As recently announced in a previous article I wanted to write a couple of guides on how to mitigate Spectre and Meltdown vulnerabilities in GNU/Linux and UNIX environments. It is always a good and I hope a standard practice to have your systems patched and if they aren’t for whatever the reason (that legacy thing […]
How to mitigate Spectre and Meltdown on a Lenovo T430s laptop with Ubuntu
How to setup a simple firewall in FreeBSD using IPFW
Setting the firewall up is a mandatory task on any computer facing the internet. This is a simple, straightforward how to article on how to setup a box with an easy firewall configuration on FreeBSD. If you find the articles in Adminbyaccident.com useful to you, please consider making a donation. Use this link to get […]
How to test pfSense on VirtualBox running on FreeBSD
There are other guides on how to do this on Windows, Mac, but not on FreeBSD, so here goes a how to pfSense on Virtualbox running on FreeBSD. Before going to it, let’s address the first question, which is what is pfSense. pfSense is a FreeBSD based distribution made for networking purposes. The company behind […]
How to use Cloudflare’s Argo Tunnel service to publish a website on FreeBSD 12/13
What is the Cloudflare Argo Tunnel service? In short, a tunneled connection between a host and Cloudflare’s network. A longer depiction can be read in a blog entry of theirs, but I would put it as a secure way to connect the services you want to publish using their network as a shield. An example […]
How to install ModSecurity 2 on FreeBSD
WARNING: A newer version of ModSecurity is available. The article to install ModSecurity 3 on FreeBSD can be found here. Will be published on March 1st, 2021. If you find the articles in Adminbyaccident.com useful to you, please consider making a donation. Use this link to get $200 credit at DigitalOcean and support Adminbyaccident.com costs. […]
How to install software in FreeBSD with pkgng
The pkgng is the package management system in FreeBSD. It is used to install applications, and specific modules, libraries, etc. Nowadays you can select in between more than 25.000 thousand. Yes, twenty five thousand. The syntax to use is very intuitive and simple. As you may be already aware software comes in two forms. Source […]
How to use Fail2ban with WordPress
In a previous article we did an install of Fail2ban on a FreeBSD server. This tool can help us to protect our WordPress install, independatly from if we are using the FAMP stack or the LAMP stack. As I mentioned on that article Fail2ban is a complementary tool to our firewall. It works by scanning […]
List of Speculative Execution Vulnerabilities
Vulnerability CVE Exploit name Public vulnerability name Firmware changes Spectre 2017-5753 Variant 1 Bounds Check Bypass (BCB) No Spectre 2017-5715 Variant 2 Branch Target Injection (BTI) Yes Meltdown 2017-5754 Variant 3 Rogue Data Cache Load (RDCL) No Spectre-NG 2018-3640 Variant 3a Rogue System Register Read (RSRE) Yes Spectre-NG 2018-3639 Variant 4 Speculative Store Bypass (SSB) […]
How to harden Apache HTTP
Disclaimer: This is a long article. I haven’t collected some nice configuration settings here for the sake of it. There are other hardening guides but some fall short on explaining the functionalities to be enabled or disabled. Every step is shortly, and hopefully clearly, explained so any reader can grasp the main idea of every […]
How to secure the ELK stack on CentOS 8
This is a follow up of the ‘how to install the ELK stack on CentOS 8’. That is a basic setup with no security at all. There is no encryption, no username and password setup, nothing. Not even firewall rules to filter ports. And as it’s known security can’t only rely on one factor but […]