Search Results

Search found 22139 results on 886 pages for 'security testing'.

Page 526/886 | < Previous Page | 522 523 524 525 526 527 528 529 530 531 532 533 | Next Page >

Is it Secure to Grant Apachie User Ownership of Directories & Files for Wordpress

- by Oudin

I'm currently setting up WordPress on an Ubuntu server 12 everything runs fine but there is an issue when it comes to automatically updating and uploading media via WP as Apache "www-data" user does not have permissions to write to the directories. "user1" has full permission All my directories have permissions of 0755 and files 644 my directories setup is as follows: /home/user1/public_html All WP files and directories are in "public_html" In order to work around the auto updating and uploading media I've granted Apache user ownership to the following directories sudo chown www-data:www-data wp-content -R sudo chown www-data:www-data wp-includes -R sudo chown www-data:www-data wp-admin -R I would like to know security wise how secure this is and if it is not secure what would be the best solution? That will allow me to keep all files and directories owned by user1 and still allow wp to be able to automatically update and uploading media

Read the article
What can I do to give some more love and disk space to my database on Ubuntu?

- by Yaron Naveh

I'm new to linux. I've deployed a db to ubuntu server on amazon and found out I'm low on disk space. did df (see below) - and found out that I'm 89% capacity on one file system, but less on others. What does this mean? Do I have a few partitions and can now utilize others besides /dev/xvda1? Also /dev/xvdb seems large, is it safe to put the db in it and only use it? If so do I need to mount it or do something special? $> df -lah Filesystem Size Used Avail Use% Mounted on /dev/xvda1 8.0G 6.7G 914M 89% / proc 0 0 0 - /proc sysfs 0 0 0 - /sys none 0 0 0 - /sys/fs/fuse/connections none 0 0 0 - /sys/kernel/debug none 0 0 0 - /sys/kernel/security udev 3.7G 8.0K 3.7G 1% /dev devpts 0 0 0 - /dev/pts tmpfs 1.5G 164K 1.5G 1% /run none 5.0M 0 5.0M 0% /run/lock none 3.7G 0 3.7G 0% /run/shm /dev/xvdb 414G 199M 393G 1% /mnt

Read the article
Is there a way to create a copy-on-write copy of a directory?

- by BCS

I'm thinking of a situation where I would have something that creates a copy of a directory, tweaks a few files, and then does some processing on the result. This wold be done fairly often, maybe a few dozen times a day. (The exact use case is testing patch submissions; dupe the code, patch it, build/test/report/etc.) What I'm looking for could be done by creating a new directory structure and populating it with hard links from the origonal. However this only works if all the tools you use delete and recreate files rather than edit them in place. Is there a way to have the file system do copy-on-write for a file? Note: I'm aware that many FSs use COW at a block level (all updates are done via writes to new blocks) but this is not what I want.

Read the article
Windows Live Family Safety Service keeps closing Start Menu

- by Jim McKeeth

Got my kids a new Toshiba Laptop for Christmas. I was setting it all up for them so it would be ready to go. Tonight I installed Windows Live Family Safety Parental Controls. In the process of testing I discovered that on all the accounts the Start Menu closes automatically within 3 seconds (or less) of opening. It seems that it happens every 3 seconds, so sometimes it is immediate, and if I open it again then it will stay open for a full 3 seconds. This of course is rather annoying, and I need to wrap it up so it is ready to go under the tree. I disabled the Windows Live Family Safety Service, and that fixed it. Enable it again and the behavior returns. Is this a feature of the service? Can I disable that feature and keep the other features?

Read the article
SQL Server Windows Auth Login sees Domain as untrusted...

- by Mr Shoubs

I've had someone set up a domain controller on windows 2008 on one server, and sql server 2008 on another. The domain seems to be working fine, I'm logged on as a domain user on both servers, nothing seems to be a problem there. However, when I try to add a domain user/group to SQL Server Security (e.g. clicking ok from the create login screen) it says it can't find it (even though I've used the search to find the correct account in the first place), when I try to logon (even though I haven't added it yet) it says something about the account being part of an untrusted domain instead of saying I don't have permission to log on. Anyone have any ideas on what is set up incorrectly?

Read the article
Unable to understand a line in Google CodePreview's README

- by Masi

The README is in Google's codepreview which uses Google-appengine. To run the app locally (e.g. for testing), download the Google App Engine SDK from http://code.google.com/appengine/downloads.html. You can then run the server using make serve I run make serve in my terminal after moving Google-appengine.app to my Application -folder in OS X Leopard. I get make: *** No rule to make target `serve'. Stop. How can you run the make serve to run the server for Google AppEngine?

