Search Results

Search found 17646 results on 706 pages for 'security warning'.

Page 145/706 | < Previous Page | 141 142 143 144 145 146 147 148 149 150 151 152 | Next Page >

iptables -- OK, **now** am I doing it right?

- by Agvorth

This is a follow up to a previous question where I asked whether my iptables config is correct. CentOS 5.3 system. Intended result: block everything except ping, ssh, Apache, and SSL. Based on xenoterracide's advice and the other responses to the question (thanks guys), I created this script: # Establish a clean slate iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -F # Flush all rules iptables -X # Delete all chains # Disable routing. Drop packets if they reach the end of the chain. iptables -P FORWARD DROP # Drop all packets with a bad state iptables -A INPUT -m state --state INVALID -j DROP # Accept any packets that have something to do with ones we've sent on outbound iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # Accept any packets coming or going on localhost (this can be very important) iptables -A INPUT -i lo -j ACCEPT # Accept ICMP iptables -A INPUT -p icmp -j ACCEPT # Allow ssh iptables -A INPUT -p tcp --dport 22 -j ACCEPT # Allow httpd iptables -A INPUT -p tcp --dport 80 -j ACCEPT # Allow SSL iptables -A INPUT -p tcp --dport 443 -j ACCEPT # Block all other traffic iptables -A INPUT -j DROP Now when I list the rules I get... # iptables -L -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all -- any any anywhere anywhere state INVALID 9 612 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 ACCEPT all -- lo any anywhere anywhere 0 0 ACCEPT icmp -- any any anywhere anywhere 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https 0 0 DROP all -- any any anywhere anywhere Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 5 packets, 644 bytes) pkts bytes target prot opt in out source destination I ran it and I can still log in, so that's good. Anyone notice anything major out of wack?

Read the article
How can I change default public access directory for WHM and cPanel

- by james

I want to change the default directory so that someone can't just go to my server.com/cpanel or server.com/whm and start trying to access my system. Any tips? Webserver is Apache2

Read the article
VirtualBox - Continuous Integration with Secure virtual server

- by stacker

I have a repository on the host machine that I need to expose to the virtual machine but not the the other world (even other computers on the router). On the virtual machine I have a deployed web application that I need to be exposed to my host only. Is that can be achievable?

Read the article
Get the "source network address" in Event ID 529 audit entries on Windows XP

- by Make it useful Keep it simple

In windows server 2003 when an Event 529 (logon failure) occures with a logon type of 10 (remote logon), the source network IP address is recorded in the event log. On a windows XP machine, this (and some other details) are omitted. If a bot is trying a brute force over RDP (some of my XP machines are (and need to be) exposed with a public IP address), i cannot see the originating IP address so i don't know what to block (with a script i run every few minutes). The DC does not log this detail either when the logon attempt is to the client xp machine and the DC is only asked to authenticate the credentials. Any help getting this detail in the log would be appreciated.

Read the article
Tools to Hide IP address for webapp

- by Jake Barti

I am looking out for a paid software where I can 'choose' an IP address from a different country and browse a site. So if I want to see how the site will look to US users, I should be able to choose the IP from US. We are building a web app that will be used in many countries and we want to make sure we test it before releasing. Any recommendations ?

Read the article
Is adding users to the group www-data safe on Debian?

- by John

Many PHP applications do self-configuration and self-updating. This requires apache to have write access to the PHP files. While chgrp'ing them all to www-data appears like a good practice to avoid making them world writable, I also wish to allow users to create new files and edit existing one. Is adding users to the group www-data safe on Debian? For example: 775 root www-data /var/www 644 john www-data /var/www/johns_php_application.php 660 john www-data /var/www/johns_php_applications_configuration_file

Read the article
Picking up a lot of failed authentications for various accounts

- by Josh K

My server is getting a lot of various failed authentication attempts for various accounts. The most common one (that I've seen ) or the root account. I have since enabled Fail2Ban and ran several rootkit / malware checks to ensure I wasn't compromised. Is there anything else I should do? I only have three accounts enabled, and SSH access for only two. I have a full 48hr ban on anyone making more then six failed SSH login attempts. I do not have FTP enabled.

