Search Results

Search found 9520 results on 381 pages for 'account lockout'.

Page 110/381 | < Previous Page | 106 107 108 109 110 111 112 113 114 115 116 117 | Next Page >

Different configurations for ssh client depending on ip address or hostname

- by John Smith Optional

I have this in my ~/.ssh/config directory: Host 12.34.56.78 IdentityFile ~/.ssh/my_identity_file When I ssh to 12.34.56.78, everything works fine. I'm asked for the passphrase for "my_identity_file" and I can connect to the server. However, sometimes I'd also like to ssh to another server. But whatever the server, if I do: ssh [email protected] I'm also asked for the passphrase for "my_identity_file" (even though the server has a different ip address). This is very annoying because I don't have the public key for this file set up on all my servers. I'd like to connect to this other server (an old shared hosting account) with a password, and now I cant. How do I manage to use the key authentication only with one server, and keep using password by default for servers that aren't listed in my ~/.ssh/config ? Thanks for your help.

Read the article
Prevent member of administrator group loging in via Remote Desktop

- by Chris J

In order to support some build processes on our Server 2003 development servers, we require a common user account that has administrative privs. Unfortuantly, this also means that anyone that knows the password can also gain admin privs on a server. Assume that trying to keep the password secret is a failed exercise. Developers that need admin privs already have admin privs so should be able to log in as themselves. So the question is a simple one: is there anything I can configure to prevent people (ab)using the account to gain administrator on servers they shouldn't have administrator on? I'm aware that devs could disable anything that is put in place, but that's then down to process and auditing to track and manage. I don't mind where or how: it can be via the local security policy, group policy, a batch file executed in the user's profile, or something else.

Read the article
What else can I do to secure my Linux server?

- by eric01

I want to put a web application on my Linux server: I will first explain to you what the web app will do and then I will tell you what I did so far to secure my brand new Linux system. The app will be a classified ads website (like gumtree.co.uk) where users can sell their items, upload images, send to and receive emails from the admin. It will use SSL for some pages. I will need SSH. So far, what I did to secure my stock Ubuntu (latest version) is the following: NOTE: I probably did some things that will prevent the application from doing all its tasks, so please let me know of that. My machine's sole purpose will be hosting the website. (I put numbers as bullet points so you can refer to them more easily) 1) Firewall I installed Uncomplicated Firewall. Deny IN & OUT by default Rules: Allow IN & OUT: HTTP, IMAP, POP3, SMTP, SSH, UDP port 53 (DNS), UDP port 123 (SNTP), SSL, port 443 (the ones I didn't allow were FTP, NFS, Samba, VNC, CUPS) When I install MySQL & Apache, I will open up Port 3306 IN & OUT. 2) Secure the partition in /etc/fstab, I added the following line at the end: tmpfs /dev/shm tmpfs defaults,rw 0 0 Then in console: mount -o remount /dev/shm 3) Secure the kernel In the file /etc/sysctl.conf, there are a few different filters to uncomment. I didn't know which one was relevant to web app hosting. Which one should I activate? They are the following: A) Turn on Source Address Verification in all interfaces to prevent spoofing attacks B) Uncomment the next line to enable packet forwarding for IPv4 C) Uncomment the next line to enable packet forwarding for IPv6 D) Do no accept ICMP redirects (we are not a router) E) Accept ICMP redirects only for gateways listed in our default gateway list F) Do not send ICMP redirects G) Do not accept IP source route packets (we are not a router) H) Log Martian Packets 4) Configure the passwd file Replace "sh" by "false" for all accounts except user account and root. I also did it for the account called sshd. I am not sure whether it will prevent SSH connection (which I want to use) or if it's something else. 5) Configure the shadow file In the console: passwd -l to lock all accounts except user account. 6) Install rkhunter and chkrootkit 7) Install Bum Disabled those services: "High performance mail server", "unreadable (kerneloops)","unreadable (speech-dispatcher)","Restores DNS" (should this one stay on?) 8) Install Apparmor_profiles 9) Install clamav & freshclam (antivirus and update) What did I do wrong and what should I do more to secure this Linux machine? Thanks a lot in advance

Read the article
How to secure svn+ssh checkout users?

