Category Archives: Security

Linux : Port forwarding with IPtables

Need to forward a custom port to an existing port on your Linux box? Simply use the following command as root :

iptables -t nat -I PREROUTING --src 0/0 --dst 0.0.0.0/0 -p tcp --dport <port-to-forward> -j REDIRECT --to-ports <destination-port>

1	iptables -t nat -I PREROUTING --src 0/0 --dst 0.0.0.0/0 -p tcp --dport <port-to-forward> -j REDIRECT --to-ports <destination-port>

Example : Assuming you want to forward port 1025 to port 587 :

iptables -t nat -I PREROUTING --src 0/0 --dst 0.0.0.0/0 -p tcp --dport 1025 -j REDIRECT --to-ports 587

1	iptables -t nat -I PREROUTING --src 0/0 --dst 0.0.0.0/0 -p tcp --dport 1025 -j REDIRECT --to-ports 587

The command above won’t survive to reboot, see the configuration below to enter in the IPTables script :… Read More »

Windows : How to enable multiple server profile on OpenVPN client

As a long time OpenVPN user, the major annoyance I faced with this software is obviously the inflexible behaviour of the Windows client, which is just fine if you are running/connecting to a remote server. However, if you are actively managing thousand servers and networks, you may end up at some point having the need to… Read More »

Mac : OpenVPN JSONDialog: Error running jsondialog

Have you encountered the following error trying to connect to OpenVPN server? JSONDialog: Error running jsondialog, status=(5, [], [‘task_for_pid(): 0x5’]), stdout=[], I have observed the following error message under the following circumstances : Operating system : Mac OSX El Capitan 10.11 OpenVPN client : v2.0.18.202 or older version The problem occur because of the System… Read More »

Web : Firefox error ssl_error_weak_server_ephemeral_dh_key

Did you had the following error lately trying to open a SSL Web site with Firefox? Error ssl_error_weak_server_ephemeral_dh_key This is because the remote Web server is using the weak SSLv3 protocol. The only way to get to the site would be disabling this SSLv3 check in Firefox. However do only if you know what you… Read More »

Linux : Binary location for [/usr/bin/host] in csf.conf is either incorrect, is not installed or is not executable

The following error may occur while reloading CSF (csf -r) : *WARNING* Binary location for [HOST] [/usr/bin/host] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable *WARNING* Missing or incorrect binary locations will break csf and lfd functionality In this particular case, CSF was installed on a CentOS 7 server and there… Read More »

Linux : How to get SSL certificate data from terminal

You can get the SSL certificate informations of a local or remote site using the terminal and OpenSSL with the following command :

echo quit | openssl s_client -connect  domain.tld:443

1	echo quit \| openssl s_client -connect domain.tld:443

Linux : Error starting CSF /sbin/ifconfig (ifconfig binary location) -v does not exist!

Having such issue starting/stopping CSF on RHEL/CentOS 7? # csf -x *WARNING* URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny You have an unresolved error when starting csf: Error: /sbin/ifconfig (ifconfig binary location) -v does not exist!, at line 2510 in /usr/sbin/csf You need to restart csf successfully to… Read More »

Linux : How to open a port on RHEL/CentOS 7 firewalld?

Here is how to open a port and make it permanent with the new firewalld on RedHat/CentOS Linux 7. You can statically edit /etc/firewalld/zones/zone.conf and reload the daemon, but the right way to do is the following. 1. Open the port by specifying the proper zone, port number and protocol. Unless you do not want… Read More »

How to disable SSL v3 for Microsoft IIS Server?

Due to the recent POODLE (Padding Oracle On Downgraded Legacy Encryption) SSLv3 vulnerability discovery, you may want to disable it to protect you and your visitors against this exploit. Here is the procedure for Windows Server/IIS. Note that older/obsolete browsers are not implementing TLS, shame on users for not doing their updates then! 1. Open… Read More »

Linux : pam_fprintd.so: cannot open shared object file

Have you recently noticed the following error message in /var/log/secure with RHEL/CentOS 6? PAM unable to dlopen(/lib64/security/pam_fprintd.so): /lib64/security/pam_fprintd.so: cannot open shared object file: No such file or directory PAM adding faulty module: /lib64/security/pam_fprintd.so There is several bug reports regarding this. I think PAM is trying to load an inexistant module. You should be concerned only… Read More »