▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How to properly protect sysctl on Linux from spoofing and Syn flooding:

This configuration will be as follows:
Disable IP forwarding
Disable packet forwarding
Disable accepting ICMP redirects
Enable protection against incorrect error messages
What you need:
Linux OS
User with sudo privileges

🦑How to edit sysctl config file ?

Log into your Linux server or desktop and open a terminal window.

🦑In the terminal enter the command:

sudo nano /etc/sysctl.conf
First required parameter:
# net.ipv4.ip_forward = 1
change to:

net.ipv4.ip_forward = 0
Next line:

# net.ipv4.conf.all.send_redirects = 0
change to:

net.ipv4.conf.all.send_redirects = 0
Find the line:

# net.ipv4.conf.all.accept_redirects = 0
change to:

net.ipv4.conf.all.accept_redirects = 0
Add the following line below that:

net.ipv4.conf.default.accept_redirects = 0
Finally, add the following lines to the end of the file:

net.ipv4.icmp_ignore_bogus_error_responses = 1 
net.ipv4.tcp_syncookies = 1 
net.ipv4.tcp_max_syn_backlog = 2048 
net.ipv4.tcp_synack_retries = 3 
net.ipv4.netfilter.ip_conpntracktime

🦑The above settings do the following:

Includes protection against incorrect error messages

Enable SYN cookies to prevent the server from dropping connections when the SYN queue is full

Increase SYS queue size to 2048

W akryvayut state SYN_RECV compound pre
Decrease SYN_RECV timeout value to help mitigate SYN flood attack

Save and close the file.

🦑How to reload the configuration ?

You can reload the configuration with the command:

sudo sysctl -p
I found that the sysctl -p command did not load the tcp_max_syn_backlog correctly.
Only after a reboot was the value 2048 added.
So, after running the sudo sysctl -p command, enter the command:

sudo less / proc / sys / net / ipv4 / tcp_max_syn_backlog
Make sure the value shown is 2048.

If the value is less, restart the server.

At this point, your Linux server should be better protected against SYN attacks and IP spoofing.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵Jsonpickle code issue vulnerability:

https://dailycve.com/jsonpickle-code-issue-vulnerability

The value of Robles is equivalent to $30 billion, beating Ubisoft and CDPR.
#International

Many businesses are refuting rumors: the Spring Festival this year will not close.
#International

🔵Egavilan Media EGM Address Book SQL injection leak:

https://dailycve.com/egavilan-media-egm-address-book-sql-injection-leak

Samsung’s folding screen will break at low temperatures, causing serious damage.
#Technologies

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to configure a host-based intrusion detection system on CentOS?

One of the first security measures that any system administrator wants to deploy on its production server is a mechanism to detect file tampering-criminals tamper with not only file content, but also file attributes.

AIDE (full name "Advanced Intrusion Detection Environment") is a host-based open source intrusion detection system. AIDE checks the integrity of system binary files and basic configuration files by checking the inconsistency of many file attributes. These file attributes include permissions, file types, inodes, number of links, link names, users, user groups, and file sizes. , Block count, modification time, access time, creation time, access control list (acl), SELinux security context, xattrs and md5/sha checksum.

AIDE builds a file attribute database by scanning the file system of a (untampered) Linux server. Then, it checks the file attributes of the server against the database, and then issues a warning if there are any changes to the index file while the server is running. It is for this reason that whenever the system is updated or the configuration file is changed due to legitimate reasons, AIDE must re-index the protected files.

For some customers, their security policy may require some kind of intrusion detection system (IDS) to be installed on the server. But whether the customer requires IDS or not, it is a good practice for system administrators to deploy IDS.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵A SQL injection vulnerability exists in the website of Chongqing Yishu Information Technology Co., Ltd.2021-01-10

https://dailycve.com/sql-injection-vulnerability-exists-website-chongqing-yishu-information-technology-co-ltd2021-01-10

🔵Unauthorized access vulnerability exists in ThinkAdmin:

https://dailycve.com/unauthorized-access-vulnerability-exists-thinkadmin

A significant number of cases of loss of external reference connections have been triggered by the Twitter ban on President Trump.
#International

New Apple Products: Guide To What’s Coming Out in April ?
#Technologies

Cisco issued an announcement to refute that it has met all the conditions for completing the acquisition of Acacia.
#Updates

Microsoft is now planning for the Windows 10X Build 20280 version upgrade, which will correct the obstructive flaw.
#Updates

Hi all ! We start another new hacking block, few hours and will start uploading some awesome hacking tutorials, not like the telegram tutorials !

hack.undercode.help

(for now 403, till few hours)

Have a great day everyone !!!😊

🔵Tomcat CVE-2020-17527 CVE-2020-13943 :

https://dailycve.com/tomcat-cve-2020-17527-cve-2020-13943

🔵python-paramiko: Execute arbitrary code/commands - Existing account :

https://dailycve.com/python-paramiko-execute-arbitrary-codecommands-existing-account

🔵python-defusedxml: Unauthorised access - Remote/unauthenticated :

https://dailycve.com/python-defusedxml-unauthorised-access-remoteunauthenticated

🔵 tomcat: Multiple vulnerabilities CVE-2020-17527:

https://dailycve.com/tomcat-multiple-vulnerabilities-cve-2020-17527