Highest Voted 'security' Questions - Server Fault Stack Exchange

2448

votes

31 answers

Our security auditor is an idiot. How do I give him the information he wants?

A security auditor for our servers has demanded the following within two weeks: A list of current usernames and plain-text passwords for all user accounts on all servers A list of all password changes for the past six months, again in plain-text A…

security pci-dss

asked Jul 22 '11 at 22:44

Smudge

24,039
15
57
76

623

votes

13 answers

How do I deal with a compromised server?

This is a Canonical Question about Server Security - Responding to Breach Events (Hacking) See Also: Tips for Securing a LAMP Server Reinstall after a Root Compromise? Canonical Version I suspect that one or more of my servers is compromised…

hacking security

asked Jan 02 '11 at 21:31

gunwin

6,330
3
18
22

378

votes

21 answers

How do you search for backdoors from the previous IT person?

We all know it happens. A bitter old IT guy leaves a backdoor into the system and network in order to have fun with the new guys and show the company how bad things are without him. I've never personally experienced this. The most I've experienced…

security

asked Aug 18 '10 at 15:04

Jason Berg

18,954
6
38
55

359

votes

6 answers

What permissions should my website files/folders have on a Linux webserver?

This is a Canonical Question about File Permissions on a Linux web server. I have a Linux web server running Apache2 that hosts several websites. Each website has its own folder in…

linux apache-2.2 security web-server permissions

asked Feb 06 '12 at 01:50

Nic

13,025
16
59
102

203

votes

9 answers

Heartbleed: What is it and what are options to mitigate it?

This is a Canonical Question about understanding and remediating the Heartbleed security issue. What exactly is CVE-2014-0160 AKA "Heartbleed"? What is the cause, what OSs and versions of OpenSSL are vulnerable, what are the symptoms, are there…

security openssl heartbleed

asked Apr 08 '14 at 00:26

Jacob

9,114
4
44
56

197

votes

3 answers

Possible to change email address in keypair?

I've created an RSA keypair that I used for SSH, and it includes my email address. (At the end of the public key.) I've now changed my email address. Is it possible to change the email address on the key, or is it part of the key and I would have to…

security rsa

asked Sep 07 '11 at 23:12

Ram Rachum

5,011
6
33
44

196

votes

22 answers

Is it normal to get hundreds of break-in attempts per day?

I just checked my server's /var/log/auth.log and found that I'm getting over 500 failed password/break-in attempt notifications per day! My site is small, and its URL is obscure. Is this normal? Should I be taking any measures?

linux security ssh firewall

asked Mar 08 '11 at 11:26

Kyle Cureau

1,537
3
11
15

185

votes

5 answers

I am under DDoS. What can I do?

This is a Canonical Question about DoS and DDoS mitigation. I found a massive traffic spike on a website that I host today; I am getting thousands of connections a second and I see I'm using all 100Mbps of my available bandwidth. Nobody can…

security ddos

asked Aug 19 '13 at 09:14

Falcon Momot

24,975
13
61
92

184

votes

14 answers

How to view all ssl certificates in a bundle?

I have a certificate bundle .crt file. doing openssl x509 -in bundle.crt -text -noout only shows the root certificate. how do i see all the other certificates?

ubuntu security ssl ssl-certificate openssl

asked Apr 23 '14 at 18:15

pdeva

2,327
5
17
15

139

votes

4 answers

How to handle security updates within Docker containers?

When deploying applications onto servers, there is typically a separation between what the application bundles with itself and what it expects from the platform (operating system and installed packages) to provide. One point of this is that the…

linux security redhat docker containers

asked Jul 08 '14 at 21:54

Markus Miller

1,914
3
15
15

130

votes

4 answers

How to check if an RSA public / private key pair match

I have two files, id_rsa and id_rsa.pub. What command can be used to validate if they are a valid pair?

linux security ssh rsa command

asked Sep 11 '12 at 16:24

Ryan

5,341
21
71
87

123

votes

7 answers

How does CTRL-ALT-DEL to log in make Windows more secure?

When logging into Windows, it says on that page that CTRL-ALT-DEL somehow makes Windows more secure. I have never been able to figure a mechanism where having to press some specific key combination before logging in makes the system more secure. I…

windows security

asked May 02 '09 at 00:51

Eddie

11,332
8
36
48

120

votes

8 answers

How can I implement ansible with per-host passwords, securely?

I would like to use ansible to manage a group of existing servers. I have created an ansible_hosts file, and tested successfully (with the -K option) with commands that only target a single host ansible -i ansible_hosts host1 --sudo -K # + commands…

security sudo ansible

asked Dec 09 '13 at 11:49

supervacuo

1,403
2
11
10

114

votes

7 answers

REJECT vs DROP when using iptables

Is there any reason why I would want to have iptables -A INPUT -j REJECT instead of iptables -A INPUT -j DROP

linux security firewall iptables

asked Jul 04 '10 at 09:49

Mike B

11,570
42
106
165

108

votes

20 answers

Why should I firewall servers?

PLEASE NOTE: I'm not interested in making this into a flame war! I understand that many people have strongly-held beliefs about this subject, in no small part because they've put a lot of effort into their firewalling solutions, and also because…

security firewall

asked Nov 12 '10 at 21:11

Ernie

5,324
6
30
37

Questions tagged [security]