Disclaimer: What you are about to read may contain inaccuracies. Feel free to discuss them somewhere else. This is also my opinion and as such it may change through time, maybe tomorrow, next month, next year, next decade or never. I do also make very few reviews (if any) of what I write here so this article won’t be polished by any means and it is coming out of my mind and gut … [Read more...]
Linux VS open source UNIX
Feature name Linux FreeBSD OpenBSD TrustedBSD NetBSD Illumos Native File System Support Ext2/3/4 UFS UFS UFS UFS UFS (read only) XFS ZFS ZFS ZFS JFS Btrfs ZFS Support Yes Yes No Yes No Yes Native ZFS No Yes No Yes No Yes Boot … [Read more...]
Reasonable amount of enabled modules on Apache HTTP
CentOS Ubuntu FreeBSD core_module (static) core_module (static) core_module (static) so_module (static) so_module (static) so_module (static) http_module (static) watchdog_module (static) http_module (static) access_compat_module (shared) http_module (static) mpm_prefork_module (shared) actions_module (shared) log_config_module … [Read more...]
Lynis or how to quickly audit your system’s security configuration
A colleague of mine pointed me out to Lynis, a system’s configuration audit tool which checks the hardening of any running UNIX or UNIX-like system, including the BSDs. This tool has a built in check list and a set of sane and safe configurations and compares them to the target system. As output we find several topics, from system discovery to suggestions for some … [Read more...]
How to harden Apache HTTP
Disclaimer: This is a long article. I haven’t collected some nice configuration settings here for the sake of it. There are other hardening guides but some fall short on explaining the functionalities to be enabled or disabled. Every step is shortly, and hopefully clearly, explained so any reader can grasp the main idea of every setting. Following the recommendations in here … [Read more...]