Web server tuning (apache and nginx)

Key points enable http2 & change mpm prefork to event php-fpm   Enable http2 On apache + prefork to event – https://techwombat.com/enable-http2-apache-ubuntu-16-04/ sudo add-apt-repository ppa:ondrej/apache2 sudo apt update sudo apt upgrade sudo apt install php7.0-fpm sudo a2enmod proxy_fcgi setenvif sudo a2enconf php7.0-fpm sudo a2dismod php7.0 sudo a2dismod mpm_prefork sudo a2enmod mpm_event sudo service apache2 restart sudo […]

Slow HTTP Dos Verify and mitigate

What it is https://en.wikipedia.org/wiki/Slowloris_(computer_security) Tools to check Slowloris : https://github.com/gkbrk/slowloris SlowHttpTest : https://github.com/shekyan/slowhttptest Mitigatation mod_qos apt-get update && apt-get -y install libapache2-mod-qos && a2enmod qos && /etc/init.d/apache2 restart * configuration file in /etc/apache2/mods-enabled/ mod_reqtimeout a2enmod reqtimeout && /etc/init.d/apache2 restart * configuration file in /etc/apache2/mods-enabled/

Securing apache

Some notes on securing apache.. A few key points Disable access to . Disable banner disabled PHP functions Slow dos mitigation (link) Disable access to . https://stackoverflow.com/questions/4352737/apache-configuration-regex-to-disable-access-to-files-directories-beginning-wit <filesmatch “^\.ht”> Order allow,deny Deny from all <filesmatch “^\.”> Order allow,deny Deny from all <directorymatch “^\.|\/\.”> Order allow,deny Deny from all Disable banner http://www.ducea.com/2006/06/15/apache-tips-tricks-hide-apache-software-version/ Usually found in /etc/apache/conf-enabled/security.conf […]

Installing cuckoo sandbox on Mac OS

Cuckoo sandbox is an automated malware analysis system. Its does utilize virtualization engine to isolate malware execution and analysis. You will be given a web-interface, as well as CLI tools to communicate with cuckoo, such to upload, and reviewing all reports. I’ve found a complete tutorial on this. http://advancedmalwareprotection.blogspot.com/2012/03/installing-cuckoo-on-max-os-x-lion.html Hope this would help anyone to […]

flow duplicator

Nowadays I able to play around with flow data. Flow provide detail information on network traffic, for various purpose such as network monitoring, bandwidth monitor, traffic accounting archive and for security purpose. We have configured a layer 2/3 switch to send sflow data to my monitoring server. Some visualization were done by nfsen, but, its […]