Posts

You can't add both CNAME and TXT to the same subdomain

I was a bit surprised to learn about this while processing the request of a customer.

Here is the reason why

"If a CNAME RR is present at a node, no other data should be present; this ensures that the data for a canonical name and its aliases cannot be different. This rule also insures that a cached CNAME can be used without checking with an authoritative server for other RR types."


REFERENCES 

https://stackoverflow.com/questions/34613083/cname-and-txt-record-for-same-subdomain-not-workinghttps://tools.ietf.org/html/rfc1034

Deploy your own mail hosting with Mail-in-a-Box

Mail-in-a-Box lets you become your own mail service provider in a few easy steps. It’s sort of like making your own gmail, but one you control from top to bottom. Technically, Mail-in-a-Box turns a fresh cloud computer into a working mail server. But you don’t need to be a technology expert to set it up. The box also includes: automatic DNS configuration, spam filtering,greylisting, backups to Amazon S3, static website hosting, and free TLS (SSL) certificates from Let’s Encrypt.
Your box can host mail for multiple users and multiple domain names. It implements modern mail protocols (SPFDKIM, and DMARC) and the latest security best practices, including opportunistic TLS, strong ciphers, and HSTS. When enabled, DNSSEC (with DANE TLSA) provides a higher level of protection against active attacks. Exchange ActiveSync is also available as a beta feature. It has web based interface for administration and features RoundCube webmail as client. Really swiit 😊
Check it out !!
Official Website …

What is SELinux

SELinux is a security enhancement to Linux which allows users and administrators more control over access control. Access can be constrained on such variables as which users and applications can access which resources. These resources may take the form of files. Standard Linux access controls, such as file modes (-rwxr-xr-x) are modifiable by the user and the applications which the user runs. Conversely, SELinux access controls are determined by a policy loaded on the system which may not be changed by careless users or misbehaving applications. SELinux also adds finer granularity to access controls. Instead of only being able to specify who can read, write or execute a file, for example, SELinux lets you specify who can unlink, append only, move a file and so on. SELinux allows you to specifby access to many resources other than files as well, such as network resources and interprocess communication (IPC).
Reference: https://selinuxproject.org/page/Main_Page

LINUX - How do I change swap partition

On the fly:

sudo swapoff /dev/hda3
sudo mkswap /dev/hda4
sudo swapon /dev/hda4


For bootime : 
after you have run the mkswap, edit the /etc/fstab file and the change the /dev/hda3 line accordingly.


SOURCE : https://serverfault.com/questions/17718/how-do-i-change-swap-partition-in-linux

Side-channel attack

Image
In computer security, a side-channel attack is any attack based on information gained from the implementation of a computer system, rather than weaknesses in the implemented algorithm itself (e.g. cryptanalysis and software bugs). Timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information, which can be exploited.

An attempt to decode RSA ... Key bits using power analysis. The left peak represents the CPU power variations during the step of the algorithmwithout multiplication, the right (broader) peak – step with multiplication, allowing an attacker to read bits 0, 1.

Side-channel attack. (2018, April 27). Retrieved from https://en.m.wikipedia.org/wiki/Side-channel_attack

Public Key Certificates

A public key certificate provides a safe way for an entity to pass on its public key to be used in asymmetric cryptography. The public key certificate avoids the following situation: if Charlie creates his own public key and private key, he can claim that he is Alice and send his public key to Bob. Bob will be able to communicate with Charlie, but Bob will think that he is sending his data to Alice. A public key certificate can be thought of as the digital equivalent of a passport. It is issued by a trusted organization and provides identification for the bearer. A trusted organization that issues public key certificates is known as a certificate authority (CA). The CA can be likened to a notary public. To obtain a certificate from a CA, one must provide proof of identity. When the CA is confident that the applicant represents the organization it says it represents, the CA signs the certificate attesting to the validity of the information contained within the certificate. A public ke…

Raid 5, Raid 1+0 & Raid 0+1

RAID 5
The minimum number of disks in a RAID 5 set is three (two for data and one for parity). The maximum number of drives in a RAID 5 set is in theory unlimited, although your storage array is likely to have built-in limits. However, RAID 5 only protects against a single drive failure.

Cited From : http://www.computerweekly.com/answer/RAID-5-recovery-What-is-the-maximum-number-of-physical-drives-in-a-RAID-5-configuration



RAID 0+1  vs  RAID 1+0

Got a bit of difficulty of understanding and interpreting this ?

Start with the last number it will be easier

RAID 0+1  : Mirror of Stripes (Raid 0)

RAID 0+1 means arrays implemented as RAID 1, whose elements are RAID 0 arrays.


RAID 1+0  : Stripes of Mirrors (Raid 1)

A RAID 1+0 array is implemented as RAID 0, whose elements are RAID 1

You can read more on this here : http://blog.open-e.com/what-are-raid-1-raid-10-and-raid-01/