nmap (Network Mapper) is an open source tool for network exploration and security auditing and a powerfull port scanner. It can be used locally on localhost as netstat alternative, but it’s main use case is to scan remote hosts for open ports, system type, running services, etc…
LUKS (Linux Unified Key Setup) is encryption standard designed for Linux to encrypt Linux volumes or partitions. The implementation of LUKS is based on cryptsetup script as a basic disk encryption backend tool.
In this tutorial we will create Linux partition on KVM based CentOS 7, encrypt partition using LUKS cryptsetup and mount it permanently in particular mount point.
If you suspect that your system was compromised and files and/or their permissions were modified by the intruder, you can use AIDE to check your file system against some modifications.
AIDE (Advanced Intrusion Detection Environment) is a file integrity checker and intrusion detection program. AIDE is used to scan the system when it’s in known good state – it collects information about files and their permissions in the file system and writes gathered information to the database. Once the database is initialized it can be used to verify the integrity of the files in case of some compromise is suspected. All of the usual file attributes can be checked for inconsistencies.
In this tutorial we will show you how to install and deploy AIDE on CentOS/Fedora/RedHat.
SELinux (Security Enhanced Linux) is an additional method of Linux system protection. It’s a group of security contexts that determine which process can access which files, directories, ports, etc…
SELinux has three modes:
Enforcing: SELinux protects files, directories, ports against unauthorized access and logs all SELinux events and attempts.
Permissive: SELinux allows all interactions and context violations and logs them. Permissive mode is often used for troubleshooting SELinux.
Disabled: SELinux is completely disabled.
SELinux in Enforcing mode may cause problems accessing files or ports in the system, that’s why it’s good to know how to change it’s mode or even disable it.
Brute Force Attack consists of systematically checking all possible passwords until the correct one is found. If the host is exposed directly to the Internet (WAN) and SSH service is running on the host, it becomes a subject of constant brute force attacks performed by automated scripts like hydra.
To detect SSH brute force attempts on systems running systemd service manager (CentOS7/Fedora21/RHEL7), you can use journalctl command with parameters: