AIDE (Advanced Intrusion Detection Environment, [eyd]) is a file and directory integrity checker. It creates a database from the regular expression rules that it finds from the config file(s). Once this database is initialized it can be used to verify…
If you have a central syslog environment which supports TLS/SSL (Splunk, vRealize LogInsight, RSyslog) might be appropriate to encrypt your logging output to these destinations.
BIND 9 has evolved to be a very flexible, full-featured DNS system. Whatever your application is, BIND 9 probably has the required features. As the first, oldest, and most commonly deployed solution, there are more network engineers who are already…
Following section provides several options to harden linux Debian system.
The OpenSSL Project develops and maintains the OpenSSL software – a robust, commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication. The project’s technical decision making is managed by the OpenSSL Technical Committee (OTC) and the project governance is managed…
OpenDKIM is an open source implementation of the DKIM (Domain Keys Identified Mail) sender authentication system proposed by the E-mail Signing Technology Group (ESTG), now standardized by the IETF (RFC6376). It also includes implementations of the RFC5617) Vouch By Reference…
SPF is an e-mail anti-forgery technology the enables domain owners to list, in the Domain Name Service (DNS), authorized sources of mail from their domains. It enables mail receivers to reject mail that does not come from authorized sources. This…
amavisd-new is a high-performance interface between mailer (MTA) and content checkers: virus scanners, and/or SpamAssassin. It is written in Perl for maintainability, without paying a significant price for speed. It talks to MTA via (E)SMTP or LMTP, or by using…
OpenDMARC is an open source implementation of the Domain-based Message Authentication, Reporting and Conformance (DMARC) specification. DMARC is a policy for mail transfer, which is already supported by some common mail providers. It depends on Sender Policy Framework and DKIM.…
Postgrey is a Postfix policy server implementing greylisting. When a request for delivery of a mail is received by Postfix via SMTP, the triplet CLIENT_IP / SENDER / RECIPIENT is built. If it is the first time that this triplet…
Puppet is the most powerful configuration management tool in the solar system. It’s the engine that drives your compliance, baseline, drift remediation, and deployment needs. It has always been and always will be open source, with freely downloadable operating system-specific…
MariaDB Server is one of the most popular open source relational databases. It’s made by the original developers of MySQL and guaranteed to stay open source. It is part of most cloud offerings and the default in most Linux distributions.…