OpenLogic by Perforce’s Post

My short post about Generic bpftrace-based RCE/webshell prevention technique for critical #Linux network services. https://lnkd.in/dHuuv3pN bpftrace is a high-level tracing language and runtime for Linux based on eBPF. It supports static and dynamic tracing for both the kernel and user-space. This bpftrace script focuses on monitoring and killing certain processes based on their parent process names when they invoke execve(), the system call used to execute new programs. I've tested in against different flavours of webshells (weevly, p0wny-shell, popen), httpd CVE-2021-41773, MySQL UDF Command Execution, httpd/nginx backdoors, different vuln webapps (PHP/Java), Kafka, Zimbra, Solr to name a few. Check it out, it's just a few lines of code, the magic is done behind bpftrace. #redteam #blueteam #purplelabs #linux #offsec #defsec

Web stack is a collection of various open-source soft such as programming language of the server side, operating system, database server, and web server. The most widely used stack is called LAMP. This name is a shortening for Linux, Apache server, MySQL, and PHP (in some cases it might be Python or Perl). For security reasons, the best variant is to run various network services on separate virtual machines or systems. With such a system, that is obvious that potential attackers cannot crack lots of services. Here in this article, we will have the most helpful information about setting up a solution that can serve caching, dynamic/static content, and database by functioning on virtual machines or separate servers. #Linux #Apache #MySQL #PHP #VPS #server

https://lnkd.in/gcEecj5W New BeanHub article - How BeanHub works part1, contains the danger of processing Beancount data with sandbox #container #sandbox #security #linux #kernel #seccomp

It is a common knowledge that experienced developers can program faster than beginners. What gets missed sometimes is that experience also means that we built up libraries of solutions that can be easily ported to different situations. Consider, for example managing mysql servers on linux. Had a discussion with a client about it, not too long ago, and he was wondering how is it that it cost him so little money (i.e. time) to create a python app that will check config files on multiple servers make changes if needed, etc.. I know, right? People will complain about everything. :) I explained that having done this a bunch of times I already have modules that I can re-use. While they do need to be adjusted from one environment to another, adjustments are very minor. So, if you want to get a good night's sleep and still make sure that your mysql servers are properly configured and maintained, schedule a call with us. At BitWise MnM Inc. we like people. Promise not to bite. #software_development #database_development #ifpthenq

Good morning everyone, As I promised, I wanted to share my progress with you. While it will take some time, I am committed to keeping you updated. Topic that I covered: 1. Besic or Need of AWS. 2. Computing & Deployment & Price model and also aws-Pricing. 3. AWS Region, Availability, Local Zone, Edge Location. 5. Then come to practical, Create Instance(EC2), key pair and Terminate. 6. Create security Group, how we can attach security group to Instance. 7. Besic Understanding of Instance Type. 8. How we can create a windows instance to Windows machine. 9. How we can create Linux Instance to Linux Machine. 10. How we can create EIP(Elastic IP Address) and how to allocate and deallocate to Instance. 11. Revies os, network and Linux set to my external SSD. So this is the topic which I covered from previous days. For Today It's enough I will connect with you as soon as possible. Till then Goodluck and have a good day to you. #frontend #html #css #js #jquery #vuejs #backend #php #Laravel #database #mysql #mongodb #freelancing #creting_project #full_stack_software_developer

Hi, in case someone is interested in contributing to open source projects I have a few and looking for contributors: - An encrypted file system written in Rust that is mounted with FUSE on Linux. It can be used to create encrypted directories https://lnkd.in/dyRt8m6R - GUI for the above https://lnkd.in/djASj4Mb - And a daemon https://lnkd.in/dXm-W_Sg - Cloud file and email Sync, file Sharing, Backup and Encryption solution written in Rust https://lnkd.in/dgAjQ2A7 - Distributed filesystem written in Rust. Intention is to be a learning project for the concepts and implementing them https://lnkd.in/duArkHSU and an article about it https://lnkd.in/diPZdhHk - A Python encryption library implemented in Rust. It supports AEAD with AES-GCM and ChaCha20Poly1305. It uses ring crate to handle encryption https://lnkd.in/dn6SvSkR - Securely clear secrets from memory. Built on stable Rust primitives which guarantee memory is zeroed using an operation will not be 'optimized away' by the compiler https://lnkd.in/dkurHHAt

🚀Set-Up a LAMP server with DOCKER in 3 minutes🚀:- In today’s fast-paced development environment, containerization has become a crucial tool for deploying and managing applications efficiently. Docker, with its ability to encapsulate applications and their dependencies in containers, is a popular choice for many developers. One common use case is setting up a LAMP (Linux, Apache, MySQL, PHP) server, a foundation for countless web applications. Prerequisites :- 1. Docker: Ensure that Docker is installed on your system. 2. Docker Compose: Install Docker Compose, it’s a tool for defining and running multi-container Docker applications. #DevOps #Docker #Kubernetes #Python #Go #auto #automations #container #lamp #lamp #server #task #project #linux #apache #mysql #php #phpmyadmin #database #db #mac #redhat #rhel #centos #aws #Google #google #apple #deploy #data #Cloud

