APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed
A strangely compromised Linux box First, there was no attempt to hide any evidence. I could see in wtmp and the secure logs that he had logged in, attained su status, and created a new su user for himself. He then changed root's password.

Title Date Comments
Mac OS X 'rootpipe' is not a backdoor   2015 04 
- An exploit that requires a local login is not a back door. It's not even an open safe. Most of us have nothing to fear. -
Spotting Click Bombing with Google Analytics   2015 04 
- Here are two simple Analytics report that could help you spot click bombing and identify the source -
Someone is click bombing me   2015 04 
- If someone is trying to damage you, here's how to track them down and stop them -
Are A/V vendors really this clueless?   2015 04  2015/04/15 TonyLawrence
- This botnet infected an additional 128,000 new computers each month over the past half year and the A/V folks couldn't stop it? -
Patch fixes sudo escalation flaw   2015 04 
- Yosemite 10.10.3 patches a local exploit that elevates an ordinary user to root privileges. Upgrade now and do not run as an administrator account. -
Kerio Connect DSN breaks DMARC   2015 01  2015/01/20 TonyLawrence
- Kerio Connect DSN breaks DMARC due to use of hostname as sending domain -
Renewing Kerio Control SSL Certificates   2015 01 
- Renewing Kerio Control SSL Certificates does have some pitfalls. By default, Kerio Control ships with several predefined SSL certificates which are used for specific purposes. There's a "Default", one for Reverse Proxy, one for Local Authority and one for VPN. -
Upgrading from software Kerio Control to the hardware version   2015 01 
- Upgrading from software Kerio Control to the hardware version is not difficult -
Help protect your mail domain with DMARC   2014 12 
- Although not widely implemented, DMARC can help protect your domain -
Hassle free SSL/TLS?   2014 12 
- Hassle free SSL/TLS? Let’s Encrypt: Delivering SSL/TLS Everywhere -
Is your password safe?   2014 12  2014/12/01 TonyLawrence
- Is your password safe? Kasperksy may not think so even if other sites say it is. -
Hacked at my own site   2014 11 
- Well, not really hacked but a password exposed and that's pretty bad! -
Monitoring Kerio Connect for suspicious activity   2013 07 
- If you suspect that user's email has been compromised, here is a script that can help. -
Packet Dump in Kerio Control   2013 07 
- Packet Dump used to be a hidden option in Kerio Control and you needed ssh to get the logs or even to remove them. That's no longer the case.` -
IPS in Kerio Control   2013 07 
- You may never have even looked at IPS in Kerio Control or ever need to. It's there when you need it, though. -
DNS Forwarding in Kerio Control   2013 07 
- DNS Forwarding in Kerio Control can be pretty powerful stuff. Learn its ins and out here. -
Who's been reading my email?   2013 07  2013/07/02 DaveGillam
- The boss noticed that some emails he did not read were marked as read - who was responsible? -
Important changes coming in Kerio Control   2013 06  2013/09/21 TonyLawrence
- The 8.1 release of Kerio Control contains a number of important new features. Some require a bit of explanation. -
Clicky Analytics for your website   2013 09 
- Clicky Analytics offers some advantages over Google Analytics and can be used alongside too. -
Samepage - Redefining how people create and share information
More about Cloudflare   2013 08 
- CloudFlare should now be fully active on this site. Visitors should only see speedups in page loads and no adverse affects. -
Expectations of privacy - time to shut it down?   2013 08 
- Groklaw shuts down, the NSA spying gets worse. Is this Orwellian or just business as usual? -
Basic software firewall introduction for home users   2013 08 
- You almost certainly have a software firewall on your Windows or Mac computer. You also probably have a hardware firewall. Understanding just a little bit about them can save you trouble. -
Using SCO Unix as a firewall   2013 07 
- Given the current cost of hardware and the availability of Linux software, why on earth would you want to run a firewall on a production server? -
Websockets and Kerio Control   2013 06 
- How to set your Kerio Control proxy to work with websockets -
Kerio Control Connection Limit Reached Alert   2013 06 
- While this alert might indicate suspicious activity, it might just be something simple that you forgot about. -
Script to block DOS attacks   2013 06  2013/06/03 TonyLawrence
- People steal content. If you run a website, you almost certainly know that; here is a simple script to block annoying abusers and possibly stop a little theft, too. -
Wireshark 101   2013 05  2013/05/26 TonyLawrence
- Silly me. I really should have started using Wireshark long before this! -
Kerio Control with multiple Internet Interfaces   2012 11  2014/01/24 basit
- If you have more than one Internet connection, Kerio Control can configure and use these in different ways. Learn how here. -
Simple debugging with Kerio Control   2012 11 
- An easy way to use Control as a network sniffer by creating useless rules and adding Accounting logging. -
A Verizon FIOS STB and a Kerio Control router   2012 11  2013/01/19 anonymous
- Verizon provides a router that is needed for their Video on Demand and other TV services to work. How can we use a Kerio Control box with that? -
Examining Kerio Control Traffic Rules   2012 11  2012/11/08 TonyLawrence
- A simple Perl script helps display Kerio Control traffic rules. -
Should I buy the Kerio Control Appliance or run the software version?   2012 10 
- Kerio offers its Control firewall in both software and hardware versions. Which should you choose? -
Troubleshooting Kerio Control installation   2012 10 
- Setting up Kerio control is usually very easy. If you do experience problems, this guide can help. -
Kerio Operator in a separate subnet behind Control Firewall   2012 09  2013/06/14 TonyLawrence
- Installing Kerio Operator in a private subnet that is not the same as your office LAN network requires some special firewall rules. -
Kerio Control Require3WayHandshake dropping packets   2012 09  2012/10/24 NickBarron
- A Kerio Control 3110 replaces an old SonicWall. Immediately we saw problems with dropped packets: packet dropped: 3-way handshake not completed -