Read the article
Modern open source NIDS/HIDS and consoles?

- by MattC

Years back we set up an IDS solution by placing a tap in front of our exterior firewall, piping all the traffic on our DS1 through an IDS box and then sending the results off to a logging server running ACiD. This was around 2005-ish. I've been asked to revamp the solution and expand on it and looking around, I see that the last release of ACiD was from 2003 and I can't seem to find anything else that seems even remotely up-to-date. While these things may be feature complete, I worry about library conflicts, etc. Can anyone give me suggestions for a Linux/OpenBSD based solution using somewhat modern tools? Just to be clear, I know that Snort is still actively developed. I guess I'm more in the market for a modern open-source web console to consolidate the data. Of course if people have great experiences with IDS' other than Snort I'm happy to hear about it.

Read the article
How to protect myself from promiscuous mode?

- by Rivari

I have read that some network adapters can switch to promiscuous mode and get all the packets sent by my router. We have multiple computers here connected to the same router. They all have the WEP key for authentification. So basicaly, this means that anyone of them, using the promiscuous mode, can see all the packets destined to others computers? That's frightening. How can I prevent this?

Read the article
Which ports to open on domain vs internet

- by zsharp

I have a web server/database/domainController. I notice that ports 137 and 138 on the public IP AND private IP are open on all machines there are also other open ports on 0.0.0.0.(ie. 135, 2002) Can and should I close 137-139 on the public IP only? will that interfere with any services.

Read the article
iptables ACCEPT policy

- by kamae

In Redhat EL 6, iptables INPUT policy is ACCEPT but INPUT chain has REJECT entry in the end. /etc/syconfig/iptables is as below: *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT Do you know why the policy is ACCEPT not DROP? I think setting DROP policy is safer than ACCEPT in case to make mistake in the chain. Actually the policy is not applied to any packet: # iptables -L -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

Read the article
SQL Server: how to check securables

- by jrara

I would like to make a t-sql query to check which logins have 'view server state' permission in server type securables. How to achieve this? This query from mssqltips don't show this: http://www.mssqltips.com/tip.asp?tip=1718 SELECT prin.[name] [User], sec.state_desc + ' ' + sec.permission_name [Permission] FROM [sys].[database_permissions] sec JOIN [sys].[database_principals] prin ON sec.[grantee_principal_id] = prin.[principal_id] WHERE sec.class = 0 ORDER BY [User], [Permission];

Read the article
Secure email crashes Outlook 2007

- by Josh

I have a number of secure emails sent to my Outlook 2007 client. Most arrive fine and display the prompt with regards to granting access to the certificate and then open. Today I received two that crash Outlook whenever I try to open them. I've tried restarting Outlook and my computer but still have the same problem. Any ideas what might be causing this, and how I can fix it? I'm working on Windows Vista Ultimate 64-bit.

Read the article
Cracking WEP with Aircrack and Kismet

- by Jenny

Just a minor question, but I notice with aircrack when it lists networks, it does not list the encryption type of each network. Which seems fair enough, as you can use Kismet, however on my machine when I end kismet and the server, the monitor interface is not removed and I cannot remove it manually, which screws with aircrack. SO, is kismet needed to view encryption types of networks, and if so how do you use it peacefully in unison with aircrack?

Read the article
Can I disable Pam Loginuid? Can I find out options used to configure kernel?

- by dunxd

I am getting a lot of the following types of error in my secure log on a CentOS 5.4 server: crond[10445]: pam_loginuid(crond:session): set_loginuid failed opening loginuid sshd[10473]: pam_loginuid(sshd:session): set_loginuid failed opening loginuid I've seen discussion of this being caused when using a non-standard kernel without the correct CONFIG_AUDIT and CONFIG_AUDITSYSCALL options set. Where this is the case, it is advised to comment out some lines in the pam.d config files. I am running a Virtual Private Server where I need to use the kernel provided by the supplier. Is there a way to find out what options they used to configure the kernel? I want to verify if the above is the cause. If this turns out not to be the cause, what are the risk of disabling pam_loginuid for crond and sshd?

