Search Results

Search found 13222 results on 529 pages for 'security gate'.

Page 128/529 | < Previous Page | 124 125 126 127 128 129 130 131 132 133 134 135  | Next Page >

• hosts.allow and hosts.deny WHM Host Access Control - what if my IP changes?

  - by beingalex

  I want to use WHM/Cpanel's Host Access Control interface to change some settings in hosts.allow and hosts.deny. I want to block all access to our SSH exept from the IP we have from our office. Daemon Access List Action Comment sshd ALL EXCEPT x.x.x.x deny Deny access from all other IPs apart from ours But I am worried about what happens if our IP changes, which it does about twice a week. How would I get back in to edit the hosts.allow / hosts.deny files?

  Read the article

• password protect a VPS account?

  - by Camran

  I ordered a VPS today, and am about to upload my website. It uses java, mysql, php etc... However, I need to password protect the site at first... I use Ubuntu 9.10 and have installed LAMP just now. How can I easiest do this? Thanks PS: Have problem with the serverfault website, thats why I am posting this here. sorry.

  Read the article

• May the file size returned by stat be compromised?

  - by codeholic

  I want to make sure that nobody changed a file. In order to accomplish that, I want not only to check MD5 sum of the file, but also check its size, since as far as I understand this additional simple check can sophisticate falsification by several digits. May I trust the size that stat returns? I don't mean if changes were made to stat itself. I don't go that deep. But, for instance, may one compromise the file size that stat returns by hacking the directory file? Or by similar means, that do not require superuser privileges? It's Linux.

  Read the article

• /etc/hosts.deny ignored in Ubuntu 14.04

  - by Matt

  I have Apache2 running on Ubuntu 14.04LTS. To begin securing network access to the machine, I want to start by blocking everything, then make specific allow statements for specific subnets to browse to sites hosted in Apache. The Ubuntu Server is installed with no packages selected during install, the only packages added after install are: apt-get update; apt-get install apache2, php5 (with additional php5-modules), openssh-server, mysql-client Following are my /etc/hosts.deny & /etc/hosts.allow settings: /etc/hosts.deny ALL:ALL /etc/hosts.allow has no allow entries at all. I would expect all network protocols to be denied. The symptom is that I can still web browse to sites hosted on the Apache web server even though there is a deny all statement in /etc/hosts.deny The system was rebooted after the deny entry was added. Why would /etc/hosts.deny with ALL:ALL be ignored and allow http browsing to sites hosted on the apache web server?

  Read the article

• Can I disable Pam Loginuid? Can I find out options used to configure kernel?

  - by dunxd

  I am getting a lot of the following types of error in my secure log on a CentOS 5.4 server: crond[10445]: pam_loginuid(crond:session): set_loginuid failed opening loginuid sshd[10473]: pam_loginuid(sshd:session): set_loginuid failed opening loginuid I've seen discussion of this being caused when using a non-standard kernel without the correct CONFIG_AUDIT and CONFIG_AUDITSYSCALL options set. Where this is the case, it is advised to comment out some lines in the pam.d config files. I am running a Virtual Private Server where I need to use the kernel provided by the supplier. Is there a way to find out what options they used to configure the kernel? I want to verify if the above is the cause. If this turns out not to be the cause, what are the risk of disabling pam_loginuid for crond and sshd?

  Read the article

• Has anyone had luck running 802.1x over ethernet using the stock Windows or other free supplicant?

  - by maxxpower

  I just wanted to see if anyone else has had luck implementing 802.1x over ethernet. So here's my basic setup. Switch sends out 3 eapol messages spaced out 5 seconds apart. if there's no response the machine gets put on a guest vlan with restricted access. If the machine is properly configured it will authenticate and be placed into a secure vlan. About 10% of my windows xp users are getting self assigned 169 addresses. I've used the Odyssey Access Client and it worked without a hitch. I'm using the setting to automatically use the users windows login to authenticate, but it's workign on 90% of the machines so I don't think that's the issue. Checking the logs on the dc it seems that the machines are trying to authenticate with computer credentials even though they are configured not to. I'm running Juniper switches with IAS for radius. I have radius configured for PEAP and MSvhapv2. Macs and linux boxes seem to have no issues authenticating. One last thing to add If I unplugging the ethernet cable and plug it back in usually resolves the issue, but I'd hardly call that acceptable for production. Kinda long winded and specific for a discussion, but just want to see if anyone else has had similar issues or experiences, or if anyone knows of a free XP supplicant that actually works with 802.1x over ethernet.

