Search Results

Search found 22139 results on 886 pages for 'security testing'.

Page 536/886 | < Previous Page | 532 533 534 535 536 537 538 539 540 541 542 543 | Next Page >

Bridging VirtualBox over OpenVPN TAP adapter on Windows

- by Sean Edwards

I'm trying to configure a virtual machine (VirtualBox guest running Backtrack 4) with a bridged adapter over a VPN connection. The VPN is is hosted by the cybersecurity club at my university, and connects to a sandboxed LAN designed for penetration testing against various servers that the club has built. My host (Windows 7 Ultimate) connects to the VPN fine and is assigned an IP through DHCP, but for some reason the VM can't do the same thing, and I'm not sure why. It's like OpenVPN is filtering out packets from the MAC address it doesn't recognize. I want the virtual machine to bridge over the VPN connection, because our IT office has very strict policies about what you can and can't do on the network. I want to be able to run active attacks (ARP spoofing, nmap, Nessus scans) in the sandbox environment without risking the traffic accidentally going over the university network and getting my internet access revoked. Bridging over the VPN connection and running all attacks from inside the VM would solve that problem. Any idea why the host can use this interface, but the VM can't?

Read the article
CentOS PAM+LDAP login and host attribute

- by pianisteg

My system is CentOS 6.3, openldap is configured well, PAM authorization works fine. But after turning pam_check_host_attr to yes, all LDAP-auths fail with message "Access denied for this host". hostname on the server returns correct value, the same value is listed in user's profile. "pam_check_host_attr no" works fine and allows everyone with correct uid/password a piece of /var/log/secure: Sep 26 05:33:01 ldap sshd[1588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=my-host user=my-username Sep 26 05:33:01 ldap sshd[1588]: Failed password for my-username from 77.AA.BB.CC port 58528 ssh2 Sep 26 05:33:01 ldap sshd[1589]: fatal: Access denied for user my-username by PAM account configuration Another two servers (CentOS 5.7 Debian) authorizes on this LDAP server correctly. Even with pam_check_host_attr yes! I didn't edit /etc/security/access.conf, it is empty, only default comments. I don't know what to do! How to fix this?

Read the article
TLS-SRP ciphersuites support in browsers

- by dag

i'm doing some research on how browsers support TLS-SRP (RFC5054). I know that TLS-SRP is implemented in GnuTLS, OpenSSL as of release 1.0.1, Apache mod_gnutls, cURL, TLS Lite and SecureBlackbox. I don't find any fresh source of information, only this from 2011: http://sim.ivi.co/2011/07/compare-tls-cipher-suites-for-web.html I'm testing them manually at the moment, but as far as i know nobody seems to support it. My interest is then in understanding if browsers are planning to support these ciphersuites in the future, apart from the current state. Actual findings (i'm sorry i can't include more than 2 links): Firefox: BugZilla bug id: 405155 IE: Microsoft connect Bug ID:788412 , date:22/05/2013 (closed) Chromium/Chrome: the interesting work by quinn slack http://qslack.com/2011/04/tls-srp-in-chrome-announcement/ Chromium code review: 6804032 Any other help?

Read the article
IIS7.5 Windows Authentication missing providers menu item (ntlm)

- by Alex Bilbie

I'm trying to enable NTLM authentication on a Windows Server 2008 R2 machine with IIS 7.5 for a specific file in my web root. I've been following these instructions http://docs.moodle.org/en/NTLM_authentication#IIS_Configuration In the IIS Manager I open the Authentication module, disable anonymous authentication and enable Windows Authentication however according to every post I can find on the matter I should have a 'providers' option appear but I don't. I've double checked in Server Manager that the 'Windows Authentication' security feature is enabled for IIS. Any help anyone can offer would be great, Thank you!

Read the article
Setting up SVN+SSH for multiple users through one local user.

- by Warlax

Hi, I need to make our SVN repository accessible through the firewall - but without creating a local user for each potential external user. Instead, I would like to set-up SVN+SSH to route all external users through a single local user name. We would like each external user to authenticate with SSH the regular way but then treat their instance of svnserve as if they're all that single local user and possibly, control what parts of the repository each external user can access. I know that I will need to set my svnserve config according to the official guide. I tried, but the instructions are fuzzy and I am relatively a Linux n00b. What exactly are the steps to proceed? and how would you go about testing this? Thanks for your help.

