Category Archives: Security

Central Rsyslog server with TLS encrytion. | rsyslog log central splunk

Certificate setup.

Server Certificate.

Create the following directory

Install the following package to enable encryption on rsyslog.

Execute the following command which create the certificates.

Client Certificate.


Copy the following three certificates to the client machine to the following location /etc/ssl/rsyslog/.



Server Setup.

Create the following configuration file.

Restart the server.

This will allow the changes to take effect.

Running netstat will show you that its listen on encrypted and un-encrypted ports for logging traffic.

Client Setup.

Replace the SERVER with the IP address of your rsyslog server.

Restart rsyslog on the client so that changes can take effect.

Now to test the logs are transmitted execute.

To verify that the logs are received on the encrypted port, connect to the server and run the following.

This will listen for traffic on the encrypted port. Successful results should look like this.


How to disable root access to RHEL Redhat systems. | disable root access linux

For security reasons, root access to Linux systems should be disabled as  standard theses days. Some distributions still allow it but other have blocked it by default. We should be taking advantage of sudo, which allows you to log in with your standard unprivileged account but execute root commands with the sudo app.

Here are some quick and easy steps to stop root access to your system and improve your security footprint.

This command will lock the root account

This will replace the hashed password with “!”, which is another way to stop logons

To add another level of security you should also disable root logons from the ssh server too. Here is how to do so,

Ensure the following entry is set, if it currently does not exist in the config file, add it anywhere.


sudo: no tty present and no askpass program specified | sudo: no tty present and no askpass program specified

I was setting up automated logon with SSH, and wanted to have root access via sudo to perform certain tasks. Ended up getting these errors when I tried to run sudo commands over the ssh link.

The cause of this error is not having the correct setup on your /etc/sudoers file. Here is the fix.

Edit your sudoers file with


Ensure your usernames entry looks like this.

Ensure the NOPASSWD is present, that does the trick.


Raspberry Pi 3 error IPTables | Raspberry pi error – iptables v1.4.21: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)

Was building a RPi3 machine and got the following error after an update.

Turns out nothing to worry about, just reboot the Pi.

Setup a backup job for your LAMP sites. | Setup a backup job for your LAMP sites.

I wrote a script which takes a backup of my webserver, taking a snapshot of all the website content, database, and configuration files.

Theory is if the webserver died, we would be about to result quickly using the data backed up.

On the server, put the following script and below is the cron entry which triggers every week. You will need up change the username and password for your mysql server.

This is the cron entry which fires up every friday.

Now this script will be on a linux machine somewhere else, it will connect and copy the backup archive file generated. You must first setup the ssh key so that its passwordless connection.

Simplicity it key! It works and will get you out of trouble. Well worth the 5minute investment.



Building a useful .ssh/config file for your SSH connections | setup to configure your .ssh/config file!

Writing a good ssh config file can make your life a whole lot easier especially if your an Linux Admin.

I have written a basic config file below which should be saved in the following location “~/.ssh/config”, when attempting to ssh its the first place SSH looks for instructions by default.

After the config if will go through in detail explain what each line does.

Host: this is like an alias, it will once you attempt to ssh to it, it will resolve using the Hostname field.

Hostname: Look above

Port: The port the ssh server is running on

User: the username you have on the server

Identityfile: This is your SSH private key location

ForwardX11: This is to allow you to see an X GUI session from the remote computer.

Keepalive: the next three are to enable keepalive which will ensure your SSH session stays active even after a period of inactivity. The two subsequent options enable you to configure the frequency of the keepalive packets.

Compression: this enables compression, this is especially useful over slow links. You will need to do more research for the senario which suits your connection and security requirements.

DynamicForward: This enables you to tunnle your connection to the remote host on the specified port. Simply setup your browser on socks5 proxy and point to localhost:port.

LocalForward: This enables you to setup tunneling. Simply specify your local reserved port and your remote IP and port which you want tunneled.

Fix Apache2 SELINUX permissions problems. | selinux stopping images appearing on site

I recently had a request with an Apache2 problem.  The website didn’t display the images on the page.

After looking at the logs, the error appeared in the /var/log/audit/audit.log.

When you kick off a request with the web browser, you see 5 – 6 error appear about permissions.

So fix this, its easy, running the following command while its running refresh your browser.

This tool will find the error and create a white list and store it as “test”

To implement the fix execute the following command.

Once completed you will have access to your files.

Solaris setup a NFS client and server | making a NFS client server environment in solaris

A quick howto for setting up NFS on a Solaris server.

This is relatively easy process, sometimes can be problematic due to firewall rules and services running on the system

Lets enable and start the services.

This will create the create and share it to the world, for this exercise I didnt specify source IP’s. You can do that later once you have everything working.

To confirm the share is now active

Ok now jumping on the client side, lets mount the share.

Lets see the mount

Done! Enjoy!

The best Raspberry Pi Case Ever! | single unit raspberry pi case includes power

I have looked at a number of Raspberry Pi cases, they all have one thing in common. They have a box (the raspberry pi itself), a USB cable, and an adapter at a minimum.

I wanted to create a unit which will improve these shortcomings for three main reasons.

  1. To look cleaner, neater,  and safety.
  2. Can be installed on sites where you are completing a security audit, the unit will not come under suspicion because of it looks.
  3. Cooling, performance and the ability to expand hardware inside the unit itself.

I used FreeCAD to design the 3D printable design and a Dremel 3D20 printer to print it.

I have made around three designs which I improved on each time, landing on the one published here.

The print contains a space for a Samsung USB power plug and a section for the USB connector, it contains a grove to allow it to sit firmly in place.

The Raspberry Pi sits on four poles which hold it firmly in place, and also allows you to connect the cat5 connected and four USB ports at the bottom.

I have build three slits on the bottom of the cover and three at the top, this is a clever wait to passively cool the Raspberry Pi. The air inside will heat up and rise, then exit from this top slits. This will then create a suction from the bottom, taking in the cool air. No need for a fan! Test proved to be promising.

I am really pleased with the design and use it at home.

I have plans to make it alot smaller, as you can see from the photos the biggest problems are the size of the adapter and the plug into the Pi itself. I have ordered smaller and cheaper power plugs and some L shaped USB connectors. This will allow me to design the casing to be alot smaller, ill keep you posted.

To make this project happen you need the following