  Read the article

• Application runs fine manually but fails as a scheduled task

  - by user42540

  I wasn't sure if this should go here or on stackoverflow. I have an application that loads some files from a network share (the input folder), extracts certain data from them and saves new files (zips them with SharpZLib) on a different network share (output folder). This application runs fine when you open it directly, but when it is set to a scheduled task, it fails in numerous places. This application is scheduled on a Win 2003 server. Let me say right off the bat, the scheduled task is set to use the same login account that I am currently logged in with, so it's not because it's using the LocalSystem account. Something else is going on here. Originally, the application was assigning a drive letter to the input folder using WNetGetConnectionA(). I don't remember why this was done, someone else on our team did that and she's gone now. I think there was some issue with using the WinZip command line with a UNC path. I switched from the WinZip command line utility to using SharpZLib because there were other issues with using the WinZip command line. Anyway, the application failed when trying to assign a drive letter with the error "connection already established." That wasn't true and even after trying WNetCancelConnection(), it still didn't work. Then I decided to just map the drive manually on the server. Then when the app calls Directory.Exists(inputFolderPath) it returns false, even though it does exist. So, for whatever reason, I cannot read this directory from within the application. I can manually navigate to this folder in Windows Explorer and open files. The app log file shows that the user executing it on the schedule is the user I expect, not LocalSystem. Any ideas?

  Read the article

• Windows 8.1 and fingerprint readers

  - by Sevenate

  Is there any build in UI for that kind of hardware like it exist in Modern UI for WiFi, Bluetooth, Broadband mobile and other common settings or I'm forced to use separate software (besides the obvious drivers for hardware)? The thing is that I have build-in fingerprint reader in my laptop and I have installed all necessary official drivers for it (and it looks like they are working fine, btw). But I did not find any UI settings where I could change Sign-in option from password/picture password/pin to fingerprint.

  Read the article

• rhel configure: limit root direct login to systems except through system consoles

  - by zhaojing

  I have to configure to limit root direct access except system consoles. That is, the ways of telnet, ftp, SSH are all prohibited. Root can only login through console. I understand that will require me to configure the file /etc/securetty. I have to comment all the tty, just keep "console" in /etc/securetty. But from google, I found many peoples said that configure /etc/securetty will not limit the way of SSH login. From my experiment, I found it is. (configure /etc/securetty won't limit SSH login). And I add one line in /etc/pam.d/system-auth: auth required pam_securetty It seems root SSH login can be prohibited. But I can't find the reason: What is the difference of configure pam_securetty and /etc/securetty? Can anyone help me with this? Only configure /etc/securetty could work? Or Have I to configure pam_securetty at the same time? Thanks a lot!

  Read the article

• Get the "source network address" in Event ID 529 audit entries on Windows XP

  - by Make it useful Keep it simple

  In windows server 2003 when an Event 529 (logon failure) occures with a logon type of 10 (remote logon), the source network IP address is recorded in the event log. On a windows XP machine, this (and some other details) are omitted. If a bot is trying a brute force over RDP (some of my XP machines are (and need to be) exposed with a public IP address), i cannot see the originating IP address so i don't know what to block (with a script i run every few minutes). The DC does not log this detail either when the logon attempt is to the client xp machine and the DC is only asked to authenticate the credentials. Any help getting this detail in the log would be appreciated.

  Read the article

• How to decide where to purchase a wildcard SSL certificate?

