Theo's Infosec Blog

First Ten Seconds - Ubuntu, Red Hat / Rocky Linux / Alma Linux Edition

There are a few initial security steps you should take for any new Linux server. This script performs several of those tasks in an automated fashion for you, saving you time and ensuring consistency. I really liked Jerry Gamblin's "My first 10 seconds on a server" blog post, and Bryan

Setting Up Discourse With Mailgun On A DigitalOcean One-Click Application Server

If you're having mail rejected saying it's coming from noreply@discourse.do.co or you're wondering why dmarc isn't set up, this article may help.You may have noticed, or may not have, that comments are once again available on my blog. If you scroll all the way to the

Harden Your Docker Deployment With Free Tools

With Docker vulnerabilities in the news of late, it makes sense to have a look at hardening your deployments, especially any that are exposed to the Internet.Doomsday Docker security hole article on ZDNetThings you can do to protect yourself, as with any system exposed to the Internet include: Patching

Use Center for Internet Security - CIS Benchmarks to Secure Your Systems

The Center for Internet Security has free guides that will help you secure your systems. A typical corporate environment may have a broad array of systems, including routers, switches, and firewalls from vendors such as Juniper and Cisco, and operating systems like Microsoft Windows, Mac OS X, Linux, and BSD.

Treat Yourself To More Linux Server Knowledge

$9.99 coupon for my Udemy Ubuntu Linux Fundamentals course.

How To Update The Message Of The Day (MOTD) On Ubuntu 18.04

I like to have a banner display at login to my servers when I use Secure Shell (SSH) to access them. Once upon a time, this was done by putting a static message in a static file called /etc/motd. Since 2008, in Ubuntu, this system has changed allowing administrators

Have A Ubiquiti UniFi Device? Make Sure To Change Your Default Credentials!

I was checking the security logs on one of my servers as I often do and noticed attempts to log into SSH using a curious username. My servers are all set up to authenticate using key-based credentials only, so none of these attempts threaten my infrastructure, but I like to

How To Check Whether A Reboot Is Required After Updates in Ubuntu

Wouldn't it be cool to know whether a reboot is needed after installing updates on your Ubuntu Server without having to log in again to check the Message of the Day (MOTD) to see? You can find out by checking for the presense of a particular file. If the file

Top 5 Free Tutorials for Linux Beginners

Securing Remote Access For Linux

I've created a free 7 part video tutorial on how to set up key based authentication for Linux. You'll learn how to: Install OpenSSH Server on your Ubuntu 16.04 LTS server Connect with PuTTY for Windows, iTerm for MAC OS X, or the Linux Terminal Generate your SSH Keys

Free Security Hardening Resources

Here are a few resources that will greatly help you in securing your operating system(s) and network for free! STIG Viewer Unified Compliance Framework's (UCF's) Security Technical Implementation Guides (STIG's) provide a down and dirty check-list style guide to securing a mulititude of operating systems and network devices. Sarah

SANS Holiday Hack Challenge

Do you want to learn to hack and thereby how to defend web sites? Try the SANS Holiday Hack Challenge. Shout out to Jeff V. (@mrvaughan) for the tweet about this!

Excellent Free Intro To Linux Course On edX

If you're not familiar with edX, they have many informative and interesting free online courses. I came across one that really impresses me, and I'm sharing it with you! I'm providing the link to the course on edX, but you can also access it for free directly at the Linux

New Course - Ubuntu Linux Fundamentals On Udemy

Howdy readers! I've recently released a new course on Udemy called "Ubuntu Linux Fundamentals - Learn Linux Server with Ubuntu" Here's a coupon for 90% off. It's normally $100, but you can get it for $10. This coupon is only good until midnight, Saturday, December 2nd, 2017, so

Blog Was Offline For A Bit

Howdy readers, I apologize, but the blog was down for about 5 days. I had two things going on, and it took me some time to resolve them. The good news is, the blog is back, and Ghost has been upgraded to version 1.0! Sorry for the inconvenience during

Disqus Comment Broker Suffers Data Breach

Disqus, recommended by Ghost and used by many, including this blog, hacked Disqus, a provider of comment features for many blogs, including this one, has announced a hack. Information on people who used Disqus between 2007 and 2012 is at risk. Information compromised includes: email addresses Disqus user names sign-up

Be Alerted If Your Account Was Compromised - haveibeenpwned.com

Millions upon millions of accounts are compromised every year. It is very likely that the account for some web site or online service you use has been exposed by an attack. How can you find out if your account may have been compromised? One way is to enter your email

Camera Lens Scam on Amazon

I just came across this article by Ziemowit Pierzycki about how he was scammed out of $1,500 for a camera lens he bought on Amazon. He seems to present clear evidence that this was an organized scam designed to part him from his money with no intent by the

Renewing LetsEncrypt Certificate When Using Cloudflare

I recently suffered a little down time on my site due to my letsencrypt certificate expiring and having some difficulty renewing because I'm using CloudFlare's Content Delivery Network in front of my site. I'm posting so that those of you who have similar issues won't have to Google as much

Beginner's Guide To Creating A Ghost Powered Blog

Learn how to create your own blog using Ghost, an an open source WordPress alternative. My latest creation. A new course on Udemy. If you're new to blogging, or considering starting one, and don't want to have to learn WordPress, Ghost may be for you, and this course can help.

Ghost 1.0 Released

It's here! Ghost Publishing Platform Version 1.0. On 27 July, 2017, John O'Nolan announced the release of Ghost Version 1.0. For those of you who haven't heard of Ghost, it is a Content Management System designed to make a pleasing interface for writing. It is open source, with

New Free Course and Certification - KLCP

Offensive Security announced a new, free Kali Linux Certified Professional Course and Certification Have you been looking to learn how to Penetration Test? Muts and crew have announced a new, free course and certification called Kali Linux Certified Professional. The KLCP can be your stepping stone to a career in

Using Fingerprints At Food Kiosks? There Are Risks.

Brian Krebs breaks story that Avanti, a self-service food kiosk vendor, was hacked. Avanti Markets, a vendor with "micro markets" in many corporate offices throughout the United States, has had a data breach believed to involve credit card and biometric data. See more from Brian's article. An interesting

Nikto - The Web App Scanning Tool - It's Origin

One of my esteemed colleagues was familiar with the popular open source web application scanning tools, Nikto, but was unaware of the origin of the name. As I mentioned, Nikto is a popular web application scanning tool. It's built into Kali Linux, and there's a version for Windows called Wikto.

How to Safely Check Suspicious Links

In case you weren't aware of it, your computer can become infected with malware by visiting an infected site, even if you don't click on anything upon hitting the site. It is called a drive by attack. If you want to check out a link in an email or on