Linux Security Week: Apache Security Tips And GnuPG Insights

As the value of Linux security grows, and the coverage it warrants, more and more sites will continue to pop up covering the security issues in Open Source. This one comes from an OSTG member named Mayank Sharma, who also is also a blogger on IBM's site.

The GNU Privacy Guard (GnuPG) allows you to encrypt, decrypt, sign, and verify communications and data, as well as create and manage the keys needed for these tasks. It is a full, open source implementation of the OpenPGP Standard (RFC2440) and is integrated into many Linux applications ranging from clipboard applets to instant messaging clients. These applications make it easy to use GnuPG for digital security in the GNOME desktop environment. Most user's don't use any form of encryption when sending information over the Internet. Is the problem that it's not alway easy to use encryption? However, with theses GnuPG plugins user's can easily protect all their Internet traffic without touching the command line.

news/cryptography/digital-security-with-gnupg-plugins

ldirectord is a daemon to monitor and administer real servers in a LVS cluster of load balanced virtual servers. ldirectord is typically used as a resource for heartbeat , but can also run standalone from the command line.

Read on for an interesting tidbit on configuring this service to properly turn off checks for a specific service - this will come in handy for testing and debugging purposes to make sure you're not getting any alerts when you don't intend to.

Even though we are all security aware and use ridiculously strong passwords (I once used the lyrics to three of my favorite songs along with a few exclamation points and parentheses here and there), when one has to navigate through a series of networks and hop around servers, constantly typing in your SSH passwords can start to contribute to that carpel tunnel. This is pretty much like being the janitor with the huge keyring of identical looking keys. Read on for a concise article of setting up OpenSSH and your keyring to make life just a little more manageable while keeping things safe - isn't that what we're all looking for?

VMWare Inc. is putting a lot of time and effort into assuring attendees at its VMWorld user conference here that security is near the top of the company's agenda. In light of the news in recent months about virtualized rootkits, there has been mounting concern among IT managers and security experts about the security of virtualized environments. Virtization security has got a lot of attention as of late. Is the problem that vm servers share resources and can lead to memory leaks? Does hardware installs have the same problem?

Even with Apache's focus on producing a secure product, the Web server can still be vulnerable to any number of attacks if you fail to take some security precautions as you build your server. In this article, Scott Lowe provides you with 10 tips that will help you keep your Apache Web server protected from predators. Any tips on how to make Apache more secure I am always interested in reading. Even having the correct permissions to web files helps protects the web server. This article talks about many other tips but what do you do to secure Apache?

news/network-security/10-tips-for-securing-apache

Those same extensions that add power to Firefox, generally speaking, could arguably represent a security risk as well. It's a security gap that Mozilla is now plugging with its Alpha 8 development release of its next generation Firefox 3 browser. The new security extensions are designed to make getting updates more secure by using SSL. Firefox have been struggling to keep their browser secure as of late. Do you think Firefox 3 will be more secure then the current release? One thing is for sure, is the developers are taking security more seriously.

news/network-security/firefox-3-secures-extensions

When I started using GNU/Linux eight years ago, I was dumbfounded to encounter Debian users who started their day by upgrading their entire system. Yet now, with the updaters that sit in the notification trays of recent GNOME and KDE-based distributions, I realize that these daily upgraders were not daredevils, but pioneers in the idea that all upgrades are desirable. On my Linux desktop I have my updater automatically install updates. One reason I do so is to keep the installed packages up-to-date with the latest security patches. This article started to make me think about if I should be checking the updates before downloading and installing them. Do you have automatic updates configured?

GPass is a quick tool that lets you type up a list of passwords, locked away with a master password. It is easy enough to use: Just click the Add button, and give it a name and a password. If you want, you can set the password to expire so that GPass will tell you when you need to change it again. One good security practice is to have strong passwords but the stronger they are the more likely users will forget them. But are programs like GPass the answer? Personally I don't use any programs to remember passwords but do you?

Flaws in your DHCP server that allow intruders access to your whole system are not exactly what people have in mind in secure systems. Such flaws have been discovered in VMWare and are definitely worth taking a look at. Read on to see the ups and downs of VMWare in open source security - what do you think has to be done before virtual servers will be taken into the mainstream for enterprise companies?

news/hackscracks/vmware-bugs-shine-spotlight-on-virtualization-security

Customizing your systems SELinux policy can be necessary when running an application your policy is unaware of. Particularly, web based applications might need customization of Apache policy in order to run properly. SELinux development is a very useful skill to have. With this skill the next time you are thinking about disabling SELinux you will know what changes are needed to the policy to get any program working with SELinux. How many of use end up disabling SELinux because it's preventing our favorite program from running?