Tag Archive for hardening

Hardening Nginx SSL/TSL Configuration

Days ago I had to investigate a SSL issue in one of my customer’s servers, he installed a SSL certificate but the Nginx SSL configuration was not hardened at all, so he was getting a very poor grade while checking his site at SSL Server Test.

In the same case, if you have a grade lower than A, you should try to optimize your Nginx SSL configuration. Here are some tips to harden your Nginx SSL Configuration.
Read more

amon.so: Hijacking System Calls For Hardening PHP — Debian Lenny And Squeeze

amon.so is a library that integrates with the PHP interpreter and intercepts and manipulates the system calls provided by libc6. It replace the execve() syscall with a custom function which does extra sanity checking in order to prevent that an attacker could execute arbitrary code on the system exploiting a vulnerability in a web-based application (such as a bugged cms). It’s open-source software released under the terms of the GPL license and compatible with PHP running as a CGI process or Apache’s DSO module. The official website is http://www.lucaercoli.it/

For this brand new project at the moment there aren’t prebuilt packages, therefore to use it you must download the source code and compile it.

In order to install the compiler (gcc) with development libraries and header files, open a terminal and execute the following command:
Read more