Disable recursion in Bind

Running publically facing DNS servers is often necessary in order to allow Internet resolution of your domains and services but allowing 3rd party look ups of other people’s domains and services (recursion) can create unnecessary server load and potential security problems.

Disabling recursion in BIND is involves editing the BIND configuration file (usually /etc/named.conf) and including the following configuration:

// Version obscures your BIND version information which
// protects you against attackers probing known vulnerabilities.

version “[SECURED]”;

// Optional – disables all transfers –
// slaves allowed in zone clauses

allow-transfer {”none”;};

// Optional – disable all recursive queries

allow-recursion {”none”;};
recursion no;

Once you have secured your DNS configuration restart BIND (/etc/init.d/named restart) then test that recusion is disabled by clicking here and entering your DNS server/s IP address.

Forgotten or Lost Linux Root Password

It’s inevitable that at one time, or another, a Linux sys admin will forget or lose a root password for a system they manage or that they’ll inherit a server to which the root passwords are unavailable for.

Thankfully, a Linux servers root password can be reset in a few simple steps via single-user mode.

To enter single-user mode, reboot your computer. If you use the default boot loader, GRUB, you can enter single user mode by performing the following:

  1. At the boot loader menu, use the arrow keys to highlight the installation you want to edit and type [A] to enter into append mode.
  2. You are presented with a prompt that looks similar to the following:

    grub append>
    ro root=LABEL=/

  3. Press the Spacebar once to add a blank space, then add the word single to tell GRUB to boot into single-user Linux mode. The result should look like the following:

    ro root=LABEL=/ single

  4. Press [Enter] and GRUB will boot single-user Linux mode. After it finishes loading, you will be presented with a shell prompt similar to the following: sh-2.05b#

  5. You can now change the root password by typing:

    passwd root

  6. You will be asked to re-type the password for verification. Once you are finished, the password will be changed.

You can then reboot by typing reboot at the prompt; then you can log in to root as you normally would.

Horde Webmail Security

For those using Plesk 9.x, Horde naively allows webmail logins via HTTP (in-secure) or HTTPS (secure). HTTP log-ins are not recommended as username and password information is sent in clear text across the Internet.

In the following example we’ll configure access to http://webmail.yourdomain.com to automatically re-direct to http://webmail.yourdomain.com.

NOTE: These instructions are specific to Plesk’s implementation of Horde but should work on any Horde 3.1.7 installation. Simply locate Horde’s “conf.php” file and adjust the parameters shown below.

[[email protected] /]# nano -w /etc/psa/webmail/horde/horde/conf.php Continue reading “Horde Webmail Security”