Read the article
MySQL Stored Procedure Parameters are NULL

- by emmilely

I am stumped, and was hoping someone here would have a quick and easy answer. I did a fresh install of MySQL 5.5 and am trying to pass parameters into a stored procedure. The parameter values aren't being read by the stored procedure. MySQL doesn't throw an error and processes the code with null parameters. Here is the code: DELIMITER $$ CREATE DEFINER=`root`@`%` PROCEDURE `testing`(IN parameter INTEGER) BEGIN UPDATE table_name SET valueToChange = 'Test' WHERE mainID = @parameter; END And here is the query I'm using to call it: USE database_name; CALL testing(72); Can anyone help?

Read the article
How can I make the iTunes podcast count ignore selected podcasts?

- by Relequestual

Hi all, Until recently I have only listened to news type podcasts with people talking, like TWiT and Security Now. I also like music, so decided to subscribe to some other music related podcasts, however I don't want these to appear in my podcasts count in iTunes on the left hand side. I downloaded a load of old ones from the music related podcasts, and now I can't see at a glance how many news podcasts I have to listen to. I know it sounds really picky, but if it can be done, I would be a little bit happier. Of course I did some googling, but turned up a blank. Would guess it needs some form of plugin. Using the latest version of iTunes at the time of posting. Thanks in advance.

Read the article
Database modularity with EBS volumes

- by Eclyps19

I would like to add modularity to my websites on EC2 instances by encapsulating the site files and the mysql files in their own EBS volumes. The end result that I'm going for is the ability to quickly mount a volume or two to different servers running the same AMI (for testing/development/emergency maintenance, etc), as well as maintain separate snapshots of each. I'm able to do this fairly easily with a single database by symlinking my mounted database EBS to the appropriate places (/var/lib/mysql, /etc/my.cnf, /var/log/mysqld.log), but I'm not sure if it would even be possible be possible to have multiple databases on different EBS volumes running concurrently. Example: /website1/www.website.com /database1/ /website2/www.otherwebsite.com /database2/ Could anybody shed some light on this for me? Is it possible? Is it a bad idea? Thanks.

Read the article
Is it easy to update ubuntu beta to ubuntu final release?

- by Peter Smit

At this moment I am preparing a virtual server to host a web application which needs php5.3 The virtual server base image is always Hardy (8.04 LTS). There is no php5.3 until the upcoming release in a few days: Lucid (9.04 LTS). I am seeing to options: - waiting until the final version is released and then start preparing this server - Now upgrading to the beta (do-release-upgrade --devel-release) and when the final release has come upgrading to that For time constraints I would prefer the second option. I only can't find whether it will be easy to upgrade from a beta to the 'clean' final release. Is this possible in an easy way. Will it have any drawback for security or will there be any traces left of it being ever a beta release? Note: the server will not go into production before the LTS is really installed.

Read the article
Keeping websites from knowing where I live

- by D Connors

This questions is related to issues and practicality, not security. I live in Brazil and, apparently, every single website I visit knows about it. Usually that's okay. But there are quite a few sites that don't make use of that information adequately. For instance: Bing keeps thinking that Brazilian pages are way more relevant to me than American ones (which they're not). google.com always redirects me to google.com.br Microsoft automatically sends me to horribly translated support pages in Portuguese (which would just be easier to read in English). These are just a few examples. Usually it's stuff I can live with (or work around), but some of them are just plain irritating. I have geolocation disabled in Firefox, so I guess they're either getting this information from my IP or from Windows itself (which I bought here). Is there a way to avoid this? Either tell them nothing or make them think I live somewhere else?

Read the article
Can't enable Windows XP file sharing

- by colemanm

The "sharing and security" option in the right-click context menu on a folder is no longer there. The File and Print sharing option is "installed" and turned on in the TCP/IP properties, but the ability to share any folders has disappeared, along with all previously shared folders. Where should I check to see what the issue is here? EDIT From comments below: "Server" service is not starting, see comment below for more... Firewall is completely disabled, too. This is XP Pro, Simple File Sharing is turned on. We've discovered that the "Server" Windows service is not starting on bootup for some reason. When attempting manual start, we get "error 2001: specified driver is invalid."

Read the article
ASP.NET High CPU Bringing Servers to their Knees

- by user880954

Ok, our new build is having 100% cpu spikes on each server at random intervals. For long durations it make the site totally unresponsive - this will be at peak times as people in different countries log on to the site etc. We've looked at perfmom, memory profilers, CLR profiler, sql profilers, Red gate ants profiler, tried load testing in UAT - but cannot even reproduce the problem. This could mean only thousands of users hitting the live site causes it to happen. One pattern we did notice was that the new code - the broken build - actually uses noticably less threads. We are also using spring for IOC - does this have a bed reputation? To make things worse, we cannot deploy to live due to the business impact - so cannot narrow the problem down to subset of the new features we've added. We truly are destroyed - has anyone got any battle scars that may save us a few lives?