The recently released Red Hat Enterprise Linux 8.10 was the last release of the eighth branch in the full support phase, and on May 31 it will move to the maintenance phase, where it will focus on patches and security updates. The key features include: - RHEL 8 rpm packages are no longer publicly distributed via the CentOS Git repository and are instead available to the company's clients through a closed section of the website, where the EULA prohibiting redistribution of data is relevant. - Stabilization of the IDXD (Data Streaming Accelerator) driver to use data streaming accelerator embedded in Intel CPUs. - Full support for Intel SGX (Software Guard Extensions) creation technology. - New software versions and packets: GCC Toolset 13, LLVM Toolset 17.0.6, Rust Toolset 1.75.0, Go Toolset 1.21.0, Python 3.12, Ruby 3.3, PHP 8.2, Git 2.43.0, Git LFS 3.4.1, elfutils 0.190, valgrind 3.22, Ant 1.10.9, and cmake 3.26. - Updated both server and system packages, including nginx 1.24, samba 4.19.4, PostgreSQL 16, MariaDB 10.11, chrony 4.5, libkcapi 1.4.0, stunnel 5.71, SSG 0.1.72, Apache Kafka (librdkafka) 1.6.1, audit 3.1.2, openCryptoki 3.22.0, linuxptp 4.2, nispor 1.2.10, rteval 3.7, ipa 4.9.13, 389-ds-base 1.4.3.39, Podman 4.9. - Implementation of DEP (Data Execution Prevention), NX (No Execute) and XD (Execute Disable) memory protection mechanisms in GRUB boot loader and shim layer. Passwords are now hashed using the bcrypt algorithm. - The RHEL image builder provides the ability to specify arbitrary mount points and create different partitioning modes (auto-lvm, lvm, raw). - OpenSSL now has a defense against RSA decryption attacks based on transaction time measurement using variants of Bleichenbacher's method. - Experimental "podman build farm" command to create container images for multiple architectures at once. - IdM (Identity Management) implements the ability to authenticate users through external providers (IdPs) that support the OAuth 2 (Device Authorization Grant) protocol. - The ss utility, which is part of the iproute2 package, adds the "--bound-inactive" option to display inactive TCP network sockets that are attached to an IP address and network port (bind call is made) but are not connected (connect call) or placed in connection standby mode (listen call). - Multipathd now supports FPIN-Li (Fabric Performance Impact Notification) event handling to optimize access to NVMe drives. Added grafana-selinux package to run grafana with SELinux protection. - Continuation of experimental support for AF_XDP, XDP hardware offloading, Multipath TCP (MPTCP), MPLS (Multi-protocol Label Switching), dracut, kexec fast reboot, nispor, DAX in ext4 and xfs, systemd-resolved, accel-config, igc, OverlayFS, Stratis, NVMe/TCP, DNSSEC, GNOME on ARM64 and IBM Z systems, AMD SEV for KVM, Intel vGPU, Toolbox. #VPS #RedHat #Linux #server #AMD #OpenSSL

Azure Linux Web App and http server. The advantage of using open-source solutions is that you can access many up-to-date features (e.g., using Python and related packages to operate big data models). However, the downside is that sometimes you need to understand the system architecture a bit, not just the code itself. This article will introduce how to perform initial port configuration on an Azure Linux Web App and how to modify default values.   TOC HTTP Server and Startup Script backend example: python frontend example: node   HTTP Server and Startup Script Azure Web App (App Service) exposes ports 80/443, with 443 being the... #techcommunity #azure #microsoft https://lnkd.in/g2RAQHwt

🚀 I'm thrilled to introduce you to my application, https://lnkd.in/df-QhdZN ! 🚀 🔧 This application is hosted on a Ubuntu server fully configured by myself, designed to serve Python applications. I've implemented a LAMP web server stack (Linux, Apache, MySQL, PHP), customized to meet the specific needs of the project. I've configured the web hosting, firewall, phpMyAdmin for the database, database create, implemented SSL, and installed the necessary libraries for the application. 💡 The application is built using the Flask framework and the Pandas library, with its main purpose being the manipulation of complex data from Excel documents. Through an API, the application receives an Excel file and returns processed data in JSON format, making interaction with any frontend a breeze. 🔐 With features for login and account creation, the application allows users to securely access the admin for this application where they can receive they won API and the documentation about json data. #python #flask #pandas #LAMP #datamanagement #excel #API #webdevelopment #datamanipulation #securelogin #SQL #webhosting