Security Archives | Page 4 of 4 | Animated Creativity

Linux capabilities for a single binary: setcap cap_net_bind_service= /usr/local/bin/myapp without running as root

August 10, 2024 by

Tux Linux mascot sticker on a blue ice tray — photo by Real Tough Candy on Pexels

The “I want my Go binary to bind port 80 without running as root” problem has three solutions of varying terribleness:

Run the whole thing as root. The traditional answer. Catastrophic if the binary has a single bug — game

…

auditd rules for a small server: the 12 rules that catch real intrusions without drowning you in noise

August 2, 2024 by

Close-up of source code on a dark monitor — photo by Pixabay on Pexels

The first time I enabled auditd with the default rules on a small VPS, /var/log/audit/audit.log grew to 2 GB in eight hours and I watched the disk fill in real time. The default ruleset is built for compliance audits — …

Rotating WordPress salts as incident response: the step everyone skips

July 23, 2024 by admin

Close-up of a metal combination lock with rotating numeric dials — visual metaphor for rotating WordPress salts to a new secret combination (photo: Felix Moeller / Pexels)

You’ve cleaned the malware files, deleted the backdoor admin accounts, rotated everyone’s password. The site is fine, you’re fine. Three weeks later someone logs in with a session cookie they grabbed during the compromise window and creates a fresh admin …

PF firewall on macOS: writing a tiny pf.conf to block outbound traffic from one specific app and ignore everything else

June 7, 2024 by admin

You installed a beta of some app. It’s slow, the UI’s weird, and Activity Monitor shows it making outbound network calls every two seconds — telemetry probably, or analytics, or who-knows-what. You’d uninstall it but you actually need the app …