- by vvanscherpenseel

All our SVN repositories are hosted on a dedicated machine on which all the developers have access. Every now and then we need to checkout a repository on a machine we don't own or operate ourselves. Currently we all use our own system (SSH) account for this, but instead I would like to use some generic 'checkoutsvn' user that can be used for this. This user is only used for checking out from a repository, but should not be allowed to log in to the system (no shell access). I tried to do this by setting the default shell of that account to /sbin/nologin but then SVN fails, as apparently svn+ssh requires shell access. How do you do this? Is there a good solution for this?

Read the article
Change ownership of directory and all contents to a new user from root.

- by Andrew Fashion

I created a website under /var/www/html/ all under root, all images, files, .htacess, directories, etc... I uploaded and configured everything as root. I want to make it it's own username/password so it's not owned by root. I currently do not have the user account made either, I want to also setup FTP for the user account. There is also about 30GB of images in the folder as well. How can I go about changing all of this? I am running CentOS 5.5 64 bit. Thank you!

Read the article
Check existance of domain accounts with Powershell script

- by Max

Is there a Powershell cmdlet or script to query Active Directory if a given domain account (such as "myDomain\myUser") exists?

Read the article
How does Amazon ec2-user get its sudo rights

- by Johan

I am looking for where the default Amazon AMI linux image sets up the privileges for the default ec2-user account. After logging in with this account I can use sudo successfully. Checking via the sudoers file, which I open by running visudo (with no other options) I see a few default settings and permissions for root ALL ALL So ... Where is the permissions for ec2-user assigned? I have not yet tried to add a new permission but ultimately I want to resign ec2-user for systems management tasks and use a non-full root user for administering the applications (stop and start mysql, httpd, edit apache's vhost files, and upload / edit web content under the web root)

Read the article
Win 8 start screen resolution

- by Abhijith

My screen resolution is 1280x1024 running Win 8 RP I formatted my computer and reinstalled Win 8 CP because I had too many BSODs. When I installed Win 8 CP and created a local account. I had 5(or 6) tiles per column. But once I switched to the Microsoft account to get my synced wallpaper and lock-screen, the Start screen resolution changed and I got a max 3 tiles per column. The size of all metro apps including the Settings app changed and became awkwardly bigger. Is there a way to get back 5 tiles per column? Essentially changing the resolution of the start screen?

Read the article
Linux IO scheduler on databases with RAID

- by Raghu

Hi, I have a linux database(MySQL) server(Dell 2950) with a 6-disk RAID 10. The default IO scheduler on it is CFQ. However, from what I have read and heard, there is no need for a scheduler like CFQ when reordering/scheduling is also done by underlying RAID controller; on the contrary since it does not account underlying RAID configuration into account performance may actually degrade with CFQ. The primary concern is to reduce CPU usage and improve throughput. Also, I have seen recommendations of using noop/deadline IO scheduler for databases primarily because of the nature of their R/W access.

Read the article
Remote desktop Client versus Web based access to reports and limited data entry

- by Voyager

We have a requirement from management to give limited access of our Application to Distributors \ Dealers to look at their account statements in our books of account, enter their purchase requirements (sales order for us). We have given a few of them the RDC who connect to our terminal server and access the reports. This involves licensing of TS Client per each distributor. Is it more better, secure and less costly if a web based application is made to only enter the orders and retrive reports like pending orders, ledgers, receivables etc. Also which is more secure as far as database access is concerened...browser based access or RDC access. Please answer.

Read the article
Logging off does not kill process in Windows Server 2003

- by user25951

I have a Windows Server 2003(Enterprise, SP2). My understanding was that any process created by a user will be terminated when the user loggs off the account. But its not happening. I login via Administrator account. Start a simple java process and logoff. But the process is not killed. Is there any configuration for this or something? I am mostly a software programmer and not much in to servers and so I am stuck. I found out that while logging off, 1) Win32 is supposed to send a CTRL_LOGOFF_EVENT to all processes started by that user. 2) JVM is supposed to handle this event and terminate the VM. But I can't understand why my java process is not killed when i logoff. Any idea!!!