Read the article
Log centralization, display, transport and aggregation at scale v2

- by Eric DANNIELOU

This is a duplicate question of Log transport and aggregation at scale and http://stackoverflow.com/questions/1737693/whats-the-best-practice-for-centralised-logging, but the answers might differ now : The softwares described in 2009 may have changed since (for example Octopussy evolved from version 0.9 to 1.0.5). Rsyslog has become the default on most linux distro. Requirements have changed (security, software configuration management, ...). I'd like to ask the following questions : How do you centralize, display and archive system logs? How would you like to do it now if you had to? Most linux distro use rsyslog nowadays, which can provide reliable log transport. But some older unices, network devices and maybe windows box still use old udp rfc-style transport. How did you manage to get reliable transport? Storing logs for a few months can represent a huge amount of disk space. How do you store them? rdbms? Compressed and encrypted text files?

Read the article
Install Windows Server 2008 Core on a Dell Optiplex 790

- by Alex Marshall

Does anybody have experience installing Windows Server 2008 Core on a Dell Optiplex 790? When I connect to the machine with the Hyper-V Manager Administrator snap-in, and try to create and run a virtual machine, I get the error "The Virtual Machine could not be started because the hypervisor is not running". I've disabled the Execute Disable functionality in the BIOS as was requried for other Dell models, but no matter what combination of security and virtualization settings I use on the machine, I can't get this working. EDIT: I've installed Windows Server 2008 Core on a Dell Optiplex 790, and I'm trying to install and setup a guest VM on the Hypervisor EDIT 2: The Hyper-V role is installed and configured, without any errors in the event log. Hardware-assisted virtualization is also enabled.

Read the article
DNS Server Spoofed Request Amplification DDoS - Prevention

- by Shackrock

I've been conducting security scans, and a new one popped up for me: DNS Server Spoofed Request Amplification DDoS The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer which is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server. General Solution: Restrict access to your DNS server from public network or reconfigure it to reject such queries. I'm hosting my own DNS for my website. I'm not sure what the solution is here... I'm really looking for some concrete detailed steps to patch this, but haven't found any yet. Any ideas? CentOS5 with WHM and CPanel. Also see: http://securitytnt.com/dns-amplification-attack/

Read the article
Default permissions for courier imap folders

- by JoeCoder

I'm using courier imap. When a mail client creates a new folder, it's created on the filesystem with 640 permission. I need it to be writable by the group, or 660. I currently have /etc/courier/imapd IMAP_UMASK=007, but that's not enough. I'm not sure what else to try. Any ideas? I'm using ubuntu server 12.04. EDIT: I added a 50pt bounty to this. For an acceptable answer, I need a way to make it work from a package in a standard repo. If I download source and compile it myself, it won't be automatically kept up to date with security fixes. If I don't find a better answer, I'll add code to the admin script to call another sudo approved script to chmod -R the whole directory before every change. But this is kind of hack-ish.

Read the article
SElinux stopping LVS from working with https

- by J Hoskins

LVS/piranha is setup and trying to get it to balance https instead of http. Setup https testing with wget - idea from this link. Works when I do it at the command prompt. With SELinux enforcing, the wget fails to run due to the lack of access to /dev/random. (Error - Could not seed PRNG; consider using --random-file. Disabling SSL due to encountered errors.) wget runs as system_u:system_r:piranha_lvs_t:s0 but the file/device /dev/random has system_u:object_r:random_device_t:s0 Also, wget is trying to getattr and read. How do you allow wget to use /dev/random so it will do ssl?

Read the article
Windows Server 2008, IIS7 and Windows Authentication

- by Chalkey

We currently have a development server set up which we are trying to test some Windows authentication ASP.NET code on. We have turned on Windows Authentication in IIS7 on Windows Server 2008 R2 fine, and it asks the user for a username and password as excepted, but the problem is it doesn't appear to accept any credentials. This code for example... Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load Page.Title = "Home page for " + User.Identity.Name End Sub ...always returns an empty string. One theory we have is that we dont have Active Directory installed as of yet, we are just testing this by logging on via the machine name not a domain. Is this type of authentication only applicatable to domains (if so we can probably install Active Directory and some test accounts) - or is it possible to get the user identity when logging in using the machine name? Ideally we would like to be able to test this on our local machines (Windows 7 Pro) using our own accounts (again these aren't on a domain) and IIS but this has the same issue as our dev server. Thanks,

Read the article
Write-but-not-delete permissions on SAMBA

- by m6a-uds

Hi! I installed samba on my linux server for public file sharing on the LAN. I works great currently, but I would like to add some security: People from LAN should be able to Read files present and Add new ones, but not delete files. I want to keep this privilege for me ;-) How should-I do this? I have set up a "admin" account having full access even to deletion. There is just left to configure the "guest" acount. Google isn't helping that much right now...

