The Shell Shock Vulnerability

The bad guys are unfortunately at it again. Today the Internet lit up with news of a new vulnerability, officially named “CVE-2014-6271,” but more widely-known as “Shell Shock,” a reference to the environment exploited, known as a shell.
The shell in question is called BASH, itself an acronym for Bourne Again SHell. Nearly all Linux servers in the world have BASH installed; it is the most common shell in use today. A shell itself is what is used to interact with the operating system via command line.

Before we proceed, you should know that all Prewebhost servers have been patched as of this writing. We identified the issue very early-on and developed the necessary solution for our environment. We are, of course, continuing to monitor the situation and will react appropriately should the need arise.

As with any security or vulnerability risk, it is important to reiterate the importance of practicing good security to the extent of your ability as an end user. Always use secure passwords (you know the drill: upper- and lowercase letters, numbers and special characters), always keep any third-party scripts (such as WordPress, Joomla, etc.) up-to-date, and always uses the latest version of any software that you utilize… because the truth is that often software is updated strictly for security patch purposes.

Should the need arise, we will update this blog post accordingly. Otherwise, stay safe out there on the Interwebs!

Secure Apache WebServer using SSL Certificates in Linux

Secure Apache WebServer using SSL Certificates in Linux

PreWebHost.com

PreWebHost.com

 

In Linux,Apache is the most widely used WebServer , will make it secure by implementing SSL Certificates. I am assuming  httpd package(i.e apache software) is already installed on the linux box.

Step 1: Install the necessary packages

[root@localhost /]# yum install mod_ssl openssl

Step 2: Generate the self signed certificate.

Using OpenSSL we will generate a self-signed certificate. If you are using this on a production server you are probably likely to want a key from Trusted Certificate Authority, but if you are just using this on a personal site or for testing purposes a self-signed certificate is fine. To create the key you will need to be root so you can either su to root or use sudo in front of the commands.

# Generate private key using below command

 [root@localhost /]# openssl genrsa  -out server.key 1024

# Now create certificate Signing Request(CSR) With Server RSA Private Key using below command

 [root@localhost /# openssl req -new -key server.key -out server.csr

# Now choose the CA to Sign Your Server’s Certificate , using below command

 [root@localhost /#openssl x509 -req -days 365 -in server.csr -signkey server.key -outserver.crt

Now we have successfully created and signed a certificate and Copy the files to the correct locations

 [root@localhost~]#cp server.crt etc/pki/tls/certs

[root@localhost~]#cp server.key etc/pki/tls/private

[root@localhost~]#cp server.csr /etc/pki/tls/private

 

Step 3: edit the ssl.conf file

[root@localhost ~]# vi /etc/httpd/conf.d/ssl.conf

 

Change the paths to match where the Key file is stored. If you’ve used the method above it will be

 SSLCertificateFile /etc/pki/tls/certs/server.crt

SSLCertificateKeyFile /etc/pki/tls/private/server.key

Save & quit the file and restart the apache serivce

 [root@localhost ~]# /etc/init.d/httpd restart

Step 4: modify the httpd.conf file

[root@localhost ~]# vi /etc/httpd/conf/httpd.conf

Save & quit and Put the html  files in /var/www/html and restart httpd service using below command :

[root@localhost html]# /etc/init.d/httpd restart

Step 4 : If your web server is running behind the firewall , then open 443 port.  Once all the steps are done , we can access the our website “https://www.prewebhost.com” using webroswer.

 

1 2 3 4