Read the article
Advanced call forwarding in Skype

- by Ivan

Hi all, I'd like to forward calls from a Skype account to another Skype account (both online), but so that it calls and then enters a number. E.g., I have two accounts: acc1 and acc2. I want all calls from acc1 to be forwarded to acc2, and when the call is established to enter "#123". Is that possible? Thanks. EDIT: The question is basically how to call a user and add the extension directly, before the call has been established (e.g., to call directly acc2:#123).

Read the article
How can I enable true anonymous/everyone access to a Window share?

- by Matthew Read

I recently discovered that turning off "password protected sharing" in Windows 7 requires having the guest account enabled, named as such, and with a blank password. While Windows seems to automatically attempt to use guest when connecting, Ubuntu does not, requiring anyone trying to access my share to know to use guest and a blank password. I really don't want to have the guest account enabled, either. So is there a way to allow true anonymous access to a Windows share that doesn't require credentials? Or a way to allow any credentials at all?

Read the article
Finding Locked Out Users

- by Bart Silverstrim

Active Directory up to 2008 network (our servers are a mix of 2008, 2003...) I'm looking for a quick way to query AD to find out what users are locked out, preferably from a batch or script file, to monitor for possible issues with either user accounts being attacked by an automated attack or just anomalies in the network. I've Googled and my Google-fu has failed; I found a query off Microsoft's own knowledgebase that cites a string to use on Server 2003 with the management snap-in's saved queries (http://support.microsoft.com/kb/555131) but when I entered it, the query returned 400 users that a spot-check showed did NOT have a checkmark in the "Account is locked out" box under "account." In fact, I don't see anything wrong with their accounts. Is there a simple utility (wisesoft bulkadusers apparently uses this method behind the scenes, since it's results were also wrong) that will give a count of users and possibly their user object names? Script? Something?

Read the article
How can I open a shared sub calendar in Outlook 2010?

- by Matt Love

There is a team in my office that has a shared calendar (the team calendar is set up as a user in Active Directory/Exchange, so treat the team as a user). The team also has 3 sub-calendars for the different team members. Other people in the office need to be able to access this team's calendar. They can go to Open Calendar in Outlook and see the main calendar, but they cannot see the sub-calendars. The sub-calendars all have the Default user permissions set to Reviewer. If you go to File → Account Settings → Change [logged in Exchange account] → More Settings → Advanced and add the team's mailbox, it does show the calendars in Outlook, but it comes up under My Calendars instead of Shared Calendars. We need to be able to go to Open Calendar and open the calendar and open all the sub-calendars this way. How is this possible?

Read the article
IF Statement using dates for a budget template

- by Leah Allen

I am working on a budget and want to automatically account for increases in rent in the correct month, I would also like to account for dates tenants move in or out. I may also sometimes have a tenant in a space all year with no changes to rent. Below is an example of my budget with all three scenarios. SQFT BaseRentperSQft BaseRentIncrease DateofIncrease CommencementDate TermDate Jan-Decbymonth 10,000 $15.00 $15.25 05/01/2013 11/30/2013 10,000 $15.00 04/01/2013 10,000 $15.00 I would like to build a formula to accomplish all criteria. Thanks in advance, I can only write simple IF statements, this one is out of my league.

Read the article
How do I change the "from" field for an e-mail address routed through Gmail? [closed]

- by bflora

I have an e-mail address for a domain I own. [email protected] I am redirecting all mail sent to this address over to my main Gmail account automatically. In Gmail, I've added the [email protected] account so I can send and receive mail from it. Problem: The "from" field on all the e-mails this address sends always says "info". I want it to say "Domain.com" so recipients can know where it's coming from. How do I change this? I've looked in gmail but can't seem to spot a setting that controls this.

Read the article
Two users using the same same user profile while not in a domain.

- by Scott Chamberlain

I have a windows server 2003 acting as a terminal server, this computer is not a member of any domain. We demo our product on the server by creating a user account. The person logs in uses the demo for a few weeks and when they are done we delete the user account. However every time we do this it creates a new folder in C:\Documents and Settings\. I know with domains you can have many users point at one profile and make it read only so all changes are dumped afterwords, but is there a way to do that when the machine is not on a domain? I would really like it if I didn't have to remote in and clean up the folders every time.

