(Unix Security Lab)
The Author: (Stefan Johnson)
Stefan Johnson is a Unix Systems Administrator/Engineer with industry experience since 2002, and a focus on open source Linux and BSD systems for home use and learning since 1998. He holds a Bachelor’s of Arts in Computer Science with a Minor in English from Harding University in Arkansas. He obtained his first security related certification in 2015 from SANS GIAC (GIAC Certified Incident Handler, GCIH.) His primary strengths lie in SSH, Sudo Policy, and system hardening configuration, as well as Bash/KSH/POSIX shell code and multiplexing tasks across systems using tmux and/or dsh. He has had experience either from a hobby/home use perspective or work perspective on the following platforms: IBM AIX, Sun/Oracle Solaris, HP/Compaq Tru64, HP HP-UX, SCO OpenServer 5.5, various Linux distributions, FreeBSD, and OpenBSD. He has experience with VMWare ESXi/VSphere and ProxMox for virtual machine host environments.
Stefan Johnson is a father of nine awesome children, and a husband to an amazing wife. He served four years in the United States Navy (1995 through 1999.) He is multi-passionate, and a limited list of his hobbies include amateur radio, knife throwing, knife sharpening, playing music, listening to music, watching movies, reading books, permaculture, locksmithing, video games, martial arts, and writing, both fiction and technical materials.
Certifications / Education
- GIAC GCIH certification was issued November 18, 2015.
- Permaculture Design Certification was issued by Geoff Lawton on October 21, 2013.
- Diploma(s) in Professional Locksmithing, and Advanced Locksmithing were issued by Foley Belsaw Institute on February 6, 2009, and December 29, 2009 (respectively.)
- Bachelor’s of Arts – Computer Science with English Minor Diploma issued by Harding University on May, 2004.
The UnixSecLab mission is to provide thought provoking information related to information security, specifically with regards to Unix and Linux operating systems. We strive to present the material in such a manner as to not only explain a command, it’s various options, and configuration settings, but to explain how and why they might be important from a security posture. We want our audience to be able to use our thought processes and examples as a means to developing your own system hardening configuration(s) as well as develop your own best practices to fit your wants and needs while meeting whatever governance requirements you may be required to follow. We will place an emphasis on correctness and security in everything we present relating to Unix, Linux, code, and configuration.
This site will provide scheduled content that revolves around the foundational principles of good systems administration, engineering, and architecture. Content will cover everything from configuration, clean code/input validation, tips, tricks, developing best practices, putting together your own lab, and understanding policy languages such as sudo. We will also cover general security topics such as Business Continuity/Disaster Recovery (BCDR), Incident Handling/Incident Response (IH/IR), and Governance topics. Finally, we will toss in a mix of other topics covering a wide range of hobbies, because it is important to find time to play, not just work all the time.
An RSS feed of the blog posts is available for anyone wishing to utilize this functionality.
The Mailing List:
There will be several mailing list options for you, the reader, to choose from.
- An RSS feed of the previous week’s posts sent each Saturday.
- An insider feed to receive promotional offers for upcoming products. Those who sign up for this option will also receive extra content that doesn’t get posted to the site.
- Other lists may become available, eventually.
There will be an occasional survey via the SITE or the MAILING LIST to help direct UnixSecLab on selecting order of topics to cover via either the site or products, moving forward. Survey results will be anonymous, unless you choose to leave your email address. Surveys that offer a door prize will require an email address to contact the winner, but the email address given in surveys will NOT be used for anything other than contacting winners. You will not be magically signed up for yet another mailing list, and we will never sell customer information to other parties.