Read the article
Linux Mint Wireless doesn't connect [migrated]

- by guisantogui

I'm having a great problem, I've installed Linux mint debian edition (LMDE), and following this tutorial http://community.linuxmint.com/tutorial/view/161 I did installed the network driver. The available connections appears to me, but when i try to connect to my connection at first time, I got this message: "(4) Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken." And the following tries, I got this another message: "(32) Insufficient privileges." I'm accepting ideas. Thanks.

Read the article
Access to NTP via IP which doesn't change often

- by faulty

I'm trying to sync the clock of our production server located in a data center with pool.ntp.org. For security reason, our servers has no internet access unless we requested to open specific ip/port explicitly. I worked out a list of IPs based on 0.asia.ntp.org 1.asia.ntp.org 2.asia.ntp.org 3.asia.ntp.org Not realizing ntp.org is using round robin DNS and the servers being voluntary, they changes from time to time. In fact the IP I've got from 3.asia.ntp.org last month is no longer working now. I'm wondering if there's a publicly known NTP server that doesn't change as often or if there's a way to go around this without having to request an update to the firewall on a monthly basis. I believe many admin is facing the same issue here.

Read the article
Restoring WordPress EC2 instance from snapshot results in 403 Forbidden error

- by Eric Matthew Turano

This problem has been perplexing me for weeks now. Here's how the issue goes: Launch Amazon Linux 64-bit instance, successfully install WordPress, and site is active w/ no issues Create snapshot of the instance's root volume Shut down instance Create volume from snapshot, attach to instance, and reboot instance Associate Elastic IP with instance Once that's done and I try logging onto the site, I am redirected to myurl.com/wp-admin/install.php and greeted with this message: Forbidden: You don't have permission to access /wp-admin/install.php on this server. Apache/2.2.25 (Amazon) Server at www.myurl.com Port 80 Port 80 is open on the inbound security group settings, so that's not the issue. Keep in mind all I am doing is merely creating a new volume and attaching it to the same instance, and this issue comes up. What am I doing wrong, and how can I create a complete backup of my instance without this error occuring?

Read the article
Windows 7 Change internet time settings tells me I have no permissions.

- by Matthias Vance

LS, While trying to solve my computer clock always running ahead (even when on, not just on every boot), I apparently broke some security settings. All I did (as far as I can remember) was stop and start the w32time service. Now, whenever I go to the "Internet time" tab, and click "Change settings..." Windows tells me I don't have permissions to do so. Facts I am a member of the Administrators group. In gpedit.msc, I checked that the Administrators group is allowed to change the system time. Kind regards, Matthias Vance

Read the article
UEC - Can the Cluster Controller and Storage Controller be seperate systems?

- by Jeremy Hajek

My department is implementing an Ubuntu Enterprise Cloud. I have done the testing and am quite comfortable with the 4 pieces, CC/SC, CLC, WS, NC. Looking at various documents below it appears the the Storage Controller and Cluster Controller (eucalyptus-sc and eucalyptus-cc) are always installed on the same system. My question is this: can I install the storage controller and the cluster controller on separate systems? http://open.eucalyptus.com/wiki/EucalyptusAdvanced_v2.0 the picture indicates that cc and sc are two different machines http://www.canonical.com/sites/default/files/active/Whitepaper-UbuntuEnterpriseCloudArchitecture-v1.pdf P.10 1st paragraph uses the word "machine(s)" http://software.intel.com/file/31966 P. 8 indicates the same separate architecture BUT... https://help.ubuntu.com/community/UEC/PackageInstallSeparate indicates below that the SC and CC are to be on the same system.

Read the article
Amazon EC2 Creating Tunnel with OpenVPN

- by nocode

I have followed these instructions: http://aws.amazon.com/articles/0639686206802544 I can ping the VPN endpoints and I have the corresponding VPC CIDR pointing to the EC2 instance in the route table. Here is my config: port 1194 proto udp dev tun # Remote peer and network remote Elastic_IP route 10.0.0.0/16 # Configure local and remote VPN endpoints ifconfig 169.254.255.1 169.254.255.2 # The pre-shared static key secret /etc/openvpn/ovpn.key keepalive 10 120 persist-key persist-tun log /var/log/openvpn.log verb 3 When I look at my logs, I get this error: RESOLVE: Cannot resolve host address: 10.0.0.0/16: Name or service not known OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.0.0.0/16 in VPC1, the CIDR is 172.31.0.0/16 which is targeting the EC2 instance also running OpenVPN. I'm getting the same error from the Instance in VPC2 with the corresponding CIDR. Just for testing, i stopped the IPTABLES service I am running the Amazon linux AMI image (x64) as specified in the article I linked.

