Browsed by
Category: Security

.NET CryptographicException “Keyset does not exist”

.NET CryptographicException “Keyset does not exist”

Came across this error today when updating a new certificate used in a WCF service for digital signatures. Turns out the solution, as always, was pretty simple: give correct permissions to the private key file. Open the certificate manager and locate the correct certificate. Right click and navigate to: All Tasks -> Manage Private Keys. Change the file permissions so the IIS user can read. Read more on stackoverflow.com.

PuTTY known_hosts

PuTTY known_hosts

Where does putty store it’s known_hosts? I asked myself this question today after battling a git extensions bug where you can’t type in the console window and as a result can’t add the host to the known hosts. The answer: HKEY_CURRENT_USER\SoftWare\SimonTatham\PuTTY\SshHostKeys To manually add hosts, use plink. plink.exe yourservername Hope it helps you.

RansomFree by cybereason

RansomFree by cybereason

I found a neat little security program to protect against ransom-ware. It’s called RansomFree and is developed by a company called cybereason. Download the application here:¬†https://ransomfree.cybereason.com/. You can view a demo of the application in action on their site. Installation That’s it, it will run in the background monitoring for ransom-ware. You’ll notice some strange files on your root directory. RansomFree needs these to monitor for malware activity. There is an option to disable this if you don’t want those…

Read More Read More

Allow linux users to login using ldap

Allow linux users to login using ldap

To enable LDAP authentication, we need to install the nslcd package. When configured properly this will allow us to add users and have them authenticate via LDAP. Local users will still be able to login using a local password, think of it as a fall through mechanism. apt-get install nslcd The installer will ask you some questions. LDAP URL: usually something like ldap://mycompany.com LDAP root to search in: usually something like: DC=mycompany,DC=com, but you could put a specific container/group if…

Read More Read More

Dell DRAC SSL Error when using console

Dell DRAC SSL Error when using console

When using DRAC¬†to connect to the console you get the following error. Error when reading from SSL socket connection This error also appears after every java update. How to fix this? Navigate to the following directories (your JRE version can be different): C:\Program Files\Java\jre1.8.0_111\lib\security\java.security C:\Program Files (x86)\Java\jre1.8.0_111\lib\security\java.security Open the 2 files and comment out these lines (use # in front of the line): jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768 Also make sure the…

Read More Read More

OpenSSL create certificate request

OpenSSL create certificate request

Execute this command from a terminal/command window to generate a new private key and a new certificate signing request (csr). openssl req -new -newkey rsa:4096 -nodes -keyout yourdomain.key -out yourdomain.csr -sha256 It will ask you some questions Country Name (2 letter code) [AU]:BE State or Province Name (full name) [Some-State]: Antwerpen Locality Name (eg, city) []: Antwerpen Organization Name (eg, company) [Internet Widgits Pty Ltd]: My Company Name Organizational Unit Name (eg, section) []: Department X Common Name (e.g. server…

Read More Read More

Protecting GRUB

Protecting GRUB

I stumbled across this neat “little” security tool that runs a bunch of checks on your system and warns if any potentials problems are detected. It is called Lynis and on arch you can install it by executing: pacman -S lynis then lynis audit system To start an audit of your system. It told me a number of things, but one caught my attention: “GRUB password protection”. Now why is this important? Well you could restrict users from booting certain…

Read More Read More

Use reflector to update and order your mirrorlist

Use reflector to update and order your mirrorlist

I came across a neat little program that ranks your pacman mirrorlist by speed and also updates it with the most recent version. Install: sudo pacman -S reflector Usage example: sudo reflector –sort rate –save /etc/pacman.d/mirrorlist -c “Belgium” -c “Netherlands” -c “France” -c “Germany” -f 5 -l 5 -p https This will update my mirrorlist and rank by speed/rate for the countries Belgium, The Netherlands, France and Germany.

Arch Linux Cronie: PAM unable to dlopen…

Arch Linux Cronie: PAM unable to dlopen…

When trying to find out why cronie didn’t execute its tasks any more, I came across this error while looking at its status messages: systemctl status cronie.service A red error appeared: PAM unable to dlopen(/usr/lib/security/pam_unix.so) Turns out that after an update you have to restart cronie manually. systemctl restart cronie