By default, the PAM configuration files in Linux allow for null or empty passwords due to the nullok feature. From the manpage,
# man pam_unix
nullok
The default action of this module is to not permit the user access to a service if their official password is blank. The nullok argument overrides this default.
Continue reading Disable null passwords 
We have all used snmp for many years to help monitor our systems and networks but most admins have been reluctant to migrate to v3 due to the perceived increase in complexity. This post will show you how to quickly and easily enable snmpv3 on your linux system to take advantage of the additional security features to support authentication and privacy.
# yum install net-snmp net-snmp-utilsContinue reading Configuring snmpv3 in Linux
As you know, Linux has a standard set of file access settings based on the concept of read, write, and execute permissions that determine who may access the file or directory in question. The most common way to set and change these permissions is to use commands like chmod, chown or chgrp. While these are powerful commands and have their place, there are occasions where it may be advantageous to fine tune the access to a file or directory. This is where file access control lists or FACLS come in.
Continue reading Linux Lab – Access Control Lists
After setting up your Chrony NTP Server and Client, we are now ready to configure authentication using randomly generated symmetric keys. This is an important option beyond the allow/deny rules within your /etc/chrony.conf file to maintain the integrity of the service.
Continue reading RHEL 8 and Chrony – Part 3
In Part 1, we discussed setting up Chrony from a client perspective. This post will show how to configure the server side and investigate some of the options available within the /etc/chrony.conf configuration file.
Install the Chrony package
Continue reading RHEL 8 and Chrony – Part 2
The Network Time Protocol or NTP is essential for synchronizing system clocks across your environment. Having a reliable and accurate time service is not only important for many different applications but for logging and auditing as well. In RHEL 8, Chrony is used for implementing NTP. In Part 1, we will review setting this service up as a client and look at the basic functionality of the chronyc command to interact with the chrony daemon, chronyd.
Continue reading RHEL 8 and Chrony – Part 1
Sometimes, due to some new specific server requirements, you will find it necessary to increase your swap space. Even if your swap partition is setup as a Logical Volume, your requirements may exceed what is available. This is where creating a new swap file is the best option. In this example, we are going to add a new 12GB swap file.
Verify the total amount of used and free physical and swap memory with the free command and the -h human-readable flag
# free -ht
total used free shared buff/cache available
Mem: 755G 321G 3.0G 62G 430G 670G
Swap: 4G 1G 3G
Total: 771G 322G 6G
Display the swap usage summary by device using swapon. Same as cat /proc/swaps
Continue reading Add a Swap File to RHEL/CentOS
Sometimes you may want to quickly block a scanning/probing IP address without having to deal directly with the Access Control Policy. This can be done in the FMC within the Events view. Go to Analysis -> Connections -> Events
Depending on volume of traffic, you may have to click ‘Edit Search‘ and look by Initiator or Responder IP. Once found, right-click on the IP address and select ‘Blacklist IP Now‘ and confirm,
Continue reading Blacklist an IP in Firepower
As PowerShell becomes the go-to utility for administrators, it is important to maintain an audit record of previously executed commands. Preserving these logs is also key when it comes to security. As an ever increasing number of network compromises are employed to use native programs to support an exploit in what is referred to as “Living off the Land” (PowerShell falls into this group), it is necessary to cache historical logs which will be indispensable during an investigation. This post will discuss the important steps to enable PowerShell logging across all your systems using Group Policy.
Cisco’s ASR1000 series of routers come in many form factors that all provide a number of different features, and options in terms of scalability. One thing common to all of the devices in this product line is that their IOS XE software that performs all of the standard routing operations for the platform is running on top of a Linux kernel. This post describes how to enter a linux shell on your router and run some basic linux commands to really get an idea of what your router has going on under the hood so to speak.
Do so at your own risk, as Cisco’s advises to only use this under their supervision of Cisco Support. This post is limited to viewing different things to get an idea of what is underlying on the system. It’s best to err on the side of caution and NOT do this on a production router, and be expecially careful to not edit/delete anything that’s vital as a mistake at this level of the router can cause major issues with any or all functions of the device.
With that being said, let’s dig in. For this demonstration I opened a shell into the RP, or the route processor of the router. The ASR1000 series routers consists of a chassis/slots/cards, which make up the physical Continue reading Logging into a Linux shell from a Cisco ASR1000 Series Router
The Network Logician 