Validate Website as Secure for Transactions with PCI DSS

PCI DSS is reference for Payment Card Industry Data Security Standard. As per Payment Card Industry Security Standard Council, this security standard was created for the organizations that holds cardholders information of Debit cards, Credit Cards, ATM, Prepaid and e-purse. PCI DSS was emerged to reduce credit card frauds by controlling cardholders data and information. PCI DSS version 2.0 must be adopted by all the organizations that holds the cardholders information till 1st January 2012. On such websites, Qualified Security Assessor [QSA] that creates a Report on Compliance run scan to find any kind of Vulnerability on Web Server.
Read more »

Issue caused by FTP Kernel module

Some days ago, i was facing a very strange issue on my network. All employee works behind the Squid Proxy server. Some of them were complaining that they are unable to list the directory in FTP connection. This was very strange for me becuase they are able to connect with FTP server, but whenver they try to list the ftp directory content it gives timeout error. I thought may be this is something issue from the Ftp server, so i tried to connect to the FTP server from our other public ip’s and i was successful to connect and list the dir/files. It means something was wrong with my Proxy Server.

Read more »

Download file from remote ftp

Scenario: Create a script to download the zipped database files from remote ftp server and import those database files to remote database server. Also do not forget to inflate the zipped files and remove them after import.

Solution:


############ Download the zipped database files ###############

/usr/bin/ncftpget -R -v -u "ftpuser" -p "password" ftp.someserver.com /home/localuser  /home/ftpuser/database.sql.zip
/usr/bin/ncftpget -R -v -u "ftpuser" -p "password" ftp.someserver.com /home/localuser  /home/ftpuser/database1.sql.zip

############ Inflate the all zip files #################3

/usr/bin/unzip /home/localuser/database.sql.zip -d /home/localuser/
/usr/bin/unzip /home/localuser/database1.sql.zip -d /home/localuser/

##### Import the sql files in database named 'database' and 'database1' on mysql server named 'mysql-server' #####

cd /var/www/html
/usr/bin/mysql -h mysql-server -u root -pPassword database < /home/localuser/database.sql
/usr/bin/mysql -h mysql-server -u root -pPassword database1 < /home/localuser/database1.sql

############# Finally Delete All zipped files from download folder ################

/bin/rm -rf /home/localuser/\*.zip

Error

Common Linux Server Log Errors

In the daily routine of a Linux Administrator, you are supposed to check the logs of your server to ensure that your servers are secure and if your servers are facing any vulnerabilitiy or errors,you can resolve the issues. Following are the common errors Linux admins find in their servers logs.

Error 1.

Mar 12 11:06:31 vps1 smbd[9165]: [2013/03/12 11:06:31, 0] passdb/pdb_get_set.c:pdb_get_group_sid(211)
Mar 12 11:06:31 vps1 smbd[9165]: pdb_get_group_sid: Failed to find Unix account for alex

Soluton:
Remove user alex from samba passwd file becuase above user account does not exist on server anymore. so run command:

# smbpasswd -x alex

To list all samba users:

# pdbedit -L

Read more »