IT Security Policies For Small & Medium Enterprises

Share This: This is a repository for IT security related policy documents. AGIX is focused on helping all businesses create and apply effective IT security policies to ensure businesses are not part of the problem of the global insecurity situation but rather they become part of the solution. These documents

Read more

Preparing PostgreSQL for Confluence on CentOS 7

Share This: This article explains how to install and configure PostgreSQL for a Confluence on a CentOS 7 server.  Read the other Confluence articles on this blog to ensure your web server (if you’re using one) is configured correctly. yum install postgresql-server postgresql-contrib Next you’ll need to do the automatic

Read more

Git For Bitbucket – CentOS Installation Guide

Share This: Bitbucket from Atlasian needs a version of Git above whatever Redhat/CentOS give us. This article explains how to get the right version. You need to download and install Git manually. But don’t worry, it’s simple. You’ll probably already have Git installed. Check by issuing the command that follows.

Read more

Confluence Post Installation Setup

Share This: Once the Confluence application is installed and you can log in as the Administrator, you should consider following this document’s steps to ensure the basics are completed. We’re going to cover setting up automatic backups, corrections to the Base URL (if needed), adding a user, configuring email settings

Read more

Confluence Configuration when using an Apache SSL Reverse Proxy

Share This: This article demonstrates how to configure the Confluence “server.xml” file when using Confluence behind an Apache Reverse Proxy on “HTTPS://”. Confluence runs on Tomcat which uses the “server.xml” for its basic settings. The following is a working example of the “server.xml” file when Confluence is running behind a

Read more

Apache Confluence Reverse Proxy (SSL)

Share This: This article demonstrates how to configure an Apache server as a reverse proxy for Confluence. Confluence runs on Tomcat (out of the box) and listens on TCP port 8090 without encryption. Our goal is to listen on port 80 and redirect the connection to port 443 so our

Read more

Amazon’s AWS Pricing Scenario

Share This: Suppose you’re investigating moving some computing resources to Amazon’s AWS cloud. You will have several questions such as a) how much will it cost?, b) how do Windows licenses work?, and c) how can staff access those servers? I answers these in a simple way in the example

Read more

Restoring From Veeam Backups on Redhat/CentOS 6 & 7

Share This: This is a short HowTo explaining the process of restoring files from backups previously created with Veeam. Note that the repository must be accessible – obviously. List previous backups: veeamconfig backup list Show the list of restore points that are available to restore files from: # Where ‘BackupID’

Read more

Backup With Veeam on Redhat/CentOS 6 & 7

Share This: This is a short HowTo for configuring scheduled backups with Veeam on Redhat and CentOS 6 and 7. You will need to sign-up with Veeam for a free account to download the client. Veeam for Linux is free. What that means is that you can download it and

Read more

Australian Government Lost Its Documents. Now what?

Share This: Recently the Australian government had a garage sale and sold filing cabinets full of secret documents. The person that purchased the cabinets discovered the secret documents and passed them onto the Australian Broadcasting Corporation, the ABC. ASIO (the Australian Security Intelligence Organisation) visited the ABC to provide them

Read more

Practice Exams for IT Security

Share This: The goal of AGIX is to further the open-source philosophy and promote good security practices. It’s because of this that AGIX has created a website to assist students study for and pass IT security exams such as CompTIA Security+ and CompTIA Cyber Security Analyst. https://www.examkabam.com/ We encourage you

Read more

Chroot Apache PHP Scripts

Share This: This is possibly the single most important change you can make to your web server “vhost” to improve security to the entire server. PHP can do anything it likes to your server that the user it runs as can. In other words, it can read your “/etc/passwd” file,

Read more

Nagios Part 3 | Nagios Services, Hosts and Groups

Share This: This is a multi-part series of Nagios articles all focused on configuring a complete Nagios monitored network. Find all related articles here. Nagios monitors servers, switch and pretty much anything you like and each device must be defined in a file that Nagios looks at for guidance. That

Read more

Nagios Part 2 | Configure an SNMP CentOS 7 Client

Share This: This is a multi-part series of Nagios articles all focused on configuring a complete Nagios monitored network. Find all related articles here. I’ve written about this before but times have changed and CentOS 7 is slightly different to CentOS 6. This article explains how to configure a very