How to find password hacks in your Kerio Mailserver log   2012 08 
- If a hacker can guess a password for a mail user on your system, they can send email that will appear to be from a legitimate user. Here's how to find and prevent such use. -
Avast Free Antivirus for Mac   2012 05  2012/05/30 NickBarron
- Will someone please make decent malware/antivirus protection for Macs? I'd hope that Apple would be smart enough to do that itself, but so far they seem uninterested and that leaves me feeling worried. -
Why you should let me sell you a new firewall   2012 05  2012/05/20 TonyLawrence
- I know - your current firewall is working fine. Or so you think. You could be right about that, but let me go over a few reasons why you might want to consider changing that firewall now. -
Kerio Control Rip and Replace   2012 05  2014/07/10 TonyLawrence
- I tore out a perfectly good Astaro Firewall and replaced it with a Kerio Control box. The Astaro was only two years old and was working fine, but tearing it out made both me and my customer very happy. Read on to learn why. -
Kerio Control Hardware Appliance firewall   2012 05  2012/05/22 TonyLawrence
- I got to configure two new Kerio Control hardware appliances this week. Learn what's different about these boxes compared to the software versions. -
A Kerio Firewall transplant causes mail problems   2012 04  2012/04/06 TonyLawrence
- Moving a Kerio Control firewall to new hardware shouldn't be any trouble at all. In fact, it was not, but some red herrings led me to think that something had gone mysteriously wrong. -
Understanding Kerio Control Firewall Licensing   2012 04  2014/06/17 TonyLawrence
- How many user licenses will your Kerio Control firewall require? The answer isn't as simple as it was before, but the current licensing does offer more flexibility. -
Misconfigured router causes open SMTP relay   2012 03  2012/03/10 NickBarron
- The last thing you want is an active mailserver acting as an open relay. Learn how a misconfigured router caused that on an innocent Kerio server. -
Book Review - Michal Zalewski's 'The Tangled Web'   2011 11  2011/11/12 TonyLawrence
- We will not have ventured very far into the Internet forest before we realize that our 'crack team' of web browsers is anything but. Most of them can't seem to tell a squirrel from a poisonous snake. When they do decide to point their weapons at something threatening, we had better duck ourselves, because their aim is atrociously bad. Suspicious looking miscreants appear at the edges of our trail and beckon us to follow them into the dark woods; our guides lay down their weapons and, with beaming grins, trot off never to be seen again! -
Exploring Apple Document versions   2011 11 
- When I made the switch, I of course had files under the old account. Some were things I knew I'd need immediately, so I copied them to the new account and changed permissions. Others were things I might need, but then again I might not. What to do about those? -
Can Online Services Be Secure?   2011 08  2011/08/22 Ralph
- Recent data theft disasters have shown that it is not enough to operate a "secure server" and leave all customer's information unencrypted on this server. Because if you think your secure server is invincible, all your customer's data is at risk, the moment it turns out that the secure server is not as secure as you thought. -
Advantages of Kerio Control Firewall   2011 07 
- As this customer actually wanted the appliance version, he asked about hardware replacement policies, extended warranties and wondered if he should buy two -
Using fail2ban with Kerio Connect mailserver   2011 06  2014/01/05 TonyLawrence
- Fail2ban is fussy about dates in log files; Kerio's security log does not meet its standards -
Helping my sister-in-law with Gmail   2011 06  2011/06/02 TonyLawrence
- I'd rather send pictures or a move than take control of their computer. They can refer back to what I sent over and over again. -
Sophos free anti-virus for Mac   2011 05  2011/05/23 TonyLawrence
- Although the main threat to Macs is trojans and malware, not viruses, the common man doesn't distinguish these - they are all the same to most folks. -
Kerio Connect Mailserver
A SCO Openserver to Red Hat Linux Conversion   2011 04  2011/04/02 TonyLawrence
- A detailed history of a SCO to Linux Conversion - including desktop users. -
Cisco PIX interferes with TLS (encrypted) Email   2010 10  2010/12/09 TonyLawrence
- A PIX firewall with the Mailguard feature turned on may interfere with encryption of SMTP traffic -
Winroute Firewall StaR reporting   2010 04 
- Most low and medium end firewalls offer very little in the way of reporting - often nothing more than raw logs (and even those may be difficult to access). If they do offer anything more, it's probably extra cost. -
Winroute Firewall Advances   2010 03  2010/04/02 TonyLawrence
- Some of my readers and clients know that I used to sell Fortinet firewalls. I stopped doing that several years ago because I found their support (for both me and my customers) to be unacceptably poor. The products themselves worked well and were reasonably priced, but support was not good and because of lousy documentation, support was often needed. -
Off we go into the wide blue yonder   2010 03 
- It seems like everyone says 'move to the cloud', but there are questions you need to ask before you do that. -
MacScan   2010 03  2010/03/26 TonyLawrence
- There's a bounty on your Mac. It isn't much money, but it's what the market pays.. You should be pleased that you invested wisely - it seems that the going rate for Windows infections is much less. -
Questions about the new MA data security law   2010 03  2010/03/03 TonyLawrence
- New requirements for the protection of personal data by businesses are confusing at best. -
New Mass. Data Security Laws   2010 02  2010/03/02 TonyLawrence
- New security requirements could affect consultants as well as the business clients they serve. -
Basic TrueCrypt Usage   2010 01  2010/01/12 TonyLawrence
- People have said that they installed TrueCrypt, but have no idea what to do next. OK, maybe the interface isn't all that user friendly. -

More Security articles

Have you tried our Tests?