Security#
Network#
- Fail2banPythonbrute-force protection
Scans log files and bans IPs that show the malicious signs – too many password failures, seeking for exploits, etc
- nftablesCfirewall
Administration tool for packet filtering and classification
- OpenSSHCsecure services
Free SSH protocol suite providing encryption for network services like remote login or remote file transfers
- WireGuardCsecure tunnel
Extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography
Virtualization#
- FirejailCsandbox
SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities
- DockerGoapplication container
Run applications securely isolated in a container, packaged with all its dependencies and libraries
- LXCCsystem container
Offers an environment as close as possible to the one you’d get from a VM but without the overhead that comes with running a separate kernel and simulating all the hardware
Web#
See also
HTTP headers#
- Content Security Policy (CSP)
Mechanism by which web developers can control the resources which a particular page can fetch or execute, as well as a number of security-relevant policy decisions
- X-Content-Type-Options
Require checking of a response’s Content-Type header against the destination of a request
Further reading#
OWASP - Free and open software security community