Read the article
is there a way to prevent network manager from storing the password for a wireless network

- by tolomea

Our corporate wireless network uses continuously changing passwords with RSA tokens. So every time we need to connect to the wireless we need to enter a new password off the RSA token. For extra fun using the wrong password a couple of times in a row causes the users account to be locked. Network manager automatically stores and reuses the password, with the net result that it is constant getting my account locked. Is there some way to prevent it from storing my password for that network? Or perhaps someway to get the gnome keyring to not store it?

Read the article
Sendmail Undeliverable Redirection?

- by Dizzle

Good afternoon; I don't know much about sendmail, so this may be fairly easy for those of you more experienced with it. We have an account, "[email protected]", sending reports to various groups. From time to time an undeliverable message will be sent back to "[email protected]". We'd like for those undeliverable messages to be rerouted, or bounced, from "[email protected]" to a group of our choosing. To carve out a scenario for clarity: [email protected] sends a report to [email protected] and [email protected] [email protected] has someone who's mail account no longer exists, triggering an undeliverable message being sent back to [email protected] Rather than having the undeliverable message sit in [email protected]'s Inbox, we'd like for it to be automatically rerouted/bounced to an admin group, [email protected] So I guess a "rule" of sorts. I've come across this solution: Sendmail : ignore local delivery But I don't know enough about sendmail to know if this is what will fit this situation. Any help is greatly appreciated.

Read the article
Visual feedback indicating selected sender address for new compositions in Entourage?

- by Stew

I send emails from two addresses using a single Entourage 12.2.4 client. One of them is a personal work account and one is an administrative account. It's very easy to send email from the wrong address, and this causes fairly significant problems when it happens. Do you have any solutions that would make it more obvious which email address is currently selected as the "From:" address in the composition? Different icons or some sort of color-coding scheme seem like useful ideas, though perhaps too much to expect of the lowly Entourage... Thanks!

Read the article
Samba + Centos (Share not working)

- by mplacona

I've done this a few times already, but for some reason this time it's not working. I have a folder called ruby (root:root - 0777) on /home/placona I'm trying to see this folder from my WindowsXP box, but keep getting permission denied. I can see the global share though, but whenever I try clicking on the ruby share, it won't let me in. Here's my smb.conf settings: [global] log file = /var/log/samba/samba.%m guest account = nobody netbios name = DEVBOX server string = DEVBOX CENTOS workgroup = WORKGROUP encrypt passwords = yes security = share max log size = 50 [ruby] path = /home/placona/ruby I want to be able to open this folder without using password (hence the guest account = nobody). I tried even with password, but never seems to work. Can anyone spot anything wrong with my settings?

Read the article
How to run a script in Ubuntu via SSH as superuser?

- by Irinotecan

So I have a script that needs to be executed remotely as root. This isn't a problem with most Linux distros since they have a root account. But since Ubuntu does not, executing anything as root requires a 2-step process of entering the account password twice - once to log in and once for sudo. The SSH process to launch the script is automated, so it cannot pause for user input for the second password request. Does anyone know, short of hacking Ubuntu to re-enable root (not an option), if unattended SSH script execution with superuser privilege on the target machine is possible? Also, having no experience with Debian, does Debian behave this way too?

Read the article
RSS reader that supports multiple google accounts?

- by Koen027

I've been looking around for an RSS reader that can handle more than 1 google account? I have multiple gmail addresses for different things in life. I separate mails this way and also RSS feeds. This works fine on google reader, but i would like to have a desktop app that can handle multiple accounts, like Thunderbird can handle multiple mail accounts. All the desktop clients I've found so far ask you for 1 google account and that's where it ends. You can't add anymore.

Read the article
How can I migrate mails from Yahoo! Mail to Google Apps?

- by alnorth29

We'd like to move from using Yahoo! Mail to our Google Apps account. It'd be great to be able to migrate all the mails across from the old accounts to the new. If we were using Gmail accounts this would be easy as the migration is offered by Google, for some reason they don't offer this to those using custom domains. As far as I know Yahoo! don't offer POP or IMAP access to non-paying customers and I'd rather not pay $20 per account that I want to migrate. Anyone know of any easy and cheap solutions?

Read the article

< Previous Page | 106 107 108 109 110 111 112 113 114 115 116 117 | Next Page >