Read the article
Can you set CIFS permisions from EMC Command Line?

- by TJ.

I am in the process of migrating file shares from my EMC NS-20 to my new VNXe 3100. I am using a RoboCopy script to move the files but am getting errors on some files and folders. I have Domain Admin privileges but when I go to view the security permissions on the folders it says I don't have permissions. I have tried taking ownership to get around the permissions issue but that fails too. So as a last resort can I set permissions on this folder from the EMC console or Web management console?

Read the article
Should I replace libapache2-mod-php5-filter with libapache2-mod-php5 on Debian 6 Apache 2.2.16?

- by luison

Upgrading various virtual machines we are having an issue with the Debian package upgrade to version 2.2.16 The upgrade (surprisingly) seems to remove libapache2-mod-php5 replacing it with libapache2-mod-php5-filter. This gave us some headache as the php.ini was pointing to the "old" one and some of the apache.conf conditional module rules stopped working. We can fix all those but we can't figure out if there would be any issues if we just "reversed" this and simply install libapache2-mod-php5 again and load that module instead of the "filter" one or in there is anyway to "alias" a module. I tend to think that the change "has a reason" but after reading apache2 and php5: module or filter I understand the module differences are to do with post delivery security issues.

Read the article
Snow Leopard: Optimization

- by Shyam

Hi, I have bunch of questions: I have a Mac network, which has five Mac's. Right now, they are individually getting software updates. Is there a way to download the patches/security updates in a single place (repository) and point all machines to this location? Personally, I have tools like Monolingual and Onyx, but are there tools you could recommend that affect the performance of the Operating System positively? Tweaks would be nice. Links and pointers, would be really appreciated. I've read about Time machine, is there a way to backup all machines to a network drive using this tool? Thanks!

Read the article
How to increase max FD limit for a daemon process running under a headless user?

- by Ameliorator

To increase the FD limit for a daemon process running under a headless user on a Ubuntu Linux machine we did following changes in /etc/security/limits.conf soft nofile 10000 hard nofile 10000 We also added session required pam_limits.so in /etc/pam.d/login. The changes got reflected for all the users who logged out and logged in again. Whatever new processes are starting under those users are getting new FD limits. But for the daemon which is running under a headless user the changes are not getting reflected. what is the way by which the changes can be reflected for the daemon which is running under headless user ?

Read the article
what might cause a print error in perl?

- by Mark J Seger

I have a long running script that every hour opens a file, prints to it and closes the file. I've recently found very rarely, the print is failing, not because I'm testing the status of the print itself but rather due to the fact of missing entries in the file until the system is actually rebooted! I do trap for file open failures and write a message to syslog when that happens and I'm not seeing any open failures so I'm now guessing it may be the print that is failing. I'm not trapping the print failures, which I suspect most people don't but am now going to update that one print. Meanwhile, my question is does anyone know what types of situations could cause a print statement to fail when there is plenty of disk storage and no contention for a file which has been successfully opened in append mode?

Read the article
Amazon SES domain verification TXT DNS record

- by Skittles

I currently am trying to get my domain verified on Amazon's SES and running int a problem that google searches are not helping me get any closer to solving. According to SES, I have to create a TXT record in my DNS for the domain I'm trying to verify. Amazon gives you the following (value changed for security purposes); TYPE: TXT NAME: _amazonses.somedomain.com VALUE: M2sXTycXkgZXXuMuWI8TczngaPIDDMToPefzGhZ3uYA= I have tried numerous entries in my registrar's DNS manager, but SES still fails to find what it's looking for. I am not a DNS guru, so, I have tried to construct the TXT record from very sparse examples, at best, to try to get this right. My present TXT record is this; "v=DKIM1 s=_domainkey d=_amazonses.somedomain.com p=M2sXTycXkgZXXuMuWI8TczngaPIDDMToPefzGhZ3uYA=" Am I doing something incorrect? Thanks

Read the article
Firefox / Iceweasel hangs at exit

- by mxp

On my Debian (testing) system, I found that for some time now Firefox hangs when exiting. There is no window visible anymore and the process utilizes one CPU core to 100%. No other instances can be started until that process is killed. I tried the Basic Troubleshooting guide but that didn't help. Starting it with iceweasel -safe-mode and then choosing none of the options but just clicking "quit" caused the same behavior. Creating a new profile also didn't change anything. Any ideas what else I could try?