Read the article
How to start vim without executing /etc/vimrc?

- by florin

On my Linux server at work, the admins did not install cscope, and I installed it from source in my home directory and added it to the $PATH. The trouble is, the /etc/vimrc has a reference to /usr/bin/cscope which does not exist and everytime I start vim, it complains about that and I have to press for that message to go away. It is interesting that if I remove cscope from my $PATH, I don't get that behavior - so it is possible that vim is testing that cscope exists somewhere, and only then executing the cscope configuration - but then it gets it wrong! So my question is: can I set something up in my .vimrc so it does not source the global /etc/vimrc? I don't want to move cscope out of PATH, as I don't want to type the full directory name every time I run it from the command line.

Read the article
Is MS Forefront Add-in for Exchange server detecting HTML/Redirector.C incorrectly?

- by rhart

Users of a website hosted by our organization occasionally send complaints that our registration confirmation emails are infected with HTML/Redirector.C. They are always using an MS Exchange Server with the MS Forefront for Exchange AV add-in. The thing is, I don't think the detection is legitimate. I think the issue is that the link in the email we send causes a redirect. I should point out that this is done for a legitimate purpose. :) Has anybody run into this before? Naturally, Microsoft provides absolutely no good information on this one: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aHTML%2fRedirector.C&ThreatID=-2147358338 I can't find any other explanation of HTML/Redirector.C on the Internet either. If anyone knows of a real description for this virus that would be greatly appreciated as well.

Read the article
How do I maximize and check my gigabit transfer rate?

- by J Penguin

I'm trying to maximize my LAN transfer speed. LAN cards and switch are all gigabit on a CAT 6 cable. Modes are set correctly to 1000 full duplex. CentOS server Testing with ftp from both windows and fedora, I'm only having the speed around 11MB/s. On windows I notice that the first few seconds of file transfer I'm actually getting around 25MB/s before it drops to 11MB/s Can anyone please recommend me what my next step should be to increase this performance? Are there any utilities I can use to test the file transfer speed without taking hard drive speed into consideration? The only thing I know is the MTU which I will have to wait until the office hour is over before I can play with it. If there are anything else I should be aware of, please please let me know. Thank you!

Read the article
Installing and maintaining an email server

- by Andrew

I need to move hosting providers for four or five domains and for several reasons I'm considering a Linux VPS rather than staying with my current shared, managed hosting provider. The only thing that's stopping me is email. I have lots of experience running and maintaining Apache, but none with email servers. Based on some research, if I want to keep what I've using now, it looks like I'd be going with Postfix and Dovecot, and probably Exim and SpamAssassin. I have no problem performing regular maintenance and watching for security updates, but I don't want to bite off more than I can chew. For someone new to email services, how hard is it to set up an email server that is externally accessible (via SMTP and POP3, not IMAP), available over SSL/TLS and reasonably reliable for multiple domains? How much of a time commitment is it to maintain one?

Read the article
Dubious permissions on plist Problems installing Jenkins

- by Code Droid

I am trying to install jenkins on 10.6.8 In order to do this I needed to modify the jenkins plist which was owned by root. I gave myself (the admin) permissions to modify this file and added the admin as the user in the plist for jenkins. Now the problem is that launchctrl sees my permission change as a security issue and will not launch something about dubious permissions on plist. I changed owner to root, and removed admin permission to write but launchctrl still views the permissions as dubious? Time for a reinstall? How should I have set the plist in the first place? and what should I do now?

Read the article
How to bypass AllowTCPFowarding=no by installing own forwarder?

- by Eric B.

In the man pages for sshd_config, for the AllowTCPForwarding option, it states: AllowTcpForwarding Specifies whether TCP forwarding is permitted. The default is “yes”. Note that disabling TCP forwarding does not improve security unless users are also denied shell access, as they can always install their own forwarders. How do I install my own forwarder? I have a remote server in which I disabled TCPForwarding a long while ago. I would like to "enable" it for myself only, by using my own forwarder, while keeping the forwarding closed to the other users. I've looked around, but cannot seem to find the right pkgs to accomplish this. Can anyone please elaborate? Thanks! Eric

Read the article

< Previous Page | 522 523 524 525 526 527 528 529 530 531 532 533 | Next Page >