  - by user664833

  Recently I needed to purchase a wildcard SSL certificate (because I need to secure a number of subdomains), and when I first searched for where to buy one I was overwhelmed with the number of choices, marketing claims, and price range. I created a list to help me see passed the marketing gimmicks that the greater majority of the Certificate Authorities (CAs) plaster all over their sites. In the end my personal conclusion is that pretty much the only things that matter are the price and the pleasantness of the CA's website. Question: Besides price and a nice website, is there anything worthy of my consideration in deciding where to purchase a wildcard SSL certificate?

  Read the article

• Is there a debian lenny patch to allow apt-get to work with sftp?

  - by MiniQuark

  I would like to write things like this in /etc/apt/sources.list: deb sftp://[email protected]/path other stuff When I try this, apt-get complains that there is no sftp method for apt: # apt-get update E: The method driver /usr/lib/apt/methods/sftp could not be found. Has anyone written a patch to add the sftp method for apt? All I could find in Google was this spec for Ubuntu. Thanks for your help.

  Read the article

• How can I change default public access directory for WHM and cPanel

  - by james

  I want to change the default directory so that someone can't just go to my server.com/cpanel or server.com/whm and start trying to access my system. Any tips? Webserver is Apache2

  Read the article

• Cracking WEP with Aircrack and Kismet

  - by Jenny

  Just a minor question, but I notice with aircrack when it lists networks, it does not list the encryption type of each network. Which seems fair enough, as you can use Kismet, however on my machine when I end kismet and the server, the monitor interface is not removed and I cannot remove it manually, which screws with aircrack. SO, is kismet needed to view encryption types of networks, and if so how do you use it peacefully in unison with aircrack?

  Read the article

• How to allow password protected start-stop-daemon functionality?

  - by Mahmoud Abdelkader

  I would like to use Ubuntu's start-stop-daemon to start my application, but the application protects some sensitive information, so I have a mechanism where the application prompts for a password that's then used to generate a hashkey, which is used as the secret key for a symmetric encryption (AES) to encrypt and decrypt things from a database. I'd like to daemonize this application and have it run from start-stop-daemon, so that sudo service appname stop and sudo service appname start would work, but, I'm not sure how to go about doing this with the added complexity of a password prompt. Is there something that supports this or do I have to program it from scratch? I figured I should ask first before re-inventing the wheel. Thanks in advance.

  Read the article

• I'm using Firefox, configured to use a Squid proxy. Can the browser-proxy connection be HTTPS?

  - by JCCyC

  And what about Chrome, Opera, and Safari? (IE can go pound sand) Clarifying, I have the power to reconfigure Squid if necessary.

  Read the article

• Blocked connections passing through firewall. What is wrong?

  - by Kiranu

  In our company we have a small business router (Cisco RV082) on which we are using its standard configuration (block all incoming traffic). We also have an SMTP relay configured (using WS2008R2) so that our internal applications can send email through google apps (which requires authentication). The thing is that the server was being used to send spam. We fixed the problem by only allowing the server to relay email from our internal IP address range (10.0.0.0/16). My concern is that there was a way by which external IPs connected to the network and that underlying problem has not been fixed, but I cannot imagine how these machines connected. Any thoughts?

  Read the article

• Best all in one linux based proxy,firewall, dhcp and wins server.

  - by BeStRaFe

  I help to run a lan in Sydney. We have a need for a proxy/gateway solution to allow those pesky games that require internet to work. I have been doing this with an ISA server and it has worked quite well. However now i wish to port this over to run on the same hardware as our cacti / nagios box under a vmware VM. ISA server is horridly nad due to the massive ram and i/o requirement for something is basically port blocking and handing out IP's. The needs are as follows. 1. DHCP 2. WINS (otherwise network devices fight over who is the WINS master) 3. Filtering based in PORT for outbound traffic. 4. Ability to whitelist IP/MAC's for internet access. 5. Web Interface. I had been thinking to use PFSENSE however there is no option for a WINS server and i cbf working my way around bsd.

  Read the article

• How to run Firefox jailed without serious performance loss?

