In case anyone out there using WordPress didn’t know, there’s a security update available bringing the current version up to 2.2.2. I just completed the upgrade for Solarum, as well as all the other WordPress sites that I host. So far it seems to have been a quick and painless upgrade that any of you affected ought to do in order to plug any potential security holes. Heads up!
Windows is free?
Here is an interesting article that I ran across. It’s in response to another article comparing Windows and Linux and attempting to show why Windows is so much the better. The article I am linking to is a rebuttal, yes, but more of a take on the comparison of Linux (which is open source and free) to Windows (which is not free, or maybe it is in some respects). It’s a good article, and he has some valid points I think. All in all I thought it was worth the read, so I decided to share it. Enjoy!
Protect your passwords!
Since I seem to be on a roll lately with password related posts, and since I linked to PasswordSafe in my last article about Good Password Practices, I thought I would post a Cool Tools entry about it too, because it definitely belongs on your kit! A quick synopsis for anyone who doesn’t already know (go read the Good Password Practices article!), PasswordSafe is a nifty open source application that allows you to store your passwords in an encrypted database. It offers some neat-o features like password history tracking (every time you change a password, it keeps a record of x number of old ones, just in case), you can group by category and store notes and more, all safely encrypted in one single file. It’s a great tool, and a must have.
There is another tool that was mentioned by a reader called Keepass, and although I am not near as familiar with it, I have used it in the past since it runs on Linux among other things. PasswordSafe is a Windows app, I just use it under Wine when I need it on Linux. Either way, the point is the same, plain text files and password protected Excel spreadsheets art out baby, encrypted databases are in. Keep your passwords safe!
PERL script to generate passwords
I guess this could be considered part of the password post that I put up a few minutes ago, but I wanted to post this script over in the forums that is a PERL script which generates passwords for you. Check it out, take a look and maybe you can get something beneficial from it!
Good password practices
Passwords, and why the heck are they so important?
Everyone has passwords, some have only a few, and some of us have bunches of them. In some cases, literally hundreds or thousands to manage, and let me tell you it’s a pain in the rear. However, password management is not the main thing this article is about, although it pertains to the subject. No, what I want to talk about today is the area of good passwords, strong passwords, passwords that will defend your server and shun any attack by the bad guys that try to get in while you are away playing Quidditch. I have seen lots of passwords in my day, and let me tell you that there are lots of servers that could be compromised using either “ncc1701” or “corona”.
Basics of securing a Linux server
One of the most important jobs that someone who calls themselves a “System Administrator” has is securing their servers. Whether it’s a personal server you are tinkering with, or a production server at work somewhere, keeping a server secure is paramount for many reasons, not just keeping your data safe. If your server were to get compromised, depending on what happened, it could be used as a zombie to target other machines in a massive DDoS attack. It might be used to send yet more spam out to the users of the world, or it could even be setup as a platform to launch more viruses and attacks against unsuspecting users all over the Internet.
The point is that there are a great many reasons to keep your server secure, and I don’t think there is anyone out there who would disagree. That being said, I have written up some basic steps that I go through to begin the process of securing my Linux boxes, thus hoping you can use it to help you secure yours. I decided to start with Linux because many people are testing and playing with it since it is very powerful and free. These are guidelines, as well as examples of how I do it. It’s too simple to say that there are better or worse ways of doing things. Read what I have below here and apply it to your situation, lots of things in this article can even be applied to Windows, as they are good practices regardless of the OS. Let’s get started shall we?