Information Security

When you compile your own kernel, in order to enable support for dm-crypt, please make sure you check

Device Drivers --->
     [*] Multiple devices driver support (RAID and LVM) --->
        <*> Device mapper support
        <*> Crypt target support

Remove MySQL from network

By default, MySQL listens on port 3306. Stop it from listening on any TCP/IP port if you don't use it on network.

# vi /etc/my.cnf

Change
#skip-networking
to
skip-networking

Secure the user accounts

A default install of MySQL is somewhat lacking in security. To fix that we are going to do the following:

Install BIND

# emerge -v bind

When it finishes, here is the message: 

SANS posts daily security tip to remind users on various security aspect. Nice short paragraphs.

http://www.sans.org/tip_of_the_day.php

References:

US-CERT Securing Web Browser Information
http://www.us-cert.gov/reading_room/securing_browser/browser_security.html

• IPTables HOWTO for CentoOS
• How to use iptables against SSH attacks

Secure Firefox With Seven Key Add-Ons - With more and more mobile workers accessing your network from outside the perimeter it's time to consider Firefox and these seven add-ons to keep them safe. [Enterprise Networking Planet Security]

This is a great article for secure browsing via Firefox. Highly recommended.

ioctl: LOOP_CLR_FD: Device or resource busy

When we try to close a LUKS partition using "losetup -d /dev/loopX", we often get this error message "ioctl: LOOP_CLR_FD: Device or resource busy".

Here are a few things to try or check:

This article tells it pretty clearly:

http://www.cyberciti.biz/tips/postfix-smtp-ssl-certificate-csr-installat...

Here are steps to install the digital SSL certificate on Qmail server: