Linux Security - Securing Nginx

Рет қаралды 40,607

3 жыл бұрын

In this video series, we will be taking a look at how to set up, secure, and audit Linux servers. This video will explain the process of securing Nginx.
Register for part 2 of the Linux Server Security Series: event.on24.com/eventRegistrat...
Get $100 in free credits on Linode: promo.linode.com/hackersploit...
Our videos are also available on the decentralized platform LBRY: lbry.tv/$/invite/@HackerSploi...
SUPPORT US:
Patreon: / hackersploit
Merchandise: teespring.com/en-GB/stores/ha...
SOCIAL NETWORKS:
Twitter: / hackersploit
LinkedIn: / 18713892
WHERE YOU CAN FIND US ONLINE:
HackerSploit - Cybersecurity Training Simplified: hackersploit.org/
HackerSploit Forum: forum.hackersploit.org
HackerSploit Academy: www.hackersploit.academy
LISTEN TO THE CYBERTALK PODCAST:
Spotify: open.spotify.com/show/6j0RhRi...
We hope you enjoyed the video and found value in the content. We value your feedback. If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms.
Thanks for watching!
Благодарю за просмотр!
Kiitos katsomisesta
Danke fürs Zuschauen!
感谢您观看
Merci d'avoir regardé
Obrigado por assistir
دیکھنے کے لیے شکریہ
देखने के लिए धन्यवाद
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
#Linux#Security#Cybersecurity

Пікірлер: 43

@limpep 3 жыл бұрын

you can test your config without restarting, using sudo nginx -t

@kanaillaurent526 3 жыл бұрын

Security concerns starts at 12:15

@HackerSploit 3 жыл бұрын

Timestamps: 0:00 Introduction to the series 2:14 Video starts You can register for part 2 of this series here: event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&partnerref=website&eventid=2649692&sessionid=1&key=FDD7D40926383C11B3392509222D8368&regTag=1558905&sourcepage=register

@TheRealKuif 3 жыл бұрын

Hey, I enjoyed the video. I think it would be good to add three pieces of information though. 1) Since you are not using https, your httpauth, and thus your username and password, are going to be sent in plaintext over your network connection. 2) Always add a non-root user with a different password than root, disable root login and enable certificate-only logins 3) If you feel removing banners is going to help your be more sure, then definitely go all the way and disable standard status pages. If the attacker has no information at all, he/she might first try, say, Apache exploits and wast some time and energy trying that, before it has a chance to try any relevant exploits.

@MrDaddyv123 3 жыл бұрын

You have one of the most concise and thorough catalogues on KZbin. Thank you.

@kellbooby265 3 жыл бұрын

Love ur viedos..... content..... quality......etc and I like the way u tank ur supporter

@rahulkumarsingh2965 3 жыл бұрын

Thanks for making these awesome videos😘😘😘

@FahadAli-ot5kn Жыл бұрын

Hey you always making awesome content i am very thankful to you

@durgashukla1632 3 жыл бұрын

I love ur work

@pupkinsen 3 жыл бұрын

The argument for the location directive is the URI of said location. In this case it probably should have been "/", not "/var/www/html". That's why the access rules demonstration did not work. Also the auth_basic example is backwards. If you apply auth_basic to the whole server section it works in every location by default. You add auth_basic off; to the locations where you don't want auth.

@MmMm-oh5ct 3 жыл бұрын

I learnd more about security nginx in the comments, then from the Video :(

@mathiasensimon 3 жыл бұрын

I look up to professional like this man, more than I look up to celebrities. I love seeing people who just know what the fuck they are talking about

@itwebadmin 2 жыл бұрын

BACK AGAIN with another hacking tutorial! I remember watching the proxychain tut a few years back when I was just getting into Linux...done moved into development now... He wasn't showing his face back then...

@ripon59 Жыл бұрын

Great video. I am newby , i have some question. If I put auth_basic for the default Nginx server it's asking me for the password. Can I put the same thing for the project inside the file in the same way for the hacker?

@thesecrettimes Жыл бұрын

thank you

@SecurityTalent 2 жыл бұрын

Great

@miker7382 3 жыл бұрын

Thanks for making this series. Lots of great information. One thing I noticed though. You don't need sudo if you are root

@premnathd 3 жыл бұрын

why deny all did not work @ 15:57

@horsihorse2453 3 жыл бұрын

Work

@zaskmartinas4707 3 жыл бұрын

How to my hide my All information in cyber war ,,,, plz

@spicyF1 3 жыл бұрын

I came here looking to learn something meaningful, instead your tutorial felt like something being regurgitated form your own cyber-security training..the mail settings in the config file were already commented, what does removing them achieve. Hiding the server version is 101 and thats more precautionary than preventative..to what benefit does applying a htpassword to my web directory serve..Great hope my visitors have telepathy to know it..like I said it just feels like your disseminating what youve been taught in theory with no real world application..and what is applicable most people already know

@MmMm-oh5ct 3 жыл бұрын

Same here, a big titel but not so much content

@TheFarazahmed123 3 жыл бұрын

Hello, Can you please provide the installation and configure file in docx file

@sufastv 3 жыл бұрын

Ubuntu?

@mosesmbadi4158 Жыл бұрын

Linode denied my registration. I raised the issue and I haven't received any feedback. I wonder why they invest in all this marketing when their customer service is wack.

@abdullahihussein8860 3 жыл бұрын

What is the use of nginx

@NERO-ez1mn 3 жыл бұрын

@@CpLKaNeZA just for clarifications NGINX is the backend database?

@CpLKaNeZA 3 жыл бұрын

@@NERO-ez1mn I think so, yes. Looking at Google results it can be used for a few other things as well. There are a lot of write-ups and articles you can find on what it can do

@Bac2hack 3 жыл бұрын

I tried "ssh root@192.155.95.165"

@arctis_shark 2 жыл бұрын

that is HIS ip, not yours. Log into your server and look at the ip, and connect to it. Hope this helps.

@stormand 3 жыл бұрын

21 minutes and I keep waiting for the "securing" part -- is that adding htaccess, and disabling server token? You could have talked about this in 1 minute. Your video is about basic installation. Even at 10 minute mark you are barely starting.... just configuring a listen port and then docroot. You should change the title to "installation basic configuration of nginx"

@HackerSploit 3 жыл бұрын

Apologies for the lengthy introduction and the implementation of basic techniques. Our videos are designed to start off from the ground up and build on each other. We will still be releasing more videos on securing Nginx that will cover more advanced features and techniques.

@abdullahihussein8860 3 жыл бұрын

First

@pratiksawant8119 3 жыл бұрын

It was really helpful

@Meleeman011 2 жыл бұрын

njinx. lol thats how it should be pronounced

@NotBeHaris 3 жыл бұрын

please provide a platform where we ask question. I also try to contact you on insta twitter everywhere but no reply. please. #Pakistan

@mark8200 2 жыл бұрын

"Securing Nginx" is an oxymoron right ?

@DominickWalenczak 5 ай бұрын

Nginx is actually fairly secure. Of all the components of you tech stack, it's probably the least likely to specifically be the cause of a breach... As opposed to the JavaScript frameworks, PHP, Python, SQL, etc. Improperly written code is more than likely going to be the downfall of many a website.

@AlexCernat Жыл бұрын

Too much bullshit in this video, although some good info. But: - root should (even "must", as best practice) specified in server block - location means url, not doc root path location - reload is enough (and it's cleaner for production servers), afaik use restart only when modifying listen parameters (simple reload didn't worked), not 100% sure when changing tls keys/certificates - use configuration parameters as "up" as they can be (i.e.: if possible, prefer configuration in server block, or even up, not in location block)