Read the article
Does SELinux make Redhat more secure?

- by vfclists

Does SELinux make Redhat more secure? I can't remember the number of times when I have disabled SELinux because it kept frustrating my ability to get stuff running. Lots of times to there was no obvious reason why stuff wasn't working and I had to Google to discover why. Given that most casual users will disable or weaken security when it appears to get in the way, with the exclusion of serious, enterprisey Redhat users, is SELinux really useful? PS. Is there some tool that helps you log, track and manage SELinux issues across all applications? In spite of being an Ubuntu user I am a closet Fedora fan.

Read the article
can Snort be installed on VPS?

- by jack

Hi Linux Admins I want the maximum security for my linux vps. I found many tutorials round the net but it doesn't cover the Snort. Only those like portentry, logsentry, tripwire and so on. So I'm beginning to think that Snort is not appropriate for a linux host. I think it's suitable only as a proxy/middle-man that checks traffic before passing to acutual targets. I'd like to whether Snort can be installed on VPS which serves typical servers like web/mail. Can Snort be in complict with OSSEC which I think it doesn't check the traffic but the log files only for Intrusion Detection/Anomaly? Thank you.

Read the article
Why can't I copy files from a mac to a samba share?

- by chris

I have a share set up on my ubuntu 10.04 box, and the mac can see it, connect to it, and sort of write to it. When I try to copy a whole tree to the share, I get an error saying "The operation cannot be completed because you don't have access to some of the items". If I zip the directory, and copy that over, it succeeds. Any explanation? My smb.conf: [global] workgroup = wg netbios name = ubuntu security = user [Wife Debris] path = /home/wife/wifedebris read only = no guest ok = no force user = wife force group = wife

Read the article
Using mod_wsgi with mpm_itk: socket permission issue

- by djechelon

I'm using mod_itk as MPM for increased security in shared environment. I also have a Firefox Sync Server within one of the VHosts I host. That vhost is restricted to a certain user via AssignUserId user group. The problem is that the socket /var/run/wsgi...whatever.sock is chmodded srwx------ and owned by Apache's wwwrun. While I configured the vhost with WSGIProcessGroup sync WSGIDaemonProcess sync user=djechelon group=djechelon processes=1 threads=5 I still get the error that Apache wants to access a socket that is not accessible and because of this gets an error. Is it possible to configure mod_wsgi in order to create different sockets with different owners for different applications or to chmod its socket in a different way (less secure)? Currently, I'm running Firefox Sync as the only WSGI application. Moving it to a vhost that doesn't AssignUserId could solve this problem but will force me to change URL (and buy an additional SSL certificate), so I wouldn't consider this

Read the article
Firefox: howto open hxxp or other obscured links automatically

- by fyodor78

howto open hxxp or other obscured links automatically with Firefox (without copy and paste manually)?. For non obscured links I use Linky Firefox add-on From Wikipedia hxxp://, sometimes h**p:// or _ttp://, is used in URLs (web links) to obscure the fact that one is linking to a http:// website. It is generally used to avoid automatic recognition by computer programs. For a user to follow this link, it is usually necessary to manually copy-paste the link onto the web browser's address bar and replace the 'x'es with 't's. screenshot I use RefControl, so security is not an issue.

Read the article
Configuration of Sonicwall Load Balancing

- by jacke672

We installed a Sonicwall NSA 240 appliance and have configured it up for our SSL VPN connection and for load balancing with 2 ADSL lines. Over the past week, I have been testing the load balancing options to optimize the connection speeds for our users - but I've run into the following: Round Robin load balancing is the ideal load balancing setting and it's roughly doubling our throughput- but, when it's active users are unable to access any SSL enabled websites such as banking, web-mail, etc. For this reason, I have been using percentage based balancing as it allows me to enable source and destination IP binding, which doesn't 'break' any secure connections but were left with the slow connection speeds we had before adding the second line. I'm looking for a method in which we can take advantage of the round robin connection speeds while allowing users to access sites with SSL certificates, all while still allowing our remote (vpn) users to connect. Any help would be appreciated. Thanks

Read the article

< Previous Page | 532 533 534 535 536 537 538 539 540 541 542 543 | Next Page >