even SSD's ain't guaranteed to last much longer. Therefore it seems wise to have the data saved twice or more in a production environment, where three drives seem to be the sweet spot in this manner. Even then your data is not safe! ...

disk encryption

August 29, 2014

Ratio: Why? Encryption comes at a price: You will have to spend time on it, because you have to decide how to do it and you will permanently use computing resources when using it. But what seems to be unattractive can pay out in situations, when your drive can be accessed by any foreigners, which might include: a person who has stolen it from you if your drive has failed and you returned it for guarantee the manufacturer will not repair exactly your drive, but will in most cases collect them and send you an already repaired drive back, which someone else had sent in before Choosing an encryption algorithm This really is a problem, because you never know which algorithm will be proven to be insecure tomorrow. ...