UNRAID SETUP TOWER LOGIN INSTALL
# yum install mod_sslĪlthough we will use the Debian/Ubuntu path and names, the same procedure is valid for CentOS and RHEL if you replace the commands and paths below with the CentOS equivalents.Ĭreate a directory to store the key and certificate: # mkdir /etc/apache2/ssl To do this, install mod_ssl package on CentOS based distributions. To avoid this, let’s secure the login page with a certificate. Please note that we have hidden part of the root password with a blue mark over it: Sniffing HTTP Traffic It will not take us long to realize that the username and password have been sent over the wire in plain text format, as you can see in the truncated output of tcpdump in the image below. To begin sniffing traffic, we typed the following command and pressed Enter: # tcpdump port http -l -A | egrep -i 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=|pass:|user:|username:|password:|login:|pass |user ' -line-buffered -B20 To introduce this tip, let’s sniff the HTTP traffic between a client machine and the Debian 8 server where we have made the innocent mistake to login using the database root user’s credentials in our last article at: Change and Secure Default PhpMyAdmin Login URLĪs we mentioned in the previous tip, do not attempt to do this yet if you don’t want to expose your credentials.
0 kommentar(er)
