• Making Full Use Of dig In Linux

In the context of risk management, the single loss expectancy is an estimate of the monetary damage to an organization from a specific instance of realization of a risk.

• Bypass WAF Cookbook

In the context of risk management, the annual loss expectancy is an estimate of the monetary damage to the organization, from the realization of risks, over the course of one year. Calculation of ALE happens during a risk assessment.

These instructions will allow you to run the ancient 3.6 version of Firefox on a recent Ubuntu installation, namely 15.04, but it could apply to versions of Debian, Ubuntu and Linux Mint released close to 15.04.

• Secure Server Deployments in Hostile Territory Part 1 and Part 2.
• AWS Security Best Practices
• Intro to Security by Design

Example script:

mysql   --silent \
        --skip-column-names \
        --user mysqldumper \
        --execute 'SELECT User, Host from mysql.user' | \
        while read User Host; do 
            mysql --user mysqldumper --execute "SHOW GRANTS FOR '$User'@'$Host'"; 
            echo "==========================="; 
        done

The mysqldumper user only requires read permissions on the databases.

Sakila is a sample database provided by MySQL, meant to be used in tests and documentation examples. This page lists some example queries against that database.

Get a non-normalized selection of actors and films in which they played:

SELECT  actor.first_name, 
        actor.last_name, 
        film.title 
FROM actor, film, film_actor 
WHERE film_actor.actor_id = actor.actor_id 
AND film_actor.film_id = film.film_id;

Get the same result with double INNER JOIN:

SELECT actor.first_name, actor.last_name, film.title 
FROM film_actor 
INNER JOIN actor ON film_actor.actor_id = actor.actor_id 
INNER JOIN film ON film_actor.film_id = film.film_id;

• A useful script that discovers the expiry date for a given certificate: ssl-expiry-date. At some point I slightly modified this script to read a Bind DNS zone file and check each A record for SSL Expiry, for the purpose of discovering which subdomains were using a wildcard SSL certificate. I should publish that somewhere some day...

• A very clear explanation of SSL encryption, not specific to OpenSSL, but it uses OpenSSL for all its examples: Secure your website with SSL encryption.

Recently, one of my BackupPC clients running CentOS failed to backup, with the contents of the host log being:

    2015-06-10 01:40:10 incr backup started back to 2015-05-16 08:56:42 (backup #600) for directory /
    2015-06-10 21:40:18 Aborting backup up after signal ALRM
    2015-06-10 21:40:18 Got fatal error during xfer (fileListReceive failed)

...and the last bad XferLOG containing:

    fileListReceive() failed

This happened a couple of times in a row, and the interval between the start time of the backup and the failure was consistently 20 hours. While checking, I noticed that an rsync process started on the client by BackupPC was running for about a week. I did an strace -p <PID> on the process ID of rsync and noticed that it was trying to stat an old NFS export, mounted from a server that no longer exists.

Although there are other ways to fix this, it was OK for this host to be rebooted at the time, problem solved.