Category Archives: Security

How to disable SSL v3 for Microsoft IIS Server?

Due to the recent POODLE (Padding Oracle On Downgraded Legacy Encryption) SSLv3 vulnerability discovery, you may want to disable it to protect you and your visitors against this exploit. Here is the procedure for Windows Server/IIS. Note that older/obsolete browsers are not implementing TLS, shame on users for not doing their updates then! 1. Open… Read More »

Linux : pam_fprintd.so: cannot open shared object file

Have you recently noticed the following error message in  /var/log/secure with RHEL/CentOS 6? PAM unable to dlopen(/lib64/security/pam_fprintd.so): /lib64/security/pam_fprintd.so: cannot open shared object file: No such file or directory PAM adding faulty module: /lib64/security/pam_fprintd.so There is several bug reports regarding this. I think PAM is trying to load an inexistant module. You should be concerned only… Read More »

Linux : Could not get shadow information for user

Having problems connecting to your server with SSH and get this error messages in the system logs? sshd[0000]: input_userauth_request: invalid user <user> sshd[0000]: error: Could not get shadow information for <user> sshd[0000]: Failed password for invalid user <user> from 0.0.0.0 port 00000 ssh2 This mean you are missing “UsePAM” directive and/or the directive is set… Read More »

OpenVPN : service failed to start due to unresolved dependencies: set([‘bridge’])

If you setup OpenVPN to be in bridge (layer2) mode instead using NAT/routing (layer3) and then restart the server to make the change effective, you probably noticed the following error message on the Status Overview page repeatedly : service failed to start due to unresolved dependencies: set([‘bridge’]) This is because there is no existing bridge… Read More »

Bind : validating : dlv.isc.org SOA: got insecure response; parent indicates it should be secure

Have you notified this error message in the logs since bind-9.8.2 update? named: validating @0x7fc170001550: dlv.isc.org SOA: got insecure response; parent indicates it should be secure named: error (insecurity proof failed) resolving ‘dlv.isc.org/DLV/IN’: 0.0.0.0#53 This is related to the new DNSSEC feature which is now enabled by default. This might indicate the DNS resolvers/forwarders you… Read More »

ScreenOS : Upgrading firmware from CLI

Juniper ScreenOS for SSG security appliance can be managed either through the Web UI or command line interface (CLI). Upgrade through the Web interface can be endless and painful. The best way to do it is through the CLI. To accomplish this task, you’ll need : – SSH or Telnet client – TFTP server Here… Read More »

Web : Prevent image hot linking to your site

This article is about stopping theses sites who hot link your images, steal them and your bandwidth! I assume you are running Apache as Web server and have some basic knowledge of httpd.conf, htaccess and rewrite rules. You have two choice, either put the rules directly inside your httpd.conf vhost or inside an Apache configuration… Read More »

Qmail : HowTo generate a certificate for POP3-SSL and IMAP-SSL

This tutorial is about generating a SSL certificate to secure POP3 and IMAP communications between clients (MUA) and Qmail server (MTA). 1. Go to Qmail config directory :

2. Generate key :

3. Decrypt the key (get rid of the passphrase) :

4. Generate a certificate request (well known as CSR) :… Read More »