Read the article
Can I build a VPN on top of Tor?

- by Thilo

If I understand correctly, the Tor client works as a combination of a proxy server and application plugins (such as the Firefox Torbutton) that enable use of the proxy and contain additional application-specific privacy features (such as suppressing cookies, sandboxing JavaScript, turning off Flash). That works very well with applications that support it (such as Firefox). But is there a way to establish a VPN over Tor, so that my whole Wifi network can be protected, including applications that do not support proxy configuration and devices like iPod touches?

Read the article
Retrieve malicious IP addresses from Apache logs and block them with iptables

- by Gabriel Talavera

Im trying to keep away some attackers that try to exploit XSS vulnerabilities from my website, I have found that most of the malicious attempts start with a classic "alert(document.cookie);\" test. The site is not vulnerable to XSS but I want to block the offending IP addresses before they found a real vulnerability, also, to keep the logs clean. My first thought is to have a script constantly checking in the Apache logs all IP addresses that start with that probe and send those addresses to an iptables drop rule. With something like this: cat /var/log/httpd/-access_log | grep "alert(document.cookie);" | awk '{print $1}' | uniq Why would be an effective way to send the output of that command to iptables? Thanks in advance for any input!

Read the article
Locking down a server for shared internet hosting.

- by Wil

Basically I control several servers and I only host either static websites or scripts which I have designed, so I trust them up to a point. However, I have a few customers who want to start using scripts such as Wordpress or many others - and they want full control over their account. I have started to do the basics - like on php.ini, I have locked it down and restricted commands such as proc, however, there is obviously a lot more I can do. right now, using NTFS permissions, I am trying to lock down the server by running Application Pools and individual sites in their own user, however I feel like I am hitting brick walls... (My old question on Server Fault). At the moment, the only route I can think of is either to implement an off the shelf control panel - which will be expensive and quite frankly, over the top, or look at the Microsoft guide - which is really for an entire infrastructure, not for someone who just wants to lock down a few servers. Does anyone have any guides that can put me on the correct path?

Read the article
Restrict SSH user to connection from one machine

- by Jonathan

During set-up of a home server (running Kubuntu 10.04), I created an admin user for performing administrative tasks that may require an unmounted home. This user has a home directory on the root partition of the box. The machine has an internet-facing SSH server, and I have restricted the set of users that can connect via SSH, but I would like to restrict it further by making admin only accessible from my laptop (or perhaps only from the local 192.168.1.0/24 range). I currently have only an AllowGroups ssh-users with myself and admin as members of the ssh-users group. What I want is something that works like you may expect this setup to work (but it doesn't): $ groups jonathan ... ssh-users $ groups admin ... ssh-restricted-users $ cat /etc/ssh/sshd_config ... AllowGroups ssh-users [email protected].* ... Is there a way to do this? I have also tried this, but it did not work (admin could still log in remotely): AllowUsers [email protected].* * AllowGroups ssh-users with admin a member of ssh-users. I would also be fine with only allowing admin to log in with a key, and disallowing password logins, but I could find no general setting for sshd; there is a setting that requires root logins to use a key, but not for general users.

Read the article
Can Solaris RBAC roles be ported to Linux using SElinux only?

- by Jimmy

We are migrating an application from Solaris to Linux and the main user is allowed, through the use of RBAC roles, to run a few system commands like svccfg/svcadm (chkconfig on redhat). Is it possible, using only SElinux (no sudo), to allow a normal user to run chkconfig off/on (basically give it the ability to add remove services) ? My approach was to try to create an SElinux user with a corresponding SElinux role that manages the app's domain/type and is allowed to transition to all other domains required to run chkconfig, tcpdump or any other system utility usually restricted to root access only. All my attempts so far have failed, so my second question would be where could I find good documentation that applies to this specific problem ?