Read more

WordPress Content Repeating Its Self

Share This: If you find your WordPress content repeating its self, consider the following possibility. In this case i found the issue to be a plugin that was causing errors in javascript. The “./plugins/optimize-javascript/merged/” directory (if it exists) contains optimized JS which i’ve found to be occasionally faulty. Delete the

Read more

Securing Your MacOS Workstation

Share This: Keeping your Mac up to date is no less important than any other system. Despite popular belief, MacOS should be considered just as susceptible to malware as any other operating system. One might argue that MacOS is based on BSD/Linux and therefore inherently more secure but just because

Read more

Why Amazon Wants In To Your House

Share This: In the past we would hate the idea of anyone listening in on your personal conversations. In fact, i bet it scares you know. So why are we inviting Amazon, Google, Apple, Samsung and others into our homes to listen and watch our lives? These companies are “marketing”

Read more

Dealing with Data Exfiltrate in Business

Share This: We go to great lengths to protect company data with backups, access controls and staff training but what if someone with access tries to take intellectual property from the business computer systems for their own gain? What can you do about it? That’s the topic of this article.

Read more

Why & How To Manage Staff Internet Usage

Share This: You’ll be wishing you did this before something went wrong. My hope is that the storm hasn’t arrived and you still have time to implement a proper system to track, control and report on staff Internet use. The fact is that staff will use the Internet for whatever

Read more

Block Access to Apache by IP Requests

Share This: Sometimes a visitor will arrive at your webserver by specifying the target (your server) by IP address only. This means they will get the first default vhost. It also means they will get an SSL error (mismatching name). This article shows how you can block that with a

Read more

Include ACLs with Rsync

Share This: Rsync will not include ACLs by default. However, increasingly ACLs are in use and required to control access to the filesystem. Neglecting ACLs in the copy process will likely cause security problems. rsync -avz /source/* /destination/ To include ACL’s, use the following: rsync -aAvz /source/* /destination/

Read more

Configure OpenVPN on the pfSense Firewall

Share This: This article explains how to configure OpenVPN on pfSense as well as some hints for the client. We’re using version 2.3.2 (the current version is 2.3.3_1). OpenVPN is one of (if not the) best VPN’s available. This is according to the “Snowden” documents. Log into the pfSense portal.

Read more

Postfix & Sending From Multiple Domains & PHP

Share This: This article should be of benefit to anyone who has a php application sending emails from multiple domain names, a postfix mail server and the need to have emails properly routed depending on the sending domain name. We’re dealing with a situation where the mail server is “sending”

Read more

The Solution to Australia’s Cyber Security Threats

Share This: The cyber security threats are increasing and the solution either isn’t known or very poorly communicated to those who can actually make a difference. The later is my assumption and the topic of this article. No matter how many resources the authorities have, no matter how technologically advanced

Read more

NginX and Rate Limiting Search Bots

Share This: This article demonstrates how to rate limit Search Bots with NginX. Our objective is to allow all visitors high speeds while trying to slow down search bots. We’ll limit both kinds of traffic but our priority is to ensure real people have a nicer experience. We’ll be limiting

Read more

Using Ansible to Add a User to a Group

Share This: This is a short example article showing how you can add an existing use to an existing group. Read the other Ansible articles on this blog site for more information about how YML files are formatted. — – hosts: all sudo: yes tasks: – user: name: myusername shell:

Read more

How to Expand an LVM Volume and Filesystem

Share This: We’ve got a virtual server that’s low on disk space. The system administrator responsible for the virtual machine has expanded the disk. Now we need to expand the filesystem to include the additional disk space. TIP: There are two ways we can do this. 1) Don’t expand the

Read more

Check if your SSL certificate and Key match

Share This: This article shows how to check if your SSL key and certificate match. Why would you do this? Suppose you’ve just purchased a certificate and in the process mixed up your files OR perhaps the files aren’t named in the way the documentation suggests they are. Let’s first

Read more

Change an Active Directory password from Linux

Share This: This is how to change your Windows (Active Directory) password from a Linux system. First make sure you have “smbpasswd” installed. If not, install the “samba-common” package via YUM. The command to change your password is: smbpasswd -r dc.example.com The above specifies the domain controller that you want

Read more

Manually renew LetsEncrypt Certificates

Share This: Assuming you have used LetsEncrypt to generate (create) your SSL certificates, you can then run the following command to update those certificates. certbot renew Note that this was done with version: [root@server]# certbot –version certbot 0.14.1 You may have to restart the web server having run the above

Read more