SSL Server Test

Qualys SSL Server Test is free online service that performs a deep analysis of the configuration of any SSL web server on the public Internet.

https://www.ssllabs.com/ssltest/

To configure Apache and Nginx with acceptable protocols TLS settings follow these guides, they will provide a better score on the above Qualys rating and make your SSL site more secure.

 

Penetration Testing Tools Cheat Sheet

Penetration testing tools cheat sheet, a quick reference high level overview for typical penetration testing engagements. Designed as a quick reference cheat sheet providing a high level overview of the typical commands you would run when performing a penetration test. For more in depth information I’d recommend the man file for the tool or a more specific pen testing cheat sheet.

Site and other tools from: https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/

netdata real-time performance monitoring for Linux

Netdata is a real-time performance monitoring solution.

Unlike other solutions that are only capable of presenting statistics of past performance, netdata is designed to be perfect for real-time performance troubleshooting.

Netdata is a linux daemon you run, which collects data in realtime (per second) and presents a web site to view and analyze them. The presentation is also real-time and full of interactive charts that precisely render all collected values.

Netdata has been designed to be installed on every system, without disrupting the applications running on it:

  • It will just use some spare CPU cycles (check Performance).
  • It will use the memory you want it have (check Memory Requirements).
  • Once started and while running, it does not use any disk I/O, apart its logging (check Log Files). Of course it saves its DB to disk when it exits and loads it back when it starts.
  • You can use it to monitor all your systems and applications. It will run on Linux PCs, servers or embedded devices.

Out of the box, it comes with plugins that collect key system metrics and metrics of popular applications.

Available here: https://github.com/firehol/netdata

HTTP Evader – Automate Firewall Evasion Tests

If you are behind a firewall (today often known marketed as IPS, NGFW or UTM) which claims to protect you from malware you might want to verify these claims. HTTP Evader provides you with a way to automatically test how your firewall deals with situations where the malware hides in rare or invalid responses from the web server. Lots of highly praised firewalls fail to detect malware in this cases, which means they fail to protect you properly. Please note that this is not about bypassing web application firewalls (WAF) which protect a web server but about bypassing firewalls which should protect the client (browser). It is also not about bypassing URL filters.

The following tests try to transfer the EICAR test virus to you using differently shaped responses of the web server. This official test virus should be detected by any antivirus solution but does not do any harm.

To find out if you are vulnerable simply point your browser to the HTTP Evader test site. Before you report any problems to your firewall vendor please read the section about false positives and verify that the detected evasion is really possible.

http://noxxi.de/research/http-evader.html

400+ Free Resources for DevOps & Sysadmins

In 2014 Google indexed 200 Terabytes of data (1 T of data is equal to 1024 GB, to give you some perspective). And, it’s estimated that Google’s 200 TB is just .004% of the entire internet. Basically the internet is a big place with unlimited information.

So in an effort to decrease searching and increase developing, Morpheus Data published this massive list of free resources for DevOps engineers and System Admins, or really anyone wanting to build something useful out of the internet.

All these resources are free, or offer some kind of free/trial tier. You can use any/all of these tools personally, as a company, or even suggest improvements (in the comments). It’s up to you.

If you find this list useful, please share it with your DevOps/SysAdmin friends on your favorite social network, or visit Morpheus Data to learn how you can 4x your application deployment.

http://www.nextbigwhat.com/devops-sysadmin-tools-resources-297/?_utm_source=1-2-2

ls-httpd

ls-httpd utility for WebServer Logs is very handy.

ls-httpd type count|time [log_file]
  • ls-httpd url 1000
    will find top URLs in the last 1000 access log entries
  • ls-httpd ip 1000
    will find top IPs in the last 1000 access log entries
  • ls-httpd agent 1000
    will find top user agents in the last 1000 access log entries
  • ls-httpd url 17:
    will find top URLs from 17:00:00 to 17:59:59
  • ls-httpd url 17:2
    will find top URLs from 17:20:00 to 17:29:59
  • ls-httpd url 17
    will find top URLs in the last 17 access log entries 🙂

Reference and Download:
https://github.com/zyxware/misc-utils/blob/master/ls-httpd/ls-httpd

Watchman Utility Linux

Watchman watches files and directories for changes and triggers actions when specific changes are noted.

  • Watchman can recursively watch one or more directory trees (we call them roots).
  • Watchman does not follow symlinks. It knows they exist, but they show up the same as any other file in its reporting.
  • Watchman waits for a root to settle down before it will start to trigger notifications or command execution.
  • Watchman is conservative, preferring to err on the side of caution; it considers files to be freshly changed when you start to watch them or when it is unsure.
  • You can query a root for file changes since you last checked, or the current state of the tree
  • You can subscribe to file changes that occur in a root

Reference:
https://facebook.github.io/watchman/

How to block network traffic by country on Linux

As a system admin who maintains production Linux servers, there are circumstances where you need to selectively block or allow network traffic based on geographic locations. For example, you are experiencing denial-of-service attacks mostly originating from IP addresses registered with a particular country. In other cases, you want to block SSH logins from unknown foreign countries for security reasons. Or your company has a distribution right to online videos, which allows it to legally stream to particular countries only. Or you need to prevent any local host from uploading documents to any non-US remote cloud storage due to geo-restriction company policies.

Instructions and more details from this site:

http://xmodulo.com/block-network-traffic-by-country-linux.html