Linux Security - Securing Nginx
HTML-код
- Опубликовано: 4 окт 2020
- In this video series, we will be taking a look at how to set up, secure, and audit Linux servers. This video will explain the process of securing Nginx.
Register for part 2 of the Linux Server Security Series: event.on24.com/eventRegistrat...
Get $100 in free credits on Linode: promo.linode.com/hackersploit...
Our videos are also available on the decentralized platform LBRY: lbry.tv/$/invite/@HackerSploi...
SUPPORT US:
Patreon: / hackersploit
Merchandise: teespring.com/en-GB/stores/ha...
SOCIAL NETWORKS:
Twitter: / hackersploit
LinkedIn: / 18713892
WHERE YOU CAN FIND US ONLINE:
HackerSploit - Cybersecurity Training Simplified: hackersploit.org/
HackerSploit Forum: forum.hackersploit.org
HackerSploit Academy: www.hackersploit.academy
LISTEN TO THE CYBERTALK PODCAST:
Spotify: open.spotify.com/show/6j0RhRi...
We hope you enjoyed the video and found value in the content. We value your feedback. If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms.
Thanks for watching!
Благодарю за просмотр!
Kiitos katsomisesta
Danke fürs Zuschauen!
感谢您观看
Merci d'avoir regardé
Obrigado por assistir
دیکھنے کے لیے شکریہ
देखने के लिए धन्यवाद
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
#Linux#Security#Cybersecurity Наука
you can test your config without restarting, using sudo nginx -t
Security concerns starts at 12:15
Hey, I enjoyed the video. I think it would be good to add three pieces of information though. 1) Since you are not using https, your httpauth, and thus your username and password, are going to be sent in plaintext over your network connection. 2) Always add a non-root user with a different password than root, disable root login and enable certificate-only logins 3) If you feel removing banners is going to help your be more sure, then definitely go all the way and disable standard status pages. If the attacker has no information at all, he/she might first try, say, Apache exploits and wast some time and energy trying that, before it has a chance to try any relevant exploits.
Love ur viedos..... content..... quality......etc and I like the way u tank ur supporter
Thanks for making these awesome videos😘😘😘
Hey you always making awesome content i am very thankful to you
The argument for the location directive is the URI of said location. In this case it probably should have been "/", not "/var/www/html". That's why the access rules demonstration did not work. Also the auth_basic example is backwards. If you apply auth_basic to the whole server section it works in every location by default. You add auth_basic off; to the locations where you don't want auth.
I learnd more about security nginx in the comments, then from the Video :(
You have one of the most concise and thorough catalogues on RUclips. Thank you.
I love ur work
Timestamps:
0:00 Introduction to the series
2:14 Video starts
You can register for part 2 of this series here: event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&partnerref=website&eventid=2649692&sessionid=1&key=FDD7D40926383C11B3392509222D8368®Tag=1558905&sourcepage=register
I look up to professional like this man, more than I look up to celebrities. I love seeing people who just know what the fuck they are talking about
why deny all did not work @ 15:57
BACK AGAIN with another hacking tutorial! I remember watching the proxychain tut a few years back when I was just getting into Linux...done moved into development now... He wasn't showing his face back then...
Thanks for making this series. Lots of great information. One thing I noticed though. You don't need sudo if you are root
thank you
Great video. I am newby , i have some question. If I put auth_basic for the default Nginx server it's asking me for the password. Can I put the same thing for the project inside the file in the same way for the hacker?
How to my hide my All information in cyber war ,,,, plz
Great
Ubuntu?
I came here looking to learn something meaningful, instead your tutorial felt like something being regurgitated form your own cyber-security training..the mail settings in the config file were already commented, what does removing them achieve. Hiding the server version is 101 and thats more precautionary than preventative..to what benefit does applying a htpassword to my web directory serve..Great hope my visitors have telepathy to know it..like I said it just feels like your disseminating what youve been taught in theory with no real world application..and what is applicable most people already know
Same here, a big titel but not so much content
Work
What is the use of nginx
@@CpLKaNeZA just for clarifications NGINX is the backend database?
@@NERO-ez1mn I think so, yes. Looking at Google results it can be used for a few other things as well. There are a lot of write-ups and articles you can find on what it can do
Hello, Can you please provide the installation and configure file in docx file
Linode denied my registration. I raised the issue and I haven't received any feedback. I wonder why they invest in all this marketing when their customer service is wack.
I tried "ssh root@192.155.95.165"
that is HIS ip, not yours. Log into your server and look at the ip, and connect to it. Hope this helps.
First
21 minutes and I keep waiting for the "securing" part -- is that adding htaccess, and disabling server token? You could have talked about this in 1 minute. Your video is about basic installation. Even at 10 minute mark you are barely starting.... just configuring a listen port and then docroot. You should change the title to "installation basic configuration of nginx"
Apologies for the lengthy introduction and the implementation of basic techniques. Our videos are designed to start off from the ground up and build on each other. We will still be releasing more videos on securing Nginx that will cover more advanced features and techniques.
It was really helpful
njinx. lol thats how it should be pronounced
Too much bullshit in this video, although some good info. But:
- root should (even "must", as best practice) specified in server block
- location means url, not doc root path location
- reload is enough (and it's cleaner for production servers), afaik use restart only when modifying listen parameters (simple reload didn't worked), not 100% sure when changing tls keys/certificates
- use configuration parameters as "up" as they can be (i.e.: if possible, prefer configuration in server block, or even up, not in location block)
"Securing Nginx" is an oxymoron right ?
Nginx is actually fairly secure. Of all the components of you tech stack, it's probably the least likely to specifically be the cause of a breach... As opposed to the JavaScript frameworks, PHP, Python, SQL, etc. Improperly written code is more than likely going to be the downfall of many a website.
please provide a platform where we ask question. I also try to contact you on insta twitter everywhere but no reply. please.
#Pakistan
official manual from Nginx: www.nginx.com/blog/compiling-and-installing-modsecurity-for-open-source-nginx/