Jan 15, 2015 Tag: Security

About Security

Will be updated as needed.

Updated on Oct 23, 2018

Navigate this page:



Known Weaknesses



  • Famous xkcd strip: http://xkcd.com/936/: “Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.”

Human Factors

Password solutions

Generate a temporary password:

head -c 16 /dev/urandom | base64  # ➜ i+gjOJZ95yQJdJrYPAZ78g==



  • haveged - A simple entropy daemon

  • Intel RdRand Instruction

  • Debian or Unbuntu package ‘rng-tools’:

    ➜  ~ dpkg --status rng-tools
    Package: rng-tools
    Status: install ok installed
    Priority: optional
    Section: utils
    Installed-Size: 135
    Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
    Architecture: amd64
    Version: 4-0ubuntu2.1
    Replaces: intel-rng-tools
    Provides: intel-rng-tools
    Depends: libc6 (>= 2.14), libgcrypt11 (>= 1.4.5), udev (>= 0.053) | makedev (>= 2.3.1-77)
    Conflicts: intel-rng-tools
     /etc/default/rng-tools 80e82742d3612fbcc5b2fe28d9be198e
     /etc/init.d/rng-tools 364c92343bbad3c2b6c7f080c0abe322
     /etc/logcheck/violations.ignore.d/rng-tools 7c9474cbf0b1317efd82ce1cce1c1648
     /etc/logcheck/ignore.d.server/rng-tools 7c9474cbf0b1317efd82ce1cce1c1648
    Description: Daemon to use a Hardware TRNG
     The rngd daemon acts as a bridge between a Hardware TRNG (true random number
     generator) such as the ones in some Intel/AMD/VIA chipsets, and the kernel's
     PRNG (pseudo-random number generator).
     It tests the data received from the TRNG using the FIPS 140-2 (2002-10-10)
     tests to verify that it is indeed random, and feeds the random data to the
     kernel entropy pool.
     This increases the bandwidth of the /dev/random device, from a source that
     does not depend on outside activity.  It may also improve the quality
     (entropy) of the randomness of /dev/random.
     A TRNG kernel module such as hw_random, or some other source of true
     entropy that is accessible as a device or fifo, is required to use this
     This is an unofficial version of rng-tools which has been extensively
     modified to add multithreading and a lot of new functionality.
    Original-Maintainer: Henrique de Moraes Holschuh <hmh@debian.org>


Malware scanner

  • https://malscan.readthedocs.io/

    Malscan is an intuitive and easy to use malware scanner for linux, extending ClamAV with additional scanning modes and malware signatures. It is targeted at Linux webservers, but can be used on Linux mailservers and desktops too, if you’re into that.




Data Security, Backups

Keywords: rsync, dirvish, unison, rsnapshot

Safe Systems

  • https://de.wikipedia.org/wiki/OpenBSD

    OpenBSD ist ein Betriebssystem aus der Gruppe der Unix-Derivate, das unter der BSD-Lizenz frei verfügbar ist. Es wurde 1995 durch Theo de Raadt von NetBSD, dem ersten 386BSD-basierten quelloffenen Betriebssystem, abgespalten. OpenBSD ist bekannt für das Beharren seiner Entwickler auf Quelloffenheit, freier Dokumentation, kompromissloser Stellung gegenüber Software-Lizenzen, Fokus auf Sicherheit und Korrektheit von Quelltext. Beim Maskottchen des Projekts handelt es sich um Puffy, einen Kugelfisch.

Previous topic

About Sailing

Next topic

About Sublimetext




Recent Posts

This Page