How can you make sure all your system binaries and configuration files have not been compromised by an intruder? You can of course run rkhunter or AIDE on a regular base or via cron, but this is only going to show you, that a MD5 checksum has been changed.
Using git as an intrusion detection system is actually more useful than you might think. You can, for example also see what configuration has been changed or overwritten by an automated repository update or you can roll back to a previous working version of a specific apache vhost. If multiple system engineers work on the same machine, you will be able to evaluate what they have done and even make sure it was actually them.
Throughout this post series I will show you the power of git, sudo and gpg to create several layers of defence as well as a completely automated and comprehensible system documentation.
Now that you are able to create various forward or reverse SSH tunnels with lots of options and even simplify your live with
~/.ssh/config you probably also want to know how make a tunnel persistent. By persistent I mean, that it is made sure the tunnel will always run. For example, once your ssh connection times out (By server-side timeout), your tunnel should be re-established automatically.
I know there are plenty of scripts out there which try to do that somehow. Some scripts use a while loop, others encourage you to run a remote command (such as tail) to make sure you don’t run into timeout and various others. But actually, you don’t want to re-invent the wheel and stick to bullet-proof already existing solutions. So the game-changer here is AutoSSH.
autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -L 5000:localhost:3306 email@example.com
or fully configured (via
~/.ssh/config) for background usage
autossh -M 0 -f -T -N cli-mysql-tunnel
Introduction OpenVPN is a full-featured SSL VPN (virtual private network). It implements OSI layer 2 or 3 secure network extension using the SSL/TLS protocol. It is an open source software and distributed under the GNU GPL. A VPN allows you to connect securely to an insecure public network such as wifi network at the airport or hotel. VPN is also required to access your corporate or enterprise or home server resources. You can bypass the geo-blocked site and increase your privacy or safety online. This tutorial provides step-by-step instructions for configuring an OpenVPN server on Debian Linux 10 server.
A ssh server that knows who you are.
Try it (it’s harmless)