How Can We Keep Open-Source Applications Secure?

0 Comments

The adoption of open-source software is continually on the rise, thanks to its endless benefits to modern business environments. Most companies, especially startups, prefer open-source databases to reduce the cost and time used for software development. Open-source applications also give businesses a level playing field and the freedom to leverage the latest technology without high upfront costs.

Unfortunately, like other comparable applications, open-source software has security defects. Estimates suggest that over 80% of open source software projects have security vulnerabilities (according to cpomagazine.com).

Continue readingHow Can We Keep Open-Source Applications Secure?

Is It a Best/Recommended Practice to use PAM (Pluggable Authentication Module) in SSH?

0 Comments

Problem scenario
You use Linux and want to configure SSH. Should PAM be enabled in your /etc/sshd/confifig file?

Answer
Maybe. This heavily-voted up answer on StackExchange says to not use PAM.
This external page says that it is turned off by default.
This source says PAM is (or was because it is from 2011) not desirable.

Continue reading “Is It a Best/Recommended Practice to use PAM (Pluggable Authentication Module) in SSH?”

Do Either Kernel Space or User Space Play a Role in Operating Systems Networking?

0 Comments

Question
Networking is usually very important for a Linux/Unix OS. For typical applications that use networking, do kernel space or user space play a role?

Answer
Yes, both play a role.

User space facilitates the application layer of the TCP/IP protocol suite; kernel space facilitates the network and transport layers of the TCP/IP protocol suite (this was taken from page 1181 of The Linux Programming Interface,

Continue reading “Do Either Kernel Space or User Space Play a Role in Operating Systems Networking?”

How Do You Troubleshoot the OpenVPN Issue “insufficient key material or header text not found in file”?

0 Comments

Problem scenario
You get an error message when you run openvpn. You are trying to start the client service. You get “insufficient key material or header text not found in file”. What should you do?

Possible Solution #1
Backup your client.conf file.

Find your tls-crypt.key file. If you have none, run this:

openvpn –genkey –secret /etc/openvpn/tls-crypt.key

Copy every line in the tls-crypt.key file and paste it into a particular location of the client.conf file.

Continue reading “How Do You Troubleshoot the OpenVPN Issue “insufficient key material or header text not found in file”?”

What Is the Difference between the wheel Group and the admin Group?

0 Comments

Problem scenario
You have seen Linux distributions use wheel whereas some use admin. What is the difference?

Solution
For most purposes, there is no difference.

Many RedHat distributions use wheel (per page 429 of Fedora and RedHat by Sobell).

Ubuntu uses wheel (per this posting).

To add a Linux user to a sudoers file,

Continue reading “What Is the Difference between the wheel Group and the admin Group?”

What Is the Default Format for cryptsetup?

0 Comments

Question
You ran some cryptsetup commannds. You passed no –type flag. Was the format luks1 or luks2 or something else?

Answer
luks2.

…more recent Ubuntu releases default to version 2 (“luks2”).

https://help.ubuntu.com/community/Full_Disk_Encryption_Howto_2019

As of 2022, you may want to use luks2 when you can — but do not assume you can. That is, sometimes you still need to use luks1.

Continue reading “What Is the Default Format for cryptsetup?”

Is it Adelman or Adleman?

0 Comments

Question
You know about RSA (Rivest, Shamir, Adelman) encryption. Asymmetric encryption and RSA specifically are regularly used in the I.T. industry. But when you search on the internet, you find many different spellings of Adelman (such as Adleman). Which is the correct spelling?

Answer
It is Adelman. The sources include page 648 of RHCSA/RHCE Linux Certification Study Guide Sixth Edition by Jang (McGrawHill) and this external site.

Continue reading “Is it Adelman or Adleman?”

How Do You Troubleshoot “TLS Error: TLS key negotiation failed to occur TLS handshake failed”?

0 Comments

Problem scenario
You have a Linux server with the openvpn binary command installed. You try to start the OpenVPN client service. You see this message: “TLS Error: TLS key negotiation failed to occur TLS handshake failed.”

What should you do?

Solution
Reinstall and reconfigure the OpenVPN server. Just completely start over.
You may want to try this: https://www.cyberciti.biz/faq/howto-setup-openvpn-server-on-ubuntu-linux-14-04-or-16-04-lts/

Continue reading “How Do You Troubleshoot “TLS Error: TLS key negotiation failed to occur TLS handshake failed”?”

Is It a Recommended/Best Practice to Use Email as a Component in Two Factor Authentication?

0 Comments

Problem scenario
You want to implement a secure protocol for authentication. You want there to be a password and a second factor of authentication. Can an email (being in possession of an inbox) be a factor in MFA?

Answer
Maybe.

No, according to NIST:
https://pages.nist.gov/800-63-FAQ/

But many companies do use email as a factor in multi-factor authentication.

Continue reading “Is It a Recommended/Best Practice to Use Email as a Component in Two Factor Authentication?”