Read the article
Steganography software

- by dag729

Do you know some good (better if FOSS and cross-platform) steganography software that runs on GNU/Linux? The features I'm searching are: steganography software (better if FOSS and cross-platform) it must run on GNU/Linux must hide data inside audio/video/image files support of additional cryptography I already use a cryptographic software, but I want to use a steganographic one as an addition to it. Any suggestions will be appreciated, thanks a lot in advance!

Read the article
MySQL asking a user for SUPER privilege to perform a delete.

- by Fran

Hello, When trying to do a delete operation on a table, mysql reports the following error: Error code 1227: Access denied; you need the SUPER privilege for this operation. However, my user has this privilege granted for all tables in the schema: GRANT ALL PRIVILEGES ON myschema.* TO 'my_admin'@'%' How come it asks me for SUPER privilege for a delete? Thanks in advance.

Read the article
Router reporting failed admin login attempts from home server

- by jeffora

I recently noticed in the logs of my home router that it relatively regularly lists the following entry: [admin login failure] from source 192.168.0.160, Monday, June 20,2011 18:13:25 192.168.0.160 is the internal address of my home server, running Windows Home Server 2011. Is there anyway I can find out what specifically is trying to login to the router? Or is there some explanation for this behaviour? (not sure if this belongs here or on superuser...) [Update] I've run both Wireshark and netmon for a while on my home server. Wireshark captured the traffic, but didn't really show anything useful (or nothing I could make use of). A simple HTTP GET request is sent from the server (192.168.0.160) to the router (192.168.0.1), from a seemingly random port (I've seen examples from 50068, 52883), and it appears to do it twice in quick succession (incrementing port by 1), about every hour. Running netstat around the time of the failure didn't show anything (probably too long after anyway). I tried using netmon as it categorises by process, so I thought it might show a corresponding process for the port. Unfortunately, this comes in under the 'unknown' category, meaning it's basically just a slower, less useful Wireshark. I know there's not much to go on here, but does this help in anyway?

Read the article
User accounts in FTP

- by Brad

I have an FTP server(proftpd on debian) that I'm going to allow a couple friends access to, and I want some safety nets in place, just in case. These are some of the things I'd like to do: Jail the accounts to their home directories and impose a cap on the amount of data they can upload Allow them access to a shared folder(via symlink or something) where they have full access(Also with a storage cap, but larger) Allow my own account full access to the system(Using groups I guess) Not allow anonymous access, or allow it with its own folder, separate from the shared user folder Currently, I've got the accounts set up and jailed, but it seems like the symlink that I put in is not allowing them to visit the shared folder. I suppose this has to do with them not having read permissions anywhere but their own home directories, or maybe it's something else, I'll continue to look into it and provide any information that is requested. Is what I'm trying to do possible? Any tips or resources that you can share are appreciated. Thanks.

Read the article
Google Chrome suspicious connections

- by Poni

I'm using Chrome at Windows and with TCPView (of the SysInternals freeware suit) I see that chrome.exe establish connections to these IPs: 173.194.37.104 209.85.146.138 Using http://www.ipaddresslocation.org/ I check about these IPs and see they're related to Google. Now, in order to clarify, these are the exact things I do: Open up chrome, the default page is set to BLANK (i.e no homepage whatsoever). Then I get into my website which has a blank page, so no "other" http requests are made. Right from this point there is a persistent connection, usually to '173.194.37.104'. What are these?? Very suspicious.. Edit #1: - I'm in 'incognito' mode right from start, when launching Chrome, using a shortcut with the '-incognito' switch. - I've turned off all phishing protections and other "advance" features in order to reduce Chrome's network activity.

Read the article

< Previous Page | 141 142 143 144 145 146 147 148 149 150 151 152 | Next Page >