After working for some time as an engineer at a very security-obsessed company I decided it would be a good exercise to note down and organise all the things I've learned both at work and in my spare time related to Linux server security. This guide will focus on Linux in a server context but many of the ideas here are applicable to other systems.
The full guide is also available on GitHub: linux-server-hardening-guide
It occurred to me recently that a lot of people probably use screen or tmux in ways that leave an easy path to privilege escalation open. For example if you start a screen session as your local user and then escalate to root inside the screen session. As soon as you do that, anyone with access to the non-root account can simply resume the screen session and immediately be root.
[read more...]S3 is really handy for server backups and at $0.023/GB/month it's incredibly cost-effective.
However the default way most people use it is to simply spray their data directly into an S3 bucket from the machine they're backing up. This works fine right up until you get hacked by someone malicious who then has the ability to
[read more...]The vim keybindings are wonderful once you get used to them.
What some people don't know is that the same keybindings are available in other programs, for example bash has a "vi mode" which can be enabled with:
set -o vi
[read more...]