  - by Vi

  My Firefox configuration is tricky: Firefox runs at separate restricted user account which cannot connect to main X server. Firefox uses Xvfb (virtual "headless" X server) as X server. x11vnc is running on that Xvfb. On the main X server there is vncviewer running that connect to this x11vnc On powerful laptop (Acer Extensa 5220) it seems to work more or less well, but on "Acer Aspire One" netbook it is slowish (on a background that firefox is loaded with lots of extensions). How to optimise this scheme? Requirements: Browser cannot connect to main X server. Browser should be in chroot jail (no "suid" scripts, readonly for many things) Browser should have a lot of features (like in AutoPager, NoScript, WoT, AdBlockPlus)

  Read the article

• Secure email crashes Outlook 2007

  - by Josh

  I have a number of secure emails sent to my Outlook 2007 client. Most arrive fine and display the prompt with regards to granting access to the certificate and then open. Today I received two that crash Outlook whenever I try to open them. I've tried restarting Outlook and my computer but still have the same problem. Any ideas what might be causing this, and how I can fix it? I'm working on Windows Vista Ultimate 64-bit.

  Read the article

• Is there a way to tell if a program like KeyScrambler is first in the list of keyboard driver filter

  - by Brian T Hannan

  I recently found a program called KeyScrambler which appears to be a keyboard driver filter that intercepts keystrokes and jumbles them up for you so keyloggers aren't able to get your keystrokes while visiting your online banking sites. I was wondering if there is a way to tell if KeyScrambler is always first in line for the keyboard driver filters or if another driver filter could be installed and intercept the keystrokes before it gets to KeyScrambler.

  Read the article

• Windows: disable remote access of local drive, even by domain admin

  - by Matt

  We have a network of Windows 7 PCs that are managed as part of a domain. What we want is for the domain admin to be unable to view the PC's local drive (C:) unless he is physically at the PC. In other words, no remote desktop and no ability to use UNC. In other words, the domain admin should not be allowed to put \\user_pc\c$ in Windows Explorer and see all the files on that computer, unless he is physically present at the PC itself. Edit: to clarify some of the questions/comments that have come up. Yes, I am an admin---but a complete Windows novice. And yes, for the sake of this and my similar questions, it is fair to assume that I am working for someone who is paranoid. I understand the arguments about this being a "social problem versus a technical problem", and "you should be able to trust your admins", etc. But this is the situation in which I find myself. I'm basically new to Windows system administration, but am tasked with creating an environment that is secure by the company owner's definition---and this definition is clearly very different from what most people expect. In short, I understand that this is an unusual request. But I'm hoping there is enough expertise in the ServerFault community to point me in the right direction.

  Read the article

• How can I read password protected Word files on OS X ?

  - by Ohad

  I receive Word documents by mail and read them using the built-in Gmail reader. Sometimes the documents are password protected and I need to obtain access to a Windows machine with Office installed in order to read them. Is there a quicker / less hassle requiring method ? I don't want to have to install Vmware / Parallels nor Office on my fresh and sterile macbook.

  Read the article

• Locking down a server for shared internet hosting.

  - by Wil

  Basically I control several servers and I only host either static websites or scripts which I have designed, so I trust them up to a point. However, I have a few customers who want to start using scripts such as Wordpress or many others - and they want full control over their account. I have started to do the basics - like on php.ini, I have locked it down and restricted commands such as proc, however, there is obviously a lot more I can do. right now, using NTFS permissions, I am trying to lock down the server by running Application Pools and individual sites in their own user, however I feel like I am hitting brick walls... (My old question on Server Fault). At the moment, the only route I can think of is either to implement an off the shelf control panel - which will be expensive and quite frankly, over the top, or look at the Microsoft guide - which is really for an entire infrastructure, not for someone who just wants to lock down a few servers. Does anyone have any guides that can put me on the correct path?

  Read the article

• Steganography software

  - by dag729

  Do you know some good (better if FOSS and cross-platform) steganography software that runs on GNU/Linux? The features I'm searching are: steganography software (better if FOSS and cross-platform) it must run on GNU/Linux must hide data inside audio/video/image files support of additional cryptography I already use a cryptographic software, but I want to use a steganographic one as an addition to it. Any suggestions will be appreciated, thanks a lot in advance!

  Read the article

< Previous Page | 124 125 126 127 128 129 130 131 132 133 134 135  | Next Page >